-
Chrome mid-update versions and Munki
Most of the time, if you want to patch Chrome using Munki, you just use add Chrome as a managed update or managed install to the relevant manifests in your Munki repo, and then have the AutoPkg Chrome.munki recipe import the new version of Chrome into your Munki repo from time to time (daily, weekly,…
-
Using a nopkg to “nudge” in Munki for Silicon Macs
Context This is really just a proof-of-concept, but as of this writing both Nudge and Munki use the softwareupdate binary to try to download updates to see what’s available. With the Silicon chip Macs, Apple has now made it so that softwareupdate will prompt you for a password for downloading pending updates, even if you’re…
-
Conflict 409 Error: Duplicate alternate MAC address for Jamf API call
Acknowledgements Major shoutout to Ben Toms from the MacAdmins Slack for pointing out what the issue is. The exact error message If you have a script that doesn’t return the actual response but just gives you an error code, you may get an error code of 409. If you Google something like 409 conflict jamf…
-
Adobe Package Downloader error on Big Sur
If you get a The installation cannot continue as the installer file may be damaged. Download the installer file again. error when trying to run the Adobe Package Downloader.app on Big Sur, the quickest workaround (as of the writing of this blog post) is to copy the Adobe Package Downloader.app (or, more precisely, the .dmg…
-
Updating Zoom manually if you’re using the Zoom IT installer
What’s the issue? Many Mac admins use the Zoom IT installer to keep Zoom up to date, because it can actually be installed in the background. But if you (as a Mac admin) install the Zoom IT version and don’t immediately update to the latest Zoom version, your users will encounter a Your Zoom application…
-
“An error occurred during personalization” when updating to macOS 11.2
Update Since I wrote this, Apple has already released macOS 11.2.1, so maybe this is no longer an issue? Not 100% sure. So see below if you are experiencing this issue. What’s the error? You may see this error when trying to download the update to macOS 11.2 if you’re on macOS 11.1. Software Update…
-
Unloading Santa’s system extension when uninstalling using Munki
What the problem is System extensions in place of kernel extensions For macOS 10.15+, Apple has deprecated kernel extensions in favor of system extensions, but system extensions can’t be unloaded silently by script. If you try to unload Santa’s system extension using the command: systemextensionsctl uninstall EQHXZ8M8AV com.google.santa.daemon you’ll get this: At this time, this…
-
Known Networks settings moved in Big Sur
In earlier (10.15 and lower) versions of macOS, Apple put the list of known networks in the /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist file. In Big Sur (macOS 11.x), Apple moved the known networks to the /Library/Preferences/com.apple.wifi.known-networks.plist file.
-
Firmware passwords of all kinds disabled for Silicon-chip Macs
I knew that firmware locks sent via MDM command didn’t work on the new Silicon-chip Macs, but I didn’t realize that the manual setting of a firmware password was also disabled (makes sense, since the two are probably linked in terms of how they’re implemented or the firmware mechanisms they use). If you try to…
-
Managing macOS Notification Center settings using a Jamf profile
There’s a feature request called Add support for new Notification Settings payloads for Catalina, originally created 19 August, 2019 and currently marked as partially implemented in Jamf Pro 10.19.0, the details being Starting in Jamf Pro 10.19.0, admins may automatically whitelist notifications in macOS Catalina for the Jamf Management Framework and Self Service application bundle..…
-
Semi-automating profile installation in Big Sur
It’s pretty well known among Mac admins that, starting with Big Sur (macOS 11), Apple has removed the ability for the profiles command to silently install .mobileconfig profiles. Apple wants you to use an MDM to deliver profiles silently… or have users themselves manually install profiles. If you try to install them silently the old…
-
If you can log in and use sudo but can’t unlock Sys Pref prefpanes in Big Sur
I and at least one other person on the MacAdmins Slack saw situations in which a known working password (can log into the computer, can use sudo to escalate privileges in the terminal) on an admin account is not working in System Preferences to unlock a prefpane. Special thanks to owen on the MacAdmins Slack…
-
Rolling back versions in Munki and using blocking applications arrays
Downgrading software in Munki can be a bit tricky. One of the tricks you can use is to remove the higher version number from your Munki repo, and replace an .app bundle–based installs array with a binary-based one. So, after removing the higher version from your repo, replacing the lower version’s pkginfo with something like…
-
Munki can get into a notification loop if root is using the Persian calendar
The Problem At some point, this blog post may be obsolete, because I’m hoping this will be fixed soon, but in the meantime, I’ve filed an issue on GitHub: Using Persian calendar results in notification loop at every next Munki run If you have users who claim to see notifications multiple times a day, even…
-
Installing Rosetta 2 on M1 Apple Silicon Macs (why checks matter)
Actual guides This isn’t really a guide to how to install Rosetta 2. There are already much better guides for those: Rich Trouton’s Installing Rosetta 2 on Apple Silicon Macs Graham Gilbert’s Installing Rosetta 2 on Apple Silicon Macs Rich Trouton’s blog post has some checks to make sure the Mac is running at least…