I am having a problem using ARD to connect to any client from my laptop. When I try I get a message to check that the firewall is not blocking the connection. When I try from other computers, I can connect fine. I created a new user on my laptop and tried to use that to connect to a Mac using ARD and it worked just fine. As such, I am assuming I just need to delete setting and set it up clean.

I went into my library to do that, but didn't see anything in the application support or in preferences that reference any version of Remote Desktop including com.apple.remote desktop.

I am wondering if they moved where setting are in 15.x? I would rather not have to rebuild my laptop without using migration assistant. Any ideas?

I recently discovered that multiple Mac’s in my organization are not in MDM and or the Macs have not pinged to our MDM in a long time some over 100 days plus There is no MAID in our org and users have personal Apple IDs logged into those devices. Is there a way to request Apple to block those devices from use especially if not in MDM.

Hey,

Does anyone know of any alternatives to the Cambrionix / Acroname hubs that can restore at least 4 M1 Macs from an M1 Mac using Apple Configurator 2? I tried a Caldigit one but it took about 30-40 minutes to restore 4 Macs which isn't that big of an improvement of doing it 1 by 1.

Hello,

This may violate the rules, but I'm gonna give it a shot. I work for a company as an administrator, which has a gray policy with regards to Macs. They are allowing them (byod) but just not supporting them, but most people don't use them because they can't get them to work with their necessary access. I've contacted several of the MDM companies and have yet to find one that will provide me a contract for less than 10 or 15 clients. Since these macs are all owned by the users, there's not a strong need to have many of the features of the MDM other than ease of access / (authentication with the domain) and opening up file shares (including DFS) and such.

We provide a new computer for each new employee and typically it's an Intel laptop, I want to be able to provide the option of it being a Mac and to start with that I will have to prove that users with Macs can authenticate to the domain as well as others and be able to pull up the main file shares and such. The network team does provide a Cisco anyconnect profile for the Mac so that provides some level of connection accurately.

Any advice that you have have or software suggestions, please throw them my way, and if you know of an MDM that would support authentication and DFS access for either low cost or low client count for building out the standard, I'd be very grateful to hear about it.

We looked at Avast, didn’t like it. Considering Sophos. Any other managed solutions you can recommend? Stuck with ABE (yeah I know, clients choice).

I’ve been thrown into the Mac admin role recently and I’m struggling to find an ideal solution for the company. Using JAMF pro (self-hosted) MDM with Jamf Connect currently. Works ok with google as Idp but unsexy. Migrating to on-prem AD and I’d love to setup a PSSO extension however all known tutorials are Azure-based. Any advice would be appreciated.

Thanks!

Hey all,

The Apple Intelligence prompt that pops up when logging in for the first time in Sequoia is blocking our remote access to our Macs. Is it possible to auto-accept, or skip, this screen? Thanks for your help.

Hi Guys

Company I work for has decided that we really need a mechanism for managing our small fleet of MacOS devices.

I am looking at Mosyle (Ive used it before) and JAMF (considered the best MDM tool afaik), but ide like to know if and how each of these works with a local ldap/AD directory service for logins etc. I've used Mac ldap connectivity in the past and it was always pretty janky, however i dont know if either of these MDM's add any of their own secret sauce into the mix to make any of it work better. What I will say, just to head anyone off, is that the cost aspect is seriously NOT an issue in the decision between either product.

Another thing to add to the mix is that where at all possible we like to host stuff locally on our own infrastructure where we can, i have heard that JAMF may have an option for this but am not 100% sure.

Any advice woukd be greatly appreciated and if anyone has any other insights into either of these products feel free to let me know. :)

Thanks!

is .AppleSetupDone gone? Im trying to set up a script where I can have a tech log in setup a few things then restart the computer and have it act like first start up so that the user can create their own account.

Thanks

Google Drives Hasn't created a DriveFS folder on one of the user accounts on one of the macs. How else can I look for logs pertaining to DriveFS on Macs

Hi,

Are there any free MacOS RSS Feeds for vulnerability updates and for security advisories?

Have a client that has 10 iPhones, best MDM? Mosyle or ABE, or Jamf Now?

Hey everyone,

I'm currently in the process of federating our Google Workspace with Apple Business Management. The federation is underway, and we've got about 55 days left to complete it. However, I’m running into a big issue and could really use some advice!

I don’t have much prior experience managing iOS devices, and as I’ve been setting up the iPhones, I’ve noticed that federated accounts don’t have access to any apps on the App Store. Everything is grayed out, and I can’t even install the apps we normally have permitted through Google Workspace.

Typically, Google Workspace would enable these apps via the Device Policy app, but during the initial setup, the Device Policy app wasn’t installed, and I’m unable to download it manually either.

Has anyone else faced this issue? It feels like I went through the federation process for nothing if I can't access the necessary apps. Any insights or solutions would be greatly appreciated!

Thanks!

Hi all,

Does anyone know if its possible to deploy and use Office 365 with device based licensing on Mac?
In the MS article about device based licensing ( https://learn.microsoft.com/en-us/microsoft-365-apps/licensing-activation/device-based-licensing#requirements-for-using-device-based-licensing-for-microsoft-365-apps-for-enterprise ) under 'requirements' it only talks about devices running Windows.

We currently deploy Office LTSC via our MDM (JAMF) but would ideally like to move to Office 365 with device based licensing.

Hi all,

Has anyone been able to get OneDrive to sign in silently and redirect folders? I am using the Microsoft guide here: https://learn.microsoft.com/en-us/sharepoint/deploy-and-configure-on-macos but not having any success. If anyone has a plist file that works they could share, I would greatly appreciate it. Thank you!

I have an older Brother laser that has no drivers for OXS 14+. I know this is strange but it works fine using Airprint which seems to use some magic Apple Airprint driver that I cannot use for USB?

I need USB to work because my company implements a policy that prevents the mac from being on two-different networks simultaneously so the printer is on a different wife-network and my mac is wired to the corpnet.

Is there any way around this? the Brother print&Scan works on USB but the sw is a joke - you have to print everything to PDF and then import the PDF into the software which can send to the printer.

Printer is a DCP-L2520DW

The "Some system software requires your attention before it can be used" option in MacOS is not visible in Privacy & Security. Why is that? Os version is 15.1

EDIT: Sorry I can't change title/summary my bad

I have been receiving reports here and there that certain users are reporting their devices state incorrect password when they know 100% it is correct, this issue (it could not be related anymore) started around when Sonoma released and I recall there actually being a known issue from Apple and other MacAdmins reported this in Slack etc.

The issue Apple address and patched was in 14.2 which I didn't have a config to hide admin account but I read from others that it could be a general issue using login window profiles as we do have one for a disclaimer - the below update page is ref to that.

https://preview.redd.it/z32h8s1dzvyd1.png?width=845&format=png&auto=webp&s=81f3ed5c671c9c01c1a6433af0a1da3f359233a4

https://support.apple.com/en-us/109030

Since then this still happens to users now and then, some have it weekly or some every other day! I need to finally get some info locally from the devices to prove this is not due to our MDM but perhaps PICNIC.

So I created a script (below) to gather the failed auth logs and store them in .log file, on testing with my device I can see a lot of this log which I haven't found any answer as to what it means other than it is a system prompt and not the end user incorrectly entering creds - I have not have has any password issues in months plus I do see failed auth attempts with fingerprint so I know the logs and my evidence is correct.

localhost opendirectoryd[567]: (PlistFile) [com.apple.opendirectoryd:policy] AccountPolicy: Authentication not allowed by auth failure

Script I am working with.

#!/bin/zsh

# Define the log directory and file path
LOG_DIR="/Library/Logs/Microsoft/IntuneScripts"
LOG_FILE="${LOG_DIR}/auth_failure.log"

# Ensure the directory exists, create it if necessary
if [ ! -d "$LOG_DIR" ]; then
    echo "Creating directory $LOG_DIR"
    sudo mkdir -p "$LOG_DIR"
    sudo chmod 755 "$LOG_DIR"  # Set appropriate permissions
fi

# Run the log command and output to the specified log file
sudo log show --predicate '(process == "loginwindow" OR process == "opendirectoryd") AND composedMessage CONTAINS "failure"' --info --style syslog > "$LOG_FILE"

# Verify if the log file was created
if [ -f "$LOG_FILE" ]; then
    echo "Log file created successfully at $LOG_FILE"
else
    echo "Failed to create log file at $LOG_FILE"
    exit 1
fi

Anyone else been down this path and understand the log result I have seen repeatedly?

Hi, I'm helping out a small company with some IT stuff (about 10 macs, under 10 employees, no company iOS devices, bunch of freelancers with own setups).

At present all the macOS devices share a company Apple ID account. This has worked ok, but has some annoyances. The biggest annoyance is not being able to screen share via iCloud without everyone getting a request/notification. Another annoyance is the weirdness the users get when adding software via the App Store.

I'd be interested to hear how other small companies are handling multiple devices. Personal Apple IDs? ABM/MDM setup (which seems like a LOT of work and hassle)? Or shared account like we currently have?

Cheers!

Just wondering how others have managed to get Company Portal as the first application to install when setting up the Mac via Intune and Auto Enrolment (via ABM) to enable PSSO? We tried a pkg device based app deployment which was extremely slow (up to an hour after initial setup), a script to pull it onto the device which again was slow and now trying a user based script deployment. But if we do a script based install, how can we guarantee it to be the first app on? Or would a LOB app set that preference?

Am I completely missing something in the setup process that will deploy specifically company portal and office to allow psso setup and basic functionally whilst the rest of the device based config slowly comes down to the device?

Cheers!

Hi everyone,

I’m having trouble activating the Finder extension for the Nextcloud desktop client on my MacBook and on devices I manage. Specifically com.nextcloud.desktopclient.FinderSyncExt. The plugin consistently shows as inactive (-) when I check using pluginkit -m. Another Nextcloud Plugin shows as active.

To troubleshoot, I first attempted to activate it directly with the command pluginkit -a -i com.nextcloud.desktopclient.FinderSyncExt, and pluginkit -e use -I com.nextcloud.desktopclient.FinderSyncExt but it remained inactive. In System Preferences > Extensions > Finder Extensions, the extensions from the Screenshot appear and are both activated. I tried reinstalling nextcloud but the problem remains.

To rule out permission issues, I also ensured that Nextcloud has full disk access.

At this point, I’m out of ideas. Has anyone else experienced issues with the Nextcloud Finder extension on macOS, or does anyone have suggestions for further troubleshooting? Any help would be greatly appreciated!

https://preview.redd.it/3pycaaaxcqyd1.png?width=1026&format=png&auto=webp&s=63799e7617afeae1b3e48752a6c576465aa07a87

https://preview.redd.it/j45wzzf8dqyd1.png?width=902&format=png&auto=webp&s=2cde9ba76645a1da8cf82c6ec15c738ac902f199

We are on macOS 15 and we are trying to get Forticlient VPN up and going for a few of our users. I have followed multiple guides from here and Forticlient forums but the issue I keep coming back to is that no matter what I try the "Network Extensions" options is not present under System Settings > General > Login Items & Extensions. The only options available are Actions, Finder, Photos, Quick Look, Sharing, and Spotlight. Any ideas why this is missing or what I'm doing wrong?

Does anyone have any suggestions of a best method to clone a master "Mac Mini" to ~300 other Mac Minis that are exactly the same hardware configuration? I know we can make a bootable USB installer and clone it, but that will be very time consuming. Is there an automated way to deploy Mac Minis with a master image?

Open to all suggestions. Thank you!

Morning everyone,

Recently started using Jamf at work and one of the problems we have is with JAMF Connect where when we reset the password on AzureAD it won't sync down to the Mac and update the local account. I've had a look through the documentation and it says that the user must know their old password (it always says that the password is incorrect on the Mac and you need to enter the old password).

Anyone know of a workaround and/or solution? We're currently look at switching to Guest accounts as it's really. frustrating

Intune (and I believe other MDMs too) can make automated local primary account creation during a new Mac's first boot. But the this account is a local admin account by default. Currently, I have a profile that immediately creates a new local admin and demotes all other admins (to be specific, the newly created local primary account) as standard users.

Is there a better approach?

Hello people

So just from your own experience which MDM would you say is the one you should be going with. We use intune for Microsoft. We need to be using Jamf really so we can work closely with Apple. I'm sure it's the preferred one. Thoughts on others ?

Hi,

We made a FireWall policy under the Endpoint Protection Blade, however since we want to comply with the CIS Baseline i've made a policy through the Settings Picker. We want to enable FireWall logging and have done so through the settings 'Logging Options' (Detail) and 'Enable Logging' (True).However, these two settings don't seem to apply. When I open the Per Settings Status page on this policy, I can see all the other settings applying to the correct amount of devices. But 'Logging Options' and 'Enable Logging' shows 0 Succes devices, 0 Error devices, 0 Conflict devices.

https://preview.redd.it/17w63gs9e4yd1.png?width=1592&format=png&auto=webp&s=172c21f536cb1080187f17bb63b54ab1e3091515

https://preview.redd.it/uu33fwqbe4yd1.png?width=1816&format=png&auto=webp&s=2524149e4c2187aa6b1bd53338705fcb1640b808

Edit: to anyone running into the same issue, these keys are deprecated for macOS 15 since it’s enabled by default!