This morning I saw a major MDM vendor advertising an upcoming feature that will write scripts to manage your macOS devices for you using generative AI - sounds like the end of our profession, right? Let’s look at an example of a common IT task - keeping Chrome on macOS up to date. I asked ChatGPT to “Write me a script to keep Google Chrome updated on macOS”. It returned the following: ...

Last week, I gave my first conference talk in over three years - and it was about what took up most of my 2022 - deploying phishing resistant MFA. Thank you to the organizers of MacAD.UK, the other speakers and all of the attendees for making it a great event. My slides are available, and the video is on Youtube.

macOS 13 Ventura introduced Managed Login Items - a way to keep users informed about what LaunchAgents and LaunchDeamons are running on their devices and easily disable unwanted ones. We also eventually got a way manage these items on via MDM. However, the notification users get when we either update the LaunchAgent or LaunchDaemon plist itself, or when we replace the binary the Login Item loads is next to useless. ...

This time of year can be particularly stressful thanks to two words: performance reviews. It’s not that we’ve not done great work, it’s often that we either struggle with articulating the work we’ve done, and sometimes it’s just about remembering it all! If you get asked to do peer reviews, well - you get several times the fun, because you need to remember what work your colleagues did over the year as well as your own. ...

A few months back an email popped into my inbox from Patrik Jerneheim asking me if I would like to record a talk for this year’s MacSysAdmin - it took me all of three seconds to reply with “of course!”. I’ve been wanting to give this talk for a long time, and it’s really the product of several years working in close partnership with our security teams. The video can be found at the MacSysAdmin site.

As some of you may know, in 2018 my testicle decided to try to kill me, and in an effort to not let anyone else go through that, for the past three years I’ve been fundraising for Movember. This year is no different. Obviously in November I’ll be shaving off my beard and growing a wonderful mustache (despite what Mrs G says, it is wonderful), but we’ll be starting off this year a little early. The entire Gilbert family (including our 3 year old daughter) will be taking part in The Bubble Run. On October 23rd we will all be running / sliding through the 5K course (or more accurately, I’ll have to carry the smallest Gilbert since she probably can’t see over the bubbles). ...

The the past four and a half years I’ve worked on a rapidly expanding fleet, in a very fast moving environment. In that time, I’ve developed a pragmatic approach to security. Standard users do not increase security I used to think standard users were good for security - even at one point calling them essential. Users couldn’t make changes to their devices, which meant that everything was supposed to be in my desired state. In reality what happens is an annoyed user wants to do something and they call the help desk. Eager to unblock the user, the help desk person shoves the admin password in without many (or often, any) questions. ...

Our bootstrap tool is written in Go, and as of the time I’m writing this, Go doesn’t support building for Apple Silicon Macs. As such, we need to ensure Rosetta 2 is installed for our enrollment process to work. The only problem I had was that we only wanted to run this on Apple Silicon devices - obviously Intel Macs don’t need this. I learned about /usr/bin/arch this morning, which led to the script below: ...

This weekend I was browsing LinkedIn and I saw an article linked to in Computerworld about how Apple’s new A14 chip would be amazing for enterprise. My initial reaction was surprise, since most enterprises couldn’t care less about the CPU in the device. Of course, battery gains will be welcomed by end users. Improved performance would be nice, but the majority of user’s entire computing experience is their web browser, so local performance for a huge number of people is becoming less relevant. But Apple Silicon will bring in other changes that will (at least initially) introduce new challenges for the use of macOS in the enterprise. ...

First off, let’s talk about the elephant in the room: most endpoint engineers do not get on with their security team. You will often hear complaints like Our security team wants us to deploy terrible product X. Product X is destroying our CPUs / causing kernel panics. Security has no idea what they’re doing. Let’s see how we can overcome these issues and work more closely with our security team. ...