Posted a new swift command line tool to accept serial number data from an Apple device and respond with warranty information about a device at https://github.com/krypted/swiftwarrantylookup
. This is based on pyMacWarranty, at https://github.com/pudquick/pyMacWarranty
krypted March 16th, 2016
Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Swift
Apple, Command line, iPad, iPhone, look up warranty information for apple devices, MAC, programmatically, pyMacWarranty, scripting, swift
Thanks to Josh for pointing this out. Apple has a page that lets you look up whether your device has Activation Lock enabled. This way, even if you don’t have it, you can confirm that it’s locked after you, for example, remotely wipe it. The page is available at https://www.icloud.com/activationlock/
krypted March 12th, 2016
Posted In: iPhone
activation lock, bypass, ios, iPad, iPhone
When I plug my iPad in, Photos opens. I want it to stop opening when I plug it in. To make it stop, write a disableHotPlug key into com.apple.ImageCapture as true:
defaults -currentHost write com.apple.ImageCapture disableHotPlug -bool true
To enable Photos opening when you plug in a device again, just delete the disableHotPlug key:
defaults -currentHost delete com.apple.ImageCapture disableHotPlug
krypted February 7th, 2016
Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security
defaults, disableHotPlug, iPad, open photos
There are a lot of payloads that MDM and profiles can manage in iOS. Restrictions are probably the one I get the most questions about. And most are pretty self-explanatory. Sooooo, rather than open Profile Manager every time I need to see the list, here it is:
- Allow use of Camera
- Allow FaceTime
- Allow screenshots and screen recording
- Allow AirDrop (supervised only)
- Allow iMessage (supervised only)
- Allow voice dialing while device is locked
- Allow Siri
- Allow Siri while device is locked
- Enable Siri profanity filter (supervised only)
- Allow user-generated content in Siri (supervised only)
- Allow iBooks Store (supervised only)
- Allow installing apps using Apple Configurator and iTunes
- Allow installing apps using App Store (supervised only)
- Allow automatic app downloads (supervised only)
- Allow removing apps (supervised only)
- Allow in-app purchase
- Require iTunes Store password for all purchases
- Allow iCloud backup
- Allow iCloud documents & data
- Allow iCloud Keychain
- Allow managed apps to store data in iCloud
- Allow backup of enterprise books
- Allow notes and highlights sync for enterprise books
- Allow iCloud Photo Sharing
- Allow My Photo Stream (disallowing can cause data loss)
- Allow automatic sync while roaming
- Force encrypted backups
- Force limited ad tracking
- Allow Erase All Content and Settings (supervised only)
- Allow users to accept untrusted TLS certificates
- Allow automatic updates to certificate trust settings
- Allow trusting new enterprise app authors
- Allow installing configuration profiles (supervised only)
- Allow modifying account settings (supervised only)
- Allow modifying device name (supervised only)
- Allow modifying Find My Friends settings (supervised only)
- Allow modifying passcode (supervised only)
- Allow modifying Touch ID fingerprints (supervised only)
- Allow modifying restrictions (supervised only)
- Allow modifying Wallpaper (supervised only)
- Allow pairing with non-Configurator hosts (supervised only)
- Allow documents from managed sources in unmanaged destinations
- Allow documents from unmanaged sources in managed destinations
- Treat AirDrop as unmanaged destination
- Allow Handoff
- Allow Spotlight Suggestions
- Allow Touch ID to unlock device
- Force Apple Watch wrist detection
- Allow pairing with Apple Watch (supervised only)
- Require passcode on first AirPlay pairing
- Allow predictive keyboard (supervised only)
- Allow keyboard shortcuts
- Allow auto correction (supervised only)
- Allow spell check (supervised only)
- Allow Define (supervised only)
- Allow Wallet notifications in Lock screen
- Show Control Center in Lock screen
- Show Today view in Lock screen
krypted February 5th, 2016
Posted In: iPhone
ios, iPad, iPhone, mdm, payloads, Restrictions
I was going through Red Cross training recently, and one thing that was mentioned was whether we have Medical IDs setup on our iPhones. I do. I didn’t realize it at the time, but I’d set it up a long time ago. I then asked around and no one else had one setup. So I grabbed my testing iPhone and decided to write it up.
To get started setting up your Medical ID on your iPhone, open the Health app. From the Health app, tap on Medical ID and then tap on Create Medical ID.
At the Medical ID screen, enter allergies, medications you are on, add emergency contacts, provide your blood type, define if you wish to be an organ donor, and add your weight. Viola, you’ve now given all this information to first responders and medical professionals should they need it.
To then access a Medical ID on an iPhone, swipe to unlock the phone. From there, tap on Emergency in the lower left corner of the screen.
At the Emergency Call screen, you’ll see Medical ID. Tap here to see the information provided earlier, even when your phone is locked.
krypted November 20th, 2015
Posted In: iPhone
Apple, blood type, iPad, iPhone, locked screen, MAC, medical id, store health data
One of the tasks you’ll need to perform in Apple Configurator 2, is to assign Profiles to iOS devices in order to set them up with features or restrict the device from using certain features. I cover creating a profile here
. To get started applying a profile to a device, bring up the Blueprints screen.
