Weekly News Summary for Admins — 2019-03-22

Apple flooded us with new releases this week. We got a new iPad Air and new iPad mini, a long-awaited update to the iMac, new Airpods, changes to the BTO pricing for iMac Pro and MacBook Pro, Apple School Manager Federated authentication, and some software updates. As Steven Troughton-Smith pointed out, there have been keynotes for less news.

Not everyone is happy about the “new” iMacs, though: No T2 System Controller and 1TB 5400rpm spinning disks in the base models. I will have some thoughts about the “new” iMacs in my presentation at MacADUK next week! (See you there, if you are going, there may be a few tickets left.)

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Headlines

News and Opinion

MacAdmins on Twitter

  • Zachary Cutlip: “Illustrated: talking to a VMware Fusion guest’s serial port… ”
  • Anthony Reimer: “The surprising thing about today’s iMac update: the bottom, non-Retina 21.5″ model was left completely untouched. Budget model, I guess.”
  • Alex: “The T2 cannot interface with Fusion Drives and Apple doesn’t seem to want to spend the time to make it work. My guess is that next year we will see the end of HDD. I was hoping maybe a redesign would have made it happen this year but no luck.”
  • Steve Troughton-Smith: “iPad Air, iPad mini, iMacs, iMac Pro BTO bump, iPod touch, AirPods, AirPower and Watch bands as press releases — we’ve had full-blown keynotes for less”
  • Charles S Edge: “The contracts are signed and about half the pages are written, so pleased to announce that @rtrouton and I will be turning in the first draft of a new book called “A Unified Theory of Apple Device Management” to @Apress in July of 2019! Rich, you’ve been awesome to work with!!!”
  • Fraser Speirs: “Apple is continuing to cede the K–12 identity, data and workflow space to Microsoft. Maybe the right call but puts them at enormous weakness and disadvantage in the sector.”
  • Laura Rösler: “We finally reached the 20k Mac clients at @SAP. Let‘s open a bottle of #champagne”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-03-15

Lot’s of news for important conferences this week. JamfNation User Conference, MacSysAdmin, and WWDC are getting obviously closer. Also, MacADUK has sold out of tickets! (10 days and counting…)

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

Conferences

MacAdmins on Twitter

  • Tim Perfitt: “Version 1.4 of MDS is going to be awesome. How awesome you ask? Glad you asked. 1/” (Thread)
  • Steve Troughton-Smith: “I like to remind myself sometimes that the current Mac Pro was announced before iOS 7…”

News and Opinion

Bugs and Security

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Pi-Day: Let’s talk about dates, baby!

Happy Pi day!

Explanation for those who live in countries with sensible units and date notations: Americans – aside from using weird non-metric units – also have the odd habit of putting the month first in dates, then the day, then the year. So: ‘Mar 14, 2019’ or 3/14/2019. Instead of the more sensible 14.3.2019.

On the other hand, once every year, this weird notation will spell out 3.14, or the first three digits of the circle number, π (pi). And since non-mathematicians seem to love the (non-deserved) quasi-mystical nature of Pi and mathematicians are happy that at least once a year people are paying attention, Pi-day has become kind of a thing.

It’s also an excuse to bake tasty pies as a real-world dad joke manifestation, so overall, fun can be had!

But since we are talking about date notations…

While the day.month.year notation common in the rest of the world is arguably better than the American month/day/year, it is still not an ideal notation. Even better is year-month-day, especially when used with fixed digit lengths: YYYY-MM-DD, e.g. 2019-03-14.

While we will have to wait 1122 years before this notation approximates π, it has many other benefits. First, it sensibly and obviously sorts the components of date and time from largest (years) to lowest (seconds or even fractions of a second). It is fairly easy to parse in scripts and languages. When you sort ISO 8601 date strings alphanumerically, they will be in the correct order for dates. No other notation does that.

This is the reason this notation is enshrined as ISO 8601 and used in many places on your computer. For example, property lists encode timestamps in ISO 8601.

Learn more about property lists in my book: “Property Lists, Preferences and Profiles for Apple Administrators”

Jamf Extension Attributes can also be parsed properly as dates when returned in ISO 8601 format.

