krypted.com

Tiny Deathstars of Foulness

When I plug my iPad in, Photos opens. I want it to stop opening when I plug it in. To make it stop, write a disableHotPlug key into com.apple.ImageCapture as true:

defaults -currentHost write com.apple.ImageCapture disableHotPlug -bool true

To enable Photos opening when you plug in a device again, just delete the disableHotPlug key:

defaults -currentHost delete com.apple.ImageCapture disableHotPlug

February 7th, 2016

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security

Tags: , , ,

Leave a Comment

There are a lot of payloads that MDM and profiles can manage in iOS. Restrictions are probably the one I get the most questions about. And most are pretty self-explanatory. Sooooo, rather than open Profile Manager every time I need to see the list, here it is:

  • Allow use of Camera
  • Allow FaceTime
  • Allow screenshots and screen recording
  • Allow AirDrop (supervised only)
  • Allow iMessage (supervised only)
  • Allow voice dialing while device is locked
  • Allow Siri
  • Allow Siri while device is locked
  • Enable Siri profanity filter (supervised only)
  • Allow user-generated content in Siri (supervised only)
  • Allow iBooks Store (supervised only)
  • Allow installing apps using Apple Configurator and iTunes
  • Allow installing apps using App Store (supervised only)
  • Allow automatic app downloads (supervised only)
  • Allow removing apps (supervised only)
  • Allow in-app purchase
  • Require iTunes Store password for all purchases
  • Allow iCloud backup
  • Allow iCloud documents & data
  • Allow iCloud Keychain
  • Allow managed apps to store data in iCloud
  • Allow backup of enterprise books
  • Allow notes and highlights sync for enterprise books
  • Allow iCloud Photo Sharing
  • Allow My Photo Stream (disallowing can cause data loss)
  • Allow automatic sync while roaming
  • Force encrypted backups
  • Force limited ad tracking
  • Allow Erase All Content and Settings (supervised only)
  • Allow users to accept untrusted TLS certificates
  • Allow automatic updates to certificate trust settings
  • Allow trusting new enterprise app authors
  • Allow installing configuration profiles (supervised only)
  • Allow modifying account settings (supervised only)
  • Allow modifying device name (supervised only)
  • Allow modifying Find My Friends settings (supervised only)
  • Allow modifying passcode (supervised only)
  • Allow modifying Touch ID fingerprints (supervised only)
  • Allow modifying restrictions (supervised only)
  • Allow modifying Wallpaper (supervised only)
  • Allow pairing with non-Configurator hosts (supervised only)
  • Allow documents from managed sources in unmanaged destinations
  • Allow documents from unmanaged sources in managed destinations
  • Treat AirDrop as unmanaged destination
  • Allow Handoff
  • Allow Spotlight Suggestions
  • Allow Touch ID to unlock device
  • Force Apple Watch wrist detection
  • Allow pairing with Apple Watch (supervised only)
  • Require passcode on first AirPlay pairing
  • Allow predictive keyboard (supervised only)
  • Allow keyboard shortcuts
  • Allow auto correction (supervised only)
  • Allow spell check (supervised only)
  • Allow Define (supervised only)
  • Allow Wallet notifications in Lock screen
  • Show Control Center in Lock screen
  • Show Today view in Lock screen

February 5th, 2016

Posted In: iPhone

Tags: , , , , ,

Leave a Comment

Bushel shipping a new feature this week call Blueprints. Blueprints are similar to groups, and allow you to assign different options in Bushel to different devices that have a blueprint assigned to them. This also allows you to define one device per blueprint and therefore have different options for different computers. Pretty cool on a few different fronts. And it provides a lot of flexibility for some really, really cool new features we’ve planned for the product.

Introducing_Blueprints

For more on this great new feature, check out this great article from the new Bushel Product Manager, Michael Devins.

