krypted.com

Tiny Deathstars of Foulness

Apple has published a new page that goes through all of the settings and commands available via MDM and explains many in much more detail. This is available at http://help.apple.com/deployment/mdm/. The new guide is a great addition to the work @Mosen has done at https://mosen.github.io/profiledocs/ in terms of explaining what each setting, command, and payload do. And let’s not forget the definitive MDM protocol reference guide, available at https://developer.apple.com/library/content/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/1-Introduction/Introduction.html#//apple_ref/doc/uid/TP40017387-CH1-SW1

Overall, I’m excited to see so much information now available about MDM, including how to develop an MDM properly, what each setting does, and now what you should expect out of an MDM!

March 28th, 2018

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , ,

Hey, who knew that the developer documentation for Apple Business Manager would be made publicly available? It’s at https://beta.business.apple.com/static/docs/beta.pdf. Or if it gets taken down, at Apple Business Manager Documentation.

Note: I saw this pop up in like 4 different places. If anyone knows who I can attribute for realizing it was publicly available, please let me know so I can!

March 26th, 2018

Posted In: iPhone, Mac OS X

Tags: , ,

Hey look, there’s a new category on the Jamf Marketplace, available at https://marketplace.jamf.com/apps/#category=AppConfig,selecting the AppConfig category. The new AppConfig category gives administrators of any MDM that supports AppConfig access to a set of apps that support AppConfig. If you have an app that isn’t listed here, feel free to let me know. 

What does this mean? Well, AppConfig is a way of sending data into an app. App config allows a customer to deploy settings into applications on iOS devices in much the same way that settings can be sent into a Mac app via the defaults command. This means an end user could get an app installed on their device from the iOS App Store, a custom app, or a B2B app and that app would have any settings the user might need to connect to servers or configure the experience.

So what is Managed App Config? At it’s most basic, you identify a label and a value in XML and send it to an iOS device that’s running iOS 7 or later (e.g. via Jamf 9 and up). The vendor who makes the app has to basically define what those settings are. Which brings up an interesting problem never fully addressed with defaults domains: standardization and ease-of-use (although MCX was close). 


AppConfig.org  is a consortium of MDM vendors and software vendors that maintain the emerging AppConfig standards around Managed App Config (within the confines of what Apple gives vendors) and then makes a feed of settings for apps that conform to those standards. Jamf is a founding member of Appconfig.org, along with MobileIron and AirWatch. Examples of what you could put into the AppConfig.org feed include 
  • Enabling certain features of apps
  • Server URLs
  • Logos (if they’re pulled dynamically)
  • Text labels
  • Language packs

To see a list of apps that are available, check out http://www.appconfig.org. 

Managed App Config options are set by vendors at compile time within the code and then the XML sent with the app is parsed by the app at installation time. If you’re a software vendor who wants to get started with AppConfig, check out the Spec Creator from Jamf Research or get in touch with the developer relations team from any MDM vendor.

If you’re a customer of an app and would like to leverage Managed App Config and your vendor isn’t listed on the appconfig.org site, get in touch with them, as this is the future of app management and chances are that you won’t be the only organization looking to unlock this type of feature. 

Let’s look at how this actually works. The Managed App Config options per supported app are available on a feed. The feed is available at http://d2e3kgnhdeg083.cloudfront.net. Here, as follows, you’ll see a list of all of the apps supported.


You can then copy the path for an app, such as com.adobe.Adobe-Reaser/1/appconfig.xml and append it to the end of the URL to get the feed for that specific app. You can test this using http://d2e3kgnhdeg083.cloudfront.net/com.adobe.Adobe-Reader/1/appconfig.xml to see output as follows.


Here, note that most of these fields are key value pairs defined by Adobe (in this example at least). You can enable or disable features of Adobe Reader using these keys. The same is true with a tool like Box that might want a more granular collection of settings than a feature like Managed Open In. 

Once you have the XML, you can then copy it to the clipboard and paste it into the App Configuration tab of an app, as follows. 

Finally, Apple has sample code available at https://developer.apple.com/library/content/samplecode/sc2279/Introduction/Intro.html

March 13th, 2018

Posted In: iPhone, JAMF

Tags: , , , , , , ,

I have a new article for Thrive Global (another Arianna Huffington property) available at Thrive Global. This one is on “Tools and best practices on monitoring and teaching your kids responsible mobile device use.” It starts out like this:
My world changed when I awoke one day to find my 4-year-old daughter with a tablet in her hands, watching Transformers. The sight unleashed a handful of worries I hadn’t before experienced. Prior to that morning, I knew her to be fan of Star Wars figures, Legos and stuffed animals. And while I wasn’t displeased by her choice to watch a Michael Bay movie, I did start thinking about what else she could access on the device.
Click here to read more…
Screenshot of "Embracing (and managing) tech for your iGen child"

March 11th, 2018

Posted In: iPhone

Tags: , , , , ,

When you’re building and manipulating apps in the Apple App Stores, it helps to be able to pull and parse pieces of data. Here, we’ll look at two strategies that you can use to do so. It’s worth noting that the purpose of this was to use the URL of an app from an MDM and then be able to script updating metadata about the app, given that vendors often change names of the display name of an app (e.g. Yelp is actually called “Yelp: Discover Local Favorites on the App Store”).

First, we’ll grab a URL. This one is for Self Service:

https://itunes.apple.com/us/app/self-service-mobile/id718509958?mt=8

If you don’t know the URL then you can get it based on the ID by parsing the json from:

curl https://itunes.apple.com/lookup?id=718509958

Of course, if you know the id, you can probably just assume that https://itunes.apple.com/us/app/id718509958?mt=8 will work as well, since if you remove the name it has always worked for me (although I’ve never seen that in a spec so I can’t guarantee it will always be true). Then, we can curl it, but the output is a bit not lovely:

curl -s 'https://itunes.apple.com/us/app/self-service-mobile/id718509958?mt=8'

So then we’ll want to just grab the pieces of information we want, which could be done using a variety of scripting techniques. Below, we’ll use grep:

curl -s 'https://itunes.apple.com/us/app/self-service-mobile/id718509958?mt=8' | grep -o "<title>[^<]*" | cut -d'>' -f2-

And here, we’ll use perl:

curl -s 'https://itunes.apple.com/us/app/yelp/id284910350?mt=8' | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si'

And there you go, you have the title. The title is easy, because it’s a simple title tag. But let’s look at the description:

curl -s 'https://itunes.apple.com/us/app/self-service-mobile/id718509958?mt=8' | awk '/meta name="description"/{;print }'

The output would be similar to the following 

<meta name="description" content="Read reviews, compare customer ratings, see screenshots, and learn more about Self Service Mobile. Download Self Service Mobile and enjoy it on your iPhone, iPad, and iPod touch." id="ember75894226" class="ember-view">

From there it’s pretty simple to extract the exact field you want and the metadata from that field. If you are obtaining names and descriptions for a large number of apps then you’d simply move the path into a variable as follows so you can put it into your loop:

curl -s $appurl | grep -o "<title>[^<]*" | cut -d'>' -f2-

I haven’t covered finding items in the App Store if you don’t know the ID of an app, but there’s a /search endpoint at iTunes.apple.com that will respond to a variety of parameters you can pass:

curl https://itunes.apple.com/search?term=yelp&country=us&entity=software

This wasn’t necessary for my use case. But it’s worth noting. And if you’ll be doing a lot of that, I’d recommend checking out the affiliates portal at https://affiliate.itunes.apple.com/resources/documentation/itunes-store-web-service-search-api/. Additionally, if you’re actually trying to automate the App Store instead, there are a few tools out there to do so, including https://github.com/mas-cli/mas or if you want to extract packages there’s https://github.com/maxschlapfer/MacAdminHelpers/tree/master/AppStoreExtract

March 2nd, 2018

Posted In: Apple Configurator, Apps, iPhone, Mac OS X

Tags: , , , , , , , ,

Last week, Apple finally shipped my new HomePod (and by finally, I mean exactly when they said they would). And setting it up couldn’t have been easier. Even easier than setting up my first Echos. So here’s the deal. Plug in the HomePod and then when it boots up you’ll see an overlay on an iOS device (iPhone, iPad, etc). You’ll want to use the device that has an AppleID you want to use on the HomePod (e.g. the one that your Apple Music account is using). When you see the Set Up button, tap it.



You can then select a location for the HomePod. This is important mostly if you’re going to have multiple HomePods around. Select a location and then tap Continue.



At the Personal Requests screen, tap Enable Personal Requests if you want the device to allow access to your iCloud account for things like, sending a message (note: unintended consequences include but are not limited to children deleting bad report cards, adding weird items to the grocery list, and sending messages from one parent to the other).



At the Terms and Conditions screen, tap Agree if you agree to the terms; otherwise put the device back in the box and return it.



At the Accounts and Settings screen, you can transfer settings to the HomePad, which gives the HomePod access to the wi-fi password for your network (so your phone doesn’t have to be close to the HomePod for it to work).



Next, you need to ask Siri a question.



I recommend asking “Siri, how are you today?”



Once configured, you can go to Settings and AppleID to see the HomePod.



From there, you can see the model, version, serial, and if you happened to configure the HomePod to work with the wrong AppleID, you can tap Remove from Account to be able to configure the device with a different account.



And finally, open the Home device and you’ll see your device. 



From there, tap on the device and you’ll have a few more settings for how the HomePod works with the Home app. Here, you can change the room, change the AppleID, choose to include in the Favorites of your home screen, and disable access to Explicit Content. 



Scroll down and you can choose to share HomePod Analytics. Notice that this is opt-in and they’re clear about how they’ll use it if you enable it. 



So the setup is simple. I’ll have another article for configuring some home automations, so you can control them with the HomePod.

February 12th, 2018

Posted In: Home Automation, iPhone

Tags: , , ,

The following is a list of common tools used to manage Apple devices. Do you use something that isn’t on this list? Comment it and I’ll try and add it! In order to remain vendor agnostic I am trying to list solutions in alphabetical order by category. A brief explanation of each category, being as follows:
  • Antivirus: Solutions for scanning Macs for viruses and other malware.
  • Automation Tools: Scripty tools used to automate management on the Mac
  • Backup: I highly recommend bundling or reselling some form of backup service to your customers, whether home, small business, or large enterprises. The flexibility to restore a device from a backup when needed is one of the most important things to keep costs at a manageable level and put devices back into the hands of customers in an appropriate time frame.
  • CRM: Mac-friendly tools used to track contacts and communications with those contacts.
  • Collaboration Suites: Once upon a time, a Mac server was great for shared calendars, contacts, and email. But most businesses aren’t going to want anything to do with the repercussions of potential downtime that can happen on a mail server. Nothing will get your hard-earned customers to fire you faster than an email outage. So while the Mac server is listed, consider cloud options, for optimal customer retention.
  • DEP Splash Screens and Help Menus: Tools that make the DEP and service desk process more user friendly by providing more information to users.
  • Development Tools, IDEs and Text Editors: Tools used when building scripts, writing and debugging software, and manipulating text.
  • Digital Signage and Kiosks: I put these in here, because I know a lot of organizations that have made a great little addition revenue stream by reselling or deploying these tools on behalf of their customers. I have friends that have also created managed service offerings just around these tools. Overall, it’s a possible new revenue stream and as an added bonus, you’ll likely have an NFR so you can have pretty cool signage in your office (if you’re into that kind of thing).
  • Directory Services: Tools that provide primarily on-premesis access to a shared directory of services and allow for single-sign on to those services.
  • File Sharing: Mac-centric cloud and on premises tools to share and synchronize files.
  • Identity Management: Providers of predominantly SAML based Single-Sign On solutions that federate security for Apple devices to access web-based services.
  • Imaging and Configuration Tools: Tools used to place devices into a given state or create that state. This includes traditional Mac including tools as well as those built for iOS. 
  • Line of Business: Traditionally Mac-focused solutions that automate various business functions.
  • Log Collection and Analysis: Centralized logging has been a necessity for large, growing fleets of devices. Modern tools can store large amounts of logs from client computers and allow fast and complex searching so you can triangulate issues quickly and effectively. As an added benefit, you can also centralize logs for network appliances, allowing you to isolate the source of issues across an entire ecosystem of devices.
  • Management Suites: Tools used to manage settings on Apple Devices. Each is marked as MDM, Agent-based, or both.
  • Print Servers: Servers that either provide access to printers or allow for more granular printing features, such as cost accounting.
  • Productivity Tools: Tools you might use to manage lists or other assets.
  • Remote Control and Management: These tools allow you to take control of the screen, keyboard, and mouse of devices. I can’t tell you which are the best. But I can tell you that I want my remote control solutions to be cross-platform, to be cloud-based, to prompt users for acceptance of the remote control session, and to audit connections so I know who is taking over what devices.
  • Print Servers: I’ve always hated printers. Whether the old Fiery print services, a common LPR-based printer, or one of the shared printing services, I still can’t stand managing printers. Printers jam, they break, the drivers seem to be rife with problems for every other operating system update, printers are often connected to via ad-hoc networks (like Bonjour), and you often need special software to access the cool features. All-in-all, printers suck, but these tools might make them just a tad bit easier to use, or if not, help to account for who is using them so your customers can bill their departments back as much as possible.
  • Point of Sale (PoS): Similar to digital signage, but you might also operate a storefront or track customer data in one of these solutions.
  • Remote Management: Tools used to take control of the screen of an Apple device.
  • Security Tools: Tools used to manage firewalls, filevault, and perform other tasks required to secure Macs, based on the security posture of a given organization.
  • Service Desk Tools: These tools are for ticketing and ticket management. It’s always great if you can pick one that actually integrates with both your billing solution and the various other techie bits you choose to use.
  • Software Packaging and Package Management: Tools for normalizing software for mass distribution on Apple platforms.
  • Storage: Apple-focused solutions for sharing files.
  • Troubleshooting, Repair, and Service Tools: Tools used to fix logical problems with hard drives, check hardware for issues, repair various system problems, or just clean up a Mac.
  • Virtualization and Emulation: Not all software runs on a Mac. Customers will have certain tasks that may require a Windows machine. You can use Citrix or a Microsoft Terminal Server to provide for that potential requirement. Or, especially if users need data from their Windows apps when offline, you can use a local virtualization tool.

Antivirus

  • AVG: Basic antivirus and spyware detection and remediation.
  • Avast: Centralized antivirus with a cloud console for tracking incidents and device status.
  • Avira: Antivirus and a browser extension. Avira Connect allows you to view device status online.
  • BitDefender: Antivirus and malware managed from a central console.
  • CarbonBlack: Antivirus and Application Control.
  • Cylance: Ransomware, advanced threats, fileless malware and malicious documents in addition to standard antivirus.
  • Kaspersky: Antivirus with a centralized cloud dashboard to track device status.
  • Malware Bytes: Antivirus and malware managed from a central console.
  • McAfee Endpoint Security: Antivirus and advanced threat management with a centralized server to track devices.
  • Sophos: Antivirus and malware managed from a central console.
  • Symantec Mobile Device Management: Antivirus and malware managed from a central console.
  • Trend Micro Endpoint Security: Application whitelisting, antivirus, ransomware protection in a centralized console.
  • Wandera: Malicious hot-spot monitoring, jailbreak detection, web gateway for mobile threat detection that integrates with common MDM solutions.

Automation Tools

  • AutoCasperNBI: Automates the creation of NetBoot Images (read: NBI’s) for use with Casper Imaging.
  • AutoDMG: Takes a macOS installer (10.10 or newer) and builds a system image suitable for deployment with Imagr, DeployStudio, LANrev, Jamf Pro, and other asr-based imaging tools.
  • AutoNBI: Automates the the build and customization of Apple NetInstall Images.
  • Dockutil: Command line tool for managing dock items.
  • Homebrew: Package manager for macOS. Cakebrew: provides a pretty GUI for Homebrew.
  • Jamf Migrator: Copy assets from one Jamf server to another.
  • Jamjar: Synergises jamf, autopkg & munki into an aggregated convergence that cherry-picks functionality from each products core competency to create an innovative, scalable & modular update framework.
  • MacPorts: An open-source community initiative to design an easy-to-use system for compiling, installing, and upgrading either command-line, X11 or Aqua based open-source software on Macs.
  • Precache: Programmatically caches Mac and iOS updates rather than waiting for a device to initiate caching on a local caching server.
  • Outset:  Automatically processes packages, profiles, and scripts during the boot sequence, user logins, or on demand.
  • Spruce:  Locates items in Jamf Pro that you aren’t currently using (out of date scripts, packages, etc).
  • Recategorizer:  Recategorize policies and packages in Jamf Pro.

Backup 

  • Acronis: Centrally managed backups with image-based restores.
  • Archiware: Centrally managed backups to disk and tape with a variety of agents for backing up common Apple requirements, such as Xsan.
  • Arq: One-time fee cloud-based backups and unlimited storage.
  • Backblaze: Unlimited continuous backup with a 30 day rollback feature.
  • Carbon Copy Cloner: File or disk-based cloning of files for macOS.
  • Carbonite: SaaS or local-server based backups of Mac clients.
  • Crashplan: Backup to cloud and local storage with a great deduplication engine.
  • Datto: Local and cloud backup and restore, as well as cloud failover for various services.
  • Druva: Backup for local computers as well as some backup for cloud services.
  • Quest Backup (formerly Netvault): Can backup Mac clients and Xsan volumes to a centralized tape or disk-based backup server.
  • SuperDuper!: Duplicates the contents of volumes to other disks.
  • Time Machine: Built-in backup tool for macOS.

