Archive
Oracle Java 10 JDK and JRE installation scripts for macOS
Oracle has started to release Java 10 for macOS, so I’m posting a couple of scripts to download and install the following:
Oracle has been releasing two separate versions of Java 8 simultaneously and may do the same for Java 10, so these Java 10-focused scripts are designed to allow the user to set which version they want to install: the CPU release or the PSU release.
The difference between CPU and PSU releases is as follows:
- Critical Patch Update (CPU): contains both fixes to security vulnerabilities and critical bug fixes.
- Patch Set Update (PSU): contains all the fixes in the corresponding CPU, plus additional fixes to non-critical problems.
For more details on the differences between CPU and PSU updates, please see the link below:
http://www.oracle.com/technetwork/java/javase/cpu-psu-explained-2331472.html
For more information, please see below the jump.
32-bit application alert message in macOS 10.13.4
Starting on April 12, 2018, Macs running macOS 10.13.4 will display a one-time alert when 32-bit applications are opened. This alert will appear once per user account on the Mac, when a relevant 32-bit application is opened.
When the Learn More… button in the alert window is clicked, the following Apple KBase article opens in your default web browser:
32-bit app compatibility with macOS High Sierra 10.13.4
https://support.apple.com/HT208436
For those who need to stop this alert from being displayed in their environments, I’ve built a management profile to suppress the warning. It is available on GitHub via the link below:
https://github.com/rtrouton/profiles/tree/master/Disable32BitApplicationWarning
Whitelisting third-party kernel extensions using profiles
As part of macOS 10.13.2, Apple introduced the concept of User Approved MDM Enrollment (UAMDM). UAMDM grants mobile device management (MDM) additional management privileges, beyond what is allowed for macOS MDM enrollments which have not been “user approved”.
As of macOS 10.13.4, the only additional management privilege associated with UAMDM is that it allows you to deploy a profile which provides a whitelist for third-party kernel extensions. This profile allows a company, school or institution to avoid the need to have individual users approve the running of approved software.
Without the profile, third-party kernel extensions will need to be approved through the User-Approved Kernel Extension Loading (UAKEL) process. Here’s how that process looks:
1. When a request is made to the OS to load a third-party kernel extension which the user has not yet approved, the load request is denied and macOS presents an alert to the user.
2. The alert tells the user how to approve the loading of the kernel extension signed by a particular developer or vendor, by following this procedure:
A. Open System Preferences
B. Go to the Security & Privacy preference pane
C. Click the Allow button.
Note: This approval is only available for 30 minutes. After that, it disappears until the following happens:
i. The Mac restarts
ii. Another attempt is made to load the kernel extension.
While waiting for the kernel extension to be approved, a copy of the kernel extension is made by the operating system and stored in the following location:
/Library/StagedExtensions
Once approved, another copy of the kernel extension is made and allowed to load.
This process is relatively easy for an individual to manage on their own computer, but it would be very difficult to manage when dealing with more than a handful of Macs. To help companies, schools and institutions, Apple has made a management profile option available to centrally approve third-party kernel extensions. For more details, please see below the jump.
Reclaiming drive space by thinning Apple File System snapshot backups
As part of a recent clean-up of my Apple File System-formatted (APFS) boot drive, I deleted a number of files. However, I noticed that deleting files did not free up nearly as much space as I thought it should. When I investigated, I noticed that my boot drive had a number of Time Machine snapshots stored on it.
A quick way to reclaim space from a particular snapshot immediately would be to delete the snapshot using the tmutil command line tool, using the command shown below:
tmutil deletelocalsnapshots snapshot-name-here
However, I didn’t want to delete backups if I could avoid it since I might need something stored in one of them. After some research, I was able to find a tmutil command that did what I needed. For more details, please see below the jump:
Suppressing the Data & Privacy pop-up window on macOS High Sierra
Starting with Mac OS X 10.7.2, Apple set the iCloud sign-in to pop up on the first login.
In OS X 10.10, Apple added a Diagnostics & Usage window that pops up at first login after the iCloud sign-in.
In macOS 10.12, Apple added another pop-up window for Siri.
In macOS 10.13.4, Apple has added a Data & Privacy pop-up window for their data privacy information.
To stop the Data & Privacy pop-up window from appearing for your home folder, run the command shown below:
defaults write com.apple.SetupAssistant DidSeePrivacy -bool TRUE
Since you normally will be able to run this command only after you’ve seen the Data & Privacy pop-up window, I’ve updated my script for suppressing the various pop-up windows to now also suppress the Data & Privacy pop-up window. For more details, see below the jump.
Using QuickAdd-based user-initiated enrollment on macOS High Sierra with Jamf Pro 10.3
Starting with Jamf Pro 10.3, user-initiated computer enrollment now has two modes:
- macOS High Sierra: Uses an MDM profile to enroll the Mac, with the Jamf Pro agent being installed once MDM enrollment is complete.
- macOS Sierra and earlier: Uses a QuickAdd installer package to enroll the Mac, with MDM enrollment and installation of the Jamf Pro agent being handled by the QuickAdd package.
However, it is still possible to get a QuickAdd installer package to enroll a Mac running macOS High Sierra. For more details, please see below the jump.
User-initiated computer enrollment now using MDM profile enrollment in Jamf Pro 10.3
One of the changes introduced in Jamf Pro 10.3 is that user-initiated computer enrollment now has two modes:
- macOS High Sierra: Uses an MDM profile to enroll the Mac, with the Jamf Pro agent being installed once MDM enrollment is complete.
- macOS Sierra and earlier: Uses a QuickAdd installer package to enroll the Mac, with MDM enrollment and installation of the Jamf Pro agent being handled by the QuickAdd package.
Why the difference?
Using the MDM enrollment method on macOS High Sierra will automatically enable User Approved MDM, which is necessary for full management privileges on the Mac in question. The reason is that since the user is installing the MDM profile, the user is also logically approving the MDM management and satisfying Apple’s conditions for enabling User Approved MDM.
For more details, please see below the jump.
Der Flounder 
Recent Comments