OS X Yosemite

Araneta
New Contributor III

Any first take? What to watch for? Positive or Negative feedbacks?

99 REPLIES 99

ItsMe_Sean
Contributor

As far as I am aware, the Beta can not be discussed outside the Apple forums due to the NDA.

franton
Valued Contributor III

Fairly sure you can discuss the keynote ...

ItsMe_Sean
Contributor

I'm sure you can about that. I saw the start of the keynote after I posted this, so disregard my post haha.

Chris_Hafner
Valued Contributor II

Yep. I am blown away. I can't begging to mention how much I hope for iCloud Drive! Oh, and the API expansion!

andyinindy
Contributor II

Has anyone been able to successfully block the Yosemite installer? I set up a restricted software item that looks for the "Install OS X 10.10 Developer Preview" process, but it does not seem to work...

scottb
Honored Contributor

@andyinindy: how about just putting in: "Install OS X 10.10"
I haven't tried yet - working on it now...just a thought looking at the parent process.

andyinindy
Contributor II

@boettchs, "Install OS X 10.10" doesn't seem to work either. I am on 8.73, BTW. Has anyone else had success with restricting Yosemite?

scottb
Honored Contributor

@andyinindy][/url: The first one you posted does indeed work. I just ran it... Double-check for spelling, etc. And I'm sure you updated your test Mac with sudo jamf manage first? I just did it and it's working as you'd expect.

*edit: FWIW, I'm on 8.73 as well.

andyinindy
Contributor II

Hmmm, I have no misspellings and I ran a 'sudo jamf manage'. No joy. Weird. I'll keep poking it with a stick to see if I can get it working...

*EDIT*

I am a moron. Global exemptions were to blame. All is working as expected with "Install OS X 10.10 Developer Preview" as the process name. Thanks, @boettchs!

Millertime
New Contributor III

At the Keynote yesterday they said that 10.10 would be made available to non developers to participate in the beta as well. So I'm with ya on the NDA stuff, just not sure how much it applies this time 'round.

scottb
Honored Contributor

@andyinindy: Cool. Had to be something dopey eh?

@Millertime: I won't discuss the software at all other than something like this. I think it's OK to discuss how to kill it in the environment - we're not talking about the software itself. Although Apple sorta opens the doors with public betas now...

damienbarrett
Valued Contributor

Yup, I'm also blocking the installer the same way as boettchs. But not on my own test computers, of course. Heh.

mm2270
Legendary Contributor III

Apple hasn't released a beta to the public yet. Probably not until later in the summer. Right now you need to be a registered developer or be signed up with their invitation only Seed program to get the preview.

That said, its probably safe to discuss anything that was shown in the keynote yesterday since the whole world has access to that information right now.

The new technology discussed seems interesting. I was a bit distracted with the new look though. Its got Johnny Ive written all over it. He set his sights on iOS first and now OS X. Skeuomorphism has been officially kicked to the curb with this upcoming release. The new look seems so.. flat. Almost too much to me, but I'll do my best to reserve judgement until its officially released.

emily
Valued Contributor III
Valued Contributor III

All I really want (to the tune of the Spice Girls song) is Airdrop to work between iOS and OS X. I mean, I don't understand why it didn't before.

andyinindy
Contributor II

@emilykausalik zig a zig ahhhh, I also would love it Airdrop had that functionality! I didn't get to see the Yosemite portion of the keynote yet; was that something that they announced?

emily
Valued Contributor III
Valued Contributor III

andyinindy
Contributor II

@emilykausalik, aww man so nothing definitive:

Other possibilities include Apple finally releasing...a version of AirDrop that is compatible with iOS’s AirDrop functionality.

Guess I'll need to install the beta(s) and try it out! But not talk about it here ;)

scottb
Honored Contributor

Interesting:

Apple Has (Partly) Lifted the NDA for Beta Releases

With the release of the beta versions of iOS 8 and OS X Yosemite at WWDC 2014 yesterday, Apple has also updated the legal agreements for registered iOS and Mac developers. Among other changes, Apple has added the following sentence to section “10.1 Information Deemed Apple Confidential:

Further, Apple agrees that You will not be bound by the foregoing confidentiality terms with regard to technical information about pre-release Apple Software and services disclosed by Apple at WWDC (Apple’s Worldwide Developers Conference), except that You may not post screen shots, write public reviews or redistribute any pre-release Apple Software or services...

http://oleb.net/blog/2014/06/apple-lifted-beta-nda/

Araneta
New Contributor III

Thanks for your input guys. Keep it coming :)

@andyinindy, tried your solution and it works on JSS 9.31 too.

tthurman
Contributor III

@boettchs][/url

I did the standard restricted software for blocking the process and it blocks the installer.

However, a coworker came up with the brilliant idea of partitioning his HD and installing it on that - for some reason, it installed it just fine (without being blocked).

Thoughts?

-TJ

scottb
Honored Contributor

@tthurman: The restriction kills the installer process, so you can't just have a partition and run the installer - I have lots of partitions so he did more than just install it there. I'd wager he installed an OS on that partition then upgraded it. It would not have the JAMF Binary on it, so the policy would not be in place.
Or, he unmanaged it first. Does he have rights and knowledge? It's not hard.
Just a guess without knowing more...

mm2270
Legendary Contributor III

Craig Federighi mentioned in the keynote that Airdrop will work between the Mac and iOS in Yosemite. Its around the 35:30 mark in the presentation, so I would say that's pretty definitive.

tthurman
Contributor III

@boettchs

Makes sense. I talked to him shortly after I posted this - He said he used the seed file to install it via a flash drive after partitioning.

As I think about it, I don't really see a way to stop someone from doing this.

