Arbitrary Code via Puppet instead of Jamf (Pro)

Arbitrary Code via Puppet instead of Jamf (Pro)

If you are familiar with Jamf Pro’s (formerly the JSS/Casper Suite’s) model of smart groups and extension attributes (or EA’s), they provide a way to run code that can (among other things) inventory the state of a computer. Every recon run, they run the provided scripts configured server-side, and through […]

Read more

Proactive Mac Security: Santa ?

Proactive Mac Security: Santa ?

For the next stop in our journey, we’ll review that jolly ol’ soul, Santa. It’s a system for either monitoring what apps are launched and blacklisting the ones you decide are bad, or locking down a macOS computer to only run the ones you’ve whitelisted. Despite what The Register seems […]

Read more

Stop All The Downloadin’

Stop All The Downloadin’

Just a quick one, to remind you that there are ways you can have a dialog with users about tightening security controls. We’re beating the drum about Flash dying a death, and haven’t included it in our image since the Great Analytics Fiasco of 20.0.0.235. I’m not the most tolerant […]

Read more

Proactive Mac Security: osquery

Proactive Mac Security: osquery

There are two reputations(at least) that your faithful writer is hoping to shake: #1, I do not work for Google. #2, I am not the ‘osquery guy’. I don’t even know any C++! (I’m going to make time for this eventually, though.) However, for three events over the course of […]

Read more

Proactive Mac Security, Introduction

Proactive Mac Security, Introduction

Let’s say your company is a place where no one works day-to-day logged in as an admin on their Mac. Everybody in this environment is also a computer expert, and therefore aren’t as prone to tomfoolery such as letting family members use their login to play Chrome games, and of […]

Read more

Ep. 4 – MacAdmin Easter Egg

Just in time for WWDC, another special guest on the Frogor 45 – Tim Sutton, of Mac Operations fame, here to discuss things non-Adobe… like mcxToProfile. Mastering by AD⚡️CB logo designer Pepijn Bruienne Other things mentioned: Bluetooth fingerprint unlock apps that shall remain nameless Ollllld topics like ManifestDestiny The first […]

Read more

ICYMI – LISA Conversations, with Google

Just a quick post for folks that missed it (I follow Clay on the twitters but got notice it was happening a bit too late), the well-regarded ‘Managing Macs at Google Scale’ talk Clay Caviness and Ed Eigerman gave for LISA ’13 was revisited for their video series, embedded below. […]

Read more

Ep. 3 – Fuse to the MDM Powder Keg

Welcome to the first episode of the 2016 edition or the Frogor 45. Pardon that we’re going to need a bit of time between our episodes from here on. We have a special guest, Pepijn Bruienne, who will be discussing things both MDM and DEPy. Other topics include: bsdpy Swift […]

Read more

Smother the Sparkler

Smother the Sparkler

You’ve read the Mule, you’ve read Ars, and folks like Mactracker have gone out and moved their feed to https like good citizens. But what about those old, abandoned apps we still want to keep using? Well, this is why it’s called risk management and not fire-proofing. Just like physical […]

Read more

Skipping Network Setup in SetupAssistant

SetupAssistant.app has many fun hidden dot files in /var/db/ and Pepijn Bruienne (@bruienne) has found another good one: /var/db/.MBSkipWiFiSetupIfPossible This dot file will make SetupAssistant skip the WiFi setup portion of the setup in some cases. Only 10.11 and higher will respect this dot file. For SetupAssistant to skip the […]

Read more