The future of Mac labs

This weekend, I was invited to join the lovely folks on the MacAdmins Podcast to share my pontifications on the subject of labs and their future. The Mac platform is undergoing the most amount of change I’ve ever seen in my career. The ramifications for provisioning Macs in this specific and rather niche setting are profound.

Click here to listen to the show!

Thank you so much to the folks at the podcast – it was a real honour and privilege to have a chin-wag with you!


NetBoot – a nail in the coffin?

Apple have updated the following articles:

Create a NetBoot, NetInstall, or NetRestore image:

Mac startup key combinations:

The following parts stick out in particular:




I believe NetBoot is no longer possible on an iMac Pro, even if you disable Secure Boot, as outlined here: – I haven’t actually got an iMac Pro to test this on, so if anyone could confirm, that would be fantastic. I’m also not sure if Internet Recovery ( and works, but assume it does as Apple haven’t updated those articles (yet).

The 2.6 release of Configurator adds functionality to recover iMac Pros, in a similar fashion to a DFU restore on iOS devices:

It’ll be interesting to see what happens with the next round of Mac releases… interesting times indeed…

Redux: NetBoot and APFS – NFS all the things!

I don’t know what I’m doing. I poke things until they work. Then, I keep poking them to see if I can make them work better.

In my previous post, I looked at setting up NFS with BSDPy by installing the NFS kernel server. I had tried setting up a Docker container I’d found, namely the fuzzle/docker-nfs-server container, and failed. After doing some more digging, I found the macadmins/unfs3 container that uses the userspace nfs server. Continue reading “Redux: NetBoot and APFS – NFS all the things!”

NetBoot and APFS – NFS all the things!

Edit: I found a better way do do this with Docker! Still, this might be useful if you want to install the NFS server on the host itself…

Just writing this down before I go completely nuts…

NetBoot – the gift that keeps on giving! So, it turns out, in my environment at least, you can’t NetBoot a Mac that has an APFS formatted volume. My NetBoot environment is set up around Pepijn Bruienne’s awesome BSDPy like this:

  • Ubuntu Server 16.04 VM host
  • Docker containers providing these services:
    • BSDPy
    • TFTPD
    • HTTP

I set my server up following Graham Gilbert’s excellent guide.

Booting both NetBoot and NetInstall sets running either macOS 10.12.6 or 10.13.2 just flat out didn’t work. I didn’t look at NetRestore because imaging is dead, mkay?

DHCP/BSDP stage – fine. TFTP stage – fine. Then the progress bar that signifies the HTTP bit appears. And stays. Forever.

Continue reading “NetBoot and APFS – NFS all the things!”

VirtualBox – disabling automatic update notifications

"A new version of $application is available, please update now. Rainbows and Unicorns await!"

Seeing this when you launch an application is the scourge of anyone who manages Macs in a lab environment. Hours of my life have been wasted spent trying to disable or otherwise suppress this stuff. Some apps set this as a preference using Apple’s CFPreferences API (developers – this is how you should do it!), making it a case of just finding the appropriate key(s) and managing things with a Configuration Profile. If they use the Sparkle framework, then Allister Banks’ Extinguish script makes it even easier to manage the updates away. Other apps decide to do their own thing. Be it for cross-platform compatibility or another reason. VirtualBox, a free and awesome hypervisor, is one of our trickier customers. Continue reading “VirtualBox – disabling automatic update notifications”

Re-blog: London Apple Admins meet-up @ ITV – 23rd November

London Apple Admins are meeting this evening with a line up of great speakers, kindly hosted by ITV this time. Unfortunately, due to family circumstances, I can’t attend tonight, but I’ll be catching as much of the live stream as I can. And so should you, if you’re interested! Click the link below and enjoy!

Managing Microsoft System Center Endpoint Protection (SCEP) – Part 3

The Mac Admins community is interesting (amongst other things!). What’s really interesting is when someone contributes something, others often come forward and build on their work, ever-advancing it towards a state of pure awesome.

@glaurung got in touch with me on the Slack after I published part 1 and part 2 of my thoughts on managing SCEP. Here’s what he said:


This definitely builds on what I’ve done so far, and after some tinkering, I think I’ve in turn built on that… Read on! Continue reading “Managing Microsoft System Center Endpoint Protection (SCEP) – Part 3”