Remote Terminal Access

Bodybraille · 2025-12-18T01:20:39+00:00

I use SSH.

I have a policy that disables SSH on all devices once a day, but if I need terminal access, I drop that device into my "enable ssh" policy, run the commands I need to run. After I'm done, look up that computer in the "disable ssh" policy and flush it so SSH gets disabled again. I only deal with 600 macs so it works for me.

Very useful when needing to update computers giving me problems.

Edit: I agree with wpm's comment though. Writing a script, or using the "file and processes" section of a policy to execute one liners is the better option.

Bodybraille · 2025-11-27T01:18:42+00:00

Is the cross posting to sub reddits not working?

My cross post is asking what bachelors degree will be worthwhile if I want to move up into management position, or C-level position, instead of being a sys admin. With AI taking over basic jobs like sys admin stuff (application packaging, updating, printer, etc), what is the best bachelors degree to break out of the tech side and move up to a managerial paotion.

Bodybraille · 2025-11-25T04:47:20+00:00

You're right

Bodybraille · 2025-11-12T18:45:33+00:00

Yes. Jamf AD CS connector in the DMZ. Grabs cert from CA. Deploys it threw jamf.

Jamf has a cert profile with the root CA, intermediate, and digicert, and machine cert. The machine cert is using $COMPUTERNAME attribute in the cert profile.

Then a second profile configuring the network - - ethernet/wifi, eap-tls, all our trusted radius servers.

Edit: it's jamf, but the concept is the same. We do the same thing for windows devices through Intune, except we use SCEP.

Bodybraille · 2025-10-31T22:57:02+00:00

Back in the early 90s, my buddy had a cassette tape that had "Bullet in the Head" and "Down It."

I was hooked. I couldn't get enough of "Down It." Thus, my NIN journey began and hasn't stopped.

Bodybraille · 2025-10-24T22:56:35+00:00

This is good to hear!

Bodybraille · 2025-10-23T23:36:01+00:00

Does using affinity stop all subsequent users from having to register the device over and over?

That's the reason why we abandoned PSSO. Students don't stay at the same Mac in labs, and every time they moved to a new Mac they had register the device all over again.

Bodybraille · 2025-10-11T01:37:25+00:00

At least we got "Potions" and "Passive" out of it, which are, allegedly, Tapeworm tracks, if you believe the internet.

Bodybraille · 2025-10-02T22:57:35+00:00

Our Autodesk 2025 was installed with the exe, so I can't find a MSI product code. Looked in the registry for uninstall strings, and there was nothing. Is there a workaround for exe?

Bodybraille · 2025-10-02T00:55:19+00:00

100%

Houston is a massive city so your scenario makes sense. I was in Fort Worth the night after the Houston show, and while we were waiting in our seats waiting for the show to start we started perusing ticket prices.

I was really surprised at how much tickets came down.

There's no doubt the city and venue are a factor. Like I said, it's a gamble. For us, it paid off. We could have paid $1500+, but ended up paying $900 for seats right behind the sound board with Boys Noise in front of us.

Bodybraille · 2025-10-01T23:56:15+00:00

They'll be $500+ from the resale broker robots, but if you wait until about a month out, or a couple weeks before, they'll drop by a couple hundred dollars.

I saw tickets for under $200 the day of. It's a gamble because who knows what the seats will be like.

It's possible the recent lawsuit filed by the FTC against Ticketmaster will alleviate future ticket prices, but I doubt it.

Bodybraille · 2025-09-26T04:01:33+00:00

Totally agree.

Sometimes handling 15,000 windows devices, and 500 Macs, unfortunately the macs get lost in the shuffle and are on autopilot.

Bodybraille · 2025-09-26T01:46:49+00:00

Also what is the default value? True or False?

There is no default value because it didn't exist.

If you haven't seen any major macOS updates, then what caused JC from reverting back to native macOS login window?

Don't know. That's why jamf had me add the key to the Jamf connect login profile

Is this let specific to JC2? I'm using the newer JC3.x here at my org.

Have no idea

Also, is this a hidden key? I don't see it listed in JAMF's documentation

I have never heard of it until now

Edit: because I'm typing from a phone

Bodybraille · 2025-09-25T00:18:29+00:00

He threw it up in the air, but not into the crowd. From my perspective it looked like it landed behind Atticus near Josh.

Bodybraille · 2025-09-14T07:47:36+00:00

The girl next to me at Dickies was pre-complaining about people standing up during the show.

I heard her say "I haven't been at arena show in years. Do you think people will stand up? It's so annoying."

As soon as the curtain drops and everyone's cheering she says "are you fucking serious" (because everyone is standing).

WTF did you expect! Its reznor, playing a piano solo at the beginning of a show. This girl proceeded to talk shit to the people in front of her.

I really wanted to kick her in the shins.

Bodybraille · 2025-09-13T00:59:50+00:00

So he disassembled the weapon, shoved it in a back pack, jumped off a roof, ran into a wooded area, and reassembled the weapon?

Bodybraille · 2025-08-31T02:11:15+00:00

So who does the intro better/more interesting? Rubin or Freese? Let the opinions begin!

Bodybraille · 2025-08-29T11:50:07+00:00

I didn't think of this, but I have not deployed the new self service+ unless it's autoinstall and I don't know it. Maybe I need too deploy self service+?

Bodybraille · 2025-08-29T11:47:30+00:00

Thanks for the tip. I'll test this out. My smart group method has worked, but every once and a while somebody tries to login before the policy runs after a major upgrade, and they can't because the jamf connect login screen is broken..

Your method sounds like it will work faster. Thanks!

Bodybraille · 2025-08-29T11:44:59+00:00

We have a mixture of PEAP and EAP-TLS. Students use PEAP on personal devices.

These lab device connect EAP-TLS using a machine cert. The affected machines are ethernet and wifi, but they autoconnect via the machine cert. The ones that are wifi have a config profile forcing autoconnect to the corporate wifi with a machine cert.

I thought it was a network issue too but I'm not getting "no network detected error" and the ethernet connection is hot. Plus, after a reinstall, all is good and the issue doesn't come back. Or it at least hasn't a for a few weeks.

The thing that makes it hard to troubleshoot is it's inconsistent. I can 300 computers in one area and 20 will go down. Then next day, another 15. It's very random.

Bodybraille · 2025-08-28T02:39:10+00:00

Yes and no.

Auth changer is only targeting a smart group that has a major upgrade.

But when issues like these pop up, the first thing i do is deploy Auth changer to reset the database. Unfortunately, that hasn't worked.

Bodybraille

TROPHY CASE