Microsoft OneDrive: SharePoint & using the standalone installer

Microsoft OneDrive is a pretty good tool to sync OneDrive cloud storage with your Mac. It is quite similar to Dropbox, Box or Google Drive.

But when you use Sharepoint, it becomes incredibly useful. You can sync your Sharepoint folders locally! This is a feature that was recently merged from OneDrive for Business. All you need is to install Microsoft OneDrive on your Mac, connect to your SharePoint server, go to the folder you want to sync and click "Sync".

Screen Shot 2017-10-09 at 16.18.36.png

This is something that will make your Mac users pretty happy. 

Please note that the Mac App Store version don't have the same features as the standalone install. Version numbers are very similar, but the App Store version is sandboxed while the standalone version is not. It means that some feature will only be available in the latter version. So get the standalone version here. Microsoft is not so vocal about it.

You will find more information on the configuration keys you can use to manage Microsoft OneDrive here: Configure the new OneDrive sync client on macOS.

There's also two interesting scripts you can use, which you can find in OneDrive.app/Contents/Resources:

  • CollectLogsStandandalone.command will collect logs and settings and zip them on the desktop
  • ResetOneDriveAppStandalone.command will delete containers, logs, settings, finder extension and keychain items. 

It may be a good idea to create two Policies accessible in Jamf Self-Service to execute one or the other.

Eight Noteworthy channels on the MacAdmins Slack

The MacAdmins slack is probably the best place to meet MacAdmins today. The community is helpful, thankful and many vendors are present and listening. 

General  channels

  •  #ask-about-this-slack: where you can meet admins and get help on the MacAdmins slack
  •  #protips: see all posts tagged with a ProTip emoticon. 
  • #jobs-board: get and post job openings. A good tip is to set a notification for any new post, or matching a specific name (for example, state or country). Don't respond here or you'll get the 🐼. Use  #jobs-chat. Keep in mind that with more than 13.000 members, the hiring manager or a member of the team you'd join might be there. 
  • #blog-feed: your RSS reader on Slack. A good way to find new blogs. You can add yours with  /feed. Use #blog-chat to discuss posts. 

Specific channels

  • #dep : for the Apple Device Enrollment Program. It's also a great place to ask if DEP is down, should that ever happen
  • #autopkg : Tim and Hannes are present, and they do a great job populating the FAQ. So read it before asking questions. 
  • #microsoft-office : Microsoft engineers and PM are present and they listen carefully. They also help us whenever we're stuck on a difficult or exotic issue. 
  • #security : some of the best security researchers are there. It's good keeping an eye on this one. 

There are many, many more channels. Some focus on a specific technology, some others on a passion, and many are about a specific product. You can also find regional channels, like #macadminsfr for French-speaking MacAdmins. 

Please remember that this service is provided for free by volunteers. It's ok to be passionate, but don't spam. Please be nice and respectful to your peers to keep the community healthy. Remember there are many different cultures, some may be offended by something you consider harmless. 

Restoring from a snapshot with APFS

APFS now support snapshots, a feature users of Virtual Machines love and can barely live without! 

You can now take a snapshot from command line by typing "sudo tmutil snapshot" in the Terminal. 

You will then be able to browse it and restore individual files using either Time Machine GUI or the "tmutil restore" command in Terminal.  

Little known, the possibility to jump your computer back to a snapshot you previously created. 

Boot on macOS Recovery (with CMD+R) and select Restore From Time Machine Backup.  

IMG_0423.JPG

The click Continue

IMG_0415.JPG

Select your boot drive (from where you run the tmutil command) 

IMG_0414.JPG

Select the Local Snapshot you want  

IMG_0413.JPG

Continue

IMG_0412.JPG

Restoring takes only a few seconds! 

IMG_0411.JPG

Reboot, and done!  

