PrivilegesDemoter v3.0
PrivilegesDemoter version 3 is here, and it’s a big update. While the main functions remain, several new options are available to make deployment and configuration much more flexible. The original…
Demote on Login with SAP Privileges
This blog post outlines using a LaunchAgent that utilizes the PrivilegesCLI to demote users during login. This ensures that all users have standard privileges at the beginning of each user…
Use the Jamf API to Update a Smart Group with App Versions from AutoPkg
This post will outline a method to get app versions from AutoPkg and apply those version numbers to a single smart group in Jamf Pro. I was inspired by the…
Install a Company Logo Without a Pkg using Jamf Pro
I have been doing this little trick for years so I thought I would create a blog post to share it. Imagine you need to get your company logo onto…
Privileges Demoter v2.0
I have made some changes to the Privileges Demoter tool that are significant enough to benefit from a blog post. The original post for v1.0 is available here. The new…
Nudge Extension Attribute
What is Nudge? Nudge is an open source application (primarily created by Erik Gomez) that strongly encourages users to apply macOS updates. Nudge has been written and talked about plenty…
Use Jamf Self Service to Enable TouchID for sudo
As you may be aware, it is possible to use a fingerprint on any TouchID enabled Mac (or Magic Keyboard with TouchID) to authenticate sudo at the command line. This…
Detecting if Rosetta 2 is Installed on an Apple Silicon Mac
There are a few different ways to detect if Rosetta 2 is installed on an Apple silicon Mac. Most of them look for a process containing the string oahd. This…
Remind Users to Run as Standard with SAP Privileges App
This post is going to cover a set of scripts and launch daemons that can be used alongside the SAP Privileges app to remind users not to abuse admin privileges.…
Update Inventory (Immediately) After macOS Update
This is related to my previous post Re-enabling Jamf Connect Login after an in-place macOS Upgrade, but without the Jamf Connect part. When a macOS update or upgrade is performed, often…
Using a Self Service Policy to Grant End Users a Secure Token
Occasionally end users may end up without a secure token. This attribute is required to enable FileVault on any macOS device. Additionally, it is required for the end user to…
Re-enabling Jamf Connect Login after an in-place macOS Upgrade
When macOS is upgraded from one major version to the next the login window mechanisms are reset to their default values. This disables the custom Jamf Connect login window. If…
Mostly Mac 