Create a Munki installs array for multiple files at once

      No Comments on Create a Munki installs array for multiple files at once

Munki uses several different methods to decide what needs to be installed on a Mac. When deploying applications or files, an “installs” array is, in my opinion, the best way to make sure they remain installed and unaltered.

Munki automatically creates an installs array when you import an application or a DMG containing an application. But when you import a package, by default the receipts are used to determine installation status.

This means to have Munki check for the existence of items deployed by a package and not rely on the receipts, an installs array must be manually constructed.

Creating an installs array for multiple files can be tedious, so I wrote a script to simplify the process. Read on the for the details.

Continue reading

MDM migration with macOS Sonoma at MacDevOps:YVR

      No Comments on MDM migration with macOS Sonoma at MacDevOps:YVR

Last month I had the privilege to speak at the MacDevOps:YVR conference in Vancouver about an MDM migration I led late last year.

We utilized a new featured Apple added in macOS 14 Sonoma to drive our user experience and had great overall results.

I had a fantastic time meeting so many fellow MacAdmins in person, sharing my experiences and learning from the other amazing speakers.

Read on for my slide deck, a link to the video and an example script…

Continue reading

Touch ID for sudo on macOS

      No Comments on Touch ID for sudo on macOS

Apple added the ability to use Touch ID for sudo on the command line interface back in 2017 with High Sierra.

Since that time there have been numerous scripts published to make enabling this feature easier.

So with apologies to the United States Marine Corps

This is my script. There are many like it, but this one is mine.

Read on for the details.

Continue reading

Deploying Photo Mechanic with Munki

      No Comments on Deploying Photo Mechanic with Munki

Earlier this year Camera Bits consolidated the different Photo Mechanic (PM) versions into a single “All-in-One” download.

The cataloging feature of Photo Mechanic Plus is now simply activated (or not) by the license used to activate the application. (This is exactly how Microsoft handles Office for Mac.)

There are now subscriptions as well as perpetual licenses available which all use the same download.

Thankfully the ability to programmatically activate and deactivate is still there so only a few changes are needed in our Munki scripts.

Read on for the required changes…

Continue reading

Even more changes to Microsoft AutoUpdate preferences

      No Comments on Even more changes to Microsoft AutoUpdate preferences

Microsoft AutoUpdate 4MacAdmins have grown accustomed to Microsoft adding new, useful managed preferences to AutoUpdate and Office over the years.

So it comes as a surprise when widely used preferences are removed seemingly on a whim with no warning.

Recently I’ve written about two unexpected changes to Microsoft AutoUpdate (MAU):

Yesterday a member in the MacAdmins Slack spotted a new Microsoft document that contains even more changes to MAU preferences.

Read on for a little commentary plus what I think are the most noteworthy changes…

Continue reading

Changes to Microsoft AutoUpdate’s Required Data Notice

      6 Comments on Changes to Microsoft AutoUpdate’s Required Data Notice

Version 4.70 of Microsoft AutoUpdate for Mac, released this week, brought an unexpected change to the Required Data Notice dialog.

I originally wrote about how to disable this dialog back in July 2019.

Disabling Microsoft AutoUpdate’s new Required Data Notice in managed environments

This week’s change caught many MacAdmins by surprise but thankfully the cause and solution were quickly found by collaboration in Slack.

Read on for the details and solution…

Continue reading

Changes to launchctl kickstart in macOS 14.4

      No Comments on Changes to launchctl kickstart in macOS 14.4

macOS Sonoma logomacOS 14.4 includes a change that has the potential to impact a number of MacAdmins.

For the past couple years, launchctl kickstart has been widely used in an attempt to fix stuck macOS processes.

This first use came to prominence in relation to softwareupdate but more recently has been used for mdmclient as well.

MDM vendor Addigy even released a free tool, MDM Watchdog that uses kickstart to attempt to automatically remediate these issues.

Read on for details on why this might not work going forward.

Continue reading

Changes to Microsoft AutoUpdate deferral options

      1 Comment on Changes to Microsoft AutoUpdate deferral options

Microsoft AutoUpdate 4Microsoft began offering curated deferral channels for AutoUpdate a little over two years ago. These feeds allowed MacAdmins to delay updates to Office apps for a set number of days, without having to run a custom manifest server themselves.

Unfortunately these deferral channels have recently stopped working, leaving many MacAdmins scrambling to adjust.

Thankfully the community has engaged Microsoft and have pushed for a solution.

Read on for the details on why this happened and how to adjust your configuration.

Continue reading

Granting Munki Full Disk Access

      No Comments on Granting Munki Full Disk Access

MunkiMunki has been a staple management tool for many MacAdmins for a decade.

However in recent releases of macOS, Munki needs to be granted Privacy Preferences Policy Control permissions to access certain disk locations or update some apps.

Thankfully this has become very easy in the past year thanks to the MacAdmins community.

Read on for details and an example configuration profile.

Continue reading

Retroactive Automated Device Enrollment in macOS Sonoma

      27 Comments on Retroactive Automated Device Enrollment in macOS Sonoma

Apple released macOS 14 Sonoma this week, and on top of the numerous consumer facing features, there are also a number of interest to MacAdmins.

What’s new for enterprise in macOS Sonoma

While there are many improvements to features like Declarative Device Management (DDM) and MDM, one of the most interesting to me only got a short mention with no details.

Automated Device Enrollment can be enforced after Setup Assistant.

This feature, which I’m calling Retroactive Automated Device Enrollment, was announced during WWDC and I extensively tested it during the beta cycles.

I think there is some amazing potential here. Read on for details…

Continue reading