December 10th, 2015

Posted In: Bushel, iPhone

Tags: , , ,

Enrolling iPads and iPhones into JAMF’s Casper suite can be done through Apple Configurator 2, text messages, email invitations, Apple’s Device Enrollment Program (DEP), or using links deployed to iOS devices as web clips. When doing larger deployments the enrollment process can be automated so that devices are automatically enrolled into Casper when set up using an Enrollment Profile that is manually downloaded from Casper and deployed to device. Additionally, a certificate can be needed if the certificate is not included in the profile, an option available as a checkbox in the setup. While you hopefully won’t need to download the certificate, we’ll cover that as well:

Download the Enrollment Profile

To download an enrollment profile from Casper MDM:

  1. Log into the web interface of the JSS.
  2. Click on the link along the top navigation bar for Mobile Devices.
  3. Click on Enrollment Profiles in the sidebar.Screen Shot 2015-12-07 at 1.47.40 PM
  4. Click on the plus sign (+).
  5. Provide a new name for the profile.Screen Shot 2015-12-07 at 1.48.07 PM
  6. Click on the User and Location Information tab.
  7. Enter any of the information you wish to have associated with this account when the profile is used to enroll a device into the JSS (not required – use this if you want your devices to have these associated, like if you use Configurator to setup departments and then associate a blueprint to each department and use an enrollment profile per blueprint).
  8. At the Enrollment Profiles screen, click on Download for the appropriate profile (for most environments there should only be one).
  9. Click on the Save button.
  10. Click on the General tab.
  11. Click on the Download button to download a .mobileconfig file that contains enrollment information.Screen Shot 2015-12-07 at 1.56.12 PM
  12. Click on the Trust Profile button to download the trust profile (a .mobileconfig with our cer).
  13. Once the profile is downloaded, it will automatically attempt to enroll the computer you are downloading it from in the Profiles System Preferences pane.Screen Shot 2015-12-07 at 1.57.25 PM
  14. Click on Cancel.
  15. Click on your downloads and you have now downloaded the two .mobileconfig files that will enroll devices into Casper. Note that if you have a cert signed by a CA you shouldn’t need the Trust Profile.

Add the Profile To Apple Configurator:

To deploy the profile through Apple Configurator:

  1. Open Apple Configurator 2 on the client computer.Screen Shot 2015-12-07 at 1.42.56 PM
  2. Click File and then click on New Blueprint.
  3. Provide a name for your Blueprint.Screen Shot 2015-12-07 at 2.16.06 PM
  4. Once the new Blueprint is created, click on it.
  5. Click on Profiles. 
  6. Click Add Profiles…Screen Shot 2015-12-07 at 2.24.08 PM
  7. Manually add the first profile by browsing to it.
  8. Drag any other profiles into the list.
  9. Apply the Blueprint to devices to see if it works.

If you then wish to unenroll, simply remove the profiles by tapping on profiles and then tapping on the Remove button. Per the MDM API, a user can elect to remove their device from management at any point unless the device is supervised (and then it’s harder but still possible to remove the device from management), so expect this will happen occasionally, even if only by accident.

December 10th, 2015

Posted In: Apple Configurator, iPhone, JAMF, Mass Deployment

Tags: , , , , ,

The last couple of days have resulted in a lot of bug fixes from our friends at Apple. OS X 10.11.2 and iOS 9.2 are available. Hope you have a caching server right about now!

The 10.11.2 update notes:

The OS X El Capitan 10.11.2 update improves the stability, compatibility, and security of your Mac, and is recommended for all users.
This update:
  • Improves Wi-Fi reliability
  • Improves the reliability of Handoff and AirDrop
  • Fixes an issue that may cause Bluetooth devices to disconnect
  • Fixes an issue that prevented Mail from deleting messages in an offline Exchange account
  • Fixes an issue that prevented importing photos from an iPhone to a Mac using a USB cable
  • Improves iCloud Photo Sharing for Live Photos
For more detailed information about this update, please visit: http://support.apple.com/kb/HT205579
For detailed information about the security content of this update, please visit: http://support.apple.com/kb/HT201222
The iOS 9.2 update has a lot more going on:

