krypted.com

Tiny Deathstars of Foulness

November 19th, 2017

Posted In: JAMF, MacAdmins Podcast

Tags: , , , ,

Jamf is proud to announce zero-day support for macOS High Sierra, iOS 11, and tvOS 11 with the release of Jamf Pro 9.101. In addition to compatibility for all of Apple’s fall operating systems, Jamf Pro 9.101 also includes new features that include the latest payloads, restrictions and MDM commands.

Highlights of what’s new:

macOS High Sierra

  • Zero-touch provisioning of Mac devices with the Apple File System (APFS)
  • Cisco Fast Lane quality of service (QoS) support for apps
  • New security settings and configurations
  • New restrictions, including the ability to defer software updates for up to 90 days

iOS 11

  • An MDM command to upgrade non-DEP supervised devices to iOS 11
  • New restrictions, including AirPrint, manual VPN settings and systems app deletion

tvOS 11

  • Defining Home screen layout on an Apple TV
  • Showing or hiding specific tvOS apps
  • Restricting tvOS media content and ability to modify device name
  • Setting passwords for Apple TV devices to share automatically to specific iPads

Healthcare Listener enhancements and more

In addition to providing pre zero-day support for Apple’s upcoming operating systems, Jamf Pro 9.101 extends the power of the Healthcare Listener to add support for tvOS by making the remote wipe command available for Apple TV devices. Further, Jamf Pro 9.101 includes a new API for Lost Mode, new settings for re-enrollment, and security enhancements for the deployment of in-house iOS apps.

Next steps:

You can download Jamf Pro 9.101 through Jamf Nation in the “My Assets” page. If you’re using a hosted version at jamfcloud.com, the upgrade will be done automatically. If you regularly schedule your upgrade, please contact your Account Representative to schedule your upgrade. To locate your account representative, see https://www.jamf.com/jamf-nation/my/account-team.

For more information on this release, download the release notes. If you have any questions about this release or anything else, please do not hesitate to reach out.


Download Jamf Pro 9.101 now

September 12th, 2017

Posted In: JAMF

Tomcat logs events into the system log. You can use the get-wmiobject commandlet to see events. Here, we’ll look at a JSS and view only system events: Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' We can then use AND to further constrain to specific messages, in this case those containing Tomcat: Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' AND (Message like '%Tomcat%') We can then further constrain output to those with a specific EventCode with another compound statement: Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' AND (Message like '%Tomcat%') AND (EventCode=1024) For a comprehensive list of Windows event codes, see https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx. You could instead use get-eventlog to see system logs. For example, the following will list the latest 100 entries in the system log: Get-Eventlog -LogName system -Newest 1000 And the following lists the number of unique entries in descending order using Sort-Object, along with the -Property option set to count: Get-Eventlog -LogName system -Newest 1000 | Sort-Object -Property count -Descending And the following would additionally constrain the output to entries with the word Tomcat using the -Message option: Get-Eventlog -LogName system -Newest 1000 -Message "*Tomcat*" | Sort-Object -Property count -Descending And to focus on a server called jss, use the -ComputerName option: Get-Eventlog -LogName system -Newest 1000 -Message "*Tomcat*" -ComputerName "localhost" | Sort-Object -Property count -Descending

July 11th, 2017

Posted In: JAMF, Windows Server

Tags: , , , , , , ,

Here’s a new extension attribute at https://github.com/krypted/ituneshash/blob/master/ituneshash.sh for grabbing the hash ID used for iTunes Store accounts, useful with VPP: #!/bin/sh # # # #Jamf Pro Extension Attribute to return the App Store Account Hash for iTunes #Note that the return is null if one is not found # # result=`/usr/libexec/mdmclient QueryAppInstallation | grep iTunesStoreAccountHash | sed '/.*\"\(.*\)\".*/ s//\1/g'` echo "<result>$result</result>" The output is something like:
<result>oBSmAAAa0nUAAACBHe5AaALlNBg=</result>
Which would bring the string into Jamf Pro

