babgond

Der Flounder : Identifying MDM-managed user accounts using System Information on macOS Tahoe

2025-10-18T19:41:19+00:00

A while back, I had written a post on how to identify MDM-managed user accounts using the mdmclient command line tool. While this method continues to work on macOS Tahoe, it does have a drawback – the mdmclient tool will only report this information if the MDM-managed user account is currently logged in.

There is an alternative way to get this information though, as it is also available via the System Information app included with macOS. This information should be available regardless of whether the MDM-managed user account is logged in or not. For more details, please see below the jump.

In the System Information app, you can access information about the MDM-managed user account by selecting the Profiles section, then clicking on the MDM Profile listing. If this Mac has an MDM-managed user account, it should be listed as Managed User in the Other Info section at the end of the MDM Profile listing’s information.

In place of listing the account’s username, the Managed User information provides two items of information:

The account’s assigned UUID identifier (also referred to as a GeneratedUID.)
The account’s assigned user identifier (also referred to as a UID.)

This information can also be obtained using the system_profiler command line tool, where you should only need the account’s assigned UUID identifier in order to identify the account.

To get the UUID identifier information using the system_profiler tool, the following command can be run:

/usr/sbin/system_profiler SPConfigurationProfileDataType | grep "Managed User" | sed -E 's/.* ([0-9A-F-]{36}) .*/\1/'

view raw

gistfile1.txt

hosted with ❤ by GitHub

Running this command should provide output similar that shown below:

	username@ZWD3QRQYG2 ~ % /usr/sbin/system_profiler SPConfigurationProfileDataType \| grep "Managed User" \| sed -E 's/.* ([0-9A-F-]{36}) .*/\1/'
	88B48FCB-E137-4D9F-B4E9-7806396ACED7
	username@ZWD3QRQYG2 ~ %

view raw

gistfile1.txt

hosted with ❤ by GitHub

To get the account username, run the following command with the UUID identifier in the appropriate place:

/usr/bin/dscl . -search /Users GeneratedUID UUID_goes_here | awk '{print $1}' | head -n 1

view raw

gistfile1.txt

hosted with ❤ by GitHub

Running this command should provide output similar that shown below:

	username@ZWD3QRQYG2 ~ % /usr/bin/dscl . -search /Users GeneratedUID 88B48FCB-E137-4D9F-B4E9-7806396ACED7 \| awk '{print $1}' \| head -n 1
	username
	username@ZWD3QRQYG2 ~ %

view raw

gistfile1.txt

hosted with ❤ by GitHub

Using this information, see below for an example script showing how you can get the account’s assigned UUID identifier and then use it to identify the managed user’s username:

	#!/bin/zsh

	MDMManagedUserGUID=$(/usr/sbin/system_profiler SPConfigurationProfileDataType \| grep "Managed User" \| sed -E 's/.* ([0-9A-F-]{36}) .*/\1/')
	MDMManagedUserUsername=$(/usr/bin/dscl . -search /Users GeneratedUID "$MDMManagedUserGUID" \| awk '{print $1}' \| head -n 1 2>/dev/null)

	echo "GeneratedUID of the MDM managed user account: $MDMManagedUserGUID"
	echo "Username of the MDM managed user account: $MDMManagedUserUsername"

view raw

mdm_managed_user_lookup.sh

hosted with ❤ by GitHub

Running the example script should provide output similar that shown below:

	username@ZWD3QRQYG2 ~ % ./mdm_managed_user_lookup.sh
	GeneratedUID of the MDM managed user account: 88B48FCB-E137-4D9F-B4E9-7806396ACED7
	Username of the MDM managed user account: username
	username@ZWD3QRQYG2 ~ %

view raw

gistfile1.txt

hosted with ❤ by GitHub

Der Flounder : Reading Self Service+ logging from the unified system logs on macOS

2025-10-17T18:07:42+00:00

One of the changes between Jamf’s Self Service app (also referred to as Self Service classic) and the Self Service+ app is where each app stores its logs. Self Service classic stores its logs in the following location in the individual user account’s home folder:

~/Library/Logs/JAMF/selfservice_debug.log

The Self Service+ app is sending its logging to the unified system log. With the right predicates, you can retrieve Self Service+‘s logging when needed by using the log command line tool. For more details, please see below the jump.

