Manage macOS admin privileges with the SAP – Privileges app

Limiting the use of macOS Admin rights with the open sources SAP – Privileges app.

Time to add some variety to the blog, so I’m starting a series of post which I’ll mix in between other more mainstream topics. I want to spend some time testing some hidden or maybe less known gems that will make your life as a macAdmin a bit easier.

And the honour for the first awesome little tool I’d like to discuss goes to: SAP – Privileges. I knew about the existence of this tool but never took the time to check it out…

So, let’s not waste any time and dive right into it!

Note: Little disclaimer from the SAP Github project page.

This project is 'as-is' with no support, no changes being made. You are welcome to make changes to improve it but we are not available for questions or support of any kind.

That said, there is no need to, as it just works as expected. Within the limitations of the design of course. Nevertheless, Rich Trouton was so friendly to point me to his own Privileges scripts and recipes to enhance the deployment! This made it even easier to use! Thanks Rich!

The basic idea behind the app is to ensure that your end users, who need to be Admin for specific tasks, don’t use their Admin account while performing day to day tasks which don’t require Admin privileges at all.

Continue reading “Manage macOS admin privileges with the SAP – Privileges app”

Jamf Pro Server Tools – backups

Scheduling Jamf Pro Database backups using the Server Tools

We are 1 week into 2019, and I was thinking about a new topic to kick this new year into action. I still have some pending tutorials in mind, but before diving into another long topic, what’s better to start a new year than to start with some good practices? You know, like those resolutions we tend to make following the festivities each year… One of those could be making backups all those things you highly value. Your Jamf Pro server for instance!

Continue reading “Jamf Pro Server Tools – backups”

Get that “free lunch” with ‘Let’s Encrypt’

When deploying a server into production, you’ll most likely need to secure it with a SSL certificate, but even when installing some test servers, adding some encryption is always a good idea as well.

Depending the purpose of the server, and the environment it will be running in, a self-signed certificate may or may not be sufficient. But even if it is sufficient for the intended use of the server (only for internal services or resources for instance), having a nicely signed and trusted certificate makes everything a lot easier, even on a test server. At least it’s a good practice to avoid having your users develop a bad habit of trusting servers with self-signed certificates in general.

Continue reading “Get that “free lunch” with ‘Let’s Encrypt’”

Reverse proxy with pfSense and Squid

A quick test running a reverse proxy in my homelab…

Following my previous post on how to make your Jamf Pro server public, I gave it a try in my homelab…

Just note that this is only a proof of concept, as there are many reverse proxies, or load balancers, available for a production environment (both hardware as software). (For Load Balancing my clustered Jamf Pro setup, on another test server, I used HAProxy which has Reverse Proxy functionality as well).

An in depth discussion of how I configured my homelab for testing different scenario’s (both Jamf related as more general) might be for another time, but let’s quickly have a high level look at the following setup.

Continue reading “Reverse proxy with pfSense and Squid”

Use the Force with Active Directory!

Apart from bigger posts on heavier topics, I also want to use this channel to quickly share some handy tips and tricks, or cool little tools which I like to use. Like this one…

Many of us have some kind of homelab for testing purposes right? Or even an entire company testing environment.

So, most likely you have an Active Directory sitting somewhere, which you use to test all kind of AD related stuff. Such as, integrating LDAP into Jamf Pro, binding Macs to AD (yeah, I know, to bind or not to bind… I’ll have to tackle that discussion soon) or any other AD related functionality.

So yes, I also configured some test servers in the past. Installed Active Directory, created some virtual users and groups,… ending up with the most boring names ever… I’m not going to list any of them, in order not to offend anyone of you (especially colleagues, friends and family) who, by coincidence, might have the same name as my test users and to avoid any discussion on why some were domain admins, and others just normal users in this virtual environment 🙂

However, this all changed when I came across this awesome little gem: Active Directory Star Wars PowerShell Module

Continue reading “Use the Force with Active Directory!”