munki
macOS-enterprise-privileges
Our great sponsors
munki | macOS-enterprise-privileges | |
---|---|---|
44 | 41 | |
3,002 | 1,238 | |
0.9% | 2.7% | |
8.0 | 4.1 | |
7 days ago | 3 months ago | |
Python | Objective-C | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
munki
-
Starting role as MAC admin
In the non-MDM tool space, look into Munki https://www.munki.org/munki/
-
Sonoma's log gets briefer and more secretive
this experience is an indication that the opco didn't hire the right expertise. If the numbers you quoted ie 30k desktops, 50k total were not macs, it's clear that the org didn't have the kind of mac experience needed to manage a a new org with all macs.
It's entirely possible for administration of macs.
Start networking/asking around with places like Disney or Pixar, etc which have a large amount of graphic artists using macs. For example, from Disney https://github.com/munki/munki gets you to a certain point.
Other tools like Kandji (lightweight) and the 900 lb gorilla in the industry Jamf gets you the other management / administration bits needed
If this opco that you referred to never got a Jamf rep to work with them and to try out their (yes, very expensive) products, then this is mostly inexperience with the mac ecosystem.
-
Show HN: Applite – Clean Homebrew front end app for macOS built with SwiftUI
There's a decent open source option: https://github.com/munki/munki
I got to use it at work at Meta (as end user), and it seemed to work quite well. They delivered Android SDKs/IDEs and a bunch of other things that I'd personally install through Brew with Munki.
- Employee monitoring softwares
- Simple App to help Mac Admins
-
Boss refuses all MDMs. Any way to automate or script deployment?
Munki is not an MDM and I recently learned there's this project called Installomator that might help.
-
Training recommendations?
Or Munki
-
Cannot get Munki Managed Software Center to populate with my catalog?
This is a feature of munki called default manifest resolution. Though I prefer to avoid this and explicitly set the client identifier for all devices.
- I have this old G4 cube. It has an interesting decal on it.
-
Giving non-admins privilege's for updating programs? Adding Printers?
another option is munki https://github.com/munki/munki, for the software update part,
macOS-enterprise-privileges
- Administrator Accounts for Users
- Simple App to help Mac Admins
- Microsoft Enterprise SSO Plug-in and Tiered Accounts
-
MacOS user profile management inquiry
Also, if you need them to have admin rights, you can use something like https://github.com/SAP/macOS-enterprise-privileges
- MacOS: Grant temp admin rights to user from a Company Portal application
- Allow non-admins to manage Location Services
-
Can we hide the orange dot without disabling SIP?
> For technically-inclined users, I'm still largely unconvinced of the value of SIP.
Problem is technically-inclined users are the ones most likely to not be running "defense in depth" and therefore susceptible to zero days such as the H.264->code execution discussion earlier this week.
Arguably, technically-inclined users participating in the software supply chain should go beyond SIP and run in Lockdown mode permanently, both on the dev machine and any mobile devices used for MFA, or at the very least self-install SAP's "Privileges" or equivalent that requires a deliberate unlock to act as Administrator.
https://github.com/SAP/macOS-enterprise-privileges
This helps* prevent drive-bys with persistent payloads without the extra attack surface that is commercial AV or anti-malware.
* Helps prevent, not prevents.
- macOS privileges, quick and easy way to get administrator rights when needed
- Using an admin-account for daily work, really that bad?
- Admin rights and PAM
What are some alternatives?
HomeBrew - 🍺 The missing package manager for macOS (or Linux)
MakeMeAnAdmin - Provides temporary admin access for a standard user via Jamf Self Service
Installomator - Installation script to deploy standard software on Macs
macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
Vlad the Deployer
ProfileManifestsMirror - Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)
Capistrano - A deployment automation tool built on Ruby, Rake, and SSH.
macOSLAPS - Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
Mina - Blazing fast deployer and server automation tool
rtrouton-recipes - Recipes for AutoPkg
Stack Up - Super simple deployment tool - think of it like 'make' for a network of servers
LAPSforMac - Local Administrator Password Solution for Mac