Tag Archives: ios

certifications iPhone Mac OS X Microsoft Exchange Server

New Microsoft Office for Mac and iOS Accreditation via MacTech

I recently got the announcement of the new official Microsoft Office Accreditation through MacTech. I was lucky enough to sit in on the previous version of this, so thought I’d push out the information on it. It’s attached to the MacTech Pro Events that MacTech has been running:

MacTech_Pro_Events-150

As you know, Microsoft released a public preview of Office 2016 for Mac. MacTech and Microsoft have created a new accreditation for Apple techs called “Microsoft Office for Mac and iOS Accredited Support Professional, 2015.” Prior to the public Office 2016 announcement, we did a preview of this new course under NDA in Seattle earlier this month.

We’re now announcing the new accreditation — which covers not only Office for Mac (2011 and 2016), but also Office for iOS and Office 365. In short, anyone that supports others using Microsoft Offie on OS X or iOS should get attend and get this accreditation.

If you’re interested, check it out here http://pro.mactech.com/microsoft-office-accreditation/

PS – You can actually hear Neal’s voice when you read it! ;)

Bushel Product Management

Interview with Chuck Joiner of MacVoices re: Bushel

My third podcast in the last couple of months, this time with Chuck Joiner again, of MacVoices. And we talked a pretty good bit about Bushel and Mobile Device Management. Thanks to Chuck formatting this whole thing pretty awesome and helping bring my explanations to a point where they actually make sense!

http://www.macvoices.com/macvoices-15055-charles-edge-jamf-software-discusses-mobile-device-management-bushel/

Bushel iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

Enroll Devices Into Bushel

To manage a device from Bushel, it must first be added to your Bushel. The technical whiz-bang name for that process is Enrollment. We currently provide 3 ways to enroll devices into your Bushel. All three are available on the Enrollment page when you’re logged into Bushel.

Screen Shot 2014-09-11 at 11.41.46 AM

The first and best way to enroll devices into your Bushel is an Apple program called the Device Enrollment Program, or DEP for short. DEP is a way of tying devices to your Bushel so that they cannot be removed from the device, even if the device is wiped. Other than through DEP,  all enrollment into your Bushel is optional on the devices and so devices can be unenrolled at will. DEP requires an actual DEP account with Apple, which you can sign up for at https://deploy.apple.com/qforms/open/register/index/avs.

The second way to enroll devices into your Bushel is via Open Enrollment. When you Configure Open Enrollment you create a link that allows your users to enroll without logging into the portal. Simply open Open Enrollment from the Enrollment page and click Enable. Once enabled, you’ll see the URL to enroll devices.

Screen Shot 2014-09-11 at 11.43.44 AM

The third way to enroll devices is manually. Simply log into your Bushel, click on Enrollment and then click on the Enroll button for Enroll This Device. When prompted for “Who will this device belong to?” enter the username (e.g. the user’s name in front of their email address most likely or the username for your email system if it’s something different than that). Also provide the email address itself in the Email Address field and then click Enroll This Device. Now, if you want to enroll the device you’re using, simply complete the screen prompts for the profile installation and you’ll be good to go. Or, you can save the mobileconfig file that’s downloaded and send it to others in order to allow them to install it as well. Simply cancel the installation process (most easily done from a Mac) and distribute the Enroll.mobileconfig file as needed. You can also put a user’s name in front of the file name, so you know which will enroll each user. If you need to enroll 3 or 4 people in other countries or cities, this might be the best option!

Screen Shot 2014-09-11 at 11.48.46 AM

OK, so we basically gave 4 ways to enroll. But that’s because we’re trying to make it as easy as possible to enroll devices into your Bushel.

On the Road

A Glympse Into Where You’re At

When you’re flying, you might find that you’d like to let someone know here and there where you’re at. For example, someone who’s supposed to pick you up at the airport. Or someone who you’re supposed to visit when you arrive at your destination. So there’s a pretty cool new tool called Glympse. Using Glimpse, you can send an invite to someone you’d like to see your travel times; these are known as glympses.

Screen Shot 2014-12-31 at 1.47.37 PM

Once you send an invite, your friends can click the link and see down to the minute stats of when you’ll be at your destination. And they can keep the screen open for as long as they wish.

Screen Shot 2014-12-31 at 1.49.04 PM

iPhone Wearable Technology

Sync A FitBit With Apple’s Health App

By default, the Fitbit tech stack doesn’t sync with the Health App on an iPhone and iPad. But never fear, as with basically everything else on this planet, there’s an app for that!