The Self Service+ app uses a number of processes and logging subsystems, but you should be able to retrieve them using the following search predicates:

Process contains: Self Service
Subsystem starts with: com.jamf.selfserviceplus

For example, the following log command should get all Self Service+ related logging for the last ten minutes:

/usr/bin/log show –predicate 'process contains "Self Service" OR subsystem BEGINSWITH "com.jamf.selfserviceplus"' –info –debug –last 10m

view raw

gistfile1.txt

hosted with ❤ by GitHub

With log predicates, the ” : ” character can also be used in place of contains and the ” :^ ” characters can be used in place of BEGINSWITH, so the following command should also work to get all Self Service+ related logging for the last ten minutes:

/usr/bin/log show –predicate 'process:"Self Service" OR subsystem:^"com.jamf.selfserviceplus"' –info –debug –last 10m

view raw

gistfile1.txt

hosted with ❤ by GitHub

The resulting logging should look similar to what’s shown below:

	Timestamp Thread Type Activity PID TTL
	2025-10-17 11:46:22.315596-0400 0x7961 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:46:22.316898-0400 0x7958 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:46:32.315103-0400 0x7961 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:46:32.316462-0400 0x7961 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:46:33.756867-0400 0x5857 Default 0x0 1571 7 Self Service+: (SkyLight) [com.apple.SkyLight:default] [1571] CGSDisplayNotifyProc: got notification kCGSDisplayDisplaySystemStateChanged
	2025-10-17 11:46:33.756869-0400 0x5857 Default 0x0 1571 7 Self Service+: (SkyLight) [com.apple.SkyLight:default] [1571] CGSDisplayNotifyProc: display system state seed 14 -> 15
	2025-10-17 11:46:33.760817-0400 0x5857 Default 0x0 1571 7 Self Service+: (SkyLight) [com.apple.SkyLight:default] [1571] CGSDisplayNotifyProc: got notification kCGSDisplayDidWake
	2025-10-17 11:46:33.762373-0400 0x5857 Info 0x0 1571 0 Self Service+: (RunningBoardServices) [com.apple.runningboard:assertion] Acquiring assertion:
	2025-10-17 11:46:33.780793-0400 0x42a1 Default 0x0 1322 7 Self Service+ Agent: (SkyLight) [com.apple.SkyLight:default] [1322] CGSDisplayNotifyProc: got notification kCGSDisplayDisplaySystemStateChanged
	2025-10-17 11:46:33.780794-0400 0x42a1 Default 0x0 1322 7 Self Service+ Agent: (SkyLight) [com.apple.SkyLight:default] [1322] CGSDisplayNotifyProc: display system state seed 14 -> 15
	2025-10-17 11:46:33.781112-0400 0x42a1 Default 0x0 1322 7 Self Service+ Agent: (SkyLight) [com.apple.SkyLight:default] [1322] CGSDisplayNotifyProc: got notification kCGSDisplayDidWake
	2025-10-17 11:46:33.791535-0400 0x7958 Activity 0x691e0 1571 0 Self Service+: (RunningBoardServices) didChangeInheritances
	2025-10-17 11:46:33.868069-0400 0x7961 Activity 0x691e1 1571 0 Self Service+: (RunningBoardServices) didChangeInheritances
	2025-10-17 11:46:36.949586-0400 0x5857 Info 0x0 1571 0 Self Service+: (RunningBoardServices) [com.apple.runningboard:assertion] Acquiring assertion:
	2025-10-17 11:46:36.995063-0400 0x7961 Activity 0x691e2 1571 0 Self Service+: (RunningBoardServices) didChangeInheritances
	2025-10-17 11:46:37.181620-0400 0x6cdb Activity 0x68fff 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching
	2025-10-17 11:46:37.181649-0400 0x6cdb Activity 0x69b60 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching_ios
	2025-10-17 11:46:37.188017-0400 0x6cdb Activity 0x69b61 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching
	2025-10-17 11:46:37.188033-0400 0x6cdb Activity 0x69b62 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching_ios
	2025-10-17 11:46:37.190095-0400 0x6cdb Activity 0x69b63 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching
	2025-10-17 11:46:37.190105-0400 0x6cdb Activity 0x69b64 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching_ios
	2025-10-17 11:46:37.191924-0400 0x6cdb Activity 0x69b65 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching
	2025-10-17 11:46:37.191936-0400 0x6cdb Activity 0x69b66 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching_ios
	2025-10-17 11:46:37.194178-0400 0x6cdb Info 0x0 1322 0 Self Service+ Agent: [com.jamf.selfserviceplus.agent:xpc.app] [XPC] get state ok
	2025-10-17 11:46:37.194222-0400 0x7961 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new state from the Daemon
	2025-10-17 11:46:37.194631-0400 0x6cdb Activity 0x69b67 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching
	2025-10-17 11:46:37.194668-0400 0x6cdb Activity 0x69b68 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching_ios
	2025-10-17 11:46:37.195636-0400 0x7961 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new suggestions from the Daemon
	2025-10-17 11:46:37.197600-0400 0x6cdb Info 0x0 1322 0 Self Service+ Agent: [com.jamf.selfserviceplus.agent:xpc.app] [XPC] get state ok
	2025-10-17 11:46:37.197677-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new state from the Daemon
	2025-10-17 11:46:37.198174-0400 0x6cdb Activity 0x69b69 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching
	2025-10-17 11:46:37.198188-0400 0x6cdb Activity 0x69b6a 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching_ios
	2025-10-17 11:46:37.200337-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new suggestions from the Daemon
	2025-10-17 11:46:37.201365-0400 0x6cdb Info 0x0 1322 0 Self Service+ Agent: [com.jamf.selfserviceplus.agent:xpc.app] [XPC] get state ok
	2025-10-17 11:46:37.201701-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new state from the Daemon
	2025-10-17 11:46:37.202388-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new suggestions from the Daemon
	2025-10-17 11:46:37.203095-0400 0x6cdb Activity 0x69b6b 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching
	2025-10-17 11:46:37.203114-0400 0x6cdb Activity 0x69b6c 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching_ios
	2025-10-17 11:46:37.205971-0400 0x6cdb Activity 0x69b6d 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching
	2025-10-17 11:46:37.205983-0400 0x6cdb Activity 0x69b6e 1322 0 Self Service+ Agent: (Security) SecItemCopyMatching_ios
	2025-10-17 11:46:37.208430-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new state from the Daemon
	2025-10-17 11:46:37.209924-0400 0x6cdb Info 0x0 1322 0 Self Service+ Agent: [com.jamf.selfserviceplus.agent:xpc.app] [XPC] get state ok
	2025-10-17 11:46:37.210292-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new suggestions from the Daemon
	2025-10-17 11:46:37.219046-0400 0x78c1 Activity 0x691e3 1571 0 Self Service+: (RunningBoardServices) didChangeInheritances
	2025-10-17 11:46:42.310821-0400 0x78c1 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:46:42.311318-0400 0x7961 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:46:44.155210-0400 0x7961 Info 0x0 1571 0 Self Service+: (Network) [com.apple.network:] nw_channel_create_block_invoke Channel destroyed with key: D83EF814-884A-4CA2-A7A4-B0215E041106-5 and fd: 9
	2025-10-17 11:46:52.312347-0400 0x7958 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:46:52.313711-0400 0x7958 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:47:02.311749-0400 0x7ae4 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:47:02.312972-0400 0x7ae4 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:47:12.313268-0400 0x795f Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:47:12.313613-0400 0x795f Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:47:22.311303-0400 0x7bd4 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:47:22.312714-0400 0x7b77 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:47:32.311357-0400 0x7bee Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:47:32.312451-0400 0x7bee Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:47:33.753980-0400 0x5857 Info 0x0 1571 0 Self Service+: (RunningBoardServices) [com.apple.runningboard:assertion] Acquiring assertion:
	2025-10-17 11:47:42.314256-0400 0x7bee Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:47:42.315616-0400 0x7bee Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:47:52.314181-0400 0x7c36 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:47:52.315551-0400 0x7c36 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:48:02.312976-0400 0x7cb1 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:48:02.314074-0400 0x7c86 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:48:12.312373-0400 0x7d27 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:48:12.313751-0400 0x7c86 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:48:22.311484-0400 0x7d6d Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:48:22.312911-0400 0x7cb1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:48:27.975951-0400 0x7d6d Default 0x0 1571 0 Self Service+: (libxpc.dylib) [com.apple.xpc:connection] [0x8a50f5680] Re-initialization successful; calling out to event handler with XPC_ERROR_CONNECTION_INTERRUPTED
	2025-10-17 11:48:32.313465-0400 0x7d27 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:48:32.314575-0400 0x7d27 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:48:42.314439-0400 0x7d6d Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:48:42.315605-0400 0x7d6d Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:48:52.314157-0400 0x7ddf Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:48:52.315521-0400 0x7ddf Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:49:02.311184-0400 0x7d27 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:49:02.312393-0400 0x7d27 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:49:12.312786-0400 0x7d27 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:49:12.314168-0400 0x7d27 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:49:22.314207-0400 0x7d27 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:49:22.315581-0400 0x7d27 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:49:32.312021-0400 0x7f0b Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:49:32.312795-0400 0x7f0b Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:49:42.311109-0400 0x7f0b Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:49:42.312544-0400 0x7f0b Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:49:52.314251-0400 0x7f70 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:49:52.315662-0400 0x7f70 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:50:02.313039-0400 0x8122 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:50:02.313788-0400 0x8122 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:50:12.314690-0400 0x8121 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:50:12.316174-0400 0x8121 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:50:22.314177-0400 0x8120 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:50:22.315197-0400 0x8120 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:50:32.314221-0400 0x819d Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:50:32.315600-0400 0x819d Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:50:42.314189-0400 0x819f Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:50:42.315551-0400 0x819f Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:50:52.314197-0400 0x8268 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:50:52.315389-0400 0x8268 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:51:02.314186-0400 0x8269 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:51:02.315552-0400 0x8269 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:51:12.314282-0400 0x8325 Error 0x0 1571 0 Self Service+: [com.jamf.ssp.daemon.client:XPC]
	2025-10-17 11:51:12.315629-0400 0x8325 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability

view raw

gistfile1.txt

hosted with ❤ by GitHub

If you want to search for logging that contains both logging predicates in common, the following log command should get all Self Service+ related logging which contains both for the last ten minutes:

/usr/bin/log show –predicate 'process contains "Self Service" AND subsystem BEGINSWITH "com.jamf.selfserviceplus"' –info –debug –last 10m

view raw

gistfile1.txt

hosted with ❤ by GitHub

The resulting logging should look similar to what’s shown below:

	Timestamp Thread Type Activity PID TTL
	2025-10-17 11:38:52.315983-0400 0x6f21 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:39:02.314088-0400 0x6f20 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:39:12.314701-0400 0x6f3e Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:39:22.316533-0400 0x6f20 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:39:32.313866-0400 0x70ac Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:39:42.315384-0400 0x70ac Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:39:52.316510-0400 0x70ac Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:40:02.316589-0400 0x71c4 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:40:12.316488-0400 0x71c5 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:40:22.312024-0400 0x71c4 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:40:32.315640-0400 0x71c3 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:40:42.313794-0400 0x71c4 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:40:52.316075-0400 0x72c7 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:41:02.316523-0400 0x72bb Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:41:12.316514-0400 0x72e6 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:41:17.264444-0400 0x6cdb Info 0x0 1322 0 Self Service+ Agent: [com.jamf.selfserviceplus.agent:xpc.app] [XPC] get state ok
	2025-10-17 11:41:17.264527-0400 0x72e7 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new state from the Daemon
	2025-10-17 11:41:17.265866-0400 0x72e7 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new suggestions from the Daemon
	2025-10-17 11:41:17.268081-0400 0x6cdb Info 0x0 1322 0 Self Service+ Agent: [com.jamf.selfserviceplus.agent:xpc.app] [XPC] get state ok
	2025-10-17 11:41:17.268116-0400 0x72e7 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new state from the Daemon
	2025-10-17 11:41:17.268670-0400 0x72e7 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new suggestions from the Daemon
	2025-10-17 11:41:17.269480-0400 0x6cdb Info 0x0 1322 0 Self Service+ Agent: [com.jamf.selfserviceplus.agent:xpc.app] [XPC] get state ok
	2025-10-17 11:41:17.269512-0400 0x72e7 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new state from the Daemon
	2025-10-17 11:41:17.269990-0400 0x72e7 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new suggestions from the Daemon
	2025-10-17 11:41:17.270788-0400 0x6cdb Info 0x0 1322 0 Self Service+ Agent: [com.jamf.selfserviceplus.agent:xpc.app] [XPC] get state ok
	2025-10-17 11:41:17.270825-0400 0x72e6 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new state from the Daemon
	2025-10-17 11:41:17.271265-0400 0x72e6 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new suggestions from the Daemon
	2025-10-17 11:41:22.316556-0400 0x7301 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:41:32.316053-0400 0x7358 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:41:42.315990-0400 0x7358 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:41:52.316690-0400 0x7392 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:42:02.317092-0400 0x737f Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:42:12.316855-0400 0x737f Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:42:22.315066-0400 0x7391 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:42:32.313331-0400 0x7391 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:42:42.316195-0400 0x745a Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:42:52.316378-0400 0x7484 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:43:02.314177-0400 0x7496 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:43:12.316563-0400 0x74de Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:43:22.312524-0400 0x750b Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:43:32.316468-0400 0x7527 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:43:42.314920-0400 0x7509 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:43:52.314470-0400 0x7564 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:44:02.316030-0400 0x7529 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:44:12.316354-0400 0x7528 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:44:22.316335-0400 0x7565 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:44:32.316505-0400 0x7642 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:44:42.316719-0400 0x7739 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:44:52.316029-0400 0x7755 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:45:02.317049-0400 0x773a Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:45:12.314839-0400 0x780a Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:45:22.316434-0400 0x7809 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:45:32.315798-0400 0x77ae Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:45:42.317592-0400 0x78c0 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:45:52.316233-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:46:02.316641-0400 0x78b7 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:46:12.316540-0400 0x7958 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:46:22.316898-0400 0x7958 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:46:32.316462-0400 0x7961 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:46:37.194178-0400 0x6cdb Info 0x0 1322 0 Self Service+ Agent: [com.jamf.selfserviceplus.agent:xpc.app] [XPC] get state ok
	2025-10-17 11:46:37.194222-0400 0x7961 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new state from the Daemon
	2025-10-17 11:46:37.195636-0400 0x7961 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new suggestions from the Daemon
	2025-10-17 11:46:37.197600-0400 0x6cdb Info 0x0 1322 0 Self Service+ Agent: [com.jamf.selfserviceplus.agent:xpc.app] [XPC] get state ok
	2025-10-17 11:46:37.197677-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new state from the Daemon
	2025-10-17 11:46:37.200337-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new suggestions from the Daemon
	2025-10-17 11:46:37.201365-0400 0x6cdb Info 0x0 1322 0 Self Service+ Agent: [com.jamf.selfserviceplus.agent:xpc.app] [XPC] get state ok
	2025-10-17 11:46:37.201701-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new state from the Daemon
	2025-10-17 11:46:37.202388-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new suggestions from the Daemon
	2025-10-17 11:46:37.208430-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new state from the Daemon
	2025-10-17 11:46:37.209924-0400 0x6cdb Info 0x0 1322 0 Self Service+ Agent: [com.jamf.selfserviceplus.agent:xpc.app] [XPC] get state ok
	2025-10-17 11:46:37.210292-0400 0x78c1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:Binary repository] [XPC] Did receive new suggestions from the Daemon
	2025-10-17 11:46:42.311318-0400 0x7961 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:46:52.313711-0400 0x7958 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:47:02.312972-0400 0x7ae4 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:47:12.313613-0400 0x795f Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:47:22.312714-0400 0x7b77 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:47:32.312451-0400 0x7bee Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:47:42.315616-0400 0x7bee Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:47:52.315551-0400 0x7c36 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:48:02.314074-0400 0x7c86 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:48:12.313751-0400 0x7c86 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:48:22.312911-0400 0x7cb1 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:48:32.314575-0400 0x7d27 Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability
	2025-10-17 11:48:42.315605-0400 0x7d6d Info 0x0 1571 0 Self Service+: [com.jamf.selfserviceplus:EmbeddedRepository] [Embedded] Update sections for com.jamf.protect.capability

