My IT Notes
Poorly written notes on various workflows I come across as a consultant. My focus is Jamf management, macOS & iOS deployment and device security, Meraki networking, and Google Workspaces. I’m an Installomator maintainer and you can find me on macadmins Slack: @Isaac or get some of my professional time @ mann.com.
Tricking require an admin password to access system-wide settings
Summary macOS has a setting under System Settings > Security and Privacy > Advanced called “Require an administrator password to access system-wide settings” (I’m going to call it “require admin setting” from here out). The help section describes this option as “Prevent users from changing locked system settings without an administrator’s password.” Unfortunately the setting…
Keep readingJamf Pro Framework Not Installing or Redeploying
Starting on or around Monday June 26th we recently ran into some issues where the Jamf Pro Binary located at /usr/local/bin/jamf was missing on newly enrolled computers. The computers would be MDM enrolled but and would receive configuration profiles but the Jamf Management Framework, including Self Service and the jamf binary would be missing. Because…
Keep readingCapturing Jamf Protect Diagnostics to S3
While it doesn’t happen often at all sometime your staff will have issues performance issues with Jamf Protect. This was apparent for us recently with an issue that was patched in 3.1.4.425, which was compounded by a Unified Logging filter that generated a lot of information. In the process of gathering logs for support we…
Keep readingDetecting Zoom Installer Used
The ZoomIT installer installs a modified IT version of Zoom which the standard installer packages will not update. Instead the users will see this error, even if this is pushed down from MDM. The following command can be used to identify if the IT version of Zoom is installed or not. If it returns 1,…
Keep readingEnforcing and Fixing Jamf Protect
Summary This is an updated version of my previous article to utilize Jamf Pro’s built in automatic installation workflows instead of uploading your own package file. One issue with these provided workflows is that they run “once per computer”, when a plan configuration profile is push to a computer. This means it will attempt to…
Keep readingAirWatch & Okta – Group departed employee devices
It’s important to identify devices that are owned by previous employees and take action on them, either removing or quarantining them so that they don’t continue to have access to company resources. I you have Okta’s LDAP configured in Airwatch you can do this via a User Group and some custom filters in the devices…
Keep readingFollow My Blog
Get new content delivered directly to your inbox.
AirWatch CIS Departed Enrollment Jamf Management Framework Jamf Pro Jamf Protect Okta security STIG Users