Last week a customer approached me asking for some assistance in migrating their client devices from an on-premise server to their new Office 365 instance hosted in the cloud. In addition to migrating to a new Exchange server, the customer was also planning on moving all of the clients to Outlook 2016 from Outlook 2011. Having not had the experience personally in doing this in a business environment, I was unsure what the entire process was going to look like. Luckily, with only a few minutes of google searching, I discovered in which Talkingmoose outlined how a simple Applescript would do the trick. Tell application 'Microsoft Outlook' set server of exchange account 1 to 'end tell With the AppleScript in hand, we just needed to put together a process to use LANDESK or what is now rebranded as Ivanti. The Ivanti Mac agent itself, unfortunately, doesn’t support AppleScript directly.

That means that rather than creating an AppleScript file, I needed to write a shell script and simply change the shebang line environment to be osascript as opposed to the standard shell. #!/usr/bin/env osascript And that’s it. I pushed out the script using LANDESK Management Suite, and even with the Outlook client open on the test device, the server URL was appropriately changed. You can download the script from, or as I typically do, the full script is below. You’ll see it’s very short. #!/usr/bin/env osascript # changeOutlookServer.sh # Created by Bennett Norton on 1/25/17. Tell application 'Microsoft Outlook' set server of exchange account 1 to 'end tell Remember, after you save your file, set the execute permissions on it by opening terminal and running the command below and then copy it to your package server share.

Chmod +x /path/to/your/script.sh With the script ready, you now need to build the software package to distribute to the Macs. The Holy Grail Zero-touch configuration for IT, the holy grail of device management! This is the promise of a DEP enabled device. Just buy it and turn it on, it’ll pull down your designated management profile once the device has an established Internet connection and all of the associated settings and applications assigned will be deployed to the device.

For the most part, yes it is. All you need to do is make sure your DEP enabled devices, are associated with an Apple MDM server. In turn, that Apple MDM server needs to be configured with your MDM management service. To configure LANDESK as your preferred MDM server, see my.

Flipboard: Sylk Xlm Code Execution On Office 2011 For Mac Mac

Today’s discussion will simply focus on getting those Apple devices enrolled with Apple’s MDM server. While the process only takes a few minutes, it is a required step for that zero-touch configuration; so don’t skip it. Adding an Apple Device to an Apple MDM Server. Browse to from your browser of choice. Provide your Apple ID associated with your DEP account – enroll with Apple if you have not yet performed this step.

Provide your two-factor authentication verification code; this is required by Apple for DEP management. From the menu bar on the left, select Manage Devices. Select your desired radio button to add devices by Serial Number, Order Number or via a CSV Upload. Select the action Assign to Server under Step 2 and find your appropriate server from the drop down list and hit OK And that’s it. Now when you unbox your shiny new Apple device, whether it be an iOS or macOS device, once it has an Internet connection (the touch part in the zero-touch process 🙂 ), it’ll pull down the assigned profile from your MDM server.

Then, anytime the device is reset, the process will re-enage, ensuring that device always has your MDM profile assigned. If you’re an existing 3.x consumer of Cisco AnyConnect you may be surprised when you load up the 4.x installer and find your users have a plethora of additional features; like Web Security, System Scan, Roaming Security and AMP Enabler. If these are features you’re planning on using, great, you’re all set. If you were just hoping to leverage the VPN, well, all is not lost. You can easily customize the installer, providing it a set of instructions indicating what modules you want installed and what modules you want blocked – and it’s all done via a simple PLIST file. I’ve included the entire example PLIST I used to block everything but the VPN as well as the installer script for LANDESK on my GitHub site.

Let’s discuss the PLIST first. Here is an example of one of the dictionary objects found in the PLIST file, in this case it is for the VPN feature.

AttributeSetting 1 choiceAttribute selected choiceIdentifier choicevpn Basically we have a dictionary of values that define the module and tell the installer of whether it should be installed by setting the Integer value to 1. If you want to block the given module, set the integer value to 0. Look at the string value to figure out what module you’re enabling or disabling. You shouldn’t need to adjust any of the other settings. So go ahead and download the example PLIST file I have on my GitHub site and finish customizing it for your environment. My PLIST file has everything disabled outside of the VPN.

If you were to manually install the application, you’d see the window below. Now that you have your PLIST ready to go, you need to save it as ‘ChoiceChangesCiscoAnyConnect.plist’ so it can be properly referenced in our installer script.

