The latest version of the Apple Server app is out (macOS Server 5.4), and before you upgrade, there are a few points to review: As always, make a clone of your computer before upgrading. During the upgrade to High Sierra, if the operating system is running on a solid state drive, the drive will automatically upgrade to APFS. You cannot share APFS volumes over AFP, so if you’re running file services, make sure you’re aware of that. You can choose not to upgrade to APFS using the command line to upgrade a server. Even though the file sharing services are not in the Server app, you can still configure ACLs…
-
-
Logs, Logging, And Logger (Oh My)!
Apple has a number of different logging APIs. For the past few releases, Apple has tried to capture everything possible in logs, creating what many administrators and developers might consider to be a lot of chatter. As such, an entirely new interface needed to be developed to categorize and filter messages sent into system logs. Writing Logs The logger command is still used to create entries in system logs. However, if you are then using tail to view /var/log/system.log then you will notice that you no longer see your entry being written. This is because as the logs being created in macOS have gotten more complex, the tools to read…
-
Augmenting defaults domain settings within Apps
Some apps have defaults domains that don’t work the same as other apps and you need to use the -app option in defaults. This option is available for most apps, and sometimes I’ll use it to specifically crawl around for a specific setting I’m looking for. But for other apps, you need to interact with them there. So let’s look at Eclipse. Here, we can do a read with -app followed by the path: defaults read -app /Applications/eclipse/Eclipse.app/ The output would be as follows: { NSNavLastRootDirectory = “~/smb/smb”; NSNavPanelExpandedSizeForOpenMode = “{712, 426}”; NSScrollAnimationEnabled = 0; WebKitJavaEnabled = 0; } Now, let’s say you had a specific setting, like fixing an…
-
Episode 38 of the MacAdmin Podcast, with plenty of WWDC predictionating
-
Jamf Now, Now In German And Japanese
If you’re in need of MDM in Japanese or German, Jamf Now shipped support for those languages last week. To switch languages, click on your name once logged in, and then click on the language you would like to use. Enjoy.
-
Using mdmclient on macOS
I mentioned mdmclient when I gave the talk on the inner workings of Mobile Device Management, or MDM. There, I spent a lot of time on APNs and profiles, but just kinda’ spoke about mdmclient in terms of it being the agent that runs on macOS to provide mdm parity for the Mac. The mdmclient binary is located at /usr/libexec/mdmclient and provides pretty limited access to see how the Mac reacts to and interprets information coming from a device management provider. I had been meaning to do a write-up on mdmclient and document what it can do since it first shipped. But as luck would have it, @Mosen on the…
-
Extension Attribute to Grab iTunes Hashes for VPP on macOS
Here’s a new extension attribute at https://github.com/krypted/ituneshash/blob/master/ituneshash.sh for grabbing the hash ID used for iTunes Store accounts, useful with VPP: #!/bin/sh # # # #Jamf Pro Extension Attribute to return the App Store Account Hash for iTunes #Note that the return is null if one is not found # # result=`/usr/libexec/mdmclient QueryAppInstallation | grep iTunesStoreAccountHash | sed '/.*\"\(.*\)\".*/ s//\1/g'` echo "<result>$result</result>" The output is something like: <result>oBSmAAAa0nUAAACBHe5AaALlNBg=</result> Which would bring the string into Jamf Pro
-
New -N Option in the Profiles Command
10.12.4 gives us a new option to recheck enrollment via DEP! You can now use the -N flag to recheck a DEP configuration and, if a computer is not enrolled in the correct listing, move the enrollment. This should makes of r an ability to move devices between server, change the URL string in an enrollment profile, and recheck for the removal of an enrollment profile. To use the option, simply run profiles with the -N option (with elevated privileges): sudo profiles -N For the Mac, there are a lot of ways to programmatically handle enrollment, so this is a nice new feature, but not a game changer. But, while…
-
One-liner To Grab Which macOS Caching Server You’re Using
There’s a macOS tool called AssetCacheLocatorUtil located at /usr/bin/AssetCacheLocatorUtil. The output is in… stderr. Because stderr is so fun to work with (note that sed -i only works with stdin). So, to update the caching server(s) you are using and only print the IP address of those, you’d do the following: /usr/bin/AssetCacheLocatorUtil 2>&1 | grep guid | awk '{print$4}' | sed 's/^\(.*\):.*$/\1/' | uniq If you use Jamf Pro and would like to use this as an extension attribute, that’s posted here: https://github.com/krypted/cachecheck. I didn’t do any of the if/then there, as I’d usually just do that on the JSS.
-
basename and dirname Options
There are two useful commands when scripting operations that involve filenames and paths. The first of these is dirname: dirname can be used to return the directory portion of a path. The second is basename: basename can be used to output the file name portion of a path. For our first example, let’s say that we have an output of /users/krypted, which we know to be the original short name of my user. To just see just that username, we could use basename to call it: basename /users/charlesedge Basename can also be used to trim output. For example, let’s say there was a document called myresume.pdf in my home folder…