Help

Post your questions!

TA373
New Contributor II
New Contributor II

Posted on ‎10-16-2013 05:39 PM

Please feel free to post your questions - wifi permitting, we'll attempt to check though out the presentation!

0 Kudos
8 REPLIES 8

nkalister
Valued Contributor

Posted on ‎10-17-2013 12:25 PM

we use certificate based 802.1x authentication in our environment, and we deliver the certificate and system-level 802.1x profile using a configuration profile. This method of installing the certificate does not prevent exportation of the private key when running 10.7 or 10.8. Has anyone found a way to protect the private key when using a config profile on those OS's?

0 Kudos

MandiantIT
New Contributor

Posted on ‎10-17-2013 12:49 PM

We have peculiar instance where some users do not have recovery partition. A direct result of a poorly deployed OS disk image without a recovery partition. We have resolved this issue for new deployment sung Casper. How can we deploy File Vault 2 for these users without a recovery partition?

If not possible, can that partition be injected?

0 Kudos

jhuhmann
Contributor

Posted on ‎10-17-2013 01:04 PM

Have you encountered situations where Mac antivirus did something for you?

0 Kudos

lashomb
Contributor II

Posted on ‎10-17-2013 01:04 PM

Any recommendations on 2-factor VPN for Macs?

0 Kudos

localhorst
Contributor

Posted on ‎10-17-2013 01:11 PM

Most people think of iOS when the speak of BYOD (bring you own disaster). What are your best practices to share for BYOD OS X devices?

0 Kudos

rtrouton
Release Candidate Programs Tester

Posted on ‎10-17-2013 09:11 PM

I referenced a few things that are available on GitHub during today's session:

Create-Recovery-Partition-Installer - https://github.com/MagerValp/Create-Recovery-Partition-Installer

The current version of my XProtect management script for Java browser plug-in settings is available here - https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/xprotect_re-enable_java_6_...

Blog post that describes how the XProtect management script works:

Managing Java browser plug-in settings for Apple’s XProtect malware protection - http://derflounder.wordpress.com/2013/02/24/managing-java-browser-plug-in-settings-for-apples-xprote...

0 Kudos

rtrouton
Release Candidate Programs Tester

Posted on ‎10-17-2013 09:22 PM

One other thing I referenced during the panel discussion was editing the /etc/sudoers file to remove the ability of all users with administrative privileges to use sudo. The general idea is that the entry for %admin be removed from /etc/sudoers, as that's referencing the admin group on the machine.

external image link

Instead, specify the usernames that should have sudo privileges:

external image link

If a user needs to have sudo privileges, add their username to the /etc/sudoers file on the appropriate machine.

0 Kudos

krichterjr
Contributor

Posted on ‎10-18-2013 11:09 AM

Here is the feature request to have an option built into Casper for the fdesetup -authrestart in case anyone would like to vote it up.
https://jamfnation.jamfsoftware.com/featureRequest.html?id=1255#respond

0 Kudos