The Enable-BitLocker cmdlet is available in Powershell to encrypt drives. The command is fairly straight forward once we figure out how to do a few things. In the following we’ll use -mountPoint to define that it’s the default C: drive that we’re encrypting, followed by -EncryptionMethod as an Aes128 or an Aes256 and then who can unlock, in this case, the CharlesEdge short name on the Krypted domain, then we’ll prompt (that can be removed) and define a -pin of 2345 to unlock the recovery key and finally drop the key off at a -RecoveryKeyPath. Seems like a lot but it’s not and there are ways to do a password…
-
-
Apple Configurator cfgutil Verbs
Once the Apple Configurator 2 Command Line Tools are installed, you’ll find a binary called cfgutil at /Applications/Apple Configurator 2.app/Contents/MacOS/cfgutil. The cfgutil command has a number of verbs you can see by running the command followed by the help verb, as follows: /Applications/Apple\ Configurator\ 2.app/Contents/MacOS/cfgutil help The following is a list of officially supported verbs: activate: activate iOS and iPadOS devices. add-tags: add a tag for iOS and iPadOS devices. backup: Create a backup of an iOS or iPadOS device the Configurator computer has prepared. clear-passcode: Clear the passcode a supervised iOS or iPad OS device. erase: Erase any content and settings configured on any supervised iOS and iPadOS devices. exec:…
-
Manage the Look of Launchpad
You can control the number of columns and rows in LaunchPad. To do so, edit the com.apple.doc defaults domain with the key springboard-rows for the number of rows to display and springboard-columns to control the number of columns displayed. So to set the number of rows LaunchPad will show per screen, send the write verb into defaults for com.apple.dock along with the springboard-rows and an -int of 4: defaults write com.apple.dock springboard-rows -int 4 Likewise, to set columns to 8: defaults write com.apple.dock springboard-columns -int 8 Then just killall for Dock: killall Dock In some cases you will also need to send a resetlaunchpad boolean into com.apple.dock (for TRUE) along…
-
MacAdmins: “Walk Softly But Carry A Mac Deploy Stick” with Tim Perfitt
-
Limit Upload and Download Streams for Google Drive File Stream on macOS
Google Drive File Stream allows you to access files from Google’s cloud. It’s pretty easy for a lot of our coworkers to saturate our pipes. So you can configure a maximum download and upload speed in kilobytes per second. To do so write a com.google.drivefs.settings defaults domain into /Library/Preferences/com.google.drivefs.settings and use a key of BandwidthRxKBPS for download and BandwidthTxKBPS for upload (downstream and upstream as they refer to them) as follows: defaults write com.google.drivefs.settings BandwidthRxKBPS -int 200 defaults write com.google.drivefs.settings BandwidthTxKBPS -int 200
-
Updated My Apple Admin Conferences Page
I’ve been keeping a list of Apple Admin conferences for a few years now. I probably should have versioned it and kept each iteration, but… no need to pollute the interwebs with more outdated stuffs than I already have. So here’s the link for the latest version, updated with all the event dates announced thus far: https://krypted.com//community/macadmin-conferences/ Hope to see you at some!
-
Inspecting and creating Mac installer packages on Linux
Awhile back, I wrote a tool to rewrap ipa files that I called ipasign: https://github.com/krypted/ipasign/blob/master/ipasign.py. But I wanted to do something similar for the Mac, and specifically have it run in Linux. So looking at what you’d need to be able to do, let’s start with viewing the contents of a flattened Apple package. This command will show you the files installed as a part of the Node JS package. Why did I choose that package? It was sitting on my desktop… pkgutil --files org.nodejs.node.pkg Now, this logic is available because you’re running pkgutil on a Mac. But that can’t run in Linux. So what would you do if you wanted…
-
New Page Explaining Apple MDM Even Further
Apple has published a new page that goes through all of the settings and commands available via MDM and explains many in much more detail. This is available at http://help.apple.com/deployment/mdm/. The new guide is a great addition to the work @Mosen has done at https://mosen.github.io/profiledocs/ in terms of explaining what each setting, command, and payload do. And let’s not forget the definitive MDM protocol reference guide, available at https://developer.apple.com/library/content/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/1-Introduction/Introduction.html#//apple_ref/doc/uid/TP40017387-CH1-SW1. Overall, I’m excited to see so much information now available about MDM, including how to develop an MDM properly, what each setting does, and now what you should expect out of an MDM!
-
Getting Started with Autopkgr
Autopkgr is basically a small app that allows you to select some repositories of recipes and then watch and run them when they update. It’s a 5 minute or less installation, and at its simplest will put software packages into a folder of your choosing so you can test/upload/scope to users. Or you can integrate it with 3rd party tools like Munki, FileWave, or Jamf using the JSSImporter. Then if you exceed what it can do you can also dig under the hood and use Autopkg itself. It’s an app, and so it needs to run on a Mac. Preferably one that doesn’t do much else. Installing Autopkgr You can…
-
Stop Apps From Installing Automatically On A Mac When Purchased On Another Mac
You know how when you buy apps at home, they show up on your computer at work, if you’re using the same iCloud account for the app store in both locations? Some companies want to disable that. To do so, send a ConfigDataInstall key into com.apple.softwareupdate, which can most easily be done with the defaults command: sudo defaults write com.apple.SoftwareUpdate ConfigDataInstall -int 0 Or to turn it back on: sudo defaults write com.apple.SoftwareUpdate ConfigDataInstall -int 1