• iPhone,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    New Page Explaining Apple MDM Even Further

    Apple has published a new page that goes through all of the settings and commands available via MDM and explains many in much more detail. This is available at http://help.apple.com/deployment/mdm/. The new guide is a great addition to the work @Mosen has done at https://mosen.github.io/profiledocs/ in terms of explaining what each setting, command, and payload do. And let’s not forget the definitive MDM protocol reference guide, available at https://developer.apple.com/library/content/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/1-Introduction/Introduction.html#//apple_ref/doc/uid/TP40017387-CH1-SW1.  Overall, I’m excited to see so much information now available about MDM, including how to develop an MDM properly, what each setting does, and now what you should expect out of an MDM!

  • iPhone,  Mac OS X

    Apple Business Manager Documentation Publicly Available

    Hey, who knew that the developer documentation for Apple Business Manager would be made publicly available? It’s at https://beta.business.apple.com/static/docs/beta.pdf. Or if it gets taken down, at Apple Business Manager Documentation. Note: I saw this pop up in like 4 different places. If anyone knows who I can attribute for realizing it was publicly available, please let me know so I can!

  • Mac OS X,  Mac OS X Server,  Mass Deployment

    Add A VPP Token To Profile Manager On macOS Server

    In order to use the Apple Volume Purchase Program (VPP), you will need an MDM solution (Profile Manager, Jamf Pro, MobileIron, Meraki, FileWave, etc). The same program is used for device-based VPP or user-based VPP. There are two programs, which is meant to simplify the experience of setting up an MDM solution and long-term maintenance. The first is the traditional VPP account, available to companies and other non-educational environments that have a DUNS number. The second is the newer Apple School Manager, for educational institutions. Before starting to buy apps and associating those apps from an MDM solution, there are a few things you should know. The first is that…

  • Mac OS X,  Mac OS X Server

    Use The Profiles Command In High Sierra

    You might be happy to note that other than the ability to interpret new payloads, the profiles command mostly stays the same in High Sierra. You can still export profiles from Apple Configurator or Profile Manager (or some of the 3rd party MDM tools). You can then install profiles by just opening them and installing. Once profiles are installed on a Mac, mdmclient, a binary located in /usr/libexec will process changes such as wiping a system that has been FileVaulted (note you need to FileVault if you want to wipe an OS X Lion client computer). /System/Library/LaunchDaemons and /System/Library/LaunchAgents has a mdmclient daemon and agent respectively that start it up…

  • Mac OS X Server

    Setup Profile Manager On macOS Server 5.4

    Profile Manager first appeared in OS X Lion Server as the Apple-provided tool for managing Apple devices, including Mobile Device Management (MDM) for iOS based devices as well as Profile management for macOS based computers, including MacBooks, MacBook Airs, Mac Minis, Mac Pros and iMacs running Mac OS X 10.7 and up. Profile Manager has seen a few more updates over the years, primarily in integrating new MDM options provided by Apple and keeping up with the rapidly changing MDM landscape. Apple has added DEP functionality, content distribution, VPP, and other features over the years. In macOS Server 5.4, there are plenty of new options, including the ability to deploy VPP…

  • JAMF,  Windows Server

    Query Tomcat Logs On Windows Servers

    Tomcat logs events into the system log. You can use the get-wmiobject commandlet to see events. Here, we’ll look at a JSS and view only system events: Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' We can then use AND to further constrain to specific messages, in this case those containing Tomcat: Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' AND (Message like '%Tomcat%') We can then further constrain output to those with a specific EventCode with another compound statement: Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' AND (Message like '%Tomcat%') AND (EventCode=1024) For a comprehensive list of Windows event codes, see https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx. You could instead use get-eventlog to see system logs. For example, the…