MacPolicy 02142017

MacPolicy Group Agenda

Tuesday, February 14, 2017

1:30 to 2:30 — Room B16-B Hillsborough Bld.

1) Announcements – 5 min

  • OIT only supports OS X 10.11.6 and macOS 10.12 or newer
  • Status page for services see
  • OIT Macintosh Support Web Site for updates.
  • The next Apple bulk buy February 17, 2017
  • Slack group #macintosh
  • Apple Sales Rep: Paul & System Eng: Francis
  • macOS and OS X versions that shipped with Intel Hardware:
  • Vintage and Obsolete Apple Products:
  • Apple Education Support Line 800-800-2775 use this number only. Always verify Apple Care Coverage with purchase info.
  • Antivirus for campus –
  • Unity Macintosh Workflow uses Active Directory configuration with local home directory at /Users/$uid$
  • OIT supports only Apple, Intel (i386) hardware for Mac OS and software. Only unmodified iOS is supported.
  • Please remember to check prices at to verify best price with NC State Marketplace
  • Authorized NC State personnel wanting to get access to training and tools for Apple Certified Technician should register at   Email for Sold-to Account number and approval. Must login monthly to keep!!
  • UNC Combined Pricing Initiative (CPI)
  • Casper Suite Enterprise service, and for details

2)  JAMF Pro Issues- 10 min

As all of you are aware the last week or so has seen terrible performance from the Casper web interface.  This issue has been due to running out of space on the JSS for database and tmp file storage.  We had the incident on Monday Feb 6 where the database under the JSS ran out of space due to a server disk filling up at the same time several packages were being uploaded. JAMF increased the disk space for the JSS and fixed this issue.  On Thursday Feb 2 we had a known issue on which gradually built up 6.2 million, multiple duplicate records in the Mac OS X Configuration Profiles table (this one has actually existed since 9.93 but ours just now multiplied enough to be an issue).

In addition we continue to fight 2 new known issues introduced in 9.9714+ around ldap:

a) any users that does not have an associated User ID Number (most AD .admin accounts do not) get logged out almost as soon as they get logged in to the web interface


b) a cosmetic issue where some (not all) users login and appear to be other users and see more or less icons (also the sometimes “magically” become themselves again)

The good news is we believe we know root cause (real bug for a and possible duplicate JSS local user records for b) and we can not find any security issues.  Even folks who can see icons they should not be able to see get access denied if they try to click on them.  JAMF has a work-around where affected ldap users can be added directly as LDAP users to the JSS.


3) Changes in Autopkgr strategies to work with new Patch Titles and JCDS- 15 min
We are in the process of cleaning up Smart Groups, Policies and Packages so that JAMF will clear us to turn on all Patch titles and move to JCDS master.  OIT is proposing that we move to change our Autopkgr recipes so that they create >appname>.current packages which are replaced in place.  This would give an opportunity for a Site to test a policy that is triggered by a smart group using Software Title as criteria.  This could also deprecate several Extension Attributes.  The Software Titles will be enabled 1 a business day until all on starting when JAMF gives us the go. Note that Flash is on now and can be used in testing Flash  versions.  Discussion

4) New Endpoint Standard will Require Management – 15 min
From discussions in CAS, the new Endpoint Protection standard will require all university owned equipment to be under approved inventory and management software.  This includes macOS and iOS devices.  Jamf Pro is the only approved management system at this time.  Discussion

5) Any Software Needs for Spring 2017- 5 min
Quick around the room.  Discussion
6) Q&A – 10 min

You ask we try to answer

Next meeting:

MacPolicy – Tue. May 9, 2016 in Room B16-B Hillsborough from 2:30-4:30 pm.

MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec

MacPolicy – 2nd Tuesday each quarter in Feb, May, Sep, Nov.

Neither MacPolicy or MacTech will not meet in July.  Meetings usually held in B16-B Hillsborough Bld.

Please mark your calendar.