view raw

gistfile1.txt

hosted with ❤ by GitHub

Der Flounder : Unlocking FileVault via SSH on macOS Tahoe

2025-10-11T20:49:04+00:00

One of the changes Apple has introduced with macOS Tahoe is the ability to use SSH at the unified login screen available on Apple Silicon Macs. Apple has built on this to provide a way to allow a FileVault-encrypted Mac to be unlocked via an SSH session. Apple mentions this new capability as part of the following KBase article:

What’s new for enterprise in macOS Tahoe 26: https://support.apple.com/124963

As part the KBase article, the following man page is referenced:

apple_ssh_and_filevault

This can be accessed using the following command:

man apple_ssh_and_filevault

view raw

gistfile1.txt

hosted with ❤ by GitHub

For more details, please see below the jump.

To unlock FileVault on macOS Tahoe using SSH, you can use the procedure described below:

Pre-requisites:

1. Connect from the second computer to the target Mac using the username and network address of the target Mac.

For this example, the target Mac has the following account and network address:

Account: username
Network address: computername.local

In this example, the following command is being used to connect from the second computer to the target Mac using SSH:

ssh username@computername.local

view raw

gistfile1.txt

hosted with ❤ by GitHub

2. When you connect, you should be informed that the target Mac is locked and that you’ll need to a local username and password to unlock it.

In this example, we’re connecting with the username of an account which is enabled on the Mac to unlock FileVault. Because of this, we should only need to provide the password for that account.

3. Once the password has been provided, the Mac unlocks FileVault and automatically closes the SSH connection between the second computer and the target Mac.

On the target Mac, you should see activity similar to this occurring on the login screen.

4. After a short amount of time, the target Mac should be unlocked. At this point, you should be able to connect again from the second computer to the target Mac using SSH and have access to all expected functionality.

