KeRanger ransomware, an attempt at detection & removal via the JSS

Standard

Screenshot 2016-03-07 14.31.40

Transmission is a popular BitTorrent client for Mac, over the weekend it emerged that a version of their app available from the projects website had been swapped with another version.

This version contained the KeRanger ransomware, this seems to be the first functioning example of ransomware affecting OS X.

Below is more information, as well as a script that should alert or clean up affected Macs.

Continue reading

JSS Setting Software Update Server To http://:/index.sucatalog

Standard

SoftwareUpdate

Recently we found that the JSS was setting our clients Software Update Catalog URL to http://:/index.sucatalog.

Well, as detailed previously, we moved from using Software Update servers to Caching.

The move to caching servers actually meant I shot myself in the foot some & caused my own issue. JAMF Support got me things sorted & below is how & my guess work as to what was happening.

Continue reading

Making the most of the Mac Mini for use with the Casper Suite

Standard

MacMiniWith the death of the Xserve & subsequent killing off of the MacMini server many Mac Admins have either sought to remove all Apple branded hardware from the server room or have been forced to.

Myself? I now look after a total of 25 Mac Servers, 21 of which are dedicated to our JSS & are installed across 8 different sites globally, some of the challenges of which are touched upon in the JNUC2014 Panel I was on, titled Thinking Big: Scaling JSS Infrastructures for the Mobile Workforce.

The focus of the post below is the Mac Mini’s which are used onsite for Casper Suite Distribution Points, NetBoot Servers & Caching Servers.

Continue reading

Security Update 2015-002 & mach_kernel file visibility

Standard

As posted by Tim Sutton, the installation of  “Security Update 2015-002” on a 10.8.5 or 10.9.5 Mac will leave the /mach_kernel file visible. That’s fine, until someone deletes the file & then can’t boot their Mac.

As ever, Rich Trouton has blogged a method to hide the file via Casper.

However, Rich does love an EA & I’m not so inclined therefore the following is an EA free method to achieve the same end.

Continue reading

JSS Using Wrong Distribution Points After v8 – v9 Upgrade

Standard

We updated our JSS from 8.73  – 9.22 back in January, we thought all was well until we needed to deploy some large packages.

This lead to our network guys not being to happy as Mac clients were downloading a 200MB installer across our MPLS irregardless of the distribution points assigned in our network segments.

After a few calls with JAMF support we discovered that the issue was due to the v8-v9 upgrade not updating a MySQL table, below is the how to check if your affected & what to do to fix.

Continue reading