Repair permissions was unceremoniously removed from OS X in El Capitan. This staple of the Mac gurus toolkit disappeared. There was no 21 gun salute, there was no flaming casket sent out to sea and there was no sweet, sweet wake to get drunk at. Instead, there was pain. There was pain, because when the button disappeared, the need did not. Need proof? If you haven’t yet run it, let’s check your system to verify the permissions of the standard packages:
sudo /usr/libexec/repair_packages --verify --standard-pkgs --volume /
In the above command, we used the repair_packages binary, which has not changed in awhile. We then feed that the –verify option and the –standard-pkgs option, finally providing the volume of the current boot volume using –volume followed by the /. Pretty straight forward. Assuming there’s something to repair, the below will actually run that repair operation:
sudo /usr/libexec/repair_packages --repair --standard-pkgs --volume /
Where’s the sweet, sweet button? The rest of the screen is so darn lonely without it.
And now that you know the command, feel free to throw it in your self service. That way users can do it without opening terminal or using an admin password!
krypted November 22nd, 2015
I was going through Red Cross training recently, and one thing that was mentioned was whether we have Medical IDs setup on our iPhones. I do. I didn’t realize it at the time, but I’d set it up a long time ago. I then asked around and no one else had one setup. So I grabbed my testing iPhone and decided to write it up.
To get started setting up your Medical ID on your iPhone, open the Health app. From the Health app, tap on Medical ID and then tap on Create Medical ID.
At the Medical ID screen, enter allergies, medications you are on, add emergency contacts, provide your blood type, define if you wish to be an organ donor, and add your weight. Viola, you’ve now given all this information to first responders and medical professionals should they need it.
To then access a Medical ID on an iPhone, swipe to unlock the phone. From there, tap on Emergency in the lower left corner of the screen.
At the Emergency Call screen, you’ll see Medical ID. Tap here to see the information provided earlier, even when your phone is locked.
krypted November 20th, 2015
Posted In: iPhone
This is my 3,000th post on Krypted.com. The past 3,000 posts have primarily been about OS X Server, Mac automation, Mac deployment, scripting, iOS deployments, troubleshooting, Xsan, Windows Servers, Exchange Server, Powershell, security, and other technical things that I have done in my career. I started the site in response to a request from my first publisher. But it took on a mind of its own. And I’m happy with the way it’s turned out.
My life has changed a lot over these past 11 years. I got married and then I got divorced. I now have a wonderful daughter. I became a partner and the Chief Technology Officer of 318 and helped to shape it into what was the largest provider of Apple services, I left Los Angeles and moved to Minnesota, left 318 to help start up a new MDM for small businesses at JAMF Software called Bushel, and now I have become the Consulting Engineering Manager at JAMF. In these 11 years, I have made a lot of friends along the way. Friends who helped me so much. I have written 14 more books, spoken at over a hundred conferences, watched the Apple community flourish, and watched the emergence of the Post-PC era.
In these 11 years, a lot has happened. Twitter and Facebook have emerged. Microsoft has hit hard times. Apple has risen like a phoenix from those dark ashes. Unix has proved a constant. Open Source has come into the Mac world. The Linux gurus are still waiting for Linux on the desktop to take over the world. Apps. iOS. iPad. Mobility. Android. Wearables. Less certifications. More admins. And you can see these trends in the traffic for the site. For example, the top post I’ve ever written is now a list of Fitbit badges. The second top post is a list of crosh commands. My list of my favorite hacking movies is the third top post. None of these have to do with scripting, Apple, or any of the articles that I’ve spent the most time writing.
That’s the first 3,000 posts. What’s next? 3,000 more posts? Documenting the unfolding of the Post-PC era? Documenting the rise and fall of more technologies? I will keep writing, that’s for sure. I will continue doing everything I can to help build out the Apple community. And I will enjoy it. I’ve learned a lot about writing along this path. But I have a lot more to learn.
The past 3,000 posts have mostly been technical in nature. I’ve shown few of my opinions, choosing to keep things how-to oriented and very technical. Sure, there’s the occasional movie trailer when I have a “squee” moment. But pretty technical, overall. I’ve been lucky to have been honored to speak at many conferences around the world. One thing I’ve noticed over the past few years is that when people ask me to speak at conferences, they ask me to speak about broader topics. They don’t want me doing a technical deep dive. People use the term thought leader. And while I don’t necessarily agree, maybe it’s time I step up and write more of those kinds of articles here and there.
I’ve learned so much from you these 11 years. But I feel like I’ve barely scratched the surface. I look forward to learning together over the course of the next 3,000 posts! Thank you for your support. Without it, I’d have probably stopped at 10 articles!
krypted November 16th, 2015
Financial services is an interesting business when it comes to what you need to do to meet your regulatory requirements. With so much data and the services that enable you to access data moving to the cloud, it can be hard to keep up with how solutions meet any regulatory requirements you might have. At the end of the day, you’re primarily concerned about customer data leaking out of your environment and making sure that you can report on every single thing that happened in an environment. Whatever help we can provide in this article, make sure that you vet anything against what the individuals that review your regulatory requirements say.
krypted November 13th, 2015
Posted In: Bushel
The articles continue, on this site and others. Just did an article on The Rising Tide of Mobile Devices In Small Business for Re/Code. It’s available here.
