Category: Mac admin’ing

  • Deploying default Chrome settings to Macs

    You can, of course, manage certain Chrome settings via Google Workspace Admin, but what if you don’t want to manage things like the homepage, but you just want to set defaults for new deployments, and you still want users to be able to change those settings later? Google has something called an Initial Preferences file…

  • Making a custom Nudge launch agent

    Introduction Nudge releases generally come as Nudge, Nudge logger, and the Nudge launch agent. As of this writing, the Nudge launch agent will launch up Nudge every 30 minutes. The package is also signed: If you’re creating your own launch agent, you may want to code-sign it, or you may not have to, depending on…

  • Ensure your VMware Fusion Macs enroll in Jamf as Computers, not Devices

    It used to be that you could create a VMware Fusion virtual machine Mac, enroll it in Jamf (either by spoofing the serial number for Automated Device Enrollment or just using an auto-generated VM serial for manual enrollment). Recently (not sure when, exactly), you may have noticed if you try to enroll a VMware Fusion…

  • Using Nudge’s targetedOSVersionsRule

    With a single .json file or a single MDM-delivered configuration profile, you can have various deadlines and desired OS versions for Nudge, depending on the current macOS version of the client. Let’s say, for example, you want an earlier deadline for client machines on a very old build but a later deadline for other client…

  • Finding out which organization Office 365 is activated with

    If you want to see what organization Office 365 is activated with, you can take a peek at the user preferences: defaults read com.microsoft.office This is a bit tricky, though. At first glance, it might seem defaults read com.microsoft.office OfficeActivationEmailAddress is the best indicator of what account is signed in, but that value will remain…

  • Basic default behavior in Nudge (Swift, not Python)

    A couple of years ago, I published an Introduction to Nudge. At the time, Nudge was written in Python and worked in Catalina. The new version of Nudge is written in Swift and works for Big Sur and Monterey (and presumably Alcatraz and beyond). This new version of Nudge has a whole bunch of configurable…

  • How to install macOS 12 (Monterey) as a VMware Fusion guest VM

    Notes These are just more fleshed out steps from a brief overview in the VMware Fusion communities online forums. Hopefully, these instructions will be obsolete soon in a future update of VMware Fusion (where you can just select macOS 12, drag the installer to the install wizard, and have VMware Fusion do everything for you).…

  • Script to find application architectures on your Mac

    Apple has once again switched architectures. It used to be a switch from PowerPC to Intel. Now it is a switch from Intel to Apple Silicon. Vendors are in the process of switching from releasing Intel only or separate Intel and Silicon binaries to releasing universal binaries (that will work on both Intel and Silicon),…

  • Signs you may have conflicting MDM profiles in macOS

    Jamf doesn’t currently let you easily separate out individual parts of a profile, so if you deploy a Restrictions profile, you have to enforce all the parts of the Restrictions profile. Sure, you can download the profile, un-sign it, modify it, re-sign it, and then re-upload it, but that’s not very easy to then modify…

  • Installing macOS in VMware Fusion

    Introduction It’s not that difficult to install a macOS guest VM on a macOS host using VMware Fusion and personal (non-enterprise) licenses for VMware Fusion are now cost-free. But here are the actual steps. Get the installer Method 1 There’s a way built into macOS to get the installer using the softwareupdate –fetch-full-installer command in…

  • Popping a Munki optional install to the top of Managed Software Center

    Most of the time, having optional installs in Managed Software Center be in alphabetical order is fine. Users can scroll through the list or search for optional installs by name. But if you have a long list of optional installs, you may want one or two items that are at the end of the alphabet…

  • Doing quick tests of customized (Swift) Nudge text

    Introduction The new Swift version of Nudge is available now, and it provides a lot more customization options (and the ability to use either a .json or a configuration profile to set preferences), including lots of customized text. You can, of course, test out your customized test by deploying Nudge to a test machine that’s…

  • Enrolling with management server failed with 500 status

    This isn’t a comprehensive “if you get this, these are all the solutions” post. This is more of a “this worked for me, and it may work for you, too” post. If you’re using sudo profiles renew -type enrollment to enroll a Mac in your MDM via DEP (or “automated device enrollment”), you may get…

  • Using diskutil to find secure token users on a Mac

    Typically, to find out of if a user account on a Mac has a secure token, you run a command like sysadminctl -secureTokenStatus username Where username is the username of the account you’re checking for a secure token. Several folks on the MacAdmins Slack have mentioned that the most accurate way to get the secure…

  • Troubleshooting “zsh: operation not permitted”

    If you try to run a script from the Terminal in macOS, you may get an error that says zsh: operation not permitted. As of this writing, the top Google search results for that all point to needing to grant the Terminal full disk access (either via System Preferences > Security & Privacy > Privacy…