krypted.com

Tiny Deathstars of Foulness

Autopkgr is basically a small app that allows you to select some repositories of recipes and then watch and run them when they update. It’s a 5 minute or less installation, and at its simplest will put software packages into a folder of your choosing so you can test/upload/scope to users. Or you can integrate it with 3rd party tools like Munki, FileWave, or Jamf using the JSSImporter. Then if you exceed what it can do you can also dig under the hood and use Autopkg itself. It’s an app, and so it needs to run on a Mac. Preferably one that doesn’t do much else. 


Installing Autopkgr

You can obtain the latest release of Autopkgr at https://github.com/lindegroup/autopkgr. To install, drag the app to the Applications folder. 

When you open AutoPkgr for the first time, you’ll prompted for the user name and password to install the helper tool (think menu item). 

The menu item then looks like the following.

These are the most common tasks that administrators would run routinely. They involve checking Autopkg recipes to see if there are new versions of supported software titles, primarily. Opening the Autopkgr app once installed, though, shows us much more. Let’s go through this screen-by-screen in the following sections.


Moving AutoPkg Folders Around 

By default, when installed with Autopkgr, Autopkg stores its cache in ~/Library/AutoPkg/Cache and the repos are sync’d to ~/Library/AutoPkg/RecipeRepos. You can move these using the Choose… button in the Folders & Integration tab of Autopkgr, although it’s not necessary (unless, for example, you need to move the folders to another volume). 

Note: You can also click on the Configure AutoPkg button to add proxies, pre/post processing scripts, and GitHub tokens if needed. 


Keeping Autopkg and Git up-to-date

The Install tab is used to configure AutoPkg settings. If there is a new version of AutoPkg and Git, you’ll see an Install button for each (used to obtain the latest and greatest scripts); otherwise you’ll see a green button indicating it’s up-to-date. 

You can also configure AutoPkgr to be in your startup items by choosing to have it be available at login, and show/hide the Autopkgr menu item and Dock item. 


Configuring Repositories and Recipes

Repositories are where collections of recipes live. Recipes are how they’re built. Think of a recipe as a script that checks for a software update and then follows a known-good way of building that package. Recipes can then be shared (via GitHub) and consumed en masse. 

To configure a repository, click on the “Repos & Recipes” tab in Autopkgr. Then select the repos to use (they are sorted by stars so the most popular appear first). 

Note: There are specific recipes for Jamf Pro at https://github.com/autopkg/jss-recipes.git.

Then you’ll see a list of the recipes (which again, will make packages) that AutoPkgr has access to. Check the ones you want to build and click on the Run Recipes Now. 

If you don’t see a recipe for a title you need, use the search box at the bottom of the screen. That would show you a given entry for any repos that you’ve added. Again, all of the sharing of these repos typically happens through GitHub, but you can add any git url (e.g. if you wanted a repo of recipes in your organization. 

Once you’ve checked the boxes for all the recipes you want to automate, you can then use the “Run AutoPkg Now” option in the menu items to build, or rely on a routine run, as described in the next section.


Scheduling Routine Builds

Autopkgr can schedule a routine run to check recipes. This is often done at night after administrators leave the office. To configure, click on the schedule tab and then check the box for Enable scheduled AutoPkg runs. You can also choose to update your recipes from the repos by checking the “Update all recipes before each AutoPkg run” checkbox.


Getting Notified About New Updates To Packages

I know this sounds crazy. But people like to get notified when there’s a new thing showing up. To configure a variety of notification mechanisms, click on the Notifications tab in AutoPkgr.

Here, you can configure alerts via email, Slack, HipChat, macOS Notification Center, or via custom webhooks.


Integrating Autopkg with Jamf (and other supported vendors)

When integrating with another tool, you’ll need to first install the integration. To configure the JSSImporter, we’ll open the “Folders & Integrations” tab in Autopkgr and then click on the Install JSSImporter button.

Once installed, configure the URL, username and password (for Customer API access) and configure any distribution points that need to have the resultant packages copied to. 


Once the JSSImporter is configured, software should show up in Jamf Pro scoped to a new group upon each build.  It is then up to the Jamf Administrator to complete the scoping tasks so software shows up on end user devices.


What the JSSImporter Does from Autopkg

This option doesn’t seem to work at this time. Using the following may make it work:

sudo easy_install pip && pip install -I --user pyopenssl

Note: The above command may error if you’re using macOS Server. If so, call easy_install directly via 

/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/easy_install.py.

February 9th, 2018

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , ,

Leave a Comment

“Taking a new step, uttering a new word, is what people fear most.” ― Fyodor Dostoyevsky, Crime and Punishment

The Apple Wiki Server is sadly going away. I always liked this service. It was thoughtfully designed and looked much nicer than most of the other tools available out there. Sure, you couldn’t write articles offline, write in markdown, or do a lot of other things that I’ve learned to both love and hate from other solutions, but honestly it always felt the most Apple of services in macOS Server because it didn’t have every-single-checkbox. So, I’ll pour a little Jaëger on the ground in memory of the wiki server and then… export some stuffs and move on.

Before we get started, let’s talk about where you’re going to be putting this stuff. You can export in three formats (in order of the likelihood you’ll use them): 
  • wxr: the native WordPress format that can also be used by a variety of other solutions as WordPress is their reference competitor of sorts. WordPress also has wiki plugins, which you could experiment once you’ve imported all of your stuff. ExpressionEngine, Drupal, and many other solutions support importing via the wxr format. For importing into confluence check out https://wiki.afm.co/display/PUBL/HOW+to+import+Wordpress+into+Confluence which requires you to run your own server temporarily if your ultimate goal is to move to the Atlassian Cloud (which is pretty much what I ended up doing). 
  • pages: A folder that stores static html, rather than the dynamic html files that the wiki services builds. You might use this if you just want to take a permanent archive of the wiki service and maybe hire an intern to cut/copy/paste pages into a new wiki solution, like Confluence. 
  • json: If you’re going to be scripting a custom import into another solution then json is likely to be your best bet. I blame python. There are more modules than I can count to import that assist with manipulating json. If another wiki or documentation tool has an import option, you can find a way to get it in. You’ll likely encounter broken links, etc. Unless you correct those in the script during import. Which is a lot of logic. 
  • legacy: Uses PostgreSQL. Probably not useful for a lot of people. I’ve done some work reverse engineering that database, but it changes routinely and so that work is put out of date at regular intervals.
  • decoded: A more swifty export. I think I’d just use this if I were building a swift app based on my export. Which I can’t imagine doing.

The export command is now built into wikiadmin (unlike a couple of previous articles I wrote where it was a standalone command back in the 10.5 or 10.6 era). So to export, you’ll run wikiadmin followed by the export verb. The next option you’ll provide in the command is either -all or the -name of the wiki (multiple wikis can be provided with  comma separated values) and then the -format you’re exporting into (listed above), and finally the -path of the destination. To put that all together, would look like the following if we’re exporting into WordPress: 

sudo /Applications/Server.app/Contents/ServerRoot/usr/bin/wikiadmin export -name Legal -format wxr -path /exports

Exports will be owned by _teamserver so to get to the data, you’ll have to chmod the files:

sudo chmod -R /exports

Inside that target directory, you’ll see a number of files as you can see in the following screenshot:

So, for wxr there will be a directory called wiki that doesn’t have much in it. And then there will be an xml file for each user that has a “page” as well as another with all the articles in it. You’ll need to look at them, but typically the biggest and last one exported (so the last one in the directory listing) will have all your articles.

Once you have the correct XML file, you can import it! To do so, go to WordPress, hover over tools in the sidebar and click on Import. At the import screen, select the xml file, and then click on the “Upload file and import” button.




Note: If the import fails, you may have to edit your php.ini to increase post_max_size or upload_max_filesize. But once the import is complete, I’d change those back to the defaults.

Now, let’s say instead I was going to json. In the following iteration of the earlier command, I’m going to do -all and then I’m going to do json as the -format:

sudo /Applications/Server.app/Contents/ServerRoot/usr/bin/wikiadmin export -all -format json -path /exports

This output starts as follows (I left off the subsequent articles:

{

  “LongName” : “Legal”,

  “UpdateTime” : “2018-02-09T08:37:41.691-0600”,

  “Description” : “test”,

  “ExportDate” : “2018-02-09 16:06:51 +0000”,

  “Revision” : 1,

  “UpdatedByLogin” : “charles.edge”,

  “BlogPosts” : [

  ],

  “Theme” : “carbon,,”,

  “WikiUID” : “c7de0acb-baae-baae-e9bd-f78d3e4d43ed”,

  “ShortName” : “legal”,

  “Pages” : [

{

  “LongName” : “test page 1”,

  “UpdateTime” : “2018-02-09T08:38:32.025-0600”,

  “UpdatedByLogin” : “charles.edge”,

  “Revision” : 3,

  “PageTextValue” : “To edit this page, click the Edit (pencil) button. To delete this page, click the Action (gear) button and choose Delete. When you edit this page, you can easily rename the page, and use the editing toolbar to: Apply paragraph or character styles to text. Create bulleted lists, numbered lists, and tables. Insert media, such as images, audio, or QuickTime movies. Attach files. Insert an HTML snippet from another website or email. For more information about editing pages, click the Action (gear) button and choose Help. 1 1”,

  “TinyID” : “x4j836N4C”,

  “Tags” : [

” test”,

“wtf”

  ],

  “CreateTime” : “2018-02-09T08:38:07.039-0600”,

  “RelatedItems” : [

{

  “LongName” : “Legal”,

  “UID” : “c7de0acb-baae-baae-c6c2-aae392690186”

}

  ],

  “CreatedByLogin” : “charles.edge”,

  “RenderedPage” : “<div id=\”text-block-view-24c701f8-0e15-49a7-b331-f8b755cb6a32\” class=\”block wrapchrome text\” data-guid=\”24c701f8-0e15-49a7-b331-f8b755cb6a32\” data-type=\”text\” contenteditable=\”false\”><div id=\”text-block-view-24c701f8-0e15-49a7-b331-f8b755cb6a32-wrapper\” class=\”wrapper wrapchrome\”><div id=\”text-block-view-24c701f8-0e15-49a7-b331-f8b755cb6a32-inner\” class=\”inner wrapchrome\”><div class=\”content selectable wrapchrome\”><div id=\”text-block-view-24c701f8-0e15-49a7-b331-f8b755cb6a32-editable\” class=\”editable wrapchrome\”><p>To edit this page, click the Edit (pencil) button. To delete this page, click the Action (gear) button and choose Delete.<\/p><p>When you edit this page, you can easily rename the page, and use the editing toolbar to:<\/p><ul><li>Apply paragraph or character styles to text.<\/li><li>Create bulleted lists, numbered lists, and tables.<\/li><li>Insert media, such as images, audio, or QuickTime movies.<\/li><li>Attach files.<\/li><li>Insert an HTML snippet from another website or email.<\/li><\/ul><p>For more information about editing pages, click the Action (gear) button and choose Help. 1 1<\/p><\/div><\/div><\/div><\/div><\/div>”,

  “RevisionHistory” : [

{

  “ChangedByLogin” : “charles.edge”,

  “Version” : 1,

  “PageTextValue” : “”,

  “RenderedPage” : “<div class=\”block text\”><div class=\”content\”><div class=\”editable\”><p>To edit this page, click the Edit (pencil) button. To delete this page, click the Action (gear) button and choose Delete.<\/p><p>When you edit this page, you can easily rename the page, and use the editing toolbar to:<\/p><ul><li>Apply paragraph or character styles to text.<\/li><li>Create bulleted lists, numbered lists, and tables.<\/li><li>Insert media, such as images, audio, or QuickTime movies.<\/li><li>Attach files.<\/li><li>Insert an HTML snippet from another website or email.<\/li><\/ul><p>For more information about editing pages, click the Action (gear) button and choose Help.<\/p><\/div><\/div><\/div>”,

  “ChangeType” : “create”,

  “ChangeTime” : “2018-02-09T08:38:07.039-0600”

},

{

  “ChangedByLogin” : “charles.edge”,

  “Version” : 2,

  “PageTextValue” : “To edit this page, click the Edit (pencil) button. To delete this page, click the Action (gear) button and choose Delete. When you edit this page, you can easily rename the page, and use the editing toolbar to: Apply paragraph or character styles to text. Create bulleted lists, numbered lists, and tables. Insert media, such as images, audio, or QuickTime movies. Attach files. Insert an HTML snippet from another website or email. For more information about editing pages, click the Action (gear) button and choose Help. 1”,

  “RenderedPage” : “<div id=\”text-block-view-24c701f8-0e15-49a7-b331-f8b755cb6a32\” class=\”block wrapchrome text\” data-guid=\”24c701f8-0e15-49a7-b331-f8b755cb6a32\” data-type=\”text\” contenteditable=\”false\”><div id=\”text-block-view-24c701f8-0e15-49a7-b331-f8b755cb6a32-wrapper\” class=\”wrapper wrapchrome\”><div id=\”text-block-view-24c701f8-0e15-49a7-b331-f8b755cb6a32-inner\” class=\”inner wrapchrome\”><div class=\”content selectable wrapchrome\”><div id=\”text-block-view-24c701f8-0e15-49a7-b331-f8b755cb6a32-editable\” class=\”editable wrapchrome\”><p>To edit this page, click the Edit (pencil) button. To delete this page, click the Action (gear) button and choose Delete.<\/p><p>When you edit this page, you can easily rename the page, and use the editing toolbar to:<\/p><ul><li>Apply paragraph or character styles to text.<\/li><li>Create bulleted lists, numbered lists, and tables.<\/li><li>Insert media, such as images, audio, or QuickTime movies.<\/li><li>Attach files.<\/li><li>Insert an HTML snippet from another website or email.<\/li><\/ul><p>For more information about editing pages, click the Action (gear) button and choose Help. 1<\/p><\/div><\/div><\/div><\/div><\/div>”,

  “ChangeType” : “edit”,

  “ChangeTime” : “2018-02-09T08:38:26.194-0600”

},

There’s a glaring omission in this article: files. I’ll get to that later in another article. But the gist is that you can do a webdav and move them, but you kinda’ break any links…

Finally, if I came up short in this article (as I often do), the official wikiadmin man page: 

wikiadmin export -name somewiki,anotherwiki -path /var/tmp/two-exported-wikis

wikiadmin import -all -path /var/tmp/two-exported-wikis

wikiadmin import -all -path /var/tmp/two-exported-wikis/Exported.wikis

wikiadmin export -all -format json -path /var/tmp/readable-wikis

wikiadmin export -all -format pages -path /var/tmp/browsable-wikis

wikiadmin export -all -format wxr -path /var/tmp/wxr-wiki-files

wikiadmin migrate -r /Volumes/SnowLeopard/Library/Collaboration

RETURN VALUES

wikiadmin returns a status code of 0 for success. In the event of failure it returns a non-zero status, and writes error messages to stderr.

FILES

/Library/Server/Wiki/Logs/wikiadmin.log

Log file for wikiadmin activity

/Library/Server/Wiki/Logs/collabd.log

Log file for Wiki http server activity

/Library/Server/Wiki/, /tmp/, /var/tmp, /Users/Shared

Folders readable and writable by user _teamsserver where exports can typically be placed

<export-path>/Exported.wikis

The name of the bundle created when exporting wikis for formats other than pages.

<export-path>/FileData/*/*/*

For -format pages – exported files that were uploaded to the wiki as files or embedded in pages

<export-path>/wiki/projects/*/*.html

For -format pages – exported wiki main pages and user profile pages

<export-path>/wiki/pages/*/*.html

For -format pages – exported wiki pages

<export-path>/css/*.css

For -format pages – style sheets for use in browsing the exported content

<export-path>/index.html

For -format pages – a generated landing page with links to all exported wikis and pages

HISTORY

The wikiadmin command first allowed export in macOS Server 3.2. The packaging format for exported wikis was revised with macOS Server 4.1, but the

new wikiadmin still supports importing from the older export formats.

macOS Server March 30, 2017 macOS Server

February 8th, 2018

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , ,

Leave a Comment

In this article, I looked at enabling SMB and AFP shares via the command line for macOS:

Setup the File Sharing Service in macOS 10.13, High Sierra

One thing I din’t cover is enabling SMB sharing for a specific user. This is different as passwords need to be stored in an SMB hash. And you can set that hash type with the pwpolicy command. So to do so, we’ll run the command with the -u option so we can supply the username, the -sethashtypes followed by SMB-NT as the hashtype followed by “on” as can be seen here:

pwpolicy -u charles.edge -sethashtypes SMB-NT on

The interpreter then asks for a password (which can be supplied programmatically with expect if this is done while creating the account:
Password for authenticator charles.edge:Setting hash types for user <charles.edge></charles.edge>

February 2nd, 2018

Posted In: Mac OS X, Mac OS X Server

Tags: , , , ,

Leave a Comment

Many of the people that read my articles undoubtedly arleady know this, but Apple has announced a sharp reduction in the number of services provided. Per this article, the Calendar, Contacts, DHCP, DNS, Mail, Messages, NetInstall, VPN, Websites, and Wiki services are being deprecated and Apple has provided a few services, per service, that they recommend moving to. Those services, per the above article, include the following:

Calendar

Contacts

DHCP

DNS

Mail

Messages

NetInstall

VPN

Websites

Wiki

I’ve been saying many of these services/features should go away in macOS Server so the developers could focus on providing an excellent experience and solid QA/unit testing for the services/features that remain. The fact that apps are being swiftified is great, as it speaks volumes to the future of the services themselves. The fact that Apple is reducing the number of licenses they’re tracking and the mistake they’re allowing customers to make is also great.

Having said that, every time I think that a service should go away, I hear from someone that they rely on that service. Most of this feedback comes from consultants who have made the server a central part of their consultancy. As someone who used to plan services as products for customers in consultancies, if you find yourself in similar situations when planning where services go when Apple retires them, I would strongly recommend looking at SaaS solutions where customers can give you a login and you can help guide them into a new and better solution. At least, that’s the way I positioned most of these services in the last version of the macOS Server book…

Yes, it was great having Apple handle all of the patching and customers were able to take advantage of a lot of technology with very few resources. However, that’s just not where we are any more. And rather than argue about it or try emailing Tim Cook or make petitions or even complain, save your cycles and look for new and better replacements for each service (preferably not ones that require physical servers, provided that customers are okay with that)! 

And stay tuned. I suspect we’ll cover this on an upcoming episode of the Mac Admins Podcast! 😉

What are your thoughts? Remorse? Applause?

January 25th, 2018

Posted In: Mac OS X, Mac OS X Server

Tags: , , ,

Spinnaker seems kinda’ complicated at first, but it’s not. To get it up and running, first install cask:

brew tap caskroom/cask
brew install brew-cask

Then redis and java:

brew install redis
brew cask install java

Download spinnaker from https://github.com/spinnaker/spinnaker.git (I dropped mine into ~/usr/local/build/spinnaker). From your spinnaker folder make a build directory and then run the script to update source:

mkdir ~/usr/local/spinnaker/build
cd ~/usr/local/spinnaker/build
~/usr/local/spinnaker/dev/refresh_source.sh –pull_origin –use_ssh –github_user default

From your build directory, fire it up:

~/usr/local/spinnaker/dev/run_dev.sh

Now run hal to see a list of versions:

hal version list

Then enable the version you want (e.g. 1.0.0):

hal config version edit –version 1.0.0

Then apply the version:

hal deploy apply

Then connect to fire up the UI:

hal deploy connect

Viola, now it’s just a GUI tool like anything else!

January 4th, 2018

Posted In: Mac OS X

Tags: ,

You know how when you buy apps at home, they show up on your computer at work, if you’re using the same iCloud account for the app store in both locations? Some companies want to disable that. To do so, send a ConfigDataInstall key into com.apple.softwareupdate, which can most easily be done with the defaults command:

sudo defaults write com.apple.SoftwareUpdate ConfigDataInstall -int 0

Or to turn it back on:

sudo defaults write com.apple.SoftwareUpdate ConfigDataInstall -int 1

January 2nd, 2018

Posted In: Mac OS X, Mass Deployment

Tags: , , ,

This New Years Day, Learn The Jot Command The jot command is one I haven’t used in awhile. But it’s still useful. Let’s take a look at a few of the things you can do with it. First, let’s just print lines into a new file called “century.txt” which we can do by running with the number of increments followed by the starting number, and then redirecting the output into the file name:

jot 100 1 > ~/Desktop/century.txt

Or to do integers instead, simply put the decimals:

jot 100 1.00 > ~/Desktop/century.txt

Or in descending order,

jot – 100 1 > ~/Desktop/century.txt

Now we could change the output to be just 50 to 100, by incrementing 50 (the first position) and starting at 50 (the second):

jot 50 50

The jot command is able to print sequential data, as we’ve seen. But we can also print random data, using the -r option. Following that option we have three important positions, the first is the number of iterations, but the next two are the lower and upper boundaries for the numbers, respectively. So in the below command we’ll grab 10 iterations (or ten random numbers) that are between 1 and 1000:

jot -r 10 1 1000

Now if we were to add a -c in there and use a and z as the upper and lower bounds, we’d get… letters (this time we’re just gonna’ ask for one letter)!

jot -r -c 1 a z

Something I find useful is just to shove random data into a file infinitely. And by useful I mean hopefully not left running overnight on my own computer (been there, done that). To do this, just use a 0 for the number of iterations:

jot -r -c 0

Something that is actually useful is the basic ASCII set:

jot -c 128 0

We can also append data to a word using -w. So let’s say we want to print the characters aa followed by a through z. In the below we’ll define that with -w and then we’ll list those two characters followed by %c which is where the character substitution goes and then the number of iterations followed by the lower bound:

jot -w aa%c 26 a

You can also do stuttering sequences, useful for the occasional tango dancer, so here we’ll do a 5/3 countdown:

jot – 100 0 -.5

Or we could create a one meg file by creating 1,024 bytes:

jot -b 0 1024 > onemegfile.txt

Oh wait, that file’s two megs. Get it? 😉

And running strings teaches you that you can’t bound random (a good lesson for the New Year). Anything you use jot for?

Happy New Years!

January 1st, 2018

Posted In: bash, Mac OS X, Mac OS X Server

Tags: , , , , ,

macOS 10.13 brings changes to sysadminctl. You know those dscl scripts we used to use to create users? No longer supposed to be necessary (luckily they do still work). Now you can create a user with a one-liner, and do other forms of user management, such as enabling FileVault for a given user, or managing the guest accounts. However, you can’t do these tasks as root or via sudo. You have to do so with other admin accounts per Apple kbase HT208171 (in fact, this article has been in my queue waiting for that issue to be fixed – but keep in mind I’m not prefacing these with sudo in the below commands). In the below command, we’ll pass the -addUser option and then use -fullName to fill in the displayed name of the user, -password to send a password to the account and -hint so we can get a password hint into that attribute:

sysadminctl -addUser krypted2 -fullName "Charles Edge" -password testinguser -hint hi

The result would be as follows:

No clear text password or interactive option was specified (adduser, change/reset password will not allow user to use FDE) !
Creating user record…
Assigning UID: 503
Creating home directory at /Users/krypted2


Notice that in the above, the system automatically selected a home directory and UID. We could have passed those as well, using Now let’s use dscl to view the user we just created:

dscl . -read /Users/krypted2

Here’s a snippet of the dscl output:

NFSHomeDirectory: /Users/krypted2
Password: ********
Picture: /Library/User Pictures/Fun/Ying-Yang.png
PrimaryGroupID: 20
RealName: Charles Edge
RecordName: krypted2
RecordType: dsRecTypeStandard:Users
UniqueID: 503
UserShell: /bin/bash


Notice that the above is not the whole record you’d typically find with dscl. But if it were, you would not have the AuthenticationAuthority attribute. To see if it can unlock FileVault we can use the -secureTokenStatus operator built into sysadminctl. Simply pass the RecordName and you’ll get an indication if it’s on or off:

sysadminctl -secureTokenStatus krypted2

The response should be as follows:

Secure token is ENABLED for user Charles Edge

To just get the ENABLED response we’ll just use awk to grab that position (also note that we have to redirect stderr to stdout):

sysadminctl -secureTokenStatus charles.edge 2>&1 | awk '{print$7}'

We could append the AuthenticationAuthority attribute with dscl, as we would need a SecureToken. To get a SecureToken, we’ll use the -secureTokenOn verb:

sysadminctl -secureTokenOn krypted mysupersecretpassword

To disable, we’ll use -secureTokenOff

sysadminctl -secureTokenOff krypted mysupersecretpassword

Given that we like to rotate management passwords, we can do so using-resetPasswordFor which takes a username and a password as -newPassword and -passwordHint respectively:

sysadminctl -resetPasswordFor krypted -newPassword newsupersecretpassword -passwordHint "That was then this is now"

Note: In the above, we quoted the hint, which is supplied using the -passwordHint option. If it was one word we wouldn’t have needed to do so. 

