After JAMF install, Bluetooth was activated

[wslack]

I'm 95% sure I had bluetooth off on my machine before JAMF. After the install, I saw the activated Bluetooth icon in my menu bar.

Edit: this issue has occurred and reoccurred on these dates:

1. Sept 8, 2017
2. Sept 12
3. Sept 27
4. Sept 29
5. Oct 31
6. Nov 17
7. Nov 22
8. Dec 4
9. Jan 4, 2018
10. Jan 29
11. Feb 7
12. Feb 9
13. Feb 20
14. Mar 5
15. Mar 22 (when turned on at my desk)
16. April 26 (when turned on while moving through the building)
17. July 23 (after a week away on vacation, at my desk in GSA, not at startup but upon waking from sleep)
18. July 25 (computer was shut down as normal and left in GSA)
19. August 13 (computer was shut down as normal and left in GSA over the weekend)

[wslack]

Bluetooth is on again, turning it off again. cc @konklone

[wslack]

Bluetooth is now back in my menu bar (removed it both times before) but still off.

[Vanbella]

Hello. Enforcing Bluetooth in menubar is one of the security items were managing via JAMF.

[wslack]

@Vanbella are you supposed to be activating bluetooth as well? I would think we'd want it off by default.

[Vanbella]

The policy does not enable Bluetooth, it just enforces that its in the Menubar to alert the user that Bluetooth is enabled.

[wslack]

Ok - I observed, at least once, bluetooth being activated, 13 days ago. Will keep watching.

[wslack]

@Vanbella bluetooth is on again; I just took this screenshot:

[wslack]

It was in the menu bar but off yesterday; now its in the bar and on. I just turned it off again.

[wslack]

Bluetooth is on again.

Turned it off, again:

[Vanbella]

Bluetooth may be auto-enabling if you have paired devices, or if you have Bluetooth advanced settings checked.

On Fri, Sep 29, 2017 at 11:14 AM, Will Slack notifications@github.com wrote:

Bluetooth is on again. [image: screen shot 2017-09-29 at 11 13 51 am] https://user-images.githubusercontent.com/10016577/31022621-53f63248-a507-11e7-805d-3c5957e36fee.png

Turned it off, again: [image: screen shot 2017-09-29 at 11 14 03 am] https://user-images.githubusercontent.com/10016577/31022622-54028b88-a507-11e7-89e9-171be3ec6612.png

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/GSA/laptop-management/issues/38#issuecomment-333154482, or mute the thread https://github.com/notifications/unsubscribe-auth/AdejeyUa7nne43kcm3BxmZE-H6g417n4ks5snQlYgaJpZM4PRPFa .

-- Andrew Van Bellinghen | jamf PRO Engineer GEO Contract | SAIC Team | SAIC Supporting GSA IT Mobile: 516-279-0531 Email: Andrew.Vanbellinghen@gsa.gov

[wslack]

I have no devices but I do have the advanced settings checked - had never opened that screen. Will uncheck them.

[wslack]

Confirming I unchecked the advanced settings.

[wslack]

@Vanbella Bluetooth is on again. The advanced settings are still unchecked. Turning it off again.

[wslack]

There were/are no paired devices.

[wslack]

Bluetooth is on again. There are no paired devices and the advanced settings are unchecked. Turning off again.

[wslack]

Bluetooth is on again.

Settings Screen:

No advanced settings on:

Turned it off again:

[konklone]

@Vanbella Can you or someone on your team suggest next steps for @wslack to take?

[wslack]

Bluetooth is on again! Preferences are unchanged.

Also, noting here that @Vanbella said this 7 days ago:

The Jamf logs show 11/21 the Bluetooth icon was added to the menubar on your Mac. The same policy ran on my 2 test macs as well. Bluetooth was not enabled on the 2 test macs. The Jamf policy is not enabling Bluetooth. So im looking into what would cause your Bluetooth issue and how to test it, resolve it.

It seems like its turning on when I come into the office. (edited to add direct link to Slack thread)

[wslack]

Confirming I turned Bluetooth off once more.

[Vanbella]

Hi Will

Send me the serial number of your mac to ensure i'm looking a the right machine.

Ive asked this before, but just to confirm you don't have any Bluetooth items paired to this mac. Thanks

-Andy

On Mon, Dec 4, 2017 at 11:27 AM, Will Slack notifications@github.com wrote:

Confirming I turned Bluetooth off once more.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/GSA/laptop-management/issues/38#issuecomment-349016294, or mute the thread https://github.com/notifications/unsubscribe-auth/Adeje6Subyzb1GyFVfvt5zYDUT8fae56ks5s9B2PgaJpZM4PRPFa .

-- Andrew Van Bellinghen | jamf PRO Engineer GEO Contract | SAIC Team | SAIC Supporting GSA IT Mobile: 516-279-0531 Email: Andrew.Vanbellinghen@gsa.gov

[wslack]

G0048227125 is the barcode, C02N8012G3QK is the serial number.

And no - there have been no bluetooth items paired to this machine in the past year.

[Vanbella]

OK Thats the Mac im looking at.

On Mon, Dec 4, 2017 at 1:44 PM, Will Slack notifications@github.com wrote:

G0048227125 is the baracode, C02N8012G3QK is the serial number.

And no - there have been no bluetooth items paired to this machine in the past year.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/GSA/laptop-management/issues/38#issuecomment-349062599, or mute the thread https://github.com/notifications/unsubscribe-auth/Adeje7rl40LUoEI4rftssVIYt2pNgt4cks5s9D17gaJpZM4PRPFa .

-- Andrew Van Bellinghen | jamf PRO Engineer GEO Contract | SAIC Team | SAIC Supporting GSA IT Mobile: 516-279-0531 Email: Andrew.Vanbellinghen@gsa.gov

[randyhart]

This same thing happened to me, just today. It's the first time that's happened. I turned it off because I don't have any need for bluetooth on my laptop and I've heard anecdotally having bluetooth might be a security risk.

[Vanbella]

Hi Randy

We dont have a policy which enables Bluetooth. The Bluetooth policy adds the Bluetooth icon to the menu bar to alert you if Bluetooth is active, but does not activate Bluetooth.

On Mon, Dec 11, 2017 at 5:58 PM, randyhart notifications@github.com wrote:

This same thing happened to me, just today. It's the first time that's happened. I turned it off because I don't have any need for bluetooth on my laptop and I've heard anecdotally having bluetooth might be a security risk.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/GSA/laptop-management/issues/38#issuecomment-350886475, or mute the thread https://github.com/notifications/unsubscribe-auth/Adeje6zeRbyX4fVdz5d10NooxsSApnqTks5s_bN6gaJpZM4PRPFa .

-- Andrew Van Bellinghen | jamf PRO Engineer GEO Contract | SAIC Team | SAIC Supporting GSA IT Mobile: 516-279-0531 Email: Andrew.Vanbellinghen@gsa.gov

[konklone]

@Vanbella We're hoping you can dig in a bit deeper -- it's clear GSA IT isn't intentionally activating Bluetooth on our machines, but this is a recurring issue that looks highly correlated with GSA IT management of Macs.

It sounds like you looked at @wslack's computer? Did you see anything in the logs or other places? If not, what should we do to figure out what's going on? It's not enough to note that there's no Bluetooth policy -- our collective responsibility is to figure out what's going on on our laptops when there's a surprise.

[Vanbella]

Sure, Randy please log a ticket with GSA service desk about the issue...

Thanks!

On Tue, Dec 12, 2017 at 11:49 PM, Eric Mill notifications@github.com wrote:

@Vanbella https://github.com/vanbella We're hoping you can dig in a bit deeper -- it's clear GSA IT isn't intentionally activating Bluetooth on our machines, but this is a recurring issue that looks highly correlated with GSA IT management of Macs.

It sounds like you looked at @wslack https://github.com/wslack's computer? Did you see anything in the logs or other places? If not, what should we do to figure out what's going on? It's not enough to note that there's no Bluetooth policy -- our collective responsibility is to figure out what's going on on our laptops when there's a surprise.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/GSA/laptop-management/issues/38#issuecomment-351281638, or mute the thread https://github.com/notifications/unsubscribe-auth/Adeje-X4rtB_SJrL5U1PzsP5rScuPUGnks5s_1dsgaJpZM4PRPFa .

-- Andrew Van Bellinghen | jamf PRO Engineer GEO Contract | SAIC Team | SAIC Supporting GSA IT Mobile: 516-279-0531 Email: Andrew.Vanbellinghen@gsa.gov

[randyhart]

1. No idea how to do that, and this doesn't merit the time it would take to find out.

2. I'm going to hold off on filing the GSA service desk ticket because it seems that now my WiFi is getting JAMF'ed about once a day. I was lucky til this point but ever since the bluetooth thing, I'm now getting all kinds of buggy behavior. If that keeps happening I'll use my service desk time to unJAMF my WiFi.

   Thanks.

[Vanbella]

You can log a ticket by emailing itservicedesk@gsa.gov and listing is the subject the issue, and that you're a mac user..."Bluetooth activating automatically on Mac". Also list any supporting details in the body of the email. Would you like me to log a ticket for you?

On Wed, Dec 13, 2017 at 8:53 AM, randyhart notifications@github.com wrote:

1.

No idea how to do that, and this doesn't merit the time it would take to find out. 2.

I'm going to hold off on filing the GSA service desk ticket because it seems that now my WiFi is getting JAMF'ed about once a day. I was lucky til this point but ever since the bluetooth thing, I'm now getting all kinds of buggy behavior. If that keeps happening I'll use my service desk time to unJAMF my WiFi.

Thanks.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/GSA/laptop-management/issues/38#issuecomment-351397139, or mute the thread https://github.com/notifications/unsubscribe-auth/AdejeyijPAPWYvtiJ6g1UKEa2eXDhOEyks5s_9bmgaJpZM4PRPFa .

-- Andrew Van Bellinghen | jamf PRO Engineer GEO Contract | SAIC Team | SAIC Supporting GSA IT Mobile: 516-279-0531 Email: Andrew.Vanbellinghen@gsa.gov

[randyhart]

I'm just going to roll with it. Mine hasn't done it since the first time, so it's not as bad as what @wslack is dealing with. Appreciate the additional information and the offer to assist. Thank you.

[wslack]

Should I file an IT Service Desk ticket?

[Vanbella]

Yes if Bluetooth is still enabling automatically I would log a ticket.

On Mon, Dec 18, 2017 at 3:09 PM, Will Slack notifications@github.com wrote:

Should I file an IT Service Desk ticket?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/GSA/laptop-management/issues/38#issuecomment-352543693, or mute the thread https://github.com/notifications/unsubscribe-auth/Adeje23t4euincrDMUuVX3rE6t-mP48Qks5tBsZxgaJpZM4PRPFa .

-- Andrew Van Bellinghen | jamf PRO Engineer GEO Contract | SAIC Team | SAIC Supporting GSA IT Mobile: 516-279-0531 Email: Andrew.Vanbellinghen@gsa.gov

[wslack]

kk I will do that next time it happens.

[konklone]

@wslack Could you do it anyway before waiting for it to reoccur, just referencing this issue?

[wslack]

Ticket suggested I do this:

Go to System Preference—General Uncheck “Allow Handoff between this Mac and your iCloud devices” Restart your Mac

I've done these (not the restart, will do that later today) and will report back if/when bluetooth is active again.

[wslack]

(also, I will plan to close this issue in three months if the issue does not recur)

[wslack]

Bluetooth was on again at startup this morning. I didn't do anything to the computer between yesterday when I turned it off at GSA and this AM, when I turned it on at GSA.

[wslack]

Confirming that the handoff screen was set as requested:

Confirming no bluetooth devices are paired:

Confirming Bluetooth advanced settings:

[wslack]

Turned it back off:

[wslack]

Happened again!

Turned it off again:

[wslack]

Contacting the service desk

[Vanbella]

Hi will

These are the policies that have run on your mac in the past few days. None of them enable Bluetooth.

[image: Inline image 1]

On Mon, Jan 29, 2018 at 10:27 AM, Will Slack notifications@github.com wrote:

Contacting the service desk

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/GSA/laptop-management/issues/38#issuecomment-361280712, or mute the thread https://github.com/notifications/unsubscribe-auth/Adeje4-G3rnpzNT46lqH9C14d2AWw_jSks5tPeNSgaJpZM4PRPFa .

-- Andrew Van Bellinghen | jamf PRO Engineer GEO Contract | SAIC Team | SAIC Supporting GSA IT Mobile: 516-279-0531 Email: Andrew.Vanbellinghen@gsa.gov

[wslack]

@Vanbella that didn't attach!

[wslack]

New ticket: INC2217456

[wslack]

Next step: I tried deleting the files here and will restart my computer, then we'll see if it recurs.

(edit: only the top two files)

[wslack]

Happened again.....will circle back later.

[wslack]

I turned it back off and e-mailed a GSA IT contact. I don't want to reimage the computer to fix this, so I think it will just stand in status quo.

[wslack]

I will also try a PRAM restart.

[Vanbella]

Hi Will

Did we ever put Bluetooth in debug mode on your Mac and get a very verbose Bluetooth log output?

-Andy

On Wed, Feb 7, 2018 at 9:12 PM, Will Slack notifications@github.com wrote:

I will also try a PRAM restart.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/GSA/laptop-management/issues/38#issuecomment-363979671, or mute the thread https://github.com/notifications/unsubscribe-auth/Adeje_hex_jSvuKnTDwyMHqnqorjB5vYks5tSlglgaJpZM4PRPFa .

-- Andrew Van Bellinghen | jamf PRO Engineer GEO Contract | SAIC Team | SAIC Supporting GSA IT Mobile: 516-279-0531 Email: Andrew.Vanbellinghen@gsa.gov

[wslack]

Did the PRAM restart and no, we have never put bluetooth in debug mode.

[Vanbella]

OK let me find the directions for that and ill work with you on this.

-Andy

On Thu, Feb 8, 2018 at 2:22 PM, Will Slack notifications@github.com wrote:

Did the PRAM restart and no, we have never put bluetooth in debug mode.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/GSA/laptop-management/issues/38#issuecomment-364220289, or mute the thread https://github.com/notifications/unsubscribe-auth/Adeje1B5VU_pZuthDzuYudLo9FzBBC6Gks5tS0mBgaJpZM4PRPFa .

-- Andrew Van Bellinghen | jamf PRO Engineer GEO Contract | SAIC Team | SAIC Supporting GSA IT Mobile: 516-279-0531 Email: Andrew.Vanbellinghen@gsa.gov