IOS 9.2

  • Apple Music improvements
    • You can now create a new playlist when adding a song to a playlist
    • Your most recently changed playlist is now listed at the top when adding songs to playlists
    • Download albums or playlists from your iCloud Music Library by tapping the iCloud download button
    • See which songs have been downloaded with the new download indicator next to each song in My Music and Playlists
    • See works, composers, and performers while browsing Classical music in the Apple Music catalog
  • A new Top Stories section in News so you can stay up to date with the most important news of the day (available in the United States, United Kingdom, and Australia)
  • Mail Drop in Mail for sending large attachments
  • iBooks now supports 3D Touch to peek and pop pages from the table of contents, your notes and bookmarks, or from search results inside a book
  • iBooks now supports listening to an audiobook while you browse your library, read other books, or explore the iBooks Store
  • iPhone support for the USB Camera Adapter to import photos and videos
  • Improved stability of Safari
  • Improved stability of Podcasts
  • Fixing an issue that caused mail attachments to be inaccessible for some users with POP email accounts
  • Resolving an issue for some users that caused attachments to overlap text in mail
  • Fixing an issue where Live Photos could have turned off after restoring from a previous iCloud backup
  • Addressing an issue that could cause search in Contacts to display no results
  • Resolving an issue that could have prevented Calendar from displaying all seven days in week view
  • Fixing an issue where Camera screen on iPad could be black when attempting to capture video
  • Addressing an issue that could cause instability in the Activity app when viewing the day of Daylight Savings Time transition
  • Fixing an issue that could prevent data from appearing in Health
  • Fixing an issue that could prevent Wallet updates and Lock screen alerts from displaying
  • Addressing an issue where updating iOS could prevent an alarm from going off
  • Fixing an issue where some users were unable to login to Find my iPhone
  • Fixing an issue that prevented some manual iCloud Backups from completing
  • Addressing an issue where using the iPad keyboard could unintentionally trigger text selection mode
  • Improved keyboard responsiveness when using Quick Reply
  • Improved punctuation input on the 10-key Chinese (Pinyin & Stroke) keyboards with new expanded view of punctuation symbols and better predictions
  • Fixing an issue on Cyrillic keyboards where caps lock would be enabled when typing in URL or email fields
  • Accessibility improvements
    • Fixing issues with VoiceOver when using Camera face detection
    • Adding support for VoiceOver to wake up the screen
    • Adding support for VoiceOver to invoke app switcher with 3D Touch gesture
    • Fixing an issue with Guided Access when trying to end phone calls
    • Improved functionality for Switch Control users when using 3D Touch
    • Fixing an issue with speech rate of Speak Screen
  • Siri support for Arabic (Saudi Arabia, United Arab Emirates)

December 9th, 2015

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security

Tags: ,

I love answering a question with a question. Is asr still in OS X? Is NetInstall still in OS X Server? Can OS X still NetBoot? Does System Image Utility still work? The answer to all of these is yes. Therefore, the answer to “Is imaging dead” is clearly no. Is it on its way out, maybe. Debatable. Is it changing? Of course. When does Apple not evolve?

What have we seen recently? Well, the rhetoric would point to the fact that imaging is dying. That seems clear. And this is slowly coming out of people at Apple. The word imaging is becoming a bad thing. But, as a customer recently asked me, “what do you do when a hard drive fails and you need to get a system back up”? My answer, which of course was another question was “what do you do when that happens with an iPad?” The answer is that you Restore.

What is the difference between an Image and a Restore? Yes, I meant to capitalize both. Yes, I realize that’s not grammatically correct. No, I don’t care. It’s my prose, back off. But back to the point. What is the difference between the two? Am Image can have things inserted into /Applications, /Library, and even /System (since it’s not booted, it’s not yet protected by SIP). An Image can have binaries and scripts automatically fire, that Apple didn’t bake into the factory OS. On an iPad, when you Restore, you explode an .ipsw file onto disk that can’t be altered and acts as an operating system.

