JNUC2022 : On Bootstrap Tokens, Secure Tokens, and Volume Ownership

Standard

Not only was I on a panel at JNUC 2022, but I also gave a talk in person too titled: JNUC2022 : On Bootstrap Tokens, Secure Tokens, and Volume Ownership.

Despite me giving this talk in person, Jamf have published the prior recorded remote version (with the majority of talks recorded prior due to JNUC2022‘s hybrid nature).

One difference between this and the panel recording is that this one is COVID-19 free!

See below for a link to the video, the GitHub repo with all of the links and lastly a link to the JNUC2022 playlist.

Continue reading

JNUC 2022: Patch Management Solutions Panel

Standard

For JNUC 2022, I was invited onto a panel to discuss patch management solutions for Jamf Pro once again.

This followed a similar format to the 2021 panel. Not only did this years panel include myself alongside Armin BriegelRyan Ball and Sam Weiss, but we were joined this time by Isaac Ordonez as well.

Sadly, for the recording, I was a little unwell and the following day tested positive for COVID-19. So, if I sound a little off, that’s why.

See below for a link to the panels video, as well as links to the JNUC 2022 YouTube playlist.

Continue reading

Apple Platform Deployment – Now available in a locale near you!

Standard

The Apple Deployment Guide (https://support.apple.com/guide/deployment/welcome/web) is always updated soon after a major macOS release. However, it can take a couple of weeks for it to become available in many locales.

This year has been no exception, but as of today the Apple Deployment Guide (https://support.apple.com/guide/deployment/welcome/web) should now be available to all locales (that link should direct to your locale).

Prior to today, when accessing https://support.apple.com/guide/deployment/welcome/web from outside Canada and the US, folks would be redirected to their locales version of the guide, which was dated June 2022.

Even trying https://support.apple.com/en-us/guide/deployment/welcome/web would redirect folks to their locales version of the guide.

The one exception was is the en-CA locale (https://support.apple.com/en-ca/guide/deployment/welcome/web), which doesn’t seem to redirect. And as such, folks outside Canada and the US have been accessing the guide via that URL.

Regardless, its welcome to have the documentation available to all.

And, if so inclined, why not file feedback with Apple along the lines of what I filed below. So those of us outside Canada and the US are not left out in the cold for a couple of weeks next time (maybe):

FB11718598 (When a locales documentation isn’t available, redirect to en-US)

macOS Ventura and bypassing the new SystemPolicyAppBundles privacy policy control

Standard

With every macOS release since macOS Mojave, Apple have added more privacy policy controls (PPPC) for Admins to manage via MDM. And todays release of macOS Ventura, is no different, with two new PPPC which coming with macOS Ventura:

Managed Login Items are something which will I expect will be widely blogged about, but SystemPolicyAppBundles might not be as to trigger this new PPPC requires a narrow path to be trodden and even then, can be bypassed.

The below details the path required to trigger this new PPPC, and how to bypass.

not

Farewell macOS Server

Standard

Today, Apple published https://support.apple.com/en-us/HT208312, which states:

As of April 21, 2022, Apple has discontinued macOS Server. Existing macOS Server customers can continue to download and use the app with macOS Monterey.

https://support.apple.com/en-us/HT208312

As someone that cut my teeth with OSX Server on 10.3 (Panther), I’d like to say farewell old friend.

In addition, Apple have posted a document on choosing and MDM solution and as well have another document advising that:

Apple will discontinue Fleetsmith service on October 21, 2022
As of April 21, 2022, Apple has discontinued new signups for Fleetsmith.

https://support.apple.com/en-us/HT213238

If you’re looking for a replacement for either Profile Manager or Fleetsmith, why not head over to the MacAdmins.org Slack, or reach out to folks like.. oh, I dunno.. dataJAR 🙂

Anyways, farewell macOS Server!

Apple Business Manager and Apple School Manager Terms Update – March 31, 2022

Standard

As forewarned by Apple a week ago, the Business Manager and School Manager Terms have been updated today.

I’ve covered this a few times, but essentially an AxM Administrator for your organisation will need to agree to the new terms.

Also the AxM Administrator(s) for your organisation should have the above email (or it’s School Manager equivalent).

In the meantime, until terms are accepted:

Devices assigned to a Mobile Device Management (MDM) server in Apple School Manager or Apple Business Manager won’t be affected. If you erase all content and settings on a device, the device will still be assigned to the same MDM server, and the same settings will be applied during setup.

https://support.apple.com/en-gb/HT203063

Adobe Admin Console Packages and AutoPkg

Standard

For several years I’ve been involved in methods to deal with Adobe Creative Cloud packages via AutoPkg.

Well, due to changes to the packages contents I’ve created yet another method (which is hopefully the last one).

Details on this method can be found below, as well as a history of the various methods employed over the years.

Continue reading

macOS Monterey 12.3 will remove Python 2.7 (/usr/bin/python)

Standard

Hot on the heels of macOS Monterey 12.2, Apple have publicly released the macOS Monterey 12.3 Beta Release Notes.

Despite this being a point release, there are a few breaking changes.

The kernels for both the Dropbox Desktop Application and Microsoft OneDrive are called out as deprecated in the release notes, and as such both have updates and/or changes coming to overcome this change.

However, the more impactful change is the removal of Python 2 (/usr/bin/python).

This has a number of ramifications, and is really a very large change to drop in a point release.

See below for more details on this, and how it will likely affect every Mac Admin.

Continue reading

dataJAR’s New Product Focus

Standard

A couple of months ago myself and dataJAR’s Managing Director, Yannis Lagogiannis were guests on the  MacAdmins.org Podcast where we discussed dataJAR’s New Product Focus.

The details on this episode can be found below.

Continue reading

Jamf Pro and log4shell (CVE-2021-44228)

Standard

A couple of days ago, a high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Log4j 2 utility was disclosed publicly via the project’s GitHub.

The vulnerability itself allows for Remote Code Execution (RCE) by logging a certain string, with the potential the impact of the exploit being full server control.

More information on this vulnerability can be found at numerous sources, including the below:

Log4j 2 is included within Jamf Pro for logging, but don’t panic!

If you’re a Jamf Cloud customer, then this has already been mitigated as per this post on Jamf Nation.

If you self host Jamf Pro, then the below applies:

Jamf Pro versions older than 10.14 are vulnerable to this issue. Versions 10.14 through 10.34 include Java 11, which partially mitigates the issue. The Jamf Pro 10.34.1 release was made available to address the issue completely. Please update to this version as soon as possible.

https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740

If you cannot upgrade to 10.34.1, you can manually update Log4j as per the steps documented here.

And, if you are having to upgrade from a few versions behind, don’t go alone.. take this.