Collaboration Suites and File Sharing

  • Atlassian: Development oriented suite including wiki (Confluence), issue tracking (Jira), messaging (HipChat) and other tools.
  • Box: File sharing in the cloud.
  • Dropbox: File sharing in the cloud.
  • Egnyte: Caches assets from popular cloud-based services so they’re accessible faster on networks where they’re frequently accessed.
  • G Suite: Shared Mail, Contacts, Calendars. Groupware, accessible from the built-in Apple tools, Microsoft Outlook, and through the web.
  • Kerio Connect: Shared Mail, Contacts, Calendars. Groupware, accessible from the built-in Apple tools, Microsoft Outlook, and through the web.
  • macOS Server: Shared Mail, Contacts, Calendars. Groupware, accessible from the built-in Apple tools, Microsoft Outlook, and through the web. Should be used in smaller environments, and it is strongly recommended to look at third party SaaS-based solutions as potential replacements for this solution.
  • Office 365: Shared Mail, Contacts, Calendars. Groupware, accessible from the built-in Apple tools, Microsoft Outlook, and through the web.

CRM

  • Daylite: Mac tool for managing contacts and communications with those contacts.
  • Hike: Mac tool for managing contacts and communications with those contacts.
  • Elements CRM: Mac tool for managing contacts and communications with those contacts. (EOL)
  • GroCRM: iOS tool for managing contacts and communications with those contacts.

DEP Splash Screens and Help Menus

  • ADEPT: Adds a splash screen for DEP enrollments so users can see what is happening on their devices.
  • DEPNotify: Adds a splash screen for DEP enrollments so users can see what is happening on their devices.
  • HelloIT: Customizable help menu so users can get information about their systems or IT support.
  • MacDNA: Customizable help menu so users can get information about their systems or IT support.
  • SplashBuddy: Adds a splash screen for DEP enrollments so users can see what is happening on their devices.

Development Tools, IDEs and Text Manipulators

  • aText: Replaces abbreviations with frequently used phrases you define.
  • Atom: A modern text editor with bells and whistles that make it work like an IDE for common scripting languages.
  • BBEdit: A modern text editor with bells and whistles that make it work like an IDE for common scripting languages.
  • Charles Proxy: A proxy tool that can be used to inspect traffic so you can programmatically reproduce the traffic or reverse engineer what is happening when trying to solve issues or build tools.
  • CocoaDialog: Create better dialog boxes than with traditional tools like AppleScript.
  • Coda: An IDE and a modern text editor with bells and whistles that make it work like an IDE for common scripting languages.
  • Dash: Offline access to 150+ API documentation sets.
  • Docker: Containerization tool.
  • FileMaker: Rapid application development software from Apple.
  • git: Code versioning, merging, and tracking – and with github, a repository to put code into and share code.
  • Hopper Disassembler: Disassemble binaries as part of reverse engineering and security testing.
  • Microsoft Visual Studio: An IDE for a variety of languages.
  • MacDown: An open source tool for creating and editing Markdown. 
  • MySQL Workbench: Create and edit MySQL databases and use to build complex queries.
  • Navicat Essentials: Create and edit MySQL databases and use to build complex queries.
  • Pashua: Creating native Aqua dialogs from programming languages that have none or only limi­ted support for graphic user inter­faces on Mac OS X, such as Apple­Script, Bash scripts, Perl, PHP, Python, and Ruby.
  • Platypus: creates native Mac OS X applications from interpreted scripts such as shell scripts or Perl, Ruby and Python programs.
  • Script Debugger: Tools like a dictionary explorer and more IDE-esque features for building AppleScript applications.
  • SequelPro: Create and edit MySQL databases and use to build complex queries.
  • Snippets Manager: Collect and organize code snippets
  • SourceTree: GUI tool for Git and Github.
  • SublimeText: A modern text editor with bells and whistles that make it work like an IDE for common scripting languages.
  • TextExpander: Replaces abbreviations with frequently used phrases you define.
  • TextWrangler: A modern text editor with bells and whistles that make it work like an IDE for common scripting languages.
  • Tower: A modern text editor with bells and whistles that make it work like an IDE for common scripting languages.
  • VisualJSON: Simple JSON pretty-viewer for the Mac.
  • Xcode: Apple tool for writing apps and scripts in common languages.

Digital Signage and Kiosks

  • Carousel Digital Signage: Run Digital Signage from an AppleTV.
  • Kiosk Pro: Turn any iPad into a single-user kiosk tool, manageable via an API (e.g. with a Jamf Pro integration).
  • Risevision: Run Digital Signage from a Mac.

Directory Services and Authentication Tools

  • Apple Enterprise Connect: Tool sold through Apple that connects to Active Directory environments without binding to Active Directory.
  • AdmitMac: Adds support for fringe Active Directory requirements.
  • JumpCloud: Run your directory service in the cloud.
  • LDAP: Open source directory service.
  • macOS Server Open Directory: Directory service installed in macOS Server that is based on OpenLDAP.
  • Microsoft Active Directory: Centralized directory service from Microsoft.
  • Nomad: Connects clients to Active Directory environments without binding to Active Directory. And has some other nifty features.

Identity Management

  • Centrify: Provide federated login across common web services and other SAML-capable solutions, as well as resolve common issues with Active Directory. Also has an integrated profile management tool for compliance.
  • Duo Mobile
  • LastPass Enterprise: Provide federated login across common web services and other SAML-capable solutions
  • Microsoft Azure Active Directory: Active Directory with Azure in the cloud.
  • NoLo
  • Okta: Provide federated login across common web services and other SAML-capable solutions
  • OneLogin: Provide federated login across common web services and other SAML-capable solutions
  • Ping Identity: Provide federated login across common web services and other SAML-capable solutions

Imaging and Configuration Tools

  • Apple Configurator: Configure iOS and tvOS devices en-masse, automate MDM enrollment, and distribute data.
  • Blast Image Configquickly restore and configure a Macintosh back to a known state (10.12.2 and below)
  • createOSXInstallPackage: create an installer package from an “Install OS X.app” or an InstallESD.dmg. (10.12.4 and below)
  • Deep Freeze: Freeze the state of a Mac.
  • DeployStudio: Free imaging server for Macs.
  • FileWave Lightning: Local device imaging.
  • Google Restor: Image macOS computers from a single source. It is an application intended to be run interactively on a machine.
  • Ground Control: Mass deploy (and enroll) iOS devices.
  • Imagr: Open Source imaging and netinstall tool for macOS.
  • libimobiledevice: Suite of tools to configure, inspect, wipe, etc for iOS devices.
  • WinClone: Create windows images for deployment onto Macs.

Log Collection and Analysis

  • Elastic Search: Open Source, very fast log analysis.
  • RobotCloud Dashboard: Provides more granular and intuitive visibility into devices managed by Jamf Pro.
  • Splunk: Big data log analysis.
  • Tableau: Big data analysis.
  • Watchman Monitoring: Mac focused monitoring agents that inspects common third party tools.
  • Zentral: Open source, built on ElasticSearch, but with hooks into lots of other tools and custom recipes for Mac logs.

Management Suites

Misc

  • Jamf NetSUS: Reposado packaged up for Jamf servers.
  • InfineaIQ: Peripheral management software.
  • Reposado: An open source interpretation of the Apple Software Update Server.
  • Sassafras Keyserver: Centralized software license management server.

Point of Sale

  • Checkout: Point of sale solution that can run on Apple devices.
  • Lightspeed Point of sale solution that can run on Apple devices.
  • Paygo: Point of sale solution that can run on Apple devices.
  • Posim: Point of sale solution that can run on Apple devices.
  • Shopkeep: Point of sale solution that can run on Apple devices.
  • SquareUp: Point of sale solution that can run on Apple devices.
  • Vend: Point of sale solution that can run on Apple devices.
  • Papercut: Printer cost accounting for the Mac.
  • Printopia: Allows for better printing from iOS devices.

Productivity Tools

  • Alfred: Application Launcher for the Mac.
  • Amphetamine: Keep your Mac running when certain apps are open.
  • Evernote: Make lists and sync them to a cloud service, accessible from iOS and the Mac.
  • ITGlue: Store credentials and information about common IT tools in a SaaS-based database.
  • OmniPlan: Project planning and management tool to make Gantt charts.
  • OmniGraffle: Flowchart and network diagraming tool for the Mac.
  • Slack: Messaging and team management tool.
  • Trello: Make lists and sync them to a cloud service, accessible from iOS and the Mac.
  • WunderlistMake lists and sync them to a cloud service, accessible from iOS and the Mac.

