May 2022 – MacAdmins Meeting

May 2022 – MacAdmins Meeting

May 18, 2022 – University of Utah, MacAdmins Meeting


The University of Utah, MacAdmins Meeting is held monthly virtually on the 3rd Wednesday of each month at 11 AM Mountain Time. Presentations cover Apple technology and integration in a heterogeneous university enterprise environment. This month’s meeting will be held on Wed, May 18th, 2022 at 11 AM MT and we will provide live broadcasts and archives that will be made available 2-3 days after the meeting. If you have suggestions on presentations or interest in presenting,  questions, or comments, please use the Contact Us option.


macOS Update Management & Challenges – Weldon Dodd & Mike Boylan,  Kandji

Managed macOS compatibility varies by Mac computer architecture and macOS versions, and different installation mechanisms are used, which is challenging for to MacAdmins trying to keep their Mac fleet up-to-date. This presentation will cover the macOS update management challenges and potential workarounds & solutions.

Mac computers upgrading to macOS Monterey
Mac computers can have the macOS Monterey upgrade enforced. The MDM commands leveraged for Mac computers with Apple silicon are not able to pre-cache macOS Monterey. The only available install action is the InstallASAP action.

All Mac computers, macOS 11.4 or later
In macOS Big Sur 11.4 through 11.6, the reliability of the DownloadOnly and OSUpdateStatus commands is still questionable. You will see intermittent failures during the download phase of the update process. You may see slow download times as the task is not run in the foreground. Additionally, if a Mac computer already has an update cached (either by the user caching the update via System Preferences, the softwareupdate CLI, or automatic downloads being confirmed), the MDM protocol does not accurately report this state to the server.

Mac computers with Apple silicon, macOS earlier than 11.4
Mac computers with Apple silicon running a macOS version earlier than 11.4 will report as incompatible because the MDM commands that leverage bootstrap token authentication to authorize software updates from an MDM service were broken in these versions of macOS. Additionally, the softwareupdate CLI tool is not bootstrap token–aware and cannot be leveraged to silently update macOS on Apple silicon devices.

Mac computers with Intel processors, macOS 11.2 through 11.3.1
Intel-based Mac computers running a version of macOS later than 11.2 but earlier than 11.4 can have minor macOS updates enforced. The MDM protocol is not used yet on these versions of macOS due to the unreliability of the software update MDM commands.

Mac computers with Intel processors, macOS 11 through 11.1
Intel-based Mac computers running these versions of macOS contain a bug that prevents the softwareupdate CLI and MDM software update commands from silently installing macOS updates correctly. Managed OS will report Intel-based Mac computers running these versions of macOS as incompatible.

About Weldon Dodd

Weldon Dodd, is the SVP of Product Strategy, Kandji which is a platform for Apple device management. Previously he was an IT consultant, trainer, and writer in Denver, CO. Weldon started his career running the Mac lab and the NeXT Lab at UCSB and worked as a network engineer, Apple IT consultant, and Filemaker Pro trainer in Santa Barbara, CA. He then started building larger and larger data networks with KPMG Consulting until he was designing network management and provisioning systems for major wireless carriers like AT&T Wireless, Western Wireless, Cellular One, SBC, US West, and Qwest Wireless. His background includes stints at Cisco working on developing tools for directory-enabled networks and Microsoft Consulting Services on Active Directory integration.

About Mike Boylan

Mike Boylan is a Staff Product Engineer at Kandji working on MDM. Previously, he spent 7.5 years in field engineering at Apple supporting education and enterprise customers as a Senior Consulting Engineer. Before that, he worked for Robert Morris University in Pittsburgh, PA in a variety of positions, including Programmer Analyst, Systems Administrator, and eventually Senior Systems Engineer. Mike’s been fortunate to have worked with Apple technologies in a professional capacity for over a decade now, and he carries a wealth of knowledge and experience relating to Apple technologies in education and enterprise.

  • Video – To view the archived presentation video, click here.
  • Slides – To view the archived presentation slides, click here.

Solving problems with custom AutoPkg processors – Matthew Warren, Lyft

AutoPkg includes a tremendous amount of functionality, helping you reliably and efficiently manage your application catalog.

You can expand AutoPkg’s core repertoire by using custom processors, which add new techniques to your software preparation process. And – much like recipes – many custom processors are shared by other Mac administrators, making them simple to start using.

He will be covering the basics of using shared processors in your own recipes. Additionally, I’ll demonstrate two custom processors I’ve recently created to better solve my own challenges:

  • DatetimeOutputter – which outputs the current date and time as a usable variable, as well as outputting past or future dates and times.

  • AppIconExtractor – which automatically extracts an app’s icon and saves it as a PNG. Additionally, AppIconExtractor can create icon variations by compositing a secondary image on top of the app’s icon.

About Matthew Warren

Matthew Warren works as a systems engineer at Lyft managing their global Mac fleet. You might know him online as “haircut,” because he needs one. He writes and you can typically find him lurking on the MacAdmins Slack.

  • Video – To view the archived presentation video, click here.
  • Slides – To view the archived presentation slides, click here.


Open Discussion

Questions, comments, problems, and fixes.



Due to the coronavirus (aka Covid-19) crisis, this meeting will not be meeting in person but will currently be done virtually using Zoom video communications architecture.

With Zoom we will implement the following security best practices:
  • Require a Password to Join This meeting will require a password to join the meeting. Information will be emailed via a campus internal list, but if you are external and want to attend the meeting, please use the contact us form to receive details. Else, the archive of the meeting will be available 2-3 days after the live meeting.

    • Waiting Room When joining the meeting you will be placed in the Waiting Room by default and the hosts will give you access to the live meeting.

  • Miscellaneous We will also implement other settings and safeguards to secure the meeting.

Archived Presentation(s)

  • Archives of the presentations will be available on this web page.
No Comments

Leave a Reply