krypted.com

Tiny Deathstars of Foulness

Built a quick extension attribute for Jamf Pro environments to check if TouchID is enabled and report back a string in $result – this could easily be modified and so I commented a few pointers for environments that might need to modify it (e.g. to check for user-level as it’s currently system-level). To see/have the code, check https://github.com/krypted/TouchID_check.

January 18th, 2017

Posted In: JAMF, Mac Security

Tags: , , , , , , ,

Leave a Comment

January 17th, 2017

Posted In: Articles and Books, MacAdmins Podcast

Leave a Comment

My daughter and I binge watched this cartoon a long time ago and I feel like this episode of a children’s cartoon explained “all the things” and so I share it with you.

“You must balance yourself before you can balance the world.”

January 13th, 2017

Posted In: personal

Tags: ,

Leave a Comment

It may sound like a cliché, but nothing is truer for business owners: You’re only as good as your employees.

And because nothing’s ever easy, few challenges are more delicate than keeping valuable employees happy and motivated.

To read more, see my post over at @inc at http://www.inc.com/charles-edge/10-things-you-should-do-to-keep-your-employees-happy-every-day.html

January 13th, 2017

Posted In: Articles and Books

Tags: , , ,

Leave a Comment

The codesign command is used to sign apps and check the signature of apps. Apps need to be signed more and more and more these days. So, you might need to loop through your apps and verify that they’re signed. You might also choose to stop trusting given signing authorities if one is compromised. To check signing authorities, you can use

codesign -dv --verbose=4 /Applications/Firefox.app/ 2>&1 | sed -n '/Authority/p'

The options in the above command:

  • -d is used to display information about the app (as opposed to a -s which would actually sign the app)
  • -v increases the verbosity level (without the v’s we won’t see the signing “Authority”)
  • –verbose=4 indicates the level of verbosity
  • 2>&1 redirects stderr to stdout
  • /Applications/Firefox.app/ – the path to the app we’re checking (or signing if you’re signing)

Then we pipe the output into a simple sed and get the signing chain. Or don’t. For example, if you’re scripting don’t forget a sanity check for whether an object isn’t signed. For example, if we just run the following for a non-signed app:

codesign -dv --verbose=4 /Applications/Utilities/XQuartz.app/

The output would be as follows:

/Applications/Utilities/XQuartz.app/: code object is not signed at all

January 12th, 2017

Posted In: Apps, Mac OS X, Mac OS X Server

Tags: , , , , , , ,

Leave a Comment

Prepare for your network administrators to cringe… I’ve spoken on these commands but never really put them together in this way, exactly. So I wanted to find a coworker on a network. So one way to find people is to use a ping sweep. Here I’m going to royally piss off my switch admins and ping sweep the subnet:

ping 255.255.255.255

Next, I’m going to run arp to translate:

arp -a

Finally, if a machine is ipv6, it wouldn’t show up. So I’m going to run:

ndp -a

Now, I find the hostname, then look at the MAC address, copy that to my clipboard, find for that to get the IP and then I can flood that host with all the things. Or you could use nmap… :-/

January 7th, 2017

Posted In: Mac OS X, Network Infrastructure

Tags: , , , , , ,

Leave a Comment

For a simple guide to getting your message in front of customers by offering the type of content they want to consume, check out my latest article on Inc.com at http://www.inc.com/charles-edge/5-video-strategies-that-can-grow-your-business-without-spending-a-mint.html

January 5th, 2017

Posted In: Articles and Books, Small Business

Tags: , ,

Leave a Comment

A number of environments need to disable the Notification Center and Action Center features in Windows 10. This can be done using the registry editor or using a Group Policy Object (GPO).

First let’s look at doing so with the registry. As with any mucking around with the registry, when editing, I strongly recommend backing up the registry and/or creating a restore point first. Once done, click Run, enter regedit and hit Enter to open the Registry Editor.

Next, right-click on the HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer registry key and create a new DWORD (32-bit) key. Call the key DisableNotificationCenter and provide the number 1 as the value. Then quit the Registry Editor and restart. Notification Center and Action Center should then be disabled. Simply delete that key and reboot in order to go back.

If the Group Policy Editor is available, click Run and enter gpedit.msc. Then open the User Configuration, navigate to Administrative Templates, click on Start Menu and then choose Taskbar. Open Remove Notifications and Action Center, and move the Enabled option to Disable (if disabling of course). You can then run gpupdate or reboot to see the change.

January 2nd, 2017

Posted In: Windows Server, Windows XP

Tags: , ,

Leave a Comment

12 years ago today I posted my first article on this site. My publisher at the time thought I should have a website, so I made one. And after over 3,500 posts, I’ve watched the industry change so much!

I have always written about what I do. Because of that, the past couple of years have seen a slight shift from Apple device management (I mean, I still write about that when I feel like it) to more technical management and leadership articles. These days I also have contributions scattered all over the place, from publishing code on GitHub, to writing about technology and leadership for Huffington Post, to Entrepreneurism for Inc.com, to writing about scrum for devops magazines, to books on mostly servers and security for O’Reilly/Apress/TakeControl, and finally to activism (and hacktivism I suppose).

I’ve taken some criticism for veering away from my core. And I’m OK with that. But I always come back here and post links to the other writings and podcasts and public speaking engagements even if they do go in a slightly different direction. And I still do an annual guide on OS X Server. This year I didn’t write a full-on book, as there was only one new checkbox, but I will when there’s more to write about – and I did update and expand the annual free guide. I also still write on mass management of Apple devices and whatever else I feel like writing about, but I don’t just do that any more, so I write about other things as well.

Mostly though, I am honored so many people come to the site. I am always so grateful when people mention the site, say thank you in passing, ask me if I’m krypted in the bathroom (that happens), punch me for screwing up their server, or post comments asking follow-ups. It helps to know I’m not just writing for web crawlers and bots (although my preference is definitely to not get punched).

So thank you for sticking with me however long you’ve been coming here! And please, feel free to recommend articles or if you’d like to do some guest posts (or become a long-term contributor) let me know and I’ll get you an account!

December 30th, 2016

Posted In: Articles and Books

Tags: , , ,

OS X Server stores most logs in files that are in the /Library/Logs/ProfileManager directory. Logs are split up between php, devicemgrd.log, scep_helper.log, servermgr_devicemgr.log, profilemanager.log and others. In my experience, if there’s a lot of errors at first, or if the service doesn’t work, just reformat and start over. But, once a server is in production, you don’t want to re-enroll devices after you do that. So, as with all good error prodding, start with the logs to troubleshoot.

By default the logs can appear a bit anemic. You can enable more information by increasing the logging level. Here, we’ll shoot it up to 6, which can be done with the following command:

sudo debugDeviceMgr 6

Debug levels go all the way to 9, but at that point things get… Noisy. And to turn it back off, use:

sudo debugDeviceMgr 1

Basically, this command sets the required services in /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/ to debug mode as well as /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/config/com.apple.DeviceManagement.postgres-debug.plist and /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/config/com.apple.DeviceManagement.postgres.plist to configure debug mode. In other words, it touches a lot of services. And given how chatty some can be, only leave logging levels higher than I’d say 2 in the event of short-term troubleshooting.

December 29th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , ,

Next Page »