If you save it as something else, just make sure you make the appropriate change in your installer script. OK, we’re now ready to create the installer script. For simplicity, I’m going to build my installer script to do both the downloading of the AnyConnect package file, the PLIST file we just created and then it’ll kick off the installer – all using SDClient so I can take advantage of the bandwidth and throttling settings.

The entire installer script is pasted below. In your environment, you’ll likely only need to change the plistFilePath and packageFilePath variables. The script copies everything to a folder titled CiscoAnyConnect inside of sdcache. I purposely chose to put everything in the sdcache folder as the script doesn’t purge anything when finished, letting the standard sdcache cleanup process take care of that at the appropriate time. Once you have your paths set, you should be ready to go. You’ll notice that SDClient is used, with several arguments, to download the files.

The -noinstall argument is quite obvious, it tells SDClient to just download and not do anything else. The -package is telling SDClient where to obtain the file and the -destdir argument is telling SDClient where to copy the file to. /Library/Application Support/LANDesk/bin/sdclient -noinstall -package '$packageToCopy' -destdir '$destinationLocation' As mentioned before, the script copies down the PLIST file and the Cisco installer. If you have a DMG version of the Cisco Installer, just mount it on a Mac and copy out the AnyConnect.pkg from the DMG. I copied mine directly to my standard SWD file share. Then the scripts wraps up by executing the AnyConnect.pkg installer with a few arguments as well. We tell macOS we want it to run a pkg intsaller and point to where that file is.

In my example, it’s in the /Library/Application Support/LANDesk/sdcache/CiscoAnyConnect folder. I leave the -target path empty, basically letting the installer put where it’s designed to. I then add the flag -applyChoiceChangesXML so that it knows customization is to be performed and I supply the path to that name/file. Installer -pkg '$destinationLocation'/'$packageName' -target / -applyChoiceChangesXML '$destinationLocation'/'$plistName' And that’s it. You now have everything you need to deploy your package.

Save out your installer script, I named mine ciscoAnyConnect4.3Deploy.sh but you can name yours whatever you want. As always, once saved, make sure you give the script the execution permissions by opening Terminal and running: sudo chmod +x /path/to/script.sh Now copy your installer script to your LANDESK SWD file share. I used the same path for my script, PLIST file and AnyConnect.pkg installer. Once you’ve copied up your script, you just need to create your LANDESK Mac package so you can target and silently deploy Cisco AnyConnect with all of your customizations. Creating LANDESK Management Suite Mac Packages. Open the LANDESK Console. Navigate to the top menu bar, select Tools Distribution Distribution Packages.

In the lower left menu tree, highlight My Packages or Public Packages from within the Distribution Packages window. On the Distribution menu bar, press the New Package button and select New Macintosh Agent package.

Have you found that, after a seemingly random period of time post CylancePROTECT deployment, your help desk is receiving calls about CylancePROTECT not being licensed? Well, you’re not the only one. The client / server architecture setup for CylancePROTECT on macOS requires that the client machine check-in on a periodic basis or it will automatically “forget” it’s license key. This behavior is great if the machine happens to be lost or stolen; however, if you have remote users that don’t frequently get on the network, having a machine forget it’s license is definitely not ideal. Luckily, we can remotely inject the license key using LANDESK Management Suite to deploy a little script to work the magic. All remotely might I add. Neither you nor I want to touch every machine that needs an update.

Flipboard: Sylk Xlm Code Execution On Office 2011 For Mac Download

Furthermore, this script would work if you find that your original license key was compromised and you need to replace it with a new one. The script is a fairly basic script.

Flipboard: Sylk Xlm Code Execution On Office 2011 For Mac Free

It’ll stop the CylancePROTECT service, run a backup on the existing token XML file, inject the token into the XML, and restart the service. All you need to do in the script is change the variable value “newCylanceCustomToken” with your actual token value. You can download the script from or just create your own by copying and pasting from the script below.

Just remember to run chmod +x on your script if you make your own. Special shout out goes to Logrhythm SIEM for the assist on the SED portion of this script. Once you have your script ready to go, compress it and copy it to your file share so you can create a LANDESK package and deploy it out. CylancePROTECT Package Creation.

Open the LANDESK Management Suite Console. Navigate to the top menu bar, select Tools Distribution Distribution Packages. In the lower left menu tree, highlight My Packages or Public Packages from within the Distribution Packages window. On the Distribution menu bar, press the New Package button and select New Macintosh Agent package.