Tiny Deathstars of Foulness

JAMF Software has long had 0 day support for new Apple releases. The latest version of Bushel allows you to enroll El Capitan devices. Casper 9.8 also allows you to enroll devices. There are certainly going to be subsequent updates that allow us to do even more. This was a tricky one, as the jamf binary had to be moved and there were some new enrollment policies, to keep your Apple devices as secure as possible!

Bushel is SaaS, so it’s available today. Casper should be updated. You can access our installers using your My Assets page on JAMF Nation. Happy updating!


September 20th, 2015

Posted In: JAMF, Mac OS X, Mac Security, Mass Deployment

Tags: , , , , , , , ,

Leave a Comment

Casper 9.62 is now out! And holy buckets, look at all the stuff that got fixed in this release:


PS – There’s also some api improvement goodness!

December 4th, 2014

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , ,

I was super-bummed that I missed the MacAdmins conference at Penn State University. But, all is not lost as MacAdmins will be held July 8-10 in 2015 at the Penn Stater Conference Center and I’ll be able to see all those awesome people there next year!

In the meantime, something fun and new is the 2014 MacAdmins Playlist to maybe get exposed to some new stuff:

As an aside, here’s a fun pic of @derflounder and I (and others) doing a round table from a few years ago on the Penn State site:

Screen Shot 2014-07-15 at 1.25.10 PM


July 15th, 2014

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, public speaking

Tags: , , , , , , , , ,

If you do deployments of Apple products, there are a few conferences to look at. Based on where you are and what industry you are in, some of these are better than others. But if you use the Casper Suite or are considering doing so, it would be really hard to beat JNUC, the JAMF Nation User Conference.


And yes, I’d of said all this and posted this even if I hadn’t of come to work here a week and a half ago! So come one, come all to Minneapolis. And if you’re really nice, we’ll hook you up with some good old fashioned Minnesota lutefisk!

June 11th, 2014

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Minneapolis

Tags: , , , , , , , , ,

DeviceScout is a tool that leverages JAMF’s Casper Suite to show administrators vital statistics and show alerts on client systems. These alerts display some of the critical aspects of systems, from encryption to disk capacity to backups, there are a number of pretty cool aspects of DeviceScout.

Screen Shot 2014-04-18 at 2.55.47 PM

Using the device view, you can view serial numbers, device types, check-in status, boot volumes, memory, etc. It’s a lot of insight into what you have on your systems. I’m a huge fan of such visibility. You will need to be running Casper to leverage DeviceScout, but it provides a very simple interface for management and even techs to see what’s going on in your enterprise in as quick a manner as possible. Inventory, security status, backup status and a support menu at your fingertips.

With very simple pricing, check out what they have to offer at

April 19th, 2014

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , ,

(Guest Post by Allister Banks)


As Venn diagram circles go, many folks in our community are getting into autopkg, and there’s even more that already use the JAMF Casper Suite. Over on the blog there’s an announcement for a new ‘processor’ add-on that can be installed with autopkg, that therefore can leverage the JSS API to fulfill many of the functions which up until present only Munki enjoyed. Please do read the release notes and give it a try!

January 6th, 2014

Posted In: Mac OS X, Mass Deployment

Tags: , , , , , , , ,

I’ve long been a supporter of building tools in self service portals such as those provided by JAMF and Munki to provide users who don’t have administrative permissions to perform tasks that wouldn’t typically otherwise be destructive. One such example is a simple repair permissions. An administrator can simply open Disk Utility, select their disk and then click Repair Disk Permissions

Screen Shot 2013-10-24 at 7.11.31 PMBut if you want to do this as a user who doesn’t have administrative privileges you would need to elevate your privileges before doing so. In a larger environment this would be incredibly annoying for dozens, hundreds, thousands or even tens of thousands of users to bring their computer to an administrator just to type in a password. But, if you have a patch management solution that has some kind of a self service portal, users could do this themselves. Typically, you would create a very small payload free package. This package might just contain a single script that might even be as short as a one-liner. For example, the following command would actually run a repairPermissions.

diskutil repairPermissions /

You could also send some environmental variables from your patch management tool for the boot volume, but in this simple instance we’re just going to run it, with the following type of output:

Started verify/repair permissions on disk0s2 Macintosh HD
Permissions differ on "Library/Application Support"; should be drwxr-xr-x ; they are drwxrwxr-x
Repaired "Library/Application Support"
Group differs on "Library/Printers/InstalledPrinters.plist"; should be 80; group is 0
Permissions differ on "Library/Printers/InstalledPrinters.plist"; should be -rw-rw-rw- ; they are -rw-r--r--
Repaired "Library/Printers/InstalledPrinters.plist"
[ \ 0%..10%..20%..30%..40%..50%..60%..70%................ ] 74% 0:00:34
Finished verify/repair permissions on disk0s2 Macintosh HD

You could get much more complicated, writing the output to syslog or even a syslog server. You can also have metapackages that just do a bunch of tasks and call them things like “Try to fix my computer.” Provided you have a patch management tool, you could also just scope some devices and push some of these things out en masse; however, for the most part, I’m a fan of self service, so that’s the example I’m using this for.

October 28th, 2013

Posted In: Mac OS X

Tags: , , , , , , , , ,

Last year, I had a great time at the Penn State MacAdmins conference. There were tons of smart people to mingle with and everyone had plenty to discuss when it came to managing the Mac. There were a lot of people from education but also plenty from companies. The talks were well run and the conference location, the Penn Stater, was awesome. I love how it’s like a big winding maze.

