Application blacklisting using management profiles
When deploying Macs for use in classrooms or for training, there is occasionally a requirement that certain applications must be blocked from running. Usually, this is to make sure that the student or test taker using the Mac is not able to use the blocked applications because it would distract them or otherwise cause problems.
On iOS, there is a way to do this via the blacklistedAppBundleIDs key available in the Restrictions payload. However, this key is not available on macOS and Macs will ignore the blacklist.
On macOS, there is the ability to set an application whitelist via Profile Manager but not a blacklist.
However, the profile specification does include the ability to configure an application blacklist using the pathBlackList key in the settings managed by the com.apple.applicationaccess.new payload.
For more details, see below the jump.
Looking up DUNS numbers for Apple’s VPP program
As part of an ongoing project, I needed to set up a new Apple VPP account for use with a test environment. The reason I did this was that I didn’t want to cause conflicts with our production VPP account. When I went to set up the account though, I ran into an interesting problem.
As part of the VPP account setup, I needed to provide a DUNS number. However, the DUNS number I had belongs to a company based outside of the US and Apple’s US VPP enrollment site would only accept DUNS numbers associated with US addresses. Instead, I needed to use the DUNS number for my company’s US subsidiary in place of the DUNS number that I had. The problem was that I had no idea what that DUNS number was.
After some research, I found a way to look up the DUNS number I needed and was able to successfully register my test environment’s VPP account with Apple. For more details, see below the jump.
Apple filesystem session at MacDeployment 2017
The same week that I’ll be speaking at MacDevOpsYVR 2017, I’ll also be speaking at MacDeployment 2017:
MacDeployment is taking place in Calgary, Canada from June 8th – 9th, 2017. My session will be an overview of Apple’s past and present filesystems, with an introduction to Apple File System (APFS) and a discussion of its current state of development.
You can see the entire list of speakers at http://macdeployment.ca/speakers
Apple filesystem session at MacDevOpsYVR 2017
I’ll be speaking at MacDevOpsYVR 2017, which is taking place in Vancouver, Canada from June 5th – 6th, 2017. My session will be an overview of Apple’s past and present filesystems, with an introduction to Apple File System (APFS) and a discussion of its current state of development.
You can see the entire list of speakers at https://www.macdevops.ca/speakers/
Using base64 encoding to include binary files inside scripts
When writing scripts, it’s sometimes useful to be able to be able to include and deploy binary files as part of the script run. An example of this would be if you want to use MySQL 5.6 and later’s option for creating a MySQL connection file. This is a file that allows you to store MySQL authentication inside an encrypted file named .mylogin.cnf.
Rather than trying to script the creation of a MySQL connection file, where the creation process would involve placing the MySQL authentication credentials in a readable format inside the script, it is easier and more secure to build the connection file manually on one machine and then encode the encrypted MySQL connection file into ASCII text using base64 encoding. Once encoded, the ASCII text can be decoded as part of a script designed to deploy the still-encrypted MySQL connection file to a desired location.
For more details on how to use base64 encoding, please see below the jump.
Installing and configuring the Jamf Infrastructure Manager on Red Hat Enterprise Linux
I recently needed to configure Jamf’s Jamf Infrastructure Manager (JIM) to provide a way for a Jamf Pro server hosted outside a company’s network to be able to talk to an otherwise inaccessible Active Directory domain.
The documentation on how to set up an Infrastructure Manager covers the essentials of how to do it, but doesn’t include any screenshots or have information about how to access the logs to help debug problems. After some research and working with the JIM a bit, I was able to figure out the basics. For more details, see below the jump.
Using IAM roles on Amazon Web Services to generate temporary credentials for EC2 instances
While working on a project involving Amazon Web Services, I ran across the concept of being able to use temporary credentials with AWS’s Command Line Interface (awscli) tool. When using the awscli tool, it is necessary to provide authentication credentials so that the aws tool is able to authorize its actions with AWS. When running the awscli tool on an EC 2 instance, AWS has provided a way to get temporary authentication credentials on demand, through the use of IAM roles.
In my research on the topic, I found a lot of posts showing how to use temporary credentials, but not a lot of information on how to set up the needed IAM roles. After some additional research, in addition to trial and error, I was able to figure out the IAM role setup process. For more details, see below the jump.
Recent Comments