Dates in the shell

When working in shell scripts on macOS, you can use the date command to get the current date or for other date operations. Other flavors of unix-like operating systems have a specific flag to get ISO 8601 output, but in macOS you have to format manually:

$ date -u +"%F"
2019-03-14
$ date -u +"%FT%T"
2019-03-14T08:00:15

When you want a file’s creation, access, or modification date you can use the stat command:

$ stat -f 'Created: %Sc   Modified: %Sm   Accessed: %Sa' pi-day
Created: Mar 14 08:43:07 2019   Modified: Mar 14 08:43:06 2019   Accessed: Mar 14 08:43:06 2019

You can use the -t option to format the time:

$ stat -f 'Created: %Sc   Modified: %Sm   Accessed: %Sa' -t "%FT%T" pi-day
Created: 2019-03-14T08:43:07   Modified: 2019-03-14T08:43:06   Accessed: 2019-03-14T08:43:06

Finder and macOS Interface

You can teach Finder an approximation of ISO 8601. Go to System Preferences > Language & Region and click on the ‘Advanced…’ button and select the ‘Dates’ tab:

Set something close to the ISO date format for Mac
Set something close to the ISO date format for Mac

AppleScript

AppleScript will use the system’s date formatter (set in System Preferences) to parse and print dates. It will use the “Full date format” to show date objects by default, which is quite elaborate.

You can declare date variables with the short format, but as soon as you “compile” the script, it will be replaced by the full format. So, this:

set thedate to date "2019-03-14"

will turn into this

set thedate to date "Thursday, 14 March, 2019 at 00:00:00"

AppleScript uses the date format defined in System Preferences, so you have to have this set up. This format will also be used when AppleScript extracts a date object to a string, but again it will use the full date format by default:

get date string of thedate
"Thursday, 14 March, 2019" 

There is, however, a short date string property you can use:

get short date string of thedate
"2019-03-14"

Again, the output will depend on the format set in System Preferences.

  • AppleScript Language Guide: date

Python

Getting and parsing ISO dates with Python is (not surprisingly) easy.

$ python
>>> import datetime
>>> datetime.date.today().isoformat()
'2019-03-14'
>>> datetime.datetime.now().isoformat()
'2019-03-14T09:03:24.107317'
>>> datetime.datetime.now().replace(microsecond=0).isoformat()
'2019-03-14T09:04:10' 

You can also parse an ISO string with python:

>>> datetime.datetime.strptime("2019-03-14T10:09:12", "%Y-%m-%dT%H:%M:%S")
datetime.datetime(2019, 3, 14, 10, 9, 12)

Swift

Swift uses the Date class to represent dates and times. There is a DateFormatter object which can convert Date objects to strings and back. There is also a dedicated, if awkwardly named, ISO8601DateFormatter class just for ISO dates and times.

let now = Date()
print(ISO8601DateFormatter().string(from: now))

let pidaywithtime = ISO8601DateFormatter().date(from: "2019-03-14T15:09:26Z")

You can even customize the behavior of the ISO8601DateFormatter:

let dateISOFormatter = ISO8601DateFormatter()
dateISOFormatter.formatOptions = [ .withFullDate, .withDashSeparatorInDate]
let piday = dateISOFormatter.date(from: "2019-03-14")

Weekly News Summary for Admins — 2019-03-08

Steve Troughton-Smith gave us all a glimpse of the future this week as he documented how to already use the “Marzipan” framework that allows UIKit (iPad) apps to run on macOS. Even if you don’t develop it is worth browsing through those posts. You will get an interesting look at the features and limitations that ported apps will have.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

MacAdmins on Twitter

  • Akshay Bakshi: “Coming soon to a Dock near you. New app icons in Office for Mac.… ”
  • Jeff Johnson: “The Mac App Store has put price pressure on Mac apps, but not as bad as in the iOS App Store. Mac app prices are still generally much higher on average than iOS app prices. Marzipan could change that though.” (Thread)
  • Timo Perfitt: “MDS was just approved in the app store. Didn’t expect this. I’m going to need a minute.… ”
  • Steve Troughton-Smith: “I had another go at making this work, and I got somewhere: here is AppleScript in a Marzipan app… ”
  • Otto the Automator: “Steve, that’s a beautiful thing to see. Thank you for making my day.… ”

Bugs and Security

Support and HowTos

Scripting and Automation

Updates and Releases

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-03-01

This week we got great posts from MacAdmins on bash, snapshots, bootstrappr, MDS, Fleetsmith, Intune with Munki, AutoPkgr with Jamf Cloud and more.

I am always intrigued at how diverse the MacAdmin community can be. Of course, all our lives rotate around the Apple platforms, but the approaches and tools today are more varied than they have ever been.

Apple may be drastically changing how we deploy Macs, but there are so many tools, both open and commercial, that are being created to fill the gaps or improve on existing tools. It is an exciting time to be a MacAdmin!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

News and Opinion

Support and HowTos

Scripting and Automation

Updates and Releases

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Install Bash 5 on macOS

The default bash on macOS is still bash v3:

$ bash --version
GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin18)
Copyright (C) 2007 Free Software Foundation, Inc.

Just recently, bash v5 was released. The discrepancy comes from the fact that bash has been licensed as GPL v3 since version 4. Apple does not include GPL v3 licensed tools with macOS.

However, nothing is keeping you from downloading and installing the latest bash version.

New features include, among many other things, associated arrays (i.e. dictionaries) and better auto-completion setup.

While you would think this is a common desire, most pages I have found will simply point to Homebrew to download and install a newer bash version.

The main challenge with using brew is that it does not work on the scale that MacAdmins require. brew is designed for single user installation, where the user has administrator privileges. brew’s workflows do not scale to large deployments controlled with a management system.

Ideally, there would be package installer for the latest bash version. Unfortunately, the bash project does not provide one.

In this post, I will show how you can install the latest bash version without brew and how to build an installer package for deployment.

Manual Installation

This requires Xcode or the Developer Command Line Tools to be installed.

First, download the source for the latest bash version from this page. As of this writing the latest version is bash-5.0 and the file you want is bash-5.0.tar.gz. Once downloaded, you can expand the archive in Finder by double-clicking.

Open a Terminal window and change directory to the newly expanded bash-5.0 directory. Then run the configure script there.

$ cd ~/Downloads/bash-5.0
$ ./configure

The configure process will take a while, there will be plenty of messages showing progress.

Once the configure process is complete. You can build bash with the make command.

$ make

This will build the bash binary and the supporting files in the current directory. That’s not where we want it in the end, but it is probably a good idea see if the build process works. This will (again) take a while. There will be some odd looking warnings, but you can ignore those.

When make succeeds, you can actually install bash v5 with

$ sudo make install

This will build and install the bash binary and supporting files in /usr/local/bin and /usr/local. sudo is required to modify /usr/local.

If you were just looking for a way to install bash v5 without brew, you are done!

There is more useful information in the rest of the post, though, so keep reading!

How the new and the old bash interact

By default, the bash v5 binary is called bash and will be installed in /usr/local/bin. The macOS default PATH lists /usr/local/bin before /bin where the default bash v3 binary, also called bash, is located.

This means, that when a user types bash in to a shell, the version in /usr/local/bin will be preferred over the pre-installed bash v3.

You can test this behavior in Terminal. Since the default shell has not yet been changed from /bin/bash the Terminal still opens to bash v3. You can test this by showing the BASH_VERSION environment variable:

$ echo $BASH_VERSION
3.2.57(1)-release

But when you then run bash it will invoke /usr/local/bin/bash, so it will run the new bash v5. It will show this in the prompt, but you can also verify the BASH_VERSION.

$ bash
bash-5.0$ echo $BASH_VERSION
5.0.0(2)-release

This might be the setup you want, when you want to use bash v5 always. It might lead to some unexpected behavior for some users, though.

One option to avoid this ambiguity is to rename the binary in /usr/local/bin to bash5. But then other tools such as env (mentioned below) will not find the binary any more.

Note: the PATH in other contexts will likely not contain /usr/local/bin and further confuse matters.

bash v5 and Scripting

Scripts using bash, should have the full path to the binary in the shebang. This way, the script author can control whether a script is executed by the default bash v3 (/bin/bash) or the newer bash v5 (/usr/local/bin/bash or /usr/local/bin/bash5).

It is often recommended to use the env command in the shebang:

#!/usr/bin/env bash

The env command will determine the path to the bash binary in the current environment. (i.e. using the current PATH) This is useful when the script has to run in various environments where the location of the bash binary is unknown, in other words across multiple Unix and Unix-like platforms. However, this renders the actual version of bash that will interpret the script unpredictable.

For example, assume you have bash v5 installed in the default configuration (as /usr/local/bin/bash. A script with the shebang #!/usr/bin/env bash launched in the user environment (i.e. from Terminal) will use the newer bash, as /usr/local/bin comes before /bin in the search order.

When you launch the same script in a different context, e.g. as an installation script, an AppleScript, or a management system, /usr/local/bin will likely not be part of the PATH in that environment. Then the env shebang will choose /bin/bash (v3). The script will be interpreted and might behave differently.

Administrators prefer certainty in their managed environments. Administrators should know the location and versions of the binaries on their systems. For management scripts, you should avoid env and use the proper full path to the desired interpreter binary.

The solutions to resolve the ambiguity are

  • use the full path to the binary in the shebang
  • manage and update the additional custom version of bash with a management system
  • (optional) rename the newer bash binary to bash5 or bash4 (this also allows you to have bash v4 and bash v5 available on the same system)
  • Scripting OS X: On the Shebang
  • Scripting OS X: Setting the PATH in Scripts

Changing a user’s default Shell to bash v5

Even though we have installed bash v5, the default shell of a new Terminal window will still use the built-in bash v3.

The path to the default shell is stored in the user record. You can directly change the UserShell attribute with dscl, in the ‘Advanced Options’ of the ‘Users & Groups’ preference pane, or in Directory Utility.

There is also a command to set the default shell:

$ chsh -s /usr/local/bin/bash
Changing shell for armin.
Password for armin: 
chsh: /usr/local/bin/bash: non-standard shell

The chsh (change shell) command will check for allowed shells in the /etc/shells file. You can easily append a line with /usr/local/bin/bash to this file, and then chsh will work fine.

$ chsh -s /usr/local/bin/bash
Changing shell for armin.
Password for armin: 

Note: if you choose to rename the bash binary, you have to use the changed name in /etc/shells and with chsh.

Remember that just running chsh will not change the shell in the current Terminal window. It is best to close the old Terminal window and open a new one to get the new shell.

Packaging bash v5 for mass deployment

While these steps to install and configure bash v5 on a single Mac are simple enough, they would not work well with a management system for hundreds or thousands of Macs. We want to wrap all the files that make install creates into a package installer payload.

The --help option of the configure script yields this useful information:

By default, make install' will install all the files in/usr/local/bin,/usr/local/libetc. You can specify an installation prefix other than/usr/localusing–prefix, for instance–prefix=$HOME`.

When we run the configure script with the --prefix option it creates a folder suitable as a payload for a package installer. We can then use pkgbuild to build to create an installer pkg:

$ cd ~/Downloads/bash-5.0
$ mkdir payload
$ ./configure --prefix=/Users/armin/Downloads/bash-5.0/payload
$ make install
$ pkgbuild --root payload --install-location /usr/local --identifier org.gnu.bash --version 5.0 bash-5.0.pkg
pkgbuild: Inferring bundle components from contents of payload
pkgbuild: Wrote package to bash-5.0.pkg

(Note: the --prefix argument requires an absolute path.)

Automate the package creation

So, we have our workflow for building an installer package to distribute and configure bash v5:

  • download the archive
  • extract the archive
  • run configure with the --prefix argument
  • run make install to create the files in a payload folder
  • optional: rename the resulting bash binary to bash5 to avoid conflicts
  • add a postinstall script that adds /usr/local/bin/bash[5] to /etc/shells if not yet present
  • build the installer with pkgbuild

This sounds like a workflow ripe for automation. You can get the script from this repository.

You can pass a different (valid) bash version number as an argument to the script, e.g. 4.4.18. (I did not test anything significantly older.) The script does not autodetect the latest version and defaults to version 5.0 when no argument is given. When an update to bash v5 is published, you will have to modify the version line or run the script with an argument.

I have not (yet) figured out how to detect the latest version from the download web page. An autopkg recipe will have to wait for that. (If someone else wants to tackle that, please do!)

Weekly News Summary for Admins — 2019-02-22

Some more rumors this week, which keep foreshadowing an “interesting” year for Mac Admins.

We also have mandatory two-factor authentication, some audio bugs, interesting documentation from Microsoft, lots of great posts from fellow admins (as usual, many thanks!), and a few updates and releases.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

News and Opinion

MacAdmins on Twitter

  • Allen Golbig: “If you use smartcards in your environment, the latest Insider Fast build of Microsoft Outlook 16.23 (190212) supports CryptoTokenKit! ”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

Apple Two-Factor Authentication for a Secondary Apple ID

Apple sent an email to developers, stating that later this months, two-factor authentication will be required for Apple IDs used for developer accounts.

If you, like me, use separate Apple IDs for your personal iCloud and your developer accounts, this will pose some kind of challenge. There is a solution, however Apple does not document it very well.

Update: Apple now has a very detailed support page for this topic.

Two-factor authentication for the primary account

Assumption: you have two-factor authentication (2FA) enabled on your primary, personal Apple ID, and are logged in to that account on your Mac(s) and iOS devices. If you haven’t done that yet, do it now. 2FA does increase your account security significantly.

You can enable 2FA on any device logged in to the account in the iCloud Settings or preference pane. As part of the setup you can provide one or more phone numbers as a fall back mechanism. If no devices can be prompted through Apple’s built-in 2FA, it will send an SMS to the trusted phone numbers. You can use the same phone number for multiple Apple IDs, but there seems to be some limit on how often you can do that.

Enable 2FA for the secondary account

Assumption: The secondary account is your developer Apple ID, you don’t use it for iCloud storage, device backups, mail etc. You use it to log in to developer.apple.com and iTunes Connect, and to get all the certificates and other resources you need as a developer.

The challenge here is that you can only enable 2FA on the first account logged in to iCloud on a device. You could log out of your primary iCloud account, and the log in with the secondary, but this will disrupt a lot of things on your device. I’d rather avoid that.

On a Mac, you can have a separate iCloud account for each local user. So, it is easiest to create a second user account, log out of your first account, log in to the new second account and set up iCloud and 2FA for the developer Apple ID on this second local account.

You can sign in to the secondary Apple ID enable 2FA in System Preferences -> iCloud -> Account Details -> Security as described in Apple’s Support Article.

Follow the prompts to set up 2FA, you can re-use the same phone number as a trusted number. (There seem to be limits to how often you use the same phone number, but two accounts works fine for me.)

Once 2FA is set up, we don’t need the second user account on the Mac any more. Sign out of iCloud, log out of the second account and back in to your normal user account.

If you are ok with using SMS authentication (Apple calls this ‘two-step authentication’, rather than ‘two-factor authentication’) then you are done. However, many will argue codes over SMS are not good enough for secondary authentication, so we want go to ‘full’ 2FA.

Use the secondary Apple ID

As it turns out, you can be logged in to multiple iCloud accounts on the same device or account. Certain services, such as iCloud storage, or the Photo Library, will only work with the primary iCloud account, but other services, including 2FA, will work for all iCloud accounts.

On your iOS device go to Settings > Passwords & Accounts > Add Account, and choose to add another iCloud account. You probably want to turn off all services, like Mail, Calendar, etc. secondary account.

Second iCloud Account on iPhone
Second iCloud Account on iPhone

On the Mac you can do the same in System Preferences > Internet Accounts. You can use both your Mac and iOS devices for 2FA.

Second iCloud Account on macOS
Second iCloud Account on macOS

Now the secondary Apple ID will prompt the devices you are logged in as for 2FA.

2FA prompt on the iPhone
2FA prompt on the iPhone

Weekly News Summary for Admins — 2019-02-15

Lots of interesting posts this week.

But most interesting for MacAdmins fighting with SecureToken, read Rich Trouton’s two posts which might help you get out of situations that were so far considered dead ends.

MacRumors points to the week of June 3 for WWDC this year (no big surprise) and Bloomberg (the other Mac rumors site) points to March 25 for a ‘subscription service’ event. Since MacADUK starts on March 26, this event could lead to some last minute slide shuffling.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

#! On Scripting OS X

📰News and Opinion

🐦MacAdmins on Twitter

  • Kyle Crawford: “Why does Apple need a sysdiagnose for a feature enhancement? Don’t they know the features of their own software? startosinstall should warn if Internet connection is needed before running. How is a having a sysdiagnose going to add any value?”
  • Jordan Rose: “Command-line tip: sftp -a is a mostly drop-in replacement for scp that allows resuming an interrupted download.”
  • Mike Boylan: “TIL about the “HP Easy Admin” tool. If you’re a school, large org, or enterprise and are looking for the HP driver package for a printer v the home/single-use Easy Setup app, you can use Easy Admin to go get the pkg-based driver installer to be used at scale.”
  • Graham Pugh: “The clear and reliable world of DEP enrollment…” (click to see full tweet)
  • Graham Pugh: “Regex of Mojave-compatible Mac model identifiers: ^(iMac1[3-8]|iMacPro|MacBook[8-9]|MacBook10|MacBookAir[5-7]|MacBookPro9|MacBookPro1[0-5]|MacMini[6-7]|MacPro[5-6])

🐞Bugs and Security

🔨Support and HowTos

🤖Scripting and Automation

🍏Apple Support

♻️Updates and Releases

📺To Watch

📚Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Book Update: macOS Installation v4

The third update to my book “macOS Installation for Apple Administrators” is available.

If you have already purchased the book, you can get the update in the Apple Books application on your iOS device or Mac.

While I was putting this book together, macOS High Sierra was very much a moving target and I had to update and change sections frequently, sometimes while they were being written. Thankfully, the changes to macOS deployment and installation have calmed down somewhat since then. While Mojave and the new Mac hardware have brought some changes, they are not as disruptive as High Sierra, UAMDM and the iMac Pro were.

Originally, I made a commitment to update the book up to the macOS Mojave release. This is the book’s first post-Mojave update. I am planning at least one more update to cover any changes the Mojave “Spring Update” might bring.

Once we know more about macOS 10.15 after WWDC, I will decide on the book’s further future. As I have outlined in my 2018 review/2019 outlook post, I don’t expect dramatic changes this year, so it will probably make sense to keep the book going for the lifetime of 10.15.

It is quite likely that the deployment workflows outlined in “macOS Installation” will serve MacAdmins well for the foreseeable future.

This update received quite a bit of new content. I have rewritten and expanded many sections. The book is now eleven pages longer than the third version and sixteen pages longer than the first release. I have added many more links to external pages, tools, posts and support articles where they are available.

The update is free when you have already purchased the book. Unfortunately, the “updates” area seems to have gotten lost in the Apple Books app re-deisgn. You can just follow the link to the Apple Book store and the app should tell you that an update is available.

If you don’t have it yet, buy it now and get all future updates for free!

Here is a detailed list of most of the changes, which you can also find in the ‘Version History’ section of the book itself. (The version history in the book is linked to the actual changed section for easier reference.)

  • added description of the new –downloadassets option when creating external installer drives
  • updated description the –preservecontainer option in Erase Installation
  • updated descriptions of Secure Boot in various locations to reflect the Mac models introduced in October 2018
  • added an overview table for which current Mac models have Secure Boot and their minimum OS Versions
  • added links to the support pages for more versions of macOS in Older macOS Versions
  • moved and extended the section on Hardware Specific Systems and Installers
  • added downgrading limitation to Erase Installation
  • added description of fdesetup list to the FileVault section
  • added description of Twocanoe’s MacDeployStick to Sideloading Packages
  • added Manual Enrollment by IT to Manual Enrollment
  • added EraseInstall application to Restoring macOS
  • added link to support article with supporting servers to Device Enrollment Program
  • several typos, changes and clarifications