Der Flounder : Slides from the “MDM and DDM 101” session at Jamf Nation User Conference 2025

2025-10-09T21:24:36+00:00

For those who wanted a copy of my talk on MDM and DDM at Jamf Nation User Conference 2025, here are links to the slides in PDF and Keynote format.

PDF: https://tinyurl.com/JNUC2025PDF
Keynote: https://tinyurl.com/JNUC2025Keynote

Der Flounder : Managing SkipSetupItems settings in management profiles on macOS

2025-09-27T23:52:17+00:00

Apple has provided settings for suppressing various screens which appear the first time you log into a Mac and sometimes also after an OS update. In recent OS releases, Apple has been using the following preference domain and key for this:

Preference domain: com.apple.SetupAssistant.managed
Key: SkipSetupItems

Apple has the SkipSetupItems key set to store its settings in an array, as described below:

	– key: SkipSetupItems
	supportedOS:
	iOS:
	introduced: '14.0'
	macOS:
	introduced: '15.0'
	type:
	presence: optional
	content: An array of strings that describe the setup items to skip. `SkipKeys` provides
	a list of valid strings and their meanings. Available in iOS 14 and later, and
	macOS 15 and later.

view raw

gistfile1.txt

hosted with ❤ by GitHub

Why this is important is that the array and its list of strings is what’s being interpreted as the setting for the SkipSetupItems key in a management profile. This detail is important in itself because it can lead to multiple management profiles managing what macOS sees as the same setting.

In a case where you have two or more management profiles managing the same setting differently, you get what Apple calls indeterminate or undefined behavior. In a situation like this, macOS may randomly choose to apply one of the settings and ignore any others, or just ignore all of the settings. For more details, please see below the jump.

As an example, you may deploy a management profile to stop the Your Mac is Ready for FileVault screen from appearing.

In that case, there’s now a profile which is deploying the following setting in the SkipSetupItems array:

	SkipSetupItems

	FileVault

view raw

gistfile1.txt

hosted with ❤ by GitHub

Later, you may choose to deploy a management profile to stop the Software Update Complete screen from appearing.

In that case, there’s now a management profile which is deploying the following setting in the SkipSetupItems array:

	SkipSetupItems

	UpdateCompleted

view raw

gistfile1.txt

hosted with ❤ by GitHub

Once the second management profile to suppress the Software Update Complete screen has been deployed, you may now see the following behavior occurring randomly on the Macs it was deployed to:

The Software Update Complete screen appearing.
The Your Mac is Ready for FileVault screen appearing.
Both the Software Update Complete and Your Mac is Ready for FileVault screens appearing.

The fix for this situation is to not deploy separate management profiles containing settings for the SkipSetupItems key. Instead, combine the settings into one management profile with multiple entries in the array. For example, to suppress both the Software Update Complete and Your Mac is Ready for FileVault screens, you would deploy a single management profile with the following settings in the SkipSetupItems array:

	SkipSetupItems

	FileVault
	UpdateCompleted

view raw

gistfile1.txt

hosted with ❤ by GitHub

For macOS Tahoe 26.0, the following management profile should stop the following screens from appearing:


	http://www.apple.com/DTDs/PropertyList-1.0.dtd">


	PayloadUUID
	C89844D6-D188-45BF-A2E2-CA151E8829DB
	PayloadType
	Configuration
	PayloadOrganization
	Company Name
	PayloadIdentifier
	C89844D6-D188-45BF-A2E2-CA151E8829DB
	PayloadDisplayName
	Disable macOS Tahoe Setup Assistant Screens
	PayloadDescription
	Disables the Setup Assistant screens from appearing on login for new user accounts
	PayloadVersion
	1
	PayloadEnabled

	PayloadRemovalDisallowed

	PayloadScope
	System
	PayloadContent


	PayloadDisplayName
	Custom Settings
	PayloadIdentifier
	0F5CC61C-2D48-4A94-862A-F4777F7D9C48
	PayloadOrganization
	Company Name
	PayloadType
	com.apple.ManagedClient.preferences
	PayloadUUID
	0F5CC61C-2D48-4A94-862A-F4777F7D9C48
	PayloadVersion
	1
	PayloadContent

	com.apple.SetupAssistant.managed

	Forced


	mcx_preference_settings

	SkipSetupItems

	Diagnostics
	FileVault
	Intelligence
	SoftwareUpdate
	UpdateCompleted
	Welcome

view raw

gistfile1.txt

hosted with ❤ by GitHub

Der Flounder : Suppressing the Software Update Complete screen with a configuration profile on macOS Tahoe

2025-09-26T16:42:55+00:00

Over the years, Apple has introduced a number of screens which appear the first time you log into a Mac. Among those which appear following an upgrade to macOS Tahoe 26.0 is the Software Update Complete screen, which notifies you that the Mac has been upgraded to macOS Tahoe.

I have not found a way to suppress this screen using a defaults command, but it is possible to suppress the Software Update Complete screen on macOS Tahoe using a configuration profile. For more details, please see below the jump.

The relevant preference domain and key values are below:

Preference domain: com.apple.SetupAssistant.managed
Key: SkipSetupItems
Value: UpdateCompleted

The profile is available on GitHub via the link below:

https://github.com/rtrouton/profiles/blob/main/SkipSoftwareUpdateCompleteSetup

Der Flounder : Managing Safari settings on macOS Tahoe using Blueprints in Jamf Pro

2025-09-17T14:19:03+00:00

One of the management options Jamf Pro provides with Blueprints for macOS Tahoe is using DDM declarations to manage settings which can used by Apple’s Safari web browser. Let’s see how this works using by distributing the following Safari settings:

Allow History Clearing: Set to false, to disable clearing history in Safari.
Allow Private Browsing: Set to false, to disable private browsing in Safari.

For more details, please see below the jump.

Safari settings can be managed using DDM declarations at the user level, which like with user-level MDM profiles, means that they can be applied only to MDM-managed users. When dealing with local accounts, this means that only the local user account which installs the MDM enrollment profile becomes the MDM-managed user. For our purposes here, this means that Safari bookmark management declarations can only be applied to the MDM-managed user and any other local accounts on the Mac cannot have their Safari settings managed.

As of Jamf Pro 11.20.1, there is not a Blueprints template available for creating blueprints which manage Safari settings so the blueprint will need to be configured manually. To do this, use the following procedure:

1. Log into Jamf Pro.

2. Select Blueprints

3. Click the Create blueprint button.

4. Give it a name when prompted and click the Create button. For this example, I’m using Safari Settings.

5. You should see an unconfigured Blueprint. Scroll down in the list on the right-hand side of the browser window to locate the Safari settings component.

6. Click on the Safari settings component and drag the Safari settings component to the Declaration group section.

7. Mouse over the Safari settings component and you will see a Configure button appear. Click the Configure button.

8. To add the settings for the Safari settings in this example, set the following settings as follows:

History clearing: Set to Disallowed
Private browsing: Set to Disallowed

9. Once all the settings choices have been made and verified, click the Add button.

10. At this point, you should have a blueprint which has all settings configured but where no target scope has been set. To scope this blueprint, go to the Scope section and click the arrow button.

11. Select a Jamf Pro smart or static group. For this example, I’m selecting a static group named Safari Settings Deployment Group.

14. Once everything has been configured, click the Deploy button to deploy the changes to the Macs you want to manage.

Once deployed, the Blueprints screen in Jamf Pro should show the newly-created Safari Settings blueprint as being deployed.

On your managed devices, you can verify that the new Safari settings management configuration has been deployed by clicking on the enrollment profile, then scrolling to the bottom.

In the case of this example, you should see a User Declarations section with a listing for Safari Settings.

If you click on the Safari Settings listing, it should report the following:

Allow History Clearing: No
Allow Private Browsing: No

You should also be able to open Safari and verify that the desired settings are being applied by trying to clear Safari’s history and opening a private window.

Der Flounder : Managing Safari bookmarks on macOS Tahoe using Blueprints in Jamf Pro

2025-09-16T22:26:53+00:00

One of the management options Jamf Pro provides with Blueprints for macOS Tahoe is using DDM declarations to manage the bookmarks which can used by Apple’s Safari web browser. Let’s see how this works using by distributing the following links as Safari bookmarks:

Company Name Intranet: https://intranet.company.com
Company Name Developer Site: https://developer.company.com
Company Name Travel: https://travel.company.com

For more details, please see below the jump.

Safari bookmarks can be managed using DDM declarations at the user level, which like with user-level MDM profiles, means that they can be applied only to MDM-managed users. When dealing with local accounts, this means that only the local user account which installs the MDM enrollment profile becomes the MDM-managed user. For our purposes here, this means that Safari bookmark management declarations can only be applied to the MDM-managed user and any other local accounts on the Mac cannot have their Safari bookmarks managed.

