A little while back, I did a little writeup on how the OS X Caching Server caches updates at https://krypted.com//mac-security/how-the-os-x-caching-server-caches-updates/. The goal was to reverse engineer parts of how it worked for a couple of different reasons. The first was to get updates for devices to cache to my caching server prior to 15 people coming in before it’s cached and having caching it down on their own. So here’s a little script I call precache. It’s a little script that can be used to cache available Apple updates into an OS X Server that is running the Caching Service. To use, run the script followed by the name of…
-
-
Enable Apple Configurator Debug Logs
Apple Configurator 2 is a great tool. But you need to debug things from time to time. This might mean that a profile is misconfigured and not installing, or that a device can’t perform a task you are sending it to be performed. This is about the time that you need to enable some debug logs. To do so, quit Apple Configurator and then write a string of ALL into the ACULogLevel key in ~/Library/Containers/com.apple.configurator.ui/Data/Library/Preferences/com.apple.configurator.ui.plist: defaults write ~/Library/Containers/com.apple.configurator.ui/Data/Library/Preferences/com.apple.configurator.ui.plist ACULogLevel -string ALL To disable, quit Apple Configurator and then delete that ACULogLevel key: defaults delete ~/Library/Containers/com.apple.configurator.ui/Data/Library/Preferences/com.apple.configurator.ui.plist ACULogLevel
-
Scripting The OS X Caching Server To Cache Updates
The Caching Server in OS X is a little bit of a black box. But, it’s not all that complicated, compared to some things in the IT world. I’d previously written about command line management of the service itself here. When you enable the caching service, the server registers itself as a valid Caching Server. Nearby devices then lookup the closest update server with Apple and register with that update server using a GUID: /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin settings caching:ServerGUID Then, each time the device looks for an update, it does so against http://mesu.apple.com/assets/com_apple_MobileAsset_SoftwareUpdate/com_apple_MobileAsset_SoftwareUpdate.xml using the device model. Noticed this with this line in my proxy logs: "GET http://mesu.apple.com/assets/com_apple_MobileAsset_SoftwareUpdate/com_apple_MobileAsset_SoftwareUpdate.xml HTTP/1.1" 200 - "-"…
-
MacAdmins Podcast, Episode II
Trying our best to get better, like if you were to watch Star Wars Episodes I through VI, the MacAdmins podcast now has an Episode II. No Jar Jar, but I’m there, so close enough! Find it at http://podcast.macadmins.org/2016/04/04/episode-2-in-depth-with-ios-9-3/
-
Huffington Post Article: 20 Cool Things You Can Do With Box.com
My latest Huffington Post article, Twenty Cool Things You Can Do with Box is online here. It begins: If you are looking for a secure and uncomplicated and file sharing service, you will find box.com to be a wonderful way to share files from any device. Today, it is easier than ever for businesses to operate globally regardless of how large or small they are. This is because of the digital age that makes works products easy to share or transfer. Here are twenty cool things that you can do with box.com. For more, click here.
-
Contributing To The New MacAdmins Podcast: Episode 1 is out!
When I was speaking at MacADUK, I asked Tom Bridge about starting a podcast. He’s got a great voice, and I thought he’d be a great co-host. Before we were able to get to that when we got home, Adam Codega, independently of the conversation I’d had with Tom, dropped a note on Twitter to see who else might be interested in doing a Podcast. A few people responded that they’d be interested in also jumping in on a new Podcast. Over the next few weeks, decisions were made that the podcast would be hosted as a part of MacAdmins.org, the format, the hosting location, and lots of other really cool stuff.…
-
Activation Lock Status At Apple
Thanks to Josh for pointing this out. Apple has a page that lets you look up whether your device has Activation Lock enabled. This way, even if you don’t have it, you can confirm that it’s locked after you, for example, remotely wipe it. The page is available at https://www.icloud.com/activationlock/.
-
Export AD Objects Into LDIF On Windows Server
The LDIFDE utility exports and imports objects from and to Active Directory using the ldif format, which is kinda’ like csv when it gets really drunk and can’t stay on one line. Luckily, ldif can’t drive. Actually, each attribute/field is on a line (which allows for arrays) and an empty line starts the next record. Which can make for a pretty messy looking file the first time you look at one. The csvde command can be used to export data into the csv format instead. In it’s simplest form the ldifde command can be used to export AD objects just using a -f option to specify the location (the working…
-
A quick list of iOS Functionality Restrictions
There are a lot of payloads that MDM and profiles can manage in iOS. Restrictions are probably the one I get the most questions about. And most are pretty self-explanatory. Sooooo, rather than open Profile Manager every time I need to see the list, here it is: Allow use of Camera Allow FaceTime Allow screenshots and screen recording Allow AirDrop (supervised only) Allow iMessage (supervised only) Allow voice dialing while device is locked Allow Siri Allow Siri while device is locked Enable Siri profanity filter (supervised only) Allow user-generated content in Siri (supervised only) Allow iBooks Store (supervised only) Allow installing apps using Apple Configurator and iTunes Allow installing apps…
-
Use Apple Configurator 2 To Automate Casper Enrollment
Enrolling iPads and iPhones into JAMF’s Casper suite can be done through Apple Configurator 2, text messages, email invitations, Apple’s Device Enrollment Program (DEP), or using links deployed to iOS devices as web clips. When doing larger deployments the enrollment process can be automated so that devices are automatically enrolled into Casper when set up using an Enrollment Profile that is manually downloaded from Casper and deployed to device. Additionally, a certificate can be needed if the certificate is not included in the profile, an option available as a checkbox in the setup. While you hopefully won’t need to download the certificate, we’ll cover that as well: Download the Enrollment Profile…