Another GitHub Actions Update - Using Deploy Keys Instead Of Personal Access Tokens

Constraining the Github Actions Deployment Key to the Repo instead of the Account

When I restarted my blogging journey in 2020, I switched from Jekyll to Hugo hosted in GitHub pages. It’s been a relatively painless journey, and kudos to GitHub as a rock-solid hosting provider. I’ve covered it before (Initial Setup and First Update), but I’ve been incredibly happy with private-to-public publishing workflow that allows me to keep drafts and work-in-progress hidden. That said, a recent comment gave me reason to make another update to the Workflow. [Read More]

Mapping Concepts from Munki to WS1 UEM

What happens where for non-store macOS apps

Since Workspace ONE UEM version 9.3, VMware has included the open-source munki binaries in the Workspace ONE Intelligent Hub for macOS. The intent of this integration was to give macOS admins the ability to distribute 3rd-party non-store macOS apps, without the need to host any backing instrastructure for munki. Because this integration was meant to give admins some of the commonly used functionality, it was not integrated in such a way to include support for ALL munki’s functionality. [Read More]
macOS  munki 

Best Practices for Apple Admins in Workspace ONE UEM

Avoid learning these things the hard way!

I was recently reading a post about What to do when you have to lay off your Jamf administrator, and it got me thinking. The Workspace ONE UEM documentation generally specifies what you need from a software and hardware perspective in pre-requisites. That said, over the years I’ve come to know a few unwritten (or written but obscure) best practices for setting up Workspace ONE UEM to manage Apple devices. Hopefully you find this post helpful, but I welcome any comments and feedback! [Read More]

New Key Added to SoftwareUpdate Command in macOS


When Big Sur released, I noticed an issue trying to discover what macOS versions were available in SoftwareUpdate. I worked around this by using the script to download full installers from the store. This script/tool is solid, but I was really hoping to be able to just do the updates using softwareupdate. Awhile back I filed feedback with Apple to the following: The –fetch-full-installer parameter for the softwareupdate command line tool is awesome, but there’s currently no way to discover the list of available values for the –full-installer-version parameter. [Read More]

Converting Jamf Custom Schema JSON for Workspace ONE UEM

Picking out Custom Settings XML - Demystifying the Schema

Periodically, I see app vendors providing custom JSON schema files to help build app-specific configuration profiles for MDM (specifically Jamf). Workspace ONE UEM supports app-specific configuration, but currently via Custom Settings in an XML format. While many vendors also suppply a custom mobileconfig file or Custom Settings dictionary that can be used with Workspace ONE UEM, I hope in this post to show how any Workspace ONE admin can manually convert a Custom Schema JSON file to Custom Settings XML. [Read More]
macOS  Apple  XML 

Updated GitHub Actions to Publish Hugo Site From Private to Public Repo

Still keeping half-baked ideas and drafts private!

When I restarted my blogging journey last year, I went with Hugo to generate a static website hosted as a GitHub Pages site. As mentioned, Blogger and WordPress always suffered recurring problems, and maintenance with WordPress still turned into a time suck due to its complexity. By comparison, GitHub has been a nearly painless hosting provider, and the way I’ve configured it has allowed me to keep drafts hidden by staging in a private repository. [Read More]

Troubleshooting macOS Management with Workspace ONE

TLDR: Did you check the logs?

Short post today - just to cover some thoughts on my most recent asset published to TechZone. I finally sat down and dug out all my notes on troubleshooting macOS and put them all together into a single, comprehensive macOS Troubleshooting Guide. This thing was the result of almost 46 hours of fingers on keys: typing, formatting, and testing. I truly hope you all get some value out of it, and do feel free to send me feedback if you’d like it extended and/or notice something missing. [Read More]

Deploying NoMAD over VMware Per-App Tunnel

Active Directory Sync Features Without Being On-Network

Some folks recently reached out to me asking for help figuring out how to route NoMAD traffic over VMware Tunnel. Basically, the ask was to use Per-App Tunneling to give NoMAD the ability to obtain Kerberos Tickets and Sync AD passwords without being directly on the Enterprise network. If you’re familiar with my previous article about the macOS Catalina Kerberos SSO Plugin, you’ll know that Apple’s built-in functionality in Catalina doesn’t work well with Per-App Tunneling. [Read More]

Modify ZShell Defaults in macOS

Making Terminal More Useful!

I’m finding myself using the Terminal quite a bit more in my job. I spent a few minutes over the past few days looking at different ways to make the default terminal layout in macOS better. While there are many plugins out there for doing this (Oh-My-Zsh), I wanted to do something a little more straightforward. How You Change zsh Default Layouts Armin Briegel has a great article about customizing the zsh prompt in his moving to zsh series. [Read More]

macOS Big Sur and Kerberos SSO via Per-App Tunnel

It works!

If you’ve read my blogs about macOS Catalina Kerberos SSO over Per-App Tunnel and the followup, you’ll know that this has been a use-case I’m interested in solving. I put a great deal of effort into filing feedback with Apple and providing steps to replicate the issue. I was quite excited when I saw the per-app Tunnel improvements specifically mentioned in the WWDC videos, and hoped perhaps some changes were made to enable this functionality. [Read More]
macOS  SSO  Tunnel