IMG_0410.JPG

   

For more information on APFS, I encourage you to watch Rich Trouton's talk: "Storing our digital lives: Mac filesystems from MFS to APFS" at the Pen State MacAdmins Conference 2017 conference: 

Rich will present an updated talk in a few weeks at JNUC

NSPersistentDocument: *** Assertion failure in -[NSVBSavePanel viewWillInvalidate:]

If you get the following error when saving your new NSPersistentDocument:

2017-09-17 21:14:30.531466+0200 TST_NSPersistentDocument_Override_MC[57707:11669067] *** Assertion failure in -[NSVBSavePanel viewWillInvalidate:], /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppKit/AppKit-1561/Nav.subproj/OpenAndSavePanelRemote/NSVBOpenAndSavePanels.m:387
2017-09-17 21:14:30.543482+0200 TST_NSPersistentDocument_Override_MC[57707:11669067] -[NSVBSavePanel init] caught non-fatal NSInternalInconsistencyException 'bridge absent' with backtrace (
    0   CoreFoundation                      0x00007fff283360fb __exceptionPreprocess + 171
    1   libobjc.A.dylib                     0x00007fff4ebe4c76 objc_exception_throw + 48
    2   CoreFoundation                      0x00007fff2833be92 +[NSException raise:format:arguments:] + 98
    3   Foundation                          0x00007fff2a3d2690 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 193
    4   AppKit                              0x00007fff25b3ec4e -[NSVBSavePanel viewWillInvalidate:] + 188
    5   ViewBridge                          0x00007fff4c551cb3 -[NSRemoteView invalidate:] + 292
    6   ViewBridge                          0x00007fff4c55f449 -[NSRemoteView _advanceToConfigPhaseLegacy] + 1111
    7   ViewBridge                          0x00007fff4c5602dc -[NSRemoteView _viewServiceMarshalProxy:withDetailedErrorHandler:] + 230
    8   ViewBridge                          0x00007fff4c5606c5 -[NSRemoteView _viewServiceMarshalProxy:withErrorHandler:] + 78
    9   ViewBridge                          0x00007fff4c552755 -[NSRemoteView bridge] + 227
    10  AppKit                              0x00007fff25afa5f6 -[NSVBSavePanel init] + 292
    11  AppKit                              0x00007fff25afa1a1 +[NSSavePanel _crunchyRawUnbonedPanel] + 72
    12  AppKit                              0x00007fff2646c0ba -[NSDocument(NSDocumentSaving) _preparedSavePanelForOperation:] + 263
    13  AppKit                              0x00007fff2646cb1c __104-[NSDocument(NSDocumentSaving) _runModalSavePanelForSaveOperation:delegate:didSaveSelector:contextInfo:]_block_invoke_2 + 317
    14  AppKit                              0x00007fff25c0180a -[NSDocument _commitEditingThenContinue:] + 472
    15  AppKit                              0x00007fff25f97481 __62-[NSPersistentDocument _documentEditor:didCommit:withContext:]_block_invoke + 52
    16  CoreFoundation                      0x00007fff282ce52c __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 12
    17  CoreFoundation                      0x00007fff282b0f43 __CFRunLoopDoBlocks + 275
    18  CoreFoundation                      0x00007fff282b0d08 __CFRunLoopRun + 3128
    19  CoreFoundation                      0x00007fff282afe43 CFRunLoopRunSpecific + 483
    20  HIToolbox                           0x00007fff275cf866 RunCurrentEventLoopInMode + 286
    21  HIToolbox                           0x00007fff275cf5d6 ReceiveNextEventCommon + 613
    22  HIToolbox                           0x00007fff275cf354 _BlockUntilNextEventMatchingListInModeWithFilter + 64
    23  AppKit                              0x00007fff258cd44f _DPSNextEvent + 2085
    24  AppKit                              0x00007fff26062508 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044
    25  AppKit                              0x00007fff258c225d -[NSApplication run] + 764
    26  AppKit                              0x00007fff258913fe NSApplicationMain + 804
    27  TST_NSPersistentDocument_Override_MC 0x000000010000379d main + 13
    28  libdyld.dylib                       0x00007fff4f7d3145 start + 1
    29  ???                                 0x0000000000000003 0x0 + 3
)

This is due to the fact that, by default, Xcode only adds the "Read Only" permission to "User Selected File".

