Built a quick extension attribute for Jamf Pro environments to check if TouchID is enabled and report back a string in $result – this could easily be modified and so I commented a few pointers for environments that might need to modify it (e.g. to check for user-level as it’s currently system-level). To see/have the code, check https://github.com/krypted/TouchID_check.
krypted January 18th, 2017
krypted January 17th, 2017
My daughter and I binge watched this cartoon a long time ago and I feel like this episode of a children’s cartoon explained “all the things” and so I share it with you.
“You must balance yourself before you can balance the world.”
krypted January 13th, 2017
Posted In: personal
It may sound like a cliché, but nothing is truer for business owners: You’re only as good as your employees.
And because nothing’s ever easy, few challenges are more delicate than keeping valuable employees happy and motivated.
To read more, see my post over at @inc at http://www.inc.com/charles-edge/10-things-you-should-do-to-keep-your-employees-happy-every-day.html
krypted January 13th, 2017
Posted In: Articles and Books
The codesign command is used to sign apps and check the signature of apps. Apps need to be signed more and more and more these days. So, you might need to loop through your apps and verify that they’re signed. You might also choose to stop trusting given signing authorities if one is compromised. To check signing authorities, you can use
codesign -dv --verbose=4 /Applications/Firefox.app/ 2>&1 | sed -n '/Authority/p'
The options in the above command:
Then we pipe the output into a simple sed and get the signing chain. Or don’t. For example, if you’re scripting don’t forget a sanity check for whether an object isn’t signed. For example, if we just run the following for a non-signed app:
codesign -dv --verbose=4 /Applications/Utilities/XQuartz.app/
The output would be as follows:
/Applications/Utilities/XQuartz.app/: code object is not signed at all
krypted January 12th, 2017
Prepare for your network administrators to cringe… I’ve spoken on these commands but never really put them together in this way, exactly. So I wanted to find a coworker on a network. So one way to find people is to use a ping sweep. Here I’m going to royally piss off my switch admins and ping sweep the subnet:
Next, I’m going to run arp to translate:
Finally, if a machine is ipv6, it wouldn’t show up. So I’m going to run:
Now, I find the hostname, then look at the MAC address, copy that to my clipboard, find for that to get the IP and then I can flood that host with all the things. Or you could use nmap… :-/
krypted January 7th, 2017
For a simple guide to getting your message in front of customers by offering the type of content they want to consume, check out my latest article on Inc.com at http://www.inc.com/charles-edge/5-video-strategies-that-can-grow-your-business-without-spending-a-mint.html
krypted January 5th, 2017
A number of environments need to disable the Notification Center and Action Center features in Windows 10. This can be done using the registry editor or using a Group Policy Object (GPO).
First let’s look at doing so with the registry. As with any mucking around with the registry, when editing, I strongly recommend backing up the registry and/or creating a restore point first. Once done, click Run, enter regedit and hit Enter to open the Registry Editor.
Next, right-click on the HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer registry key and create a new DWORD (32-bit) key. Call the key DisableNotificationCenter and provide the number 1 as the value. Then quit the Registry Editor and restart. Notification Center and Action Center should then be disabled. Simply delete that key and reboot in order to go back.
If the Group Policy Editor is available, click Run and enter gpedit.msc. Then open the User Configuration, navigate to Administrative Templates, click on Start Menu and then choose Taskbar. Open Remove Notifications and Action Center, and move the Enabled option to Disable (if disabling of course). You can then run gpupdate or reboot to see the change.
krypted January 2nd, 2017
12 years ago today I posted my first article on this site. My publisher at the time thought I should have a website, so I made one. And after over 3,500 posts, I’ve watched the industry change so much!
I have always written about what I do. Because of that, the past couple of years have seen a slight shift from Apple device management (I mean, I still write about that when I feel like it) to more technical management and leadership articles. These days I also have contributions scattered all over the place, from publishing code on GitHub, to writing about technology and leadership for Huffington Post, to Entrepreneurism for Inc.com, to writing about scrum for devops magazines, to books on mostly servers and security for O’Reilly/Apress/TakeControl, and finally to activism (and hacktivism I suppose).
I’ve taken some criticism for veering away from my core. And I’m OK with that. But I always come back here and post links to the other writings and podcasts and public speaking engagements even if they do go in a slightly different direction. And I still do an annual guide on OS X Server. This year I didn’t write a full-on book, as there was only one new checkbox, but I will when there’s more to write about – and I did update and expand the annual free guide. I also still write on mass management of Apple devices and whatever else I feel like writing about, but I don’t just do that any more, so I write about other things as well.
Mostly though, I am honored so many people come to the site. I am always so grateful when people mention the site, say thank you in passing, ask me if I’m krypted in the bathroom (that happens), punch me for screwing up their server, or post comments asking follow-ups. It helps to know I’m not just writing for web crawlers and bots (although my preference is definitely to not get punched).
So thank you for sticking with me however long you’ve been coming here! And please, feel free to recommend articles or if you’d like to do some guest posts (or become a long-term contributor) let me know and I’ll get you an account!
krypted December 30th, 2016
Posted In: Articles and Books
OS X Server stores most logs in files that are in the /Library/Logs/ProfileManager directory. Logs are split up between php, devicemgrd.log, scep_helper.log, servermgr_devicemgr.log, profilemanager.log and others. In my experience, if there’s a lot of errors at first, or if the service doesn’t work, just reformat and start over. But, once a server is in production, you don’t want to re-enroll devices after you do that. So, as with all good error prodding, start with the logs to troubleshoot.
By default the logs can appear a bit anemic. You can enable more information by increasing the logging level. Here, we’ll shoot it up to 6, which can be done with the following command:
sudo debugDeviceMgr 6
Debug levels go all the way to 9, but at that point things get… Noisy. And to turn it back off, use:
sudo debugDeviceMgr 1
Basically, this command sets the required services in /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/ to debug mode as well as /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/config/com.apple.DeviceManagement.postgres-debug.plist and /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/config/com.apple.DeviceManagement.postgres.plist to configure debug mode. In other words, it touches a lot of services. And given how chatty some can be, only leave logging levels higher than I’d say 2 in the event of short-term troubleshooting.
krypted December 29th, 2016