Kory Prince

Results 33 comments of Kory Prince

How to install the .mobileconfig which contains "kernel-extension-policy"

@islamadel, from the Apple article you linked: > If an organization-owned Mac is enrolled in mobile device management (MDM), MDM can remotely manage kernel extensions and software updates. This management...

MDM “RestartDevice” is not a valid request type.

What device model and OS are the target device(s)?

MDM “RestartDevice” is not a valid request type.

Looking at the [metadata for the command](https://github.com/apple/device-management/blob/release/mdm/commands/device.restart.yaml): - The device must not be enrolled with user enrollment - The device must be supervised - The MDM must have ["Allow device...

I upgraded from 1.9 to 1.11

What exactly do you mean by "regenerated"? The device enrollment is tied to the APNs topic, so you have to _renew_ the APNs certificate. If you replace the APNs certificate...

Declarative Management why adding the ManagedAppleID key to an MDM enrollment profile

The ManagedAppleID key is documented (and deprecated) [here](https://developer.apple.com/documentation/devicemanagement/mdm). Declarative Management (DDM) has grown quite a bit since that blog post was written, so some information might be outdated. If you're...

There is issues with send command api to the manage Device

~~The server checks authentication before the request is even decoded.~~ (See below) The basic auth middleware is [added to every API endpoint](https://github.com/micromdm/micromdm/blob/c7e70b94d0cfc7710e5c92be20d4534d9d5a0640/cmd/micromdm/serve.go#L276-L310). [The middleware checks the auth before running the...

There is issues with send command api to the manage Device

@vishalvk78 you're correct; I was mistaken in my first post. go-kit (the toolkit MicroMDM uses)'s version of middleware actually runs middlewares after decoding the request. Which means if the request...

There is issues with send command api to the manage Device

All of the API endpoints follow the same basic path: * decode request * authentication middleware * request processing (using decoded request) For the majority of the endpoints, the initial...

Escape LDAP filter arguments

@BZValoche good catch! You found an edge case that I certainly didn't expect. I believe this issue is fixed in v3.1.3. I've also added a test case for this issue....

Escape LDAP filter arguments

Actually, after further research, this doesn't fully resolve the issue, though it does seem to cover some cases. See this [go-ldap issue](https://github.com/go-ldap/ldap/issues/221). I think this issue would be better resolved...