Having gone to school in a town like State College (Athens, GA), I’ve always had a warm spot for cute college towns. And State College is clearly a special place. I’d recommend a trip there to anyone that loves places like Ann Arbor, Norman, Stillwater, Opelika, Corvallis, Blacksburg, Madison, Manhattan (Kansas), Ithaca, Iowa City, Ames, Morgantown, Lafayette (Indiana), Lawrence, Champaign, Logan, College Station and of course, Oxford Mississippi (Ole Miss is a truly special place).

So you’re lucky then, ’cause the Penn State MacAdmins Conference is back for 2013, being held in beautiful State College, PA at Penn State University. The Conference is May 22nd through 24th with a new introductory Boot Camp being held the day before (May 21st) to prep admins for the rest of the conference. And May is one of the best times to visit a place like this. Spring is in the air, kids are getting ready to graduate, the flowers are in bloom and of course, there’s no more snow to be shoveled. A month later and the school would practically be shut down, the town a ghost town.

But in late May, college towns are electric. So don’t just stay at the Penn Stater the whole time, go explore downtown and that Nittany Lion thing – and the spot where Joe Pa’s statue used to be. Take a carriage ride, swing by the Governor’s Pub, have some red meat at Otto’s and of course, perform the underclassmen ritual of throwing up on College Ave! And yes, there’s a College Ave, as there should be. Anyway, the social element of a conference like this is great. Meet those people you tell to RTFM on the ‘ole Enterprise List, the people whose feeds you read and the people whose feeds you deleted  ’cause they talk about college football too much…

The Call for Proposals is now open, so to submit a talk, use

This year, there will also be sponsors. To sponsor, see

Or to attend, see

To sign up for the conference newsletter, see

And for an example of what you are in store for:

PS – There are 12 teams in the Big 10. While at State College, make sure to remind everyone wearing blue of this fact.

November 12th, 2012

Posted In: certifications, iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, public speaking

Tags: , , , , , , , , , ,

JAMF has posted some information on the session I did at JAMF Nation User Conference a few days ago. I’m guessing they’ll be posting the videos up there soon enough.

More information at

October 28th, 2012

Posted In: Mass Deployment

Tags: , ,

Enrolling iPads into the JAMF Casper MDM solution is done through Apple Configurator, messages or using links deployed to iOS devices as web clips. When doing larger deployments the enrollment process can be automated so that devices are automatically enrolled into Casper MDM when they are set up using an Enrollment Profile that is manually downloaded from Casper and deployed to device. Additionally, a certificate can be needed if the certificate is not included in the profile, an option available as a checkbox in the setup. While you hopefully won’t need to download the certificate, we’ll start there:

Obtain the Certificate for the JSS Server

To obtain the trust certificate from the JSS Server:

  1. Open the web interface for the JSS.
  2. When prompted to trust the certificate, click on the disclosure triangle and then the checkbox to trust the cert, providing the administrative credentials when prompted.
  3. Open Keychain Utility.
  4. Click in the search field.
  5. Search for JSS.
  6. Control-click on the name of your server’s “Built-in Certificate Authority” entry.
  7. Choose the option to Export.
  8. When prompted, provide a name for the certificate in the Save As fiel.
  9. Choose a location to save the certificate to using the Where field.
  10. The .cer format is sufficient for our purposes.
  11. Click Save.

Download the Enrollment Profile

To download an enrollment profile from Casper MDM:

  1. Log into the web interface of the JSS.
  2. Click on the link for Mobile Device Enrollment
  3. At the Mobile Device Enrollment Invitations screen, click on the Enrollment Profiles tab.
  4. At the Enrollment Profiles screen, click on Download for the appropriate profile (for most environments there should only be one)
  5. Once the profile is downloaded, it will automatically attempt to enroll the computer you are downloading it from in the Profiles System Preferences pane.
  6. Click on Cancel.
  7. Click on the downloads link in Safari.
  8. Click on the magnifying glass icon to see the .mobileconfig file.

You have now downloaded the .mobileconfig file that will enroll devices into Casper MDM.

Add the Profile To Apple Configurator:

To deploy the profile through Apple Configurator:

  1. Open Apple Configurator on the client computer.
  2. Click on Prepare in the row of icons along the top of the screen.
  3. Drag the profile (by default currently called MDM-iOS5.mobileconfig) from the Finder into the list of Profiles.
  4. The profile then appears in Apple Configurator (in this example, called MDM-iOS5).

Deploy The Casper MDM Enrollment Profile Through Apple Configurator

Once the profile is installed in Apple Configurator, let’s deploy it. In this example, don’t configure any other options. To deploy:

  1. Set the name to be blank, numbering should be disabled, Supervision should be off, iOS should be set to No Change, “Erase before installing” should be unchecked, Don’t Restore Backup should be set in the Restore field.
  2. Check the box for the newly added profile (MDM-iOS5 in this example).
  3. Click on the Prepare button.
  4. At the “Are you sure you want to apply these settings to all USB-connected devices?” screen, click on the Apply button.
  5. The subsequent screen shows when devices are being configured. Here, dock the device to receive the profile (note, all docked iOS devices are going to be configured with this profile).
  6. Once the device is connected, the profile will begin to install. You are then prompted to “Tap device to install profile”.
  7. On the device, tap on the Install button.
  8. At the Warning screen, tap Install.
  9. Once the Profile is installed, tap Done.
  10. You have now been enrolled.

If you then wish to unenroll, simply remove the profiles by tapping on profiles and then tapping on the Remove button. Per the MDM API, a user can elect to remove their device from management at any point, so expect this will happen occasionally, even if only by accident.

August 8th, 2012

Posted In: iPhone, Mass Deployment

Tags: , , , , , , , , , , , , , , , ,

Next Page »