Enabling automatic download and installation of Microsoft Office 2016 updates

October 12, 2016 2 comments

As part of releasing Microsoft Office 2016 15.27, Microsoft has also updated Microsoft AutoUpdate (MAU) to include an interesting new feature: Automatically Download and Install. In MAU 3.8 and later, this feature will automatically download updates for Office 2016 applications and do the following:

  • If an Office application is not running – Automatically install and update the application
  • If an Office application is running – Prompt the customer and give them the option of updating later or restarting the application. If the customer chooses to restart their application, the application will be closed, updated and then re-opened

Pasted image at 2016 09 15 05 09 PM

To enable the automated download and install option, open the Microsoft AutoUpdate application and set the Automatically Download and Install option.

Screen Shot 2016 10 12 at 9 58 42 AM

For more information on this new feature, please see the following link:

What’s New in Microsoft AutoUpdate 3.8http://macadmins.software/docs/MAU_38.pdf

To enable the automated download and install option via the command line for Microsoft AutoUpdate 3.8, the following defaults command can run by the logged-in user:

defaults write com.microsoft.autoupdate2 HowToCheck AutomaticDownload

Microsoft is planning to move the MAU preferences to /Library/Preferences as part of an upcoming Microsoft AutoUpdate release, so the following defaults command can be run with root privileges to enable the automated download and install option for those future versions of Microsoft AutoUpdate:

defaults write /Library/Preferences/com.microsoft.autoupdate2 HowToCheck AutomaticDownload

For those who want to enable the automated download and install option using management profiles, I’ve created a .mobileconfig file and posted it here on Github:

https://github.com/rtrouton/profiles/tree/master/EnableAutomaticDownloadandInstallofOffice2016Updates

Categories: Mac administration, Mac OS X, macOS, Office 2016

Using Disk Utility on macOS Sierra to unlock FileVault 2-encrypted boot drives

October 11, 2016 Leave a comment

Starting in OS X El Capitan, Apple overhauled Disk Utility’s various functions to add new features and remove others. As of macOS Sierra, it appeared at first that the abilities to unlock or decrypt a FileVault 2-encrypted drive had both been removed from Disk Utility. After some investigation though, it looks like the ability to decrypt has been removed, but you can still unlock using Sierra’s Disk Utility. For more details, see below the jump.

Read more…

Categories: FileVault 2, Mac administration, macOS

Documentation session at JAMF Nation User Conference 2016

October 11, 2016 Leave a comment

I’ll be speaking about how to various ways to document your Casper Suite and other IT needs at JAMF Nation User Conference 2016, which is being held from October 18th – 20th, 2016 in Minneapolis, MN. For those interested, my talk will be on Thursday, October 20th.

For a description of what I’ll be talking about, please see the Preparing for the Road Ahead: Documenting Your Casper Suite Setup session description. You can see the whole list of JNUC sessions here on the Sessions page.

Categories: Documentation, JAMF Nation User Conference 2016

Session videos and slides now available from MacSysAdmin 2016

October 10, 2016 Leave a comment

The documentation from MacSysAdmin 2016 is now available, with the session slides and videos being accessible from the link below:

http://documentation.macsysadmin.se

The videos of my sessions are available for download from here:

I also like to thank Tycho Sjögren and Apoio AB again for inviting me to speak at this year’s MacSysAdmin.

Categories: Apple File System, MacSysAdmin 2016, Virtualization, VMware, VMware ESXi

System Preferences problem when enabling FileVault 2 using an IRK is fixed in macOS Sierra

October 8, 2016 Leave a comment

Starting in OS X Yosemite 10.10.x, I noticed an issue when enabling FileVault 2 via System Preferences when using an institutional recovery key.

In Mavericks and earlier versions of OS X, the behavior of System Preferences looked like this:

  1. Click the lock to unlock the FileVault preference pane
  2. Click the Turn on FileVault… button
  3. A list of users that can be enabled for FileVault 2 is displayed. The logged-in user account is marked with the green checkbox that shows that the account is enabled.
  4. A message is displayed that a recovery key has been set by a company, school or institution.
  5. A message prompting the user to restart is displayed.
  6. Once the Restart button has been clicked, the FileVault 2 initialization process continues and restarts the Mac.
  7. The Mac restarts to the FileVault 2 pre-boot login screen.

