Deploying Photo Mechanic 6 with Munki

Photo Mechanic 6 (PM), released last year, is a major overall to the venerable software used by photojournalists worldwide. It is now 64-bit for compatibility with macOS Catalina and includes a number of other changes from PM5.

Thankfully the ability to programmatically activate and deactivate is still there so only a few changes are needed in our Munki scripts.

What follows is basically the same as my post from last year, Deploying Photo Mechanic 5 with Munki, without all the background details, so read on if you want to see the changes needed to the scripts.

Continue reading

Suppressing Microsoft AutoUpdate’s new macOS Upgrade alert

Microsoft Office officially dropped support for macOS 10.12 Sierra last week with the release of the 16.31 updates. This came as no surprise to MacAdmins as the Office for Mac team announced the N-2 macOS support plan back on Sept. 4, 2018. What did come as a surprise was a new Microsoft AutoUpdate (MAU) alert encouraging users to upgrade to macOS Catalina.

This obviously presents a problem in managed environments where end users are not able to upgrade themselves directly though the App Store. While most admins should focus their efforts on upgrading computers to a newer version of macOS, in environments where computers must remain on Sierra or older, suppressing this dialog is desired.

Thankfully it is possible to do so with a configuration profile, read on for the details.

Continue reading

Microsoft AutoUpdate Daemon renamed

A last minute decision to rename Microsoft AutoUpdate’s daemon from “Microsoft AU Daemon.app” to “Microsoft Update Assistant.app” in version 4.15 caused an unexpected dialog to appear for users last week.

MacAdmins have been suppressing this standard macOS dialog for several years by pre-registering Microsoft AutoUpdate in the Launch Services database. The sudden name change caused the dialog to unexpectedly appear during the monthly update cycle of Microsoft Office in September.

Read on for details of what needs to be updated in your script to suppress this dialog for users going forward.

Continue reading

Privacy and Consent changes in Microsoft Office 16.28

Microsoft Office 16.28, released Tuesday, includes a new privacy dialog for users and a number of changes to the preferences that control privacy and telemetry settings. This new dialog cannot be directly suppressed for Office 365 users, but can for those with a 2019 Volume License.

Microsoft has provided documentation, Use preferences to manage privacy controls for Office for Mac, of these new preferences and Paul Bowden provided a Keynote slide deck, Privacy and Consent Controls (PDF version), from a set of video conferences he hosted last week. (Unfortunately video recordings of the calls are not available.)

Thanks to the hard work of the Office for Mac team most of these preferences can be managed via configuration profiles. Read on for an overview of the changes and items of note.

Continue reading

Forcing Microsoft Office update deadlines with MAU

Microsoft AutoUpdate 4Microsoft AutoUpdate (MAU) version 4.13, released in mid-July, adds the ability to force update deadlines for Office applications. I was one of the MacAdmins who provided Microsoft developers with feedback starting last October and am happy to see the feature come to fruition.

This new functionality will definitely change how I handle updates as described in my post “A hybrid approach to managing Microsoft Office updates.”

The documentation Microsoft provided around the new feature is pretty good. But there has definitely been a lot of confusion in the MacAdmins Slack around getting it to work and there are some quirks to be aware of. If you are interested in the intricacies please read on.

Continue reading

Disabling Microsoft AutoUpdate’s new Required Data Notice in managed environments

Version 4.13 of Microsoft AutoUpdate for Mac, released on Tuesday, contains a new Required Data Notice that will pop up immediately upon installation and must be acknowledged before MAU will continue to function.

While the user experience is not great, thankfully Microsoft has provided us a way to suppress the new dialog on managed systems. Read on for the details.

Continue reading

Microsoft Teams notifications from MAU Caching Server

Back in February I wrote about Automating MAU Caching Server with Slack Notifications and it has been working great. Earlier this week a request was made on Github to add support for sending notifications to Microsoft Teams.

We don’t use Teams here at work but a quick search showed it supports messages via an incoming webhook, just like Slack, so I decided it give it a try. It didn’t take long to adjust the code and after realizing I could create a Teams workspace for free I got it tested in short order.

Paul Bowden merged my pull request so if you’d like to take advantage just grab version 2.6 of the MAUCacheAdmin script. If you are interested in the details read on.

Continue reading

Installing and registering DetectX Swift with a single package

Yesterday a colleague on the MacAdmins Slack asked for some help creating a package that would both install and register DetectX Swift (DTXS) all in one shot. He was having trouble getting it to work with Jamf Composer even though a couple of us agreed that in theory his method should be working.

While admins are able to easily register DTXS after installation using management tools, in my case Munki and in his Addigy, the goal was to create a package that could be installed manually by less savvy techs or sporadically as needed via Apple Remote Desktop (ARD).

I had a little time at lunch today and decided to give it a try as a basic package using pkgbuild. Thankfully it worked perfectly right out of the gate, read on if you’d like the details.

Continue reading

Automating Reposado with Slack Notifications

To know when Apple releases new updates that are downloaded by my Reposado server I’ve been depending on random checks via Margarita, emails from the Security-announce list or discussions on the MacAdmins Slack. Automating repo_sync runs is easy enough with a LaunchDaemon or cron job, but I want to automatically be notified whenever a new update is detected.

When searching to see if anyone had already done the work I found a script by Michael Stango on GitHub that sends email notifications when new updates are downloaded. Stango’s script even takes things a step further with the ability to automatically add new products to a testing branch. Awesome!

Since I have all my similar notifications (AutoPkg, MAU, etc.) feeding into Slack I wanted to send Reposado notifications there as well. I’ve been testing the updated bash script for a few weeks and am happy to share it, read on if you are interested in the details.

Continue reading

Working around failed Apple software updates with Munki

For at least a year MacAdmins have been dealing with Apple security updates failing if they are not installed soon after being downloaded. This is especially apparent to Munki admins who have Managed Software Center (MSC) configured to install Apple updates. Munki will invoke softwareupdate to download updates as soon as they are detected but users can defer the installation via MSC indefinitely by default.

If enough time has passed when the user finally decides to allow the logout / reboot for the update it will silently fail. The computer will reboot and the user will find themselves at the login window thinking the update completed successfully. However an hour or so later softwareupdate will again detect the update, download it and MSC will prompt the user to logout and install the same update they think they had just installed.

This is not a great user experience and has led to some frustration here at the newspaper. I’ve written a script that works around this behavior, read on if you are interested in the details.

Continue reading