London Apple Admins, Mac Admin

Using AutoPKGr with a Jamf Cloud Distribution Point

Hi all.

One of the good things I like with performing Jump Starts is the variety of customer I get to work with. This includes a whole host of requirements and environments, along with various levels of ability and experience. With more experienced customers we typically have time to look into other areas outside a Jump Start that may benefit the solution and the customer as a whole. One such example was trying to get the great AutoPKGr to work with a Jamf Cloud Distribution Point (JCDS).

Backstory

Firstly a little backstory, AutoPKG / AutoPKGr utilises the amazing JSSImporter plugin in order to talk to your Jamf Pro server, map the File Share Distribution Points and upload the packages (as well as creating the policies and smart groups etc).

When Jamf released support for a Cloud Distribution Point, they also provided an interface (via the Web GUI or Admin App) to upload into an included Jamf Cloud Distribution Point (with the backend hosted in Amazon S3 buckets).

As this was included in a Jamf Cloud subscription, a lot of customers utilised this for package deployment, however this was incompatible with the JSSImporter tool.

This meant that any admins who wished to utilise both AutoPKGr and a JCDS would need to manually upload the new packages after each run.

On a recent Jump start I explored this with a customer and found out this is no longer the case. There is a beta version of the JSSImporter plugin that will work with JCDS!

Ok, it is a beta tool, and as such could always do with more testers, but you may find it suits your needs as-is. There are reports that it needs further tweaks for some admins and not for others. In my experience it tends to work fine as-is, although there’s a small time delay for the changes to show in the Jamf Cloud instance.

Setting up AutoPKGr to use the beta JSSImporter

I’ll assume you have AutoPKGr currently setup on a Mac, mostly configured and you’re familiar with AutoPKG and AutoPKG recipes.

1) Launch AutoPKGr, go to the “Folders & Integration” tab and click “Install JSSImporter…”

2) Follow the on-screen instructions to get the plugin installed. You can confirm that the plugin is installed on the “Install” page

3) Once complete, quit AutoPKGr

4) Fire up your web browser of choice and go to https://github.com/jssimporter/JSSImporter/releases

5) Find the “Bundled Dependency Testing” pre-release (version 1.0.2b2) and download the installer package here

6) Run the installer on your AutoPKGr Mac. Once complete, relaunch AutoPKGr. You’ll notice that the JSSImporter will still show as v1.0.0. This is normal and expected.

7) Go back to the “Folders & Integration” tab, click “Configure JSSImporter” and fill in your Jamf Cloud URL as well as your API username and password (recommendations for this account can be found here).

8) Click “Connect” to test the connection, then “Add Distribution Point”

9) Select “CDP” for the type and click “Add”

10) Click “Save and Close” to save these details

11) Continue the remaining setup requirements in your Jamf Pro Server (“Testing” static Computer Group etc – https://github.com/autopkg/jss-recipes#requirements-and-configuration)

12) Run some test runs with .jss recipes to ensure the packages are uploaded fine, the policies are created, the smart groups are made etc. Then you’re good to go!

More Information

More information can be found here:

Summary

This post covers how to setup AutoPKGr to use a beta JSSImporter plugin to work with a JCDP. As always, if you have any questions, queries or comments, let me know below (or @daz_wallace on Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.

The usual Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. I will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Standard
London Apple Admins, Mac Admin

University of Utah MacAdmins Meeting, and Adobe’s new SDL licensing – The Content!

All being well, this post should go up as I’m finishing up the talk. I’ll add links to videos etc as they come up, but for now:

The Slides

The Video

https://stream.lib.utah.edu/index.php?c=details&id=13179

Further Reading and Sources

Below is a list of URLs and links mentioned and / or referenced in the talk, as well as (strongly) recommended further reading:

Additional Note: (Thanks James Payne!) If you wish to remove / revoke an SDL License, you must contact Adobe support!

Standard
London Apple Admins, Mac Admin

Adding a Second Second-Factor to an Apple ID

Hi All,

In another spin-off post from my Apple ID posts (Apple IDs, MDM Servers and You! and Creating Apple IDs for APNs), I want to cover adding a second 2FA device to an Apple ID.

This method is great if you have a ‘service account’ Apple ID that multiple admins must log into, such as for APNs or Apple School Manager / Apple Business Manager. Yes, this method does work for Admin Managed Apple IDs (MAIDs)!

Process

1) Navigate to https://appleid.apple.com and log in with your Apple ID / MAID.