The difference here is that one is altered, the other isn’t. Additionally, iOS ripsaw files only contain drivers for the specific hardware for a given device (e.g. one for iPad Mini and another for iPhone 6). But, you have pre-flight and post-flight tasks you need to perform. Everyone understands that. Think about automation via profiles. You can run a script with a profile. You can apply a profile at first boot. You can install a package (the future of packages is IMHO more debatable than the future of images) and a .app with a profile. These might take a little more work than it does with a NetInstall and System Image Utility. But then, it might not. You’d be surprised what’s easier and what’s actually harder (for now) with this new workflow. Complexities are more logistical than technical.

So, Imaging is dead, long live Restoring? Arguably, any older workflows you have will be fine for some time. So any good article has a call to action somewhere. The call to action here is to try to subtly shift your deployment techniques. This involves implementing a DEP strategy where possible. This involves putting the final nails in the coffin of monolithic imaging. This involves moving to as thin an image as possible. This involves (I can’t believe I’m saying this) de-emphasizing scripting in your deployment process. This also involves completing the move that you’ve hopefully started already, from MCX to profile or mdm-based management.

What else do you think this involves? Insert running commentary below!

December 5th, 2015

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , ,

My first article on the Huffington Post is up on HuffPost here. I feel very lucky to have gotten to meet Arianna years ago when I did tech work for her company, publishing, and at her home. She’s a very special lady and, while it’s been a long time, I still recall a few very cool and sometimes odd conversations. She’s not connected to this, but I’m proud to be involved with anything she’s involved with. And, oddly there’s parity: we’ve both written 15 books. Not even remotely oddly, she’s sold far more than I have.

I hope this is the first of many articles, helping with tech and Apple and beyond. A very special thanks to all involved!!!

firsthuffpostarticle

December 2nd, 2015

Posted In: Articles and Books, Bushel, Interviewing, iPhone, Mac OS X

Tags: , , ,

I was going through Red Cross training recently, and one thing that was mentioned was whether we have Medical IDs setup on our iPhones. I do. I didn’t realize it at the time, but I’d set it up a long time ago. I then asked around and no one else had one setup. So I grabbed my testing iPhone and decided to write it up.

To get started setting up your Medical ID on your iPhone, open the Health app. From the Health app, tap on Medical ID and then tap on Create Medical ID.

IMG_6261

At the Medical ID screen, enter allergies, medications you are on, add emergency contacts, provide your blood type, define if you wish to be an organ donor, and add your weight. Viola, you’ve now given all this information to first responders and medical professionals should they need it.

IMG_6262

To then access a Medical ID on an iPhone, swipe to unlock the phone. From there, tap on Emergency in the lower left corner of the screen.

IMG_6263

At the Emergency Call screen, you’ll see Medical ID. Tap here to see the information provided earlier, even when your phone is locked.

IMG_6264

November 20th, 2015

Posted In: iPhone

Tags: , , , , , , ,

When I was doing a lot of hiring, the pool of Mac Admins was smaller. And it was in a way easier for me to recruit people, because I knew a lot of them. As the pool has grown and a lot of the talent has matured, keeping your finger on the pulse of the hiring market around Apple has become much more challenging. Also, I’ve recruited far more developers and marketing professionals than Apple engineers in the past couple of years. But, there are still a number of places that you can look to find good Mac and iOS engineers looking for a gig. Here’s a quick and dirty list (which can be used to find jobs as well, I suppose) of a few of the better places to look for people you might choose to try and hire:

