Adobe Flash Player 11.9

Posted October 8, 2013 by GregN
Categories: General

Flash Player 10Since I’ve complained about the various installers for Adobe Flash Player in the past, I feel honor-bound to compliment Adobe on this release:

Today Adobe released Flash Player 11.9.900.117, and this release includes a new package that does all the right things this time:

  1. It installs all needed components
  2. It installs silently from the command-line
  3. It installs properly at the loginwindow
  4. It installs on non-boot volumes

You can extract the package from the Install Adobe Flash Player application, or if you apply to redistribute Flash Player (which you should), you’ll find a link “for Systems Administrators”, which contains just the installation package.

The individual user installer can be obtained here.

MacSysAdmin 2013 links

Posted September 17, 2013 by GregN
Categories: General

Here are links for the things I’m talking about today at MacSysAdmin 2013 in Gothenburg, Sweden:


Adobe Enterprise tools:


RUM Channel IDs:



AutoPkg recipes:

AutoPkg documentation:

AutoPkg discussion:


Other cool stuff from Tim:

Other cool stuff from MagerValp:

Other automatic Munki importing things:

Undocumented options

Posted April 30, 2013 by GregN
Categories: Mountain Lion, OS X, Scripting

Rich Trouton posted today about undocumented options for the asr command-line utility.

On Twitter, Marnin asked:

Lots of OS X utilities have undocumented options. Take for example /usr/sbin/softwareupdate — the command-line Apple Software Update utility.

It’s had several undocumented options for years. Read the rest of this post »

10.8.3 supported platforms

Posted March 15, 2013 by GregN
Categories: Deployment, OS X, Packaging

A follow-up to yesterday’s post on 10.8.3.

I had hoped that the “SupportedModelProperties” list in the InstallESD.dmg’s /System/Library/CoreServices/PlatformSupport.plist would serve as a more-or-less human parseable list of supported models.

But it appears that there are some supported models that do not appear in the “SupportedModelProperties” list, but whose board-ids do appear in the “SupportedBoardIds” list in that same file.

In any case, the _real_ thing that causes the the installer to decide whether or not to proceed is this function in the OSInstall.mpkg’s Distribution file:

function isSupportedPlatform(){

	if( isVirtualMachine() ){
		return true;
	var platformSupportValues=["Mac-F42D88C8","Mac-F2218EA9","Mac-F42D86A9","Mac-F22C8AC8","Mac-F22586C8","Mac-AFD8A9D944EA4843","Mac-F227BEC8","Mac-F226BEC8","Mac-7DF2A3B5E5D671ED","Mac-942B59F58194171B","Mac-2E6FAB96566FE58C","Mac-F42D89C8","Mac-00BE6ED71E35EB86","Mac-4B7AC7E43945597E","Mac-F22C89C8","Mac-942459F5819B171B","Mac-F42388C8","Mac-F223BEC8","Mac-F4238CC8","Mac-F222BEC8","Mac-4BC72D62AD45599E","Mac-F2268DC8","Mac-F2208EC8","Mac-66F35F19FE2A0D05","Mac-F4238BC8","Mac-F221BEC8","Mac-C08A6BB70A942AC2","Mac-8ED6AF5B48C039E1","Mac-F2238AC8","Mac-FC02E91DDD3FA6A4","Mac-6F01561E16C75D06","Mac-742912EFDBEE19B3","Mac-F22589C8","Mac-F22587A1","Mac-F22788AA","Mac-F42C86C8","Mac-942C5DF58193131B","Mac-F2238BAE","Mac-F22C86C8","Mac-F2268CC8","Mac-F2218FC8","Mac-7BA5B2794B2CDB12","Mac-F65AE981FFA204ED","Mac-031AEE4D24BFF0B1","Mac-F22587C8","Mac-F42D89A9","Mac-F2268AC8","Mac-F42C89C8","Mac-942452F5819B1C1B","Mac-F2218FA9","Mac-F221DCC8","Mac-94245B3640C91C81","Mac-F42D86C8","Mac-F2268EC8","Mac-F2268DAE","Mac-F42C88C8","Mac-94245A3940C91C80","Mac-F42386C8","Mac-C3EC7CD22292981F","Mac-942B5BF58194151B","Mac-F2218EC8"];
	var boardID = system.ioregistry.fromPath('IOService:/')['board-id'];
	if( !boardID || platformSupportValues.length == 0 ) {
		return false
	for( var i = 0; i < platformSupportValues.length; i++ ){
	 	if( boardID == platformSupportValues[i] ){
				return true;

	return false;

Unfortunately, I have not found a reliable resource for mapping board-ids to models.


Posted March 14, 2013 by GregN
Categories: Deployment, General, OS X

Mountain Lion image

Today Apple finally released OS X 10.8.3.

This release has been awaited by many Mac admins as the hope was that this version would support all Macs capable of running Mountain Lion. Prior to this release, the Late 2012 Macs (iMacs, 13″ Retina MacBookPros and Mac minis) required a different build of 10.8.2 than did other Macs.

This required having multiple restore images or OS installer pkgs and possibly multiple NetBoot disks to support all the Macs in your organization.

The hope (and assumption) was that 10.8.3 would unify the Mountain Lion builds, and that all recent machines would be able to use the new version.

How, though, to be sure? One way is to look at what Apple says. Mount the InstallESD.dmg disk image inside the 10.8.3 Install OS X Mountain and take a look at /System/Library/CoreServices/PlatformSupport.plist.

One of the keys in this plist looks like this:


If your Macs are in this list, they should be supported by 10.8.3.

UPDATE: There are some Macs NOT in this list that are also supported by 10.8.3 — those are the “Late 2012″ Macs. See the follow-up post.

XProtect Updater Redux

Posted February 8, 2013 by GregN
Categories: Adobe, Commentary, Deployment, OS X

In the past 24 hours, Apple has released an update to the XProtect malware definitions. If your Macs have received the latest XProtect definitions, Adobe Flash Player will be blocked unless it is the version current as of yesterday (11.5.502.149).

If you have already updated your clients to that version of the Flash Player, good for you!

If you don’t want to be surprised by this sort of thing and have to scramble to address it, might I point you here?

Disabling iCloud as default save location

Posted February 5, 2013 by GregN
Categories: Deployment, MCX, OS X

icloud-logo has a new post on disabling iCloud as the default save location for new documents.

This feature affects apps that can save to iCloud, and only if the user has an iCloud account configured for the current login.

Still, you might want to turn this off by default for all users in your organization so they don’t accidentally store company documents on Apple’s servers. The post shows a command-line way to change this setting for a single user. How might you do this for all users?

One way would be to install a computer-level profile that installs the right settings. Here’s one.

If installed as root using the /usr/bin/profiles tool:

sudo profiles -I -F DontSaveNewDocumentsToiCloud.mobileconfig

This setting will be applied Once to all users as they login.

DontSaveNewDocumentsToiCloud.mobileconfig was created using Tim Sutton’s mcxToProfile tool.


Get every new post delivered to your Inbox.

Join 169 other followers