With the release of OS High Sierra 10.13.4, I have found myself with notification prompting about allowing Kernel Extension for certain applications (Cylance,etc..)
Since I mostly use JAMF, the recent release of JAMF Pro 10.3 enables us to deploy a profile that will allow us to handle this prior to installation and for the user.
Following instructions from a post of Graham Gilbert, I was able to easily pull the IDs I needed from a computer that had successfully enabled the kernel extension.
Launch Terminal: sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy
Then: SELECT * FROM kext_policy;
Once you have the IDs (It will be a 10 characters string), go into the Configuration Profiles in JAMF Pro and Click New
In General, Enter the name of your choosing i.e Approved Kernel Extensions
We also want to make sure it’s installed at the computer level
Once we have finished with General, let’s head to the bottom of the payload page and select Approved Kernel Extensions Payload
Click Configure, on the new displayed page we will enter the ID under Team ID, I would also use the display name to match the app we are enabling so here Cylance, Inc. and then enter the Team ID.
If you want to be more restrictive in allowing only some kernel extensions, use the kernel extension bundle option where you will enter the bundle specific information i.e com.Cylance.CyProtectDrvOSX
and with this, only the bundle specific will be approve should there be more bundle under the same Team ID
Repeat for all the Kernel Extensions you would like to approve and once done, scope it to the users you want and save to push it.
Having started in the industry as a Help Desk, I often found one of the responsibilities has always been asset tracking and management.
While many tools do provide asset syncing and reporting tool for computers serial,etc I found them lacking for the other pieces such as display monitors.
I set out to solve that void in my shop by helping our Help Desk easily identify and solve the problem.
The idea was to retrieve the serial number of a connected monitor each time a computer submitted and inventory update.
With a few lines of code, I was able to achieve just that.
The code parses through system Profiler and retrieves the display serial numbers, should there be more than 1 display attached, the result will grow and show all the serial numbers it finds.
The first displayed serial represents the main display and the rest follows.
This code has been very useful in my shop to easily identify who had what display.
The serial number is only revealed when the monitor is connected via HDMI, Thunderbolt or DVI, sorry no VGA.
The code is available on my github and while it is ready to be deployed into Casper, it can easily be tweaked for other reporting tools.
One thing I wished Casper could do is remove users from the Users section after an asset is deleted from Casper.
Granted this may not be a situation for everyone but for me, I end up with lots of disabled users still showing up in my Users section.
While I can manually remove them, doing it every time, a hundred times is not ideal. Continue reading
While wondering about ways to increase our visibility on clients, we came to the realization that we were clueless about Virtual Machines.
We could tell who had virtualization software installed (Parallels,VMware Fusion,VirtualBox) but beyond that nothing. Continue reading
One thing I have always wondered has been removing the error and the manual out of our imaging process.
While Deploystudio does offer many tools to automate the process and design workflows to achieve completion, I still needed to come up with a way to deal with computer names and the computer records that are stored in Deploystudio.
Thankfully, Deploystudio has a REST API which can be used. Continue reading
It’s that time again and the dates are out….
The other day, I tried to ssh into a client and to my surprise, I couldn’t. Now if you are the guy in charge of managing macs and you can’t get into a mac that you clearly should be able to, you start asking yourself some questions. Continue reading