Sharing What We’ve Learned

This post is a companion to a workshop delivered with Anthony Reimer. Included is a list of links to additional resources.

Slack signup:

Jamf Nation :

Email Lists :!forum/munki-dev!forum/munki-discuss!forum/autopkg-discuss

GitHub :

Presenting :

Blogging :

Vaughn’s web site :
Anthony’s web site :

Git and Text Editor Notes for Windows 10

This post is just some notes to remind me how I like to setup a Windows 10 machine for editing scripts.


Install and configure Git
First step, install Git. Download the git installer. After downloading, run the installer and accept the default settings.

Then add posh-git for Powershell :
Open a Powershell window “as Administrator” and execute the following :

set-ExecutionPolicy bypass
git clone git://
cd posh-git


Install and configure Sublime Text
Start by downloading and installing Sublime Text. Accept the default settings during installation.

Next, we want to be able to launch Sublime Text from the command line. To do this we need to make some changes to our environment variables.

First create a new system variable with a name of SUBLIME and a value of C:\Program Files\Sublime Text 3

Add a system variable named SUBLIME and set the value to the path to Sublime Text

Next, Edit the user variable Path and append ;%SUBLIME% to the end.

Now we can simply use subl.exe to launch the editor from a command line.

I like to add some packages to Sublime Text to make it more useful. To do this, first install Package Control. To do this, visit the Package Control site and follow the instructions.

After installing package control, we can install some packages. Open Sublime Text and press Ctrl-Shift-P. Start typing install into the search box and choose Package Control: Install Package You can now search for useful packages. I like to install support for Powershell and VBScript.


Reference Links

Building a Signed Package with The Luggage

Recently I wanted to be able to sign a package that I was building with The Luggage.

Since The Luggage is calling pkgbuild to build the package, I took a look at the pkgbuild documentation and determined that the following argument was needed :
--sign "Common name of signing cert"

The question then became : how to add this to my Makefile? Taking a look at luggage.make I saw that PB_EXTRA_ARGS is the variable used to contain the arguments for the pkgbuild command.

To add my signing argument, I simply added this line :
PB_EXTRA_ARGS+= --sign "Developer ID Installer: John Doe (ID12345678)"
This appends my –sign argument to the list of pkgbuild arguments and can be placed anywhere after the statement that includes luggage.make.

Enabling Syntax Highlighting for vim in Mac OS X

Mac OS X ships with the vim editor, which supports syntax highlighting.  By default, however, syntax highlighting is not turned on.  Fortunately it is not hard to enable it.

Settings for vim are controlled by two files, one controlling settings globally and the other controlling settings for the user.  /usr/share/vim/vimrc is the file that will control the global settings.  changes made to this file will affect all users of the machine. On a new build of 10.9, here is what the file contains :

" Configuration file for vim
set modelines=0 " CVE-2007-2438

" Normally we use vim-extensions. If you want true vi-compatibility
" remove change the following statements
set nocompatible " Use Vim defaults instead of 100% vi compatibility
set backspace=2 " more powerful backspacing

" Don't write backup file if vim is being called by "crontab -e"
au BufWrite /private/tmp/crontab.* set nowritebackup
" Don't write backup file if vim is being called by "chpass"
au BufWrite /private/etc/pw.* set nowritebackup

The file for controlling vim settings for the user is ~/.vimrc By default, this file does not exist. To turn on syntax highlighting, we can simply create a text file by that name and add this line :

syntax on

vim will now use syntax highlighting the next time a file is opened. But what if you don’t care for the default color scheme? We can set the color scheme by adding a second line to the .vimrc file like so :

syntax on
colo desert

My favorite color scheme is desert, I find it works nice with my preferred Terminal color scheme (Homebrew). To see what color schemes ship with Mac OS, look at /usr/share/vim/vim73/colors The .vim files in this directory are the color schemes. Just try different ones by changing the .vimrc file and find the one you like best.

Powershell Script to Query for Bitlocker Keys in Active Directory

In my organization, we are using Bitlocker to encrypt Windows 7 computers. We are storing the recovery keys in Active Directory, this stores the key as an attribute of the computer object. I recently wanted to generate a report of the bitlocker status of the computer objects in AD. I found out I could do this pretty easily in Powershell, and thought I would document that here.  My inspiration for this script came from this Technet Gallery script

To start, we need the Quest ActiveRoles Management Shell for for Active Directory.   This is available for free from Quest and can be downloaded from here.  This should be downloaded and installed on the workstation that is going to be used to run the script.  With this installed, we are ready to take a look at the script.

# Check to make sure the path has been specified otherwise display a message and exit the script
if (!$CsvFilePath) {
Write-Host ""
Write-Host "Path not not specified!"
Write-Host "Please specify the path for the output as a parameter e.g. : "
Write-Host ".\Get-BitlockerComputerReport.ps1 """c:\reports\BitlockerReport.csv""""

Continue reading

More on Displaying the Bitlocker Wizard with Windows 8 and MDT 2012 U1

I a previous post, I detailed how to get the Bitlocker wizard page to appear when deploying Windows 8 pro.

I recently confirmed another case where the wizard does not show up. I became aware of this thread on Technet because another user linked to my previously mentioned blog post.

I was able to confirm after a bit of testing, that when using the Windows 8 Enterprise evaluation media, MDT does not show the Bitlocker wizard page. At this point, I am not sure of the reason for this.