Alan Siu's Blog

Category: Mac admin’ing

  • WWDC 2021 announcements for Mac admins…

    This fall, Apple is going to release its newest OS: macOS 12, Monterey. With that, there are some major improvements to Mac management that were not in Big Sur. Here are some highlights… From What’s new in managing Apple devices System Extensions removal With Big Sur, there were some fairly complicated digital gymnastics you had…

  • Command to add a secure token to a macOS user account

    If you run sysadminctl -secureTokenStatus firstuseraccount and see a secure token is enabled for that first account but run sysadminctl -secureTokenStatus seconduseraccount and see a secure token is not enabled for that second account, you can try adding a secure token to the second account, so it can turn on FileVault or become a FileVault-enabled…

  • “Invalid Message – The message could not be parsed.” with Jamf Cloud

    Invalid Message – The message could not be parsed. is an odd error message for a jamf recon when you’re using Jamf Cloud, because if you Google that error message, there are only two results: FYI – Invalid Message – The message could not be parsed. Devices not updating inventory (Invalid Message – The message…

  • Why don’t Mac admins use MDM for Apple software updates?

    Context People who administer Mac deployments at a large-ish scale (hundreds to tens of thousands—i.e., large enough that you have to automate things and can’t physically touch every machine to change settings or install updates) generally want to be able to patch software and macOS while giving a decent user experience. I think you’ll find…

  • Making sharding work with Munki catalogs in mind

    Some Munki admins use sharding to roll out to various portions of their fleet. Most versions of sharding create a random-looking (but not actually random) integer either between 0 and 99 or 1 and 100 that is based on a hash of the Mac’s serial number. Where that can be tricky is when you want…

  • Copying the Rosetta 2 installer for offline installations

    I honestly don’t know why this gets asked about as often as it does, but I’ve seen several instances in which Mac admins want to know how to get the Rosetta 2 installer .pkg to be installed offline. The installer is about 6.2 MB, so I don’t think bandwidth is the issue, but maybe it…

  • Chrome mid-update versions and Munki

    Most of the time, if you want to patch Chrome using Munki, you just use add Chrome as a managed update or managed install to the relevant manifests in your Munki repo, and then have the AutoPkg Chrome.munki recipe import the new version of Chrome into your Munki repo from time to time (daily, weekly,…

  • Using a nopkg to “nudge” in Munki for Silicon Macs

    Context This is really just a proof-of-concept, but as of this writing both Nudge and Munki use the softwareupdate binary to try to download updates to see what’s available. With the Silicon chip Macs, Apple has now made it so that softwareupdate will prompt you for a password for downloading pending updates, even if you’re…

  • Conflict 409 Error: Duplicate alternate MAC address for Jamf API call

    Acknowledgements Major shoutout to Ben Toms from the MacAdmins Slack for pointing out what the issue is. The exact error message If you have a script that doesn’t return the actual response but just gives you an error code, you may get an error code of 409. If you Google something like 409 conflict jamf…

  • Adobe Package Downloader error on Big Sur

    If you get a The installation cannot continue as the installer file may be damaged. Download the installer file again. error when trying to run the Adobe Package Downloader.app on Big Sur, the quickest workaround (as of the writing of this blog post) is to copy the Adobe Package Downloader.app (or, more precisely, the .dmg…

  • Updating Zoom manually if you’re using the Zoom IT installer

    What’s the issue? Many Mac admins use the Zoom IT installer to keep Zoom up to date, because it can actually be installed in the background. But if you (as a Mac admin) install the Zoom IT version and don’t immediately update to the latest Zoom version, your users will encounter a Your Zoom application…

  • “An error occurred during personalization” when updating to macOS 11.2

    Update Since I wrote this, Apple has already released macOS 11.2.1, so maybe this is no longer an issue? Not 100% sure. So see below if you are experiencing this issue. What’s the error? You may see this error when trying to download the update to macOS 11.2 if you’re on macOS 11.1. Software Update…

  • Unloading Santa’s system extension when uninstalling using Munki

    What the problem is System extensions in place of kernel extensions For macOS 10.15+, Apple has deprecated kernel extensions in favor of system extensions, but system extensions can’t be unloaded silently by script. If you try to unload Santa’s system extension using the command: systemextensionsctl uninstall EQHXZ8M8AV com.google.santa.daemon you’ll get this: At this time, this…

  • Known Networks settings moved in Big Sur

    In earlier (10.15 and lower) versions of macOS, Apple put the list of known networks in the /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist file. In Big Sur (macOS 11.x), Apple moved the known networks to the /Library/Preferences/com.apple.wifi.known-networks.plist file.

  • Firmware passwords of all kinds disabled for Silicon-chip Macs

    I knew that firmware locks sent via MDM command didn’t work on the new Silicon-chip Macs, but I didn’t realize that the manual setting of a firmware password was also disabled (makes sense, since the two are probably linked in terms of how they’re implemented or the firmware mechanisms they use). If you try to…