Enrolling with management server failed with 500 status

This isn’t a comprehensive “if you get this, these are all the solutions” post. This is more of a “this worked for me, and it may work for you, too” post. If you’re using sudo profiles renew -type enrollment to enroll a Mac in your MDM via DEP (or “automated device enrollment”), you may get… Continue reading Enrolling with management server failed with 500 status

Using diskutil to find secure token users on a Mac

Typically, to find out of if a user account on a Mac has a secure token, you run a command like sysadminctl -secureTokenStatus username Where username is the username of the account you’re checking for a secure token. Several folks on the MacAdmins Slack have mentioned that the most accurate way to get the secure… Continue reading Using diskutil to find secure token users on a Mac

Troubleshooting “zsh: operation not permitted”

If you try to run a script from the Terminal in macOS, you may get an error that says zsh: operation not permitted. As of this writing, the top Google search results for that all point to needing to grant the Terminal full disk access (either via System Preferences > Security & Privacy > Privacy… Continue reading Troubleshooting “zsh: operation not permitted”

WWDC 2021 announcements for Mac admins…

This fall, Apple is going to release its newest OS: macOS 12, Monterey. With that, there are some major improvements to Mac management that were not in Big Sur. Here are some highlights… From What’s new in managing Apple devices System Extensions removal With Big Sur, there were some fairly complicated digital gymnastics you had… Continue reading WWDC 2021 announcements for Mac admins…

Command to add a secure token to a macOS user account

If you run sysadminctl -secureTokenStatus firstuseraccount and see a secure token is enabled for that first account but run sysadminctl -secureTokenStatus seconduseraccount and see a secure token is not enabled for that second account, you can try adding a secure token to the second account, so it can turn on FileVault or become a FileVault-enabled… Continue reading Command to add a secure token to a macOS user account

“Invalid Message – The message could not be parsed.” with Jamf Cloud

Invalid Message – The message could not be parsed. is an odd error message for a jamf recon when you’re using Jamf Cloud, because if you Google that error message, there are only two results: FYI – Invalid Message – The message could not be parsed. Devices not updating inventory (Invalid Message – The message… Continue reading “Invalid Message – The message could not be parsed.” with Jamf Cloud

Why don’t Mac admins use MDM for Apple software updates?

Context People who administer Mac deployments at a large-ish scale (hundreds to tens of thousands—i.e., large enough that you have to automate things and can’t physically touch every machine to change settings or install updates) generally want to be able to patch software and macOS while giving a decent user experience. I think you’ll find… Continue reading Why don’t Mac admins use MDM for Apple software updates?

Copying the Rosetta 2 installer for offline installations

I honestly don’t know why this gets asked about as often as it does, but I’ve seen several instances in which Mac admins want to know how to get the Rosetta 2 installer .pkg to be installed offline. The installer is about 6.2 MB, so I don’t think bandwidth is the issue, but maybe it… Continue reading Copying the Rosetta 2 installer for offline installations

Chrome mid-update versions and Munki

Most of the time, if you want to patch Chrome using Munki, you just use add Chrome as a managed update or managed install to the relevant manifests in your Munki repo, and then have the AutoPkg Chrome.munki recipe import the new version of Chrome into your Munki repo from time to time (daily, weekly,… Continue reading Chrome mid-update versions and Munki