April 26th, 2017

Posted In: JAMF, Mac OS X, Mac OS X Server, Mac Security

Tags: , , , ,

There is a new service in macOS, called Tetherator. Tethered-caching is a script that allows you to easily and quickly interact with the tethered-caching service, which has a few kinda’ cool options. This is on a client, and really speeds up all that crazy provisioning stuff you do. It can also check for the presence of a macOS Caching Server and use that as a source for the cache. The tethered-caching script is located at /usr/bin/tethered-caching. Before you do anything with the service, check the status. That’s done with the -s option (there’s also a -v option to get verbose): tethered-caching -s The results before activated should be as follows:
2017-02-28 10:44:45.730 AssetCacheTetheratorUtil[3665:182657] Tetherator is disabled: (no error) 2017-02-28 10:44:45.746 AssetCacheActivatorUtil[3666:182664] Built-in caching server can be activated. 2017-02-28 10:44:45.762 AssetCacheActivatorUtil[3667:182673] Built-in caching server is deactivated: (no error)
Then start the service using the -n option in tethered-caching, along with the IP range to be used: tethered-caching -n 192.168.1.0 This sets the ListenRanges key in the plist and should result in an activation process that appears as follows:
Starting tethered caching… 2017-02-28 10:47:59.691 AssetCacheActivatorUtil[3848:192902] Built-in caching server can be activated. 2017-02-28 10:47:59.706 AssetCacheActivatorUtil[3849:192910] Built-in caching server is deactivated: (no error) Filtering the log data using “subsystem == “com.apple.AssetCache” AND messageType == 16″ Timestamp (process)[PID] 2017-02-28 10:48:05.098735-0600 localhost AssetCache[2882]: [com.apple.AssetCache.builtin] Built-in Caching Server activated. Exiting to allow re-launch. 2017-02-28 10:48:05.207493-0600 localhost AssetCache[2882]: [com.apple.AssetCache.builtin] Built-in Caching Server shutting down (0) 2017-02-28 10:48:07.362926-0600 localhost AssetCache[3862]: [com.apple.AssetCache.builtin] Built-in Caching Server version 170 started 2017-03-02 10:45:53.753 AssetCacheTetheratorUtil[29283:2526186] Tetherator enabled. Started tethered caching. To stop it, press control+c once.
At this point, you’re calling /usr/bin/AssetCacheLocatorUtil to register and then start /usr/libexec/AssetCache/AssetCache via /System/Library/Preferences/Logging/Subsystems/com.apple.AssetCacheServices.plist which defaults read nets: {Activator = {}; "DEFAULT-OPTIONS" = { "Default-Privacy-Setting" = Public; "Enable-Oversize-Messages" = 1; "Event-Log" = { Enabled = Inherit;}; Level = { Enable = Inherit; Persist = Inherit;}; TTL = {Debug = 0;Default = 10;Info = 10;};}; Daemon = {}; Extensions = {}; Framework = {}; Tetherator = {};} The AssetCache preferences can be seen by catting /Library/Preferences/com.apple.AssetCache.plist: Activated = 0; CacheLimit = 0; DataPath = "/Library/Caches/com.apple.AssetCache"; LastConfigData = ; LastConfigURL = "http://suconfig.apple.com/resource/registration/v1/config.plist"; LastPort = 50775; ListenRanges = ({first = "192.168.1.1";last = "192.168.1.254";}); ListenRangesOnly = 1; LocalSubnetsOnly = 0; PeerLocalSubnetsOnly = 1; Port = 0; PublicRanges = automatic; ReservedVolumeSpace = 2000000000; SavedCacheDetails = {}; SavedCacheDetailsOrder = ("Mac Software","iOS Software","Apple TV Software",iCloud,Books,"iTunes U",Movies,Music,Other); SavedCacheDetailsStrings = {All the language keys as arrays - which I cut out to truncate the contents of the plist read}; SavedCacheSize = 0; ServerGUID = "C5F29418-6158-4D3B-9162-XXX"; Version = 1; Note that in the above, the LastConfigData key is pulled at activation by curling http://suconfig.apple.com/resource/registration/v1/config.plist. I’ve truncated the key as it’s kinda’ long… A simple command that will be pretty common is to increase the size of the cache. To do so, you’d just edit that CacheLimit key to be the number that you want the cache to be. In the following example, we’re writing the CacheLimit key into AssetCache.plist at 100 gigs: defaults write /Library/Preferences/com.apple.AssetCache.plist CacheLimit -int 100000000000 There’s also com.apple.AssetCache.builtin.plist in /Library/LaunchDaemons which starts the builtin AssetCache, AssetCacheC, and CacheDelete service. Once started, you will have a sqlite3 database called AssetInfo.db at /Library/Caches/com.apple.AssetCache. A basic structure of how data is stored includes the following tables:
  • ZAFFINITY with the following column: Z_PK INTEGER PRIMARY KEY, Z_ENT INTEGER, Z_OPT INTEGER, ZLASTSAVED TIMESTAMP, ZID VARCHAR
  • ZASSET with the following columns: Z_PK INTEGER PRIMARY KEY, Z_ENT INTEGER, Z_OPT INTEGER, ZMD5OFFSET INTEGER, ZTOTALBYTES INTEGER, ZCREATIONDATE TIMESTAMP, ZLASTACCESSED TIMESTAMP, ZCHECKSUM VARCHAR, ZGUID VARCHAR, ZINDEX VARCHAR, ZLASTMODIFIEDSTRING VARCHAR, ZNAMESPACE VARCHAR, ZURI VARCHAR, ZMD5CONTEXT BLOB
  • Z_METADATA with the following columns: Z_VERSION INTEGER PRIMARY KEY, Z_UUID VARCHAR(255), Z_PLIST BLOB
  • Z_MODELCACHE with just the Z_CONTENT column
  • TABLE Z_PRIMARYKEY with the following columns: Z_ENT INTEGER PRIMARY KEY, Z_NAME VARCHAR, Z_SUPER INTEGER, Z_MAX INTEGER
Once enabled, updates will be cached to the computer that the service is enabled on, metadata stored in the previously mentioned database, and then change ports and network ranges when needed.

