Trevor Edwards

  • Standardize v1.2.0!

    A few years ago I put together a bash script for macOS leveraging dockutil to standardize Dock layout and some miscellaneous Finder settings (screenshot save location, default saving files to local instead of iCloud, prevent creation of .DS_Store, etc).

    The script did what I needed it to but lacked any sort of logging and required dockutil to already be installed on the machine.

    Fast forward to this past weekend when I was spinning around in my office chair avoiding working on my Unreal project (you can read more about that here) and I realized this script could probably use some TLC.

    What’s new?

    Well, for starters, logging has been added with some neat emojis.

    I also added support for Installomator-based dockutil installation (was just a check previously), cleaned up some logic, removed deprecated macOS commands, added a DEP check, and script timer.

    Nothing world changing, but it’s a whole lot prettier and I plan on expanding its feature set over the next few months.

    Check out Standardize on GitHub

    ,
    , , , ,

  • Jamf + SCEP + WiFi

    generated by midjourney

    This past year I helped two companies move from a standard WPA2 WiFi setup to a EAP-TLS configuration, leveraging certificates from a SCEP source.

    Each situation was a little bit different (as each company was deploying different technologies around Jamf) but I ran into the same pain points each time: no documented configurations.

    So, in this post I hope to provide some quick info that I would have killed for when doing this the first time around.

    First off – I won’t be covering the setup of the SCEP integration itself. I’m assuming you’ve already done that, but are having issues getting WiFi working.

    Jamf does have some pretty good documentation surrounding both Enabling SCEP Proxy for Configuration Profiles and 802.1X WiFi Configurations

    If you’re using Cisco ISE (Godspeed!), you will also want to take a look at this: Integrating Jamf Pro with Cisco ISE 3.1 and this: Integrate ISE 3.3 with JAMF as MDM Server.

    You’ll want your Configuration Profile to look something like this:

    READ MORE
    ,
    , , , , , ,

  • Jamf Remote Assist is here!

    Today’s release of Jamf Pro 11.1.0 includes the much anticipated release of Jamf Remote Assist.

    This is a feature I’ve been looking forward to since the deprecation announcement for Jamf Remote. I think having some kind of built-in remote control functionality is a must for a MDM in this day and age.

    The new tool is a little on the bare & buggy side, but I have a feeling that it will be something that the engineering team at Jamf will be giving some extra love to in the coming months.

    READ MORE
    ,
    , , , , ,

  • Computer Rename Prompt w/swiftDialog

    Recently the need arose for our techs to be able to easily set device names. I wanted a script that I could deploy via Self-Service (or during enrollment) that would prompt the user and change the machine’s name based on the input.

    swiftDialog was the obvious framework choice, but before I reinvented the wheel I wanted to see if someone else had already done the hard work.

    Turns out, they had! I love when that happens.

    Adam Codega has a great script that does exactly what I needed it to.

    I have to call the icon out because it’s such an awesome touch. The script detects whether the device is a laptop or desktop and displays the appropriate icon. I’m a sucker for details like that!

    I modified some of the GUI elements and added a bit of code to display the serial number to make it easier for the individual who is setting the name of the machine (since our naming convention includes the serial number).

    I also added a Jamf Recon command to update the computer’s inventory record. This is completely optional, and if you don’t use Jamf you can easily remove that bit. 

    #!/bin/bash

# Credit to https://github.com/acodega

# Get serial number using system_profiler
serial_number=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')

# Displays icon based on type of device
hwType=$(/usr/sbin/system_profiler SPHardwareDataType | grep "Model Identifier" | grep "Book")  
if [ "$hwType" != "" ]; then
  icon="SF=laptopcomputer"
else
  icon="SF=desktopcomputer"
fi 

dialogApp="/usr/local/bin/dialog"

title="Computer Name Prompter"
message="Please set the name of this device. \n\n Department Code + Serial Number + L/W (Laptop or Workstation). \n\n Your computer's serial number is: $serial_number"

dialogCMD="$dialogApp -p --title \"$title\" \
--icon \"$icon\" \
--message \"$message\" \
--messagefont "name=Arial,size=15" \
--small \
--button1text "Set" \
--button2 \
--ontop \
--moveable \
--textfield \"Computer Name\""

computerName=$(eval "$dialogCMD" | awk -F " : " '{print $NF}')

if [[ $computerName == "" ]]; then
  echo "Aborting"
  exit 1
fi

scutil --set HostName "$computerName"
scutil --set LocalHostName "$computerName"
scutil --set ComputerName "$computerName"