To illustrate, I’ve made a video showing the described behavior.

In OS X Yosemite and OS X El Capitan, the behavior of System Preferences looks like this:

  1. Click the lock to unlock the FileVault preference pane
  2. Click the Turn on FileVault… button
  3. A message is displayed that a recovery key has been set by a company, school or institution.
  4. System Preferences then displays no additional messages and will appear to hang for up to two minutes.
  5. The Mac restarts without further input from the user.
  6. The Mac restarts to the FileVault 2 pre-boot login screen.

To illustrate, I’ve made a video showing the described behavior.

I had filed a bug report on the problem, which has now been closed as fixed after I was able to verify that the problem was resolved in macOS Sierra 10.12.0.

As of macOS Sierra 10.12.0, the behavior of System Preferences has returned to approximating the pre-Yosemite behavior. The process now looks like this:

  1. Click the lock to unlock the FileVault preference pane
  2. Click the Turn on FileVault… button
  3. A message is displayed that a recovery key has been set by a company, school or institution.
  4. A list of users that can be enabled for FileVault 2 is displayed. The logged-in user account is marked with the green checkbox that shows that the account is enabled.
  5. A message prompting the user to restart is displayed.
  6. Once the Restart button has been clicked, the FileVault 2 initialization process continues and restarts the Mac.
  7. The Mac restarts to the FileVault 2 pre-boot login screen.

To illustrate, I’ve made a video showing the described behavior.

Categories: FileVault 2, Mac administration, Mac OS X, macOS

FileVault 2 and the rise of Apple File System

October 7, 2016 Leave a comment

As part of the various announcements at WWDC 2016 in June 2016, Apple announced that there would be a new filesystem named Apple File System (APFS) being released in 2017. As part of the functionality of APFS, encryption is being natively supported by APFS as a primary feature of the filesystem.

Encryption and APFS

APFS supports the following levels of encryption:

  • No encryption – no data is encrypted
  • One key per volume (for encrypting both metadata and data) – This is equivalent to how FileVault 2 works today
  • Multi-Key encryption
    • – Metadata encryption
    • – Per-File encryption
    • – Per-Extant encryption

What was not overtly stated as part of the presentation is that while Apple may continue to name the encryption “FileVault”, it will work differently than FileVault 2 does today. The reason for this is that FileVault 2 is using encrypted Core Storage volumes to provide full-volume encryption. Core Storage is built on top of HFS+ and it does not appear that Core Storage will be transitioning to APFS. Instead, it appears that Core Storage will remain an HFS+ – specific solution.

As of this date, I haven’t yet seen how APFS encryption works in practice, but one thing is clear – The move away from Core Storage is a fundamental change for how encryption will be handled for Macs, with the following areas being affected:

  • How Macs become encrypted
  • How to unlock the encryption
  • How to decrypt an encrypted Mac
  • How to repair problems affecting an encrypted Mac

In short, everything currently documented for handling encrypted Macs will likely become obsolete and new documentation will need to be written for APFS’ encryption solution.

What does this mean for FileVault 2?

With APFS already being available as a developer preview, I don’t anticipate Apple making any more changes to how FileVault 2 works. I believe that Apple is putting FileVault 2 into maintenance mode where (hopefully) bugs will be fixed but development otherwise has stopped in favor of developing APFS’ encryption.

In terms of FileVault 2 management, Apple may choose to add functionality in Sierra to Apple’s fdesetup management tool for FileVault 2 but I believe that any changes will be enhancement to existing functionality in fdesetup instead of adding new functionality. A good example of this is Sierra’s changes to fdesetup authrestart.

Categories: Apple File System, FileVault 2, Mac administration, macOS

Slides from the virtualization session at MacSysAdmin 2016

October 6, 2016 1 comment

For those who wanted a copy of my virtualization talk at MacSysAdmin 2016, here are links to the slides in PDF and Keynote format.

PDF – http://tinyurl.com/MSA2016VirtualizationPDF

Keynote – http://tinyurl.com/MSA2016VirtualizationKeynote

Categories: Mac OS X, macOS, MacSysAdmin 2016, VMware, VMware ESXi
%d bloggers like this: