Controlling Multiple launchagents and launchdaemons concurrently

Most of my examples for launchctl have been per-user, per-agent, per-daemon. But you can also control multiple launchctl targets concurrently. One example would be that you can unload everything in the user domain by not specifying a path but providing the userid. In the following example, we’ll just use $userid as a variable, but it’s worth noting that that would be, as an example, 501 for the :

sudo launchctl bootout gui/$userid

There’s another option that can be used to do the opposite from within single user mode, called bootshell. Bootshell is called similarly from single user mode:

sudo launchctl bootshell

Microsoft Defender Comes To The Mac

Today Microsoft announced that Defender is coming to the Mac. This is a basic malware scanning and remediation solution but specifically built for reporting back through and configuration through Intune and Jamf.

Yet another great tool in the arsenal for combatting little nasties that show up on the network!

Pull TeamID and BundleID from KextPolicy in scripts

This type of thing is usually done interactively, but when I’m piping output that doesn’t work. So here’s a quick one-liner in bash for pulling the TeamID and BundleID from kexts out of the KextPolicy sqlite database:

sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy "SELECT * from kext_policy;" ".exit"

NFS. Not… Dead… Yet…

NFS may just never die. I’ve seen many an xsan covert to NFS-based storage with dedicated pipes and less infrastructure requirements. I’m rarely concerned about debating the merits of technology but usually interested in mapping out a nice workflow despite said merits. So in the beginning… there is rpc. Why? Because before we establish a connection to an nfs share, we first want to check that we can talk to the system hosting it. Do so with rpcinfo:


Now that we’ve established that we can actually communicate with the system, let’s use the mount command (for more on creating mounts see `man exports`). Here, we’ll 

mount -t nfs nfs:// /Network/Servers/

ncctl is a one-stop shop for manipulating kerberized NFS. Ish. You also have ncinit, ncdestroy, and nclist. So almost a one-stop shop. First, let’s check the list of shares you have and how you’re authoring to each:

nclist -v

ncctl list can also be used. The output will be similar to the following:

/Network/Servers/       : No credentials are set

We should probably authenticate into that share. Now let’s actually set our username (assuming you’ve already kerberized via kinit or a gui somewheres):

ncctl set -p

Now that spiffy nclist command should return something like the following:


Finally, ncdestroy is used to terminate your connection. So let’s just turn off the share for the evening:

ncctl destroy

Or ncdestroy is quicker to type. And viola, you’ve got a functional nfs again. Ish. 

Now that you’re connected, nfsstat should show you how the system is performing. For more on using that, see: 

man nfsstat

Limit Upload and Download Streams for Google Drive File Stream on macOS

Google Drive File Stream allows you to access files from Google’s cloud. It’s pretty easy for a lot of our coworkers to saturate our pipes. So you can configure a maximum download and upload speed in kilobytes per second. To do so write a defaults domain into /Library/Preferences/ and use a key of BandwidthRxKBPS for download and BandwidthTxKBPS for upload (downstream and upstream as they refer to them) as follows:

defaults write BandwidthRxKBPS -int 200
defaults write BandwidthTxKBPS -int 200

Episode 107 of the MacAdmins Podcast: Sweet Rootkits, a Year in Review

It’s been a great year for the MacAdmins Podcast. And a special thank you to Tom, Marcus, Emily, James, and the former co-host Pepijn for continuing to allow me to be a part of something special. The last episode of the year is available at, using the below embedded link, or wherever you get your podcasts!

Download Older Versions of macOS and Mac OS X

I’ve posted a few old links in my time (as I near 4,000 posts it would be hard not to have some that are broken). But Apple App Store downloads seem to do better with not breaking links. So here are some to old versions of macOS and OS X, in case like me, you always seem to need some old thing for testing:

Old versions of server are actually easier. You can download OS X Lion Server: or macOS Server:  and most versions are available on the developer portal at

Updated My Apple Admin Conferences Page

I’ve been keeping a list of Apple Admin conferences for a few years now. I probably should have versioned it and kept each iteration, but… no need to pollute the interwebs with more outdated stuffs than I already have. So here’s the link for the latest version, updated with all the event dates announced thus far:

Hope to see you at some!