See if your Jamf-managed Macs have installed today's #iamroot fix

So… the last 24 hours have been pretty fun, right? You may have heard about some shenanigans involving blank passwords and the root account yesterday; Apple certainly did. And they fixed it today with an update available only to 10.13.1 High Sierra machines. If you manage your Macs with Jamf and want a quick smart group to see who has installed it, whip one up that looks for the receipt for the update. It's pretty easy.



That receipt name is com.apple.pkg.update.os.10.13.1Supplemental.17B1002.

Naturally this smart group won't be all that accurate until you give machines time to update inventory. If you're not super concerned with bandwidth you can find your inventory update policy and flush all logs so the next time a machines checks in it will run a fresh recon.

Worth noting, there are other ways to do this too. This is one quick way to build your smart group.

Update:

On November 30th, Apple pushed out a second security update to fix some issues their other security update caused. The macOS team at Apple is having a fun week I'm sure. This secondary update is being pushed automatically to 10.13 and 10.13.1 machines, and the receipt for the installer is com.apple.pkg.update.os.10.13.1Supplemental.17B1003. I'm not sure if there is a different installer for 10.13.0 so I'm unable to check for a receipt name for that. If someone knows if the update for 10.13 has a different receipt let me know in the comments and I can update this post.

Your smart group will want to be modified to include this second update as well.



I have yet to see a 10.13.0 machine install the update so I'm not sure if their updater has a different receipt, nor am I sure what OS build number a 10.13.0 machine will have after installing it. Feel free to comment below if you have that information.

Update 2: 

It's being reported on Jamf Nation that the package receipt for 10.13.0 machines is com.apple.pkg.update.os.10.13Supplemental.17A501, which implies the build number after the installation is 17A501.


Introducing the Awesome Macadmins Tools List

I don't know about you, but I love a good screensaver. The best macOS screensaver list out there is the Awesome macOS Screensavers list, which was inspired by the Awesome List. This in turn inspired me; I have given a few small talks about Mac admin tools that folks should know at meetups, and others have as well. Why not have our own Awesome List?

So the Awesome Macadmins Tools list was born.



The idea was to focus on some of the core focuses/responsibilities of being a Mac admin and list out some of the awesome tools out there to get the job done. This is also a great opportunity for folks that haven't contributed to GitHub projects before to try out pull requests and forks to add new content, help me fix typos and other issues (it happens y'all), and perfect making great screenshots for documentation purposes.

If you'd like to contribute, check out the contribution guide.

Share it far and wide, and submit some PRs if there are tools to add.

AutoPkgr for Dummies 2: Trust your recipes

So you've set up AutoPkgr. Good job! But now you're like "why do I keep getting these FAIL_RECIPES_WITHOUT_TRUST_INFO errors"? Something I didn't cover in my previous guide is the introduction of verifying and trusting recipes in autopkg 1.x (because that didn't exist at the time). From the introduction to this feature:
AutoPkg encourages the use of recipes created and shared by others. You can leverage the hard work done by other admins without having to re-invent the wheel yourself. You can add "repos" of other people's recipes using the autopkg repo-add command.

But there is an element of risk in using other people's recipes -- a bad actor could create a malicious recipe, or a well-meaning admin could introduce an error into a recipe that causes unexpected issues.

You should audit any third-party recipes you use, especially if you do not know the recipe creator/maintainer. This means becoming familiar enough with AutoPkg recipes to be able to read and understand them.
By default, AutoPkg (and by extension, AutoPkgr) will stop runs for recipes without trust info set. To set trust info, you need to create a recipe override and store that trust info in your override. The override recipes should then be the recipes you run on a schedule with AutoPkgr. Here's a quick overview on how that works.

Fave Friday



Quiet night at home club from Threadless


Getting Warmer cowl by Espace Tricot on Ravelry


Flower Mr. Saturn by SaradaBoru on RedBubble

Gremlins tank from H&M


Love Me More layered tulle skirt and A Fan of Bowknot crop top from Chicwish


Have a great weekend!

Branding Self Service 10

If you live under a rock you may not have heard that Jamf released Jamf Pro 10 this week. It is a giant overhaul of the user interface of the web interface and Self Service, so you can basically chuck all of my old branding the JSS/Self Service stuff in the bin. Phew.

The new dashboard and UI for Jamf Pro 10.
Self Service 10


The dashboard is way more visually appealing now, and the use of space of the tiles on the dashboard flows much better than the version 9 JSS. It's a huge change, as you can probably tell by looking at the above. So is Self Service, and something you may have noticed in the stock imagery above is the icon and name within the application are for a company, not just the default Jamf Self Service icon. This is because Jamf has built in branding the application into the Jamf Pro server. No need to download and hack and upload and deploy manually with every update. Hooray!

In Jamf Pro 10, all you need to do is head to Settings > Computer Management > Self Service, and you'll see a page with Configuration and Branding settings. The very first option is to change the name of the application. If you do this, it will automatically deploy (assuming you have auto-install turned on) the Self Service app with the name of your choice.

Fave Friday


Excuse Me Princess pin by Be Subtle Prins


Matrix Brass Off shampoo and conditioner (does a great job of getting rid of orange brassiness in lightened hair)


Crochet pet bed pattern by Bernat (via Joann Fabrics)



White pearl UFO halo ring by williamwhite on Etsy



This offbeat wedding dress look. I could see myself going for a look like this for my wedding!


Have a great weekend!

See ya next week at the JNUC!

What's up?! Next week is the Jamf Nation User Conference (JNUC) and I'm super happy that I'll be there next week to nerd out over Mac Admin stuff and finally wear some of this stuff I've been knitting/crocheting in chilly Minneapolis.

I'll be taking the Jamf 400/Casper Certified Expert course so I'll be around on Tuesday and Wednesday morning for the keynotes and 11:15 am sessions. I'll also be at some mini-events in the evening, including the MacAdmins Podcast Live recording and After Party, the SplashBuddy Jumpstart, Jamf Nation Party, and the TILT Pinball trip on Thursday.



Come find me in the evenings or Tuesday/Wednesday morning if you want to snag an Austin Apple Admins sticker while they last.

We've got the community notes set up for next week as well, and some lovely vanity links for you to bookmark:

https://jamf.it/JNUC2017-session-notes
https://jamf.it/JNUC2017-community-notes

Edit permissions will be opened up Monday morning (the 23rd) and closed the following Monday (the 30th). Take a gander at the readme for some tips on making the notes section as fun/useful as possible.

I'm looking forward to seeing some new and familiar faces next week in Minneapolis!