Archive
Providing Jamf Pro computer inventory information via macOS configuration profile
Jamf Pro can store and make available a lot of information about a particular computer and who is using it as part of the computer’s inventory record, but it can be challenging to access that information from the computer itself.
It is possible to use an API call to access this information, using either the Jamf Pro API or Jamf Pro’s Classic API, but that means providing a way to authenticate to the API. This may pose some security issues as you will need to both:
- Provide a way for the computer to access those authentication credentials
- Protect the authentication credentials from potentially malicious third parties
Fortunately, there is an alternative way to provide at least some inventory information without needing to make an API call. Jamf Pro provides a number of variables which can be used in macOS configuration profiles and it’s possible to leverage those variables to build a profile whose task is providing information from the computer’s inventory record in Jamf Pro in a way which can be accessed from the managed computer. For more details, please see below the jump.
Specifying shell commands to run when opening new Terminal windows from macOS’s Terminal settings
As a follow-up to a previous post, as part of that post I had been running certain shell commands by adding them to a .zshrc file:
- export PS1=”\$ “: Sets the prompt to only display “$” (no quotes) using the PS1 environmental variable.
- unset zle_bracketed_paste: Disable the zsh shell’s bracketed paste feature.
With some additional research, I learned that I could also run these commands using the Run command function which is available in your Terminal settings under the Shell tab.
To replicate what I wanted, I had to enable the Run command option in the Shell tab, then also set Run inside shell. Once those were enabled, I added the following shell commands:
export PS1="\$ " && unset zle_bracketed_paste && clear
- export PS1=”\$ “: Sets the prompt to only display “$” (no quotes) using the PS1 environmental variable.
- unset zle_bracketed_paste: Disable the zsh shell’s bracketed paste feature.
- clear: Removes all contents (including running the commands listed above) from the Terminal window.
The reason why this is nice is that I can now add running these commands to a macOS configuration profile using the CommandString key:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <key>CommandString</key> | |
| <string>export PS1="\$ " && unset zle_bracketed_paste && clear</string> |
To see this used in context in a macOS configuration profile, please see below the jump.
Customizing Terminal behavior for documentation needs
As part of writing documentation today, I was given a script to follow when making some videos as part of the documentation process. The script included the following requirement:
- Prepare the Terminal to not show the hostname or the logged-in user
By default, Terminal in macOS Monterey will show both. How to get rid of this?
Fortunately for me, @scriptingosx had already documented how to do this as part of this post. You can use the PS1 environmental variable to set how your prompt appears in Terminal. After some experimentation, I set the following environmental variable:
PS1="\$ "
To have this prompt appear whenever I opened a new Terminal session, I added the following line to a newly-created .zshrc file in my home folder:
export PS1="\$ "
The .zshrc file is a configuration file for the zsh shell, so adding that and then opening a new Terminal window gave me a prompt which looks like this.
As part of making the videos, I also noticed that when I copied and pasted a command into the Terminal that the pasted text was highlighted automatically. I’d seen this before and ignored it, but I thought it might be an unnecessary distraction for those watching this video later, so I went looking for how to disable it.
After some research, I found that this was zsh’s “bracketed paste” feature, which was introduced as part of zsh 5.1. This feature can be turned off using the following command:
unset zle_bracketed_paste
Adding entries for both the prompt and turning off bracketed paste to my .zshrc file gave me the Terminal behavior I wanted:
export PS1="\$ " unset zle_bracketed_paste
I also performed additional customization of my Terminal experience, but those modifications were managed using a configuration profile. For more details on that, please see this previous post:
Enabling full disk access for SSH on macOS Big Sur using a management profile
When connecting via SSH to a remote Mac running macOS Big Sur, Apple’s user-level privacy controls apply. You can access data in the home folder of the account you’re using to connect, but you can’t access or alter protected data in other account’s home folders.
For most use cases, this is fine. However, there may be circumstances when full disk access for SSH connections is desired. To accommodate for this, Apple added an Allow full disk access for remote users checkbox in the Remote Login settings in System Preference’s Sharing preference pane.
This setting can normally only be enabled by the logged-in user sitting at that Mac. However, there is a way to manage this with a configuration profile. For more details, please see below the jump.
Enabling diagnostic logging for Microsoft Outlook 2019
I was recently asked for assistance with a way to enable diagnostic logging for Microsoft Outlook 2019 for macOS:
I had seen Microsoft’s KBase article on how to do it, where it references enabling logging via the Outlook preferences:
https://support.microsoft.com/en-us/help/2872257/how-to-enable-logging-in-outlook-for-mac
However, the KBase article only references how to enable this logging via the GUI and does not show how to do this via the command line. Fortunately my colleague @golby knew which settings could enabled from the command line to produce the requested logging. For more details, please see below the jump:
Slides from the “Introduction to MDM and Configuration Profiles” session at Penn State MacAdmins 2020
For those who wanted a copy of my MDM and profiles talk from Penn State MacAdmins 2020, here are links to the slides in PDF and Keynote format.
Jamf Pro Inventory Update and recon functions – alike, but not the same
As part of discussing the outcome of a troubleshooting session concerning Jamf Pro and profile deployment with a teammate, I learned that the two functions that Jamf Pro uses to update its computer inventory worked in a similar fashion, but they weren’t identical.
The differences turned out to be important for profile deployment. For more details, please see below the jump.
Deploying Terminal profile settings using macOS configuration profiles
A number of Mac admins have their Terminal appearance settings configured just the way they like them, but it can be a bit of manual work to export and import them. After having to manually configure and export these settings more than a few times, I wanted to see if it was possible to export these settings in a way to make it easy to convert into a configuration profile.
With a little work and research, I was able to write a script which handled exporting the Terminal profile I wanted into a properly formatted plist file. For more details, please see below the jump.
Slides from the “MDM: From “Nice to Have” To Necessity” session at Jamf Nation User Conference 2019
For those who wanted a copy of my MDM talk at Jamf Nation User Conference 2019, here are links to the slides in PDF and Keynote format.
- PDF – https://tinyurl.com/JNUC2019PDF
- Keynote – https://tinyurl.com/JNUC2019Keynote
For those folks at the talk who were interested in Privileges and ProfileCreator, please see the links below:
- Privileges: https://github.com/SAP/macOS-enterprise-privileges
- ProfileCreator: https://github.com/ProfileCreator/ProfileCreator
Suppressing the Touch ID pop-up window with a profile on macOS Catalina
Apple has introduced a number of pop-up windows over the years, which appear the first time you log into a Mac and sometimes also after OS updates. In 2016, Apple introduced one for Touch ID as part of introducing the Touch Bar.
For a long time, the only way to suppress this window from appearing was by using the command shown below:
defaults write com.apple.SetupAssistant DidSeeTouchIDSetup -bool TRUE
However, as of macOS Catalina, it is possible to suppress the Touch ID pop up window using a profile. For more details, please see below the jump.
Der Flounder 
Recent Comments