krypted.com

Tiny Deathstars of Foulness

The next release of iOS (10.3), macOS (10.12.4), and tvOS (10.2) bring us a host of new management features. These include DEP configuration, remote wipe, single app mode, conference room mode, and remote reboot for Apple TVs. The next evolution of iOS brings us sounds in lost mode, the ability to prevent users from connecting to unmanaged wireless networks (just make sure to push that policy after sending down the actual managed wireless networks – or eek), the option to remotely shut down and reboot devices,

The Mac options includes some of the above but also restricting the feature to unlock macOS devices with Touch ID, restrict documents and desktop syncing with Apple’s iCloud service. Shared iPad environments also get new passcode policies.

Jamf Pro 9.98 has also comes with Symantec PKI integration and lots, and lots, and lots of resolutions to product issues. For more, see https://www.jamf.com/blog/are-you-ready-for-apples-next-release/. For a full run-down of profile options and MDM commands: http://docs.jamf.com/9.98/casper-suite/release-notes/What’s_New_in_This_Release.html.

Keeping with Apple’s evolving standards, Managed Preferences and Provisioning Profiles are being deprecated: http://docs.jamf.com/9.98/casper-suite/release-notes/Deprecations_and_Removals.html (which isn’t to say you can’t still deploy these kinds of things using your own scripts, etc).

Finally, if you have a problem in your environment and want to see if it’s been fixed, for a list of defects and product improvements – see http://docs.jamf.com/9.98/casper-suite/release-notes/Bug_Fixes_and_Enhancements.html

March 23rd, 2017

Posted In: JAMF, Mac OS X, Mac OS X Server

Tags: , , , ,

Leave a Comment

Built a quick extension attribute for Jamf Pro environments to check if TouchID is enabled and report back a string in $result – this could easily be modified and so I commented a few pointers for environments that might need to modify it (e.g. to check for user-level as it’s currently system-level). To see/have the code, check https://github.com/krypted/TouchID_check.

January 18th, 2017

Posted In: JAMF, Mac Security

Tags: , , , , , , ,

The last JamfNation User Conference, or JNUC for short, was far and away the biggest and best. It was packed though, and given the year-over-year increase in people attending, the conference is being moved to the Hyatt Regency in downtown Minneapolis.

For more information on or to early-bird register for JNUC 2017, visit the official JNUC page.

screen-shot-2016-12-14-at-9-59-38-am

I’ll certainly be there, and I look forward to seeing all of you again and meeting all the newcomers this year, as well as getting a recording going of the MacAdmins Podcast while we’re all together!

December 11th, 2016

Posted In: JAMF, Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

November 22nd, 2016

Posted In: JAMF, MacAdmins Podcast

Tags: , , ,

The jamf binary can grab a list of printers. It’s easy:

sudo jamf listprinters

The output looks like this:

MSP Lobby HP
MSP_Lobby
Lobby
lpd://192.168.12.201/
HP 6490 C5250 PS

If you have more printers, you’ll see more in the list!

October 22nd, 2016

Posted In: JAMF

Tags:

To quote the good people in JAMF marketing:

You may have heard that JNUC 2016 is sold out! We don’t want you to miss out, and to give you a glimpse at what the JNUC is all about, we’re thrilled to announce that the JNUC 2016 Keynotes will be available via Livestream for the first time ever! Featuring JAMF CEO Dean Hager and industry leaders who will share their experiences, challenges and lessons learned using Apple and Casper Suite to enable their employees and students, they’re not to be missed.

In our Apple Management Redefined Keynote on day one, JAMF will unveil more Apple management functionality than ever before – so much so that you may not recognize your old friend Casper (our flagship product). Witness significant enhancements to patch management, a completely new Self Service, and more functionality that will forever change the way you work. Add Tuesday’s JNUC Keynote to your calendar.

Driven by the goal to empower people with Apple technology that puts users first, A Users First Mentality Keynote on day 2 will feature IBM, Shawnee Heights School District, La Crosse School District and the University of California – San Diego, giving you key insight into how these organizations are transforming the way business, education and healthcare are done. Add Wednesday’s JNUC Keynote to your calendar.

