Posted on 10-16-2013 05:39 PM
Please feel free to post your questions - wifi permitting, we'll attempt to check though out the presentation!
Posted on 10-17-2013 12:25 PM
we use certificate based 802.1x authentication in our environment, and we deliver the certificate and system-level 802.1x profile using a configuration profile. This method of installing the certificate does not prevent exportation of the private key when running 10.7 or 10.8. Has anyone found a way to protect the private key when using a config profile on those OS's?
Posted on 10-17-2013 12:49 PM
We have peculiar instance where some users do not have recovery partition. A direct result of a poorly deployed OS disk image without a recovery partition. We have resolved this issue for new deployment sung Casper. How can we deploy File Vault 2 for these users without a recovery partition?
If not possible, can that partition be injected?
Posted on 10-17-2013 01:04 PM
Have you encountered situations where Mac antivirus did something for you?
Posted on 10-17-2013 01:04 PM
Any recommendations on 2-factor VPN for Macs?
Posted on 10-17-2013 01:11 PM
Most people think of iOS when the speak of BYOD (bring you own disaster). What are your best practices to share for BYOD OS X devices?
Posted on 10-17-2013 09:11 PM
I referenced a few things that are available on GitHub during today's session:
Create-Recovery-Partition-Installer - https://github.com/MagerValp/Create-Recovery-Partition-Installer
The current version of my XProtect management script for Java browser plug-in settings is available here - https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/xprotect_re-enable_java_6_...
Blog post that describes how the XProtect management script works:
Managing Java browser plug-in settings for Apple’s XProtect malware protection - http://derflounder.wordpress.com/2013/02/24/managing-java-browser-plug-in-settings-for-apples-xprote...
Posted on 10-17-2013 09:22 PM
One other thing I referenced during the panel discussion was editing the /etc/sudoers file to remove the ability of all users with administrative privileges to use sudo. The general idea is that the entry for %admin be removed from /etc/sudoers, as that's referencing the admin group on the machine.
Instead, specify the usernames that should have sudo privileges:
If a user needs to have sudo privileges, add their username to the /etc/sudoers file on the appropriate machine.
Posted on 10-18-2013 11:09 AM
Here is the feature request to have an option built into Casper for the fdesetup -authrestart in case anyone would like to vote it up.
https://jamfnation.jamfsoftware.com/featureRequest.html?id=1255#respond