Archive
create_macos_vm_install_dmg updated for macOS Big Sur installer disk images
As part of testing macOS Big Sur 11.0.0, I’ve updated my create_macos_vm_install_dmg script. For more details, please see below the jump.
WWDC 2020 notes
This week, I’m attending Apple’s WWDC 2020 conference from the comforts of home. As part of this, I’m taking notes during the labs and session videos. Due to wanting to stay on the right side of Apple’s NDA, I’ve been posting my notes to Apple’s developer forums rather than to here.
To make it easier for Mac admins to access them, I’ve set up a post in the forums where I’ve linking the various forum posts with my notes. It’s available via the link below:
Using an Activation Lock bypass code from Jamf Pro to clear Activation Lock on a Mac
As part of macOS Catalina, Apple introduced Activation Lock for Macs. As on iOS, Activation Lock is an anti-theft feature designed to prevent activation of a Mac if it’s lost or stolen.
Activation Lock on Macs does have some requirements in order for it to work. The Mac must:
- Run macOS Catalina or later
- Use the Apple T2 Security chip
- Two-factor authentication must be enabled on the Apple ID used for enable Activation Lock.
- Secure Boot must be enabled with Full Security settings and Disallow booting from external media selected.
Once these requirements are satisfied, Activation Lock is automatically enabled when Apple’s Find My service is enabled.
However, having Activation Lock turn on when Find My is enabled can lead to situations where it’s enabled by an employee on company-owned equipment. When this happens, companies, schools or institutions need a way to bypass Activation Lock without needing to know anything about the Apple ID used by the employee.
To provide this bypass, Apple has made it possible for companies, schools and institutions to use their MDM solution to clear Activation Lock. For more details, please see below the jump:
Allowing external boot drives for T2-equipped Macs
With WWDC 2020 only a couple of weeks away, a number of folks are preparing to run the new beta version of macOS. While some will choose to go all-in and run the new OS on their main boot drive, others will prefer to install the new OS onto an external drive. However, for Macs equipped with T2 chips, there’s an extra step involved with allowing your Mac to boot from an external drive. For more details, please see below the jump.
Videos from Penn State MacAdmins Campfire Sessions 2020
The good folks at Penn State have begun posting session videos from the Penn State MacAdmins Campfire Sessions to YouTube. As they become available, you should be able to access them via the link below:
https://www.youtube.com/playlist?list=PLRUboZUQxbyUyqkH7BFaQGAR7x51olLNt
I’ve linked my “Introduction to MDM and Configuration Profiles” session here:
My colleague Anthony Reimer’s “Things I Learned from the Autopkg Maintainers” session is likewise available here:
Deleting all Jamf Pro policies in a specified category
Every so often, I need to delete a bunch of Jamf Pro policies at once. One convenient way I’ve found to do this is to assign all the policies I want to delete to one category which doesn’t have any other policies assigned to it. Once assigned, I can then use the API to delete them all at once.
To assist with this task, I’ve been using a script written by Jeffrey Compton but over time I found that I wanted more functionality. To meet my own needs, I took Jeffery’s original idea and written my own script to target the policies in a particular Jamf Pro category. For more details, please see below the jump.
Mad, bad and possibly dangerous – a cautionary tale of software installation
In my career, I’ve run across a lot of terrible installers in a variety of forms. The one I ran across today though is noteworthy enough that I want to point it out because of the following reasons:
- It’s an installer application. I have opinions on those.
- It’s for a security product where, as part of the installation, you need to provide the username and password for an account on the Mac which has:
- Administrator privileges
- Secure Token
Note: I have no interest in talking to the vendor’s legal department, so I will not be identifying the vendor or product by name in this post. Instead, I will refer to the product and vendor in this post as “ComputerBoat” and leave discovery of the company’s identity to interested researchers.
For more details, please see below the jump.
Slides from the “Introduction to MDM and Configuration Profiles” session at Penn State MacAdmins 2020
For those who wanted a copy of my MDM and profiles talk from Penn State MacAdmins 2020, here are links to the slides in PDF and Keynote format.
Der Flounder 
Recent Comments