Remote Management

  • Apple Remote Desktop: Apple tool for remotely controlling other Macs, sending packages to Macs, and running scripts on Macs over a LAN or directly to an IP address.
  • Bomgar: Appliance that allows for cross-platform remote control of devices.
  • CoRD: RDP client.
  • LogMeIn: Cross-platform remote control utility.
  • GoToMyPC: Cross-platform remote control utility.
  • Remote Desktop: The official RDP client for the Mac.
  • Remotix: RDP and VNC server with lots of bells and whistles.
  • TeamViewer: Cross-platform remote control utility.
  • VNC: Open source protocol for remote control, which many of the above tools are based on.

Security Tools

  • Cauliflower Vest: Store FileVault keys on a centralized server.
  • chainbreaker: Forensically acquire keychain information on a Mac.
  • Crypt: FileVault 2 Escrow solution.
  • Digital Guardian: Data Loss Prevention.
  • Google Santa: Binary blacklisting and whitelisting for the Mac.
  • iOS Location Scraper: Dump the contents of the location database files on iOS and macOS.
  • iOS Frequent Location Scraper: Dump the contents of the StateModel#.archive files located in /private/var/mobile/Library/Caches/com.apple.routined/
  • Little Snitch: Provides information about what is accessing network resources and where those resources are.
  • MacForensicsLab: A suite of tools from BlackBag Tech for the acquisition and analysis of forensically acquired Apple devices.
  • Macquisition: A suite of tools from BlackBag Tech for the acquisition and analysis of forensically acquired Apple devices.
  • Objective-See: ‘s KnockKnock, Task Explorer, BlockBlock, RansomWhere?, Oversight, and KextViewr, tools for finding more information about ports and services running on machines.
  • Osquery: Query for information on Macs in a live, granular search.
  • osxcollector: A forensic evidence collection & analysis toolkit for OS X
  • Portecle: Create and manage keystores, keys, certificates, certificate requests, and certificate revocation lists.
  • PowerBroker: Enable standard users on a Mac to perform administrative tasks without entering elevated credentials.
  • Prey: Track Mac and iOS devices if they’re stolen.
  • Recon: A forensic capture and analysis suite for Macs.

Service Desk Tools

  • Freshdesk: Case/ticket management that allows for automatic billing via Freshbooks.
  • Salesforce Cases: Case/ticket management that automatically integrates with SalesforceCRM.
  • ServiceNow: Case/ticket management with an expansive marketplace for integrations.
  • Webhelpdesk: Case/ticket management.
  • Zendesk: Case/ticket management with an expansive marketplace for integrations.

Software Packaging and Package Management

  • Autopkg: Automate the creation of Mac software distribution packages using recipes.
  • CreateUserPkg: Creates packages that create local user accounts when installed. (10.12 and below).
  • JSSImporter: Connects Autopkg to Jamf Pro.
  • Iceberg: Create Mac software distribution packages.
  • InstallApplication: Dynamically download packages for use with MDM’s InstallApplication.
  • ipaSign: Programmatically resign ipa files with a new key.
  • Jamf Composer: Create Mac software distribution packages.
  • Luggage: Open Source project to create a wrapper that makes pkgs for Macs so you can have peer review of a package by examining the diffs between versions of a Makefile.
  • Munkipkg: A simple tool for building packages in a consistent, repeatable manner from source files and scripts in a project directory.
  • Pacifist: A shareware application that opens Mac OS X .pkg package files, .dmg disk images, and .zip, .tar, .tar.gz, .tar.bz2, and .xar archives and allows you to extract individual files and folders out of them.
  • Payload Free Package Creator: An Automator application that uses AppleScript, shell scripting and pkgbuild behind the scenes to create payload-free packages.
  • QuickPkg: Create Mac software distribution packages.
  • Simple Package Creator: Create Mac software distribution packages.
  • Suspicious Package: View the contents of Mac software distribution packages.
  • Whitebox Packages: Create Mac software distribution packages.

Storage

  • Netatalk: Better AFP connectivity to Windows and other storage platforms from a Mac.
  • Promise: Apple-vetted direct attached storage (DAS), storage area networking (SAN), etc. 
  • Synology: Storage appliances tailored to working with the Mac.
  • Xsan: The built-in Apple SAN filesystem.

