Amphetamine, and the FOSS alternative KeepingYouAwake, are intended to be used interactively so this might not be the solution you are looking for. macos already includes a command line tool called caffeinate
which allows you to prevent the device from sleeping while you're running your management tasks. AFAIK none of these tools will prevent a laptop from going to sleep when the lid is closed.
This isn't so much an Apple thing as it is an OpenSSH thing. High Sierra's opens has been updated to OpenSSH_7.6p1, which deprecates a bunch of older configs.
This release includes a number of changes that may affect existing configurations:
* ssh(1): delete SSH protocol version 1 support, associated configuration options and documentation.
* ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.
* ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST ciphers.
* Refuse RSA keys <1024 bits in length and improve reporting for keys that do not meet this requirement.
* ssh(1): do not offer CBC ciphers by default.
Don't tell us you upgraded to the beta in a production environment, did you?
You could try running the following command in Terminal, perhaps?
>sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.discoveryd.plist
You could look in that same folder for an mDNSResponder plist and temporarily move that out of there, reboot the computer, and then it won't launch that service. This is a total shot in the dark.
My other suggestion would be a total wipe of all stored network configuration settings by following Part 1 of this guide. http://osxdaily.com/2014/10/25/fix-wi-fi-problems-os-x-yosemite/
(You can keep the files you remove in a folder on your desktop or something in case you need to move them back.
Ok profiles aren't exactly scripts, and while your bash profile should work for the most part in zsh I can't 100% for sure because you'd have to look at each profile script. zsh isn't "bash the next generation," it doesn't have perfect compatibility. If Apple is still providing their ancient version of bash and your scripts are properly shebang'ed then you shouldn't have an issue, they should still run just fine.
I wonder how diligent Apple will be about keeping the system version of zsh up to date. While I like Apple and OS X, I'm glad I can use homebrew on my system and keep packages up to date on my own.
If you need a GUI to rsync then these two options could help :
As others have mentioned the command line is also a good option in that you will be able to disable some of the arguments which are probably not supported on network volumes. Just use the following for the man page on rsync :
$ man rsync
From https://forums.macrumors.com/threads/where-are-previous-recipients-now-stored.1661271/
This worked for me to export the previous recipients to a file from terminal:
$ cd ~/Library/Application\ Support/AddressBook/
$ sqlite3 MailRecents-v4.abcdmr
SQLite version 3.7.10 2012-01-16 13:28:40
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> .headers ON
sqlite> .width 15 15 36 /* make sure the columns are wide enough */
sqlite> .output filename.txt
sqlite> select ZLASTNAME, ZFIRSTNAME, ZEMAIL from ZABCDMAILRECENT;
sqlite> .exit
but opening ~/Library/Containers/com.apple.corerecents.recentsd/Data/Library/Recents/Recents with http://sqlitebrowser.org and exporting the contents of the recents table worked too, but gave three times as many entries and many doublettes and only names without email addresses.
VirtualBox is free: https://www.virtualbox.org/
Being able to setup up VM’s locally before exporting to a server host is awesome. Plus I usually have a Linux or Windows VM for testing software or scripts.
With Slack you can install in the user application folder where it can update without admin permissions
https://slack.com/help/articles/360035635174-Deploy-Slack-for-macOS
I don't know how to do this with a profile but upon installing Google Chrome if you go to Help then About you can choose to allow auto updates which will prompt for an admin login.
I believe Zoom can also be installed in the user applications folder as well as it doesn't need system wide permissions to function.
There is a great tool you can use to make .plist files for launchd called Launch Control.
I have found this is the easiest way to craft what I need and also edit existing ones.
I was trying it out for App updates but your best option is "Munki" https://www.munki.org/munki
I've been using it since early summer and it keeps all software up to date for me. When new updates come out I approve which updates are to get pushed out and then our labs or one off computers get all the latest software. Wrks great for keeping Adobe Flash, Java etc. type updates current. Also works great with Apple Store Apps.
Is he on Wi-Fi? There are two very good ones. Wi-Fi explorer and wifi signal. Both from intuitbits.
https://www.intuitibits.com/products/wifi-explorer/
https://www.intuitibits.com/products/wifi-signal/
Your gf dad is most likely experiencing one of three or more possible scenarios.
He’s auto connecting to xfinity or some other Wi-Fi instead of his own. In the network settings advanced Wi-Fi drag the Wi-Fi names in the order you want the Mac to prioritize connecting.
He’s connecting to a 2.4 ghz network. Switch to 5 ghz. Some wifi routers combine both and let your hardware choose. Google mesh etc. however separating them and naming the faster 5 ghz with a “5 ghz” makes it easier.
He’s experiencing signal interference from masonry walls etc.
he’s in a building with other Wi-Fi or electronic interference on 2.4 ghz crowding his signal.
