Tag: Apple

Apple Watch and macOS Auto Unlock in enterprise environments

The topic of wether or not to allow an employee to use their personal Apple Watch to unlock their work Mac is a discussion that has come up a couple times over the years in the MacAdmins Slack #security channel.

When I first saw the subject brought up I hadn’t used the feature myself. At the time I was still maintaining separate personal and work iCloud accounts to keep everything segregated. But since I could imagine receiving a request from users to enable the feature, I decided I had better start testing it out so a policy could be formed in advance.

Apple calls the feature Auto Unlock. I’ve been using it for a while now and don’t see any reason to block it for employee use. Here’s why:

Continue reading

Customizing Microsoft Office versions served by an MAU Caching Server

I have been running a Microsoft AutoUpdate (MAU) Caching Server for a couple years now and have always allowed it to download and serve everything, even applications we don’t use. My thinking was that I’d rather have something and not need it, than need it and not have it.

This has never been an issue for older products like Office 2011 and Lync (or even current products like Company Portal and Skype for Business) because combined they are only around 500 MB. The fact that Office 2011 and Lync are no longer receiving updates means the bits on disk haven’t changed in over a year and don’t need to be downloaded with each run of MAUCacheAdmin.

However things changed with the release of Office 2019 last fall. While Office 2011 is no longer being maintained, Office 2016 will continue receiving security updates until October 2020. If you have already transitioned to Office 2019 this means that MAUCacheAdmin will continue to download almost 6 GB of installers and updaters every month that you don’t need.

Thankfully it is easy to customize this behavior so read on if you’d like the details.

Continue reading

Registering DetectX Swift with a Munki NoPkg

During a discussion in the #detectx channel of the MacAdmins Slack yesterday AP Orlebeke pointed out that when registering a DetectX Swift (DTXS) Pro or Management license via the command line it is only applied for users that already exist on the system. DetectX Swift will be in an unregistered state for any users created later.

In the ensuing discussion I opined that: “It would be trivial to whip up a Munki on-demand NoPkg that triggers the command line registration as root if the user ever got in a situation where they were using the DetectX GUI and were unregistered.”

DetectX developer Phil Stokes asked if I’d be willing to create an example so I did just that. Read on for the details.

Continue reading

Coordinating Adobe Creative Cloud updates with Munki

We need to tightly control the version of InDesign (ID) and InCopy (IC) in use here at the newspaper. As such we disable the Apps Panel within the Creative Cloud Desktop Application (CCDA) and exclusively use Munki to install Adobe Creative Cloud applications.

Yesterday we transitioned from InDesign CC 2014 to CC 2019 in a single day and I wanted to share the details in case it might be useful to others. Read on if you are interested in how we did it.

Continue reading

Dear Adobe: version numbers should go up!

When Adobe released their November 19 update to InDesign CC 2019 last week, they broke the most important rule of version numbering: the version should go up!

This wasn’t immediately obvious until today however due to an almost two week delay in the update becoming available to package in the Adobe Admin Console. This alone is a topic for another post…

Continue reading

Upgrade from Microsoft Remote Desktop for Mac 8 to 10 using Munki

Microsoft Remote Desktop 10

The upgrade of Microsoft Remote Desktop (MRD) from version 8 to version 10 also involves a change in delivery for many MacAdmins from the Mac App Store (MAS) to a standard package installer.

Since a few extra considerations are involved I decided to share how I accomplished it using Munki. Read on if you are interested in the details.

Continue reading

On Demand DetectX Swift scanning with a Munki NoPkg

Another component to my DetectX Swift (DTXS) Management License rollout this week is the ability for users to run a scan and have the results be sent to MunkiReport immediately. This could be useful anytime I don’t have easy access to a user’s computer and am having to walk them through things over the phone or via Slack and I want to verify the results of the scan remotely.

I accomplished this with an on demand Munki NoPkg that any standard user can easily run via Managed Software Center. Read on for the details.

Continue reading

Hourly DetectX Swift scans and MunkiReport

This week I began rolling out DetectX Swift (DTXS) with a Management License across our fleet. I first learned of DTXS earlier this year thanks to Zack McCauley and his DetectX Module for MunkiReport.

McCauley covers one option for automatic scans in his excellent Deploying DetectX Swift with Munki article using Outset and a boot-every script. He also helpfully included a sample LaunchDaemon in the module repo, however neither scans as frequently as I’d like. Read on for how I decided to handle automatic hourly scans and reporting.

Continue reading

A hybrid approach to managing Microsoft Office updates

Most MacAdmins take an either/or approach to managing updates for Microsoft Office on macOS, utilizing either Microsoft AutoUpdate (MAU) or Munki. However I’ve found that a hybrid approach using both works best for us.

I’ve shared my setup severals times on the MacAdmins Slack, most recently in a direct message, so I wanted to provide more details here. Read on if you are interested in how I’m keeping Office up-to-date and providing for new installs.

Continue reading

Automating installation and configuration of SSD Fan Control

This year we started seeing a problem with the hard drives failing inside our 2009, 2010 and 2011 iMacs here at the newspaper. The computers still work fine otherwise and since it is pretty easy to replace them (it can easily be accomplished in under ten minutes without removing the display) that is what we’ve been doing.

The only downside is that the OEM hard drives ship with specific Apple firmware that ties into the thermal management system. Installing a new hard drive or SSD results in the fans running at full blast. Thankfully software exists to work around this and I automated the installation and configuration with Munki, read on to see how.

Continue reading