Category: Mac admin’ing

  • Script to find application architectures on your Mac

    Apple has once again switched architectures. It used to be a switch from PowerPC to Intel. Now it is a switch from Intel to Apple Silicon. Vendors are in the process of switching from releasing Intel only or separate Intel and Silicon binaries to releasing universal binaries (that will work on both Intel and Silicon), […]

  • Signs you may have conflicting MDM profiles in macOS

    Jamf doesn’t currently let you easily separate out individual parts of a profile, so if you deploy a Restrictions profile, you have to enforce all the parts of the Restrictions profile. Sure, you can download the profile, un-sign it, modify it, re-sign it, and then re-upload it, but that’s not very easy to then modify […]

  • Installing macOS in VMware Fusion

    Introduction It’s not that difficult to install a macOS guest VM on a macOS host using VMware Fusion and personal (non-enterprise) licenses for VMware Fusion are now cost-free. But here are the actual steps. Get the installer Method 1 There’s a way built into macOS to get the installer using the softwareupdate –fetch-full-installer command in […]

  • Popping a Munki optional install to the top of Managed Software Center

    Most of the time, having optional installs in Managed Software Center be in alphabetical order is fine. Users can scroll through the list or search for optional installs by name. But if you have a long list of optional installs, you may want one or two items that are at the end of the alphabet […]

  • Doing quick tests of customized (Swift) Nudge text

    Introduction The new Swift version of Nudge is available now, and it provides a lot more customization options (and the ability to use either a .json or a configuration profile to set preferences), including lots of customized text. You can, of course, test out your customized test by deploying Nudge to a test machine that’s […]

  • Enrolling with management server failed with 500 status

    This isn’t a comprehensive “if you get this, these are all the solutions” post. This is more of a “this worked for me, and it may work for you, too” post. If you’re using sudo profiles renew -type enrollment to enroll a Mac in your MDM via DEP (or “automated device enrollment”), you may get […]

  • Using diskutil to find secure token users on a Mac

    Typically, to find out of if a user account on a Mac has a secure token, you run a command like sysadminctl -secureTokenStatus username Where username is the username of the account you’re checking for a secure token. Several folks on the MacAdmins Slack have mentioned that the most accurate way to get the secure […]

  • Troubleshooting “zsh: operation not permitted”

    If you try to run a script from the Terminal in macOS, you may get an error that says zsh: operation not permitted. As of this writing, the top Google search results for that all point to needing to grant the Terminal full disk access (either via System Preferences > Security & Privacy > Privacy […]

  • WWDC 2021 announcements for Mac admins…

    This fall, Apple is going to release its newest OS: macOS 12, Monterey. With that, there are some major improvements to Mac management that were not in Big Sur. Here are some highlights… From What’s new in managing Apple devices System Extensions removal With Big Sur, there were some fairly complicated digital gymnastics you had […]

  • Command to add a secure token to a macOS user account

    If you run sysadminctl -secureTokenStatus firstuseraccount and see a secure token is enabled for that first account but run sysadminctl -secureTokenStatus seconduseraccount and see a secure token is not enabled for that second account, you can try adding a secure token to the second account, so it can turn on FileVault or become a FileVault-enabled […]