The first app will also show overlapping Wi-Fi signals and their channels allowing you to move Wi-Fi to an uncrowded space.
Finally, reboot the Mac and router. All networking can produce slowness after being up for 90 days. Reboot once a week. Keeps the Mac running well, apps updated and should be part of his schedule.
Source: macadmin who booed jobs face on the Jumbotron at Macworld.
I'm not sure if it's exactly what you're looking for, but someone mentioned yesterday that they were looking into a cloud based directory service:
I don't know anything about it, we're using Active Directory and have our Macs bound to that. I don't know if the advantages of a cloud-based subscription are worth it to us, since hosting AD in house is basically free.
I run a Post Production facility that does UHD editorial. We use Jump Desktop Teams Enterprise. Pricing is great ($20/user not per machine) and ties into our directory service for SSO. Been using it since the pandemic hit.
I always go with the Anker brand. Lasts so much longer than the Apple stuff.
But I just came across this a couple of days ago and picked one up to see how well it works.
I have the vertical version of this dock and it works well.
I’ve been sending these to my folks who want more than one display. They work well with 1440p and 1080p displays. I just tell them to make sure they’re not trying to watch a bunch of video or stuff off of it. For just another screen to read, look at documents, etc. it works great. I have the driver in Jamf self-service and they install it themselves.
I know the ghetto way to do it:
I can confirm that this works as recently as High Sierra, but I'm not a fancy Catalina man.
Here is a repeat of what I typed and another method: http://osxdaily.com/2012/05/04/automatically-connect-to-network-drive-mac-os-x/
For a ghetto double scoop- If you want to make a desktop icon that connects to a server or share type the address into Safari, then drag the globe icon to the left of the Address Bar to the desktop. BAM.
Yeah, something about Apple having not updated their version of Bash appropriately, with no plans to do so. Licensing, according to this article. Dunno.
Thanks for the suggestion! Do the same rules apply to bash_profile and zsh_profile files as well? I feel like these are different somehow. Either way, I am guessing moving any scripts I have in *_profile files into their own shell files wouldn't be a bad idea, right?
I manage the asset, software, and purchases for our department. Briefly, I also had a support and documentation system for all issues that users would email in.
However, I moved roles where technical support is no longer my primary responsibility; I'm now the Database Administrator. Our in-house system is FileMaker.
That said, I acquired a free template from IT Journal Lite from bigabytes. Since I'm already well-versed in FMP, I modified the template to our uses, automating the most mundane aspects. For example, when an entry was made, the only thing the user would enter would be their support request because all relevant information (related to the user) was already present (it was imported previously).
I also had a web form set up so any user within the network can access it and support requests. The server was hosted on an actual FMS-dedicated machine, though. Once submitted, an email was sent to the team with a link to the actual request so we can keep track of it. A daily report listing open and in-progress / to follow up tickets was emailed to the team at around 9A each day so we don't forget.
My point is that your database administrator should be able to modify their ticketing system to essentially do all the automated stuff. Annual audits help to identify weak points in the solution and the DBA should be building up or re-building the solution every other year or so, as needs change and features are thought up.
If you're going to be modifying the FM solution and need help, I'd be happy to offer assistance. You can also ping us at /r/filemaker if you have any specific questions.
FYI: If you're concerned about this, you can add a layer of security by locking your screen. There's a couple of ways to do this:
I do both on my Macs, as well as all Macs we deploy at work. This way a user can lock their Mac down immediately, or if they walk away and forget to lock the screen, the screensaver will do it for them after a preset amount of time.
Also: make sure FileVault is turned on.
You might try the System Prefs version: http://osxdaily.com/2013/03/23/automatically-log-out-of-a-mac-after-a-period-of-inactivity/
If that doesn't provide desired results, we use this app in our labs: https://github.com/CLCMacTeam/IdleLogout
Rusty
I think either you should get help from your MDM providers support team to resolve your issues or get enroll your devices on other MDM providers' free trial to see if it's feasible to fulfill your requirement or not.
I would like to recommend Scalefusion MDM, it would be a great option according to your requirement. It's inexpensive and easy to setup with great 24/7 support. It supports bulk enrollment with remote management and compatible with Android, iOS & Windows 10. Even Scalefusion named as a leader in G2's fall 2020 MDM report.
You can check out here - https://scalefusion.com/mobile-device-management
I'm confused, are you running your current website on the same OS X Server? You should test everything locally first (local IP), and then move it to a production environment with a public IP. Here is a great article on setting up SSL with 10.11. Good Luck.
Grab a copy of fseventer from http://www.fernlightning.com/doku.php?id=software:fseventer:start
That'll show you all files being accessed/modified in real-time. If it's just the com.cisco.Jabber.plist file that's being modified, ensure that the user logs out after the software is deployed, and logs back in (the file may have been cached).
MDM is indeed Mobile Device Management, and when Apple say 'MDM', they essentially mean 'any Apple product' regardless of mobility - it's not just iDevices.
