Tiny Deathstars of Foulness

February 6th, 2017

Posted In: Uncategorized

Leave a Comment

Sometimes you wanna’ use a computer as a server. So you can disable the power button from putting the system to sleep:

defaults write PowerButtonSleepsSystem -bool yes

That’s all I got for ya’ today…

February 5th, 2017

Posted In: Uncategorized

One Comment

My latest Inc article is up. It’s some tips for people just moving into management. Hope you find it helpful in some way shape or form:

You’re a manager now. Congratulations!

Now what?

First-time managers often face a challenge in developing the unique skills needed to lead people. It’s a journey that can seem daunting at first and is filled with traps.

To read more, check out

January 26th, 2017

Posted In: Uncategorized

December 12th, 2016

Posted In: Uncategorized

You might be happy to note that other than the ability to interpret new payloads, the profiles command mostly stays the same in Sierra. You can still export profiles from Apple Configurator or Profile Manager (or some of the 3rd party MDM tools). You can then install profiles by just opening them and installing. Once profiles are installed on a Mac, mdmclient, a binary located in /usr/libexec will process changes such as wiping a system that has been FileVaulted (note you need to FileVault if you want to wipe an OS X Lion client computer). /System/Library/LaunchDaemons and /System/Library/LaunchAgents has a mdmclient daemon and agent respectively that start it up automatically. This, along with all of the operators remains static from 10.10 and on.

To script profile deployment, administrators can add and remove configuration profiles using the new /usr/bin/profiles command. To see all profiles, aggregated, use the profiles command with just the -P option:

/usr/bin/profiles -P

As with managed preferences (and piggy backing on managed preferences for that matter), configuration profiles can be assigned to users or computers. To see just user profiles, use the -L option:

/usr/bin/profiles -L

You can remove all profiles using -D:

/usr/bin/profiles -D

The -I option installs profiles and the -R removes profiles. Use -p to indicate the profile is from a server or -F to indicate it’s source is a file. To remove a profile:

/usr/bin/profiles -R -F /tmp/HawkeyesTrickshot.mobileconfig

To remove one from a server:

/usr/bin/profiles -R -p com.WestCoastAvengers.HawkeyesTrickshot

The following installs HawkeyesTrickshot.mobileconfig from /tmp:

/usr/bin/profiles -I -F /tmp/HawkeyesTrickshot.mobileconfig

If created in Profile Manager:

/usr/bin/profiles -I -p com.WestCoastAvengers.HawkeyesTrickshot

You can configure profiles to install at the next boot, rather than immediately. Use the -s to define a startup profile and take note that if it fails, the profile will attempt to install at each subsequent reboot until installed. To use the command, simply add a -s then the -F for the profile and the -f to automatically confirm, as follows (and I like to throw in a -v usually for good measure):

profiles -s -F /Profiles/SuperAwesome.mobileconfig -f -v

And that’s it. Nice and easy and you now have profiles that only activate when a computer is started up. As of OS X Yosemite, the dscl command got extensions for dealing with profiles as well. These include the available MCX Profile Extensions:

-profileimport -profiledelete -profilelist [optArgs]

To list all profiles from an Open Directory object, use 
-profilelist. To run, follow the dscl command with -u to specify a user, -P to specify the password for the user, then the IP address of the OD server (or name of the AD object), then the profilelist verb, then the relative path. Assuming a username of diradmin for the directory, a password of moonknight and then cedge user:

dscl -u diradmin -P moonknight profilelist /LDAPv3/

To delete that information for the given user, swap the profilelist extension with profiledelete:

dscl -u diradmin -P apple profilelist /LDAPv3/

If you would rather export all information to a directory called ProfileExports on the root of the drive:

dscl -u diradmin -P moonknight profileexport . all -o /ProfileExports

In Yosemite we got a few new options (these are all still in 10.11 with no new operators), such as -H which shows whether a profile was installed, -z to define a removal password and -o to output a file path for removal information. Also, as in Yosemite it seems as though if a configuration profile was pushed to you from MDM, you can’t remove it (fyi, I love having the word fail as a standalone in verbose output):

