Not only was I on a panel at JNUC 2022, but I also gave a talk in person too titled: JNUC2022 : On Bootstrap Tokens, Secure Tokens, and Volume Ownership.
Despite me giving this talk in person, Jamf have published the prior recorded remote version (with the majority of talks recorded prior due to JNUC2022‘s hybrid nature).
One difference between this and the panel recording is that this one is COVID-19 free!
See below for a link to the video, the GitHub repo with all of the links and lastly a link to the JNUC2022 playlist.
For JNUC 2022, I was invited onto a panel to discuss patch management solutions for Jamf Pro once again.
This followed a similar format to the 2021 panel. Not only did this years panel include myself alongside Armin Briegel, Ryan Ball and Sam Weiss, but we were joined this time by Isaac Ordonez as well.
Sadly, for the recording, I was a little unwell and the following day tested positive for COVID-19. So, if I sound a little off, that’s why.
See below for a link to the panels video, as well as links to the JNUC 2022 YouTube playlist.
The Apple Deployment Guide (https://support.apple.com/guide/deployment/welcome/web) is always updated soon after a major macOS release. However, it can take a couple of weeks for it to become available in many locales.
This year has been no exception, but as of today the Apple Deployment Guide (https://support.apple.com/guide/deployment/welcome/web) should now be available to all locales (that link should direct to your locale).
Prior to today, when accessing https://support.apple.com/guide/deployment/welcome/web from outside Canada and the US, folks would be redirected to their locales version of the guide, which was dated June 2022.
Even trying https://support.apple.com/en-us/guide/deployment/welcome/web would redirect folks to their locales version of the guide.
The one exception was is the en-CA locale (https://support.apple.com/en-ca/guide/deployment/welcome/web), which doesn’t seem to redirect. And as such, folks outside Canada and the US have been accessing the guide via that URL.
Regardless, its welcome to have the documentation available to all.
And, if so inclined, why not file feedback with Apple along the lines of what I filed below. So those of us outside Canada and the US are not left out in the cold for a couple of weeks next time (maybe):
FB11718598 (When a locales documentation isn’t available, redirect to en-US)
Managed Login Items are something which will I expect will be widely blogged about, but SystemPolicyAppBundles might not be as to trigger this new PPPC requires a narrow path to be trodden and even then, can be bypassed.
The below details the path required to trigger this new PPPC, and how to bypass.
Today, Apple published https://support.apple.com/en-us/HT208312, which states:
As of April 21, 2022, Apple has discontinued macOS Server. Existing macOS Server customers can continue to download and use the app with macOS Monterey.https://support.apple.com/en-us/HT208312
As someone that cut my teeth with OSX Server on 10.3 (Panther), I’d like to say farewell old friend.
In addition, Apple have posted a document on choosing and MDM solution and as well have another document advising that:
Apple will discontinue Fleetsmith service on October 21, 2022https://support.apple.com/en-us/HT213238
As of April 21, 2022, Apple has discontinued new signups for Fleetsmith.
If you’re looking for a replacement for either Profile Manager or Fleetsmith, why not head over to the MacAdmins.org Slack, or reach out to folks like.. oh, I dunno.. dataJAR 🙂
Anyways, farewell macOS Server!
As forewarned by Apple a week ago, the Business Manager and School Manager Terms have been updated today.
I’ve covered this a few times, but essentially an AxM Administrator for your organisation will need to agree to the new terms.
Also the AxM Administrator(s) for your organisation should have the above email (or it’s School Manager equivalent).
In the meantime, until terms are accepted:
Devices assigned to a Mobile Device Management (MDM) server in Apple School Manager or Apple Business Manager won’t be affected. If you erase all content and settings on a device, the device will still be assigned to the same MDM server, and the same settings will be applied during setup.https://support.apple.com/en-gb/HT203063
For several years I’ve been involved in methods to deal with Adobe Creative Cloud packages via AutoPkg.
Well, due to changes to the packages contents I’ve created yet another method (which is hopefully the last one).
Details on this method can be found below, as well as a history of the various methods employed over the years.
Hot on the heels of macOS Monterey 12.2, Apple have publicly released the macOS Monterey 12.3 Beta Release Notes.
Despite this being a point release, there are a few breaking changes.
The kernels for both the Dropbox Desktop Application and Microsoft OneDrive are called out as deprecated in the release notes, and as such both have updates and/or changes coming to overcome this change.
However, the more impactful change is the removal of Python 2 (/usr/bin/python).
This has a number of ramifications, and is really a very large change to drop in a point release.
See below for more details on this, and how it will likely affect every Mac Admin.
A couple of months ago myself and dataJAR’s Managing Director, Yannis Lagogiannis were guests on the MacAdmins.org Podcast where we discussed dataJAR’s New Product Focus.
The details on this episode can be found below.
A couple of days ago, a high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Log4j 2 utility was disclosed publicly via the project’s GitHub.
The vulnerability itself allows for Remote Code Execution (RCE) by logging a certain string, with the potential the impact of the exploit being full server control.
More information on this vulnerability can be found at numerous sources, including the below:
Log4j 2 is included within Jamf Pro for logging, but don’t panic!
If you’re a Jamf Cloud customer, then this has already been mitigated as per this post on Jamf Nation.
If you self host Jamf Pro, then the below applies:
Jamf Pro versions older than 10.14 are vulnerable to this issue. Versions 10.14 through 10.34 include Java 11, which partially mitigates the issue. The Jamf Pro 10.34.1 release was made available to address the issue completely. Please update to this version as soon as possible.https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740
If you cannot upgrade to 10.34.1, you can manually update Log4j as per the steps documented here.
And, if you are having to upgrade from a few versions behind, don’t go alone.. take this.