Munki is a FOSS package management system (actually written and released by Disney, of all people) that can neatly hook into the OS updates. Setting it up is pretty simple and Disney used it at a large scale.
For memory an cpu can use the tick stack to monitor all your mac, it is open source and easy to setup. A basic setup would pretty much do what you need out of the box with a low footprint on your monitored machines.
OK, first a disclaimer: I haven't used this, but I've looked at it with some curiosity. Depending what your end goal is, this might be suited for something like Apache Guacamole. You might be able to just setup the gateway and then let students log in with their AD (or whatever SSO) credentials.
Like I said, I haven't tried it, but I sure am curious to see what you come up with. Good luck!
I can't tell from your question if you're trying to connect to a Windows machine over RDP from a Mac or connect to a Mac via some screensharing thing from Windows, so here's both:
I use the free version of Royal TSX to connect Mac clients to remote servers over VNC or RDP and I like it quite a bit. If you're looking to connect to a Mac running the server, the built-in VNC works fine, like u/foreignoppressor said, but I also like NoMachine. It's a little snappier if you're connecting from non-Macs.
Thanks for the reference...I'll check it out. Today I was playing with Lynis a bit, which fits into the "posture checking" category. The freeware version (search "Lynis" in Brew) works pretty well out of the box. However I think to meet some of these compliance requirements, I'll need to to phone home, so I maybe be looking at the pro version, or something similar. Thanks again.
As far as setting up rules for the software end, take a look at Little Snitch:
https://www.obdev.at/products/littlesnitch/index.html
As far as routing some traffic through a wireless connection that routes through a VPN, you might consider hanging a wireless AP off of a separate router, or tagging your AP to a separate vlan.
You could install metricbeat and ship the logs to an ELK stack and create some monitoring dashboards. You can then use something like elastic-alert for alerting purposes
I feel like the Iogear models are pretty good lately. With current firmware, they even are able to pass startup keys, which has traditionally been a problem. I have the 8-port version of this. You'll likely need a hdmi>dvi or a TB>dvi adapter.
I have varied results with the 4-port HDMI types you see on Amazon. They'll be working fine one moment, then flake out the next.
Even better, look into managed Apple IDs ont he domain. That’s the new right way to do it.
The feature you are trying to am disable is handoff.
You can automount a drive - take a look at this (still works):
http://osxdaily.com/2012/05/04/automatically-connect-to-network-drive-mac-os-x/
Ok. Follow these instructions
https://thenextweb.com/lifehacks/2017/06/14/how-when-why-to-reset-the-pram-smc-on-your-mac/
Especially on older macs it's got a good chance of fixing weird hardware problems
I use this one almost daily with two external 24" LG monitors. Have a hiccup every once in a great while and reboot laptop and all is fine. I have had it since Feb 2022 and maybe had the issue 2 maybe 3 times. Rare. I have the mid 16" MacBook Pro M1 24core Max version. Amazon Link
https://www.amazon.com/dp/B088K2BBM3?psc=1&smid=A2ULLYMZVAX0QS&ref_=chk_typ_imgToDp
This has gotten me by so far, for users on a 2x27" 2560x1440. I had one user with poor stability and just swapped out the HDMI cable to one that wasn't 28 AWG.
They are so affordable that It doesn't make sense to try out anything else atm.
You should read this book — https://www.amazon.com/macOS-Support-Essentials-Supporting-Troubleshooting/dp/013734595X
Or you can get one for Big Sur or Catalina — they’ll be almost the same. Yes, it begins from obvious things, but it’ll give you everything you need to understand what are these links that others posted about. I used macs for 10 years before I read this, and still I found a bunch of interesting tips. Also Apple has an exam based on this book.
As for enterprise stuff — in addition to other’s links I’d recommend Jamfnation. It has tons of solutions to everyday problems.
I think the only one left from Apple is Apple Certified Support Professional (ACSP).
Book for exam prep: https://www.amazon.com/macOS-Support-Essentials-Supporting-Troubleshooting/dp/0137696442
Exam info: https://training.apple.com/us/en/recognition
In reality, this covers only knowledge about macOS essentials. When it comes to management of these devices, which is what you’ll be more concerned with, training may come from the MDM provider you choose.
For example, if you use Jamf Pro, you can take their certifications. You’ll NEED an MDM to manage a fleet of Macs. Hopefully your IT is handing that over? If you’re starting from scratch, good luck.
I use this one
Anker 6-1 USB Hub.
I would avoid Dell's hub as they tend to fail and still require a power adapter which is chunky.
