Just a heads up, we started experiencing SSO issues with systems that
had upgraded to build 18G9216 this week. Many of our devices that are
bound to Active Directory started experiencing hangs during kerberos
actions (visiting internal SSO-enabled si...
Since I can't prove a negative, I'm asking here for input: we would like
to assign our whole fleet of QuickAdd-enrolled Macs to our Jamf Pro
server in ABM, and then to a pre-stage in Jamf Pro, so that they can be
enrolled via DEP after their next wip...
Does anyone happen to know which ciphers Apple uses for their HTTPS
connections for integration services? I was having issues setting up DEP
on our Windows Server test instance, and enabled all ciphers just to get
it to connect to Business Manager (i...
Has anyone found a good way to block or filter the startup pages (maybe
anything with a # in the base URL) so they are only visible from certain
IPs? For example, I don't want the startup pages on our DMZ instance to
be visible to the Internet and ha...
Has anyone else been tasked with finding a method to prevent credential
dumping in the form of using dscl to access user password hashes? I'm
not having any luck investigating this, it seems to be a big deal on
Windows with various solutions but it's...
With Big Sur, you are supposed to include the root and intermediate
certs in the same profile as the network config and check them as
trusted. However, in our situation, I found that entering a wildcard
Certificate Common Name was enough to do the tr...
No, I pushed a modified version of the script from that page, including
capturing a backup of each file before modifying (and creating a
rollback version to replace the files later). But you shouldn't need a
file share for a script, since they are ju...
I'm not going to post all the code right now, but if someone is
interested I can put something together. Since we're coming at this from
an 802.1x angle, I've found that reading
Has anyone found another solution besides hard-coding the server
certificate? If we have to include the cert file in the SCEP profile
with our network configs, that means we are now bound by that
certificates expiration date when it comes to renewals...