krypted.com

Tiny Deathstars of Foulness

So one of the projects I’m very involved in is a simple, new Apple Device Management (or MDM really) solution, called Bushel. By default, we give people 3 devices for free. If you’re in a position to refer people to Bushel, you can also use links that you send to people that will get you even more free devices (up to 10).

But some people want to sell things and earn commissions from them. And we fully support that. So you can become a Bushel affiliate and earn commissions from any referrals you send us.

Screen Shot 2015-07-09 at 4.39.37 PM

To sign up to become a Bushel affiliate at http://www.bushel.com/affiliates. There, you can find links to refer customers/friends, marketing assets if you want to use our logos and see commissions that you’re earning. So… Join us and sell our stuff; we’d love to have you!

June 16th, 2015

Posted In: iPhone, Mac OS X, Mac OS X Server, Mass Deployment

Tags: , , , ,

Apple’s Volume Purchase Program allows you to export a VPP token and then import that token into a server to create a connection between an MDM solution (e.g. Bushel, Apple’s Profile Manager, Casper, etc) and apps you purchase through the VPP portal. But what’s in a token? The VPP token is a base64 encoded file. You can cat the file and it will show you a bunch of garbly-gook (technical term):

base64 --decode /Users/charlesedge/Desktop/kryptedcom.vpptoken

But there’s more to it than all that. We can run the base64 command to see:

base64 --decode /Users/charlesedge/Desktop/kryptedcom.vpptoken

In some cases, this file can display improperly, if it fails use the following command:

echo `cat /Users/charlesedge/Desktop/kryptedcom.vpptoken` | base64 --decode

The contents of the file are then displayed, as follows:

{"token”:”AbCDe1f2gh3DImSB1DhbLTWviabcgz3y7wkDLbnVA2AIrj9gc1h11vViMDJ11qoF6Jhqzncw5hW3cV8z1/Yk7A==","expDate":"2015-07-03T08:30:47-0700","orgName”:”Krypted.com"}

This is a comma separated set of keys, including token, expedite and orgName. Do not edit any of this or you may spontaneously combust. The token establishes the trust but the expiration date will show you when a vpptoken expires and will need to be renewed by. The orgName is what you entered in the VPP portal when you setup the account and is also escaped and then used as the file name. These two pieces of data can help you if you have a bunch of vpptokens that you need to keep track of.

May 19th, 2015

Posted In: iPhone

Tags: , , , , , , ,

Verbose logging can help you isolate a number of problems with Profile Manager. Turn on verbose logging by writing a debugOutput key with a value of 3 into /Library/Preferences/com.apple.ProfileManager.plist using the defaults command:

defaults write /Library/Preferences/com.apple.ProfileManager debugOutput 3

Once set, restart the daemon using killall:

killall -u _devicemgr

To disable, just write the key with a blank value:

defaults delete /Library/Preferences/com.apple.ProfileManager debugOutput

Then restart the daemon again:

killall -u _devicemgr

May 1st, 2015

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , ,

Bushel is a Mobile Device Management (MDM) solution. We can manage all kinds of cool things, but there are a few things we can’t do. These include:

  • Controlling where app badges are on screens
  • Enrolling without first entering a wi-fi password
  • Supervising devices that aren’t managed using Apple’s Device Enrollment Program (DEP)
  • Updating iOS devices (iPads, iPhones, iPod Touches) to the latest operating system

Apple Configurator can do many of these tasks, but has limitations. There’s a tool out there called GroundControl. GroundControl is super-simple to use, like Bushel. GroundControl can deploy a backup to a device, which is how it controls where badges are on screens. GroundControl can also provide the wi-fi credentials to get on a network, places devices into supervision (so Bushel can easily manage Activation Lock Bypass on non-DEP enabled devices), and can erase and update devices. In short, GroundControl closes a lot of the gaps we have. On the flip side, GroundControl cannot manage settings over the air, which is what Mobile Device Management is all about.

So let’s look at what all this looks like. Before we get started, if you’re going to follow along, know that you’ll need to wipe an iOS device in order to supervise the device, which GroundControl will want to do by default. And when we’re done, if you want to unsupervise your test device, you’ll need to wipe it as well. So, get a GroundControl account and login. Once logged in, we’ll create a Payload, associate it with a Launchpad and create a Policy to deploy it. The payload is a collection of all the tasks you’ll perform on a device. Click Payloads and then New Payload, to create your first payload. When prompted, use the “Add an item…” button to add tasks to what a given payload will do.

Screen Shot 2015-04-14 at 9.00.44 AM

In this example, we’ve uploaded a Backup. and will now add a Restore from Backup task.

Screen Shot 2015-04-14 at 9.01.08 AM

Then choose an image to restore or use the Upload new Restore Image option to upload a new one.

Screen Shot 2015-04-14 at 9.01.26 AM

Next, we’re going to add a Wi-Fi payload so that our devices will automatically join our wireless networks. To do so, use the Add WiFi button in the “Add an Item…” menu. When prompted, provide the information for your wireless network, or upload a profile with the information in it.

