Archive

Archive for the ‘Management Profiles’ Category

Deploying Terminal profile settings using macOS configuration profiles

December 19, 2019 Leave a comment

A number of Mac admins have their Terminal appearance settings configured just the way they like them, but it can be a bit of manual work to export and import them. After having to manually configure and export these settings more than a few times, I wanted to see if it was possible to export these settings in a way to make it easy to convert into a configuration profile.

With a little work and research, I was able to write a script which handled exporting the Terminal profile I wanted into a properly formatted plist file. For more details, please see below the jump.

Read more…

Slides from the “MDM: From “Nice to Have” To Necessity” session at Jamf Nation User Conference 2019

November 13, 2019 Leave a comment

For those who wanted a copy of my MDM talk at Jamf Nation User Conference 2019, here are links to the slides in PDF and Keynote format.

For those folks at the talk who were interested in Privileges and ProfileCreator, please see the links below:

Suppressing the Touch ID pop-up window with a profile on macOS Catalina

October 22, 2019 1 comment

Apple has introduced a number of pop-up windows over the years, which appear the first time you log into a Mac and sometimes also after OS updates. In 2016, Apple introduced one for Touch ID as part of introducing the Touch Bar.

LWScreenShot 2019 10 22 at 3 36 51 PM

For a long time, the only way to suppress this window from appearing was by using the command shown below:

defaults write com.apple.SetupAssistant DidSeeTouchIDSetup -bool TRUE

However, as of macOS Catalina, it is possible to suppress the Touch ID pop up window using a profile. For more details, please see below the jump.

Read more…

Suppressing the Screen Time pop-up window with a profile on macOS Catalina

October 18, 2019 1 comment

Apple has introduced a number of pop-up windows in various OS versions, which appear the first time you log into a Mac and sometimes also after OS updates. For macOS Catalina, Apple has introduced one for Screen Time.

Screen Shot 2019 10 18 at 3 45 00 PM

To stop the Screen Time pop-up window from appearing for your home folder, run the command shown below:

defaults write com.apple.SetupAssistant DidSeeScreenTime -bool TRUE

Since you normally will be able to run this command only after you’ve seen the Screen Time pop-up window, I’ve posted a profile for suppressing it. For more details, please see below the jump.

Read more…

Enable automatic macOS and App Store updates on macOS Catalina with a profile

October 10, 2019 1 comment

A while back, I wrote a post on enabling automatic software updates on OS X Yosemite through macOS Mojave. As part of the post, I mentioned that it wasn’t possible to manage the options for automatic macOS and App Store updates using a profile. The reasons were the following:

  • The App Store update options were managed by the com.apple.commerce preference domain, which isn’t manageable with a profile
  • The AutomaticallyInstallMacOSUpdates setting in the com.apple.SoftwareUpdate preference domain should be manageable with a profile, but for unknown reasons, it couldn’t be.

As of macOS Catalina, I’m happy to say that this has changed. For more details, please see below the jump.

Read more…

Creating macOS configuration profiles with encrypted payloads

September 16, 2019 Leave a comment

Recently, I was asked to create a configuration profile with an encrypted payload. This is a payload where the settings installed by the profile are not readable when you look at the .mobileconfig file. Instead, the payload with the settings is encrypted and are only readable once the payload contents are decrypted using the private key of a certificate which is also installed on the Mac in question.

In researching how to do this, I found that Apple’s documentation on encrypted payloads is very sparse and largely consists of the following (from https://developer.apple.com/documentation/devicemanagement/using_configuration_profiles):

Screen Shot 2019 09 15 at 11 15 41 PM

Example commands for CMS encryption of the property list are not provided in Apple’s documentation, but it is possible to use /usr/libexec/mdmclient to encrypt profile payloads:

https://mosen.github.io/profiledocs/troubleshooting/mdmclient.html#encrypt

To see how this works, let’s go through the process of setting up a certificate which can be used for encrypting a profile followed by using that certificate to encrypt the profile. For more, please see below the jump.

Read more…

Disable screenshots and screen recordings on macOS Mojave

September 5, 2019 1 comment

In certain circumstances, like taking school tests or handling sensitive documents, it may be necessary to disable the ability to create screenshots or make screen recordings. For those who need to do this, it’s possible to set this with a profile.

PayloadType: com.apple.applicationaccess
Key: allowScreenShot
Type: boolean

Once a profile has been built and applied to a Mac running macOS Mojave, trying to create a screenshot or screen recording will result in the following message.

Screenshot disabled message

For more details, please see below the jump.

Read more…

%d bloggers like this: