Settings Managed by WKU ITS

The Migration Assistant app is pre-loaded by Apple and intended for personal setups, allowing a user to copy content, including system settings, from an old Mac to a new one. In an Enterprise environment, this can cause unexpected and undesired behavior. As such, managed Macs have been configured to prevent the app from opening.

This feature allows a user the convenience of using their WKU account password for logging into their computer, or to set a separate password.

macOS Ventura introduced a feature that gives users more control over what apps load at startup, which can be found in System Preferences > General > Login Items. There are a few items WKU ITS requires to be loaded to ensure the computer interacts with our environment properly:

• Addigy, Inc: utility that ensures a Mac stays in contact with our MDM
• bash (com.github.grahampugh): script that displays a message when a system update needs to install
• Cisco, Cisco Secure Client (Team Identifier: DE8Y96K9QP): VPN connection to WKU's network when working remotely
• Google Updater: utility that ensures the Chrome browser stays up-to-date
• Microsoft AutoUpdate, Microsoft Corporation, Microsoft Office Licensing, Microsoft OneDrive, Microsoft Teams (Team Identifier: UBF8T346G9; com.microsoft): ensure the Office suite, OneDrive, and Edge browser stay up-to-date
• Mosyle Corporation: connection to WKU's device management (MDM) provider, ensuring the computer can communicate to the MDM
• Renew.sh: script that displays a reminder to restart periodically
• SAP SE (Team Identifier: 7R5ZEU67FQ; corp.sap.privileges.helper): ensures the Privileges app can elevate a standard user to admin when requested
• Support (Team Identifier: 98LJ4XBGYK): an app that loads at login in the Apple bar that provides computer information and links to WKU ITS services
• zsh (edu.wku.aap): script that checks for and applies updates for apps installed on the computer

Prevents accessing the Erase All Content and Settings function in System Preferences/System Settings without approval from ITS.

This will display a reminder to restart the computer, if it has not been restarted/shutdown for 15 days.

This customizes the Support app in the Apple bar to link to WKU ITS support.

In the event any Adobe product is installed, or gets installed, this ensures that they can access any needed files and folders to work properly.

BeyondTrust is the software leveraged for Remote Assistance when contacting WKU ITS. This setting ensures it will allow the support technician to see, share, and interact with your computer.

This ensures that the Chrome browser can access any needed files and folders to work properly.

In the event the DropBox app is installed, this ensures that it can access any needed files and folders to work properly.

This grants the OneDrive app access to all files on the computer.

This setting:

• allows apps to be installed from the Mac App Store, as well as apps downloaded from the internet--as long as the app was created by a developer verified by Apple.
• requires authentication to unlock/wake the computer.
• allows unlocking the computer with an Apple watch
• allows you to change the computer account password
• enables FileVault for disk encryption
• enabled the built-in Firewall

This customizes the Login Window to display information about the computer and lets you click your computer account instead of typing in the account username.

These ensure our device management system can perform background tasks, e.g. syncing information/settings between it and the computer, and display messages when interaction is needed.

Displays a periodic reminder when an account has administrator rights to return to standard rights.

This allows the SwiftDialog app to use system notifications for displaying messages.

This periodically runs the AppAutoPatch script that checks for and applies updates to apps installed on the computer.

Cisco Secure Client is the software used for connecting to WKU's network while working remotely. This setting ensures it can access any needed files and folders to work properly.

This setting makes internal, external, and connected network drives appear on the desktop by default.

Ensures our management system is able to interact properly with devices.

These settings ensure the computer's firewall is turned on, GateKeeper is enabled, and XProtect stays updated.

Binds macOS devices to our local Active Directory server, allowing users with a NetID to log into the machine without an account being created for them beforehand. Requires the machine to be on a wired connection on WKU’s network. Intended for multi-user scenarios, as binding is no longer recommended by Apple for 1:1 assignments.

Defines that apps can be installed from the Mac App Store and from internet sources; requires password prompt once the computer sleeps or starts the screen save; enables the computer’s firewall; intended for scenarios where a machine is used by multiple people.

The login screen includes a “Guest User” option; intended for computers used by departments that provide temporary computer access.

The login screen shows text field prompts for username and password; if the computer is on WKU’s network with a wired connection, a person can enter their NetID and password to gain access to the computer; intended for student worker computers and other scenarios where a machine is used by multiple people.

Prevents accessing multiple sections of System Preferences/System Settings on TopperTech Loaner machines.

Prevents accessing Recovery Mode on Apple Silicon Macs without approval from ITS.