Before.png

Change it your Target > Capabilities > App Sandbox settings and rebuild!

After.png

SplashBuddy at JNUC'17

On October 25th, we’ll do the first SplashBuddy Jumpstart 

My goal is to have you walk out of the room with a fully functional SplashBuddy install, ready to be used. 

If you’re coming to JNUC, please join us! If you’re not and interested, let me know on Twitter (@ftiff) or MacAdmins Slack (#SplashBuddy) and let’s organise a webex. I also encourage you to subscribe to the SplashBuddy newsletter to get announcements and tips & tricks.  

 

 

FSMonitor: Easily find what's being modified on your file system.

What tool do you use when you try to snoop it and find which find are being modified? Do you use Jamf Composer? fs_usage? FSEventer?

Well FSMonitor might be your new best buddy. It was soft launched earlier this year. I just cannot believed I missed it. Thank you, Armin Briegel, for telling me!

tree.png

Well the website is complete enough that I don't need to add anything apart from some good use cases (Tweet/Comment if you have other ones!):

  • Find which plist gets modified from a particular setting
  • Find what files get moved/installed/removed when doing something such as installing Chrome
  • See if a process is doing stuff behind your back

Just a word of caution: Packaging is hard, try not to if you can. Sometimes, pushing the original package with a Configuration Profile might suffice. Also, events might get dropped if there's too many. That's by design from the Apple API.

I'll be talking about 'JAMF and...' at JNUC ‘17

On October 26, 2017 at 11:30 (subject to change) I’ll give my first talk at a conference. 

FullSizeRender.jpg

While I loved my Macintosh Classic when I was a kid, I really started IT with FreeBSD. I loved how simple and elegant this OS was. I’m not saying it wasn’t complex and difficult to use, but the software engineers behind seemed to like simple things (as in good design). When I heard that Apple used BSD as its underlying kernel, I quickly jumped and bought a white iBook. And that was love at first use. I missed the open source part, but how happy was I to have a computer which could do a lot out of the box. And I never looked back. 

My first job was at Apple, as an AppleCare agent. I quickly moved to Tier 2, then became a Software Test Engineer thanks to Benoit Roche. But that was just before the release of the iPhone, where all the resources were dedicated to it, and i wasn’t in the loop. I got QuickTime for Windows. Adding the fact that this was in Ireland and my girlfriend was living in Paris, i quickly resigned and came back to Paris. Well... enough digression.  

Long story short, I became a MacAdmin. And implemented Jamf Pro in 2011. I instantly loved this product, thanks to the Jumpstart. I love that it was made by and for MacAdmins. The community is positive and helpful, something quite rare in IT administration.

Six years later, I will be on stage to talk about its Open Source ecosystem.  

IMG_0238.PNG

My goal is to invite MacAdmins to use open source projects with Jamf Pro, and get them to contribute back to the community.  

I was a consumer for ten years, until I started to release some scripts and tools. Releasing a new version of pmbuko’s KerbMinder was a major milestone for me. At that time, few people knew about Enterprise Connect, and NoMAD didn’t exist. Perhaps I helped spark the « you don’t need to bind your Mac computers anymore » by adding a login dialog box to KerbMinder. Joel and Rick did such a good job we soon decided to stop development of KerbMinder and ADPassMon. 

Then I started SplashBuddy. I focused on the things I love most: good design, open source and community. Today, many people use it. I don’t have the exact figures, but I know it’s used in many environments worldwide. The feedback has been overwhelmingly positive.

If you have an Open Source software you're using with Jamf and would like to showcase, please give me a shout on Twitter (@ftiff) or Slack.

