Archive for the ‘Management Profiles’ Category

Providing Jamf Pro computer inventory information via macOS configuration profile

February 25, 2023 4 comments

Jamf Pro can store and make available a lot of information about a particular computer and who is using it as part of the computer’s inventory record, but it can be challenging to access that information from the computer itself.

Screenshot 2023-02-25 at 1.59.32 PM

It is possible to use an API call to access this information, using either the Jamf Pro API or Jamf Pro’s Classic API, but that means providing a way to authenticate to the API. This may pose some security issues as you will need to both:

  • Provide a way for the computer to access those authentication credentials
  • Protect the authentication credentials from potentially malicious third parties

Fortunately, there is an alternative way to provide at least some inventory information without needing to make an API call. Jamf Pro provides a number of variables which can be used in macOS configuration profiles and it’s possible to leverage those variables to build a profile whose task is providing information from the computer’s inventory record in Jamf Pro in a way which can be accessed from the managed computer. For more details, please see below the jump.

Read more…

Specifying shell commands to run when opening new Terminal windows from macOS’s Terminal settings

July 15, 2022 Leave a comment

As a follow-up to a previous post, as part of that post I had been running certain shell commands by adding them to a .zshrc file:

With some additional research, I learned that I could also run these commands using the Run command function which is available in your Terminal settings under the Shell tab.

Screen Shot 2022 07 15 at 11 17 29 AM

To replicate what I wanted, I had to enable the Run command option in the Shell tab, then also set Run inside shell. Once those were enabled, I added the following shell commands:

export PS1="\$ " && unset zle_bracketed_paste && clear
  • export PS1=”\$ “: Sets the prompt to only display “$” (no quotes) using the PS1 environmental variable.
  • unset zle_bracketed_paste: Disable the zsh shell’s bracketed paste feature.
  • clear: Removes all contents (including running the commands listed above) from the Terminal window.

The reason why this is nice is that I can now add running these commands to a macOS configuration profile using the CommandString key:

<string>export PS1="\$ " &amp;&amp; unset zle_bracketed_paste &amp;&amp; clear</string>

view raw


hosted with ❤ by GitHub

To see this used in context in a macOS configuration profile, please see below the jump.

Read more…

Categories: macOS, Management Profiles

Customizing Terminal behavior for documentation needs

July 14, 2022 Leave a comment

As part of writing documentation today, I was given a script to follow when making some videos as part of the documentation process. The script included the following requirement:

  • Prepare the Terminal to not show the hostname or the logged-in user

By default, Terminal in macOS Monterey will show both. How to get rid of this?

Screen Shot 2022 07 14 at 3 27 15 PM

Fortunately for me, @scriptingosx had already documented how to do this as part of this post. You can use the PS1 environmental variable to set how your prompt appears in Terminal. After some experimentation, I set the following environmental variable:

PS1="\$ "

To have this prompt appear whenever I opened a new Terminal session, I added the following line to a newly-created .zshrc file in my home folder:

export PS1="\$ "

The .zshrc file is a configuration file for the zsh shell, so adding that and then opening a new Terminal window gave me a prompt which looks like this.

Screen Shot 2022 07 14 at 3 07 10 PM

As part of making the videos, I also noticed that when I copied and pasted a command into the Terminal that the pasted text was highlighted automatically. I’d seen this before and ignored it, but I thought it might be an unnecessary distraction for those watching this video later, so I went looking for how to disable it.

Screen Shot 2022 07 14 at 3 14 30 PM

After some research, I found that this was zsh’s “bracketed paste” feature, which was introduced as part of zsh 5.1. This feature can be turned off using the following command:

unset zle_bracketed_paste

Screen Shot 2022 07 14 at 3 15 20 PM

Adding entries for both the prompt and turning off bracketed paste to my .zshrc file gave me the Terminal behavior I wanted:

export PS1="\$ "
unset zle_bracketed_paste

Screen Shot 2022 07 14 at 3 19 14 PM

I also performed additional customization of my Terminal experience, but those modifications were managed using a configuration profile. For more details on that, please see this previous post:

Enabling full disk access for SSH on macOS Big Sur using a management profile

September 29, 2021 Leave a comment

When connecting via SSH to a remote Mac running macOS Big Sur, Apple’s user-level privacy controls apply. You can access data in the home folder of the account you’re using to connect, but you can’t access or alter protected data in other account’s home folders.

For most use cases, this is fine. However, there may be circumstances when full disk access for SSH connections is desired. To accommodate for this, Apple added an Allow full disk access for remote users checkbox in the Remote Login settings in System Preference’s Sharing preference pane.


This setting can normally only be enabled by the logged-in user sitting at that Mac. However, there is a way to manage this with a configuration profile. For more details, please see below the jump.

Read more…

Enabling diagnostic logging for Microsoft Outlook 2019

July 20, 2020 1 comment

I was recently asked for assistance with a way to enable diagnostic logging for Microsoft Outlook 2019 for macOS:

I had seen Microsoft’s KBase article on how to do it, where it references enabling logging via the Outlook preferences:

However, the KBase article only references how to enable this logging via the GUI and does not show how to do this via the command line. Fortunately my colleague @golby knew which settings could enabled from the command line to produce the requested logging. For more details, please see below the jump:

Read more…

Slides from the “Introduction to MDM and Configuration Profiles” session at Penn State MacAdmins 2020

June 4, 2020 2 comments

For those who wanted a copy of my MDM and profiles talk from Penn State MacAdmins 2020, here are links to the slides in PDF and Keynote format.

Jamf Pro Inventory Update and recon functions – alike, but not the same

March 13, 2020 3 comments

As part of discussing the outcome of a troubleshooting session concerning Jamf Pro and profile deployment with a teammate, I learned that the two functions that Jamf Pro uses to update its computer inventory worked in a similar fashion, but they weren’t identical.

The differences turned out to be important for profile deployment. For more details, please see below the jump.

Read more…

Deploying Terminal profile settings using macOS configuration profiles

December 19, 2019 Leave a comment

A number of Mac admins have their Terminal appearance settings configured just the way they like them, but it can be a bit of manual work to export and import them. After having to manually configure and export these settings more than a few times, I wanted to see if it was possible to export these settings in a way to make it easy to convert into a configuration profile.

With a little work and research, I was able to write a script which handled exporting the Terminal profile I wanted into a properly formatted plist file. For more details, please see below the jump.

Read more…

Slides from the “MDM: From “Nice to Have” To Necessity” session at Jamf Nation User Conference 2019

November 13, 2019 Leave a comment

For those who wanted a copy of my MDM talk at Jamf Nation User Conference 2019, here are links to the slides in PDF and Keynote format.

For those folks at the talk who were interested in Privileges and ProfileCreator, please see the links below:

Suppressing the Touch ID pop-up window with a profile on macOS Catalina

October 22, 2019 2 comments

Apple has introduced a number of pop-up windows over the years, which appear the first time you log into a Mac and sometimes also after OS updates. In 2016, Apple introduced one for Touch ID as part of introducing the Touch Bar.

LWScreenShot 2019 10 22 at 3 36 51 PM

For a long time, the only way to suppress this window from appearing was by using the command shown below:

defaults write DidSeeTouchIDSetup -bool TRUE

However, as of macOS Catalina, it is possible to suppress the Touch ID pop up window using a profile. For more details, please see below the jump.

Read more…

%d bloggers like this: