You had me at "Lock Screen"
Page 3 / 4
So far, as of beta 4 I haven't had to change any of my enrollment process or policies. Testing the beta 5 right now. We only have SSD "drives" so no issues there.
C
So, since I'm only commenting on items that have gotten public attention and/or 3rd party products, I'm pretty sure I'm good with NDA.
Re: Lock Screen
The Keychain Access application no longer contains the keychain.menu menu extra. This is irrelevant, given the Apple Menu item.
This is a good and remarkable thing since we no longer need to create a policy or profile to provide this functionality to our users.
Other Items I've found...
Canon printer drivers
If you have to install Canon printer drivers, note that the packages Canon issued last year have an OS version check built into the package that will cause the installation to fail where OS = 10.13. I have also gotten reports of functionality issues that I'm still waiting for confirmation test data on.
Symantec Endpoint Protection
The extant version fails to install. I have an issue open with Symantec.
General advice...
Contrary to some sysadmins' opinions, it is not Apple's job to comply with the 3rd-party developer, rather it's the other way around.
Lean hard on your vendors and internal developers to...
participate in the Apple Developer Program
follow Apple best practices and development guidelines
deliver compatible and Apple best practice and guideline-compliant software before the OS is released
I tell my devs & vendors that zero-day support is considered late. I want to see a guaranteed compatible/supported release within 48 hours of Apple's GM/release candidate going public, and preferably a beta before then.
We are on a roll @milesleacy
General advice...
Contrary to some sysadmins' opinions, it is not Apple's job to comply with the 3rd-party developer, rather it's the other way around.
Lean hard on your vendors and internal developers to...
participate in the Apple Developer Program
follow Apple best practices and development guidelines
deliver compatible and Apple best practice and guideline-compliant software before the OS is released
I tell my devs & vendors that zero-day support is considered late. I want to see a guaranteed compatible/supported release within 48 hours of Apple's GM/release candidate going public, and preferably a beta before then.
X 1,000
We enable vendors bad behavior, and it needs to stop. We have to educate our organization if they want to support Apple they have to play by Apple rules and Apple timelines and only support vendors (like Jamf) that do.
My sound bite is, We all have to move at Apple speed, not "insert your crapy vendor here" speed.
C
Oh how times have changed, where it was considered rude to call out non cooperative third party vendors, and now Apple/Jamf encourage tightening the screws. :)
May I quote you, @gachowski ?
My sound bite is, We all have to move at Apple speed, not "insert your crapy vendor here" speed.
: )
For those of you who have installed High Sierra and converted your boot drive to APFS, I have a few questions:
- How long did it take to complete the conversion from HFS+ to APFS?
a. SSD?
b. spinning platter HDD? - Was the computer usable during the conversion or did you have to stare at a "please wait..." screen for the duration?
- Same questions as above but with an already encrypted FileVault drive.
@AVmcclint ...
1. About 30 minutes to install High Sierra, another 30 minutes to convert HFS+ to APFS for a 1 TB SSD in a MacBook Pro (15", Late 2011).
2. The APFS conversion happens after the first restart during the install process, so you are sitting with the grey apple screen, a progress bar, with some small text at the bottom giving an estimated time of completion, and an indication as to whether it is upgrading the OS or converting HFS+ to APFS.
3. Haven't used FileVault, thinking about changing that after High Sierra gets released.
As I understand it upgrading HDD's to APFS is not currently supported in the beta OS installers (they only provide the option to upgrade to APFS for SSD's), but should be by the time High Sierra is released. I believe the longer time it would take to upgrade a HDD, versus the need to help developers get up and running testing their apps on the newer OS, to be the reason for this.
@wakco Was this a clean install or was it an upgrade from Sierra? Waiting for the drive to convert to APFS might be a major obstacle for us to minimize downtime when doing upgrades. I guess there's still plenty of time before it hits the streets as a gold release, and then I'll most likely wait until 10.13.2 before I start to dig in with my own testing of the upgrade and app compatibility. Thanks for the input.
@AVmcclint upgrade, I expect a clean install wouldn’t need any time for APFS conversion. Also the install process does ask if you want the APFS conversion performed, and doesn’t assume it.
I installed the 10.13 high sierra beta (17A330h) on a test 2015 MBPro that was running macOS Sierra 10.12 (this computer had no connection to being enrolled in the Casper system, it was totally separate).
the computer has 3 accounts and after the 10.13 beta completed installation I am only able to login with the account that was used to install the beta. I go into system preferences, users & groups and do not have the option to 'reset' the password on the other 2 accounts.
has anyone else encounter this issue?
in 10.12 i am able to choose a different user account and i get the 'reset password' option, in 10.13 i don't get this option to 'reset password' on other accounts.
disk utility shows the volume is AFPS !! I did not have to choose this during the install process, i just walked away and let the installation do its stuff.
I had issues with the computer hanging after being bound to AD previously. So I downloaded Beta 6 and it doesn't hang anymore, but I cannot login with mobile accounts. I get the following error:
I also noticed my drive was converted to APFS after getting the prompt to upgrade in the previous beta. It looks like it's no longer an option.
Confirming @PhillyPhoto's comment on the APFS conversion - with Beta 6 it's automatic, at least on SSD based machines (I don't have any spindle systems testing High Sierra)
All,
I just saw this update from Apple regarding this issue (SKEL): https://support.apple.com/en-us/HT208019. It sounds like MDM is the answer. Does that mean with Casper we can manage our devices using MDM to avoid the kextpocalypse (blog.eriknicolasgomez.com/2017/07/25/Kextpocalypse-High-Sierra-and-kexts-in-the-Enterprise/) issue?
@dmeehan it sounds like maybe just having the MDM profile is enough, I don't think there will be a new SKEL payload. That will be a huge time relief if that's all it takes.
Please check below discussion for more details around SKEL:
https://www.jamf.com/jamf-nation/discussions/25163/how-to-install-kext-using-jss-on-high-sierra
Thanks
Is anyone having an issue logging into a 10.13 beta 9 machine with a domain account ? My 10.13 Mac is bound to our AD but we noticed that we cannot login using an account that has a home drive mapped in AD, remove the mapping and the account logs in fine.
Getting the same screen as @PhillyPhoto 
Thanks
I feared I was the only one having issues to log in with AD accounts, but I see that this persists in beta 9.
Has anyone with a GM version tried to bind to AD and log in as network users?
Also, I tried to use
sudo dscl . delete /Users/olduserto delete a local account and I get a
DS Error: -14120 (eDSPermissionError)that I wasn't getting on 10.12
Might it be that SIP now blocks this command from deleting user accounts?
Do you have Read/Write permissions on the folder on your Home Drive Server? Windows and AD will map it to anything and bypass those
permissions even if you don't have ACTUAL rights on the folder.
To fix this, give your user account permission on your Home Server here (Modify, List, Read):
Hi,
@jconte @PhillyPhoto @Aziz
i am also having same error message while login to AD using standard ver.
have correct writes.
SYS Logs while login in:
Sep 29 00:08:44 skullmac kcm[2464]: DEPRECATED USE in libdispatch client: Setting timer interval to 0 requests a 1ns timer, did you mean FOREVER (a one-shot timer)?
Sep 29 00:08:45 skullmac authorizationhost[2438]: ERROR | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | PremountHomeDirectoryWithAuthentication( url=smb://USDEF-KT0055/SKULL5%%22, homedir=/home/skull5, name=skull5 ) returned 2
any update about this ?
Do you have a special character as the last in the path for your home drives ?
Here is what I saw in my situation :
Sep 15 13:40:55 L-AC0256 authorizationhost[3548]: ERROR | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | PremountHomeDirectoryWithAuthentication( url=smb://NJHomeDrive/X23556%%24, homedir=/home/x23556, name=x23556 ) returned
2
The $ is incorrectly translated to "%%24" in 10.13. You can also see the "%%24" in the HomeDirectory attribute in Directory Editor for affected accounts in 10.13.
For me, unchecking the UNC box allows us to login and complete our testing, we will still wait for an official fix from Apple as we opened a ticket for this issue. Enterprise Connect maps the drive so we get the mapping that way in a pinch.
We have been disabling UNC path for home drives for many years now. The OS just can't handle it when the mapping doesn't work. Not being able to log in is an absolutely abysmal response for something so minor.
@jconte & @alexjdale, this fixed my issue after unchecking "use UNC path" in our directory binding in the JSS. We have Enterprise Connect, so we can connect home drives through that. Thanks for the info!
@PhillyPhoto we have the same setup as you do, we don't have issues with mapping network drives; but as you may already know the issue is when the user tries to change their AD password, even using the Enterprise Connect App it doesn't work (rumor is the next patch will fix that "10.13.1")
I'm just wondering if you are having the same password issue.
thanks.
Hi @jconte
We are facing similar issues here. Exactly same error message. Did you find something around it?
Hi @osxadmin
For us its not about changing the password but we get during logging in. A user who is logging in for the first time on a Mac gets this. Have you tried deleting home folder and logging in as a new user?
We get on all Macs, for all users.
Thanks,
CS
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.