  • One of the best places to find someone is whatever site or email list appeals to the administrators of products you run. For example, this could be the Studio SysAdmins list if you’re in the film industry, JAMF Nation if you run the Casper Suite, or the Munki forums if you use Munki. If your target is to hire someone with a specific skillset, then looking where the people who have those skills lurk is never a terrible idea. Do be gentle there, though, and know what the protocol is for posting a job (e.g. many have specific threads for job and employee seekers). But nothing is as legitimate as flexing your knowledge of a product on the products own forums. This is more challenging if you’re looking for a generalist. There you likely have more people suitable, so opening your net to a job board isn’t terrible idea. I’d also include the Mac Enterprise email list, and all the Mac conferences. Having said that, protocol is important. For example, in my opinion, it is crass to actively recruit someone at a conference if their employer paid for them to be there. Grab a card, do it when you get home if you need to.
  • Indeed.com. It’s cheap, it’s easy to post, and I see a lot more people using this site than I see for some of the larger sites. They do aggregate data from some of the larger sites, so a lot of candidates might start their searches there.
  • Craigslist. I’ve found some of my best employees on Craigslist. You get a lot more resumes that aren’t appropriate, so you’ll spend a little more time weeding through them. It’s the cheapest place to post a job, and you’ll spend more time vetting candidates, but it’s not a bad place if you’re looking for local generalist talent and have the time to spend.
  • Monster.com is one of the oldest of the recruiting sites. It’s not a terrible place to post a job. You get fewer candidates than many other places, but they’re often more qualified than you might think. I do find you get people waaaaay outside your geography, which is always hard, especially for a smaller company who can’t pull the trigger on a Visa as quickly as they’d like to fill a vacancy.
  • CareerBuilder is similar to Monster, so most of the things there apply to it as well. Pick one of these sites, if you’re looking fora good generalist. If you have a specialty, you can search their resumes but aren’t likely to find a ton of candidates in the Apple space.
  • Dice.com is another big job board.
  • LinkedIn. It’s the professional social network, right? I found many really good candidates. I got a response per maybe 10 messages I sent, and of those, most were qualified on paper at a minimum. It can take some time to sort through people, but do yourself a favor and get a Premium account. It will cost less than posting a job to many of the big sites, and you’ll have much better search and communication tools at your disposal! You can also post a job there, but it only amplifies by your social network, so you’ll need a good number of connections for this  to pan out well for you.
  • Headhunter.com. This site used to have more normal techie jobs. These days they’ve gone into more executive and management, which sometimes you’ll need to hire.
  • If you need interns, check out AfterCollege.
  • Peercisely. A peer-based job board that rewards referrals. ‘Cause referrals are the best way to find employees, after all!
  • snagajob.com is a great spot for hourly employees. Which most Mac engineers are not. But some are…
  • glassdoor.com is one of the most important tools many potential employees have in their job hunting arsenal. And you can post your job there. Chances are, they’ll look you up there, btw, so review what the reviews on you say.
  • Superuser, stackoverflow, (you can post jobs to these), github (who wrote the cool projects you like or contributes to them), Twitter, etc. A good strategy I used was to Google for the answer to a question I had. Sometimes I’d pick a juicy trouble ticket from the previous week and copy the text and paste it into a browser. If someone answered that question, then I might very well want them on my team. This worked best when I was after employees who could live anywhere in the US or world. It’s harder when you need an onsite engineer.
  • Slack. It’s not often that something comes along and really changes an entire community. Launched maybe a year ago, the MacAdmins Slack channel, accessible at https://macadmins.herokuapp.com has become a great place to find talented Mac Admins, and see what else they have have posted previously!
  • Grow your own. I’m sure this isn’t what anyone who finds this post with a Google search is going to want to find. But consider giving someone on your team a chance to become a good Mac Admin. They may surprise you!
  • Finally, The community is still small enough that you can search for speakers at the various Mac Conferences and look into whether some of them are local to you. This is kinda’ funny, because they might not even remotely be the best talent, but they might – or they might know someone looking!

Screen Shot 2015-11-12 at 9.56.41 PM

Good luck. Good people make your company and you more successful. A bad hire has the opposite impact. Choose wisely! And if you found a job and think you have a good add, post a comment. I’m always interested in how people found their gigs!

November 18th, 2015

Posted In: Apple Configurator, iPhone, Mac OS X, Mac OS X Server, Mac Security

Tags: , ,

I’ve been thinking a lot about the iPad Pro (which might be obvious to my readers). Sooooo, I wrote up a little article for CBS Pulse on the iPad Pro. It’s available at http://cbspulse.com/2015/11/17/ipad-pro-means-businesses/. Hope you enjoy!

Screen Shot 2015-11-17 at 12.32.32 PM

November 17th, 2015

Posted In: Articles and Books, Bushel, iPhone

Next Page »