krypted.com

Tiny Deathstars of Foulness

  • Monolithic image: An operating system image that comes complete with all of the software that is required for a computer to function.
  • Package-based image: An operating system image that is compiled based on packages and/or has a number of post-imaging tasks to install packages.
  • Thin image: An image that has no changes from what comes from the factory from Apple, or that only contains a binary to enroll into a device management solution, such as the Casper Suite.
  • Package: Installs software on a Mac. Similar to a software installer/package on Windows. There are multiple types of packages, including flat packages and metapackages. The package comes with script that can be run before and after a payload, as
  • FileVault: Built-in Full Disk Encryption (FDE) tool for Mac. Similar to BitLocker for Windows.
  • Pre-Flight and post-flight scripts: Scripts you plug into a package that run before and after the payload of a package is delivered. A package that is just scripts with no payload is known as a payload free package.
  • Regression Testing: Scripted and automated tests to validate that your packaged software works as intended in different installation regressions.
  • DEP (Device Enrollment Program): A program from Apple to automatically enroll devices into a Mobile Device Management (MDM) solution. Once enrolled, the Casper Suite can deploy our binaries to a device and therefore get native and in depth management.
  • VPP (Volume Purchase Program): Allows an organization to buy apps for Apple IDs or devices and automate the installation of those apps for OS X and iOS via a Mobile Device Management (MDM) solution.
  • Enrollment: Refers to the process of adding an iOS or OS X device to a Mobile Device Management (MDM) solution. This is an agent-less process as it leverages an API from Apple for managing Apple devices.
  • Supervision: iOS device term, refers to further in-depth management of a device that’s owned by an organization once the organization has proven that it owns a device by either plugging the device into Apple Configurator or deploying a device via DEP. This term comes up in OS X; however, an OS X device can invoke a root account (or an admin account) and so it’s important to note that the root account can disassociate from management and therefore cannot be supervised.
  • Managed Preferences: Also known as MCX. Managed Preferences are the legacy way of implementing policies on users, groups, and devices. The Managed Preferences framework is still used in OS X; however, Apple best practices are that Managed Preferences are now interfaced with through profiles rather than through directory services.
  • Native apps: Apps that are written for OS X, rather than accessed through a thin client such as Citrix or a web browser.
  • The App Store: Apple provides the App Store for iOS and the Mac App Store for OS X. Can be challenging to integrate en masse without MDM, but easier with MDM as you don’t have complex packaging tasks.
  • iCloud: Apple’s consumer cloud service, used to provide access to mail, contacts, calendars, and file storage. iCloud is also used for consumer tracking of devices and Apple’s Activation Lock.
  • Apple ID: A unique identifier based on an email address that a user uses to acquire content (apps, music, videos, iBooks). Each Apple ID is also used to access other services, such as Apple forums.
  • Short Name: The username on a Mac, similar to an account ID in Active Directory or on a local Windows computer (e.g. joe). There is also a long name, which can have spaces in the name (e.g. John Doe). Computers and groups can also have two names of the same sort.
  • Binding: The process of joining a Mac to an Active Directory domain. Once the Mac has been joined to the domain it is referred to as “bound.”
  • AFP: Apple File Protocol. The native file sharing protocol for Mac. Is being slowly replaced with SMB, now that there’s full SMB/DFS support for the Mac.
  • Defaults domains: Windows has a registry. OS X uses property lists stored in /Library/Preferences and ~/Library/Preferences to load settings into this structure, similar to a registry. Managed preferences edit these domains and can restrict them from being changed when needed.
  • Property list: In
  • AppleScript
  • bless
  • Launch Daemon – The services control function for OS X. In Windows, you have services, in OS X and other *nix based Operating Systems you have daemons. Launchd is the daemon that calls other daemons and controls these services in OS X.
  • home directories (home folders)
  • Portable home directories: Synchronizing user data with a directory on a server. The OS X equivalent of a Windows Roaming Profiles. OS X also supports network home directories, synonymous with Windows folder redirection.
  • Keychain: Encrypted disk images that contain stored passwords, notes, and certificates. Similar to Credentials Manager in Windows.
  • Login hook: A way to run a script at startup. Similar to a login script for Windows.
  • System Integrity Protection (SIP): New in El Capitan (10.11), restricts a user from being able to edit an operating system on a Mac.
  • NetBoot: Similar to PXE booting on Windows, forces a computer to boot to a network disk so that the volume is not in use and can therefore be imaged to. Like PXE booting, Netboot does not traverse subnets without an IP helper, an architectural option that will need to be addressed with every company as a part of a reimaging solution.
  • Application signing: Adding a signature backed by a certificate to all apps that are opened and packages that are installed.
  • Gatekeeper: Mac security feature that forces application signing for any apps opened.
  • Profiles: An XML file that pushes settings and commands to a Mac. Includes things like restricting what passwords can be used, can install printers and fonts, deploy Wi-Fi networks (including 802.1x), and can join a Mac to an Active Directory domain.
  • Mobile Device Management (MDM):
  • Push notifications: Technology that allows for pushing changes to Macs immediately. Includes things like Email, but also extends to user preference management. For example, immediately push a user’s Dock to the right side of the screen.
  • User templates: A folder structure that allows you to populate new user accounts with items on the Desktop, in the Documents, printers, preferences, etc.
  • Symbolic link: Like a shortcut on Windows, but on a Mac.
  • bash, python, perl, and ruby are common scripting languages, similar to Powershell on Windows
  • Build train: Apple’s OS revisions follow a numbering schema.
  • kext: the equivalent of a driver in Windows, is used to add functionality for hardware that does not come with the base operating system. It is important to consider that because Apple makes the hardware and the operating system, all drivers that are necessary for all supported models of an operating system are included in the latest build, or version, of that operating system. Therefore, you will not need more than one image for a given major operating system release.
  • Dock: The bar of icons at the bottom of the screen on a Mac that allows quick access to common applications and documents.