Weekly News Summary for Admins — 2018-10-06

This newsletter is a bit late. The excuse for this is that I was attending (and speaking at) MacSysAdmin in Gothenburg all week.

Usually I gather the links to the speakers’ notes and slides. But for MacSysAdmin I don’t need to, because the event team has already gathered all those together with the session videos (!) on their website (free registration required, so worth it). The video team would have the session videos on the site within an hour. This puts them at two or three orders of magnitude faster than other conferences.

You can find the link to my session video, slides and links here. But take time to browse and watch the other sessions. MacSysAdmin has a very impressive list of high quality speakers and it is an honor to be among them.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

News and Opinion

MacAdmins on Twitter

  • MacDeployment YYC: “Dates for 2019 #MacAdmins & Consultants Conferences announced so far: @macaduk March 26–29 (London) @acesconf June 4–6 (Kansas City) #MacDeploy June 10–11 (Calgary) @MacDevOpsYVR June 12–14 (Vancouver) @psumacconf July 9–12 (State College) #MacSysAdmin Oct. 1–4 (Göteborg)”
  • Keir Thomas:
    “Mojave trick. Cmd+plus or cmd+minus (the two keys left of the backspace key) will shrink or enlarge icons on the desktop, or in icon, list and gallery views of Finder.”
  • Erik Gomez: “In just three hours, we enrolled more macOS devices than I had at my entire last job. …and they had thousands of macs”
  • Chris Espinosa: “On this day 25 years ago, Apple introduced AppleScript, a system and application automation system and language. It’s still shipping in Mojave and is one of the oldest code bases in continual use in macOS. Happy birthday, AppleScript!”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2018-09-28

TGIF! How have you survived Mojave week?

This one is a bit shorter, because (a) I already posted a summary with Mojave links earlier this week, and (b) I am getting ready to leave for MacSysAdmin in Gothenburg next week!

Looking forward to meeting everybody else there!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

News and Opinion

MacAdmins on Twitter

  • Stephen Hackett:
    “macOS Mojave has been added to the Aqua Screenshot Library. Both Light and Dark Mode have been catalogued, as has every combo of mode and accent color possible.”
  • Carl Ashley:
    “This is why TCC User Consent is rubbish. Launch VMware Fusion Pro 11, get prompted to allow ”osascript“ access. I have NO idea what Fusion wants to do & I don’t know that it’s actually Fusion wanting to do something. Dug into the app, it’s deleting a Login Item.”
  • mikeymikey:
    “Ooooo…. that’s new Neat… ” (screenshot)
  • Scripting OS X:
    “I really like the new screenshot interface in macOS Mojave. I think it is a great improvement. But decades of habit using ⌘⇧3 and ⌘⇧4 are hard to break. Might have to go to the drastic measure of deactivating the old keystrokes.… ”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Mojave Links

This is the big release week for Mac Admins. I have tried to gather the relevant links from Apple and fellow Mac Admins. I will keep updating this document over the next few days, so book mark this.

If you have found something of interest you think needs to be on this list, let me know!

I will of course keep posting links in my weekly newsletter for Mac Admins. You can follow it here on this weblog or subscribe by email.

Also relevant: iOS Links

Mojave Reviews

There are many reviews out there. These are my favorites.

Books!

On Scripting OS X

Apple Support

Apple Reference

More Links

Updates and Releases

Mojave Book Updates

While you are all watching the progress bars downloading macOS Mojave, I have submitted updates to two of my books!

(Remember to archive the macOS Mojave installer app before updating!)

The service-formerly-known-as-iBooks is now called “Apple Books” or just “Books” across all Apple platforms. Whatever the name, my books are available there.

Both “Packaging” and “macOS Installation” have received updates with several new passages regarding macOS Mojave and other fixes and rewrites.

For “Packaging” I have also started the process of re-visiting all the examples. You never stop learning and I have certainly learned a lot in the last two years. Some of the scripting and writing styles I used when I started writing the book nearly three years ago now seem odd to me. This rewrite is a major process and so far I got to chapter 2. This remains a work in progress and expect more updates here soon. (All updates, as usual will remain free for those who have purchased the book.)

“macOS Installation” got less changes and updates than I expected for the Mojave update. We have been testing Mojave internally and the strategies for deploying High Sierra still work for Mojave. With the new APFS support for all drive hardware admins should be able to simplify deployment workflows. Nevertheless, I am sure that much more will be revealed over the next few weeks, now that the NDA is lifted and when the first update(s) drop(s). I will keep updating this book also.

The content of my third book “Property Lists, Preferences and Profiles” (PR3) has not really been affected but the Mojave release. I am also working on an update for this book with some new content added. When it happens you will learn about it here.

Go, get them on Apple Books!

Changes for “Packaging” 1.9:

(You can find a complete version history in the book.)

  • many minor typo fixes and rewrites
  • added note on removed pkgutil options
  • changed the sample script in the Payload-Free Packages section to enable SSH instead of ARD because of changes in macOS Mojave security
  • added a second simple package example to Building Packages
  • expanded the description on how to build the Boring Desktop pkg in Building Packages
  • updated script code across various scripts to match my coding standards which have changed since I started writing this book
  • updated the Github repository to include completed sample code to match the state of the project at the end of each section (so far for Chapter 2, this is ongoing work)
  • added a description for the undocumented –preserve-xattr option in Building Packages (Credit to Greg Neagle and Carl Ashley for finding and documenting)

Changes for “macOS Installation” v3:

  • Mojave updates:
    • added a note on the absence of the –converttoapfs option in the Mojave installer application
    • added new single user mode restrictions to the Secure Boot and Startup Security Utility sections
    • updated the UAMDM section with new Mojave payloads
    • added a description of the new –preservecontainer option for startosinstall in Erase Installation
    • added explanation of InstallEnterpriseApplication to the section about InstallApplication (10.13.6 and Mojave)
    • added a section of the relevant new Mojave features
  • added a description of Hardware Specific Systems and Installers
  • added a description of Configuration Profiles
  • expanded and clarified the Mobile Device Management description
  • added a workaround for the bug in SIU which prevents image creation with custom installer packages in Adding Custom Packages (Thanks to this MacAdmins Slack post.)

Weekly News Summary for Admins — 2018-09-21

iOS 12 release week! I already posted a list of relevant links for the iOS updates earlier this week.

Now, all MacAdmins are waiting for Monday, when macOS Mojave will be released. Well, most will alredy have the last version from the beta program installed. But, as with every other major release, it will be ‘interesting’ to see how well the beta testing holds up to ‘real world’ deployment.

Good luck, everybody!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Headlines

On Scripting OS X

News and Opinion

macOS Mojave

MacAdmins on Twitter

  • Arek Dreyer:
    “If you have two different versions of macOS installed on your Mac, guess which version of macOS Recovery you get when you shut down, power on, then press and hold Command-R? The version you set in Startup Disk (regardless of Startup Manager choice).”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

iOS 12 Links

iOS 12 release week. With all new releases for the entire iOS family there is a boatload of new features, support articles, user guides and references.

Even most of the features and guides are focussed on the end user and not admins, it is often also the job of a MacAdmin or consultant to be the most knowledgeable person on the OS, so these should be useful. And, admit it, while new OSes can be a pain for admins, but are still fun as an end user.

If you have any links that I missed that should be part of this list, then let me know and I will update this post.

Reviews

There is obviously a neverending stream of reviews out there. I like the excellent reviews from MacStories.

iOS 12

watchOS 5

Apple TV

Shortcuts

iWork

More

If you are looking for a book (or two, or three) to test the new Apple Books, please consider one of my great books for Apple Administrators!

References

The configuration profile reference is back in HTML! Thank you to whoever is responsible for this.

User Guides

Managing the Desktop Picture on macOS

Many organisations like to set or pre-set the Desktop Picture of managed Macs. There are a few options for Mac Admins.

One of the commonly used methods may break in macOS Mojave because of the new security and privacy controls for AppleEvents, also known as TCC.

Getting the Image File to the Mac

Unless you want to use one of the default macOS Desktop Picture images, you will first need to get the image file on to the client. The best way of doing that is with an installer package.

Note: installing a single image file to /Library/Desktop Pictures is actually the first exercise/example in my book “Packaging for Apple Administrators.” Get that for a more detailed description.

I will use the same example desktop picture as in the book. You can use your own desktop picture or download BoringBlueDesktop.png from the book’s resources.

Note: Desktop pictures on macOS can be many file formats. PNG and JPEG are most commonly used. The new dynamic desktop pictures of macOS Mojave have the heic file extension.

First create a project folder, with a payload folder inside:

$ mkdir -p BoringDesktop/payload
$ cd BoringDesktop

Then copy the image to the payload folder.

$ cp /path/to/BoringBlueDesktop.png payload

Then you can build a pkg with

$ pkgbuild --root payload --install-location "/Library/Desktop Pictures/" --identifier com.example.BoringDesktop --version 1 BoringDesktop.pkg

The resulting pkg file will install the image file in /Library/Desktop Picture.

Note: the pkgbuild command has many options and arguments. If you get one of them slightly wrong it can lead to unexpected behavior or even break the installation. I recommend using a script to run the pkgbuild command to avoid errors. You can find a sample build script here. Read the book for a more detailed explanation of pkgbuild and the build script. If you prefer, you can use munkipkg, which also simplifies and automates the process of building pkg installers.

This will provide the image in a location that the user might look for. However, for better management you want to set the desktop picture as well.

Lock Down the Desktop Picture

Once the image file is in place. You can set the desktop picture with a configuration profile. Many management systems will have an option in the ‘Restrictions’ payload where you can set the path to the desktop picture.

You can also use this custom profile:

You can learn all the ways to manage and install profiles in my other book ‘Property Lists, Preferences and Profiles for Apple Administrators’

With this configuration profile in place, the desktop picture is locked. The user can still open the Desktop preference pane but the selection will be ignored. You would need to be able to remove the profile to change the desktop picture again.

This is very useful in education and other strictly managed environments.

Suggesting a Desktop Picture

In other, less tightly managed environments, you might prefer to set an initial desktop picture, but allow the user to change it later.

The common means to do this has been to use an AppleScript command:

tell application "Finder" to set desktop picture to POSIX file "/Library/Desktop Pictures/BoringBlueDesktop.png"

If you want to run this from a shell script you would execute it with osascript:

osascript -e 'tell application "Finder" to set desktop picture to POSIX file "/Library/Desktop Pictures/Sierra.jpg"'

Note that this sets a user preference so it should be run as the user. See this post for details.

However, with macOS Mojave, Apple is introducing new Privacy and Security measures which require user approval for processes to send AppleEvents. This will put a severe limit on the use of osascript for admin scripts.

One solution would be to whitelist your management system’s agent which allows it to send Apple Events to the Finder. This requires managing the client with a user-approved MDM.

Another solution is to avoid AppleScript and Apple Events entirely.

Here comes the desktoppr!

To do this, I wrote a simple command line tool which can read and set the desktop picture. Neil Martin had the brilliant idea to call it desktoppr.

You can read the current desktop picture with:

$ desktoppr
/Library/Desktop Pictures/High Sierra.jpg

and set the desktop picture with

$ desktoppr "/Library/Desktop Pictures/BoringBlueDesktop.png"

When you have multiple displays, desktoppr will list all desktop pictures:

$ desktoppr
/Library/Desktop Pictures/HotStepper.jpg
/Library/Desktop Pictures/LyricalGangster.jpg
/Library/Desktop Pictures/MrOfficer.jpg

When you pass a file desktoppr will set it as the desktop picture for all screens:

$ desktoppr /Library/Desktop Pictures/NaahNananah.jpg
$ desktoppr
/Library/Desktop Pictures/NaahNananah.jpg
/Library/Desktop Pictures/NaahNananah.jpg
/Library/Desktop Pictures/NaahNananah.jpg

You can also set a specific desktop picture for a specific screen: (index starts at zero)

$ desktoppr 0 /Library/Desktop Pictures/HotStepper.jpg
$ desktoppr 1 /Library/Desktop Pictures/LyricalGangster.jpg
$ desktoppr 2 /Library/Desktop Pictures/MrOfficer.jpg

Managing with desktoppr

You can get the code for desktoppr on Github and an installer package here. The installer pkg will install desktoppr in /usr/local/bin. When you want to run it from a management script it is safest to include the entire path:

/usr/local/bin/desktoppr "/Library/Desktop Pictures/BoringBlueDesktop.png"

Since the desktoppr tool also sets user preferences, you still need to pay attention that it runs as the user.

For example, you could run desktoppr from a LaunchAgent (deployed in /Library/LaunchAgents so it affects all users:

This LaunchAgent will reset the Desktop Picture at every login.

If you want to set the Desktop Picture just once from a management or postinstall script (probably running as root) you can use the following to be safe:

When you find yourself building LaunchAgents or LaunchDaemons often (i.e. more than once) you should really consider using outset.

