Tiny Deathstars of Foulness

Here’s a new extension attribute at for grabbing the hash ID used for iTunes Store accounts, useful with VPP:

#Jamf Pro Extension Attribute to return the App Store Account Hash for iTunes
#Note that the return is null if one is not found
result=`/usr/libexec/mdmclient QueryAppInstallation | grep iTunesStoreAccountHash | sed '/.*\"\(.*\)\".*/ s//\1/g'`
echo "<result>$result</result>"

The output is something like:


Which would bring the string into Jamf Pro

April 26th, 2017

Posted In: JAMF, Mac OS X, Mac OS X Server, Mac Security

Tags: , , , ,

Clay, Pepjin, Marcus, Tom, and I talk Macs at Google. Those guys are all great. I’m there for comedic relief. Not intentionally mind you…

December 20th, 2016

Posted In: public speaking

Tags: , , , , ,

MacDevOps 2016: f you’re interested in the scripting side of the Apple world and can make it from June 20th to 21st, this might just be the conference for you. At MacDevOps, you’ll see “Speakers from across North America and Europe will be presenting on a number of topics related to Mac administration and deployment.” This would be things like contributing to open source projects, packaging Django web apps to look like native Mac apps, osquery, Munki security, imagr, autopkg, ansible, git, and jenkins. Basically, automating the things: DevOps. And for Macs. Or Appley things. For now.

Screen Shot 2016-04-03 at 8.04.34 PM

And… Lots of fun people will be there. including the convergence of friends from other industries who don’t know that each other know me (nor would they likely care – other than to trade stories about how I made them drink something-or-other), which is kinda’ cool.  Anyway, Mathieu’s awesome. You should check this out.

April 3rd, 2016

Posted In: Articles and Books, personal

Tags: , , , ,

As promised, here’s the presentation I gave this morning at the MacAD UK Conference in London. It is incredibly well put together and all the presentations thus far have just been fantastic. Congrats to the entire team at Amsys and the speakers for such a great show!

MacADUK 2016 Presentation

February 9th, 2016

Posted In: public speaking

Tags: , , , ,

The latest and greatest of the Enterprise Mac Admin’s Guide is now available for Pre-Order at This is an interesting update. If you happened to see the previous edition, I’d described more about Casper than most of the other third party products on the market.

Screen Shot 2015-10-22 at 11.06.21 AM

In this edition, there’s still an equal amount of information on Casper, but now there’s also more information on FileWave, and a whole chapter on the open source toolchain of products, including Munki and AutoPKG. The main reason I decided to update this title was actually the change from focusing on directory services (which still has plenty of page count) to focusing on profile management.

The most substantial update to the book was Bill Smith though. Bringing him in as a co-author provided a lot of new insight, new content, and a good bit of cleaned up text. He’s been great to work with!

This was a pretty big update, so hope you enjoy!



October 22nd, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , ,

There’s another new conference in town! Well, not my town, but Vancouver. MacDev Ops is a hot topic. One that will only increase in the coming years. Thanks to Mat X and Brian Warsing for bringing about a brilliant conference.

Screen Shot 2015-03-23 at 10.43.50 PM

The conference will be held on June 19, 2015 and is an easy $99 if you sign up soon. Also, submit a talk if DevOps is your thing. They’re looking to bring the following topics to the table:

  • Puppet, Chef and other automation from Desktop to Cloud and back
  • Software deployment with Munki and AutoPkg: the app ecosystem surrounding it
  • Cool tools: demo of awesome Mac Admin projects from GitHub
  • DevOps: How to adopt Automation and Best practices in IT operations
  • Dev skills: workshops on Ruby, Git, Python, Javascript for Mac Admins
  • MDM: Profiles and Mac configuration management in the cloud

This is sure to be a good one. Check it out here!

March 23rd, 2015

Posted In: Mac OS X, Programming, Unix

Tags: , , , , , , , , , ,

(Guest post by Allister Banks)

Working with modern tools in the ‘auto'(dmg/pkg) suite, it sure reinforces the old chestnut, ‘it’s turtles XML all the way down.’ The thing that struck me when first diving into using autopkg was that different product recipes could potentially have a good amount of similarities when they share common processors. One example is drag-drop apps that can be discovered with an ‘appcast’ URL, which, in my recollection, became common as the Sparkle framework gained popularity.

