Category: Mac admin’ing
-
Getting the macOS selected Region via command line
When you set up your Mac for the first time, Setup Assistant will ask you for your preferred language and region. In the graphical user interface (GUI), you can later find (and change) these settings in System Settings > General > Language & Region. But what if you want to find them in the command-line…
-
AutoPkg recipe override inputs and updated trust info
What can be the issue with recipe override inputs? When you make a recipe override in AutoPkg, your override will have actual overrides and also parent trust info If the parent recipe has critical changes, usually you can update the trust info, and your override should work fine. In theory, critical parts of the recipe…
-
Some basics on switching from DEPNotify to swiftDialog
DEPNotify is a program that allows you to display a little progress screen while a Mac is getting set up via MDM and/or Munki (or some other scripts). Even though there aren’t any major security issues (as of this writing) with DEPNotify, it’s also not being maintained, and it’s currently (again, as of this writing)…
-
Terminal Secure Keyboard Entry and sudo with Touch ID on macOS
At one point or another, you may have discovered that you can enable Touch ID for sudo in the macOS terminal. You used to have to manually edit the /etc/pam.d/sudo file after every macOS update to re-enable it, but now you can keep it enabled permanently. When you have Touch ID enabled for sudo, you…
-
launchctl “new” subcommand basics for macOS
launchd For services running in the background (or foreground), macOS uses launchd (think cron jobs on Linux or scheduled tasks on Windows). Legacy Subcommands If you’ve been managing Macs for a while, you may be familiar with a particular syntax for loading launchd. For launch agents (usually run as user), you may typically have launched…
-
Using Touch ID for sudo on macOS… even after installing an OS update
For a while, you were able to use Touch ID for sudo on macOS by editing the /etc/pam.d/sudo file to have a line like auth sufficient pam_tid.so In previous macOS versions, that file would get overwritten when you updated (say, from 13.6 to 13.6.1), but in macOS 14 (Sonoma) and supposedly in future versions, you…
-
Comparing macOS versions using Python
At some point in a Python script, you may want to compare macOS versions (or, really, any software versions) to each other. Back in the day, you could use Python’s LooseVersion from distutils.version, but that’s now deprecated: >>> from distutils.version import LooseVersion >>> LooseVersion(‘14.0.0’) > LooseVersion(‘14.0’) True >>> LooseVersion(‘14.0.0’) == LooseVersion(‘14.0’) False >>> LooseVersion(‘14.0’) >…
-
UseAdditionalHttpHeaders preference for MunkiReport 5.8.0
Extra preference to consider If you use authorization headers for your Mac clients to communicate with your MunkiReport server and are upgrading from MunkiReport 5.7.1 (which still uses Python 2) to MunkiReport 5.8.0 (which uses Python 3), be aware that there is an additional preference to set if you want your headers to be used:…
-
Using Munki to “nudge” for Rapid Security Response updates (like 13.3.1 (a))
For many MacAdmins, Nudge has been an amazing tool for bothering users to update their Macs to the latest patch. Apple threw a wrench in things by the way it implemented the 13.3.1 (a) Rapid Security Response update, so Nudge doesn’t currently (as of this writing) support Rapid Security Response updates. There would be challenges…
-
Testing a local timezone deadline in Nudge
In the past year, there have been several requests to have Nudge support local time zones instead of UTC: Feature request: Support the local timezone UTC vs Local Time Feature request: use system local time instead of time for a specific time zone (e.g., Z / GMT) Turns out, as Kevin M. Cox explains in…
-
Enforcing an older force_install_after_date when importing a new Munki item version
Problem Munki has the ability to force updates to install by a certain date, using the force_install_after_date flag, but what do you do when you have an older version you want enforced, but you also want to import a newer version into the Munki repo? If you have Slack 4.29 you want force-installed in two…
-
“Origin checking failed … does not match any trusted origins” CSRF errors in Crypt Server
Recent changes to Crypt Server have included guards against cross-site request forgery (CSRF) attacks. If you don’t have your Crypt Server configured correctly, you may run into issues when trying to view a secret (Get Key). You can get an error like: Forbidden (403) CSRF verification failed. With DEBUG = True passed as an environment…
-
Using the distribution-style flag in munkipkg for PreStage Enrollment in Jamf
Even though Jamf has its own package creation tool (Jamf Composer), there are lots of great reasons to use munkipkg instead for creating custom packages, as Elliot Jordan outlines in You might like MunkiPkg. One of the keys munkipkg has is the distribution-style key (more details in the munkipkg README), which is usually fine to…
-
Managed Software Center may get stuck on “Starting Adobe installer…”
If you import an Adobe installer into your Munki repo, you may get it stuck on the installation part where Managed Software Center (or Munki’s logs) will just say Starting Adobe installer… and get stuck on that perpetually (I waited “only” a half hour, but it could possibly stay indefinitely). I searched in the MacAdmins…