Troubleshooting, Repair and Service Tools

  • AppCleaner: Clean up unneeded files on a Mac.
  • AppleJack: Repair disks/permissions and cleans cache/swap files from single user mode when a Mac can’t fully boot.
  • Bartender: Manage items in the menu bar on a Mac.
  • CleanMyDrive: Drag-and-drop files directly to any drive, check disk stats and automatically clean hidden junk from external drives.
  • Data Rescue: Data recovery tool for Mac.
  • Disk Doctor: Repairs logical drives and cleans up unneeded files.
  • DiskWarrior: Repair logical volume corruption on Macs.
  • Drive Genius: Automates monitoring for hard drive errors, finds duplicate files, allows for repartition of volumes, clones volumes, performs secure erase and defragmentation.
  • Disk Inventory X: Visual representation of what’s on a logical volume in macOS.
  • EasyFind: Find files, folders, or contents in any file without indexing through Spotlight.
  • iStumbler: Wireless discovery tool for Mac that can locate Wi-Fi networks, Bluetooth devices, Bonjour services, and perform spectrum analysis.
  • GeekTool: Put script output and logs directly on the desktop of a Mac.
  • Google PlanB: Remediate Macs that fall out of a given state by performing a secure download of disk images and then putting the device into a management platform.
  • GrandPerspective: Visual representation of what’s on a logical volume in macOS.
  • Hardware Monitor: Read hardware sensor information on a Mac.
  • Lingon: Create, manage, and delete LaunchAgents and LaunchDaemons on macOS.
  • Memtest OS X: Test each RAM module in a Mac.
  • Network Radar: Network scanning and mapping tool.
  • nMap: Advanced port scanning, network mapping, and network troubleshooting.
  • Peak Hour: Network performance, quality and usage monitoring.
  • Omni DiskSweeper: Find and remove unused files in macOS to conserve and reclaim disk space.
  • OnyX: Verify the startup disk and structure of system files, run maintenance and cleaning tasks, configure settings(e.g. for the Finder, Dock, Safari), delete caches, and rebuild various databases and indexes. 
  • Push Diagnostics: Test port and host access for APNs Traffic.
  • Stellar Phoenix: Mac data recovery tool.
  • TechTool Pro: Drive repair, RAM testing, and data protection.
  • TinkerTool: Graphical interface for changing preferences on a Mac that would otherwise need to be managed with the defaults command.
  • Xirrus Wi-Fi Inspector: Search for Wi-Fi network, site surveys, troubleshoot Wi-Fi connectivity issues, locate Wi-Fi devices, and detect rogue Apps.

Virtualization and Emulation

  • Anka veertu: Run Virtual Machines on a Mac. 
  • Citrix: Publish Windows application sessions that end users connect to from a Mac using standard RDP clients.
  • Parallels: Run Virtual Machines on a Mac. 
  • Microsoft Windows Terminal Server: Publish Windows sessions that end users connect to from a Mac using standard RDP clients.
  • vFuse: Script to create a VMware Fusion VM from a DMG that hasn’t been booted.
  • VirtualBox: Run Virtual Machines on a Mac. 
  • VMware Fusion: Run Virtual Machines on a Mac. 

Honorable Mention

  • The MacAdmins Slack: Join a community of 15,000 other Admins charged with managing large fleets of Apple devices.
  • Apple Developer Program: Sign up for a developer account in order to get access to beta resources and documentation not otherwise available.
  • AppleSeed Program
  • Your Apple SE
  • Coffee… lots and lots of coffee

November 13th, 2017

Posted In: iPhone, Mac OS X

Added 3 new flags into precache tonight: –jamfserver, –jamfuser, and –jamfpassword. These are used to provide a Jamf Pro server (or cloud instance), the username to an account that can list the mobile devices on that server, and a password to that account respectively. Basically, when you provide these, the script will pull a unique set of models and then precache updates for them. It’s similar to grabbing a list of devices: curl -s -u myuser:mypassword https://myserver.jamfcloud.com/JSSResource/mobiledevices And then piping the output of a device list to: perl -lne 'BEGIN{undef $/} while (/<model_identifier>(.*?)<\/model_identifier>/sg){print $1}' And then running that array as an input to precache.py. Hope this helps make the script more useful!

May 13th, 2017

Posted In: iPhone, Mac OS X Server

Tags: , , , , , ,

If you’re in need of MDM in Japanese or German, Jamf Now shipped support for those languages last week. To switch languages, click on your name once logged in, and then click on the language you would like to use. Enjoy.

May 1st, 2017

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , ,

April 23rd, 2017

Posted In: iPhone, MacAdmins Podcast, Mass Deployment

Tags: , , , ,

Next Page »