“Managing FileVault 2 on OS X Mountain Lion with the Casper Suite” session video from JNUC 2012 now available

JAMF Software has posted the session video for my Managing FileVault 2 on OS X Mountain Lion with the Casper Suite session from JAMF Nation User Conference 2012. For those interested, there’s a streaming version of the video available here on the JAMF News site.

For offline viewing, a high-res version is also available.

“OpenBSM: Your Mac’s Unseen Auditor” in MacTech’s Fall 2012 issue

For those interested in using Apple’s OpenBSM audit software, I have an article in MacTech’s Fall 2012 issue. It’s titled OpenBSM: Your Mac’s Unseen Auditor and is a guide to both configuring OpenBSM and accessing the audit logs.

Clearing the quarantine extended attribute from downloaded applications

When I’m packaging an application for deployment, I normally download the latest version from the vendor. If it’s a drag-and-drop install, where the application is a self-contained bundle, it will get the com.apple.quarantine extended attribute associated with it.

The quarantine attribute is added by the OS so that it can ask for user confirmation the first time the downloaded program is run. Gatekeeper in Lion and Mountain Lion also uses the com.apple.quarantine attribute to determine if an application should be checked (and blocked if needed.)

To avoid issues with both unwanted messages and Gatekeeper, I normally clear this attribute as part of my packaging. Here’s how to check to see if your application has the com.apple.quarantine attribute associated with it:

1. Open Terminal

2. Run the following command:

xattr /path/to/MyApp.app

If the com.apple.quarantine attribute is associated with the application, you should see the following output:

computername:Applications username$ xattr /path/to/MyApp.app
com.apple.quarantine
computername:Applications username$

Note: Other attributes may also be listed, with com.apple.FinderInfo being a common one.

To remove the quarantine attribute, you would then run the following command:

sudo xattr -r -d com.apple.quarantine /path/to/MyApp.app

That will recursively remove the com.apple.quarantine attribute from the application. The -r option will allow the quarantine attribute of all files inside the application to be selected, while the -d option causes the given attribute name (and associated value) to be removed.

Adding program icon artwork to Casper’s Self Service

One of my favorite touches of JAMF’s Self Service application is that it allows you to add graphics files to be displayed for the various policy options. I like it because it gives users a visual cue when they’re searching for a particular application installer or other Self Service-hosted policy. It also helps make the Self Service application look nice, which is something else I appreciate.

Getting high-quality art for Self Service can be surprisingly easy. In many cases, you can use the artwork directly from the application itself, by using Preview’s “New from Clipboard” function . See below the jump for how to do this.

Read more…

Fully automating installation of automatically-generated installers

As part of your Mac’s standard build process for your environment, you may need to install certain packages that are generated for you by another process. A good example may be your workplace’s central antivirus management console, or a systems management tool.

Generally, these applications are installed once and then the centralized management server takes care of managing and updating them on your Macs afterward. For that first install though, they still need to be installed on your Macs and it’s usually a manual process for Mac admins to copy the latest installer from wherever it’s stored and add it to the build process.

However, if you have access to where the installer is stored, you can script the process of installation and fully automate the process of getting the latest installer and installing it on your Mac. See below the jump for an example of how to do this with Sophos Antivirus.

Read more…

FileVault 2 session at MacIT 2013

I’ll be speaking about FileVault 2 at MacIT 2013, which is being held from January 31 – February 2nd, 2013 in San Francisco. For those interested, my talk will be on Thursday, January 31.

For a description of what I’ll be talking about, please see IT824: FileVault 2 Decoded on the Day 1 Agenda page.