• Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment,  Unix

    Bash: Check That A Script Is Running As Root

    Pretty much every script I’m working on these days must be run as root. Checking what user is running something is pretty straight forward, as there’s a built-in shell variable for $USER that contains the user running a script. To see this real quick, simply run the following: echo $USER You can then put this into your scripts. I’ve been using the same block of code for decades, which can be run in a script by itself if you’d like to paste this into one. if [[ $USER != "root" ]]; then echo "This script must be run as root" else echo "You are root" exit 1 fi Note: Keep in mind…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Troubleshoot Spotlight Indexing Issues Using mddiagnose

    Spotlight just kinda’ works. Except when it doesn’t. Which is luckily pretty rare, for the use cases that Spotlight was designed for. But when it doesn’t work, you have a few tools that I’ve highlighted over the years to help you out, including articles on shared volumes, manually indexing, disabling Spotlight, and a few others. But what if you need to go in more depth to isolate an issue? For this, Apple has provided us with a tool called mddiagnose, in /usr/bin. In the following command, we’ll run an mddiagnose to dump a bunch of system statistics that we can then look at. Here, we’ll do that to a folder…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Add Another Partition To Your Mac

    By default, most computers come with one partition and one volume on that partition. Well, in OS X there’s also a recovery partition, but that’s hidden so we’ll pretend like there’s just one. You can create additional volumes, which are useful for a number of different scenarios. The operation of creating partitions usually involves resizing a partition. That can be somewhat dangerous, so make sure to backup your Mac before doing so. To create an additional partition (and by default an HFS+ filesystem on that partition), first open Disk Utility from /Applications/Utilities. Note that by default, the boot volume is highlighted. You can’t create a partition inside a volume or…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment,  public speaking

    Use the JAMF Discount for MAC AD UK

    I’m gonna’ be speaking at the inaugural Mac Admin and Developer Conference, from Amsys in London. JAMF Software is sponsoring Mac Admin & Developer Conference in London, on Feb 9th and 10th. And this gives us the chance to help promote a 15% off discount on the normal ticket price of £497 + VAT, promo price: £422 + VAT. JAMF has a landing page on our site to help you use our discount at http://www.jamfsoftware.com/events/mac-admin-developer-conference-uk/. To get the discount, simply email hello@macad.uk and mention JAMF!

  • Apple Configurator,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Programmatically Extract Saved Wi-Fi Passwords In OS X

    Previously, I covered how to Programmatically Obtain Recent Wi-Fi Networks On A Mac. But, here I’m gonna’ go a step further and look at how to extract the password for a network as well. The two are stored in different locations. The recent networks are in the /Library/Preferences/SystemConfiguration/com.apple.airport.preferences defaults domain. If you pull one of those, then you can use the security command to extract the password itself. security find-generic-password -ga "Krypted Home" The output is as follows, showing everything that is tracked about this network in the keychain. keychain: "/Library/Keychains/System.keychain" class: "genp" attributes: 0x00000007 <blob>="Krypted Home" 0x00000008 <blob>=<NULL> "acct"<blob>="Krypted Home" "cdat"<timedate>=0x32303135313230373135313731375A00 "20151207151717Z\000" "crtr"<uint32>=<NULL> "cusi"<sint32>=<NULL> "desc"<blob>="AirPort network password" "gena"<blob>=<NULL> "icmt"<blob>=<NULL> "invi"<sint32>=<NULL> "mdat"<timedate>=0x32303135313230373135313731375A00 "20151207151717Z\000"…

  • Apple Configurator,  iPhone,  JAMF,  Mass Deployment

    Use Apple Configurator 2 To Automate Casper Enrollment

    Enrolling iPads and iPhones into JAMF’s Casper suite can be done through Apple Configurator 2, text messages, email invitations, Apple’s Device Enrollment Program (DEP), or using links deployed to iOS devices as web clips. When doing larger deployments the enrollment process can be automated so that devices are automatically enrolled into Casper when set up using an Enrollment Profile that is manually downloaded from Casper and deployed to device. Additionally, a certificate can be needed if the certificate is not included in the profile, an option available as a checkbox in the setup. While you hopefully won’t need to download the certificate, we’ll cover that as well: Download the Enrollment Profile…

  • Articles and Books,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    The Second Edition of our Enterprise Mac Administrators Guide Now Shipping

    My 14th book, The second edition of the Mac Administrator’s Guide is now shipping. This was a big, big rewrite, given the fact that the first edition was before the App Store, Gatekeeper, and many, many other technologies. You can buy this book here! Also, huge congrats to Bill Smith, for publishing his first book, and most notably for doing so much amazing work on this book! Finally, we’re editing the second and third books I did this past summer right now, so look out for those announcements shortly!

  • JAMF,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Use The jamfHelper Binary To Display Messages In OS X

    The jamfHelper binary is used to deploy an alert to client computers that are enrolled in the JSS. This can be a full screen alert with headings, icons, text, and countdowns. This could also just be a small utility window that informs a user that something was installed. You can do similar tasks with push notifications, but I find that a lot of times an APNs update will disappear before someone can click on it. Therefore, we can use the jamfHelper binary to send alert screens in OS X. We’ll go through a couple of minor examples here. The first is to send a window called KRYPTED that is full screen, with test as the…

  • iPhone,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Is Imaging Dead In OS X?

    I love answering a question with a question. Is asr still in OS X? Is NetInstall still in OS X Server? Can OS X still NetBoot? Does System Image Utility still work? The answer to all of these is yes. Therefore, the answer to “Is imaging dead” is clearly no. Is it on its way out, maybe. Debatable. Is it changing? Of course. When does Apple not evolve? What have we seen recently? Well, the rhetoric would point to the fact that imaging is dying. That seems clear. And this is slowly coming out of people at Apple. The word imaging is becoming a bad thing. But, as a customer…