In my opinion, a Jack of all trades would be economic. There are vendors like Hexnode, Workspace ONE, Ivanti, etc., which are feature-rich in macOS and other OSs. I have used the demo version of both Hexnode and Workspace ONE. Both are good software that helps you manage devices across multiple platforms. Workspace ONE was tested by my teammate, and I got the opportunity to test Hexnode. Hexnode is pretty strong in Apple device management plus it supports other OSs too. There are certain features like the DEP enrollment, secure token, etc., which are crucial features when it comes to Mac management and that’s put together well by Hexnode. They also have this feature of Live terminal, which gives you the ability to execute system-level changes to the device. These are some of the features from my experience that I felt stood out for Hexnode. So, if at all you opt to manage other platforms, you need not go for any other solution. Now, this is from my perspective of using different software which I feel always benefits.
Yes, there are other good options in the market that are more affordable compared to Jamf & Mosyle, with good customer support. I would recommend evaluating Scalefusion MDM, it has a very intuitive dashboard with relatively good customer support at a very affordable price.
FYI, they didn't fix the menu bar items not showing up to the right side of the MacBook Pro 2021 M1 camera notch.
If you have too many menu bar items, some of them just don't show up at all instead of spacing them closer together.
At the moment, you still have to use Bartender App to be able to view all menu bar items or connect to an external display. This is particularly problematic for applications that have preferences that are only accessible via their menu bar icon, such as Microsoft OneDrive, Nextcloud Client, or Google Drive.
Hello, Ben with JumpCloud.
Just in case you weren't aware. There is a native integration with AutoPKG. Not sure if this might solve your issue or if homebrew is another route to go. I think some of these things (installing software) will always require some sort of elevated permission.
Might get creative with some policies that could "whitelist" packages though.
https://jumpcloud.com/blog/install-macos-software-autopkg-jumpcloud
>https://jumpcloud.com/blog/zero-touch-enrollment-macos
In order to set this up did you have to do all the steps mentioned here: https://github.com/TheJumpCloud/MDM-Prestage-User-Enrollment/wiki/Step-6-postinstall-script
https://groups.google.com/forum/#!topic/macenterprise/akh0bzFGxHw
Edit:
If you use IRC, come join us on ##osx-server on the Freenode network.
100+ admins in there regularly, just chatting away (Monday through Friday, mostly US business hours, but sometimes we're bored on the weekends too)
If you've never been on IRC before, here's a handy web-based method: http://webchat.freenode.net/?channels=%23%23osx-server
I go by 'frogor' there, feel free to say Hi :)
You could block or redirect the websites to localhost with the hostinfo file. We did this to block youtube at work. View this site for instructions.
I manage about 50 Macs at my contract job and I made an automator "script" that mounts our SMB share at login. You can even create a delay for 10 secs so portables with 802.1X can connect (takes longer to authenticate).
http://osxdaily.com/2012/05/04/automatically-connect-to-network-drive-mac-os-x/
That being said, if you want to push it across all computers using a script, do it as root. You'll need to create a directory to mount the SMB.
$ mkdir /Volumes/media
$ mount_smbfs //example_server/media /Volumes/media
I'd recommend steering clear of the Mac Pros. You pay for power in all the wrong places to use it for a netinstall server.
Don't forget that JAMF makes a netboot appliance. If you do wind up investing in new server hardware, go for real server hardware and just run the appliance, rather than trying to shoehorn a Pro into an ill-fitting role.
At one time you could make a netboot server multicast rather than unicast (the data for netboot was sent as a single transmission to multiple hosts, rather than each host establishing its own connection) but it was always tricky to set up and has only gotten trickier as time has gone by. Nevertheless, it may still be an option. Try searching JAMF Nation for netboot or netinstall multicast.
If you are building your images as OS + packages using Casper tools, compiling and compressing the image also dramatically speeds up the imaging process (see the Casper Suite Administrator's Guide under "Compiled Configurations".)
Finally, as an outside-the-box answer, I would personally argue that the majority of netinstall needs are better covered through post-install policies and scripts these days, rather than all the headaches of imaging. The fact that you can have a Yomite machine enrolled with the JSS right out of the box thanks to Apple's Device Enrollment Program makes post-install policies that cover all configuration needs really compelling.
Is macOS Server still a thing?
https://www.apple.com/macos/server/
I seem to remember it had a VPN server built in.
Alternatively you could try https://brew.sh - a lot of FOSS packages are available.
I recenlty used this link below to make a boot-able MAC OSX thumb drive.
https://lifehacker.com/how-to-make-a-bootable-macos-sierra-usb-flash-drive-1786853248
Hey u/xCogito ! Im not sure how far you got with this but Humio's offering may be worth checking out. I am a technical marketing engineer for them and we have a free tier that gives you unlimited access to kick the tires.
​
You can find out more using the link below. Hope this helps!
Humio Community Edition
Sadly my boss is using are only one from about that era as a daily driver at the moment. I might get a chance to validate on newer hardware over Winter Break, but no guarantees.
More bad news. The utilities I found for "turn macos into a native file server" didn't seem to work very well. Lots of crashes if they worked at all.