# Run Jamf binary command to update inventory record with new computer name
/usr/local/bin/jamf recon -setComputerName "$computerName"

# Echo new computer name for logging
echo "Computer Name is now $computerName"

exit 0

    Note that this script doesn’t install swiftDialog or run any checks. The assumption is that it’s already setup and working. If you need something like that, Dan Snelson has some great code for pre-flight checks in his Setup-Your-Mac-via-Dialog script that you could easily co-opt.

    You can find this script and more in my GitHub repo: https://github.com/trevoedwards/JamfStuff/

    How are YOU using swiftDialog? I’d love to hear about it!

    ,
    , , ,

  • Jamf Pro 10.49.0 – Upcoming Features & Deprecations!

    Today I was going through the release notes for Jamf Pro 10.49.0 (almost a week late to the party, I know) and was pleasantly surprised by the number of meaningful changes in this release. From LAPS to the mention of Jamf Remote Assist to a bunch of deprecations.

    There’s some awesome stuff in there and I really want to share it!

    Let’s talk about LAPS and the deprecation of the Management Account Password

    In previous versions of Jamf Pro, you could choose to set the management account password (Settings > Global > User-initiated Enrollment > macOS, if I remember correctly) instead of having it randomly generated. From here on out, you won’t have the option to set a static password on the Management Account and will instead need to leverage LAPS.  

    You’re able to implement LAPS using either, or both, of the following methods:

    MDM Command – Introduced with Jamf Pro 10.46.0, this method leverages Apple’s SetAutoAdminPassword command, which allows management of the managed administrator account created during the PreStage enrollment process using MDM. This method rotates the managed administrator account password using the MDM command. LAPS is disabled by default using this method. The managed administrator account is created via a PreStage enrollment (Automated Device Enrollment) during the macOS Setup Assistant.

    Jamf Management Framework – Starting with Jamf Pro 10.49.0, this method automatically rotates management account passwords using instructions from the Jamf management framework. LAPS is always enabled using this method. You can create the management account on all enrolled computers using either Automated Device Enrollment or user-initiated enrollment. Some advantages of this method include the following:

    • Automatic password rotation is always enabled.
    • You can enable LAPS even though the management account was not originally created via PreStage during the macOS Setup Assistant.
    • If the management account had cryptographic privileges with a secure token, those privileges are maintained during password rotation.

    One thing to note here is that an account that has become encrypted with a secure token will result in the login password being changed. However, the new password will not work for user authentication purposes. Bottom line is that Jamf does not recommend using this account type for LAPS password rotation if the account needs to use FileVault or authorize software updates on computers with Apple silicon.

    Read more here: https://learn.jamf.com/bundle/technical-paper-laps-current/page/LAPS_Mechanisms.html

    Jamf Remote Assist Announcement

    Jamf Remote Assist, a new screen-sharing feature, will be coming in a future release of Jamf Pro for both on-premise and cloud-hosted environments. Remote Assist will allow you to securely initiate a session to remotely manage computers and help users troubleshoot issues. Using the Jamf Pro interface or the command line, Remote Assist sessions will allow you to connect to an end user computer even when the user is not on the internal network. Additional details will be included in the Jamf Pro release notes in the future.

    https://learn.jamf.com/bundle/jamf-pro-release-notes-current/page/Important_Notices.html

    This one is huge, in my opinion.

    In today’s world, remote capabilities should be built into the foundation of any MDM and for the longest time this was, arguably, Jamf’s weakest area.

    When I started my current career in 2019, Jamf Remote was still being provided in the DMG of tools in your product dashboard but during jump start my Jamf engineer cautioned that there was a plan to retire it, so I shouldn’t rely on it too heavily. As a result, I only used Jamf Remote a handful of times during my first year of managing macOS devices and primarily leveraged Microsoft Teams for screensharing (definitely not ideal).

    Then, in 2021, Jamf announced TeamViewer integration! At the surface level, this was awesome but it also meant that additional licensing would come into play. Since my organization didn’t already use TeamViewer, the thought of purchasing licensing for just our Mac fleet didn’t fly.

    Fortunately, I run a well-oiled and reasonably sized machine, so the need for screen-to-screen troubleshooting is almost nonexistent. Still, any improvement in this area would be a welcome one. I’ve talked to other admins who work in education, and I KNOW they’re dying for something like this.

    READ MORE
    , , , ,

  • LiveAtlas – a Custom Frontend for Dynmap

    Recently, I spent a lot of time diving into the Minecraft mod/plugin Dynmap.

    It’s an awesome tool and if you run a Minecraft server and don’t know about it, you should check it out!

    While trying to figure out how to setup a standalone web server for Dynmap, I came across LiveAtlas. It’s an alternative frontend for Dynmap (and also supports Squaremap, Pl3xmap and Overviewer) that adds a much sleeker interface to the web ui, as well as some cool features like being able to right-click on the map and get a context menu:

    These kinds of things are big part of why I love the Minecraft community! The amount of high quality tools/plugs/mods that people have poured their time and skills into for the community are immense.

    Installation

    Installing LiveAtlas on your Minecraft server is extremely straightforward and easy. It literally functions as a “drop-in” replacement for Dynmap’s web GUI.

    1. Download the latest release of LiveAtlas
    2. Extract that into your dynmap/web folder
    3. Prevent Dynmap from overwriting the LiveAtlas index.html by changing the update-webpath-files to false in Dynmap’s Configuration.txt file (verions of Dynmap older than 3.3.2 need to set the index.html file to read-only)

    The index.html file can be modified to add custom favicons and additional customization.

    Are you using Dynmap or LiveAtlas on your server? How do you have it setup? Drop a comment below and let me know!

    ,
    ,

  • Self-Hosted Headaches with Caddy, Dynmap, and Docker!

    As some of you may know, I love Minecraft!

    I run a Forge-modded server for some friends and use a mod called Dynmap (which is also a popular plugin by the same name). This mod allows players to view a map of the entire Minecraft world in their browser and see the locations of other players.

    This had been working out beautifully until our world started to grow rather large in file size. You see, Dynmap renders/generates map tiles based on chunks in your world and the larger your world is, the more map tiles there are. For some context, my world is about 9GB and the Dynmap files that make up the map come in around ~43GB.

    That’s a lot of space! And I knew that was going to be an issue as our world grew.

    I manage my Minecraft server using AMP and it lives within an Ubuntu virtual machine dedicated to Minecraft, which lives on a node in a Proxmox cluster.

    I could have just assigned more space to the VM and called it a day (which is what I did as a short-term solution), BUT I have a NAS with lots of space hosted on another node within the same Proxmox cluster, on the same local network, and I began to wonder if there was a way to offload the storage component of Dynmap from the Minecraft server to the NAS.

    As it turns out, there is!

    READ MORE
    ,
    , , , ,

  • Jamf Connect & Custom Menu Bar Action Items!

    Last year I assisted an organization with the rollout of Jamf Connect using OKTA as their IdP. While I was putting together the standard configuration profiles for the Login Window and Menu Bar, I looked at the documentation to double-check my work and realized I had pulled up the documentation for a much older version of Jamf Connect.

    Some of the keys listed in that old document were no longer listed on the up-to-date one and that got me wondering about undocumented key pairs and if there were any that were still usable. In turn, this led me down a rabbit hole on the MacAdmins Slack, which finally led me to Custom Menu Bar Action Items.

    What the heck are those, you ask?

    To put it simply, the Jamf Connect Menu Bar is extensible and allows for custom interactive menu items.

    Jamf has some great documentation here: https://learn.jamf.com/bundle/jamf-connect-documentation-current/page/Custom_Menu_Bar_Action_Items.html

    You can leverage this to do things like: launch Applications (this can be useful for connecting to VPN), display information/links, and run scripts.

    Now, while I was plenty comfortable with setting up and rolling out Jamf Connect, Custom Menu Bar Action Items weren’t something I had played around with before, so I was immediately interested!

    After a few hours of tinkering this is what I ended up with:

     The “Information” menu displays the machine’s name, IP address, and Operating System. I also included two links at the bottom relating to password resetting. Really anything can be put here, this use-case focused on quick information for the service desk in the event any troubleshooting was needed.  

