Archive

Author Archive

create_macos_vm_install_dmg updated for macOS Big Sur installer disk images

June 28, 2020 3 comments

As part of testing macOS Big Sur 11.0.0, I’ve updated my create_macos_vm_install_dmg script. For more details, please see below the jump.

Read more…

WWDC 2020 notes

June 23, 2020 Leave a comment

This week, I’m attending Apple’s WWDC 2020 conference from the comforts of home. As part of this, I’m taking notes during the labs and session videos. Due to wanting to stay on the right side of Apple’s NDA, I’ve been posting my notes to Apple’s developer forums rather than to here.

To make it easier for Mac admins to access them, I’ve set up a post in the forums where I’ve linking the various forum posts with my notes. It’s available via the link below:

https://developer.apple.com/forums/thread/650135

Categories: Documentation, WWDC 2020

Using an Activation Lock bypass code from Jamf Pro to clear Activation Lock on a Mac

June 19, 2020 1 comment

As part of macOS Catalina, Apple introduced Activation Lock for Macs. As on iOS, Activation Lock is an anti-theft feature designed to prevent activation of a Mac if it’s lost or stolen.

Activation Lock on Macs does have some requirements in order for it to work. The Mac must:

  • Run macOS Catalina or later
  • Use the Apple T2 Security chip
  • Two-factor authentication must be enabled on the Apple ID used for enable Activation Lock.
  • Secure Boot must be enabled with Full Security settings and Disallow booting from external media selected.

Screen Shot 2020 06 18 at 3 40 31 PM

 

Once these requirements are satisfied, Activation Lock is automatically enabled when Apple’s Find My service is enabled.

However, having Activation Lock turn on when Find My is enabled can lead to situations where it’s enabled by an employee on company-owned equipment. When this happens, companies, schools or institutions need a way to bypass Activation Lock without needing to know anything about the Apple ID used by the employee.

To provide this bypass, Apple has made it possible for companies, schools and institutions to use their MDM solution to clear Activation Lock. For more details, please see below the jump:

Read more…

Allowing external boot drives for T2-equipped Macs

June 13, 2020 Leave a comment

With WWDC 2020 only a couple of weeks away, a number of folks are preparing to run the new beta version of macOS. While some will choose to go all-in and run the new OS on their main boot drive, others will prefer to install the new OS onto an external drive. However, for Macs equipped with T2 chips, there’s an extra step involved with allowing your Mac to boot from an external drive. For more details, please see below the jump.

Read more…

Videos from Penn State MacAdmins Campfire Sessions 2020

June 13, 2020 Leave a comment

The good folks at Penn State have begun posting session videos from the Penn State MacAdmins Campfire Sessions to YouTube. As they become available, you should be able to access them via the link below:

https://www.youtube.com/playlist?list=PLRUboZUQxbyUyqkH7BFaQGAR7x51olLNt

I’ve linked my “Introduction to MDM and Configuration Profiles” session here:

My colleague Anthony Reimer’s “Things I Learned from the Autopkg Maintainers” session is likewise available here:

Deleting all Jamf Pro policies in a specified category

June 8, 2020 Leave a comment

Every so often, I need to delete a bunch of Jamf Pro policies at once. One convenient way I’ve found to do this is to assign all the policies I want to delete to one category which doesn’t have any other policies assigned to it. Once assigned, I can then use the API to delete them all at once.

To assist with this task, I’ve been using a script written by Jeffrey Compton but over time I found that I wanted more functionality. To meet my own needs, I took Jeffery’s original idea and written my own script to target the policies in a particular Jamf Pro category. For more details, please see below the jump.

Read more…

Mad, bad and possibly dangerous – a cautionary tale of software installation

June 5, 2020 8 comments

In my career, I’ve run across a lot of terrible installers in a variety of forms. The one I ran across today though is noteworthy enough that I want to point it out because of the following reasons:

  1. It’s an installer application. I have opinions on those.
  2. It’s for a security product where, as part of the installation, you need to provide the username and password for an account on the Mac which has:
  • Administrator privileges
  • Secure Token

Note: I have no interest in talking to the vendor’s legal department, so I will not be identifying the vendor or product by name in this post. Instead, I will refer to the product and vendor in this post as “ComputerBoat” and leave discovery of the company’s identity to interested researchers.

For more details, please see below the jump.

Read more…

Slides from the “Introduction to MDM and Configuration Profiles” session at Penn State MacAdmins 2020

June 4, 2020 1 comment

For those who wanted a copy of my MDM and profiles talk from Penn State MacAdmins 2020, here are links to the slides in PDF and Keynote format.

Mac admin conferences in 2020

May 29, 2020 Leave a comment

With COVID-19’s disruption of travel and public gatherings, a number of Mac admin conferences have made the choice to move to an online format. This change has meant that a number of conferences which previously required paying for tickets and travel costs have now become either much cheaper or free.

For those interested, here is the current list of conferences being held online between June and October 2020:

Penn State MacAdmins
Link: https://macadmins.psu.edu/campfire-sessions-2020/
Dates: June 4, 11, 18, 30 and July 9, 16, 23, 30
Cost: Free

MacDevOps YVR
Link: https://mdoyvr.com
Dates: June 10 – 12
Cost: CAD $135 (USD $97.74 as of May 29, 2020)

Apple WWDC
Link: https://developer.apple.com/wwdc20/
Dates: June 22 – 26
Cost: Free

Jamf Nation User Conference
Link: https://www.jamf.com/events/jamf-nation-user-conference/2020/
Dates: September 29 – October 1
Cost: Free

MacSysAdmin
Link: https://www.macsysadmin.se
Dates: October 2020 (exact dates not yet posted.)
Cost: Not yet announced

Identifying and deleting Jamf Pro inventory records with duplicate serial numbers

May 26, 2020 2 comments

I recently saw an issue where several computers in Jamf Pro were showing up with the same serial number listed in their inventory records. This made it difficult to work with this serial number using the API because Jamf Pro Classic API calls may fail if we’re referencing the serial number in the API call and more than one inventory record exists with that serial number.

First off, how can this happen? Aren’t serial numbers supposed to be unique? They are, but there’s two instances where serial numbers may unfortunately be associated with more than one Mac.

Hardware repair:

When you send a Mac out for repair and the logic board is replaced as part of the repair, the Mac’s existing serial number is flashed onto the replacement logic board.

However, both the old and new logic boards have separate Unique Device Identifiers (UDID) associated with them. When enrolling a device into Jamf Pro, it is possible for a new inventory record to be set up if a device has:

  • The same serial number listed in as an existing inventory record
  • A UDID not found in other inventory records

Parallels macOS virtual machine:

macOS virtual machines set up by Parallels Desktop and other Parallels hypervisor products use the same serial number as the Mac which is running the Parallels hypervisor software. These VMs will likewise have separate Hardware UDIDs associated with them.

So what to do with these duplicate records? My recommendation is to delete them from your Jamf Pro server when you find them, especially if you do a lot of work using the API. To help with this task, a script has been developed to identify and delete unwanted duplicates. For more details, please see below the jump.

Read more…

%d bloggers like this: