Box & Active Directory Federation Services



We use Box as an enterprise file sharing & collaboration solution, with Active Directory Federation Services (ADFS) as our Identity Provider (IdP).

However, there are some limitations with this setup which are not particularly detailed anywhere, just omitted.

Below are some of the limitations I’ve found.

Continue reading

Microsoft Office 2016 For Mac Serialisation Changes




Soon Microsoft are to release an update to the Office 2016 Volume License installer on VLSC.

This update is 15.17 & is the first that has a few changes that may affect the way you deploy Office 2016.

These changes are going to be later enforced in 15.20 & onwards. Below are some details on the changes, some of the why & how via the power of the Slack & the awesome @pbowden that some of us have had a sneak peek.

Continue reading

AutoCasperNBI, AutoImagrNBI & El Capitan


The Captain

Update 25/10/15: The post has been updated with my findings & explains the additions in AutoCasperNBI & AutoImagrNBI where applicable.

On Wednesday Apple unleashed the 11th iteration of OS X, El Capitan.

This release has had a number of under the hood changes that have affected AutoCasperNBI & AutoImagrNBI, some like csrutil have been detailed here.  The two main issues can be found in greater detail below.

Now, don’t fret, these changes are not insurmountable. They just mean that neither AutoCasperNBI nor AutoImagrNBI will have 10.11 releases available for a few weeks.

This should be fine as there’s no urgency for 10.11 NBIs as, at the time of writing, all current Macs can boot to 10.10.

Continue reading

Faffing About With csrutil



At Apple’s recent event, the release date for the next release of OS X (El Capitan) was “leaked” in the above shown email.

Not only is this release going to be the most magical since the last one, it’s main focus seems to be on performance & security. The latter of which will affect us admins, especially System Integrity Protection (read: SIP).

This post will try to explain one way SIP may affect you, & possibly how to prepare.

Continue reading

Captive Portals


Screenshot 2015-07-15 10.12.23Earlier today the above popped up on some 10.9 Macs, iOS devices & even Android devices. Clicking “Cancel” would only stop the pop up for a few minutes & it would re-appear.

On the MacAdmins Slack a few mentioned seeing this, so the immediate thoughts of “OMG what has happened to my wireless” subsided.

Continue reading

Enabled/Disabled Identifiers & NBImageInfo.plist



The below is to try explain the use of the Enabled/Disabled Identifiers arrays in the NBImageInfo.plist on OSX Server.

This is to try & better explain their use.

NBI’s that are generated via SIU have a NBImageInfo.plist which is populated from the SupportedModelProperties array in /System/Library/CoreServices/PlatformSupport.plist.

Continue reading

Casper Imaging & CoreStorage Volumes

NOTE: Casper Imaging 9.65 addresses this & as such the workaround is no longer needed.

As blogged before, a part of our Casper Imaging workflow involves partitioning the “Macintosh HD” for use with FSTAB.

Unfortunately, we have discovered an issue with Casper Imaging & Yosemite shipped Macs as these Macs come with CoreStorage enabled “Macintosh HD”.  This has been logged with JAMF as D-008217 & this post will be updated once resolved.

To get around this defect, I’ve written a little AppleScript app called “CoreStorage Revert” that you can get via a PKG from here. (NOTE: This is for CoreStorage volumes & not Fusion drives).

The PKG is meant to be added to an AutoCasperNBI created NBI, as it removes the com.AutoCasperNBI.CasperImaging.plist as “CoreStorage Revert” launches Casper Imaging itself.

For more details on the app, the why & some rambling findings, see below.

Continue reading

The “Local Items” Keychain In Mavericks


Screen Shot 2014-03-29 at 11.21.15 PM

UPDATE: My fork of ADPassMon has now been merged with main & many changes have been made, for more information follow this link.

The “Local Items” keychain is something that you may have the misfortune of running into when changing passwords via an external directory service due to password expiry or a using forgetting their passwords in Mavericks.

I spent some time tackling it when forking ADPassMon to not only update Users passwords not via the pref pane, just through ADPassMon, & then also updating the users keychain password.

Below are my observations on the new keychain.


Continue reading

Mavericks & Preference Caching


Preference Caching is something that has been within OSX for some time, in Mountain Lion it was quite prominent with plists such as the Dock plist.

When Dockutil 1.1.4 was released it’s major change as noted in the release notes was to restart  this preference caching service called: cfprefsd, without which the settings written to the would later be overwritten.

So why am I mumbling along about this?

Well, recently i’ve been involved in discussions on this & wanted to post something to give others the heads up in case anyone else struggles with it.

Continue reading

VPP 2.0 & “A Question Of Morality”


Back in November last year, I posted some observations VPP 2.0, Mavericks, iLife ’13 & iWork ’13 which highlighted some of the technical difficulties with this new approach.

However, taking a step back we realised that we were going to struggle with licensing the software.

After several discussions with various Apple employees we came to a solution, which was summarised by the Apple employee as “a question of morality.”

So how did the conversations get to that point? Well, let me explain..

Continue reading