And in case you’re curious, the reason I post a link and clip of them here is so I have all the articles in a central location to go back and reference… I don’t post links to the Bushel ones I write, ’cause they’re already centralized in one place. Although I have considered an auto-slug based on the RSS feed of my author page there… But that’s something I’ll look at one day when I have a little free time…
krypted November 12th, 2015
Posted In: iPhone
Blueprints are a new option in Apple Configurator 2. Blueprints allow you setup a template of settings, options, apps, and restore data, and then apply those Blueprints on iOS devices. For example, if you have 1,000 iOS devices, you can create a Blueprint with a restore item, an enrollment profile, a default wallpaper, skip all of the activation steps, install 4 apps, and then enabling encrypted backups. The Blueprint will provide all of these features to any device that the Blueprint is applied to.
But then why not call it a group? Why call it a Blueprint? Because the word template is boring. And you’re not dynamically making changes to devices over the air. Instead you’re making changes to devices when you apply that Blueprint, or template to the device. And you’re building a device out based on the items in the Blueprint, so not entirely a template. But whatever on semantics.
To get started, open Apple Configurator 2.
Click on the Blueprints button and click on Edit Blueprints.
Notice that when you’re working on Blueprints, you’ll always have a blue bar towards the bottom of the screen. Blueprints are tiled on the screen, although as you get more and more of them, you can view them in a list.
Right-click on the Blueprint. Here, you’ll have a number of options. As you can see below, you can then Add Apps. For more on adding Apps, see this page.
You can also change the name of devices en masse, using variables, which I explore in this article.
For supervised devices, you can also use your Blueprints to change the wallpaper of devices, which I explore here.
Blueprints also support using Profiles that you save to your drive and then apply to the Blueprints.
Blueprints also support restoring saved backups onto devices, as I explore here.
For kiosk and single purpose systems, you can also enter into Single App Mode programmatically.
You can also configure automated enrollment, as described here. Overall, Blueprints make a great new option in Apple Configurator 2. These allow you to more easily save a collection of settings that were previously manually configured in Apple Configurator 1. Manually configuring settings left room for error, so Blueprints should keep that from happening.
krypted November 11th, 2015
One of the more common tasks performed in Apple Configurator is to create a backup of a device and restore that backup to multiple devices. This backs up the icon placement on screens, the settings on the device and anything not stored in the operating system or secure enclave of a device. Once you’ve created a backup, you can assign that backup to a blueprint or deploy the backup to individual devices.
To create a backup, first open Apple Configurator 2 and tether a device to the computer running Apple Configurator.
Next, right-click on a device and then choose the Back Up option.
Once you unlock the device (if locked) the backup process will start.
That’s it. Nice and easy. You can now use the backup to restore devices or assign the backup to a blueprint so it will be used to restore devices that the blueprint is applied to.
krypted November 10th, 2015
Posted In: iPhone
MacTech is a conference for the Mac engineer and developer. And at JAMF Software, whether you prefer the Casper Suite or Bushel, we love to hang out with engineers and developers. So we’ll be at MacTech this week, in Southern California, hanging out to meet you, answer any questions you might have, and maybe have people from product management ask you lots of questions. If you’ll be there, come find us. For more on MacTech, check it out at:
krypted November 7th, 2015
When a DEP device is setup, the device is supervised. By supervising a device, in Apple wisdom, ownership by the organization is proven and so additional options for limiting what a device can do. For example, supervised iOS devices that are enrolled in an MDM solution by a DEP portal cannot then be unenrolled. Supervision also allows an MDM to escrow a key that can be used to unlock a device locked by Activation Lock. And there are plenty of restrictions and other management options that Apple makes available on a device owned by an organization rather than an individual. It’s understandable given the massive consumer market served and the desire to preserve a fantastic user experience on devices.
If you purchased iOS devices before DEP was available, then you can still enable supervision on those devices. To do so, we’ll use Apple Configurator 2. Before you do anything, know that this process will wipe a device and reactivate the device. There are a number of reasons for this, including Activation Lock escrow, but the important thing to know is that any time you change the Supervision state on a device (going from DEP to non-DEP, going from Supervised to non-supervised via Configurator) that you will wipe the device.
First, plug in a device you’d like to supervise. Once plugged in, right-click on the device.
Click on Prepare… At the contextual menu you can select Automatic or Manual configuration. Automatic uses DEP. Since we’re supervising because DEP isn’t available to us, I’ll assume you want to use Manual in this screen. Choose that and then click on Next.
At the Enroll in MDM Server screen, here we’re not going to automate the enrollment. But if you have an enrollment certificate you’d like to export so that you can automate enrollment during the preparation step, you can use that here. Click Next to proceed.
Now we’re at the important part (for the purposes of this article at least). Here, at the Supervise Devices screen, you can check the box to “Supervise devices”. This comes with a child option to disable the ability for other devices to pair to the device. Let’s check both, which will Supervise the device while also allowing it to synchronize with computers, and then click Next.
When prompted for the Organization information, choose the Organization you configured when setting up Apple Configurator 2, unless you have multiple organizations/certificates.
Finally, select which options during activation that should be used. Here, you can choose to skip various options during the activation process, letting the iOS activation for new devices require less screens (streamlining deployment) while implementing default settings on devices. These screens include Language, Region, Location Services, Set Up, Move from Android, Apple ID, Zoom, Siri, Diagnostics, Passcode, Touch ID, and Apple Pay. I’m going to leave the setting for the setup assistant to “Show all steps” but you can choose to skip any you’d like to skip.
Click Prepare, unlock your device, and watch it get wiped. If the device is supervised by DEP, the process should fail (don’t try it unless you’re committed to wiping the device) unless you erase the device first.
krypted November 5th, 2015