Updating macOS – A Nudge in the right direction – slides

I was stoked to present at the 2021 Penn State University MacAdmins Campfire sessions today!

After reviewing current methods of installing macOS software updates (softwareupdate, MDM commands and configuration profiles) and exploring their limitations the bulk of this presentation focused on how to deploy and configure Nudge; a utility written by Erik Gomez that persistently guides users to the System Preferences Software Update pane with varying levels of “persuasion”.

Thank you to everyone who attended and special thanks to the people at Penn State for organising the event!

Watch the video below:

Click here to download the slides!


Nudging users – for fun and for profit

At last Thursday’s London Apple Admins meet-up (April 1st), I did a short presentation and demo on the awesome utility Nudge, written by Erik Gomez. Grab a copy of the slides here and watch the video below:

Thanks to everyone who joined the meet-up to watch the talks and to all the other speakers. It was one of the most jam-packed London Apple Admins yet (let’s hope the next one is in person as lockdown eases across the UK – I really miss you all)! Also, be sure to check out Erik’s talk on Nudge that he did on the 30th of March for Texas Apple Admins.

(Really) Disabling Time Machine – a Multi-pronged Approach

Great Scott! Time Machine is a fantastic backup solution for people using Macs in a home environment but it can cause issues in enterprise settings. For example, around data loss prevention (DLP), as users can have local data on their Macs end up on a backup destination you don’t manage or control. With this in mind, lots of organisations prefer to use enterprise-grade backup solutions such as Code42, Backblaze or Druva etc.

If you have something like this in place, or your users use a cloud service like Google Drive or OneDrive, you might want to make sure Time Machine doesn’t rear its head again. Thankfully, we have some ways to keep it at bay. Thanks to Mike Dowler for a few extra pointers as I was discussing this with him in #london on the MacAdmins Slack!

Continue reading “(Really) Disabling Time Machine – a Multi-pronged Approach”

Managing Microsoft Remote Desktop 10 Bookmarks with handy Jamf Scripts

Microsoft introduced a handy feature in version 10 of their Remote Desktop client with little fanfare; the ability to manage bookmarks, feeds and gateways using the command line. I think it deserves some more attention.

Continue reading “Managing Microsoft Remote Desktop 10 Bookmarks with handy Jamf Scripts”

COVID-19, Folding@home, MacAdmins and You

Coronavirus is wrecking lives throughout the world and scientists are working hard to find ways to fight it. As MacAdmins, we can help. If you’ve seen images of the virus itself, you’ll notice it’s strewn with lots of little “spikes”. Known as the “Demogorgon” (scientists come up with cool names!), these protein structures act like a “key” to unlock our cells, allowing the virus to get inside them and do its work.

I’m no biologist by any means, and these folks explain it way better than I ever could. Understanding how these proteins behave, or “fold” is the key to developing ways to stop them. The Folding@home project has been running for many years and now it’s providing the distributed compute power needed to run simulations that help gain this understanding in the context of COVID-19.

By downloading (and optionally configuring) a client, your Mac (or Macs) can help in the war effort. You can help anonymously, or set up an identity to keep track of your stats (the number of work units you’ve processed and points you’ve gained). You can even join a team where your stats are accumulated with other members’. Folks in the MacAdmins community have stepped up to donate computing resources already. Eric Holtam has created the MacAdmins Folding@home Team, and we have a channel; #foldingathome in the MacAdmins Slack, ready to rock the lockdown.

If you want to get involved:

  1. Join us in the #foldingathome channel on the MacAdmins Slack.
  2. Download and install the client.
  3. Get your passkey.
  4. Join the MacAdmins Team (ID 257618).
  5. Read the rest of this post.
Continue reading “COVID-19, Folding@home, MacAdmins and You”

Uninstalling Adobe Flash Player – in a Flash!

It’s been a while since my last post. That’s because I joined dataJAR as a Systems Engineer in October after 15 years of working at the University of East London. It’s been a huge change and I’m loving every minute. I’m learning a huge amount from a fantastic team of wonderful people as I settle into the new role.

So, we’re approaching a milestone in computing history. All good things must come to an end and love it or hate it, Adobe’s Flash Player is no exception. As we enter a new decade, we say goodbye to this venerable piece of the interwebs, as it goes End of Life later this year.

As an admin, the announcement of Flash Player’s demise a mixed bag. Pleasure/pain, perhaps. Pleasure, in that you won’t have to manage the deployment of updates for one of the most frequently updated software titles ever (weren’t you using Autopkg so you didn’t have to anyway?). Then, as the serotonin wears off, the pain sets in. Because the slow realisation dawns on you; how are you going to automate the removal of this on all the computers you manage? Since it won’t get any more updates, that means any as-yet-undiscovered security vulnerabilities will remain unpatched. So it has to go. And there are a few ways to do the deed…

Continue reading “Uninstalling Adobe Flash Player – in a Flash!”

Adobe Shared Device Licensing – the 90 minute sign-in reminder is dead!

A major pain point of Adobe’s new Shared Device Licensing (SDL) is was a dialog that would appear 90 minutes following sign-in to a Creative Cloud application. This dialog would prompt the user to confirm that they were still themselves, offering the option to sign-out or continue.

It would also interrupt background processing and rendering in applications like After Effects and Premiere Pro. This impacts people in environments where they would quite reasonably leave a video render churning away overnight, for example. I support shared-use video edit suites where students do this.

On 2019-08-23, Adobe announced, via this forum thread, that the infamous dialog is no more! Although the official Shared Device Licensing Deployment Guide is now out of date as it still has an FAQ that mentions it…

Even better, is this appears to apply to installations that pre-date the announcement. I tested it specifically with Premiere Pro 13.1.4 and Photoshop 20.0.4 and an SDL “license only” package I created in July. For those playing at home, the Creative Cloud Desktop App (CCDA) was the current version, having auto-updated itself. I left the applications open for over 90 minutes. The dialog did not appear during app usage or if I closed and re-opened an app. It didn’t come back when opened a different Creative Cloud app either.

Thank you, Adobe!

2015 MacBook Pro battery recall checker script

So this happened. And it’s not good. And now you might be worrying about how many MacBook Pros you manage that may be at risk.

Here’s a script that might help. Feed it a text file containing the serial numbers of all the 2015 MacBook Pros in your fleet and remediate the ones that are “eligible”. Data is output in CSV format, which you could redirect to a file.

How to use it (once you’ve downloaded and made it executable):

./mbpserialcheck.sh /path/to/inputfile.txt

To output directly to a CSV file:

./mbpserialcheck.sh /path/to/inputfile.txt > /path/to/outputfile.csv

If you can’t see the script in this post (WordPress has issues embedding from GitHub on some mobile platforms), here’s a direct link for you: https://gist.github.com/neilmartin83/9b6b2163edb71e2e6e578df54f0d599a

# Check a list of serial numbers for eligibility in the 2015 MacBook Pro battery replacement recall
# Returns only eligible serial numbers
# The text file must be formatted with Unix (LF) line breaks
# Usage: mbpserialcheck.sh /path/to/inputfile.txt
# To output directly to a CSV file: mbpserialcheck.sh /path/to/inputfile.txt > /path/to/outputfile.csv
# Written by Neil Martin https://soundmacguy.wordpress.com
# With thanks to Nick Tong for his original Jamf EA which gave me the inspiration for this script. https://www.jamf.com/jamf-nation/discussions/32400/battery-recall-for-15-mid-2015-mbp
# 2019-06-21
# 2019-06-30 revised to read file directly and avoid problems with filenames containing spaces – thanks to Ben Goodstein.
# Edit the variable below to the filename of your text file containing a list of serial numbers to check
# Do not edit below this line
# Verify the file exists
if [[ ! -e "$file" ]]; then
echo "Serial number list file not found or specified"
echo "Ensure that the filename and path specified are correct"
echo "Script usage: ./mbpserialcheck.sh /path/to/file.txt"
exit 1
# Loop through the list and submit data to Apple
while read -r serial || [[ -n "$serial" ]]; do
guid=$(uuidgen | tr "[:upper:]" "[:lower:]")
resp=$(curl -d "$postData" -H "Content-Type: application/json" -X POST "https://qualityprograms.apple.com/snlookup/062019" 2>&1)
if [[ "$resp" == *'"status":"E00"'* ]]; then
echo "$serial,eligible"
elif [[ "$resp" == *'"status":"E01"'* ]]; then
echo "$serial,ineligible"
elif [[ "$resp" == *'"status":"E99"'* ]]; then
echo "$serial,error please recheck"
elif [[ "$resp" == *'"status":"FE01"'* ]]; then
echo "$serial,empty serial"
elif [[ "$resp" == *'"status":"FE02"'* ]]; then
echo "$serial,invalid serial"
elif [[ "$resp" == *'"status":"FE03"'* ]]; then
echo "$serial,error please recheck"
echo "$serial,unknown result please recheck"
done < "$file"

Thanks to Nick Tong for the inspiration behind this. He wrote a Jamf Extension Attribute you can use that’ll tell you which MacBooks are eligible for recall the next time they submit inventory.

Customising the Creative Cloud Desktop App – what Adobe doesn’t tell you


That file ^^. If you’ve ever deployed the Adobe Creative Cloud Desktop App (CCDA) or any Adobe application that uses it, you might have come across this little nugget. On macOS it lives in /Library/Application Support/Adobe/OOBE/Configs/ and on Windows it’s in C:\Program Files (x86)\Common Files\Adobe\OOBE\Configs\. This is especially interesting if you wanted to have a bit more control over what’s shown or hidden post-deployment (because sometimes we change our minds).

Ben Toms goes into the gory details here. So do read that if this is something you’re encountering for the first time.

You’ll find there’s more to this once you scratch beneath the surface…

Continue reading “Customising the Creative Cloud Desktop App – what Adobe doesn’t tell you”

Dad Jokes as a (Self) Service (DJaaS?)

There’s a new craze sweeping the community. “Dad jokes”. The special kind of joke that makes you roll your eyes and cringe because it’s so bad, yet at the same time you feel a great wave of embarrassment because you find it funny.

So why am I blogging about this? I have kids, so any new way to annoy them will naturally peak my interest. But what have dad jokes got to do with systems administration? Let’s see…

Continue reading “Dad Jokes as a (Self) Service (DJaaS?)”
%d bloggers like this: