Archive for the ‘OS X’ category

Configuration Profiles and Identity payloads

November 6, 2014

In today’s MacTech deployment lab, the subject of using Identity payloads in configuration profiles came up.

Here: https://raw.githubusercontent.com/gregneagle/profiles/master/Identity_payload_demo.mobileconfig is a sample/demo configuration profile that contains both an Identity payload and an Email configuration payload.

When installed (by double-clicking the profile, after the normal warnings, the user is presented with a form for entering identification information:

Profiles identity

After entering the requested information and clicking Continue, Mail.app gets a new Gmail account added with the information you entered.

MacTech Conference 2014: What’s New with Munki?

November 6, 2014

Here are links from my MacTech Conference 2014 presentation: “What’s New with Munki?”.

Munki itself:

GUI tools:

Web interfaces/Web reporting consoles:

Alternate Munki servers:

Update management:

Miscellaneous tools and add-ons:

Managed Software Center help page link:

Munki 2 documentation:

Munki discussion group:

Munki demonstration setup:

Removing Munki:

You Oughta Check Out AutoPkg: Links

July 10, 2014

If you attended my presentation on AutoPkg today, thanks! Here are the links:

AutoPkg:

http://autopkg.github.io/autopkg

https://github.com/autopkg/autopkg

https://github.com/autopkg/autopkg/releases

AutoPkg recipe repos:

http://github.com/autopkg

JSSImporter:

https://github.com/arubdesu/jss-autopkg-addon

AbsoluteManage Processor:

https://github.com/tburgin/autopkg/blob/master/Code/autopkglib/AbsoluteManageExport.py

AutoPkg Change Notifications script:

http://seankaiser.com/blog/2013/12/16/autopkg-change-notifications/

MacSysAdmin 2013 session:

http://docs.macsysadmin.se/2013/video/Day2Session4.mp4

Steve Yuroff’s AutoPkg and Jenkins notes:

http://swytechnotes.wordpress.com/2013/10/21/autopkg-and-jenkins-under-one-admin-account/

AutoPkg Wiki:

https://github.com/autopkg/autopkg/wiki

Post-PSU Mac Admins Pre-Conference Workshop

July 8, 2014

If you attended the workshop today Matt and I led on “Python for Systems Administrators”, thank you! Here are links to some of the additional information and documentation mentioned today:

Course materials:

http://gregneagle.github.io/psumac2014_python/

Cocoa documentation links

Foundation:

https://developer.apple.com/library/mac/documentation/cocoa/reference/foundation/Miscellaneous/Foundation_Functions/Reference/reference.html

CFPreferences:

https://developer.apple.com/library/mac/documentation/CoreFoundation/Reference/CFPreferencesUtils/Reference/reference.html

Plists and Foundation:

https://developer.apple.com/library/mac/documentation/Cocoa/Conceptual/PropertyLists/Introduction/Introduction.html

More documentation:

http://www.python.org/

http://www.diveintopython.net

https://www.coursera.org/course/interactivepython

PSU Mac Admins Pre-Conference Workshop

July 6, 2014

My colleague, Matt Schnittker, and I will be leading a half-day pre-conference workshop on “Python for Systems Administrators” on Tuesday, July 8th at PSU Mac Admins Conference 2014. If you are participating in the workshop, please visit here first to get your class materials:

http://gregneagle.github.io/psumac2014_python/

Hope to see you there!

Preventing users from disabling FileVault 2

May 21, 2014

FileVaultI’ve seen a few online questions about how to prevent users from turning off FileVault 2.

The first line of defense, of course, is to not give admin rights to those users. As of Mavericks, however, there is an additional tool — you can use a configuration profile to prevent turning off FileVault (or at least disable the controls in the Security and Privacy preference pane — very clever users with admin rights might still able to turn it off using Disk Utility or the command-line diskutil tool).

Here is a configuration profile that disables the “Turn off FileVault” button in the FileVault tab of the Security and Privacy preference pane.

Since admin users can also remove configuration profiles, you should probably also lock this profile, requiring a password to remove it. That’s an exercise left for the reader, but here’s a starting point…

Add something like this to the PayloadContent array:

<dict>
    <key>PayloadDescription</key>
    <string>Configures Configuration Profile security</string>
    <key>PayloadDisplayName</key>
    <string>Profile Security</string>
    <key>PayloadIdentifier</key>
    <string>0dc319a0-c331-0131-eeb5-000c294ab81b.alacarte.ProfileSecurity</string>
    <key>PayloadType</key>
    <string>com.apple.profileRemovalPassword</string>
    <key>PayloadUUID</key>
    <string>65a90a90-c331-0131-eeb9-000c294ab81b</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>RemovalPassword</key>
    <string>PrOf1leReM0v@lPa$$w0rdG0esHere</string>
</dict>

MacSysAdmin 2014

May 2, 2014

Gothenburg
I’m excited to be presenting once again at MacSysAdmin 2014 in Gothenburg, Sweden!

https://macsysadmin.se/2014/Home.html

The current plan is that I will talk about what’s new in Munki (so I’d better finish a lot of the stuff I’m working on before then!) and, together with Tim Sutton, a detailed talk on AutoPkg.

MacSysAdmin is September 16th through September 19th, 2014 – hope to see you there!


Follow

Get every new post delivered to your Inbox.

Join 191 other followers