Category: Apple

Smart Group workaround to determine which clients have software updates available in Jamf

As Graham Pugh and others have reported, running softwareupdate --list can cause the softwareupdated daemon to hang, also when softwareupdate is run as part of updating inventory in Jamf Pro. Pugh discovered that you can read the number of available updates using the following command: defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist RecommendedUpdates To be able to send notifications … Continue reading Smart Group workaround to determine which clients have software updates available in Jamf

Making sure Preview.app is the default PDF reader

Malware can sometimes come in the form of a PDF that contains embedded scripting language. Luckily, Apple's Preview.app, which is the default PDF reader on macOS, does not support most of Acrobat's features that can enable this type of malware. It is also much lighter than Acrobat Reader, and a great application. Making sure Preview.app … Continue reading Making sure Preview.app is the default PDF reader

Catalina compatible Jamf Self Service policy to grant users temporary admin rights

If your organization mandates that users run as standard users, one way of allowing them to install software and perform operations where admin privileges are necessary, is to let them grant themselves temporary privileges. There are a few solutions out there already. With the introduction of macOS Catalina, Apple announced they were deprecating Python and … Continue reading Catalina compatible Jamf Self Service policy to grant users temporary admin rights

MDM privacy settings for macOS and common applications

The GDPR and information security concerns is causing organizations to become more aware of the different privacy settings in macOS and common applications. Maximum privacy settings should already be default in Europe under GDPR regulations, at least if one is to believe the Irish Computer Society: "Privacy by Default means that once a product or … Continue reading MDM privacy settings for macOS and common applications

Silent Office 365 upgrade using msupdate and Jamf

It is entirely possible to silently upgrade users from Office 2016 VL to Office 365/2019 without user interaction, provided they are already using Outlook with an Office email account. The only thing your users will see, is a window informing them Office is being activated the first time they start one of the Office applications … Continue reading Silent Office 365 upgrade using msupdate and Jamf

Scripting CIS security recommendations

The nonprofit organization Center for Internet Security (CIS) regularly releases security recommendations for operating systems and software. Their CIS Apple macOS 10.13 Benchmark is for High Sierra, but most of the recommendations are relevant to Mojave as well. They categorize their recommendations into three categories, recognizing that some will negatively impact usability and perhaps aren't … Continue reading Scripting CIS security recommendations

Analyzing app behavior to assist MDM installations

Creating packages, scripts and policies that properly deploy macOS applications can be easy as pie. Especially if your only goal is to repackage a simple app that would otherwise be dragged into the Applications folder without applying further settings, or if the vendor has supplied a suitable .pkg and documented their settings. At other times, … Continue reading Analyzing app behavior to assist MDM installations

Preloading the Chrome bookmarks bar with Office 365 links and favicons

There are two kinds of Chrome MDM settings: hard and soft ones. Or user-unmodifiable and user-modifiable, if you like. Hard settings can be set using a configuration profile, using the Chromium policy list as a reference. Soft settings are often set using a list of master preferences. The latter isn't very well documented, and if … Continue reading Preloading the Chrome bookmarks bar with Office 365 links and favicons