Bypassing the SecureToken dialog for mobile accounts

Ahh SecureToken; the gift that keeps on giving! macOS 10.13.4 introduced this new, undocumented dialog that would appear on first login under the following conditions:

  • If the filesystem is APFS
  • Whether or not FileVault is enabled
  • If the Mac is bound to a directory service (e.g. Active Directory or LDAP)
  • If the account logging in will be a directory based mobile account (i.e. it hasn’t been created yet)

The text reads:

Enter a SecureToken administrator’s name and password to allow this mobile account to log in at startup time.

You can Bypass this to continue creating your mobile account, but you may not be able to log in with this account when the computer starts up until your administrator resolves this issue.

Continue reading “Bypassing the SecureToken dialog for mobile accounts”


Lab Nauseam – Dawn of the DEP

Today, I presented at the Jamf Nation Roadshow in London. My talk focused on the trials and tribulations of integrating an installation based, DEP workflow into a lab environment leveraging DEPNotify and some exiting new/in-development user input functionality.

Bits and pieces from my presentation are all in this lovely GitHub repo:

There, you’ll find a more in-depth technical explanation with links to further resources and an example script to trawl through.

If you just want the slides, you can download them here.


A small company, dataJAR, run by a couple of my friends, Ben and James, has been facing legal action by DTAG (owners of T-Mobile) because they think they own the perception of a particular combination of wavelengths of light. They also think they can tell others not to use it.

Read more here:

I think it’s wrong, I think it’s bullying and I think it’s stupid. That’s why the main header image on my blog has gone a little more towards the lower end of the spectrum and the title has changed to reflect my new colour preference.

If you feel the same, please lend your support.

DTAG or T-Mobile or whoever you are, if you read this, I think you’d do well to follow Wheaton’s Law.

Keynote – showing off your code in presentations with Magic Move

I’ve been working on a presentation, part of which will involve stepping through code. I wanted to share a technique I refined a little that was inspired by James Smith (@smithjw on the Slack) of CultureAmp during his JNUC 2017 talk. It’s perfect when you want to scroll through a long script and highlight certain parts of it. Continue reading “Keynote – showing off your code in presentations with Magic Move”

Microsoft System Center Endpoint Protection (SCEP) – More hidden reporting goodness

I thought I was done with SCEP (see parts 1, 2 and 3) but whilst undertaking an exercise looking into using SCEP on some Linux servers (and specifically looking at how it can provide reporting data to SCOM via a Management Pack), I inadvertently came across a little-documented command line argument for one of its binaries, scep_daemon.

The documentation for the Linux SCEP SCOM Management Pack (what a mouthful!) vaguely alluded to feeding data to SCOM via a –status argument. This argument isn’t mentioned anywhere else in SCEP’s Linux documentation, nor listed when you invoke scep_daemon –help on either platform.

The Linux version of SCEP is also a rebranded version of ESET, just like its macOS counterpart and the above scep_daemon binary is also present in that version, so I thought I’d experiment in macOS… Continue reading “Microsoft System Center Endpoint Protection (SCEP) – More hidden reporting goodness”

Wrangling Unity in a lab environment

It’s time for another one of these “how do you suppress all the stuff you don’t want students to see and get the thing working the way you want the first time it runs” posts. In the red corner, it’s me, Neil. And in the blue corner, it’s Unity – a popular game development platform! Ding ding!

  • Round 1: Get the packages.
  • Round 2: Get the application licensed on your Macs.
  • Round 3: Suppress automatic updates and make sure Unity doesn’t sign in to your license holding account (because that’s really bad!!!).

Continue reading “Wrangling Unity in a lab environment”

Memcached – disabling UDP on Ubuntu

Another day, another vulnerability! This time, it’s memcache’s turn! Read all about it here.

So if you’re hosting your own Jamf Pro Server in a clustered environment, you’ve probably got memcached running. You’ll want to disable UDP access to it in order to mitigate against this vulnerability. Jamf Pro doesn’t use UDP for memcached anyway. Here’s what I did for my memcached endpoint running Ubuntu 16.04 LTS (the package for memcached is version 1.4.25 at the time of writing). Continue reading “Memcached – disabling UDP on Ubuntu”