Good news time! I was able to get the mac to host a linux-based file server with the aid of VirtualBox. I still need to adjust the login script, and most importantly, write up some documentation for you on how I've got it all working.
I'll keep chugging away on this, as, quite frankly, this has been an enjoyable exercise for me.
I think the munki team are having issues/are trying to move away from google code, and are having issues hosting alternate versions. Don't quote me on this though.
It is official, see here: https://groups.google.com/forum/#!topic/munki-dev/SGpLtx-60tc
Hey, Brandon with JumpCloud here — if macOS is an option, I'd take a look at iMazing Profile Editor to see if that meets your needs, it's a pretty slick tool. https://imazing.com/profile-editor
I keep things like this on hand. The content is generally deeper and higher quality than YouTube and it's much easier to find specific, in-depth, information via the index or table of contents than jumping through videos.
Aliases would work, but internet location files (.inetloc, .afploc, etc.) are a tiny bit more graceful. The instructions here seem ok, just substitute cifs:// or smb:// for ssh://.
[Edit: forgot the link...]
The only other AWS services I can think of which are billed in 24-hour increments are those with third-party licenses (e.g., EC2 instances running Windows, or RDS instances running Oracle). In this case, the macOS “licenses” are attached to the hardware, so surely that isn't the restriction. You'd think the deployment overhead ought to be low, the way they're hyping up the AWS Nitro System. Anyway, I'd love to use these for some build tasks, but with a minimum commit of 24 × $1.083, my enthusiasm is pretty curbed.
I find using Hexnode way easier, especially when you’ve got a whole repository of scripts ready to deploy.
I’d still recommend trying it on one device before pushing it all together... just to make sure they’re functioning alright/the way you want them to. If you are considering an MDM solution, Hexnode should be a good one to go for.
Jamf might have been around longer, but experience doesn’t make something any simpler. Besides, the whole point of using an MDM is to make the sys admin’s job easier.
I would definitely recommend Hexnode. In fact, I am baffled that nobody has mentioned them so far! Hexnode is definitely the best thing that ever happened to me. I’m not saying their product far supersedes everybody else’s and that they have a perfect solution. But they sure have a pretty stable and reliable setup that lets me do everything I want fairly quickly.
Coming to your requirements,
The best part is that I can always, always rely on their knowledge base to be up to date and their support team to help me out if something were to happen. And as far as I’m concerned, I wouldn’t trade it for the world.
There is no valid argument when it comes to Intune and Windows. But in a cross-platform environment, I would never take that path.
You can try out Hexnode UEM as they do a pretty good job of managing all major platforms like macOS, iOS, Android, Windows and tvOS.
As for your specific requirements, the software is quite intuitive, with a simple UI and is quite adept at what it does. You can set up BitLocker and Microsoft Defender remotely. I am not sure about the drives and printer thing. However, they do support a scripting feature for both platforms.
I hope this helps.
Why the ‘no MDM’? When it comes to managing the devices of field employees, endpoint management solutions are a huge asset.
If the devices are company-owned, which I am assuming they are, I would recommend enrolling your devices in an MDM using Apple’s Device Enrollment Program (DEP). Enrolling the devices using DEP allows the company to retain ownership of the managed devices even if they are wiped. It allows you to sign in using the employee’s personal Apple ID. You can enforce security policies on the fly using UEM solutions like Hexnode including allowing or denying the employees access to the app store, all this at a reasonable price range.
As for which solution you should choose, that is your personal choice and depends largely on your requirements as well as your budget. But I would still recommend Hexnode UEM.
Hmm... I think you guys are missing something here. Hexnode all the way for me.
They have a simple and intuitive management platform for Macs and zero touch deployment including DEP which is honestly a huge asset during device deployment. Once deployed, the devices could be easily setup using configuration profiles.
As for .pkg deployment issue you raised, I found their help doc really helpful. It’s all pretty straightforward; just follow along the steps.
That’s another advantage you have with them. Everything is documented fairly well, and in the event it feels insufficient, you still have their support team whose response time is quite impressive. But there will hardly be much need for all that, as the entire setup is pretty straightforward and intuitive; you’ll get the hang of it in no time at all.
And if cost is a concern for you, well, their pricing plans start at $1 per device.
I really think you should try them out, you won’t be disappointed.
With Hexnode UEM, this can be much easily achieved. Hexnode’s integration with Apple School Manager (ASM) can help simplify the deployment of school iPads. You can assign all iOS devices to the MDM server, and configure them to be added as pre-approved devices. You can easily supervise them, assign DEP profiles, and reduce the steps in the setup routine. Enabling user authentication can make sure every device gets enrolled and assigned. Group policies can be assigned to the devices. So once enrolled, they’ll have all the apps and configurations necessary for school.
Talking about the DEP status, Hexnode has a ‘Sync with DEP’ option to check on the profile status of all DEP-enrolled devices. It will tell you whether the DEP profiles are assigned, pushed, or removed at any given time.
Locking down devices in kiosk mode is the solution to ensure that employees cannot install social media apps. They can be locked down onto a single or handful of applications or to URLs. App distribution is also made easy by integrating your ABM and ASM with Hexnode MDM. This will allow you to deliver apps in bulk to your iOS devices. Similarly, you can also update, install, or uninstall managed apps silently. To ensure that some essential apps have to be present on the device at all times, you can make them mandatory. Efficient app management can help increase productivity. Other restrictions that you can implement include separating corporate apps and data from personal data using iOS Business Container. Or you can manage permissions for apps and push application configurations to devices.
Hexnode has a minimum count of 15 devices, which is excellent for your requirement, and a 30-day free trial for you to try out their product. They have a tiered pricing page that has a plan for everyone and on the off-chance that, that doesn’t work out for you, custom plans for a set of required features can be offered. They also have a straightforward User Interface and loads of help documentation to help you out through the implementation.
Hey!
I think Hexnode MDM is a good alternative for JAMF. They have an excellent technical support team that is available at all times and they are pretty efficient with their responses. In addition, Hexnode also has help docs that takes you through every step of implementation process. Also, in here the admin can easily distribute and install enterprise apps without user interaction. The .pkg file will be automatically downloaded and installed without the user running the script like in JAMF. If you are looking for an MDM that has immense enterprise capabilities Hexnode MDM would be the one to go for. They have 30-day trial during which you can try out all the features and select the pricing plan that suits your needs.
The most important would be enterprise security, it doesn't matter how small a company is or the business it deals with a basic level of security is a must.
The need for an MDM solution at a business can depend on a variety of factors. The main reasons should be the need for employee monitoring and management etc. There are certain scenarios in all kinds of businesses where MDM’s can play a role.
When choosing a vendor to fulfill your enterprise needs make sure that
a) they support all the required features
b) they support all the devices that your enterprise runs
Several vendors do not support cross-platform support which can cause issues in the long run. This article on the Top 10 MDM vendors currently available in the market should give you a brief idea of what to expect in the MDM space.
Well I had tried a few MDMs (Jamf, Hexnode, Kandiji, Mobileiron, Citrix) before choosing one for our company. We wanted a multi-platform MDM solution which was one of the reasons Jamf and Kandji were eliminated from our checklist after taking their trial. Also, Jamf turned out to be a little too costly for managing and monitoring devices. We finally chose Hexnode, as it was in our price range and they had all the features that we required.
Hexnode MDM is a good and affordable choice for a small business. The minimum device count of Hexnode is 15 and they have a 30-day free trial where you can access all their features. We chose Hexnode due to their extensive feature set. They have zero-touch app deployment and helps the admin to install or uninstall or update applications, remotely. Regular device scans can also be executed to know the status of the device and whether all the mandatory apps are still there. They have Apple VPP support which enables the admin to silently install applications in the user's device. The User Interface of Hexnode is straightforward and easy to use. The best part is they have a tiered pricing plan, which can cater to your needs.
I haven't used any of the suggested solutions so far, but will say Apple uses Jamf themselves in Apple Stores if I'm not mistaken, if they trust it enough to roll it out worldwide that would get me wanting to test drive it.
We recently switched over to HexnodeMDM, supports iOS, MacOS, Android and Windows - We've had no issues thus far, I've found its been pretty robust and exceeded expectations from our last solution.
All the options you've researched are good, but still, I would recommend trying out Scalefusion MDM, it has a very intuitive dashboard with relatively good customer support at a very affordable price (and I'm sure that it beats others in terms of price & feature). In G2's Fall 2021 reports, Scalefusion had the highest overall satisfaction score, was #1 when it came to Best Results.
In large organizations, the configuration of large device inventory is a pain point for IT teams. Especially when the devices are to be configured over the air, streamlining the process of setting up a large number of devices can be complex and cumbersome.
<strong>Scalefusion</strong> enables customization and configuration of profile settings via a Custom Payload. IT teams can configure a custom calendar and email settings, Wi-Fi and VPN settings, digital certificates for authentication as well as device restrictions using Scalefusion custom payload.
Maybe the issue is with Bootstrap Token. What’s the process for user creation and first-time login?
Also, try using Scalefusion MDM Solutions as an alternative if required.
There are other options such as Scalefusion macOS MDM as it can be easily used with 24*7 support plus Scalefusion recently named as a leader in G2's MDM Grid.
I would like to recommend Scalefusion MDM, it would be a great option according to your requirement. It's inexpensive and easy to setup with great 24/7 support. It supports bulk enrollment with remote management and compatible with Android, iOS & Windows 10. Even Scalefusion named as a leader in G2's fall 2020 MDM report.
