Posted on 06-02-2014 07:27 PM
Any first take? What to watch for? Positive or Negative feedbacks?
Posted on 06-02-2014 08:23 PM
As far as I am aware, the Beta can not be discussed outside the Apple forums due to the NDA.
Posted on 06-03-2014 01:25 AM
Fairly sure you can discuss the keynote ...
Posted on 06-03-2014 05:13 AM
I'm sure you can about that. I saw the start of the keynote after I posted this, so disregard my post haha.
Posted on 06-03-2014 06:19 AM
Yep. I am blown away. I can't begging to mention how much I hope for iCloud Drive! Oh, and the API expansion!
Posted on 06-03-2014 09:16 AM
Has anyone been able to successfully block the Yosemite installer? I set up a restricted software item that looks for the "Install OS X 10.10 Developer Preview" process, but it does not seem to work...
Posted on 06-03-2014 09:47 AM
@andyinindy: how about just putting in: "Install OS X 10.10"
I haven't tried yet - working on it now...just a thought looking at the parent process.
Posted on 06-03-2014 09:57 AM
@boettchs, "Install OS X 10.10" doesn't seem to work either. I am on 8.73, BTW. Has anyone else had success with restricting Yosemite?
Posted on 06-03-2014 10:07 AM
@andyinindy][/url: The first one you posted does indeed work. I just ran it... Double-check for spelling, etc. And I'm sure you updated your test Mac with sudo jamf manage first? I just did it and it's working as you'd expect.
*edit: FWIW, I'm on 8.73 as well.
Posted on 06-03-2014 10:14 AM
Hmmm, I have no misspellings and I ran a 'sudo jamf manage'. No joy. Weird. I'll keep poking it with a stick to see if I can get it working...
*EDIT*
I am a moron. Global exemptions were to blame. All is working as expected with "Install OS X 10.10 Developer Preview" as the process name. Thanks, @boettchs!
Posted on 06-03-2014 10:21 AM
At the Keynote yesterday they said that 10.10 would be made available to non developers to participate in the beta as well. So I'm with ya on the NDA stuff, just not sure how much it applies this time 'round.
Posted on 06-03-2014 10:25 AM
@andyinindy: Cool. Had to be something dopey eh?
@Millertime: I won't discuss the software at all other than something like this. I think it's OK to discuss how to kill it in the environment - we're not talking about the software itself. Although Apple sorta opens the doors with public betas now...
Posted on 06-03-2014 10:30 AM
Yup, I'm also blocking the installer the same way as boettchs. But not on my own test computers, of course. Heh.
Posted on 06-03-2014 10:33 AM
Apple hasn't released a beta to the public yet. Probably not until later in the summer. Right now you need to be a registered developer or be signed up with their invitation only Seed program to get the preview.
That said, its probably safe to discuss anything that was shown in the keynote yesterday since the whole world has access to that information right now.
The new technology discussed seems interesting. I was a bit distracted with the new look though. Its got Johnny Ive written all over it. He set his sights on iOS first and now OS X. Skeuomorphism has been officially kicked to the curb with this upcoming release. The new look seems so.. flat. Almost too much to me, but I'll do my best to reserve judgement until its officially released.
Posted on 06-03-2014 10:38 AM
All I really want (to the tune of the Spice Girls song) is Airdrop to work between iOS and OS X. I mean, I don't understand why it didn't before.
Posted on 06-03-2014 10:48 AM
@emilykausalik zig a zig ahhhh, I also would love it Airdrop had that functionality! I didn't get to see the Yosemite portion of the keynote yet; was that something that they announced?
Posted on 06-03-2014 10:50 AM
@andyinindy read it here http://9to5mac.com/2014/05/30/wwdc-2014-roundup-enhanced-ios-8-redesigned-os-x-10-10-fresh-hardware-... and very much hope it happens.
Posted on 06-03-2014 10:53 AM
@emilykausalik, aww man so nothing definitive:
Other possibilities include Apple finally releasing...a version of AirDrop that is compatible with iOS’s AirDrop functionality.
Guess I'll need to install the beta(s) and try it out! But not talk about it here ;)
Posted on 06-03-2014 01:07 PM
Interesting:
Apple Has (Partly) Lifted the NDA for Beta Releases
With the release of the beta versions of iOS 8 and OS X Yosemite at WWDC 2014 yesterday, Apple has also updated the legal agreements for registered iOS and Mac developers. Among other changes, Apple has added the following sentence to section “10.1 Information Deemed Apple Confidential:
Further, Apple agrees that You will not be bound by the foregoing confidentiality terms with regard to technical information about pre-release Apple Software and services disclosed by Apple at WWDC (Apple’s Worldwide Developers Conference), except that You may not post screen shots, write public reviews or redistribute any pre-release Apple Software or services...
Posted on 06-03-2014 01:13 PM
Thanks for your input guys. Keep it coming :)
@andyinindy, tried your solution and it works on JSS 9.31 too.
Posted on 06-03-2014 01:14 PM
I did the standard restricted software for blocking the process and it blocks the installer.
However, a coworker came up with the brilliant idea of partitioning his HD and installing it on that - for some reason, it installed it just fine (without being blocked).
Thoughts?
-TJ
Posted on 06-03-2014 01:25 PM
@tthurman: The restriction kills the installer process, so you can't just have a partition and run the installer - I have lots of partitions so he did more than just install it there. I'd wager he installed an OS on that partition then upgraded it. It would not have the JAMF Binary on it, so the policy would not be in place.
Or, he unmanaged it first. Does he have rights and knowledge? It's not hard.
Just a guess without knowing more...
Posted on 06-03-2014 01:58 PM
Craig Federighi mentioned in the keynote that Airdrop will work between the Mac and iOS in Yosemite. Its around the 35:30 mark in the presentation, so I would say that's pretty definitive.
Posted on 06-03-2014 02:00 PM
Makes sense. I talked to him shortly after I posted this - He said he used the seed file to install it via a flash drive after partitioning.
As I think about it, I don't really see a way to stop someone from doing this.
--
TJ
Posted on 06-03-2014 02:07 PM
@tthurman - If the Restricted Software has been fed down to his Mac, it should make no difference where he ran the installer from or what partition he intended to install it on. As soon as the process starts the Restricted software item should see it and take whatever action you told it to, like quitting it and/or deleting it.
As @boettchs mentions, the more likely scenarios are either that the Mac never got the new Restricted Software xml telling it to block that installer, or it was installed from an unmanaged Mac. Or, he disabled the process, which isn't very hard to do if you know what you're looking for and have admin rights on the box.
There are really no other valid explanations.
Posted on 06-05-2014 03:08 PM
Just did some testing today on the dev preview and it looks like to block it in a Casper Suite Restricted software item you need to add in a process called "InstallAssistant" That's actually the executable that pops up when you run the 'app" installer.
I haven't set up a Restricted Software item yet, but doing something like
kill -9 $(ps axc | awk '/InstallAssistant/{print $1}')
shuts down the installer assistant if its up on screen, so that will probably work.
Posted on 06-13-2014 09:53 AM
Hello. our block under Restricted Software is working perfectly.
Restricted process name of Install OS X 10.10 Developer Preview
Posted on 06-13-2014 04:04 PM
@appledes - you should just be aware that using that path is not 100% guaranteed to stop all cases. The reason is that that path is to the installer app bundle, so when its run, it shows up in the process list kind of like-
/Applications/**+Install OS X 10.10 Developer Preview+**.app/Contents/MacOS/InstallAssistant
Your Restricted Software item is catching the part I bolded and underlined above, but, if a user tries their luck and renames the app bundle to something like "Install Me" the new path would look like-
/Applications/Install Me.app/Contents/MacOS/InstallAssistant
As you can see, the process name you entered is no longer there and Restricted Software won't know to shut it down. I just tried this by the way and the installer still launches when renamed to exactly what I have above.
However, since my Restricted Software item looks for "InstallAssistant", my path looks like this-
/anything can come before this/**InstallAssistant**
You cannot rename the "InstallAssistant" executable in the app's bundle or it stops working altogether. It doesn't even last long enough to show in the Dock before it exits.
Therefore, best practice here would probably be to set up two Restricted Software items
One that uses the normal bundle path like you have and a second one that will use the executable name and catches those cases of a clever user who tries to get around the block by renaming the .app bundle.
Note also that if you decide to use the "Delete" checkbox in the Restricted Software item, using the app bundle will delete the entire installer. whereas mine will only delete the executable and leave the rest. Ether one is effective though. The installer can't be started without the executable. so once its deleted, its worthless to the end user and they would need to try downloading it again.
Posted on 06-13-2014 04:17 PM
@mm2270. Thank you for the advice. I will make that adjustment.
Posted on 06-16-2014 08:17 AM
I too was using restricted process name of Install OS X 10.10 Developer Preview. And someone got around it. I haven't figured out how yet.
Its still managed, still enrolled, no partitions.
I updated my restriction to include @mm2270 's InstallAssistant suggestion, hopefully that will keep others from doing this. If anyone has an other ideas, please let me know.
Posted on 06-16-2014 09:18 AM
@mm270 can you feed that string into casper? I didn't think the casper restricted software would accept a string like that.
Posted on 06-16-2014 09:26 AM
@jwojda - Sorry for the confusion. I didn't mean to actually use a string like "/anything can come before this/InstallAssistant" I was using that to illustrate a point that anything can come before the string of "InstallAssistant"
My Restricted Software simply uses InstallAssistant as the process to look for.
Posted on 06-16-2014 11:45 AM
lmao, I meant the part earlier about the kill -9 and awk stuff...
never occurred to me to do the InstallAssistant from your post... I'm s-m-u-r-t :)
Thank you for the clarification for those out of it today!
Posted on 06-16-2014 11:54 AM
Oh, haha! Sorry, it didn't even occur to me you were asking about the kill -9 line. I was just stating that I tried that kill -9 line when the installer application was up and running and it shut down the installer. So my assumption prior to setting up my actual Restricted Software item would be that adding InstallAssistant in as the process to look for and checking the Kill box would do the same.
Posted on 07-23-2014 02:54 PM
So apparently a public beta is starting this week… any tips for restricted process killing?
Posted on 07-23-2014 03:49 PM
I'm hoping the process name is the same as the DP from June. If so, I'm set. If not, I'll have to add a new restricted software. I've signed up for the public beta and so will snag it as soon as Apple sends the email. One of use will surely update this thread if the installer process name has changed.
I'm also setting up a smart group to look for 10.10 machines and having it email me, so if one of my eager beavers bypasses the restricted software process and manages to install it, I'll get an email. And then it becomes a disciplinary issue.
Posted on 07-23-2014 03:53 PM
@emilykausalik - see above. But as @damienbarrett said, that's good if it doesn't have a name change. As long as someone signs up and posts here, we'll find out. I belong to the other program, and they don't want us doing both. So it should be as simple as what's posted up above...
Posted on 07-23-2014 05:00 PM
This was posted the other day, http://support.apple.com/kb/HT6311.
I created a Configuration Profile based on this, https://github.com/golbiga/Profiles/blob/master/blockosxbeta.mobileconfig. If your users are admins you can add an additional section that requires a password to remove it.
Allen
Posted on 07-23-2014 06:32 PM
Allen, that's awesome. Great find! I'll be playing around with this config profile tomorrow.
Posted on 07-23-2014 09:36 PM
theoretically, if you are not using profiles, would this also work as a 'defaults' command / mcx (Managed Pref) ?
(i.e. "sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AllowPreReleaseInstallation -bool false" )
UPDATE: just tried it using an 'MCX' setting, works that way as well (as i had hoped).
It doesn't stop anything until it get's the the portion of the installer that asks to select a disk