There’s a new craze sweeping the community. “Dad jokes”. The special kind of joke that makes you roll your eyes and cringe because it’s so bad, yet at the same time you feel a great wave of embarrassment because you find it funny.
So why am I blogging about this? I have kids, so any new way to annoy them will naturally peak my interest. But what have dad jokes got to do with systems administration? Let’s see…
I was lucky enough to share the stage with Joel Rennich at this year’s Apple Admin and Developer Conference UK. We spoke about how to achieve more automation and improve the ways we get Macs enrolled into our MDM solutions. The icing on the cake was a deep dive into some new functionality baked into NoMAD Login AD with the release of version 1.3.0.
Check out the video:
All my slides, documentation, example scripts and other bits and bobs are all available here:
In my environment, the UST is the core behind automating the process of getting our 30,000-ish directory users up and running with the identities they need to use in the world of Adobe Creative Cloud. With the advent of Shared Device Licensing, this becomes even more important.
Shared Device Licensing (which I’ll refer to as SDL from now on) for Adobe Creative Cloud is here! If you want the skinny on it, go check out Mr Mule’s fantastic write up.
So yesterday, it showed up in my Admin Console. Naturally, I spent much of my time mucking about with it, trying out all sorts of experiments to see what the results would be, or if something would break. Here’s an FAQ-style breakdown…
A quick one – if you’re deploying ESET Endpoint Antivirus or Security to Macs running macOS 10.14.x Mojave, you (or your users!) will have encountered this dialog:
To compound the problem, if you follow the instructions in that dialog and you’re not logged in as a local administrator, you’ll soon hit a roadblock.
This is all part of Apple’s new Privacy Preferences Policy Control (PPPC), or Transparency Consent Control (TCC), depending on what you want to call it. If you’d like to know more about that, check out Carl’s blog post and join the #tcc channel on the MacAdmins Slack.
Nothing in this world is perfect, and the same goes for EMM solutions (and this is fine – we’re only human after all). With Jamf, if you open a support case, it may sometimes end with no resolution, but instead you’re given a PI or D number – which means that an issue or defect has been identified with the product and logged.
Following Microsoft’s announcement that System Centre Endpoint Protection (SCEP) for macOS and Linux is to be discontinued by the end of this year, their recommended migration path is to switch to ESET Cyber Security. In fact, ESET are granting anyone wishing to switch a year’s subscription for free, which is nice.
It’s been difficult to find a central repository of information around how to migrate, what the options are and how to deploy and configure ESET. Things seem to be scattered around forum posts, knowledge base articles, or behind a wall of reverse engineering and poking. So let’s have a look (with a Jamf-twist although these things should be possible with other popular deployment tools)… Continue reading “Hello ESET Endpoint Antivirus! Deployment, management and migrating from SCEP.”
Adobe device license serial numbers have an expiry date. Adobe have the AdobeExpiryCheckcommand line tool you can run that’ll tell you if you have a device license serial number and what the expiry date is. This tool returns results that look like this:
That’s a huge load of text and a date that’s in a format we might want to change if we were to say, want to make it useful for our management tool of choice. Oh, and the AdobeExpiryCheck tool comes as a zip file download, so isn’t really mass-deployment friendly, if we want to get it on our entire fleet of computers.
So, no more support after the end of 2018 and definition updates may stop any time after that. There is the mention that you might be able to get ESET Endpoint Security for Mac if you contact your Microsoft TAM. The cost implications, or what it means to “qualify” are unclear.
As far as I know, ESET Endpoint Security for Mac uses a command line tool esets_set which is functionally on par with scep_set. That means my blog posts for managing SCEP (Part 1, Part 2, Part 3, and More Reporting) would probably be relevant for it.
Linux is left with no migration path – so if you manage SCEP on that platform, you’re on your own.