2) Scroll down to the Security section and click the “Edit” button

3) Under “Trusted Phone Numbers” click “Add another phone number…”

4) Enter your second number and click “Continue”

5) When the code comes through, enter it into the prompt and click “Verify”

6) Once done, click “Done”

7) You’ll see both numbers showing up under the Security settings

8) Next time you login with this account, you’ll have the option on which 2-Factor number you wish to use.

Additional Commentary

When being offered a phone number to use for SMS 2FA, you’ll only be shown the last two digits. Bear this in mind when adding a second number! If both of your numbers have the same last two digits you’ll have to guess which is correct.

Additionally, I’m aware that SMS-based MFA has flaws, however it’s still better than no MFA! Also try to have long, complex passwords and decent security passwords can help.

Summary

There we go. I’ve shown a nice easy way to add additional second second-factor devices to Apple IDs, including MAIDs! As always, if you have any questions, queries or comments, let me know below (or @daz_wallace on Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.

The usual Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. I will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Standard
Mac Admin

Creating Apple IDs for APNs

Hi All,

Following on from my previous post on Apple ID usage (Apple IDs, MDM Servers and You!) I thought it’d be a good idea to write it up in a bit more detail.

This post covers how exactly you’d create a ‘Service Apple ID Account’ for use with APNs / Push Certificate creation, without using the App Store or iTunes and without needing to add payment information!

Process

1) First things first, log into your email solution of choice and create a distribution / mail group for this account, with an email address that makes sense, e.g. apns@domain.com. You should add any staff members to this group that would likely need to renew the APNs certificate or receive notifications of its expiry. If you cannot create a distribution / mail group, then I’d suggest using an email alias. That way you can move the alias to another email account if your responsibilities change.

2) Navigate to https://appleid.apple.com and click the “Create Your Apple ID” in the upper right corner.

3) Fill in a first name and surname. Select the correct region and enter a date of birth. This date of birth must be more than 13 years ago due to age limitations on Apple IDs. Make a note of these details!

4) Fill in the email address of the distribution / email group or alias you created in the first step. This will also form the Apple ID username. Fill in the password as desired. I’d suggest making this a long and complicated one! Make a note of these details!

5) Select the 3 desired security questions and pick 3 answers. Try to make these hard to guess as they can be used to gain access to this account. In the past I’ve used a selection of words from the walls of a french classroom! Make a note of these details!

6) Optional, but recommended! Untick the boxes for updates, announcements and new media content. You’ll still get updates on your APNs certificate/s expiring but less of the junk.

7) Complete the Captcha and click the “Continue” button

8) You’ll be sent a verification code to the email address you specified in step 4. Grab the code from the email and enter this into the prompt and click “Continue”.

9) That completes the core setup of the Apple ID. You should now be good to use this for your APNs certificate / s, however….

10) Since anyone who gains access to this Apple ID can cause you serious issues (such as revoking your APNs certificate), you might wanna add a second factor to this account.

11) Log back into https://appleid.apple.com, scroll down to the Security section, find “Two-Step Verification” and click “Get Started…”

12) Click “Continue”, then enter a phone number you wish to setup for a second factor. Click “Continue”

13) When the code comes through, enter it into the prompt and click “Continue”

14) If you log into other devices with this Apple ID (generally not suggested!) you can also use devices for a better, non-SMS second factor. Scripting OSX has a nice guide on this here.

15) Next you’ll get shown your recovery key. Make a note of this! Once you’re happy with this, click “Continue”

16) Confirm you’re ready to go ahead, then tick the “I understand the conditions above” and click “Enable Two-Step Verification”

17) And you’re done!

Summary

There we go. I’ve expanded on how you can create a ‘service account Apple ID’ in the easiest way possible. As always, if you have any questions, queries or comments, let me know below (or @daz_wallace on Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.

The usual Disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. I will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Standard
London Apple Admins, Mac Admin

University of Utah MacAdmins Meeting, and Adobe’s new SDL licensing

This coming Wednesday I have the pleasure of delivering a remote session for the University of Utah MacAdmins Meeting about Adobe’s new CC 2019 and SDL licensing.

Moving out of the Pool – Adobe’s new Shared Device Licensing – Darren Wallace, dataJAR

At the end of January 2019, Adobe finally released details of their replacement for Device Pool and Serial Number licensing for Adobe CC 2019. In this presentation we will cover the changes, migration concerns and anything else that can reduce wasting time and pain (i.e. Faff) from moving from serial number to shared device based licensing like in a student lab environment.

The meet up is scheduled for Wednesday 20th February at 11AM Mountain Time (6PM GMT). More details can be found here, and the live stream here.

I’ll add the slides and links to a follow up post on the day. Thanks again to the folks at the University of Utah for the offer!

Standard