Screen Shot 2015-04-14 at 9.01.52 AM

When you have entered all of the required information for your wireless network, click Save. Then let’s add an enrollment profile, which will automatically enroll devices into Bushel. To do so, open your Bushel account and click on Enroll this device. When prompted, provide a name and email address and then click on the button to Download Configuration Profile.

Screen Shot 2015-04-14 at 1.34.54 PM

When the profile downloads, use the “Add an Item…” menu back in the GroundControl web interface and select “Add Configuration Profile.” Here, choose Upload new Configuration Profile in the Add Configuration Profiles screen.

Screen Shot 2015-04-14 at 9.02.21 AM

When prompted, select the profile you just downloaded.

Screen Shot 2015-04-14 at 9.02.32 AM

Back at the Configuration Profiles screen, click on Save. Then, click Save Payload to save the changes you just made to your payload. Next, click LAUNCHPADS in the top menu bar. Here, click Download LaunchPad Mac 1.7.1 (or whatever version you see once a new one is released). Once downloaded, run and click on the button to Start Service.

Screen Shot 2015-04-14 at 1.42.52 PM

Once started, you’ll see the LaunchPad listed in the web interface.

Screen Shot 2015-04-14 at 9.03.17 AM

Click on your LaunchPad.

Screen Shot 2015-04-14 at 9.03.32 AM

Click on Edit LaunchPad. At the Edit Launchpad screen, choose the appropriate timezone and provide any tags that might be needed. You can also use the Name field to define which station that a given launchpad might run on.

Screen Shot 2015-04-14 at 9.03.50 AM

Click Save and then click on Policies. The policy binds the payload to the launchpad. Here, we’ll use the default. click on it to

Screen Shot 2015-04-14 at 9.04.08 AM

At the Select a Default Payload screen, select the payload you just created and then click Save.

Screen Shot 2015-04-14 at 9.04.17 AM

With the GroundControl Launchpad screen open, make sure the service is started and then plug in an iPad that is wiped and not yet activated into the system.

Screen Shot 2015-04-14 at 9.04.44 AM

The device should skip activation, install your backup (aka image) and then apply the payloads you’ve configured. The end result should be a device enrolled into Bushel, complete with email, security settings and more.

Overall, we find that Bushel is perfectly useable as a standalone tool. And we find that Apple Configurator can be a great tool according to what you need. But as Bushel makes it easier to own devices for Non-IT device administrators than does Profile Manager, GroundControl makes it easier to setup a lot of devices than does its free alternative. If you’ll be working with a lot of iOS devices, then we couldn’t recommend GroundControl more!

April 14th, 2015

Posted In: Bushel, iPhone

Tags: , ,

I recently got the announcement of the new official Microsoft Office Accreditation through MacTech. I was lucky enough to sit in on the previous version of this, so thought I’d push out the information on it. It’s attached to the MacTech Pro Events that MacTech has been running:

MacTech_Pro_Events-150

As you know, Microsoft released a public preview of Office 2016 for Mac. MacTech and Microsoft have created a new accreditation for Apple techs called “Microsoft Office for Mac and iOS Accredited Support Professional, 2015.” Prior to the public Office 2016 announcement, we did a preview of this new course under NDA in Seattle earlier this month.

We’re now announcing the new accreditation — which covers not only Office for Mac (2011 and 2016), but also Office for iOS and Office 365. In short, anyone that supports others using Microsoft Offie on OS X or iOS should get attend and get this accreditation.

If you’re interested, check it out here http://pro.mactech.com/microsoft-office-accreditation/

PS – You can actually hear Neal’s voice when you read it! 😉

March 20th, 2015

Posted In: certifications, iPhone, Mac OS X, Microsoft Exchange Server

Tags: , , , , ,

The latest book, Learning iOS Security is now available on Amazon, Packt, etc. One of my better writing experiences, so thanks to all for making it so! Buy it here, if you’re into iOS Security and all that kind of fun stuff.

Screen Shot 2015-03-03 at 9.34.27 AM

March 3rd, 2015

Posted In: Articles and Books, iPhone

Boom. 3 books in about 6 months. The next, and likely last for a few months at least, book is finally ready. Written with Allister Banks, Learning iOS Security is a look into iOS Security for those coming to the Apple platform. It’s meant for business, enterprise, infosec.

Unknown

 

The first chapter, as I’ve done in a few previous books, was written as a quick and dirty “oh, this is all you’re gonna’ read, cool” type of thing. In security, 90 percent (or more) of the work is done in the first 10 percent of the time. I have this theory (unproven) that each percent represents a j curve in cost increase and when you hit 99, each .1 continues, then each.01, etc. No one can be truly secure.

Also, as I’ve done in the past, the final chapter looks at a few forensics options and tools. Allister was the best coauthor I’ve had to date. This was his book that I was brought in on. I didn’t have to do any of his work, and he held the chapters to a higher standard than the publisher. Truly, this is his book, I just contributed. Either way, Packt was great again and I hope you enjoy what we’ve done!