    That’s the WHAT and WHY, let’s get to HOW!

    First thing we’ll need to do is modify our existing Menu Bar Configuration Profile. If you’re just starting to roll out Jamf Connect and haven’t setup a Menu Bar Configuration Profile yet, I would recommend using the Jamf Connect Configuration tool provided by Jamf as part of the Jamf Connect DMG installer.

    This page will also come in handy: https://learn.jamf.com/bundle/jamf-connect-documentation-current/page/Menu_Bar_App_Preferences.html#reference-3250

    In our existing Menu Bar Configuration Profile we need to add the key actions, which is calling out a Custom Action Item. We’re using Information as the string but you can call this whatever you’d like. This will be what the pop-out menu from the first screenshot will be labeled.

    Next we need to actually create the configuration for our Custom Action Items. Using the example provided by Jamf as a foundation, I began checking GitHub and Slack for other examples to see what all could be done. Once I realized that small commands could be run within each “button” a whole world opened up!

    This is what the chunk of the profile looks like that displays the IP Address in the Menu Bar:

    Are you using Custom Action Items in your Jamf Connect setup? If so, I’d love to hear about it!

    Leave a comment below!

    The full Menu Bar Action Item Configuration Profile can be found on my GitHub: https://github.com/trevoedwards/JamfStuff/tree/main/MenuBarActionItems

    ,
    , , , ,

  • Default Dark Mode – Extended!

    Very happy to announce a long overdue update to my severely neglected Minecraft resource pack – Default Dark Mode Extended.

    This pack adds ‘dark mode’ GUI variants for a number of Forge mods (entire list of supported mods can be found: here)

    It was inspired by and intended to be used alongside nebuIr’s Default Dark Mode resource pack. All credit for color pallet and design goes to nebuIr.

    Since this pack only replaces GUI’s, it can be used with other texture packs!

    It was created for Minecraft 1.12.2, but can likely be used on other versions. Your mileage may vary. You may create an issue on Github to request a port to a specific version of Minecraft and I’ll see what I can do.

    Next release will be a HUGE one featuring the likes of Futurepack, Galacticraft, Mekanism, OpenComputers, and RFTools. I’m already around 30% done, so I should have it out in the month or so, but don’t quote me!

    ,
    ,

  • Jamf 300 Certified! 🥳

    My two-cents: The 300, like the 200, contains a lot of surface level content. There is certainly more “meat” to this course/exam and the little bit of API content that is covered is great! I thought they could have spent more time on plists, as I’ve found them to be immensely useful for things like deferrals.

    JamfHelper gets a fair chunk of time (I get it, it’s a built-in tool – let it shine), but I’m not sure who is still leveraging it in a world where things like swiftDialog exist.

    (Don’t worry, I hear all of the people still on Catalina screaming in the back of the room. My response: Update already! 😂)

    Anyway, my favorite part of these courses has been listening to other students talk about their environments, the issues they run up against, and how they go about solving those issues.

    I love getting a different perspective on problems and their solutions!

    ,

  • A Simple Method for Keeping Gatekeeper enabled with Jamf Pro

    Gatekeeper is a security feature on macOS that is designed to protect your system from malicious software by limiting the apps that can be installed and run on your system. Only allowing apps that are downloaded from either the Mac App Store or from those who have signed their apps with a certificate issued by Apple.

    While it’s extremely useful for keeping your macOS environment secure, there are times when a user may need to disable Gatekeeper temporarily.

    My organization’s use-case for this is that we have a team of developers who are often running test builds of applications that are unsigned because they’re in development. So we have a process for user’s to go through to disable Gatekeeper temporarily.

    However, we want to ensure that there are no gaps and that Gatekeeper will always be re-enabled across the environment.

    To accomplish this, we leverage Jamf Pro’s Smart Groups to detect if Gatekeeper is disabled (the status of machines in this group will update after an inventory scan on each device) and a script deployed via a Jamf policy to re-enable it on the machines that show up in our smart group.

    READ MORE
    , , , ,

  • ComicTagger! 💭

    I have a large (like, hundreds of GB’s) digital library of comic books that I’ve acquired over a decade of hoarding. Obviously, content has come from all kinds of different sources over the years and so the quality of the metadata ranges wildly, from very detailed to non-existent, from file to file.

    That’s where ComicTagger comes in.

    It’s an extremely powerful free and open-source program designed for organizing and managing digital comic book collections.

    The program provides a set of tools & GUI that allow users to view and edit the metadata of comic book files in various formats such as CBZ, CBR, CB7, and PDF.

    It can automatically identify and tag comic books with metadata such as the title, author, publisher, and issue number by scanning Comic Vine’s online database. It also allows users to edit and add their own metadata, such as custom tags, summaries, and notes.

    In addition to managing metadata, ComicTagger also has tools for organizing and renaming files, creating custom cover images, and exporting lists of comics. It also offers a batch processing feature (via Auto-Tag) that allows users to apply changes to multiple files at once.

    This is especially helpful for removing unnecessary information from files names to ensure that you get the best match when looking for metadata.

    On the subject of metadata – while not strictly necessary, it’s recommended by the developers to get a personal Comic Vine API key and use that when tagging with ComicTagger.

    This is because Comic Vine implements a per-key limit on API access rates. Since the default application key is shared, it may already be exhausted by other users.

    To obtain a Comic Vine API key, you will need to follow these steps:

    1. Go to the Comic Vine website at www.comicvine.com/signup and create an account.
    2. Once your account is created log in and navigate to the API section of the website.
    3. In the API section, click on the “Get An API Key” button.
    4. You will be asked to provide some information about the intended use of the API key, such as the name of your application and its website or description. Fill in the required information and click the “Submit” button.
    5. Once approved, copy & paste your API key into ComicTagger via File > Settings > Comic Vine > Comic Vine API Key

    It’s important to note that Comic Vine limits the number of requests that can be made using the API key. Make sure to read their terms of service and use the API responsibly.

    You can read more about ComicTagger and its features here!

    , , ,

  • How to create Device Collections in Microsoft’s Configuration Management Console (SCCM)

    What is a Device Collection?

    A Device Collection is a grouping of devices that share common characteristics or properties, such as hardware or software inventory, operating system, location, and organizational unit. Device collections are used to organize and manage devices in SCCM, and are a key element in deploying software updates, applications, and other software to groups of devices

    How to create a Device Collection?

    1. Launch the SCCM Management Console and navigate to the Assets and Compliance workspace.
    2. Expand the Overview node, then expand the Device Collections.
    3. Right click anywhere in the whitespace and click Create New Device Collection
    READ MORE
    , , ,

  • Docker Compose: A Beginner’s Guide

    Credit: dribbble.com/shpoush

    Docker Compose is a tool for defining and running multi-container Docker applications. It allows developers to define the services that make up their application and how they interact with each other, all in a single file. In this article, we’ll cover everything you need to know to get started with creating a Docker Compose file, including examples of how to define services and configure networking.

    Some Prerequisites:

    Before we dive into creating a Docker Compose file, let’s make sure you have the necessary prerequisites:

    How to Create a Docker Compose File

    A Docker Compose file is a YAML file that defines the services, networks, and volumes for your Docker application.

    The beginning of a Compose file always starts with the version key. This key is used to specify the version of the Docker Compose syntax being used in the file. This is important because Docker Compose has gone through several major revisions, and each revision introduces new features or changes to the syntax.

    Currently, the latest version of the Docker Compose syntax is version 3.9. When you specify the version tag as “3.9”, Docker Compose will use the latest syntax and recognize all of the latest features and syntax changes.

    After defining the version of the Compose file it’s time to define the services that will be run in the containers.

    READ MORE
    , , ,

  • Komga! 💥💬

    In a previous post I went over how I use Docker Compose to build out and manage my self-hosted services. In this post, I want to introduce you to one of my favorites: Komga!

    Komga is an open-source comic book/manga web server that allows you organize and serve all of your CBZ/CBR/EPUB’s in one place! As I mentioned above, it can be run in Docker so you can basically run it on anything. It has an integrated web reader and offers an API that can be used with many popular comic/manga readers.

    Why do I like it so much, you ask?

    Well, a few years ago I was running Ubooquity to host my comic library and while it worked, there were a lot things I wasn’t happy with:

    • Clunky looking interface
    • Resource hog (had problems with memory leaks)
    • Wasn’t being developed/supported
    READ MORE
    ,
    , , ,

Trevor Edwards

© 2025