You can check out here - https://scalefusion.com/macos-management-solution
I would like to recommend Scalefusion macOS MDM, it's easy to enroll with great 24/7 support. Even Scalefusion named as a leader in G2's fall 2020 MDM report.
You can check out here - https://scalefusion.com/macos-management-solution
I think you're missing out on including Scalefusion on your list. Scalefusion named as a leader in G2's fall 2020 MDM report. It's easy to enroll with great support. Check out here - https://scalefusion.com/
I would like to recommend Scalefusion MDM software to secure and manage Android, iOS, macOS, and Windows devices from a centralized dashboard, allow you to remotely manage Apps, track device locations, wipe device data, and monitor internet data usage and much more.
Scalefusion MDM best for both Mac & Windows with world-class support - https://scalefusion.com/mobile-device-management
Scalefusion MDM - Easy to Manage Your Fleet of Devices from One Platform. Worth a try!!
Are you using version 7? I know the version installed with Final Cut Studio 3 stores the license in: /Library/Application\ Support/ProApps/ProAppsSystemID
Probably not the same but a similar path for 7. You can use a program like fs-eventer to watch what files change on the OS when you enter in and save the license key. Of course, that's if you have a key to enter into a test mac.
Validate your launchd plist with LaunchControl. The free version won't save (you'll have to move plists in and out of /Library manually), but it will highlight why it failed, if that's where it's falling.
I highly recommend the Macadmins Slack. It’s a super helpful resource for this kind of thing. ARD isn’t the best tool for a task like this, but if it’s all you have, you’d probably want to setup a Mac as an ARD Task Server. But that’s got limitations.
I suggest looking into a tool like Munki. Or if there’s also a need for deployment and management as well, MDS from two-canoes is amazing.
https://www.munki.org/munki/ https://twocanoes.com/products/mac/mac-deploy-stick/
Try rEFInd, install from the mac system recovery to avoid issues with SIP (or a bootable usb of the MacOS installer). Customise the boot screen to show whichever partitions you would like (like a 5 sec timer with Win to go as default). Not 100% what you want, but Mac's are picky with EFI partitions and bootcamp at the best of times when they create the partition.
I'm in the same boat; the cleanest way to do it is with Jamf, but you could use a config profile if you have an old profile manager server or mass-deploy a plist using ARD to set do-not-disturb and a tool like Onyx to remove the icon from the toolbar.
What OS are you running? I use Hazel on Mac to keep folders in sync. Haven't tried with multiple shares but I suppose you could have multi mounts that all sync with the main.
​
After a couple weeks of testing, we scrapped the portable home directories plan. I put it on a small group of control users who understood they were part of a test environment. In less than 24 hours one of the users, who had about 38GB in his ~/Documents folder, all the sudden had exactly 0 of his files/folders there, for no apparent reason. Between that, and how long it takes for the sync to run, we decided it was too glaringly bad to go forward with
At this point, I'm in the test phase of a bash script that runs an rsync to our file server.
as for your situation, i would probably recommend you start with ARD, which will give you a good tool for remote control, pkg deployment, and some lite reporting abilities. Use DeployStudio for imaging and post-flight deployments.
From there, as you start to scale out to more Macs, consider OS X Server to get yourself familiarized with Profile Manager and MDM. Apple enterprise support reps are very adamant about tech support having an MDM tool to manage Apple devices, especially with their new volume purchasing and device enrollment plans
this page is buried on the Apple site, and talks mostly about iOS devices, but they are clearly engineering iOS and OS X to share a lot of the same functionality, so a lot of it will be helpful for you to shape your policies and procedures: https://www.apple.com/ipad/business/it/management.html
Nagios XI is the paid product. You want Nagios Core.
Based on the questions you are asking I think you may misunderstand what nagios does. You run the nagios server which can reach out and monitor clients and services on clients.
To run any checks on the system more than just ping or check for open ports you need to have an agent on the clients. The agents I have used are called NRPE (Linux, Unix, OS X) and NSClient++ (Windows). Their are others - those are just the ones I am familiar with.
Once you understand the mechanics of checks if you can script it, you can check it. It also provides a method for event handling (if this, do that, under these specific conditions).
Yes the nagios server can monitor itself, but if you run nagios server on every single box you have it can get out of hand very, very quickly. Once you have it setup right it becomes a centralized system to look at the health of your systems and network.
I suggest using a Linux VM (pick your hypervisor, it doesn't really matter) for your Nagios server. Putting it on OS X is not super easy and may have long term support and upgrade issues. I would probably use CentOS, but I am sure you could use Debian or whatever Linux flavor you are comfortable with. I quickly glanced over this document and I think it would probably work as an install guide for Nagios Core on CentOS 6.
The jedda.me stuff are scripts that NRPE can call, not exactly running along side, if you know what I mean.
