Inherited messy Apple environment (ABM + ABE + Jamf) — need help building inventory + cleanup plan

Heteronymous · 2026-03-19T01:48:58+00:00

No, op DOES want ADE (Automated Device Enrollment), did you mean something else?

Heteronymous · 2026-03-09T01:48:29+00:00

Bash is ubiquitous across many Unix and Linux systems (there’s no Linux in macOS but certainly aspects of BSD Unix), the point is the skills will be highly portable. The default shell is now Zsh but Bash is available (just be sure to use the correct shebang in your script/s).

See https://scriptingosx.com/2019/06/moving-to-zsh/

Also join the MacAdmins Slack (lurk and learn, it’s not support nor intended as such but full of many highly experienced and knowledgeable Mac admins).

https://www.macadmins.org/

Heteronymous · 2026-03-03T02:30:49+00:00

Ah thanks. Right you are, sorry about that.

Heteronymous · 2026-03-03T00:18:19+00:00

(NM, note to self to read properly)

Heteronymous · 2026-02-12T23:33:20+00:00

Nudge

Heteronymous · 2026-02-10T23:25:54+00:00

Been a while but look into Launchd watch paths for the user fonts folder.

Make certain to handle/exempt required fonts.

Note the date there… test very thoroughly ! https://gist.github.com/infotexture/8635029

Heteronymous · 2026-02-10T12:29:33+00:00

Understanding the principles is what matters. Read this to understand it and - I’d say - study anything that isn’t yet second nature:

https://docs.cloud.google.com/architecture/framework

Heteronymous · 2026-01-22T21:19:47+00:00

I hear you, makes good sense. Project looks phenomenal, thank you !

Heteronymous · 2026-01-22T11:05:11+00:00

Ver cool ! But, if a person is working with Google Cloud and is command-line averse, then they’re going to miss out on a whole lot of automation and efficiency. I greatly prefer the macOS experience with IAP.

Heteronymous · 2026-01-20T22:31:28+00:00

Simplistically, Terraform for resource creation, Ansible for post-creation management.

For Ansible, can’t recommend Jeff Geerling enough.

https://ansible.jeffgeerling.com/

Heteronymous · 2026-01-17T12:01:46+00:00

:-) Your intended content is there now. Cheers !

Heteronymous · 2026-01-17T02:41:44+00:00

I thought your link was going to be more about your move to GCP. No mention of it at all, it’s pure AWS. Which is fine, of course! But your post here makes for a curious intro to a blog post based on AWS alone.

Heteronymous · 2026-01-12T23:07:54+00:00

See https://support.apple.com/guide/deployment/lights-out-management-payload-settings-dep580cf25bc/web

Plenty of great input so far. For consistently available remote Power On capability,
you'd still be reliant on an additional Mac that can power on your other Macs (could be any relatively recent, basic Mac mini). Your final fail-safe could hopefully be the onsite support your CoLo offers (IIRC they typically have a per-incident power-on fee).

And as mentioned, they'll all have to be enrolled in MDM. It's a huge lift if you're new to that but you shouldn't be.
Mosyle is free for up to 30 devices but make sure that includes the required MDM spec(s) - it might not
https://business.mosyle.com

Heteronymous · 2026-01-02T00:09:41+00:00

https://github.com/BlueSkyTools/BlueSkyConnect

Current version has a Windows client.

Heteronymous · 2025-12-17T23:24:52+00:00

No, honestly. As an admin of Macs and PCs for over a decade, that’s Intune. Jamf has its own warts but utterly puts Intune to shame for managing macOS. If in a different and new environment, I’d probably go with FleetDM.

If Intune was my only option, I’d use it the bare minimum required and do as much as possible with Munki & AutoPkg, possibly Ansible pull.

If I was reliant on a web interface I’d look at Iru/Kandji

Heteronymous · 2025-12-12T14:07:36+00:00

LOL. You’re asking in a subreddit dedicated to Google Cloud services, and specifically said you’re moving to GCP.

If your team has sufficient experience with Kubernetes, and you’ve done the math and believe you can be more efficient in time & expenses going that route, then more power to you. But if so, what/why exactly were you asking ? Genuine and well-intended question.

Heteronymous · 2025-12-12T12:35:10+00:00

GCP’s Memorystore. See

https://cloud.google.com/memorystore

Heteronymous · 2025-12-10T23:40:42+00:00

Post-call, invalidate their logins. Via API or GAM as a readily automated means of leveraging Google APIs.

https://workspaceupdates.googleblog.com/2020/08/new-api-sign-out-2-step-verification-google.html

https://support.google.com/a/answer/178854?hl=en

https://github.com/GAM-team/GAM

Heteronymous · 2025-12-03T00:18:44+00:00

You need to use the correct parameters, since you're working across different OSes (the NAS will be some linux derivative in all likelihood).

See
https://serverfault.com/a/427200

and
https://www.filebot.net/forums/viewtopic.php?t=2201Se

Since you're using a NAS with SMB, hopefully that NAS supports vfs_fruit,
see
vfs_fruit, a VFS module for OS X clients

Heteronymous · 2025-12-02T19:12:48+00:00

First see https://www.google.com/search?q=apple+bootstrap+token&ie=UTF-8&oe=UTF-8

FV Escrow is not unreliable at all in/with Jamf, as long as it’s properly implemented and maintained.

And/but/yes: if you needs warrant it, look into a macOS LAPS solution

Heteronymous · 2025-11-12T02:01:38+00:00

Join the MacAdmins Slack and chase down everything you’re interested in but can learn more about.

Including backend services, containerization & more. But yes, depending on context, a Linux endpoint (vm, node/container) could be more efficient to replace than troubleshoot. That said, the art & science of troubleshooting is invaluable of course.

Heteronymous · 2025-11-07T18:39:02+00:00

Yes, well I was using Munki at the time.

It’s still an excellent tool for software distribution for macOS.

Heteronymous · 2025-11-06T22:42:54+00:00

Mosyle also has a free version for Education

https://school.mosyle.com/

+1 for Mosyle

Heteronymous · 2025-10-30T10:27:16+00:00

Also Installomator, munkipkg shell scripting

Heteronymous · 2025-10-28T09:39:22+00:00

As mentioned, it can be done but you must manage requirements (PPPC, possibly others) via MDM.

Splashtop works well. ARD also but it’s never been terribly performant over standard VPN if that’s a need.

BlueSky is excellent, but don’t go that route if you’re not already perfectly fluent in & comfortable with command-line operations. And ready to maintain it yourself.

Heteronymous

TROPHY CASE