Skip to content

Information Technology

Mac Admins @ Penn State University

I was recently at Penn State University in State College, PA for the annual MacAdmins conference. I was there with my co-worker Rebecca. The two of use presented two topics and they’ve made their way to YouTube.

Running GlobalProtect CLI only on Linux

I just spent 3 hours on a Zoom with a colleague trying to figure out what the issues our Linux users were facing when running GlobalProtect. To install the CLI-only version, you must first you download the files, untar/detar/whatever it… Then you run the installer script Woo hoo! It’s installed! Kinda, there’s a few things missing. Default Browser In the document /opt/paloaltonetworks/globalprotect/pangs.xml, add the following line in the <settings> section… Point to your Portal In the document /opt/paloaltonetworks/globalprotect/pangs.xml, add the following line in the <PanSetup> section… Save the document and exit. Reboot You don’t need me to tell you how to do that… reboot your computer. globalprotectcallback: URLs Create the… Read More »Running GlobalProtect CLI only on Linux

Custom Commands for Mosyle

Hat Tip to another Adam. I recently discovered these when poking around in Adam Codega’s Github. There’s a couple especially I want to draw attention to. This little script will get the battery service level, plus tell you the number of power cycles the battery has had. It will appear as something like “Normal (256)”. Battery condition is normal and has had 256 cycles. From there in Mosyle, you can create a Smart Device Group where the criteria is for that field is like “Service Recommended” as you can see below. Here’s the direct link. This script will tell you how many kernel panics a device has had… Read More »Custom Commands for Mosyle


I’ve used a few different MDMs in my time as a MacAdmin, I’ve written about my transition from WorkspaceONE to Mosyle and I really much prefer it. I noticed today that one user isn’t using FileVault. I have a deferral set to 5 times. Which now I’m thinking might be a bit high. I was wondering how many times that user has deferred FileVault. I saw you could use fdesetup to see info about deferral. So I made a quick and dirty script for that. I used Mosyle to blast it out to all devices with Filevault off (that required having a smart group), and told it to run on… Read More »fdesetup

AutoPKG storage on external drive

Ran into a quick problem that I thought I’d quickly blog about. AutoPKG’s data folders are all sitting on an external drive. First off, “Ignore ownership on this volume” was checked off, and AutoPKG doesn’t like that. That was a first for me, I’ve always had AutoPKG running on the internal drive. I turned that on, gave myself ownership and read & write and then propagated permissions down. On the next run I got: Got some quick help from MacAdmins #AutoPKG channel. Suggested I give python full disk access. That solved the problem. Python was already in the PPPC panel for Full Disk Access, so I checked it off, but… Read More »AutoPKG storage on external drive

Broken Admin Account

Text I type is green, computer replies are purple. I had a weird issue this morning. A teacher brought in her school Mac. She was unable to authorize the computer to allow screen sharing in Zoom. Everything in our MDM was set properly. Standard users were allowed to make their own decisions for screen capture1. I clicked on the lock icon to authenticate there. It wouldn’t accept my credentials as the admin user. A bit about our workflow. Device in Apple School Manager and assigned to our MDM (Mosyle) Computer turns on and goes through Automated Device Enrollment (ADE) and hands off to Mosyle Authenticate to Mosyle via Google Mosyle… Read More »Broken Admin Account

Hosting Munki in an S3 bucket from Wasabi

Why I’m writing this I wasn’t originally planning to write a blog post about this. I am not on the bleeding edge and others have done it, but I hit some roadblocks along the way and I couldn’t find good answers. In addition, Orlando asked me in #toronto on MacAdmins Slack if I was going to, and how can I say no? Why I did it During the pandemic I found that it was a bit painful to get a new Mac up and ready to go out of the box for our teachers at home. While I’m hoping that we will be spending all of the 2021-2022 school year… Read More »Hosting Munki in an S3 bucket from Wasabi


A few days ago, Anthony Reimer posted to his blog about Recognition, Retirement, and Remembrance. I suggest you give it a read. I don’t have much to say about Retirement and Remembrance, but I do feel I have a lot to say about recognition. While we don’t have any formal place to acknowledge recognition, I feel I can do so here. First off, I should thank: Anthony Reimer I’ve gotten to know Anthony over the past few years. My last trip to MacAdmins we got to spend some time together in person and chat about everything and anything. He’s very knowledgable and extremely supportive of the community. While he’s not… Read More »Recognitions

Apple Music screenshot

Plex Smart Playlists

People seemed to appreciate some guidance I gave on smart playlists, so I thought I would post this here for anyone looking for this info. It began because Plex’s smart shuffle is terrible, and I didn’t know it was a feature you can turn off. But let’s start earlier. I stopped using iTunes (Apple Music) a while ago and moved my music library over to Plex. Well, that’s a bit of a lie. I do still use Music to import CDs and use it for its file sorting features. I buy a new album (digital or physical), put it into Apple Music, then Resilio Sync syncs my ~/Music folder to… Read More »Plex Smart Playlists

System software from developer “Apple Inc.” has been updated.

Apple wants end users to know what they’re authorizing and what system/kernel extensions are running on their computer. Yet I got this message. I have no idea what it is and what I’m authorizing. I know it’s from “Apple Inc.” but that’s it. There’s no GUI to show you what system/kernel extensions are running, so I have no idea what it is. I can run systemextensionsctl list but that gave me: I can run kextstat and I get the following, which doesn’t tell me what is pending approval or if any of them are unapproved. How am I supposed to know what is? Am I missing something? Am I supposed… Read More »System software from developer “Apple Inc.” has been updated.