If you wanted to build an installer package that drops both the picture file and the LaunchAgent, you can do the following:

$ mkdir -p DesktopAndAgent/payload/
$ cd DesktopAndAgent
$ mkdir -p "payload/Library/Desktop Pictures/"
$ cp /path/to/BoringBlueDesktop.png "payload/Library/Desktop Pictures/"
$ mkdir -p payload/Library/LaunchAgents/
$ cp /path/to/com.scriptingosx.setdesktop.plist payload/Library/LaunchAgents
$ pkgbuild --root payload --install-location / --version 1 --identifier com.scriptingosx.desktopandagent DesktopAndAgent-1.pkg

Weekly News Summary for Admins — 2018-09-14

We got new iPhones and Apple Watches this week. You can read all about them in all the usual places. More importantly for admins, we also got release dates for iOS 12 (September 17) and macOS 10.14 Mojave (September 24). Are you ready?

The developer releases for the iOS family (iOS, tvOS, watchOS) are now labeled GM. macOS Mojave is beta 11.

Other than the Mojave release date, there was no Mac news at the iPhone event. This shouldn’t surprise or dismay anyone. The September iPhone event has been fully focussed on iPhone and Apple Watch for the last few years. This year, there wasn’t even room for the iPad. There may be some ‘silent’ Mac hardware releases over the next few weeks or Apple may even do a second event. While Apple has had November and December releases in the past, they are rare.

Keep in mind, that any new Macs that are released after the Mojave release date will likely require Mojave. The release window for new Macs that can still run High Sierra is very, very short indeed. Next week should be interesting.

In other news, it was revealed that a number of popular apps in the Mac App Store would exfiltrate the user’s browser history. The apps in question were promptly removed by Apple, but this does cast some doubt on the effectiveness of Apple’s review process.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS Mojave

MacAdmins on Twitter

  • William Smith: “TOMORROW (Tuesday, September 11) Office for Mac transitions from the 2016 to the 2019 generation. Office 365 customers: Nothing to do. Volume License customers: AutoUpdate will hold apps back until the new Serializer is available September 24. Don’t push 16.17.”
  • Erik Gomez: “Apple: we don’t understand why you built umad, but okay… Me: because there’s so many MDM enrollment bugs!”
  • mikeymikey: “hey fruitco peeps Why isn’t 18A389 released on MAS? SUS feeds were updated and delta updates published – but no full installer app exists via “approved” download methods. MAS is still offering the prior product build. Kind of an important time for testing beta 11”
  • William Smith: “For #MacAdmins using MAUCacheAdmin to cache Microsoft Office for Mac updates to a local server for distribution, be sure to download v2.0 to get support for Office 2019 (16.17+) for Mac. GitHub
  • Felix Schwarz: “AppleScript support still hasn’t returned to Mojave’s rewritten DVD Player app as of beta 10. It was super-useful for remote apps to determine when a menu is shown, to eject DVDs, etc. Would make me sad if that change was permanent & something I’m working on couldn’t use it.”

Bugs and Security

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

  • William Smith: “Streamlined Microsoft Office for Mac Activation with Automatic Outlook Setup for Office 365 Thanks to @jeffreykalvass and his team for listening to #MacAdmins and making Outlook for Mac manageable with configuration profiles. Now in Insider Fast v16.18.”

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2018-09-07

This week most of the Mac Admin news was about the imminent “AEpocalypse” or the effect of the new privacy and security controls in macOS Mojave on scripts and applications that send Apple Events.

Also Microsoft changed the OS requirements for Office after they got much feedback from the community, including many admins. (So, yes, talking to your reps and filing bugs, does sometimes help!)

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

News and Opinion

macOS Mojave

MacAdmins on Twitter

  • Erik Gomez: “Most #macadmins have considered homebrew harmful for many reasons.… ” (Thread)
  • Uluroo: “Mac users: With the release of macOS Mojave on the horizon, let’s talk about the bits of macOS that haven’t changed in a while, that we’re surprised still exist, and that are fun little Easter eggs.” (Thread)
  • Caleb Coy: “#macadmins Slack team just hit the milestone of 20,000 registered members. Some will nit pick and argue that register != active. Frankly, I don’t care. This is pretty amazing.”
  • Jeremy Reichman: “User approval is definitely at the intersection between liberal arts and technology.”

Bugs and Security

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!