 

High Sierra: Set a Global Shortcut to Lock Screen

Some time ago, I made ftiff/MenuLock to help users lock the screen of their Mac with a simple key shortcut (CMD+L, like on Windows). 

In High Sierra, this will be native with CMD+CTRL+Q, and I will deprecate MenuLock.

But this doesn't mean you cannot change the shortcut. macOS has a built-in way to change shortcuts:

  1. Open System Preferences
  2. Open Keyboard Preference Pane
  3. Go to Shortcuts tab
  4. Select "App Shortcuts"
  5. Click "+"
  6. Select "All Applications", "Lock Screen" and type your shortcut.
  7. Quit System Preferences
Adding a shortcut

Adding a shortcut

Here it is!

Here it is!

Now, you can use CMD+L to lock your Mac. And it's changed in the Apple Menu!

Screen Shot 2017-09-04 at 10.41.48.png

Note: This shortcut is system-wide and will take precedence over any other shortcut, like going to location bar on Safari. Learning CMD+CTRL+Q is best ;-)

dot_clean -- Merge ._* files with corresponding native files

When you copy certain macOS files to a non-HFS+/APFS formatted disk (such as a file share), the metadata will be extracted from the files and put in invisible files starting with `._`.

This can leads to issues or can look garbage when you send these files to Git.

According to Apple: 

Before Mac OS X, the Mac OS used ‘forked’ files, which have two components: a data fork and a resource fork. The Mac OS Standard (HFS) and Mac OS Extended (HFS Plus) disk formats support forked files. When you move these types of files to other disk formats, the resource fork can be lost.

With Mac OS X, there is a mechanism called “Apple Double” that allows the system to work with disk formats that do not have a forked file feature, such as remote NFS, SMB, WebDAV directories, or local UFS volumes. Apple Double does this by converting the file into two separate files. The first new file keeps the original name and contains the data fork of the original file. The second new file has the name of the original file prefixed by a “._ “ and contains the resource fork of the original file. If you see both files, the ._ file can be safely ignored. Sometimes when deleting a file, the ._ component will not be deleted. If this occurs you can safely delete the ._ file.
— https://web.archive.org/web/20120602061209/http://support.apple.com/kb/TA20578

I'm don't necessarily agree that deleting them is harmless. I've seen cases where doing so would create issues. Last time I remember was while I was an assistant editor for a feature film. I did an rsync and forgot the -E flag. All the asset files lost their metadata and I had to reimport all  manually in Final Cut Pro.

An easy way to fix this is to run the `dot_clean` command, available from the optional Command Line Tools.

dot_clean /Users/fti/Git/SplashBuddy

How to pronounce my name

One of the oldest sound I remember using on my PC was Linus Torvalds' english.au, available on kernel.org. If I remember well, I would do `cat english.au > /dev/dsp` to listen to it.

So I did the same

Now you know how to pronounce my name "François Levaux-Tiffreau" but in short "François Levaux" and my nickname "ftiff" (f-tiff, not "stiff").

François is pronounced "fʁɑ̃swa":

  • fʁ: french
  • ɑ̃: la vie en rose
  • swa: swag

Levaux is pronounced "ləvo":

  • l
  • ə: about
  • v
  • o: no

There you know! It may not be as easy to remember as Puhpine Brieyen, but I'm at the WWDC and I really want to finish this blog post, send my essay for my MSc and enjoy it.

me @ SAN JO

me @ SAN JO

Surfin' USA

Just a small break while packing my stuff for the WWDC. I cannot express how happy I am to finally attend it. I remember when I was 7, asking my father every weekend to drive me to Apple France to visit it. He never did. 

As WWDC is my Christmas, I'm now in the mood of reflecting back on the year that just passed.  

A lot of thing happened: 

  •  Amaris and I launched an Apple Service and Competency Center. We are now partnering within Apple Professional Services and in the process of becoming Jamf Integrator. Our goal is to support internal and external needs for Apple expertise in Europe. More on that soon. 
  • SplashBuddy (formerly CasperSplash) is still not released, as I set the bar too high. The software in itself is pretty simple, but most of the work is to make it solid and easy to use. It's great to see more and more people using it.  
  • We've hired Merieme Paulouin and Christoph Fellner, two amazing MacAdmins. But more will join later this year! 
  • My partner is pregnant with another boy, making the life so much fun and interesting 🙄😂 
  • I spent most of my free time cursing about my MSc in Information Systems Management at the University of Liverpool. and i will continue to do so for the next two years... yippee!

So i hope to take the few days in San Jose to relax and learn. My priorities:

  • meet developers
  • enjoy the bay with my Stand Up Paddle
  • Attend the Keynote
  • Get a free Siri Speaker (offered to all attendees like the iSight camera, of course)

and technically, learn about:

  • UX
  • Localization
  • Cocoa Bindings
  • Best practices  

If you're around, please ping me on Slack or twitter (@ftiff). I'll be around SF/San Jose from June 2 to 10, then around Austin/Houston until 12. 

Making sense of NSOSStatusErrorDomain:-67846

Ever wondered what mean the errors when a Configuration Profile fails to install?

For example: NSOSStatusErrorDomain:-67846

The easiest way is not to go to Jamf Nation, but start with https://osstatus.com/.

With this, we get the following output: errSecRequestLost -- "The request was lost". A good indication that you may have a firewall trying to mess with SSL (something known as Man-in-the-Middle or MitM).

Changing the network solved this issue, and the configuration profile (SCEP Certificate) installed correctly.

KerbMinder will no longer be maintained

We announced on April 1st that KerbMinder and ADPassMon would no longer be maintained.

KerbMinder was a python script created by Peter Bukowinski that would automatically create and renew Kerberos tickets. In 2015, I became a contributor to the project and adapted it so it could run without the computer being bound to AD.

It was a game changer. Not binding to AD became cool and everyone started to talk about it. 

Ben Toms took over ADPassMon from Peter and did some awesome changes. We then created a "secret" channel on Slack to discuss how we could merge the two software together to have it create and renew Kerberos tickets, alert the user when his password was expiring and automatically mount shares (with the help of @kylecrawshaw). 

Then life got in the way. My main client bought Apple Enterprise Connect, and all the others in the team got new jobs. But Joel Rennich joined the channel.

He took over and created NoMAD with the notable help of Owen Pragel. This is what Gala would have been.

Now what's next?

Apple Enterprise Connect and NoMAD are better than KerbMinder and ADPassMon combined. 

We created the following table to assist in choosing between the two. 

In production, I've only used Apple Enterprise Connect. I can assure it's a great software, and support is amazing. I had very good feedback from NoMAD too. 

Thank you all for being part of the journey.

Full-Stack DEP: Modern Mac Deployment

I had the chance to talk at London Apple Admins 28th Meet Up @ Airbnb (July 2016).

We had three presentations:

  • “Being nice with your management tools” – Graham Gilbert, Airbnb
  • “Testing AutoPkg Recipes” – Ben Goodstein, University of Oxford
  • “Full Stack DEP: Modern Mac Deployment” – Francois Levaux-Tiffreau

I loved Graham and Ben's presentations. Graham, who recently joined Airbnb, gave us some insights on how to "Be A Host" with your users. Ben shared his techniques on how to automate AutoPkg recipe testing. The most important part of his story was the background. Like many universities and businesses, Oxford has more than one IT. In fact, they have many, and they don't necessarily work together. How do you roll out a global IT project in this environment? By collaborating. Ben's goal is to allow every IT department at Oxford to create and push AutoPkg recipes.

My presentation was about focusing on the end-user by giving him the proper tools he needs while minimising IT involvement. It was surprisingly close to Graham's presentation while using radically different tools.

Key takeaways:

  • Focus on your users
  • Use Apple Tools 
  • Leverage Apple Professional Services 
  • Consider MicroMDM if using Munki

Thank you to our hosts, Macmule and Graham Gilbert!