-
Python 3 script to add optional installs to the SelfServeManifest
Two years ago, I wrote a bash script that adds a bunch of optional installs to the SelfServeManifest using /usr/libexec/PlistBuddy, which is a fine tool, but it can get bit messy sometimes. I did play around with using /usr/local/munki/manifestutil, but it got a bit convoluted, and I figured “Hey, why not just write it in…
-
If your VMWare guest macOS loses network connectivity
If you haven’t changed any settings, and suddenly the Internet connection on your VMWare guest macOS installation goes out, and shutting down the VM or rebooting the VM doesn’t help, try rebooting the host Mac. That will likely fix the problem (not sure why that problem comes up in the first place.
-
Script to make Jamf Self Service policy install a Munki optional install
There is a huge project called jamJAR that seeks to integrate Munki and Jamf in a seamless way. I’ve written a script that does something a bit less ambitious, but it may still be helpful to your organization if you are “using” Jamf Self-Service, really want to be using Managed Software Center, and still want…
-
Using a full macOS installer with Munki to patch macOS
Note about Silicon Macs This will not work with Apple Silicon Macs, as Apple now requires you to enter the password of a secure token user account in order to run startosinstall. Shoutout Shoutout to Rod Christiansen on the MacAdmins Slack for putting this strange (but still working for now) method of patching on my…
-
AutoPkg failed: hdiutil: attach failed – no mountable file systems error
If, when running AutoPkg, you get an error like failed: hdiutil: attach failed – no mountable file systems but you’re able to mount the .dmg manually (i.e., it’s not a corrupted download), double-check you don’t have a restrictions profile installed that requires you to authenticate when mounting disk images. That setting is pretty much useless…
-
T2 Macs don’t count as external boot media
I don’t see this documented anywhere in an officially explicit way, so I’m writing a blog post on this. With the introduction of T2-chip Macs, Apple introduced something called Startup Security Utility, and the official line there is that you can change the setting to “Allow booting from external media,” and then you can boot…
-
If you update an AutoPkg parent recipe, but your override is still using old settings…
AutoPkg has a cool feature called parent trust that allows you to create recipe overrides that store a hash of the parent recipe (instead of running the parent recipe directly), and then prevent you from running the recipe if there’s a change to the parent recipe, until you update the trust info. (I also have…
-
Force-stopping the MunkiStatus progress bar at the login window
Sometimes, the MunkiStatus progress bar over the login window can get stuck, and pressing the Stop button can take a while to halt the progress bar completely. To kill it immediately, press Cmd-Option-Shift-Escape (this is a slight modification of the usual force-quite key combination, which is Cmd-Option-Escape). Full credit to Yehuda Bialik and Greg Neagle…
-
Using AppleScript to install macOS software updates via System Preferences
Right now, this is a bit more of a proof-of-concept, but since /usr/sbin/softwareupdate has become increasingly unreliable in the past year for automating and enforcing Apple software updates, having a way to automate installing updates through the GUI on certain relatively unattended Macs is worth exploring. I’ve created a GitHub project for that called Sys…
-
A way to install macOS Catalina guest on VirtualBox on a Mac host
Why this blog post? I won’t say this is the way to install macOS Catalina on VirtualBox, but it’s certainly a way, and it’s difficult to find information about a way to do it. There are a lot of posts indicating that 10.15 or 10.15.1 worked but 10.15.2 and beyond don’t. Or that there are…
-
What can you do at the password prompt in Catalina’s recovery mode?
The mysterious password prompt Starting in macOS 10.15 (Catalina), Apple started requiring a password to do anything useful after booting into recovery mode: It’s not exactly clear what this password is for. T2-chip Macs have hardware-based encryption, and that encryption is able to turn on instantaneously. Without mounting the encrypted drive, you can’t really reset…
-
Changing ownership of files in Google Drive via Google Apps Script
This was a fun little exercise in Google Apps Script to essentially transfer ownership of Google Drive files from one user to another. Here’s a script that the old user should run to change ownership of those files to the new user: ChangeFileFolderOwnership.js And here’s a script that the new user user should run to…
-
Fixing Jamf device signature error
Even though this Jamf Nation thread is five years old, as of this writing, it’s still got the solution to the Device Signature Error – A valid device signature is required to perform the action error message. In my experience, the actual working solution is to run sudo jamf enroll -prompt and then enter credentials…
-
Running commands as a user when scripting for Munki or Jamf
Munki and Jamf run as root, so scripts they execute execute as root, not user. One great way around this is to use Outset‘s login scripts (login-once, login-every), but sometimes you may have occasion to actually run a script immediately as the logged-in user. Obviously, you’ll want to get the currently logged-in user into a…
-
Using a Munki nopkg to disable Chrome 80’s ScrollToTextFragment feature
Update, 14 July 2020 With Chrome 84, Google has now removed the ability to disable the ScrollToTextFragment feature, so this whole write-up is now obsolete What is ScrollToTextFragment With Chrome 80, Google has introduced a new ScrollToTextFragment feature that allows you to reference an anchor link by any phrase that’s in a webpage, even if…