Apple Platform Deployment – Now available in a locale near you!

Standard

The Apple Deployment Guide (https://support.apple.com/guide/deployment/welcome/web) is always updated soon after a major macOS release. However, it can take a couple of weeks for it to become available in many locales.

This year has been no exception, but as of today the Apple Deployment Guide (https://support.apple.com/guide/deployment/welcome/web) should now be available to all locales (that link should direct to your locale).

Prior to today, when accessing https://support.apple.com/guide/deployment/welcome/web from outside Canada and the US, folks would be redirected to their locales version of the guide, which was dated June 2022.

Even trying https://support.apple.com/en-us/guide/deployment/welcome/web would redirect folks to their locales version of the guide.

The one exception was is the en-CA locale (https://support.apple.com/en-ca/guide/deployment/welcome/web), which doesn’t seem to redirect. And as such, folks outside Canada and the US have been accessing the guide via that URL.

Regardless, its welcome to have the documentation available to all.

And, if so inclined, why not file feedback with Apple along the lines of what I filed below. So those of us outside Canada and the US are not left out in the cold for a couple of weeks next time (maybe):

FB11718598 (When a locales documentation isn’t available, redirect to en-US)

macOS Ventura and bypassing the new SystemPolicyAppBundles privacy policy control

Standard
https://developer.apple.com/documentation/devicemanagement/
privacypreferencespolicycontrol/services

With every macOS release since macOS Mojave, Apple have added more privacy policy controls (PPPC) for Admins to manage via MDM. And todays release of macOS Ventura, is no different, with two new PPPC which coming with macOS Ventura:

Managed Login Items are something which will I expect will be widely blogged about, but SystemPolicyAppBundles might not be as to trigger this new PPPC requires a narrow path to be trodden and even then, can be bypassed.

The below details the path required to trigger this new PPPC, and how to bypass.

Continue reading

Farewell macOS Server

Standard
https://en.wikipedia.org/wiki/MacOS_Server

Today, Apple published https://support.apple.com/en-us/HT208312, which states:

As of April 21, 2022, Apple has discontinued macOS Server. Existing macOS Server customers can continue to download and use the app with macOS Monterey.

https://support.apple.com/en-us/HT208312

As someone that cut my teeth with OSX Server on 10.3 (Panther), I’d like to say farewell old friend.

In addition, Apple have posted a document on choosing and MDM solution and as well have another document advising that:

Apple will discontinue Fleetsmith service on October 21, 2022
As of April 21, 2022, Apple has discontinued new signups for Fleetsmith.

https://support.apple.com/en-us/HT213238

If you’re looking for a replacement for either Profile Manager or Fleetsmith, why not head over to the MacAdmins.org Slack, or reach out to folks like.. oh, I dunno.. dataJAR 🙂

Anyways, farewell macOS Server!

Apple Business Manager and Apple School Manager Terms Update – March 31, 2022

Standard

As forewarned by Apple a week ago, the Business Manager and School Manager Terms have been updated today.

I’ve covered this a few times, but essentially an AxM Administrator for your organisation will need to agree to the new terms.

Also the AxM Administrator(s) for your organisation should have the above email (or it’s School Manager equivalent).

In the meantime, until terms are accepted:

Devices assigned to a Mobile Device Management (MDM) server in Apple School Manager or Apple Business Manager won’t be affected. If you erase all content and settings on a device, the device will still be assigned to the same MDM server, and the same settings will be applied during setup.

https://support.apple.com/en-gb/HT203063

Adobe Admin Console Packages and AutoPkg

Standard

For several years I’ve been involved in methods to deal with Adobe Creative Cloud packages via AutoPkg.

Well, due to changes to the packages contents I’ve created yet another method (which is hopefully the last one).

Details on this method can be found below, as well as a history of the various methods employed over the years.

Continue reading

macOS Monterey 12.3 will remove Python 2.7 (/usr/bin/python)

Standard

Hot on the heels of macOS Monterey 12.2, Apple have publicly released the macOS Monterey 12.3 Beta Release Notes.

Despite this being a point release, there are a few breaking changes.

The kernels for both the Dropbox Desktop Application and Microsoft OneDrive are called out as deprecated in the release notes, and as such both have updates and/or changes coming to overcome this change.

However, the more impactful change is the removal of Python 2 (/usr/bin/python).

This has a number of ramifications, and is really a very large change to drop in a point release.

See below for more details on this, and how it will likely affect every Mac Admin.

Continue reading

dataJAR’s New Product Focus

Standard

A couple of months ago myself and dataJAR’s Managing Director, Yannis Lagogiannis were guests on the MacAdmins.org Podcast where we discussed dataJAR’s New Product Focus.

The details on this episode can be found below.

Continue reading

Jamf Pro and log4shell (CVE-2021-44228)

Standard
https://twitter.com/GossiTheDog/status/1469252646745874435?s=20

A couple of days ago, a high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Log4j 2 utility was disclosed publicly via the project’s GitHub.

The vulnerability itself allows for Remote Code Execution (RCE) by logging a certain string, with the potential the impact of the exploit being full server control.

More information on this vulnerability can be found at numerous sources, including the below:

Log4j 2 is included within Jamf Pro for logging, but don’t panic!

If you’re a Jamf Cloud customer, then this has already been mitigated as per this post on Jamf Nation.

If you self host Jamf Pro, then the below applies:

Jamf Pro versions older than 10.14 are vulnerable to this issue. Versions 10.14 through 10.34 include Java 11, which partially mitigates the issue. The Jamf Pro 10.34.1 release was made available to address the issue completely. Please update to this version as soon as possible.

https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740

If you cannot upgrade to 10.34.1, you can manually update Log4j as per the steps documented here.

And, if you are having to upgrade from a few versions behind, don’t go alone.. take this.

Patch Solutions on the Jamf Marketplace

Standard

On the last day of this years JNUC, it was my honour to be included in a panel titled “Patch Solutions on the Jamf Marketplace” (the content of which is pretty self explanatory) alongside Armin Briegel, Ryan Ball and Sam Weiss.

See below for a link to the panels video, as well as links to the marketplace entries for the items discussed.

Continue reading

Managing iPads, for the Mac Admin

Standard

During day one of this years JNUC, I gave a talk titled “Managing iPads, for the Mac Admin”.

The premise of this talk was to touch on on things which are both familiar and unknown, when it comes to being a Mac Admin suddenly tasked with managing iPads.

Below you’ll find a link to the talks video and a link to the talks GitHub repo.

But, be warned.. I had 30 minutes to deliver over 100 slides and a little cold too.. so those that find my accent difficult at normal speed, might need to slow this one down or read the subtitles (which don’t appear to have any exciting surprises this time).

Continue reading