Author Archive

Providing OS X Upgrades via Casper’s Self Service

November 23, 2015 1 comment

To help the folks in my shop keep their Macs updated to the latest version of OS X, I’ve been providing a Self Service-driven OS upgrade option via Casper for the past couple of years. For a high-level overview, here’s how the process looks for El Capitan from my folks’ perspective.

1. Launch Casper’s Self Service application.

Screen Shot 2015 11 11 at 1 30 21 PM


2. Locate the El Capitan Upgrade option

Screen Shot 2015 11 23 at 9 02 19 AM


3. Click on the Install OS X button.

Screen Shot 2015 11 23 at 9 02 20 AM


4. In the next window that pops up, they’re given important information about the OS upgrade and need to click again on the Install OS X button.

Screen Shot 2015 11 23 at 9 02 31 AM


If their Mac does not have sufficient free space available available on their boot drive, they receive a warning message and the upgrade process stops at this point.

Screen Shot 2015 08 24 at 2 11 12 PM

If their Mac’s boot drive has sufficient free space available, they receive a message that OS X 10.11.x is downloading and preparing for installation. Once all preparations are complete, their Mac will automatically reboot to begin the installation process.

Screen Shot 2015 08 24 at 2 35 40 PM


5. Once the Mac reboots, the OS upgrade process runs. Once completed, the Mac reboots.

Screen Shot 2015 11 24 at 2 53 53 PM


6. Following the reboot, an automated post-upgrade process runs. This process will update the Mac with all available Apple updates along with applying my shop’s preferred settings for the new version of OS X.

Note: This process may involve several reboots, depending on what Apple updates are needed. Once the post-upgrade process completes, the Mac will reboot again.

Screen Shot 2015 11 24 at 3 00 18 PM


7. Following the reboot, the Mac will boot to the login window. At this point, the OS upgrade process has been completed and it is OK to log in and begin working again.

Screen Shot 2015 11 24 at 3 02 39 PM


To see how I’ve set up this workflow using Casper and other tools, please see below the jump.

Read more…

Downloading installer packages from the Mac App Store with AppStoreExtract

November 19, 2015 4 comments

As part of my work, I occasionally need to download installer packages for certain applications from the Mac App Store. In particular, I routinely download and archive certain Apple applications from the MAS to guard against the possibility that Apple will remove older versions of a particular application that I still need to have available.

A tool that has helped me with this has been Max Schlapfer‘s AppStoreExtract script. This script is designed to make copies of the installers from the Mac App Store, and is able to handle multiple installer downloads at once.

AppStoreExtract is available from GitHub at the following address:

For more details on how to download installers from the MAS using AppStoreExtract, see below the jump.

Read more…

Java 8 Update 65 Redux – The Good, the Bad and the Failings

November 13, 2015 Leave a comment

With the release of Java 8 Update 65, Oracle has returned to using an application to install Java. This switch away from using installer packages is a problem for Mac admins who need to deploy Oracle’s Java 8 in their own environment. However, after doing some research, it looks like it is still possible to deploy Oracle’s Java 8 Update 65 using a standard installer package. For more details, see below the jump.

Read more…

“OS X Security – Defense in Depth” session video from JAMF Nation User Conference 2015 now available

November 5, 2015 1 comment

JAMF Software has posted the session videos for from JAMF Nation User Conference 2015, including the video for my OS X security session.

For those interested, all of the the JNUC 2015 session videos are available on YouTube. For convenience, I’ve linked my session here.

Slides from the “OS X Security – Defense in Depth” Session at MacTech Conference 2015

November 4, 2015 Leave a comment

For those who wanted a copy of my security talk at MacTech Conference 2015, here are links to the slides in PDF and Keynote format.


Keynote –

Automating the setup of OS X Server on El Capitan and Yosemite

October 29, 2015 Leave a comment

As part of the development of Mac OS X, Apple has also developed Mac OS X Server as a way to provide access to both additional services on OS X and the management tools needed to administrate those services. While Mac OS X and Mac OS X Server used to be separate operating systems, Apple combined them into one release re-branded as OS X and moved the server-specific services and management tools into an OS X Server application available from the Mac App Store.

As part of the move to an application-based installation process, there was a capability removed from OS X Server: The ability to automate its setup entirely from the command line.

In order to run the initial setup of OS X Server, the following manually-run process was needed:

1. Log into the Mac using an account with administrator rights
2. Launch /Applications/

Screen Shot 2015 10 29 at 8 57 24 AM

3. Agree to the OS X Server license

Screen Shot 2015 10 29 at 8 57 35 AM

4. Provide administrator authorization when prompted.

Screen Shot 2015 10 29 at 8 57 46 AM

5. The initial setup of OS X Server would then proceed.

Screen Shot 2015 10 29 at 8 58 20 AM


For Mac sysadmins who needed to set up multiple instances of OS X Server, having this manual step involved slowed the setup process down considerably. To find out why this part needed to run manually, while at WWDC 2015 I asked the relevant Apple engineer why this was the case. The response was that the OS X Server license needed to be agreed to, to which I mentioned that Xcode had a similar requirement but that there was a way to agree to the license from the command line. The Apple engineer in question took that feedback and said it was a valid point.

At this point, the story skips forward to Brad Chapman discovering a new and undocumented way to agree to the license from the command line in OS X Server 5.0.x. Charles Edge built on that discovery and created an expect script to handle agreeing to the license and providing admin authorization. Charles’s method incorporated the use of an existing admin user’s username and password in the script, so in turn I’ve built on Charles’s work to create a completely automated setup script which does the following:

  1. Create a temporary user with a randomly generated password
  2. Give the temporary user admin privileges
  3. Run the initial setup and configuration of OS X Server’s services.
  4. Delete the temporary user

As part of the initial setup process:

  • Agree to the license
  • Authorize the setup process using the temporary user’s username and password

For more details, see below the jump.

Read more…

Oracle’s Java 8 Update 66

October 21, 2015 2 comments

Following closely on the heels of Oracle’s release of Java 8 Update 65, Oracle has released Java 8 Update 66. This update is also using Oracle’s install application.

Screen Shot 2015 10 21 at 8 57 05 AM

What’s the difference between Update 65 and Update 66? Update 65 is a Critical Patch Update (CPU), which contains both fixes to security vulnerabilities and critical bug fixes. Update 66 is a Patch Set Update (PSU), which means it contains all the fixes in the corresponding CPU, plus additional fixes to non-critical problems. For more details on the differences between CPU and PSU updates, please see the link below:

So the short version is that Update 65 has “critical bug fixes” and Update 66 has “Update 65’s bug fixes, plus more bug fixes.”

You can get Oracle’s Java 8 Update 66 from the link below:

For more details on Java 8 Update 66, see below the jump.

Read more…


Get every new post delivered to your Inbox.

Join 258 other followers

%d bloggers like this: