Closed fleish closed 1 year ago
BigMacAdmin
commented
1 year ago Hi Fleish,
Check out this blog post, I think it will answer your questions: https://www.kevinmcox.com/2023/02/nudge-signing-certificate-changed/
tl;dr - the signing certificate changed, so if you're enforcing nudge as a background item via TeamID you need to add/update to the new TeamID.
erikng
commented
1 year ago Yep nothing we can do to hide that picture unfortunately but it's best to manage this with a mdm profile.
fleish
commented
1 year ago FWIW I'm not currently managing login items via a configuration profile. I believe this is showing up as a result of installing a user LaunchAgent for Nudge. I suppose users could have theoretically unloaded the launch agent previously, but that would have required knowledge of CLI commands (which most, if not all users lack) and that this particular launch agent was running (which users didn't get pre-Ventura and this pop-up).
So would we need to stop installing the Launch Agent and instead add it as configuraiton profile? Can there be multiple configuration profiles - each containing a specific login item? And is there a way to set certain ones to be greyed out so they cannot be disabled by the user if installed via MDM or will that just happen organically because they are installed by MDM?
BigMacAdmin
commented
1 year ago You’re into general “macOS management” questions surrounding the new Login Items System Settings pane feature in Ventura. This is not a Nudge specific question.
Every Launch Agent/Daemon on a Mac will now show in that window, and users can turn them off (equivalent of using launchctl unload). Apple wants end users to know every single thing that is configured to automatically run on their device.
MDM can deliver profiles that dictate which “Login Items” (Agents/Daemons) that users are not allowed to disable. It is no longer possible to hide these from users, if it’s an Agent/Daemon the user will see it.
This blog post covers the topic very well: https://n8felton.wordpress.com/2022/10/24/login-and-background-item-management-in-macos-ventura-13/
If this is something you’re just finding out about, I would strongly recommend joining the MacAdmins free Slack community. It’s an amazing place to hear about what’s new with managing macOS in school/business. https://www.macadmins.org/slack
fleish
commented
1 year ago I appreciate the blog post pointer to help ... nudge me in the right direction 😜
During the recent upgrade to Nudge 1.1.11.81465 on an M1 Macbook Air running macOS Ventura I was notified about a new application being granted background application privileges, called Mac Admins Open Source. I'm curious if the implication here is that an end user could stop Nudge from running by toggling off the option as seen in the attached screenshot? And if that is the case I'm wondering if it's possible to disable the toggle as seems to be the case for JAMF applications?