Tag: macos

  • Some basics on switching from DEPNotify to swiftDialog

    DEPNotify is a program that allows you to display a little progress screen while a Mac is getting set up via MDM and/or Munki (or some other scripts). Even though there aren’t any major security issues (as of this writing) with DEPNotify, it’s also not being maintained, and it’s currently (again, as of this writing)…

  • Terminal Secure Keyboard Entry and sudo with Touch ID on macOS

    At one point or another, you may have discovered that you can enable Touch ID for sudo in the macOS terminal. You used to have to manually edit the /etc/pam.d/sudo file after every macOS update to re-enable it, but now you can keep it enabled permanently. When you have Touch ID enabled for sudo, you…

  • launchctl “new” subcommand basics for macOS

    launchd For services running in the background (or foreground), macOS uses launchd (think cron jobs on Linux or scheduled tasks on Windows). Legacy Subcommands If you’ve been managing Macs for a while, you may be familiar with a particular syntax for loading launchd. For launch agents (usually run as user), you may typically have launched…

  • Using Nudge’s targetedOSVersionsRule

    With a single .json file or a single MDM-delivered configuration profile, you can have various deadlines and desired OS versions for Nudge, depending on the current macOS version of the client. Let’s say, for example, you want an earlier deadline for client machines on a very old build but a later deadline for other client…

  • Basic default behavior in Nudge (Swift, not Python)

    A couple of years ago, I published an Introduction to Nudge. At the time, Nudge was written in Python and worked in Catalina. The new version of Nudge is written in Swift and works for Big Sur and Monterey (and presumably Alcatraz and beyond). This new version of Nudge has a whole bunch of configurable…

  • Signs you may have conflicting MDM profiles in macOS

    Jamf doesn’t currently let you easily separate out individual parts of a profile, so if you deploy a Restrictions profile, you have to enforce all the parts of the Restrictions profile. Sure, you can download the profile, un-sign it, modify it, re-sign it, and then re-upload it, but that’s not very easy to then modify…

  • Command to add a secure token to a macOS user account

    If you run sysadminctl -secureTokenStatus firstuseraccount and see a secure token is enabled for that first account but run sysadminctl -secureTokenStatus seconduseraccount and see a secure token is not enabled for that second account, you can try adding a secure token to the second account, so it can turn on FileVault or become a FileVault-enabled…

  • Copying the Rosetta 2 installer for offline installations

    I honestly don’t know why this gets asked about as often as it does, but I’ve seen several instances in which Mac admins want to know how to get the Rosetta 2 installer .pkg to be installed offline. The installer is about 6.2 MB, so I don’t think bandwidth is the issue, but maybe it…

  • Adobe Package Downloader error on Big Sur

    If you get a The installation cannot continue as the installer file may be damaged. Download the installer file again. error when trying to run the Adobe Package Downloader.app on Big Sur, the quickest workaround (as of the writing of this blog post) is to copy the Adobe Package Downloader.app (or, more precisely, the .dmg…

  • Unloading Santa’s system extension when uninstalling using Munki

    What the problem is System extensions in place of kernel extensions For macOS 10.15+, Apple has deprecated kernel extensions in favor of system extensions, but system extensions can’t be unloaded silently by script. If you try to unload Santa’s system extension using the command: systemextensionsctl uninstall EQHXZ8M8AV com.google.santa.daemon you’ll get this: At this time, this…

  • Known Networks settings moved in Big Sur

    In earlier (10.15 and lower) versions of macOS, Apple put the list of known networks in the /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist file. In Big Sur (macOS 11.x), Apple moved the known networks to the /Library/Preferences/com.apple.wifi.known-networks.plist file.

  • Semi-automating profile installation in Big Sur

    It’s pretty well known among Mac admins that, starting with Big Sur (macOS 11), Apple has removed the ability for the profiles command to silently install .mobileconfig profiles. Apple wants you to use an MDM to deliver profiles silently… or have users themselves manually install profiles. If you try to install them silently the old…

  • Munki can get into a notification loop if root is using the Persian calendar

    The Problem At some point, this blog post may be obsolete, because I’m hoping this will be fixed soon, but in the meantime, I’ve filed an issue on GitHub: Using Persian calendar results in notification loop at every next Munki run If you have users who claim to see notifications multiple times a day, even…

  • How to check the Carbon Black version installed

    Update Thanks to Clay Haynes for pointing out you can get the version more easily by running /Applications/VMware\ Carbon\ Black\ EDR.app/Contents/MacOS/CbOsxSensorService -v Back story In Carbon Black 6.3.0 and 7.0.1, it isn’t super obvious how to check for the version installed. For example, if you run defaults read /Applications/VMware\ Carbon\ Black\ EDR.app/Contents/Info.plist, you’ll see CFBundleInfoDictionaryVersion…

  • Scripting changing user icons: dsimport prompts for password in zsh

    2 June, 2021 Update Special shoutout to Armin Briegel for pointing out that the zsh version runs just fine if you use a different variable name from USERNAME. I’ve tried it with USERACCOUNT instead, and I’ve confirmed it works fine with zsh. Original Post Apple is moving toward making zsh the default shell instead of…