Next, let’s check guest access. You can have guest enabled for logging in, afp, or smb. To check if guest is enabled for one of these use the -guestAccount, -afpGuestAccess, or -smbGuestAccess options. Each has an on, off, and status verb that can be used to manage that account type. So for example, if you wanted to check the status of the guest account, you could use -guestAccount as follows (also note that we have to redirect stderr to stdout):

sysadminctl -guestAccount status 2>&1 | awk '{print$5}'

To then disable if it isn’t already disabled:

sysadminctl -guestAccount Off

You can also use sysadminctl to do a quick check of the encryption state of the boot volume using the -filesystem option (although there’s no on and off verb for this option just yet):

bash-3.2# sysadminctl -filesystem status

2017-12-07 10:37:26.401 sysadminctl[8534:466661] Boot volume CS FDE: NO

2017-12-07 10:37:26.434 sysadminctl[8534:466661] Boot volume APFS FDE: YES

The help page is as follows:

Usage: sysadminctl [[interactive] || [-adminUser -adminPassword ]] -deleteUser [-secure || -keepHome] -newPassword -oldPassword [-passwordHint ] -resetPasswordFor -newPassword [-passwordHint ] -addUser [-fullName ] [-UID ] [-shell ] [-password ] [-hint ] [-home ] [-admin] [-picture ] -secureTokenStatus -secureTokenOn -password -secureTokenOff -password -guestAccount -afpGuestAccess -smbGuestAccess -automaticTime -filesystem status Pass '-' instead of password in commands above to request prompt.

Why should you switch to sysadminctl for scripts? Entitlements and I’m sure this is how mdmclient will pass management commands in the future… Why should you not? You can’t run most of it as root…

December 7th, 2017

Posted In: Mac OS X, Mac Security, Mass Deployment

Tags: , , ,

What do you do when iTunes launches with an error that a file is missing? Reinstall it. But if it isn’t in the Mac App Store, how do you do that?

Easy peasy. Go to https://www.apple.com/itunes/download/ provide an email address and click on download. Once downloaded, run the package installer and you’re done. 

November 20th, 2017

Posted In: Mac OS X

The following is a list of common tools used to manage Apple devices. Do you use something that isn’t on this list? Comment it and I’ll try and add it! In order to remain vendor agnostic I am trying to list solutions in alphabetical order by category. A brief explanation of each category, being as follows:
  • Antivirus: Solutions for scanning Macs for viruses and other malware.
  • Automation Tools: Scripty tools used to automate management on the Mac
  • Backup: I highly recommend bundling or reselling some form of backup service to your customers, whether home, small business, or large enterprises. The flexibility to restore a device from a backup when needed is one of the most important things to keep costs at a manageable level and put devices back into the hands of customers in an appropriate time frame.
  • CRM: Mac-friendly tools used to track contacts and communications with those contacts.
  • Collaboration Suites: Once upon a time, a Mac server was great for shared calendars, contacts, and email. But most businesses aren’t going to want anything to do with the repercussions of potential downtime that can happen on a mail server. Nothing will get your hard-earned customers to fire you faster than an email outage. So while the Mac server is listed, consider cloud options, for optimal customer retention.
  • DEP Splash Screens and Help Menus: Tools that make the DEP and service desk process more user friendly by providing more information to users.
  • Development Tools, IDEs and Text Editors: Tools used when building scripts, writing and debugging software, and manipulating text.
  • Digital Signage and Kiosks: I put these in here, because I know a lot of organizations that have made a great little addition revenue stream by reselling or deploying these tools on behalf of their customers. I have friends that have also created managed service offerings just around these tools. Overall, it’s a possible new revenue stream and as an added bonus, you’ll likely have an NFR so you can have pretty cool signage in your office (if you’re into that kind of thing).
  • Directory Services: Tools that provide primarily on-premesis access to a shared directory of services and allow for single-sign on to those services.
  • File Sharing: Mac-centric cloud and on premises tools to share and synchronize files.
  • Identity Management: Providers of predominantly SAML based Single-Sign On solutions that federate security for Apple devices to access web-based services.
  • Imaging and Configuration Tools: Tools used to place devices into a given state or create that state. This includes traditional Mac including tools as well as those built for iOS. 
  • Line of Business: Traditionally Mac-focused solutions that automate various business functions.
  • Log Collection and Analysis: Centralized logging has been a necessity for large, growing fleets of devices. Modern tools can store large amounts of logs from client computers and allow fast and complex searching so you can triangulate issues quickly and effectively. As an added benefit, you can also centralize logs for network appliances, allowing you to isolate the source of issues across an entire ecosystem of devices.
  • Management Suites: Tools used to manage settings on Apple Devices. Each is marked as MDM, Agent-based, or both.
  • Print Servers: Servers that either provide access to printers or allow for more granular printing features, such as cost accounting.
  • Productivity Tools: Tools you might use to manage lists or other assets.
  • Remote Control and Management: These tools allow you to take control of the screen, keyboard, and mouse of devices. I can’t tell you which are the best. But I can tell you that I want my remote control solutions to be cross-platform, to be cloud-based, to prompt users for acceptance of the remote control session, and to audit connections so I know who is taking over what devices.
  • Print Servers: I’ve always hated printers. Whether the old Fiery print services, a common LPR-based printer, or one of the shared printing services, I still can’t stand managing printers. Printers jam, they break, the drivers seem to be rife with problems for every other operating system update, printers are often connected to via ad-hoc networks (like Bonjour), and you often need special software to access the cool features. All-in-all, printers suck, but these tools might make them just a tad bit easier to use, or if not, help to account for who is using them so your customers can bill their departments back as much as possible.
  • Point of Sale (PoS): Similar to digital signage, but you might also operate a storefront or track customer data in one of these solutions.
  • Remote Management: Tools used to take control of the screen of an Apple device.
  • Security Tools: Tools used to manage firewalls, filevault, and perform other tasks required to secure Macs, based on the security posture of a given organization.
  • Service Desk Tools: These tools are for ticketing and ticket management. It’s always great if you can pick one that actually integrates with both your billing solution and the various other techie bits you choose to use.
  • Software Packaging and Package Management: Tools for normalizing software for mass distribution on Apple platforms.
  • Storage: Apple-focused solutions for sharing files.
  • Troubleshooting, Repair, and Service Tools: Tools used to fix logical problems with hard drives, check hardware for issues, repair various system problems, or just clean up a Mac.
  • Virtualization and Emulation: Not all software runs on a Mac. Customers will have certain tasks that may require a Windows machine. You can use Citrix or a Microsoft Terminal Server to provide for that potential requirement. Or, especially if users need data from their Windows apps when offline, you can use a local virtualization tool.