Late to the party here, but another tool that might be useful to you is called dnsmasq. You can install it to be an "overlay" on top of your local DNS, point your queries at that, and stand up a traditional DNS server or two (or more?) as fallback servers. Hope this is useful to you or a future searcher in some way. :)
Remote control of iOS devices seems not to be permitted:
> However, full remote control of iPad, iPhone or iPod touch is in violation of Apple terms and conditions. Bomgar continues to monitor the situation and is prepared to offer the ability to remote control iPad, iPhone and iPod touch devices once a sanctioned method is made available. But at this time, neither Bomgar nor our competitors may legally remote control Apple iOS devices.
From here: http://www.bomgar.com/remote-support/platforms/apple-ios
If it's a personal setup, Teamviewer is free and easy to use, and well supported.
At my job, we use Screenconnect because its affordable and works well with any OS, but it is really more for enterprise level use.
https://www.nomachine.com/ for *nix the best performance I’ve ever gotten is with x2go which became nx which is now nomachine. Never used the commercial version but the graphics acceleration is great.
Are you using an MDM? We are using Jamf and automated device enrollment to onboard our computers and apply profiles. I haven’t had any issues. I used this website to understand the changes in Big Sur. https://jumpcloud.com/blog/macos-big-sur-mdm-required
Good to hear that company is dead set on Apple.. I hope you connect to some resources that can make you a standout Mac admin.
Regardless of how many users, you will need to explore that MosyleAuth tool or something similar at some point. Essentially it manages the authentication and access on each machine. An Identity provider becomes the source of truth as to who can log on to which machine. There really isn't anything wrong with 10, 50, or 100 accounts on a Mac other than managing the list of users from machine to machine. Ensuring that you keep users data in the cloud, then it won't matter which machine they sign into. You want to avoid have a user sign in on a Mac for the first time and then have them wait as the Mac syncs up.
Mosyle is a great MDM. Moving to another MDM is a f'n pain. Others in this thread have recommended JumpCloud, and I would too. BUT if they already use 0365 which would also give them access to Azure AD (can't have one without the other) you might just use that. If you/they have access to Azure, then you can use federation in Apple Business Manager. which allows your users to use their work email from Azure as a Managed AppleID.
Are you using Apple Remote Desktop so you don't need to be in front of a Mac to work on it?
Are you connected to any mac admin group at all yet?
Good luck!
If you’re looking for complete automation I would look into HR as a master (HRaaM) early on. With that being said an example would be:
https://jumpcloud.com/daas-product/hr-system-integration/
JAMF is a great Mac only MDM. If you’re environment stays Mac then you are set.
I would be cautious with GSuite as a master.
Due to the size of the company JumpCloud might be a great complement to JAMF. Depending on what you’re doing with JAMF JumpCloud might even be a viable solution to replace it and give you more flexibility with expansions on types of devices supported.
GSuite has its advantages and disadvantages depending on how you’re trying to use it.
All the above really depends on if you have AD or are on some kind of Directory as a Service (DaaS).
Curious if you've come across JumpCloud?
They've recently (in the last 2 weeks) released a new AD integration product which includes password write-back from non AD bound macOS machines to AD.
Check out info on this feature here: https://jumpcloud.com/product/active-directory-integration/
Using this you can use JumpCloud to takeover existing local accounts (given the username of the account's align with AD UPN's) and use AD as the source of truth for logging into the local accounts.
You can also layer on 2FA macOS login using JumpCloud and take advantage of other features in their platform like cloud Radius, LDAP, GSuite/Office365 sync, and SSH key management.
Notation that you can test jumpcloud with 10 users or less.
Walked away impressed during a trial but was unable to move forward due to extended attributes not being offered at the time.
I tend to use a pretty hybrid approach, and might even have used acme.sh at some point.
Unfortunately, the server in question where I set this up is now no longer in existence - services got migrated to the great "Cloud"/spaghetti monster of the ether or "series of tubes" if you prefer :-D
From my notes, it does look like I used certbot installed via MacPorts.
In addressing the very problem you're looking to overcome, I discovered the following, from https://certbot.eff.org/docs/using.html#renewal
"You can also specify hooks by placing files in subdirectories of Certbot’s configuration directory. Assuming your configuration directory is /etc/letsencrypt, any executable files found in /etc/letsencrypt/renewal-hooks/pre, /etc/letsencrypt/renewal-hooks/deploy, and /etc/letsencrypt/renewal-hooks/post will be run as pre, deploy, and post hooks respectively when any certificate is renewed with the renew subcommand. These hooks are run in alphabetical order and are not run for other subcommands. (The order the hooks are run is determined by the byte value of the characters in their filenames and is not dependent on your locale.)"
So I might very well have simply customized the script I linked to above, https://github.com/physcip/letsencrypt-mac/blob/master/hooks.sh
and placed it in /etc/letsencrypt/renewal-hooks/post
Hope that helps ! Let me know how it goes.