From the iOS App Store, search for Sync Solver. Using this app, you can then link your Fitbit account to your Apple Health app.

IMG_2578

 

Once linked, you can use the Sync Now button to do an immediate data sync or you can do an automatic sync at midnight every night. And presto, you then see your Fitbit data in the Health app. Happy waiting for the Apple Watch to come out!

Articles and Books Bushel Consulting Mac OS X Mac OS X Server Mac Security Mass Deployment personal

Childproof Your Mac

When I put a computer in my daughters room, I soon realized I could no longer watch over her shoulder as she worked away at school games, Minecraft and of course Civilization (after all, that was my first game). So much as I wrote an article a long time ago about child-proofing an iPad, now I’m writing about child-proofing a Mac.

For me, I find that child-proofing is a bit like taking my kid to McDonald’s. I said never ever ever ever would I do this and then… Well, peer pressure, ya’ll… So if I have to do it, I figure someone else might. So here’s a quick and dirty guide to doing so. The gist of this guide is to continue using the same admin account that was created when you setup the computer initially. But to also create another account for the child, one that has some restrictions to keep them in a customized user experience. This might be to keep them out of things they try to do on purpose, keep them from accidentally finding some things they shouldn’t or maybe just to customize the user experience to make the computer easier to use (after all, if they can’t remove Minecraft from the Dock, they can’t come crying when they can’t find it.

Create a Managed Account

Most of the work that needs to be done, can be done within the System Preferences. This is available under the Apple menu as System Preferences…

Screen Shot 2014-12-26 at 5.09.00 PM

Once open, click on the Users & Groups System Preference.

Screen Shot 2014-12-26 at 5.09.41 PM

At the Users & Groups System Preference pane, click on the plus sign (+).

Childproof_Managed_Account

 

At the new account screen, choose “Managed with Parental Controls” in the New Account field. Then provide the child’s name in the Full Name field and an Account Name will be automatically created (note that I shortened the name in this example to make it easier for the child to log in).

Assuming your child doesn’t have their own iCloud account, set the password to “Use separate password” and then type it in. Once you’re happy with these settings, create the new account, which can be managed with Parental Controls by clicking on the Create User button.

Childproof_User

Restrict Applications and The Dock

Once the account is created, click on the “Enable parental controls” checkbox and then on the Open Parental Controls… button.

Screen Shot 2014-12-26 at 5.01.32 PM

At the Parental Controls System Preference pane, you’ll have a few options.

  • Check the Use Simple Finder box if you’d like the user to have a limited user experience (no command keys, only certain windows open, etc). I would usually only recommend doing this if you have very small children (like maybe pre-school age). I usually like them to be able to do as much as possible to foster the whole hacker mentality nice and young!
  • Check the box for Limit Applications if you’d only like certain apps to open. This is right up front on the main screen because it’s kinda’ important. Use the Allowed Apps section to select which apps can and can’t be opened (if there’s a checkbox beside the app name it can be opened by the user).
  • Use the Allow App Store Apps drop-down list to to set an age ranking minimum. These are available in 4+, 9+, 12+, 17+ and All (which basically disables restrictions).
  • Check the box for “Prevent the Dock from being modified” if you would like to restrict the new account from being able to edit the Dock. I usually wait for this, as I like to customize the Dock by putting the apps I want the child to open into the Dock. To do so, skip now, log in as the new user, log out and then customize the Dock. Once you’re done, log out, log in as an administrative user and then check the box.

Web Restrictions

Next, click on the Web tab. Here, you’ll effectively have 3 options: don’t restrict any content, let Apple try and block inappropriate content and build a whitelist of allowed content (with all other content blocked). Now, it’s worth mentioning that there can be an annoying element here, which is that if a site needs to be opened up for access, a child might come bugging you. But I like that, so I’m configuring this.

Screen Shot 2014-12-26 at 5.01.40 PM

Options include:

  • Allow unrestricted access to websites: Don’t block any content. Allow unfettered access to all websites ever.
  • Try to limit access to adult websites automatically: Click on the Customize button to add white and blacklisted sites, or sites that were accidentally restricted or allowed that maybe shouldn’t of. Or, if you want to restrict access to a specific web-based game that has become problematic.Screen Shot 2014-12-26 at 5.46.23 PM
  • Allow access to only these websites: This option allows access to only the websites you allow access to. A word of warning here, a lot of sites pull content from other sites, which can be kinda’ annoying…

Note: It’s worth mentioning that I discovered a few websites I’d of never tried to use in the allow list, so worth checking them out to see if your child will dig on some of these sites!