Antivirus

  • AVG: Basic antivirus and spyware detection and remediation.
  • Avast: Centralized antivirus with a cloud console for tracking incidents and device status.
  • Avira: Antivirus and a browser extension. Avira Connect allows you to view device status online.
  • BitDefender: Antivirus and malware managed from a central console.
  • CarbonBlack: Antivirus and Application Control.
  • Cylance: Ransomware, advanced threats, fileless malware and malicious documents in addition to standard antivirus.
  • Kaspersky: Antivirus with a centralized cloud dashboard to track device status.
  • Malware Bytes: Antivirus and malware managed from a central console.
  • McAfee Endpoint Security: Antivirus and advanced threat management with a centralized server to track devices.
  • Sophos: Antivirus and malware managed from a central console.
  • Symantec Mobile Device Management: Antivirus and malware managed from a central console.
  • Trend Micro Endpoint Security: Application whitelisting, antivirus, ransomware protection in a centralized console.
  • Wandera: Malicious hot-spot monitoring, jailbreak detection, web gateway for mobile threat detection that integrates with common MDM solutions.

Automation Tools

  • AutoCasperNBI: Automates the creation of NetBoot Images (read: NBI’s) for use with Casper Imaging.
  • AutoDMG: Takes a macOS installer (10.10 or newer) and builds a system image suitable for deployment with Imagr, DeployStudio, LANrev, Jamf Pro, and other asr-based imaging tools.
  • AutoNBI: Automates the the build and customization of Apple NetInstall Images.
  • Dockutil: Command line tool for managing dock items.
  • Homebrew: Package manager for macOS. Cakebrew: provides a pretty GUI for Homebrew.
  • Jamf Migrator: Copy assets from one Jamf server to another.
  • Jamjar: Synergises jamf, autopkg & munki into an aggregated convergence that cherry-picks functionality from each products core competency to create an innovative, scalable & modular update framework.
  • MacPorts: An open-source community initiative to design an easy-to-use system for compiling, installing, and upgrading either command-line, X11 or Aqua based open-source software on Macs.
  • Precache: Programmatically caches Mac and iOS updates rather than waiting for a device to initiate caching on a local caching server.
  • Outset:  Automatically processes packages, profiles, and scripts during the boot sequence, user logins, or on demand.
  • Spruce:  Locates items in Jamf Pro that you aren’t currently using (out of date scripts, packages, etc).
  • Recategorizer:  Recategorize policies and packages in Jamf Pro.

Backup 

  • Acronis: Centrally managed backups with image-based restores.
  • Archiware: Centrally managed backups to disk and tape with a variety of agents for backing up common Apple requirements, such as Xsan.
  • Arq: One-time fee cloud-based backups and unlimited storage.
  • Backblaze: Unlimited continuous backup with a 30 day rollback feature.
  • Carbon Copy Cloner: File or disk-based cloning of files for macOS.
  • Carbonite: SaaS or local-server based backups of Mac clients.
  • Crashplan: Backup to cloud and local storage with a great deduplication engine.
  • Datto: Local and cloud backup and restore, as well as cloud failover for various services.
  • Druva: Backup for local computers as well as some backup for cloud services.
  • Quest Backup (formerly Netvault): Can backup Mac clients and Xsan volumes to a centralized tape or disk-based backup server.
  • SuperDuper!: Duplicates the contents of volumes to other disks.
  • Time Machine: Built-in backup tool for macOS.

Collaboration Suites and File Sharing

  • Atlassian: Development oriented suite including wiki (Confluence), issue tracking (Jira), messaging (HipChat) and other tools.
  • Box: File sharing in the cloud.
  • Dropbox: File sharing in the cloud.
  • Egnyte: Caches assets from popular cloud-based services so they’re accessible faster on networks where they’re frequently accessed.
  • G Suite: Shared Mail, Contacts, Calendars. Groupware, accessible from the built-in Apple tools, Microsoft Outlook, and through the web.
  • Kerio Connect: Shared Mail, Contacts, Calendars. Groupware, accessible from the built-in Apple tools, Microsoft Outlook, and through the web.
  • macOS Server: Shared Mail, Contacts, Calendars. Groupware, accessible from the built-in Apple tools, Microsoft Outlook, and through the web. Should be used in smaller environments, and it is strongly recommended to look at third party SaaS-based solutions as potential replacements for this solution.
  • Office 365: Shared Mail, Contacts, Calendars. Groupware, accessible from the built-in Apple tools, Microsoft Outlook, and through the web.

CRM

  • Daylite: Mac tool for managing contacts and communications with those contacts.
  • Hike: Mac tool for managing contacts and communications with those contacts.
  • Elements CRM: Mac tool for managing contacts and communications with those contacts. (EOL)
  • GroCRM: iOS tool for managing contacts and communications with those contacts.

DEP Splash Screens and Help Menus

  • ADEPT: Adds a splash screen for DEP enrollments so users can see what is happening on their devices.
  • DEPNotify: Adds a splash screen for DEP enrollments so users can see what is happening on their devices.
  • HelloIT: Customizable help menu so users can get information about their systems or IT support.
  • MacDNA: Customizable help menu so users can get information about their systems or IT support.
  • SplashBuddy: Adds a splash screen for DEP enrollments so users can see what is happening on their devices.

Development Tools, IDEs and Text Manipulators

  • aText: Replaces abbreviations with frequently used phrases you define.
  • Atom: A modern text editor with bells and whistles that make it work like an IDE for common scripting languages.
  • BBEdit: A modern text editor with bells and whistles that make it work like an IDE for common scripting languages.
  • Charles Proxy: A proxy tool that can be used to inspect traffic so you can programmatically reproduce the traffic or reverse engineer what is happening when trying to solve issues or build tools.
  • CocoaDialog: Create better dialog boxes than with traditional tools like AppleScript.
  • Coda: An IDE and a modern text editor with bells and whistles that make it work like an IDE for common scripting languages.
  • Dash: Offline access to 150+ API documentation sets.
  • Docker: Containerization tool.
  • FileMaker: Rapid application development software from Apple.
  • git: Code versioning, merging, and tracking – and with github, a repository to put code into and share code.
  • Hopper Disassembler: Disassemble binaries as part of reverse engineering and security testing.
  • Microsoft Visual Studio: An IDE for a variety of languages.
  • MacDown: An open source tool for creating and editing Markdown. 
  • MySQL Workbench: Create and edit MySQL databases and use to build complex queries.
  • Navicat Essentials: Create and edit MySQL databases and use to build complex queries.
  • Pashua: Creating native Aqua dialogs from programming languages that have none or only limi­ted support for graphic user inter­faces on Mac OS X, such as Apple­Script, Bash scripts, Perl, PHP, Python, and Ruby.
  • Platypus: creates native Mac OS X applications from interpreted scripts such as shell scripts or Perl, Ruby and Python programs.
  • Script Debugger: Tools like a dictionary explorer and more IDE-esque features for building AppleScript applications.
  • SequelPro: Create and edit MySQL databases and use to build complex queries.
  • Snippets Manager: Collect and organize code snippets
  • SourceTree: GUI tool for Git and Github.
  • SublimeText: A modern text editor with bells and whistles that make it work like an IDE for common scripting languages.
  • TextExpander: Replaces abbreviations with frequently used phrases you define.
  • TextWrangler: A modern text editor with bells and whistles that make it work like an IDE for common scripting languages.
  • Tower: A modern text editor with bells and whistles that make it work like an IDE for common scripting languages.
  • VisualJSON: Simple JSON pretty-viewer for the Mac.
  • Xcode: Apple tool for writing apps and scripts in common languages.

