Tag: macos
-
Scripting changing user icons: dsimport prompts for password in zsh
2 June, 2021 Update Special shoutout to Armin Briegel for pointing out that the zsh version runs just fine if you use a different variable name from USERNAME. I’ve tried it with USERACCOUNT instead, and I’ve confirmed it works fine with zsh. Original Post Apple is moving toward making zsh the default shell instead of…
-
Using installinstallmacos.py to get beta installers
Usually, if you use installinstallmacos.py, you’ll get the already-released installers: # ProductID Version Build Post Date Title 1 001-15219 10.15.5 19F2200 2020-06-15 macOS Catalina 2 001-04366 10.15.4 19E2269 2020-05-04 macOS Catalina 3 061-86291 10.15.3 19D2064 2020-03-23 macOS Catalina 4 041-91758 10.13.6 17G66 2019-10-19 macOS High Sierra 5 001-57224 10.15.7 19H4 2020-10-27 macOS Catalina 6 061-26589…
-
Allowing Outset-run scripts to have access to user folders
Because of TCC/PPPC, which Apple introduced in macOS 10.14, scripts and applications have to ask for permissions to do certain things, especially things like reading user home directory files. If you have an Outset login script that tries to access something in the home directory, you may find in the ~/Library/Logs/outset.log that you get a…
-
If Jamf recon is launching a du process that causes a CPU spike
If Jamf inventory (jamf recon) causes an extended CPU spike specifically related to the du command, you can fix that by going, in the Jamf settings, to Computer Management > Computer Management – Management Framework > Inventory Collection, and then uncheck the Include home directory sizes checkbox. That is a system-wide setting, but especially if…
-
Terminal command to tell if a macOS directory is SIP-protected
Starting with El Capitan (OS X 10.11), Apple started using System Integrity Protection (SIP) in macOS, so that certain directories would be not writable, even by root. Here’s a quick reference for a couple of commands you can use to see if a directory or file is SIP-protected, as that may change from macOS version…
-
Running daily, weekly, and monthly scripts in macOS using periodic
Background I was looking for time-based project similar to Outset (which runs boot and login scripts stored in various directories), and apparently there’s one already baked into macOS that will run daily, weekly, and monthly scripts. Shoutout to @elios on the MacAdmins Slack for letting me know about periodic Launch Daemons If you run sudo…
-
The limits of password-protecting a .mobileconfig profile
Three years ago, Rich Trouton wrote Adding password protection to manually installed management profiles, which gives step-by-step instructions for how to make a manually-installed profile prompt for a custom password (in addition to the local admin password) when being removed. I’ve tested this on Catalina, and it still works! That said, it worked only from…
-
Double-checking details of deployed PPPC/TCC profile from MDM
If you’ve deployed a PPPC/TCC profile from your user-approved MDM to a Mac, and you see the profile in System Preferences > Profiles, you can also verify all the details of the deployed profile on the Mac itself by going to /Library/Application Support/com.apple.TCC/MDMOverrides.plist (which is an SIP-protected directory, by the way).
-
Things to keep in mind if using a profile to delay macOS updates
Now that Apple has removed the –ignore flag from softwareupdate, it’s recommending you use the forceDelayedSoftwareUpdates and enforcedSoftwareUpdateDelay flags (more details in Device Management Profile: Restrictions), which are supposed to, in theory, delay an updates user visibility a certain number of days after the update’s release. The number of days delayed may not be precise…
-
Some basics of DEPNotify and a sample script
If you’ve been doing Munki admin’ing for a short while, you’ve probably heard people talk about DEPNotify, whose README says is “a small light weight notification app that was designed to let your users know what’s going on during a DEP enrollment.” Aforementioned DEPNotify README is fairly comprehensive in terms of going over all the…
-
If your VMWare guest macOS loses network connectivity
If you haven’t changed any settings, and suddenly the Internet connection on your VMWare guest macOS installation goes out, and shutting down the VM or rebooting the VM doesn’t help, try rebooting the host Mac. That will likely fix the problem (not sure why that problem comes up in the first place.
-
Using a full macOS installer with Munki to patch macOS
Note about Silicon Macs This will not work with Apple Silicon Macs, as Apple now requires you to enter the password of a secure token user account in order to run startosinstall. Shoutout Shoutout to Rod Christiansen on the MacAdmins Slack for putting this strange (but still working for now) method of patching on my…
-
Force-stopping the MunkiStatus progress bar at the login window
Sometimes, the MunkiStatus progress bar over the login window can get stuck, and pressing the Stop button can take a while to halt the progress bar completely. To kill it immediately, press Cmd-Option-Shift-Escape (this is a slight modification of the usual force-quite key combination, which is Cmd-Option-Escape). Full credit to Yehuda Bialik and Greg Neagle…
-
Using AppleScript to install macOS software updates via System Preferences
Right now, this is a bit more of a proof-of-concept, but since /usr/sbin/softwareupdate has become increasingly unreliable in the past year for automating and enforcing Apple software updates, having a way to automate installing updates through the GUI on certain relatively unattended Macs is worth exploring. I’ve created a GitHub project for that called Sys…
-
Fixing Jamf device signature error
Even though this Jamf Nation thread is five years old, as of this writing, it’s still got the solution to the Device Signature Error – A valid device signature is required to perform the action error message. In my experience, the actual working solution is to run sudo jamf enroll -prompt and then enter credentials…