This commonality is exactly the type of thing sysadmins like myself seek to automate, so I built a few helper scripts to 1. discover what apps have appcast URLs, 2. generate the base download recipe, and further, the 3. pkg-building recipe that can use the download recipe as a ‘parent’, and the 4. munki or JSS recipes which can nest the pkg recipe in it. Recursivity is the new black.


Please do take a look if you feel you’ve got apps that folks haven’t built recipes for yet, and laugh at/use/fork my code as you see fit!

April 3rd, 2014

Posted In: Uncategorized

Tags: , , , , , ,

(Guest Post by Allister Banks)


As Venn diagram circles go, many folks in our community are getting into autopkg, and there’s even more that already use the JAMF Casper Suite. Over on the blog there’s an announcement for a new ‘processor’ add-on that can be installed with autopkg, that therefore can leverage the JSS API to fulfill many of the functions which up until present only Munki enjoyed. Please do read the release notes and give it a try!

January 6th, 2014

Posted In: Mac OS X, Mass Deployment

Tags: , , , , , , , ,

(Allister Banks Guest Post:)

As part of my presentations at LOPSA-East(the pdf slides of this one is here) earlier this year, I wanted to demonstrate how quickly you can get a proof-of-concept of Munki running on a recent Mac OS without Server. I had always used Greg Neagle’s awesome intro articles for MacTech(especially part 2,) which were  created back in 10.6 days(simpler times, amirite?) This video takes you through the setup of a Munki repo, and goes on to demonstrate not only basic Munki interaction and functionality, but if you setup MunkiWebAdmin and the reporting scripts on your clients in addition, it does a quick tour of that interface.

Setting Up a Munki Repository on 10.7+, Quick MunkiWebAdmin Demo from Allister Banks on Vimeo.

Pardon the length, lack of sound and meme’s sprinkled throughout, but I hope it’s of use to someone!

November 4th, 2013

Posted In: Mac OS X

Tags: , , , , , , , , , ,

I’ve long been a supporter of building tools in self service portals such as those provided by JAMF and Munki to provide users who don’t have administrative permissions to perform tasks that wouldn’t typically otherwise be destructive. One such example is a simple repair permissions. An administrator can simply open Disk Utility, select their disk and then click Repair Disk Permissions

Screen Shot 2013-10-24 at 7.11.31 PMBut if you want to do this as a user who doesn’t have administrative privileges you would need to elevate your privileges before doing so. In a larger environment this would be incredibly annoying for dozens, hundreds, thousands or even tens of thousands of users to bring their computer to an administrator just to type in a password. But, if you have a patch management solution that has some kind of a self service portal, users could do this themselves. Typically, you would create a very small payload free package. This package might just contain a single script that might even be as short as a one-liner. For example, the following command would actually run a repairPermissions.

diskutil repairPermissions /

You could also send some environmental variables from your patch management tool for the boot volume, but in this simple instance we’re just going to run it, with the following type of output:

Started verify/repair permissions on disk0s2 Macintosh HD
Permissions differ on "Library/Application Support"; should be drwxr-xr-x ; they are drwxrwxr-x
Repaired "Library/Application Support"
Group differs on "Library/Printers/InstalledPrinters.plist"; should be 80; group is 0
Permissions differ on "Library/Printers/InstalledPrinters.plist"; should be -rw-rw-rw- ; they are -rw-r--r--
Repaired "Library/Printers/InstalledPrinters.plist"
[ \ 0%..10%..20%..30%..40%..50%..60%..70%................ ] 74% 0:00:34
Finished verify/repair permissions on disk0s2 Macintosh HD

You could get much more complicated, writing the output to syslog or even a syslog server. You can also have metapackages that just do a bunch of tasks and call them things like “Try to fix my computer.” Provided you have a patch management tool, you could also just scope some devices and push some of these things out en masse; however, for the most part, I’m a fan of self service, so that’s the example I’m using this for.

October 28th, 2013

Posted In: Mac OS X

Tags: , , , , , , , , ,

Next Page »