Kevin M. Cox

Munki scripts for CrowdStrike Falcon

Kevin M. Cox June 1, 2025 2 Comments

Munki is designed to ensure a specific or newer version of an application is installed on a macOS computer. A job it excels at.

CrowdStrike Falcon does a great job of upgrading, and downgrading, itself. This includes the ability for admins to change their desired installed version across the fleet from the CrowdStrike console.

So how does a MacAdmin use Munki to deploy Falcon without disrupting the ability to change the installed version across the fleet on the fly?

Read on for details on how we handle it.

Continue reading →

Prevent users from skipping Automated Device Enrollment in macOS Ventura and later

Kevin M. Cox January 18, 2025 2 Comments

While iPhones and iPads have always required internet connectivity to complete setup, Macs do not have this same requirement, allowing users to easily bypass Automated Device Enrollment (ADE).

Thankfully there is now a way to work around this limitation thanks to a new feature Apple added in macOS 13 Ventura.

Read on for the details…

Continue reading →

Create a Munki installs array for multiple files at once

Kevin M. Cox November 3, 2024 No Comments

Munki uses several different methods to decide what needs to be installed on a Mac. When deploying applications or files, an “installs” array is, in my opinion, the best way to make sure they remain installed and unaltered.

Munki automatically creates an installs array when you import an application or a DMG containing an application. But when you import a package, by default the receipts are used to determine installation status.

This means to have Munki check for the existence of items deployed by a package and not rely on the receipts, an installs array must be manually constructed.

Creating an installs array for multiple files can be tedious, so I wrote a script to simplify the process. Read on the for the details.

Continue reading →

MDM migration with macOS Sonoma at MacDevOps:YVR

Kevin M. Cox July 31, 2024 No Comments

Last month I had the privilege to speak at the MacDevOps:YVR conference in Vancouver about an MDM migration I led late last year.

We utilized a new featured Apple added in macOS 14 Sonoma to drive our user experience and had great overall results.

I had a fantastic time meeting so many fellow MacAdmins in person, sharing my experiences and learning from the other amazing speakers.

Read on for my slide deck, a link to the video and an example script…

Continue reading →

Touch ID for sudo on macOS

Kevin M. Cox June 1, 2024 No Comments

Apple added the ability to use Touch ID for sudo on the command line interface back in 2017 with High Sierra.

Since that time there have been numerous scripts published to make enabling this feature easier.

So with apologies to the United States Marine Corps…

This is my script. There are many like it, but this one is mine.

Read on for the details.

Continue reading →

Deploying Photo Mechanic with Munki

Kevin M. Cox May 30, 2024 No Comments

Earlier this year Camera Bits consolidated the different Photo Mechanic (PM) versions into a single “All-in-One” download.

The cataloging feature of Photo Mechanic Plus is now simply activated (or not) by the license used to activate the application. (This is exactly how Microsoft handles Office for Mac.)

There are now subscriptions as well as perpetual licenses available which all use the same download.

Thankfully the ability to programmatically activate and deactivate is still there so only a few changes are needed in our Munki scripts.

Read on for the required changes…

Continue reading →

Even more changes to Microsoft AutoUpdate preferences

Kevin M. Cox April 23, 2024 No Comments

Microsoft AutoUpdate 4 MacAdmins have grown accustomed to Microsoft adding new, useful managed preferences to AutoUpdate and Office over the years.

So it comes as a surprise when widely used preferences are removed seemingly on a whim with no warning.

Recently I’ve written about two unexpected changes to Microsoft AutoUpdate (MAU):

Yesterday a member in the MacAdmins Slack spotted a new Microsoft document that contains even more changes to MAU preferences.

Read on for a little commentary plus what I think are the most noteworthy changes…

Continue reading →

Changes to Microsoft AutoUpdate’s Required Data Notice

Kevin M. Cox April 17, 2024 6 Comments

Version 4.70 of Microsoft AutoUpdate for Mac, released this week, brought an unexpected change to the Required Data Notice dialog.

I originally wrote about how to disable this dialog back in July 2019.

• Disabling Microsoft AutoUpdate’s new Required Data Notice in managed environments

This week’s change caught many MacAdmins by surprise but thankfully the cause and solution were quickly found by collaboration in Slack.

Read on for the details and solution…

Continue reading →

Changes to launchctl kickstart in macOS 14.4

Kevin M. Cox March 7, 2024 No Comments

macOS Sonoma logo macOS 14.4 includes a change that has the potential to impact a number of MacAdmins.

For the past couple years, launchctl kickstart has been widely used in an attempt to fix stuck macOS processes.

This first use came to prominence in relation to softwareupdate but more recently has been used for mdmclient as well.

MDM vendor Addigy even released a free tool, MDM Watchdog that uses kickstart to attempt to automatically remediate these issues.

Read on for details on why this might not work going forward.

Continue reading →

Changes to Microsoft AutoUpdate deferral options

Kevin M. Cox February 25, 2024 1 Comment

Microsoft AutoUpdate 4 Microsoft began offering curated deferral channels for AutoUpdate a little over two years ago. These feeds allowed MacAdmins to delay updates to Office apps for a set number of days, without having to run a custom manifest server themselves.

Unfortunately these deferral channels have recently stopped working, leaving many MacAdmins scrambling to adjust.

Thankfully the community has engaged Microsoft and have pushed for a solution.

Read on for the details on why this happened and how to adjust your configuration.

Continue reading →