Add to your calendar now

October 12th, 2016

Posted In: JAMF

In case you’re using DEP and haven’t noticed this, you need to accept the latest terms of service in the Apple license agreement for DEP if you’re going to continue using the service. I don’t usually post emails I get from Apple, but I can easily see orgs using accounts that don’t have email flowing to anyone that is capable of responding, so I strongly recommend you go in and accept the latest and greatest agreements so your stuff doesn’t break!

Here’s the email I got from Apple:

Apple Deployment Programs

Thank you for participating in the Device Enrollment Program. On September 13 Apple will release updated software license agreements. Your Program Agent must go to the deployment website and accept the following agreements to continue to use the program:

  • iOS 10 Software License Agreement
  • Software License Agreement for macOS Sierra

For more information please see this support article:https://support.apple.com/kb/HT203063.

Note: If you’re using Casper, then the errors you’ll see will be something along the lines of:

Unable to Contact https://mdmenrollment.apple.com

September 12th, 2016

Posted In: iPhone, JAMF, Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

Tags: , , , , ,

Screen Shot 2016-08-02 at 10.22.20 AM

Casper 9.93 is now available, with a host of new features. These include:

  • Fixed a lot (and I mean a lot) of product issues!
  • Added Single Sign-On (SSO) with SAML 2.0: Logging into the JSS without clicking on anything is just awesome.
  • Added Webhooks: Scripted, triggered access to the events API.
  • LDAP Proxy Server: Can run on our new Infrastructure Manager service on Linux and creates a tunnel between a customer location and a JSS if the JSS doesn’t have LAN access to a directory service.
  • Patch Reporting for Computers: Now, Casper includes automatically generated reports for some common third-party OS X software packages, so you can better scope policies around machines with out-of-date software packages. These can be exported into a variety of formats.
  • Self Service Mobile for iOS: Automatically remove apps that are installed option.
  • New Localization options for French, German, Japanese, and Chinese. Enhanced Language Support in Self Service
  • Import multiple classes from Apple School Manager.
  • OS X Configuration Profiles: Added IKEv2, Disable Apple ID setup during login, enabling proxies in the Proxies payload.
  • iOS Configuration Profile Enhancements: Added Allow screenshots and screen recording, Allow voice dialing while device is locked, Allow Apple Music, Allow Radio, Accept Cookies, Google Accounts, and OS X Server Accounts.
  • Smart group and advanced search criteria were added for iOS 9.3 lost mode status, length of time a device has been in lost mode, and applications in the catalog for patch management.

And of course, there’s moar scalability! 🙂

For more, see https://jamfnation.jamfsoftware.com/featureRequests.html?releaseID=138

Congrats to everyone involved in this one, it’s a pretty massive update and required a lot of work!

August 2nd, 2016

Posted In: JAMF

Tags: , ,

There’s a new JSS companion tool, called JSS MUT, which allows you to perform mass actions based on a CSV. Basically, set fields and enforce mobile device names (becoming a very common need out there). If you’re a JSS admin, it’s a nice tool, and a big should out to Michael Levenick for making it free!

5860001_orig

Official website is at http://jssmut.weebly.com.

Hat tip to Trey Howell for clueing us in! 🙂

July 18th, 2016

Posted In: JAMF

Tags: , , , , ,

Looks like Sal et al posted a suite of Automator Actions to link the Casper Suite to Apple Configurator at https://configautomation.com/jamf-actions.html. In my limited tests so far they work pretty darn well!

Screen Shot 2016-07-14 at 12.09.27 PM

Some pretty cool things here, like having the JSS rename a mobile device when managed through Apple Configurator, having Apple Configurator instruct the JSS to remove a device from a group, clear passcodes, update inventory, and other common tasks involved in workflows when leveraging Apple Configurator for en masse device management. Good stuff!

July 14th, 2016

Posted In: Apple Configurator, iPhone, JAMF

Tags: , , , , , ,

Next Page »