Directed by Joseph Pevney. With William Shatner, Leonard Nimoy, DeForest Kelley, William Schallert. To protect a space station with a vital grain shipment, Kirk must deal with Federation bureaucrats, a Klingon battle cruiser and a peddler who sells furry, purring, hungry little creatures as pets. Abstract Recently an excellent specimen of the horntail trilobite was collected at McGregor by Miss Florence S. Chapin a member of the geology field class of the McGregor Wild Life School. This fossil is so rarely found in other than fragmentary condition in Iowa that any well-preserved specimen deserves to be recorded and illustrated. NOTE: To download Mavericks for a new install, you need to be already running Mac OS X 10.6.8 (Snow Leopard) or a newer 10.7, or 10.8 version, so that you have the App Store. It would help if we knew what version of Mac OS X your current running, and what Mac you are using? The maximum version of Mac OS X, OS X, or macOS supported by each G3 and later Mac follows. For complete specs on a particular system, click the name of the Mac. For all Macs that are compatible with a specifc maximum supported version of Mac OS X - courtesy of EveryMac.com's Ultimate Mac Sort - click the OS of interest.
-->Use shell scripts to extend device management capabilities in Intune, beyond what is supported by the macOS operating system.
Note
Rosetta 2 is required to run x64 (Intel) version of apps on Apple Silicon Macs. To install Rosetta 2 on Apple Silicon Macs automatically, you can deploy a shell script in Endpoint Manager. To view a sample script, see Rosetta 2 Installation Script.
Ensure that the following prerequisites are met when composing shell scripts and assigning them to macOS devices.
#!
and must be in a valid location such as #!/bin/sh
or #!/usr/bin/env zsh
.Sign in to the Microsoft Endpoint Manager Admin Center.
Select Devices > macOS > Scripts > Add.
In Basics, enter the following properties, and select Next:
In Script settings, enter the following properties, and select Next:
In Scope tags, optionally add scope tags for the script, and select Next. You can use scope tags to determine who can see scripts in Intune. For full details about scope tags, see Use role-based access control and scope tags for distributed IT.
Select Assignments > Select groups to include. An existing list of Azure AD groups is shown. Select one or more user or device groups that are to receive the script. Choose Select. The groups you choose are shown in the list, and will receive your script policy.
Note
In Review + add, a summary is shown of the settings you configured. Select Add to save the script. When you select Add, the script policy is deployed to the groups you chose.
The script you created now appears in the list of scripts.
You can monitor the run status of all assigned scripts for users and devices by choosing one of the following reports:
Important
Irrespective of the selected Script frequency, the script run status is reported only the first time a script is run. Script run status is not updated on subsequent runs. However, updated scripts are treated as new scripts and will report the run status again.
Once a script runs, it returns one of the following statuses:
You can collect device logs to help troubleshoot script issues on macOS devices.
The following items are required to collect logs on a macOS device:
Sign in to the Microsoft Endpoint Manager admin center.
In Device status or User status report, select a device.
Select Collect logs, provide folder paths of log files separated only by a semicolon (;) without spaces or newlines in between paths.
For example, multiple paths should be written as /Path/to/logfile1.zip;/Path/to/logfile2.log
.
Important
Multiple log file paths separated using comma, period, newline or quotation marks with or without spaces will result in log collection error. Spaces are also not allowed as separators between paths.
Select OK. Logs are collected the next time the Intune management agent on the device checks in with Intune. This check-in usually occurs every 8 hours.
Note
/Library/Logs/Microsoft/Intune
and ~/Library/Logs/Microsoft/Intune
. The agent log file-names are IntuneMDMDaemon date--time.log
and IntuneMDMAgent date--time.log
.LogCollectionInfo.txt
.Log collection may not be successful due to any of the following reasons provided in the table below. To resolve these errors, follow the remediation steps.
Error code (hex) | Error code (dec) | Error message | Remediation steps |
---|---|---|---|
0X87D300D1 | 2016214834 | Log file size cannot exceed 60 MB. | Ensure that compressed logs are less than 60 MB in size. |
0X87D300D1 | 2016214831 | The provided log file path must exist. The system user folder is an invalid location for log files. | Ensure that the provided file path is valid and accessible. |
0X87D300D2 | 2016214830 | Log collection file upload failed due to expiration of upload URL. | Retry the Collect logs action. |
0X87D300D3, 0X87D300D5, 0X87D300D7 | 2016214829, 2016214827, 2016214825 | Log collection file upload failed due to encryption failure. Retry log upload. | Retry the Collect logs action. |
2016214828 | The number of log files exceeded the allowed limit of 25 files. | Only up to 25 log files can be collected at a time. | |
0X87D300D6 | 2016214826 | Log collection file upload failed due to zip error. Retry log upload. | Retry the Collect logs action. |
2016214740 | The logs couldn't be encrypted as compressed logs were not found. | Retry the Collect logs action. | |
2016214739 | The logs were collected but couldn't be stored. | Retry the Collect logs action. |
You can create custom attribute profiles which enable you to collect custom properties from managed macOS device using shell scripts.