Digital Signage and Kiosks

  • Carousel Digital Signage: Run Digital Signage from an AppleTV.
  • Kiosk Pro: Turn any iPad into a single-user kiosk tool, manageable via an API (e.g. with a Jamf Pro integration).
  • Risevision: Run Digital Signage from a Mac.

Directory Services and Authentication Tools

  • Apple Enterprise Connect: Tool sold through Apple that connects to Active Directory environments without binding to Active Directory.
  • AdmitMac: Adds support for fringe Active Directory requirements.
  • JumpCloud: Run your directory service in the cloud.
  • LDAP: Open source directory service.
  • macOS Server Open Directory: Directory service installed in macOS Server that is based on OpenLDAP.
  • Microsoft Active Directory: Centralized directory service from Microsoft.
  • Nomad: Connects clients to Active Directory environments without binding to Active Directory. And has some other nifty features.

Identity Management

  • Centrify: Provide federated login across common web services and other SAML-capable solutions, as well as resolve common issues with Active Directory. Also has an integrated profile management tool for compliance.
  • Duo Mobile
  • LastPass Enterprise: Provide federated login across common web services and other SAML-capable solutions
  • Microsoft Azure Active Directory: Active Directory with Azure in the cloud.
  • NoLo
  • Okta: Provide federated login across common web services and other SAML-capable solutions
  • OneLogin: Provide federated login across common web services and other SAML-capable solutions
  • Ping Identity: Provide federated login across common web services and other SAML-capable solutions

Imaging and Configuration Tools

  • Apple Configurator: Configure iOS and tvOS devices en-masse, automate MDM enrollment, and distribute data.
  • Blast Image Configquickly restore and configure a Macintosh back to a known state (10.12.2 and below)
  • createOSXInstallPackage: create an installer package from an “Install OS X.app” or an InstallESD.dmg. (10.12.4 and below)
  • Deep Freeze: Freeze the state of a Mac.
  • DeployStudio: Free imaging server for Macs.
  • FileWave Lightning: Local device imaging.
  • Google Restor: Image macOS computers from a single source. It is an application intended to be run interactively on a machine.
  • Ground Control: Mass deploy (and enroll) iOS devices.
  • Imagr: Open Source imaging and netinstall tool for macOS.
  • libimobiledevice: Suite of tools to configure, inspect, wipe, etc for iOS devices.
  • WinClone: Create windows images for deployment onto Macs.

Log Collection and Analysis

  • Elastic Search: Open Source, very fast log analysis.
  • RobotCloud Dashboard: Provides more granular and intuitive visibility into devices managed by Jamf Pro.
  • Splunk: Big data log analysis.
  • Tableau: Big data analysis.
  • Watchman Monitoring: Mac focused monitoring agents that inspects common third party tools.
  • Zentral: Open source, built on ElasticSearch, but with hooks into lots of other tools and custom recipes for Mac logs.

Management Suites

Misc

  • Jamf NetSUS: Reposado packaged up for Jamf servers.
  • InfineaIQ: Peripheral management software.
  • Reposado: An open source interpretation of the Apple Software Update Server.
  • Sassafras Keyserver: Centralized software license management server.

Point of Sale

  • Checkout: Point of sale solution that can run on Apple devices.
  • Lightspeed Point of sale solution that can run on Apple devices.
  • Paygo: Point of sale solution that can run on Apple devices.
  • Posim: Point of sale solution that can run on Apple devices.
  • Shopkeep: Point of sale solution that can run on Apple devices.
  • SquareUp: Point of sale solution that can run on Apple devices.
  • Vend: Point of sale solution that can run on Apple devices.
  • Papercut: Printer cost accounting for the Mac.
  • Printopia: Allows for better printing from iOS devices.

Productivity Tools

  • Alfred: Application Launcher for the Mac.
  • Amphetamine: Keep your Mac running when certain apps are open.
  • Evernote: Make lists and sync them to a cloud service, accessible from iOS and the Mac.
  • ITGlue: Store credentials and information about common IT tools in a SaaS-based database.
  • OmniPlan: Project planning and management tool to make Gantt charts.
  • OmniGraffle: Flowchart and network diagraming tool for the Mac.
  • Slack: Messaging and team management tool.
  • Trello: Make lists and sync them to a cloud service, accessible from iOS and the Mac.
  • WunderlistMake lists and sync them to a cloud service, accessible from iOS and the Mac.

Remote Management

  • Apple Remote Desktop: Apple tool for remotely controlling other Macs, sending packages to Macs, and running scripts on Macs over a LAN or directly to an IP address.
  • Bomgar: Appliance that allows for cross-platform remote control of devices.
  • CoRD: RDP client.
  • LogMeIn: Cross-platform remote control utility.
  • GoToMyPC: Cross-platform remote control utility.
  • Remote Desktop: The official RDP client for the Mac.
  • Remotix: RDP and VNC server with lots of bells and whistles.
  • TeamViewer: Cross-platform remote control utility.
  • VNC: Open source protocol for remote control, which many of the above tools are based on.

