Alan Siu's Blog

Category: Mac admin’ing

  • Using Munki to “nudge” for Rapid Security Response updates (like 13.3.1 (a))

    For many MacAdmins, Nudge has been an amazing tool for bothering users to update their Macs to the latest patch. Apple threw a wrench in things by the way it implemented the 13.3.1 (a) Rapid Security Response update, so Nudge doesn’t currently (as of this writing) support Rapid Security Response updates. There would be challenges […]

  • Extracting icons from Assets.car on macOS

    Acknowledgements Thanks to Karen Garner for bringing this problem to my attention, and thanks to Mike Lynn for showing the solution. I’m just expanding on the solution a bit using a specific example. Problem Sometimes, when you look in an app bundle on macOS, you see an .icns file in Contents/Resources, and you can use […]

  • Testing a local timezone deadline in Nudge

    In the past year, there have been several requests to have Nudge support local time zones instead of UTC: Feature request: Support the local timezone UTC vs Local Time Feature request: use system local time instead of time for a specific time zone (e.g., Z / GMT) Turns out, as Kevin M. Cox explains in […]

  • Enforcing an older force_install_after_date when importing a new Munki item version

    Problem Munki has the ability to force updates to install by a certain date, using the force_install_after_date flag, but what do you do when you have an older version you want enforced, but you also want to import a newer version into the Munki repo? If you have Slack 4.29 you want force-installed in two […]

  • “Origin checking failed … does not match any trusted origins” CSRF errors in Crypt Server

    Recent changes to Crypt Server have included guards against cross-site request forgery (CSRF) attacks. If you don’t have your Crypt Server configured correctly, you may run into issues when trying to view a secret (Get Key). You can get an error like: Forbidden (403) CSRF verification failed. With DEBUG = True passed as an environment […]

  • Using the distribution-style flag in munkipkg for PreStage Enrollment in Jamf

    Even though Jamf has its own package creation tool (Jamf Composer), there are lots of great reasons to use munkipkg instead for creating custom packages, as Elliot Jordan outlines in You might like MunkiPkg. One of the keys munkipkg has is the distribution-style key (more details in the munkipkg README), which is usually fine to […]

  • Managed Software Center may get stuck on “Starting Adobe installer…”

    If you import an Adobe installer into your Munki repo, you may get it stuck on the installation part where Managed Software Center (or Munki’s logs) will just say Starting Adobe installer… and get stuck on that perpetually (I waited “only” a half hour, but it could possibly stay indefinitely). I searched in the MacAdmins […]

  • Modifying a distribution .pkg that has max macOS version requirements

    What’s the problem? A vendor has the option, when creating a macOS distribution package, to put in a minimum and/or maximum macOS version. That can make things slightly annoying if you’re trying, for example, to test out the current vendor package on a beta macOS version (or even a fully released macOS version that the […]

  • Deploying default Chrome settings to Macs

    You can, of course, manage certain Chrome settings via Google Workspace Admin, but what if you don’t want to manage things like the homepage, but you just want to set defaults for new deployments, and you still want users to be able to change those settings later? Google has something called an Initial Preferences file […]

  • Making a custom Nudge launch agent

    Introduction Nudge releases generally come as Nudge, Nudge logger, and the Nudge launch agent. As of this writing, the Nudge launch agent will launch up Nudge every 30 minutes. The package is also signed: If you’re creating your own launch agent, you may want to code-sign it, or you may not have to, depending on […]