Once you’re satisfied with the options you’ve configured, click on the People tab.

Configure Who Your Child Can Communicate With

At the People screen, you can configure who the person using the Managed Account can communicate with. Here, restrict access to Game Center, restrict who the account can send and receive mail with and of course, who the account can use the Messages app with.

Screen Shot 2014-12-26 at 5.02.09 PM

The above options include the following:

  • Allow joining Game Center multiplayer games: Uncheck this box to restrict the user from playing any multiplayer games that use Game Center to connect people. If the user is using a game that doesn’t integrate with Game Center then they would still be able to use that game to enter into a multi-player game.
  • Allow adding Game Center friends: Uncheck this box to keep the user with the Managed Account from adding any new friends in Game Center.
  • Limit Mail to allowed contacts: Only allow people in the Allowed Contacts section to exchange emails with the user of the account.
  • Send requests to: Define an email address that can receive a contact request and approve it. I use this so that when my daughter needs something she can let me know.
  • Limit Messages to allowed contacts: Only allow people in the Allowed Contacts section to message with the user of the account.
  • Allowed Contacts: Use the plus sign at the bottom of this section of the screen to add new contacts and the minus button to remove contacts.

Note: Apple rarely uses the word restrict. Instead, they prefer to allow things to happen by default and then let you disallow these features. Basically the same thing, but keep this in mind when you’re configuring accounts as sometimes you can accidentally click the wrong thing if you’re not accustomed to such double-negativery. 

Once you have configured who the user of this account can communicate with, click on the Time Limits tab.

Configure Time Limits

Time limits are used to restrict what times the user can use the computer as well as how long per day that the user can actually use the computer. The options available include:

  • Limit weekday use to: Define a maximum number of hours that the managed user can use the computer on a given workday between Monday through Friday. This can be anywhere from half an hour to 8 hours of time.
  • Limit weekend use to: Define a maximum number of hours that the managed user can use the computer on a given Saturday or Sunday. This can be anywhere from half an hour to 8 hours of time.
  • School nights: Define the time frames where the computer cannot be used by the Managed User on Sunday through Thursday evenings. For example, the below screen shows that on weeknights, the Emerald Edge user can’t use the computer from 8PM to 6AM.
  • Weekend: Define the time frames where the computer cannot be used by the Managed User on Friday and Saturday nights. For example, the below screen shows that on weeknights, the Emerald Edge user can’t use the computer from 8PM to 6AM.

Screen Shot 2014-12-26 at 5.02.40 PM

Time limits are the only things that matter for some who like to physically sit with a child while they use a computer, as you might just want to keep the child from waking up in the middle of the night and accidentally seeing something that scares them. But for many, time limits won’t be enough, as kids might spend hours gaming or doing homework unmonitored.

More Stuffs

Next, click the Other tab. Here, you’ve got the miscellaneous restrictions that really don’t fit anywhere else in Parental Controls. The options available include the following:

  • Disable built-in camera: Turn off the built-in camera for the user. Note that third party cameras wills till work for the user.
  • Disable Dictation: Turn off Dictation/Speakable Items for the user. Note that apps like Dragon Naturally Speaking can still be used.
  • Hide profanity in Dictionary: Use this option to disable any articles in the Dictionary app that have profanity in them.
  • Limit printer administration: Don’t allow the user to manage printers. Note that if you do this, you’ll want to install any Bonjour printers first.
  • Disable changing the password: Don’t allow the user to change the password.
  • Limit CD and DVD burning: Disable any optical media writing for the Managed Account.

Screen Shot 2014-12-26 at 5.03.09 PM

Note: I know I said earlier that Apple rarely says restrict or disable. They will get around to fixing this screen eventually… ;)

View Logs

Once you have configured parental Controls, click on that Logs button in the lower right corner of the screen. Here, you’ll see the following:

  • Show activity for: Indicate the period of time to show logs for.
  • Websites Visited: A list of the websites accessed by the user of the managed account. Note that no third party web browsers are shown unless they use Apple’s webkit (which is basically not really any).
  • Websites Blocked: A list of any websites that were blocked while attempting to access them.
  • Applications: A list of the applications used by the user of the managed account.
  • Messages: Transcripts of conversations sent and received using the Messages app. Note that any third party chatting apps aren’t logged here.
  • Clear Log: Deletes the log. Use this after you’ve checked the behavior and wish to have the next time you check only show you what’s changed.

