Managing Macs. We love doing it and we love the tools that help us do it. As the landscape of Apple device management continuously changes, the tools we use change too.
We will start this series by showcasing five of the technical team’s favourite go-to tools, in no particular order. As the series moves on, we will look at more tools and take a deep-dive into those we use the most. If you are a seasoned veteran in the Apple admin space, you probably know most, if not all, of these tools but we hope there may be a nugget or two in there that will surprise you.
Get it from: https://mothersruin.com/software/SuspiciousPackage/
What it does: Gives you a full application and a Quick-View plugin to show the contents of macOS package (pkg) installers.
What we love about it: We deploy hundreds of software titles and Suspicious Package is essential for auditing installers from both security and technical standpoints. It shows us, at a glance, if a package is signed and notarised, as well as exposing the package payload. It also shows those preinstall and postinstall scripts that can often cause unexpected behaviour during installation. We will know immediately if a package is likely to do something malicious, or whether it is going to fail to install altogether with our deployment tools.
Private browsing mode
What it does: Lets you browse, privately.
What we love about it: This is great for working around Kerberos, single sign-on and authentication issues when you use an identity provider such as Okta or Azure. If you ever need to sign in as a different user to test something, or bypass SSO, it is a gem.
Get it from: https://autopkg.github.io/autopkg/
What it does: Automates the process of downloading, packaging and getting software into your deployment tools.
What we love about it: We would not be able to keep our repository of 533 software titles up to date without it. We especially like a couple of its security features such as Code signature verification, which ensures the software titles we download are signed by their respective developers and prevents us from downloading an altered version of the software, for example, if their web servers are compromised. Also, Trust verification lets us know if the recipes themselves have changed, so we can check those changes before we add them in our workflows.
The technical team at dataJAR is proud to be part of the AutoPKG community and we maintain recipes for more than 200 software titles in our public recipe repository, here: https://github.com/autopkg/dataJAR-recipes
Get it from: https://www.hopperapp.com/
What it does: Decompiles applications so you can reverse-engineer them.
What we love about it: For apps that use Sparkle to update themselves, we like to write AutoPKG recipes for them that take advantage of its SparkleUpdateInfoProvider processor. It is a convenient and consistent way to get the latest versions of those apps into AutoPKG. One thing we love about Hopper is its ability to pick apart an app and reveal those elusive Sparkle feed URLs.
Get it from: https://twocanoes.com/products/mac/push-diagnostics/
What it does: Verifies communications between a Mac and APNs.
What we love about it: It is 2020 and Apple devices must be able to reach Apple’s Push Notification Service (APNs). Without it, they cannot be managed by MDM and get the apps and settings they need. Lots of our customers have strict security requirements for their corporate networks and, because of this, APNs are often caught in the crossfire of firewalls, proxies and SSL inspection. The result is Macs, iPads and iPhones we cannot manage. Push Diagnostics shows us exactly which endpoints it can and cannot reach. This gives us the right information to help network teams configure their networks, so Apple devices can be managed successfully.
That is it for the first of our favourites, but this by no means covers everything.
Stay tuned for more soon!