Choose a Blueprint and right-click on it. Choose Profiles…
Browse to the profile and then click on Add Profile.
The profile is then applied to any devices that the Blueprint is applied to. For more on Blueprints, view this article
krypted November 15th, 2015
Posted In: Apple Configurator, iPhone, Mass Deployment
Apple Configurator 2, blueprints, iPad, iPhone, MAC, profiles
Apple Configurator 2 is a great new evolution in iOS initial and configuration management. And there are lots of great options. And to help you wrap your head around all this new fun stuff, I’ve written up a quick and dirty guide for using Apple Configurator 2
It’s not completely done, but it will be shortly. Hope this help someone. Enjoy!
krypted November 14th, 2015
Posted In: Apple Configurator, iPhone, Mass Deployment
blueprints, change wallpaper, configuration, Enrollment, guide, how to use apple configurator 2, ios, iPad, iPhone, MAC, mdm, profiles, setup
Enter Apple Configurator 2, a free tool on the Mac App Store
. This tool basically fixes most setup challenges for iOS, but does so over USB. This means that Apple Configurator is not necessarily a replacement for MDM. In fact, you can deploy Trust and Entrollment profiles for MDM and automate the MDM enrollment for a device through Apple Configurator 2. Instead, Apple Configurator 2 is a tool that can either help to manage iOS devices during a mass deployment and do so in a manner that is easy enough that you don’t need a firm background in IT to manage devices on a day-to-day basis.
Here is what Apple Configurator can do:
- Update iOS devices to the latest version of iOS.
- Rename devices using a numbered scheme (e.g. iPad 1, iPad 2, etc).
- Erase (wipe) iOS devices.
- Backup and Restore iOS devices.
- Deploy profiles/policies (e.g. no Siri for you, disable cameras, setup wireless, etc) to iOS devices.
- Export profiles.
- Activate devices (after all a restore of a freshly activated device is an activation).
- Push any kind of app to devices.
- Track Volume Purchase Program (VPP) codes used on devices.
- Manage the wallpaper on “Supervised” devices (more on supervision later).
- Manage the names of devices en masse.
- Load content to apps on devices.
- Skip initial Activation steps on devices.
Apple Configurator 2 does have some caveats, including the following:
- In order to push apps through Apple Configurator, the system running Configurator needs access to Apple’s servers and Apple Configurator needs an AppleID associated with it that is not the VPP facilitator if you are leveraging any paid apps.
- You can use Apple Configurator “off-line” or without an AppleID to Prepare devices with Profiles, just not to Activate devices. For the initial device activation process, Macs running Apple Configurator will need to be online. Additionally, you’ll be prompted to enter your Apple ID routinely.
- If you push Trust and Enrollment profiles to automatically join Profile Manager (or another MDM vendor) the device isn’t associated with a user unless the MDM has been prepped to designate each UDID or Serial Number to a given user.
- If you accidentally plug in your iPhone to a machine and you’re using Apple Configurator on it and you’ve chosen to Erase in the application, then it will wipe your phone along with the 30 iPads you’re wiping. It’s awesome and scary like that (yes, I’ve accidentally wiped my phone).
I see a number of uses for Apple Configurator. Some of these use cases include:
- Company and education labs: manage devices end-to-end (no MDM, iTunes iPhone Configuration Utility or other tools needed), managed by the lab manager.
- One-to-One environments (schools): Manage the distribution of infrastructure settings (mail, wireless networks, etc) for devices as well as Trust Profiles to make it faster to enroll in MDM environments and Web Clips to manage the links for enrollment.
- Device distribution: Pre-load applications (that can’t be updated unless they’re cradled again), renaming, profiles, activation, iOS software updates, etc.
- Backup and Restore only stations where you don’t interfere with later iTunes use.
These can enhance practically every environment I’ve worked with. But unless it’s a small environment (e.g. the labs), Apple Configurator isn’t a replacement for the tools already in use in most cases, like an MDM solution. Instead, it just makes things better. Overall, Apple Configurator 2 is a welcome addition to the bat belt that we all have for iOS management and deployment. Now that we’ve looked at the when/where of using it, let’s look at the how.
At this point, we’ll explore the Profiles options in Apple Configurator 2. To create profiles, use the File menu and click on New Profile.
At the Untitled profile name, enter a name in the Name field. This is how it will appear in the Profiles section of Apple Configurator. Because you can deploy multiple profiles, I’m just going to configure the SSID and Web Clip and call it MDM Enrollment Staging. Optionally, give it some notes, organization name, etc.