As of Jamf Pro 11.20.1, there is not a Blueprints template available for creating blueprints which manage Safari bookmarks so the blueprint will need to be configured manually. To do this, use the following procedure:

1. Log into Jamf Pro.

2. Select Blueprints

3. Click the Create blueprint button.

4. Give it a name when prompted and click the Create button. For this example, I’m using Safari Bookmarks.

5. You should see an unconfigured Blueprint. Scroll down in the list on the right-hand side of the browser window to locate the Safari bookmarks component.

6. Click on the Safari bookmarks component and drag the Safari bookmarks component to the Declaration group section.

7. Mouse over the Safari bookmarks component and you will see a Configure button appear. Click the Configure button.

8. At this point, you will see an Managed Bookmarks section without any listed bookmarks. Click the Add bookmark group button.

9. To add the settings for the Safari bookmarks in this example, set the following entries as follows:

Title: Company Name
Group identifier: 875D8D76-20EE-43DB-B874-9FC9F1CCC3A9

Note: The Group identifier field can be any unique string and the only thing that matters is that it is unique. Acceptable unique strings include the following:

875D8D76-20EE-43DB-B874-9FC9F1CCC3A9
Finance Department Bookmarks
Man I Love Donuts Especially Those With Chocolate Frosting

If the string is not unique, the bookmarks which have a not-unique group identifier will be composited together into one set of bookmarks.

Bookmarks:

Company Name Intranet: https://intranet.company.com
Company Name Developer Site: https://developer.company.com
Company Name Travel: https://travel.company.com

10. Once all the settings choices have been made and verified, click the Add group button.

11. If everything looks right, click the Save button.

12. At this point, you should have a blueprint which has all settings configured but where no target scope has been set. To scope this blueprint, go to the Scope section and click the arrow button.

13. Select a Jamf Pro smart or static group. For this example, I’m selecting a static group named Safari Bookmarks Deployment Group.

14. Once everything has been configured, click the Deploy button to deploy the changes to the Macs you want to manage.

Once deployed, the Blueprints screen in Jamf Pro should show the newly-created Safari Bookmarks blueprint as being deployed.

On your managed devices, you can verify that the new Safari bookmark configuration has been deployed by clicking on the enrollment profile, then scrolling to the bottom.

In the case of this example, you should see a User Declarations section with a listing for Safari Bookmarks.

If you click on the Safari Bookmarks listing, it should report the following:

Present

You should also be able to open Safari and verify that the desired bookmarks are appearing in Safari’s Bookmarks menu.

Der Flounder : Managing the desktop widget setting on macOS Tahoe

2025-09-15T21:35:39+00:00

Every so often, something gets added to macOS and enabled by default where I wish it was off by default. In macOS Tahoe, that’s the appearance of desktop widgets automatically on login.

This behavior is managed in System Settings: Desktop & Dock and is listed as the Show Widgets setting. This has two selectable settings:

On Desktop
In Stage Manager

The default behavior is for both the On Desktop and In Stage Manager options to be enabled.

To prevent desktop widgets from appearing on your desktop, disable the On Desktop option.

Fortunately for my preferences, the desktop widgets behavior can also be controlled via the following setting:

Domain: com.apple.WindowManager
Key: StandardHideWidgets
Value: Boolean

To disable desktop widgets and prevent them from appearing, run the following command as the logged-in user:

/usr/bin/defaults write com.apple.WindowManager StandardHideWidgets -bool true

view raw

gistfile1.txt

hosted with ❤ by GitHub

To enable desktop widgets to appear again, run the following command as the logged-in user:

/usr/bin/defaults write com.apple.WindowManager StandardHideWidgets -bool false

view raw

gistfile1.txt

hosted with ❤ by GitHub

In my case, I wanted to disable desktop widgets and prevent them from appearing so I’ve also written a profile which can enforce this. It’s available via the link below:

https://github.com/rtrouton/profiles/blob/main/DisableDesktopWidgets

Der Flounder : FireWire support removed from macOS Tahoe

2025-09-15T20:38:43+00:00

As part of the release of macOS Tahoe 26.0, Apple has removed built-in support for FireWire devices from macOS. This removal of support can be verified by looking in System Profiler.

For more details, please see below the jump.

On macOS Sequoia 15.7.0, System Profiler shows an entry for FireWire.

On macOS Tahoe 26.0, System Profiler no longer shows an entry for FireWire.

Running the following command on both macOS Sequoia and macOS Tahoe also shows that SPFireWireDataType has been removed from macOS, which means that System Profiler is not longer gathering data from that area:

/usr/sbin/system_profiler -listDataTypes

view raw

gistfile1.txt

hosted with ❤ by GitHub