February 22nd, 2015

Posted In: Bushel, iPhone, Mac OS X, Mac OS X Server

MacTech just announced MacTech Pro: a new series of one day, regional events that are specifically designed for professional Apple techs, consultants, and support staff.  MacTech Pro Events are single-track, hotel-based seminars that are specifically geared to serve the needs of professional consultants, IT Pros and techs who support others on OS X and iOS.  The first MacTech Pro will take place on March 4th, 2015 in Seattle.

MacTech Pro will take place in nine U.S. cities in 2015 including:

• March 4, 2015 : MacTech Pro, Seattle
• March 25, 2015 : MacTech Pro, San Francisco
• April 15, 2015 : MacTech Pro, Boston
• May 6, 2015 : MacTech Pro, Atlanta
• June 24, 2015 : MacTech Pro, Washington DC
• July 22, 2015 : MacTech Pro, Chicago
• August 12, 2015 : MacTech Pro, New York
• September 2, 2015 : MacTech Pro, Dallas
• September 30, 2015 : MacTech Pro, Denver

Using MacTech’s proven “running order” approach, MacTech Pro will pack in the maximum amount of sessions possible into the time available combined with the opportunity to talk to sponsors, network with peers and meet new contacts. Event topics in 2015 include:

• Deconstructing iCloud Drive: What a Tech Must Know
• Time Machine Deep Dive, and Fitting it Into a Backup Strategy
• The Professional Apple Tech’s Toolbox
• Using OS Resources to Diagnose Troubles
• Caching servers, DNS Tricks, and More
• VPP, DEP, and Under 13: How New Apple ID Requirements Impact You and Your Clients
• Productivity Tools: Best Practices and Uses of Microsoft Office
• Security, Viruses and Malware. It’s real. It’s now. You need to take it seriously.
• Managing Your Clients To Increase Productivity and to Optimize Revenue

MacTech Pro Events are economically priced, include the full day of sessions, lunch, breaks and access to sponsor tables. Those who register early can take advantage of the Early Registration and save $200.00 and pay only $299 to register for any of the nine regional MacTech Pro Events in 2015.

To honor the announcement, those that register this week can save an additional $50 savings for any MacTech Pro Event in 2015 — $249 until January 26th.  EDU pricing for students, educators and staff is $199.

Additional information on topics, sessions, sessions chairs, speaker and sponsorship opportunities are available at http://pro.mactech.com/

January 22nd, 2015

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, MobileMe

Tags: , , ,

To manage a device from Bushel, it must first be added to your Bushel. The technical whiz-bang name for that process is Enrollment. We currently provide 3 ways to enroll devices into your Bushel. All three are available on the Enrollment page when you’re logged into Bushel.

Screen Shot 2014-09-11 at 11.41.46 AM

The first and best way to enroll devices into your Bushel is an Apple program called the Device Enrollment Program, or DEP for short. DEP is a way of tying devices to your Bushel so that they cannot be removed from the device, even if the device is wiped. Other than through DEP,  all enrollment into your Bushel is optional on the devices and so devices can be unenrolled at will. DEP requires an actual DEP account with Apple, which you can sign up for at https://deploy.apple.com/qforms/open/register/index/avs.

The second way to enroll devices into your Bushel is via Open Enrollment. When you Configure Open Enrollment you create a link that allows your users to enroll without logging into the portal. Simply open Open Enrollment from the Enrollment page and click Enable. Once enabled, you’ll see the URL to enroll devices.

Screen Shot 2014-09-11 at 11.43.44 AM

The third way to enroll devices is manually. Simply log into your Bushel, click on Enrollment and then click on the Enroll button for Enroll This Device. When prompted for “Who will this device belong to?” enter the username (e.g. the user’s name in front of their email address most likely or the username for your email system if it’s something different than that). Also provide the email address itself in the Email Address field and then click Enroll This Device. Now, if you want to enroll the device you’re using, simply complete the screen prompts for the profile installation and you’ll be good to go. Or, you can save the mobileconfig file that’s downloaded and send it to others in order to allow them to install it as well. Simply cancel the installation process (most easily done from a Mac) and distribute the Enroll.mobileconfig file as needed. You can also put a user’s name in front of the file name, so you know which will enroll each user. If you need to enroll 3 or 4 people in other countries or cities, this might be the best option!

Screen Shot 2014-09-11 at 11.48.46 AM

OK, so we basically gave 4 ways to enroll. But that’s because we’re trying to make it as easy as possible to enroll devices into your Bushel.

January 7th, 2015

Posted In: Bushel, iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , ,

By default, the Fitbit tech stack doesn’t sync with the Health App on an iPhone and iPad. But never fear, as with basically everything else on this planet, there’s an app for that!

From the iOS App Store, search for Sync Solver. Using this app, you can then link your Fitbit account to your Apple Health app.

IMG_2578

 

Once linked, you can use the Sync Now button to do an immediate data sync or you can do an automatic sync at midnight every night. And presto, you then see your Fitbit data in the Health app. Happy waiting for the Apple Watch to come out!

January 4th, 2015

Posted In: iPhone, Wearable Technology

Tags: , , , , , , ,

Next Page »