Click on Wi-Fi and then click on the Configure button. Here, enter the SSID of the deployment network (MDMEnroll in this example). We’ll use the Hidden Network field to indicate the SSID is suppressed and we’ll use the network type of WEP and throw the password into the Password field as well. Now, before we move on, notice that there’s a plus and minus sign in the top right of the screen? You can deploy multiple of each, so if you have 10 wireless networks, 4 Email accounts, 9 VPN connections, 29 SSL Certs etc, you could deploy them all easily with multiple entries of each.
Next, we’ll go ahead and enter a name for our Web Clip and the URL that the device will point to.
We’ll also disable certain features of iOS. To do so, click on Restrictions, and uncheck various boxes in order to disable features you don’t wish to use.
Go ahead and close the window and you’ll be prompted to save the profile.
You’ll then see MDM Enrollment Staging.mobileconfig in the Finder where you selected to store it. You can also save an enrollment profile from Profile Manager as we explained here
. We could go that further further and actually enroll the device by exporting the enrollment profile as well, but again, I want each user to provide their username and password so I as an administrator don’t have to go through and attach each device to a user in this scenario. I’ve been looking at importing devices and associating them with users via postgres, but that’s going to be another 3am article, on another night…
Apple Configurator 2is really a great tool when used in the right scenarios. In learning how it works and interacts I actually learned a lot about both iOS and Mac OS X that I didn’t know before. I hope I did the tool justice with how easy it is to use. This is a fairly long article and it’s probably more complicated than it needs to be in parts, but that’s more my method of trying to figure out what it’s doing than the tool being complicated. It’s not hard to figure out at all. I am sure I could teach any non-technical iOS admin basic use of Apple Configurator 2 in less than an hour.
Overall, in Apple Configurator 2, we have a new, powerful iteration in our arsenal that makes up the iOS administration ecosystem. I also hope that no matter what, if you manage iOS devices, that you’ll take a look at it. I expect you’ll find it useful in some part of your management toolkit!
krypted November 13th, 2015
Posted In: Apple Configurator, iPhone, Mass Deployment
Apple Configurator, apple configurator w, deploy iOS devices, disable camera, disable screenshots, disable siri, iPad, iPhone, MAC
Apple Configurator has always been able to upgrade devices. But it can also now upgrade apps that are on devices. To run an upgrade, first open Apple Configurator 2.
Once open, right-click on a device and click on the Update… option.
You can update all assets on the device concurrently, using the default option. Here, we’re going to select to update only the items we need to in the drop-down menu.
Select Only Some Apps and then you’ll see a list of each app that needs an upgrade on the device. Check the box for the apps to be updated and then click on the Update button.
Apps are updated using an iTunes account. Here, you will need to authenticate using an account on the app store that owns these apps.
Once entered, Apple Configurator will cache the apps and install them on a device or devices. The apps are only downloaded once, and then applied to many devices. These function even if the app store is disabled on devices.
krypted November 12th, 2015
Posted In: Apple Configurator
Apple Configurator, Apple Configurator 2, cache apps, device unlock, iPad, iPhone, update apps, upgrades
« Previous Page
Blueprints are a new option in Apple Configurator 2. Blueprints allow you setup a template of settings, options, apps, and restore data, and then apply those Blueprints on iOS devices. For example, if you have 1,000 iOS devices, you can create a Blueprint with a restore item, an enrollment profile, a default wallpaper, skip all of the activation steps, install 4 apps, and then enabling encrypted backups. The Blueprint will provide all of these features to any device that the Blueprint is applied to.
But then why not call it a group? Why call it a Blueprint? Because the word template is boring. And you’re not dynamically making changes to devices over the air. Instead you’re making changes to devices when you apply that Blueprint, or template to the device. And you’re building a device out based on the items in the Blueprint, so not entirely a template. But whatever on semantics.
To get started, open Apple Configurator 2.
Click on the Blueprints button and click on Edit Blueprints.
Notice that when you’re working on Blueprints, you’ll always have a blue bar towards the bottom of the screen. Blueprints are tiled on the screen, although as you get more and more of them, you can view them in a list.
Right-click on the Blueprint. Here, you’ll have a number of options. As you can see below, you can then Add Apps. For more on adding Apps, see this page
You can also change the name of devices en masse, using variables, which I explore in this article
For supervised devices, you can also use your Blueprints to change the wallpaper of devices, which I explore here
Blueprints also support using Profiles that you save to your drive and then apply to the Blueprints.
Blueprints also support restoring saved backups onto devices, as I explore here
For kiosk and single purpose systems, you can also enter into Single App Mode programmatically.
You can also configure automated enrollment, as described here
. Overall, Blueprints make a great new option in Apple Configurator 2. These allow you to more easily save a collection of settings that were previously manually configured in Apple Configurator 1. Manually configuring settings left room for error, so Blueprints should keep that from happening.
krypted November 11th, 2015
Posted In: Apple Configurator, Mac OS X, Mass Deployment
Apple, Apple Configurator, backups, blueprints, Enrollment, ios, iPad, iPhone, mdm, profiles, restore, single app mode, supervision, wallpaper
— Next Page »