--
TJ

mm2270
Legendary Contributor III

@tthurman - If the Restricted Software has been fed down to his Mac, it should make no difference where he ran the installer from or what partition he intended to install it on. As soon as the process starts the Restricted software item should see it and take whatever action you told it to, like quitting it and/or deleting it.
As @boettchs mentions, the more likely scenarios are either that the Mac never got the new Restricted Software xml telling it to block that installer, or it was installed from an unmanaged Mac. Or, he disabled the process, which isn't very hard to do if you know what you're looking for and have admin rights on the box.
There are really no other valid explanations.

mm2270
Legendary Contributor III

Just did some testing today on the dev preview and it looks like to block it in a Casper Suite Restricted software item you need to add in a process called "InstallAssistant" That's actually the executable that pops up when you run the 'app" installer.

I haven't set up a Restricted Software item yet, but doing something like

kill -9 $(ps axc | awk '/InstallAssistant/{print $1}')

shuts down the installer assistant if its up on screen, so that will probably work.

appledes
New Contributor III

Hello. our block under Restricted Software is working perfectly.
Restricted process name of Install OS X 10.10 Developer Preview

mm2270
Legendary Contributor III

@appledes - you should just be aware that using that path is not 100% guaranteed to stop all cases. The reason is that that path is to the installer app bundle, so when its run, it shows up in the process list kind of like-

/Applications/**+Install OS X 10.10 Developer Preview+**.app/Contents/MacOS/InstallAssistant

Your Restricted Software item is catching the part I bolded and underlined above, but, if a user tries their luck and renames the app bundle to something like "Install Me" the new path would look like-

/Applications/Install Me.app/Contents/MacOS/InstallAssistant

As you can see, the process name you entered is no longer there and Restricted Software won't know to shut it down. I just tried this by the way and the installer still launches when renamed to exactly what I have above.

However, since my Restricted Software item looks for "InstallAssistant", my path looks like this-

/anything can come before this/**InstallAssistant**

You cannot rename the "InstallAssistant" executable in the app's bundle or it stops working altogether. It doesn't even last long enough to show in the Dock before it exits.

Therefore, best practice here would probably be to set up two Restricted Software items
One that uses the normal bundle path like you have and a second one that will use the executable name and catches those cases of a clever user who tries to get around the block by renaming the .app bundle.

Note also that if you decide to use the "Delete" checkbox in the Restricted Software item, using the app bundle will delete the entire installer. whereas mine will only delete the executable and leave the rest. Ether one is effective though. The installer can't be started without the executable. so once its deleted, its worthless to the end user and they would need to try downloading it again.

appledes
New Contributor III

@mm2270. Thank you for the advice. I will make that adjustment.

jennifer
Contributor

I too was using restricted process name of Install OS X 10.10 Developer Preview. And someone got around it. I haven't figured out how yet.

Its still managed, still enrolled, no partitions.

I updated my restriction to include @mm2270 's InstallAssistant suggestion, hopefully that will keep others from doing this. If anyone has an other ideas, please let me know.

jwojda
Valued Contributor II

@mm270 can you feed that string into casper? I didn't think the casper restricted software would accept a string like that.

mm2270
Legendary Contributor III

@jwojda - Sorry for the confusion. I didn't mean to actually use a string like "/anything can come before this/InstallAssistant" I was using that to illustrate a point that anything can come before the string of "InstallAssistant"

My Restricted Software simply uses InstallAssistant as the process to look for.

jwojda
Valued Contributor II

lmao, I meant the part earlier about the kill -9 and awk stuff...

never occurred to me to do the InstallAssistant from your post... I'm s-m-u-r-t :)
Thank you for the clarification for those out of it today!

mm2270
Legendary Contributor III

Oh, haha! Sorry, it didn't even occur to me you were asking about the kill -9 line. I was just stating that I tried that kill -9 line when the installer application was up and running and it shut down the installer. So my assumption prior to setting up my actual Restricted Software item would be that adding InstallAssistant in as the process to look for and checking the Kill box would do the same.

emily
Valued Contributor III
Valued Contributor III

So apparently a public beta is starting this week… any tips for restricted process killing?

damienbarrett
Valued Contributor

I'm hoping the process name is the same as the DP from June. If so, I'm set. If not, I'll have to add a new restricted software. I've signed up for the public beta and so will snag it as soon as Apple sends the email. One of use will surely update this thread if the installer process name has changed.

I'm also setting up a smart group to look for 10.10 machines and having it email me, so if one of my eager beavers bypasses the restricted software process and manages to install it, I'll get an email. And then it becomes a disciplinary issue.

scottb
Honored Contributor

@emilykausalik - see above. But as @damienbarrett said, that's good if it doesn't have a name change. As long as someone signs up and posts here, we'll find out. I belong to the other program, and they don't want us doing both. So it should be as simple as what's posted up above...

golbiga
Contributor III
Contributor III

This was posted the other day, http://support.apple.com/kb/HT6311.

I created a Configuration Profile based on this, https://github.com/golbiga/Profiles/blob/master/blockosxbeta.mobileconfig. If your users are admins you can add an additional section that requires a password to remove it.

Allen

damienbarrett
Valued Contributor

Allen, that's awesome. Great find! I'll be playing around with this config profile tomorrow.

kstrick
Contributor III

theoretically, if you are not using profiles, would this also work as a 'defaults' command / mcx (Managed Pref) ?
(i.e. "sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AllowPreReleaseInstallation -bool false" )

UPDATE: just tried it using an 'MCX' setting, works that way as well (as i had hoped).
It doesn't stop anything until it get's the the portion of the installer that asks to select a disk