Security Tools

  • Cauliflower Vest: Store FileVault keys on a centralized server.
  • chainbreaker: Forensically acquire keychain information on a Mac.
  • Crypt: FileVault 2 Escrow solution.
  • Digital Guardian: Data Loss Prevention.
  • Google Santa: Binary blacklisting and whitelisting for the Mac.
  • iOS Location Scraper: Dump the contents of the location database files on iOS and macOS.
  • iOS Frequent Location Scraper: Dump the contents of the StateModel#.archive files located in /private/var/mobile/Library/Caches/com.apple.routined/
  • Little Snitch: Provides information about what is accessing network resources and where those resources are.
  • MacForensicsLab: A suite of tools from BlackBag Tech for the acquisition and analysis of forensically acquired Apple devices.
  • Macquisition: A suite of tools from BlackBag Tech for the acquisition and analysis of forensically acquired Apple devices.
  • Objective-See: ‘s KnockKnock, Task Explorer, BlockBlock, RansomWhere?, Oversight, and KextViewr, tools for finding more information about ports and services running on machines.
  • Osquery: Query for information on Macs in a live, granular search.
  • osxcollector: A forensic evidence collection & analysis toolkit for OS X
  • Portecle: Create and manage keystores, keys, certificates, certificate requests, and certificate revocation lists.
  • PowerBroker: Enable standard users on a Mac to perform administrative tasks without entering elevated credentials.
  • Prey: Track Mac and iOS devices if they’re stolen.
  • Recon: A forensic capture and analysis suite for Macs.

Service Desk Tools

  • Freshdesk: Case/ticket management that allows for automatic billing via Freshbooks.
  • Salesforce Cases: Case/ticket management that automatically integrates with SalesforceCRM.
  • ServiceNow: Case/ticket management with an expansive marketplace for integrations.
  • Webhelpdesk: Case/ticket management.
  • Zendesk: Case/ticket management with an expansive marketplace for integrations.

Software Packaging and Package Management

  • Autopkg: Automate the creation of Mac software distribution packages using recipes.
  • CreateUserPkg: Creates packages that create local user accounts when installed. (10.12 and below).
  • JSSImporter: Connects Autopkg to Jamf Pro.
  • Iceberg: Create Mac software distribution packages.
  • InstallApplication: Dynamically download packages for use with MDM’s InstallApplication.
  • ipaSign: Programmatically resign ipa files with a new key.
  • Jamf Composer: Create Mac software distribution packages.
  • Luggage: Open Source project to create a wrapper that makes pkgs for Macs so you can have peer review of a package by examining the diffs between versions of a Makefile.
  • Munkipkg: A simple tool for building packages in a consistent, repeatable manner from source files and scripts in a project directory.
  • Pacifist: A shareware application that opens Mac OS X .pkg package files, .dmg disk images, and .zip, .tar, .tar.gz, .tar.bz2, and .xar archives and allows you to extract individual files and folders out of them.
  • Payload Free Package Creator: An Automator application that uses AppleScript, shell scripting and pkgbuild behind the scenes to create payload-free packages.
  • QuickPkg: Create Mac software distribution packages.
  • Simple Package Creator: Create Mac software distribution packages.
  • Suspicious Package: View the contents of Mac software distribution packages.
  • Whitebox Packages: Create Mac software distribution packages.

Storage

  • Netatalk: Better AFP connectivity to Windows and other storage platforms from a Mac.
  • Promise: Apple-vetted direct attached storage (DAS), storage area networking (SAN), etc. 
  • Synology: Storage appliances tailored to working with the Mac.
  • Xsan: The built-in Apple SAN filesystem.

Troubleshooting, Repair and Service Tools

  • AppCleaner: Clean up unneeded files on a Mac.
  • AppleJack: Repair disks/permissions and cleans cache/swap files from single user mode when a Mac can’t fully boot.
  • Bartender: Manage items in the menu bar on a Mac.
  • CleanMyDrive: Drag-and-drop files directly to any drive, check disk stats and automatically clean hidden junk from external drives.
  • Data Rescue: Data recovery tool for Mac.
  • Disk Doctor: Repairs logical drives and cleans up unneeded files.
  • DiskWarrior: Repair logical volume corruption on Macs.
  • Drive Genius: Automates monitoring for hard drive errors, finds duplicate files, allows for repartition of volumes, clones volumes, performs secure erase and defragmentation.
  • Disk Inventory X: Visual representation of what’s on a logical volume in macOS.
  • EasyFind: Find files, folders, or contents in any file without indexing through Spotlight.
  • iStumbler: Wireless discovery tool for Mac that can locate Wi-Fi networks, Bluetooth devices, Bonjour services, and perform spectrum analysis.
  • GeekTool: Put script output and logs directly on the desktop of a Mac.
  • Google PlanB: Remediate Macs that fall out of a given state by performing a secure download of disk images and then putting the device into a management platform.
  • GrandPerspective: Visual representation of what’s on a logical volume in macOS.
  • Hardware Monitor: Read hardware sensor information on a Mac.
  • Lingon: Create, manage, and delete LaunchAgents and LaunchDaemons on macOS.
  • Memtest OS X: Test each RAM module in a Mac.
  • Network Radar: Network scanning and mapping tool.
  • nMap: Advanced port scanning, network mapping, and network troubleshooting.
  • Peak Hour: Network performance, quality and usage monitoring.
  • Omni DiskSweeper: Find and remove unused files in macOS to conserve and reclaim disk space.
  • OnyX: Verify the startup disk and structure of system files, run maintenance and cleaning tasks, configure settings(e.g. for the Finder, Dock, Safari), delete caches, and rebuild various databases and indexes. 
  • Push Diagnostics: Test port and host access for APNs Traffic.
  • Stellar Phoenix: Mac data recovery tool.
  • TechTool Pro: Drive repair, RAM testing, and data protection.
  • TinkerTool: Graphical interface for changing preferences on a Mac that would otherwise need to be managed with the defaults command.
  • Xirrus Wi-Fi Inspector: Search for Wi-Fi network, site surveys, troubleshoot Wi-Fi connectivity issues, locate Wi-Fi devices, and detect rogue Apps.

Virtualization and Emulation

  • Anka veertu: Run Virtual Machines on a Mac. 
  • Citrix: Publish Windows application sessions that end users connect to from a Mac using standard RDP clients.
  • Parallels: Run Virtual Machines on a Mac. 
  • Microsoft Windows Terminal Server: Publish Windows sessions that end users connect to from a Mac using standard RDP clients.
  • vFuse: Script to create a VMware Fusion VM from a DMG that hasn’t been booted.
  • VirtualBox: Run Virtual Machines on a Mac. 
  • VMware Fusion: Run Virtual Machines on a Mac. 

Honorable Mention

  • The MacAdmins Slack: Join a community of 15,000 other Admins charged with managing large fleets of Apple devices.
  • Apple Developer Program: Sign up for a developer account in order to get access to beta resources and documentation not otherwise available.
  • AppleSeed Program
  • Your Apple SE
  • Coffee… lots and lots of coffee

November 13th, 2017

Posted In: iPhone, Mac OS X

Next Page »