Screen Shot 2014-12-26 at 5.02.49 PM

And that’s what you can do with Parental Controls. But there’s more, which we’ll look at shortly. When you click out of a field, the settings are changed in a System Preference, so you should be able to just close the window and have your settings persist.

Conclusion

We’ve gone through creating a new account, restricting access to what that account can do and how and when to use these options. But there’s much, much more than we can cover in this article. There are tons of other restrictions that don’t fit into these basic options, accessed either through what are known as managed preferences or via profiles, which can easily be created by tools like Apple Configurator, Profile Manager and 3rd party mobile device management tools such as Bushel.

Screen Shot 2014-12-26 at 6.13.22 PM

Ultimately, I can pretty much break out of about any managed environment you put me in. And in the age of YouTube, chances are that your child has many the same materials I’ve either presented, written or that others have written. So please don’t consider these options as much more than just a general guideline unless you’re using a Device Enrollment Program-enabled device.

Anyway, good luck, and you’re a good parent for caring.

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

The 12 Days Of Krypted

Merry Christmas ya’ll!

On the first day of Christmas my true love gave to me one 32 gig iPad

On the second day of Christmas my true love gave to me two bash one-liners

On the third day of Christmas my true love gave to me three Red Hat servers

On the fourth day of Christmas my true love gave to me four email blasts

On the fifth day of Christmas my true love gave to me five retweets

On the sixth day of Christmas my true love gave to me six regular expressions

On the seventh day of Christmas my true love gave to me seven lines of perl

On the eighth day of Christmas my true love gave to me eight app store apps

On the ninth day of Christmas my true love gave to me nine AWS instances

On the tenth day of Christmas my true love gave to me ten Active Directory forests

On the eleventh day of Christmas my true love gave to me 11 crappy python scripts

On the twelfth day of Christmas my true love gave to me 12 craft brews

xmas-ornament-computer-ram

iPhone Mac OS X Mac OS X Server Mac Security

Casper 9.62 Is Out!

Casper 9.62 is now out! And holy buckets, look at all the stuff that got fixed in this release:

Casper-Suite-9.62-Release-Notes_320_414_84_1416419790

http://resources.jamfsoftware.com/documents/products/documentation/Casper-Suite-9.62-Release-Notes.pdf?mtime=1416856726

PS – There’s also some api improvement goodness!

Bushel iPhone Mass Deployment

How To View What Payloads Do To Devices

You can see exactly what Bushel, and other MDM platforms do to your OS X devices using the System Information utility. As with all Mobile Device Management (MDM) solutions that interface with OS X, you can use the About this Mac menu item under the Apple menu at the top of the screen to bring up the System Information utility. When you open this tool, you will see a lot of information that can be derived about your devices. Scroll down the list and click on Profiles. Here, you will see all of the Device and User profiles that have been installed on your computer, the payloads within each profile and the keys within each payload.

Screen Shot 2014-12-01 at 12.00.11 PM

Inside each profile there are a few pieces of information that define how the profile operates on the computer. Click on one to see the specific details for each Payload. Payloads are a collection of settings that a policy is changing. For example, in the above  screenshot, allowSimple is a key inside the com.apple.mobiledevice.passwordpolicy payload. This setting, when set to 1 allows simple passcode to be used on the device. When used in conjunction with the forcePIN key (as seen, in the same payload), you must use a passcode, which can be simple (e.g. 4 numeric characters).

Using these settings, you can change a setting in Bushel and then see the exact keys in each of our deployed payloads that changed when you change each setting. Great for troubleshooting issues!

Bushel iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

Bushel Goes Into Invitation Mode!

Yesterday the Bushel team finished some new code. This code allows you to refer your friends to Bushel! This skips the codes that everyone was waiting for and lets people create accounts immediately!

Screen Shot 2014-11-24 at 10.07.02 PM

From your home screen, click on Invite Friends. Or from the Account screen, scroll down to the section that says “Invite friends to join Bushel”. From here, you can post codes to Facebook, Tweet codes, post codes to LinkedIn and even email them.

We’re not going into general availability just yet. But we’re definitely making it easier long-term to sign up and use Bushel! We hope you love it as much as we do!

Since we’re still architecting how these final screens look, the final features and stress testing the servers, also if you’re testing the system please feel free to fill out our feedback form so we know what you think of what we’re doing and where we’re going!

Or if you’re still waiting for a code, use this link to skip that process https://signup.bushel.com?r=fd0fcf9e6d914a739d29c90421c0fb45.