Archive

Archive for the ‘Management Profiles’ Category

Enabling diagnostic logging for Microsoft Outlook 2019

July 20, 2020 Leave a comment

I was recently asked for assistance with a way to enable diagnostic logging for Microsoft Outlook 2019 for macOS:

I had seen Microsoft’s KBase article on how to do it, where it references enabling logging via the Outlook preferences:

https://support.microsoft.com/en-us/help/2872257/how-to-enable-logging-in-outlook-for-mac

However, the KBase article only references how to enable this logging via the GUI and does not show how to do this via the command line. Fortunately my colleague @golby knew which settings could enabled from the command line to produce the requested logging. For more details, please see below the jump:

Read more…

Slides from the “Introduction to MDM and Configuration Profiles” session at Penn State MacAdmins 2020

June 4, 2020 1 comment

For those who wanted a copy of my MDM and profiles talk from Penn State MacAdmins 2020, here are links to the slides in PDF and Keynote format.

Jamf Pro Inventory Update and recon functions – alike, but not the same

March 13, 2020 3 comments

As part of discussing the outcome of a troubleshooting session concerning Jamf Pro and profile deployment with a teammate, I learned that the two functions that Jamf Pro uses to update its computer inventory worked in a similar fashion, but they weren’t identical.

The differences turned out to be important for profile deployment. For more details, please see below the jump.

Read more…

Deploying Terminal profile settings using macOS configuration profiles

December 19, 2019 Leave a comment

A number of Mac admins have their Terminal appearance settings configured just the way they like them, but it can be a bit of manual work to export and import them. After having to manually configure and export these settings more than a few times, I wanted to see if it was possible to export these settings in a way to make it easy to convert into a configuration profile.

With a little work and research, I was able to write a script which handled exporting the Terminal profile I wanted into a properly formatted plist file. For more details, please see below the jump.

Read more…

Slides from the “MDM: From “Nice to Have” To Necessity” session at Jamf Nation User Conference 2019

November 13, 2019 Leave a comment

For those who wanted a copy of my MDM talk at Jamf Nation User Conference 2019, here are links to the slides in PDF and Keynote format.

For those folks at the talk who were interested in Privileges and ProfileCreator, please see the links below:

Suppressing the Touch ID pop-up window with a profile on macOS Catalina

October 22, 2019 2 comments

Apple has introduced a number of pop-up windows over the years, which appear the first time you log into a Mac and sometimes also after OS updates. In 2016, Apple introduced one for Touch ID as part of introducing the Touch Bar.

LWScreenShot 2019 10 22 at 3 36 51 PM

For a long time, the only way to suppress this window from appearing was by using the command shown below:

defaults write com.apple.SetupAssistant DidSeeTouchIDSetup -bool TRUE

However, as of macOS Catalina, it is possible to suppress the Touch ID pop up window using a profile. For more details, please see below the jump.

Read more…

Suppressing the Screen Time pop-up window with a profile on macOS Catalina

October 18, 2019 1 comment

Apple has introduced a number of pop-up windows in various OS versions, which appear the first time you log into a Mac and sometimes also after OS updates. For macOS Catalina, Apple has introduced one for Screen Time.

Screen Shot 2019 10 18 at 3 45 00 PM

To stop the Screen Time pop-up window from appearing for your home folder, run the command shown below:

defaults write com.apple.SetupAssistant DidSeeScreenTime -bool TRUE

Since you normally will be able to run this command only after you’ve seen the Screen Time pop-up window, I’ve posted a profile for suppressing it. For more details, please see below the jump.

Read more…

Enable automatic macOS and App Store updates on macOS Catalina with a profile

October 10, 2019 1 comment

A while back, I wrote a post on enabling automatic software updates on OS X Yosemite through macOS Mojave. As part of the post, I mentioned that it wasn’t possible to manage the options for automatic macOS and App Store updates using a profile. The reasons were the following:

  • The App Store update options were managed by the com.apple.commerce preference domain, which isn’t manageable with a profile
  • The AutomaticallyInstallMacOSUpdates setting in the com.apple.SoftwareUpdate preference domain should be manageable with a profile, but for unknown reasons, it couldn’t be.

As of macOS Catalina, I’m happy to say that this has changed. For more details, please see below the jump.

Read more…

Creating macOS configuration profiles with encrypted payloads

September 16, 2019 1 comment

Recently, I was asked to create a configuration profile with an encrypted payload. This is a payload where the settings installed by the profile are not readable when you look at the .mobileconfig file. Instead, the payload with the settings is encrypted and are only readable once the payload contents are decrypted using the private key of a certificate which is also installed on the Mac in question.

In researching how to do this, I found that Apple’s documentation on encrypted payloads is very sparse and largely consists of the following (from https://developer.apple.com/documentation/devicemanagement/using_configuration_profiles):

Screen Shot 2019 09 15 at 11 15 41 PM

Example commands for CMS encryption of the property list are not provided in Apple’s documentation, but it is possible to use /usr/libexec/mdmclient to encrypt profile payloads:

https://mosen.github.io/profiledocs/troubleshooting/mdmclient.html#encrypt

To see how this works, let’s go through the process of setting up a certificate which can be used for encrypting a profile followed by using that certificate to encrypt the profile. For more, please see below the jump.

Read more…

Disable screenshots and screen recordings on macOS Mojave

September 5, 2019 1 comment

In certain circumstances, like taking school tests or handling sensitive documents, it may be necessary to disable the ability to create screenshots or make screen recordings. For those who need to do this, it’s possible to set this with a profile.

PayloadType: com.apple.applicationaccess
Key: allowScreenShot
Type: boolean

Once a profile has been built and applied to a Mac running macOS Mojave, trying to create a screenshot or screen recording will result in the following message.

Screenshot disabled message

For more details, please see below the jump.

Read more…

%d bloggers like this: