MacTech 02132018

MacTech Groups Agenda
Tuesday, Feb 13, 2018
2:30 to 4:30 — Room B16-B Hillsborough Bld.


  • Announcements – 5 min


    1. OIT only supports OS X 10.11.6 and macOS 10.13.2 or newer
    2. Status page for services see
    3. OIT Macintosh Support Web Site for updates.
    4. Slack group #macintosh
    5. Apple Sales: Paul & Sys Eng: Dave
    6. macOS versions that shipped with Intel Hardware:
    7. Vintage and Obsolete Apple Products:
    8. Apple Education Support Line 800-800-2775 use this number only. Always verify Apple Care Coverage.
    9. Antivirus for university owned devices –
    10. Unity Macintosh Workflow uses Active Directory configuration with local home directory at /Users/$uid$
    11. OIT supports only Apple, Intel (i386) hardware for Mac OS and software. Only unmodified iOS is supported.
    12. Please remember to check prices at to verify best price with NC State Marketplace
    13. Authorized NC State personnel wanting to get training and tools for Apple Certified Technician should request invitation by opening a help desk ticket at  Must login to GSX  monthly!!
    14. UNC Combined Pricing Initiative (CPI)
    15. JAMF Pro Enterprise service, and for details
    16. Endpoint Protection Standard Draft  

  1. Training Needs – 5 min
    1. OIT-Managing OS X with Jamf Pro – Request –
    2. OIT-Casper Best Practices for Packagers – Request –
    3. OIT-Advanced OS X Management with Jamf Pro – Request –
    4. CrashPlan for Sub-Org Administrators – Request –
    5. Local Based Commercial Training –
    6. JAMF Pro Training –

  2. Service Updates- 10 min
    1. Jamf Pro – V 10.2.0 released Feb 13, 2018 and available on
      JDS will be removed in the second half of 2018. Should move to production Feb  28, 2018 with JCDS master before Mar 15, 2018.  GSX Cert in process of being renewed.
      Service Now Plugin for JAMF Pro partially working in SNow Dev (imports but will not update).
    2. CrashPlan -Code42 forcing V6.5.x upgrade by May 2018. Looking at options. Will require a client reinstall and full backup.  Old 5.x servers will remain available until Cold Storage purges, ~ 1 year.
    3. NetInstall – is being removed from macOS server. Secure Boot and hardware based encryption on macOS devices going forward limits this service.  Apple pushing Internet Reinstall, DEP and VPP.  
    4. AutoPKGR – Has issue with Jamf Pro v10 that requires manual PKG upload but working on this with Jamf and the original author.  JSS Importer 1.0 is out but has issue with JDS and all cloud DPs.
    5. Antivirus – New version has not come forth yet. Current: NCSU-Campus-System Center Endpoint Protection for macOS Installer.pkg at
    6. DEP/VPP/Apple School – Planning move to Spring 2018Apple School Manager.
    7. Endpoint Protection – Approved by CAS but not time line.
      Draft “BluePrint for macOS Endpoint Protection” (,  Also looking at creating Service Now “Endpoint Compliance” report for all points of the standard.

  3. Jamf Pro 10.2.0 testing and move to production- 10 min
    Jamf Pro version 10.2.0 is now available for testing on  We will be moving to JCDS master shortly after this upgrade as the JDS is EOL. We are working with Jamf on best path to sync JDS to JCDS one final time.  Release notes at’s_New.html

  4. Testing help needed for granular profiles- 10 min

  5. 64 bit Applications Enforce June 2018 – 5 min – Discussion

  6. New kernel extension approval coming
    How This Affects Enterprise App Distribution:
    For enterprise deployments where it is necessary to distribute software that includes kernel extensions without requiring user approval, there are two options:

    –If your workflow is based on imaging, boot into Recovery OS and use the spctl kext-consent command. For detailed information about the spctl command, run the command spctl help. This command can either disable the user approval requirement completely or specify a list of Team IDs whose KEXTs may be loaded without user approval. The spctl command works in any installation environment, including Recovery OS and from NetBoot/NetInstall/NetRestore images.
    Note that the Team ID list maintained by spctl is separate from the system-wide policy database.

    –For workflows that leverage mobile device management (MDM), all systems with a valid MDM profile installed will not require user approval to load any properly-signed kernel extension.

    To reiterate, all third-party KEXTs that were already installed at the time of upgrading to macOS High Sierra are automatically approved and don’t require any user action

  7. Q&A – 15 min
    You ask we try to answer

Next meeting:
MacPolicy – Tue. May 8, 2018 in Room B16-B Hillsborough from 1:30-2:30 pm.
MacTech – Tue. Mar 13, 2018 in Room B16-B Hillsborough from 2:30-4:30 pm.
MacPolicy – 2nd Tuesday each quarter in Feb, May, Aug, Nov.
MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun, Aug, Sep, Oct, Nov, Dec
MacPolicy and MacTech will not meet in July.  
Meetings usually held in B16-B Hillsborough Bld.
Please mark your calendar.