As part of the release of Office 2016 15.33.0, a number of managed preference options have been added and some have changed from what they were before. An example of one that has changed is the DefaultsToLocalOpenSave management setting, which sets the Open and Save options in Office 2016 apps to default to On My Mac instead of Online Locations.
In Microsoft Office 2016 15.32.x and earlier, the DefaultsToLocalOpenSave setting could only be managed by running a command similar to the one below on the individual user accounts:
/usr/bin/defaults write "/path/to/user/homefolder/Library/Group Containers/UBF8T346G9.Office/"com.microsoft.officeprefs DefaultsToLocalOpenSave -bool true
To set this for all accounts on a particular Mac, I had written the following script:
As of Microsoft Office 2016 15.33.x, this setting can now be set at the global level for all users by running the following command with root privileges:
/usr/bin/defaults write /Library/Preferences/com.microsoft.office DefaultsToLocalOpenSave -bool true
I’ve posted an updated script for manage this setting to GitHub, available via the link below:
This setting can now also be managed with a profile, so I’ve created a .mobileconfig file and posted it here on Github:
I’ve had a tool available for a while named create_vmware_osx_install_dmg, but it looks like it has reached the end of the road with macOS 10.12.3. The reason for this is because macOS 10.12.4 has introduced a change that prevents the addition of third-party packages to the OS installer. create_vmware_osx_install_dmg uses the addition of a third-party installer package, so unfortunately this tool cannot be used to generate 10.12.4 or later OS installers.
That said, I still want to be able to create macOS installer disk images for VMware Fusion and ESXi, so I’ve forked create_vmware_osx_install_dmg into a new script named create_macos_vm_install_dmg. create_macos_vm_install_dmg will generate stock OS installer disk images for the following OS versions:
- Mac OS X 10.7.x
- OS X 10.8.x
- OS X 10.9.x
- OS X 10.10.x
- OS X 10.11.x
- OS X 10.12.x
This script does not use a third-party package, so it is able to build a macOS 10.12.4 installer disk image. For more details, see below the jump.
With the release of macOS 10.12.4, it appears that Apple has made a change to the OS installer that blocks the installation of third-party packages which have been added to the OS installer. In my testing, I’ve verified the following tools are affected:
Note: There may be others, this list is what I’ve tested.
In each case, the OS install process proceeds without issues until the OS installer tries to install the third party installer package. At that point, the installation process fails and displays the message shown below:
The package "Package Name Goes Here" is not signed. Quit the installer to restart your computer and try again.
The error message displayed is misleading however, as this message may also appear if the package has been signed with a Developer ID Installer certificate.
In testing done by myself and others, we have found that there is one circumstance where you can still add a third-party installer package:
- If you are building a NetInstall NetBoot set using System Image Utility
- If the package is signed with a Developer ID Installer certificate.
Otherwise, the only installer packages I’ve seen which install correctly are packages which have been signed by Apple itself.
For more details, see below the jump.
As part of my pre-release testing of macOS Sierra, I tested iCloud Desktop and Documents syncing and decided I was not going to use it because of the problems I found. However, at that time I could not find a way to disable only iCloud Desktop and Documents without having to disable iCloud Drive entirely.
As part of the release of macOS 10.12.4, Apple has made available a profile option that allows for the specific disabling of iCloud Desktop and Documents syncing without needing to block iCloud Drive.
For more details, see below the jump.
In a number of Mac environments, there is a need or requirement for a login banner (otherwise known as a lock message). This message appears in the following locations:
- FileVault 2 pre-boot login screen
- OS login window
- Screensaver lock window
Brevity is best, as staying within a maximum of three lines permits the banner text to be displayed consistently in all three locations. Exceeding the three-line limit may result in the text being cut off and not fully displayed.
You can set this banner text from the command line using the following defaults command, which should be run with root privileges:
/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "My Login Window Text Goes Here"
Being able to consistently set when lines begin and end can be challenging though, as the defaults command is not able to interpret a newline command natively. However, it is possible to set a multi-line login banner and be able to consistently set when lines begin and end. For more details, see below the jump.
While discussing various issues with a colleague, he mentioned that he was seeing the root account enabled on several machines where it should not have been. In general, the root account on macOS is not needed for system administration and should be disabled so he asked if there was a way to use the dsenableroot command to disable the root account without also needing to provide a password.
Unfortunately, disabling the root account by using the dsenableroot -d command does require providing a password as part of the command.
However, it is possible to disable logins to the root account without using the dsenableroot -d command. For more details, see below the jump.
Every so often, it’s necessary to resize the boot drive of an existing virtual machine. The process of resizing the VM’s boot disk from outside the VM is usually pretty straightforward:
1. Shut down the VM
2. Go into the VM’s drive settings
3. Resize it to the desired size
4. Power on the VM.
However, when the VM boots up, the disk space used by the OS won’t have changed.
However, the OS can detect that there is available unallocated disk space that it isn’t using.
Fortunately, this is a correctable condition and the fix can be applied without needing to shut down the VM or boot from another drive. For more details, see below the jump.