Archive

Archive for the ‘Mac administration’ Category

Oracle Java 10 JDK and JRE installation scripts for macOS

April 19, 2018 Leave a comment

Oracle has started to release Java 10 for macOS, so I’m posting a couple of scripts to download and install the following:

Oracle has been releasing two separate versions of Java 8 simultaneously and may do the same for Java 10, so these Java 10-focused scripts are designed to allow the user to set which version they want to install: the CPU release or the PSU release.

The difference between CPU and PSU releases is as follows:

  • Critical Patch Update (CPU): contains both fixes to security vulnerabilities and critical bug fixes.
  • Patch Set Update (PSU): contains all the fixes in the corresponding CPU, plus additional fixes to non-critical problems.

For more details on the differences between CPU and PSU updates, please see the link below:

http://www.oracle.com/technetwork/java/javase/cpu-psu-explained-2331472.html

For more information, please see below the jump.

Read more…

32-bit application alert message in macOS 10.13.4

April 12, 2018 1 comment

Starting on April 12, 2018, Macs running macOS 10.13.4 will display a one-time alert when 32-bit applications are opened. This alert will appear once per user account on the Mac, when a relevant 32-bit application is opened.

Screen Shot 2018 04 12 at 12 02 17 AM

When the Learn More… button in the alert window is clicked, the following Apple KBase article opens in your default web browser:

32-bit app compatibility with macOS High Sierra 10.13.4
https://support.apple.com/HT208436

Screen Shot 2018 04 12 at 12 04 34 AM

 

For those who need to stop this alert from being displayed in their environments, I’ve built a management profile to suppress the warning. It is available on GitHub via the link below:

https://github.com/rtrouton/profiles/tree/master/Disable32BitApplicationWarning

Whitelisting third-party kernel extensions using profiles

April 12, 2018 3 comments

As part of macOS 10.13.2, Apple introduced the concept of User Approved MDM Enrollment (UAMDM). UAMDM grants mobile device management (MDM) additional management privileges, beyond what is allowed for macOS MDM enrollments which have not been “user approved”.

As of macOS 10.13.4, the only additional management privilege associated with UAMDM is that it allows you to deploy a profile which provides a whitelist for third-party kernel extensions. This profile allows a company, school or institution to avoid the need to have individual users approve the running of approved software.

Without the profile, third-party kernel extensions will need to be approved through the User-Approved Kernel Extension Loading (UAKEL) process. Here’s how that process looks:

1. When a request is made to the OS to load a third-party kernel extension which the user has not yet approved, the load request is denied and macOS presents an alert to the user.

Screen Shot 2018 04 11 at 9 16 13 PM

2. The alert tells the user how to approve the loading of the kernel extension signed by a particular developer or vendor, by following this procedure:

A. Open System Preferences
B. Go to the Security & Privacy preference pane

Screen Shot 2018 04 11 at 9 20 45 PM

C. Click the Allow button.

Screen Shot 2018 04 11 at 9 20 22 PM

Note: This approval is only available for 30 minutes. After that, it disappears until the following happens:

i. The Mac restarts
ii. Another attempt is made to load the kernel extension.

Screen Shot 2018 04 11 at 9 20 25 PM

While waiting for the kernel extension to be approved, a copy of the kernel extension is made by the operating system and stored in the following location:

/Library/StagedExtensions

Once approved, another copy of the kernel extension is made and allowed to load.

Screen Shot 2018 04 11 at 9 19 39 PM

This process is relatively easy for an individual to manage on their own computer, but it would be very difficult to manage when dealing with more than a handful of Macs. To help companies, schools and institutions, Apple has made a management profile option available to centrally approve third-party kernel extensions. For more details, please see below the jump.

Read more…

Reclaiming drive space by thinning Apple File System snapshot backups

April 7, 2018 Leave a comment

As part of a recent clean-up of my Apple File System-formatted (APFS) boot drive, I deleted a number of files. However, I noticed that deleting files did not free up nearly as much space as I thought it should. When I investigated, I noticed that my boot drive had a number of Time Machine snapshots stored on it.

Screen Shot 2018 04 07 at 2 04 39 PM

A quick way to reclaim space from a particular snapshot immediately would be to delete the snapshot using the tmutil command line tool, using the command shown below:

tmutil deletelocalsnapshots snapshot-name-here

However, I didn’t want to delete backups if I could avoid it since I might need something stored in one of them. After some research, I was able to find a tmutil command that did what I needed. For more details, please see below the jump:

Read more…

Suppressing the Data & Privacy pop-up window on macOS High Sierra

April 4, 2018 Leave a comment

Starting with Mac OS X 10.7.2, Apple set the iCloud sign-in to pop up on the first login.

Lwscreenshot 2016 09 20 at 10 38 00 am

In OS X 10.10, Apple added a Diagnostics & Usage window that pops up at first login after the iCloud sign-in.

Lwscreenshot 2016 09 20 at 7 35 05 am

In macOS 10.12, Apple added another pop-up window for Siri.

Lwscreenshot 2016 09 20 at 10 39 04 am

In macOS 10.13.4, Apple has added a Data & Privacy pop-up window for their data privacy information.

Data and privacy pop up

To stop the Data & Privacy pop-up window from appearing for your home folder, run the command shown below:

defaults write com.apple.SetupAssistant DidSeePrivacy -bool TRUE

Since you normally will be able to run this command only after you’ve seen the Data & Privacy pop-up window, I’ve updated my script for suppressing the various pop-up windows to now also suppress the Data & Privacy pop-up window. For more details, see below the jump.

Read more…

Using QuickAdd-based user-initiated enrollment on macOS High Sierra with Jamf Pro 10.3

April 1, 2018 1 comment

Starting with Jamf Pro 10.3, user-initiated computer enrollment now has two modes:

  • macOS High Sierra: Uses an MDM profile to enroll the Mac, with the Jamf Pro agent being installed once MDM enrollment is complete.
  • macOS Sierra and earlier: Uses a QuickAdd installer package to enroll the Mac, with MDM enrollment and installation of the Jamf Pro agent being handled by the QuickAdd package.

However, it is still possible to get a QuickAdd installer package to enroll a Mac running macOS High Sierra. For more details, please see below the jump.

Read more…

User-initiated computer enrollment now using MDM profile enrollment in Jamf Pro 10.3

April 1, 2018 Leave a comment

One of the changes introduced in Jamf Pro 10.3 is that user-initiated computer enrollment now has two modes:

  • macOS High Sierra: Uses an MDM profile to enroll the Mac, with the Jamf Pro agent being installed once MDM enrollment is complete.
  • macOS Sierra and earlier: Uses a QuickAdd installer package to enroll the Mac, with MDM enrollment and installation of the Jamf Pro agent being handled by the QuickAdd package.

Why the difference?

Using the MDM enrollment method on macOS High Sierra will automatically enable User Approved MDM, which is necessary for full management privileges on the Mac in question. The reason is that since the user is installing the MDM profile, the user is also logically approving the MDM management and satisfying Apple’s conditions for enabling User Approved MDM.

For more details, please see below the jump.

Read more…

%d bloggers like this: