One of the key takeaways from my MacADUK presentation on “Modern Delpoyment Workflows” is that MacAdmins now have to expect new, rules-changing ‘features’ in macOS at any time during the release cycle. (Video is not available yet, I will post when they release it.)
Apple is proving this advice with the announcement that thrid party kernel extensions and certain applications have to be notarized, starting with macOS 10.14.5 beta2.
In typical Apple fashion this announcement is brief and to the point and leaves many questions open for interpretation, especially for MacAdmins. Thankfully, the MacAdmin community has, once again, leapt to action and filled in a few of the critical missing pieces.
Also, we have updated our EraseInstall app! And yes, it is notarized.
If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)
News and Opinion
- What Does the T2 Chip Mean for Mac Usage? – Geoff Duncan, TidBITS (via Anthony Reimer)
- Introducing a new admin console – Ishita Arora, Fleetsmith Blog
- MacADUK 2019 – A review – James Ridsdale, DataJar
10.14.5 App Notarization Changes
- macOS 10.14.5 beta 2, Kernel Extension Notarization, UAMDM, Whitelisting and You – Tom Bridge
- Macs move closer to compulsory notarization – Howard Oakley
- Notarizing Automator applications – Rich Trouton
- Adding App Notarization For Macs To Your Build Train – Charles Edge
- How does notarization affect your own apps and scripts? – Howard Oakley
- Tim Perfitt: “curious what apps in your app folder are notarized?
for i in /Applications/* ; do stapler validate "${i}"|grep -B 1 worked;done” - Graham Pugh: “The notarization requirement on macOS 10.14.5 does not (so far) appear to affect (1) kernel extensions approved by UAMDM, or (2) unsigned applications installed via your managed deployment mechanism (e.g. Jamf Pro, Munki).”
MacAdmins on Twitter
- Troy Hunt: “I’ve been looking at a bunch of kid-related devices and services lately, mostly relating to how parents can monitor and control their activities. It’s just consistently horrifyingly bad; FUD-ridden at best, massive privacy violations at worst (i.e. data accessible to the public).” (Thread)
- Rich Trouton: “Need a one-liner for figuring out on macOS Mojave which FileVault-enabled account was used to unlock the encryption on an encrypted Apple File System drive?”
Support and HowTos
- Getting 64-bit clean: now is the time – Howard Oakley
- Jamf Connect Login and OneLogin (and Secure Tokens) – Frederick Abeloos
- How do I download macOS Mojave & High Sierra installers from the App Store? The answer is complicated – Mr. Macintosh
- Upcoming Mojave 10.14.5 update enables enforcement of some Notarization & Gatekeeper controls – Mr. Macintosh
- Toggle System Grayscale Mode – Indie Stack
- Jamf Connect Login and Google Cloud Identity – Frederick Abeloos
- Aquantia 10GbE ESXi Driver for Apple 2018 Mac Mini – William Lam, Virtually Ghetto
- Mass-Deploying Settings for Atom – Darren Wallace
Scripting and Automation
- Updated MigrateADMobileAccounttoLocalAccount script now available to fix password issue in macOS 10.14.4 – Rich Trouton
- One of my uglier scripty bits – Charles Edge
Apple Support
Updates and Releases
To Listen
Support
There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!
- Weblog
- Weekly Email Newsletter (TinyLetter)
- Apple News
- Micro.blog
- Mastodon.social
If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!