Archive
Gatekeeper automatically re-enables after 30 days on Yosemite and later
On OS X 10.10.x and later, disabling Gatekeeper does not mean it is permanently off. After a set amount of time (currently 30 days), Gatekeeper will automatically re-enable itself with the Allow apps downloaded from: Mac App Store and identified developers setting.
I was able to track down which part of the OS this was coming from and it looks like it’s defined as part of syspolicyd:
https://github.com/aosm/security_systemkeychain/blob/master/syspolicyd/syspolicyd.cpp#L295-L310
After doing some research, it looks like Gatekeeper’s automatic re-enablement function can be disabled by running the following command with root privileges:
defaults write /Library/Preferences/com.apple.security GKAutoRearm -bool false
This would allow Gatekeeper to be set to Allow apps downloaded from: Anywhere and have it stay that way.
For those who want to set this with a management profile, I’ve created a .mobileconfig file and posted it here on Github:
https://github.com/rtrouton/profiles/tree/master/DisableGatekeeperAutomaticReenablement
Update – 7-31-2015: My colleague Tom Burgin points out that this may not be manageable via a profile after all, due to the way Apple has set the value that it’s reading:
https://twitter.com/tomjburgin/status/627152906366676992
If a management profile isn’t being respected, the defaults command listed above is the way to apply this to machines.
I’ve filed a bug report about this. For those interested in duping this bug, the bug report ID is 22094327. I’ve also cross-posted it to OpenRadar:
https://openradar.appspot.com/22094327
Updated CasperCheck now available
JAMF announced today that, due to changes that are coming in OS X 10.11, Casper’s jamf binary will be moving its location in a future release of Casper. For those not familiar with Casper, the jamf binary is the agent software which Casper installs on Macs in order to manage them.
Update – 7-30-2015: JAMF clarified that the new location is going to be /usr/local/bin/jamf, instead of /usr/local/jamf as I originally understood it to be. I’m updating this post and CasperCheck with the new path information.
Current location:
/usr/sbin/jamf
Future location:
/usr/local/bin/jamf
From today’s announcement, it also appears that the jamf binary will not be moving on all versions of OS X:
Mac OS X 10.5.x – 10.6: The jamf binary will be staying in /usr/sbin/
Mac OS X 10.7.x and later: The jamf binary will be moving to /usr/local/bin
Now that this information is public, I’m releasing an update to CasperCheck that should be able to handle checking for the Casper agent in both its current and its future locations. For more information, see below the jump.
Mining OS X for Apple’s artwork
When building a presentation in Keynote, I often use Apple’s icons and other images included in OS X to illustrate my slides. This is because Apple’s already done a lot of work creating high-res images for OS X and it’s often helpful to use Apple’s own artwork when illustrating how something works. However, this artwork can also be hard to find as it can be buried deep within applications and other resource files. To help me get this artwork all together in one place, I’ve developed a script to search OS X for icons and other relevant images in various file formats, copy them when found, then organize the copied artwork. For more information, see below the jump.
Mac Admin & Developer Conference UK
I’m happy to announce that I’ll be speaking at the inaugural Mac Admin & Developer Conference UK, which is taking place in London from February 9th – 10th, 2016.
You can see the entire list of speakers at http://www.macad.uk/speakers/. If you’re interested in speaking as well, the call for speakers is open!
Customizing Automator application icons
As part of my work with packaging, I’ve built a few Automator-based applications to assist me and other Mac admins.
Along with building the applications themselves, I wanted to provide custom icons for these apps. This would help them be instantly distinguishable from other Automator applications and also help make them look more polished.
I recently decided to change out the application icon for Payload-Free Package Creator, as its icon had been created on Mavericks and now appeared a little dated when used on Yosemite. With input from my colleague Elliot Jordan, the new icon for Payload-Free Package Creator now looks like this.
For more information on how I went from this PNG file to an icon set for the application, please see below the jump.
Penn State MacAdmins Conference music playlists
The folks at Penn State MacAdmins always have great music for their conference and have been kind enough to share the playlists via Spotify and Apple Music.
For those who want the playlists, please see the links below:
Penn State MacAdmins 2013 playlist: http://sptfy.com/macadmins2013
Penn State MacAdmins 2014 playlist: http://sptfy.com/macadmins2014
Penn State MacAdmins 2015 playlist: http://sptfy.com/macadmins2015
Penn State MacAdmins 2016 playlist: http://j.mp/psumac2016spotify
Penn State MacAdmins 2017 playlist: http://j.mp/psumac2017spotify
Penn State MacAdmins 2018 playlist: http://bit.ly/psumac2018spotify
Penn State MacAdmins 2019 playlist: http://bit.ly/psumac2019-spotify
Penn State MacAdmins 2019 playlist: http://bit.ly/psumac2019-applemusic
Penn State MacAdmins 2023 playlist: http://bit.ly/psumac2023-music
Note: Because of the COVID-19 pandemic, the Penn State MacAdmins conference was virtual attendance-only from 2020 – 2022. There are no playlists for those years.
Photos from Penn State MacAdmins Conference 2015 – Part Three
Michael Lynn was good enough to pull together the complete list (so far!) of Twitter photo posts from Penn State MacAdmins Conference 2015.
There are over 300 in all, so I’m splitting this into three posts as having WordPress display 300+ embedded tweets may make your browser cry. The final set is below the jump. Enjoy!
Photos from Penn State MacAdmins Conference 2015 – Part Two
Michael Lynn was good enough to pull together the complete list (so far!) of Twitter photo posts from Penn State MacAdmins Conference 2015.
There are over 300 in all, so I’m splitting this into three posts as having WordPress display 300+ embedded tweets may make your browser cry. The second set is below the jump. Enjoy!
Photos from Penn State MacAdmins Conference 2015 – Part One
Michael Lynn was good enough to pull together the complete list (so far!) of Twitter photo posts from Penn State MacAdmins Conference 2015.
There are over 300 in all, so I’m splitting this into three posts as having WordPress display 300+ embedded tweets may make your browser cry. The first hundred are below the jump. Enjoy!
Slides from the Virtualization session at MacIT 2015
For those who wanted a copy of my virtualization talk at MacIT 2015, here are links to the slides in PDF and Keynote format.
PDF: http://tinyurl.com/MacIT2015vmPDF
Keynote slides: http://tinyurl.com/MacIT2015vmKeynote
Der Flounder 
Recent Comments