March 27th, 2017

Posted In: Apple Configurator, Apple TV, Apple Watch, iPhone, JAMF, Mac OS X, Mac OS X Server, Mass Deployment, precache

Tags: , , ,

The next release of iOS (10.3), macOS (10.12.4), and tvOS (10.2) bring us a host of new management features. These include DEP configuration, remote wipe, single app mode, conference room mode, and remote reboot for Apple TVs. The next evolution of iOS brings us sounds in lost mode, the ability to prevent users from connecting to unmanaged wireless networks (just make sure to push that policy after sending down the actual managed wireless networks – or eek), the option to remotely shut down and reboot devices, The Mac options includes some of the above but also restricting the feature to unlock macOS devices with Touch ID, restrict documents and desktop syncing with Apple’s iCloud service. Shared iPad environments also get new passcode policies. Jamf Pro 9.98 has also comes with Symantec PKI integration and lots, and lots, and lots of resolutions to product issues. For more, see https://www.jamf.com/blog/are-you-ready-for-apples-next-release/. For a full run-down of profile options and MDM commands: http://docs.jamf.com/9.98/casper-suite/release-notes/What’s_New_in_This_Release.html. Keeping with Apple’s evolving standards, Managed Preferences and Provisioning Profiles are being deprecated: http://docs.jamf.com/9.98/casper-suite/release-notes/Deprecations_and_Removals.html (which isn’t to say you can’t still deploy these kinds of things using your own scripts, etc). Finally, if you have a problem in your environment and want to see if it’s been fixed, for a list of defects and product improvements – see http://docs.jamf.com/9.98/casper-suite/release-notes/Bug_Fixes_and_Enhancements.html

March 23rd, 2017

Posted In: JAMF, Mac OS X, Mac OS X Server

Tags: , , , ,

Built a quick extension attribute for Jamf Pro environments to check if TouchID is enabled and report back a string in $result – this could easily be modified and so I commented a few pointers for environments that might need to modify it (e.g. to check for user-level as it’s currently system-level). To see/have the code, check https://github.com/krypted/TouchID_check.

January 18th, 2017

Posted In: JAMF, Mac Security

Tags: , , , , , , ,

The last JamfNation User Conference, or JNUC for short, was far and away the biggest and best. It was packed though, and given the year-over-year increase in people attending, the conference is being moved to the Hyatt Regency in downtown Minneapolis. For more information on or to early-bird register for JNUC 2017, visit the official JNUC page. screen-shot-2016-12-14-at-9-59-38-am I’ll certainly be there, and I look forward to seeing all of you again and meeting all the newcomers this year, as well as getting a recording going of the MacAdmins Podcast while we’re all together!

December 11th, 2016

Posted In: JAMF, Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

November 22nd, 2016

Posted In: JAMF, MacAdmins Podcast

Tags: , , ,

The jamf binary can grab a list of printers. It’s easy: sudo jamf listprinters The output looks like this: MSP Lobby HP MSP_Lobby Lobby lpd://192.168.12.201/ HP 6490 C5250 PS If you have more printers, you’ll see more in the list!

October 22nd, 2016

Posted In: JAMF

Tags:

Next Page »