Sign in to the Microsoft Endpoint Manager Admin Center.
Select Devices > macOS > Custom attributes > Add.
In Basics, enter the following properties, and select Next:
In Attribute settings, enter the following properties, and select Next:
Additional details:
Note
When using Date
type attributes, ensure that the shell script returns dates in ISO-8601 format. See the examples below.
To print an ISO-8601-compliant date with time-zone:
To print an ISO-8601-compliant date in UTC time:
In Assignments, click Select groups to include. When you choose Select groups to include an existing list of Azure AD groups is shown. Select one or more user or device groups that are to receive the script. Choose Select. The groups you choose are shown in the list, and will receive your script policy. Alternatively, you can choose to select All users, All devices, or All users and all devices by selecting one of these options in the dropdown box next to Assign to.
Note
In Review + add, a summary is shown of the settings you configured. Select Add to save the script. When you select Add, the script policy is deployed to the groups you chose.
The script you created now appears in the list of custom attributes.
You can monitor the run status of all assigned custom attribute profiles for users and devices by choosing one of the following reports:
Important
Shell scripts provided in custom attribute profiles are run every 8 hours on managed Macs and reported.
Once a custom attribute profile runs, it returns one of the following statuses:
There could be several reasons:
/Library/Intune/Microsoft Intune Agent.app
on the macOS device.Script run status is reported to Microsoft Endpoint Manager Admin Console as soon as script run is complete. If a script is scheduled to run periodically at a set frequency, it only reports status the first time it runs.
A script is run again only when the Max number of times to retry if script fails setting is configured and the script fails on run. If the Max number of times to retry if script fails is not configured and a script fails on run, it will not be run again and run status will be reported as failed.
Your assigned-intune role requires Device configurations permissions to delete, assign, create, update, or read shell scripts.
The Microsoft Intune management agent is necessary to be installed on managed macOS devices in order to enable advanced device management capabilities that are not supported by the native macOS operating system.
The agent is automatically and silently installed on Intune-managed macOS devices that you assign at least one shell script to in Microsoft Endpoint Manager Admin Center. The agent is installed at /Library/Intune/Microsoft Intune Agent.app
when applicable and doesn't appear in Finder > Applications on macOS devices. The agent appears as IntuneMdmAgent
in Activity Monitor when running on macOS devices.
On a managed Mac that has the agent installed, open Company Portal, select the local device, click on Check settings. This initiates an MDM check-in as well as an agent check-in.
Alternatively, open Terminal, run the sudo killall IntuneMdmAgent
command to terminate the IntuneMdmAgent
process. The IntuneMdmAgent
process will restart immediately, which will initiate a check-in with Intune.
Note
The Sync action for devices in Microsoft Endpoint Manager Admin Console initiates an MDM check-in and does not force an agent check-in.
There are several conditions that can cause the agent to be removed from the device such as:
When a Mac with assigned scripts is no longer managed, the agent is not removed immediately. The agent detects that the Mac is not managed at the next agent check-in (usually every 8 hours) and cancels scheduled script-runs. So, any locally stored scripts scheduled to run more frequently than the next scheduled agent check-in will run. When the agent is unable to check-in, it retries checking in for up to 24 hours (device-awake time) and then removes itself from the Mac.
To turn off usage data sent to Microsoft from the Intune management agent, open Company Portal and select Menu > Preferences > uncheck 'allow Microsoft to collect usage data'. This will turn off usage data sent for both the agent and Company Portal.
When you deploy shell scripts or custom attributes for macOS devices from Microsoft Endpoint Manager, it deploys the new universal version of the Intune management agent app that runs natively on Apple Silicon Mac machines. The same deployment will install the x64 version of the app on Intel Mac machines. Rosetta 2 is required to run x64 (Intel) version of apps on Apple Silicon Macs. To install Rosetta 2 on Apple Silicon Macs automatically, you can deploy a shell script in Endpoint Manager. To view a sample script, see Rosetta 2 Installation Script.