bash-3.2# profiles -P
_computerlevel[1] attribute: profileIdentifier: 772BED54-5EDF-4987-94B9-654456CF0B9A
_computerlevel[2] attribute: profileIdentifier: 00000000-0000-0000-A000-4A414D460003
_computerlevel[3] attribute: profileIdentifier: C11672D9-9AE2-4F09-B789-70D5678CB397
charlesedge[4] attribute: profileIdentifier: com.krypted.office365.a5f0e328-ea86-11e3-a26c-6476bab5f328
charlesedge[5] attribute: profileIdentifier:
_computerlevel[6] attribute: profileIdentifier: EE08ABE9-5CB8-48E3-8E02-E46AD0A03783
_computerlevel[7] attribute: profileIdentifier: F3C87B6E-185C-4F28-9BA7-6E02EACA37B1
_computerlevel[8] attribute: profileIdentifier: 24DA416D-093A-4E2E-9E6A-FEAD74B8B0F0
There are 8 configuration profiles installed

bash-3.2# profiles -r 772BED54-5EDF-4987-94B9-654456CF0B9A
bash-3.2# profiles -P
_computerlevel[1] attribute: profileIdentifier: F3C87B6E-185C-4F28-9BA7-6E02EACA37B1
_computerlevel[2] attribute: profileIdentifier: EE08ABE9-5CB8-48E3-8E02-E46AD0A03783
_computerlevel[3] attribute: profileIdentifier: 24DA416D-093A-4E2E-9E6A-FEAD74B8B0F0
_computerlevel[4] attribute: profileIdentifier: 00000000-0000-0000-A000-4A414D460003
_computerlevel[5] attribute: profileIdentifier: 772BED54-5EDF-4987-94B9-654456CF0B9A
_computerlevel[6] attribute: profileIdentifier: C11672D9-9AE2-4F09-B789-70D5678CB397
charlesedge[7] attribute: profileIdentifier:
charlesedge[8] attribute: profileIdentifier: com.krypted.office365.a5f0e328-ea86-11e3-a26c-6476bab5f328
There are 8 configuration profiles installed

bash-3.2# profiles -rv 772BED54-5EDF-4987-94B9-654456CF0B9A
profiles: verbose mode ON
profiles: returned error: -204

October 3rd, 2016

Posted In: Uncategorized

Tags: , , , , , ,

September 1st, 2016

Posted In: Uncategorized

<3 Doug

August 30th, 2016

Posted In: Uncategorized

Ivan Krstić did an amazing presentation at the 2016 Black Hat in Vegas, which I’ve thrown here: us-16-Krstic. Great content around iOS Security, under the hood. Encryption, webkit hardening, secure enclave processing, key bags, master keys, data at rest security, updates, data protection, synchronization security, keychains, iCloud, backup, key vaults, aaaaannnnnnnddddddd Bounties for uncovering vulnerabilities! Great stuff!

August 17th, 2016

Posted In: Uncategorized

My latest piece on the Huffington Post is about nerding up your Smart Home. Here, I look at some of the weird little things they don’t put in the manuals, and try to help people not fall into some of the traps that have resulted in about 10 IoT style devices I can’t use with my latest hub, wasting money, and sometimes just not having the correct expectations going into some of my equipment installs. I still love this whole little industry. But I can reserve a little hope that others will get some joy out of commiserating, learn something, or maybe even get into something they may have thought wasn’t ready or was beyond them. Hope you enjoy!

Click here for the piece.

Screen Shot 2016-05-31 at 10.03.04 PM

June 1st, 2016

Posted In: Uncategorized

Nothing says fall in Minnesota like frost on the leaves, refreshing Oktoberfest beer, and the world’s largest gathering of Apple IT admins. While the first two may give you shivers or put a smile on your face, the latter is a guarantee to help you build on your Mac, iPad, and iPhone management skills. To make your decision to join us in Minneapolis this October a no-brainer, we want to give you an early glimpse into some incredible sessions we’re offering at this year’s JAMF Nation User Conference (JNUC).

We’ve posted nine of the community-led sessions the JNUC is famous for and—new this year—seven of the product sessions JAMF experts will be leading. With sessions for education and commercial organizations, you’re sure to find presentations to meet your needs and help your users do more with their Apple devices. Highlights include ways to make more collaborative and personalized classrooms, how to transition from one mobile device management tool to another, and 10 ideas for empowering users to be more self-sufficient.

Haven’t registered yet? There’s still time, but hurry. You won’t want to hear about this event secondhand.

Secure your spot and start making your travel plans and accommodations before it’s too late. We hope you can make it!

Reserve Your Spot


Convince your BossCONVINCE YOUR BOSS

Apply to PresentAPPLY TO PRESENT

May 21st, 2016

Posted In: Uncategorized

Next Page »