Skip to content

SFIcons

I’ve wanted to make a simple app for quite some time, but I have had a hard time learning Swift. The Problem I sometimes need to create an icon for my Munki repo. I often use SF Symbols when I do that, and it’s really easy. But I want to make it look more like a macOS icon. So I played with making an app that layered the SF Symbol over a coloured square with rounded corners. The problem was getting the image out of there. Failed Solution So instead I decided to ask Google Gemini to help me make it. It SUCKED! Solution I switched to ChatGPT and it… Read More »SFIcons

macOS Device Compliance

I use two Smart Groups in Jamf to define how many devices are in compliance in regards to macOS version. The Smart Groups are pretty simple: The problem is that only gives us a snapshot of a moment in time, rather than historical data. My solution was to log that data in a Google Sheet. I created a new Okta Workflow. The Workflow kicks off once a day at 1 am PST. I want to store the date and time, so I need to convert it into the appropriate format. This will give me 2024-04-09 and 10:49:00 PST (based on time I’m writing this). It stores that values as dateReturn… Read More »macOS Device Compliance

Automating MDM Renewals Using Jamf and Okta Workflows

Hi, We have some computers that are in Jamf. Sometimes Jamf doesn’t like to play nice and renew the MDM on the device. To start you’re going to need an Advanced Computer Search in Jamf. The fortunately have a criterion called “MDM Profile Expiration Date” and we set that to less than 11 days. Alright, you got that? Great! Next you need to get the ID for that Advanced Computer Search. You can find that in the URL In the example above, it’s 888. In Okta Workflows, create a new flow, give it a name and tell it that it’s a Scheduled Flow. I’m not explaining every little thing. Here’s… Read More »Automating MDM Renewals Using Jamf and Okta Workflows

Toronto Mac Admins Meetup

We had a Toronto Mac Admins meetup this past Tuesday (January 30, 2024). I’m gonna embed the video for you folks.

Mac Admins @ Penn State University

I was recently at Penn State University in State College, PA for the annual MacAdmins conference. I was there with my co-worker Rebecca. The two of use presented two topics and they’ve made their way to YouTube.

Running GlobalProtect CLI only on Linux

I just spent 3 hours on a Zoom with a colleague trying to figure out what the issues our Linux users were facing when running GlobalProtect. To install the CLI-only version, you must first you download the files, untar/detar/whatever it… Then you run the installer script Woo hoo! It’s installed! Kinda, there’s a few things missing. Default Browser In the document /opt/paloaltonetworks/globalprotect/pangs.xml, add the following line in the <settings> section… Point to your Portal In the document /opt/paloaltonetworks/globalprotect/pangs.xml, add the following line in the <PanSetup> section… Save the document and exit. Reboot You don’t need me to tell you how to do that… reboot your computer. globalprotectcallback: URLs Create the… Read More »Running GlobalProtect CLI only on Linux

Custom Commands for Mosyle

Hat Tip to another Adam. I recently discovered these when poking around in Adam Codega’s Github. There’s a couple especially I want to draw attention to. BatteryHealthCA.sh This little script will get the battery service level, plus tell you the number of power cycles the battery has had. It will appear as something like “Normal (256)”. Battery condition is normal and has had 256 cycles. From there in Mosyle, you can create a Smart Device Group where the criteria is for that field is like “Service Recommended” as you can see below. Here’s the direct link. KernelPanicCA.sh This script will tell you how many kernel panics a device has had… Read More »Custom Commands for Mosyle

fdesetup

I’ve used a few different MDMs in my time as a MacAdmin, I’ve written about my transition from WorkspaceONE to Mosyle and I really much prefer it. I noticed today that one user isn’t using FileVault. I have a deferral set to 5 times. Which now I’m thinking might be a bit high. I was wondering how many times that user has deferred FileVault. I saw you could use fdesetup to see info about deferral. So I made a quick and dirty script for that. I used Mosyle to blast it out to all devices with Filevault off (that required having a smart group), and told it to run on… Read More »fdesetup

AutoPKG storage on external drive

Ran into a quick problem that I thought I’d quickly blog about. AutoPKG’s data folders are all sitting on an external drive. First off, “Ignore ownership on this volume” was checked off, and AutoPKG doesn’t like that. That was a first for me, I’ve always had AutoPKG running on the internal drive. I turned that on, gave myself ownership and read & write and then propagated permissions down. On the next run I got: Got some quick help from MacAdmins #AutoPKG channel. Suggested I give python full disk access. That solved the problem. Python was already in the PPPC panel for Full Disk Access, so I checked it off, but… Read More »AutoPKG storage on external drive

Broken Admin Account

Text I type is green, computer replies are purple. I had a weird issue this morning. A teacher brought in her school Mac. She was unable to authorize the computer to allow screen sharing in Zoom. Everything in our MDM was set properly. Standard users were allowed to make their own decisions for screen capture1. I clicked on the lock icon to authenticate there. It wouldn’t accept my credentials as the admin user. A bit about our workflow. Device in Apple School Manager and assigned to our MDM (Mosyle) Computer turns on and goes through Automated Device Enrollment (ADE) and hands off to Mosyle Authenticate to Mosyle via Google Mosyle… Read More »Broken Admin Account