Sean

Did you get anywhere with this? I'd be surprised if you can't identify and target, all Admins, local Admins or AD Admins as desired with GWMI, since I can do this with my Azure Admins. As suggested, is there not a component that can be used to identify AD Admins? If I look at the PartComponent for a couple of users, the domain is either the local device name or AzureAD. As such, I can use that domain information to choose how to target admins, local or Azure. This will match Azure Admins: Whilst this will match the non-Azure Admins: I could also target local admins with a Match rather than NotMatch with the local device name domain: It therefore comes down to whether AD has a similar output, where Microsoft has one of the components reporting in such a way that identification between AD Admins and Local Admins can be observed with this command.

Not seen this. Does the password contain a variety of special characters? I wonder if one character could mess with the file not working as expected. I would try just Booster settings on a test device and see what happens. If that works, then try and add a password back (just a simplified test password) and apply to another test device If that isn't the reason, then I'd create a ticket with support.

Sure, but is there a component from that list the highlights which users are domain admins as oppose to which are local that could be used to separate them?

FileWave does not run as Administrator, it runs 32bit as System User. If commands produce different output between running either as a different user or bit depth, then that would be a question for Microsoft. To run in the same context as FileWave, please view our KB: https://kb.filewave.com/books/filewave-general-info/page/script-best-practices I don't have a bound device handy, but can this not just be handled in one line as per the example I provided prior? For example, on this device I have two local Admins, but I can use the -NotLike or -NotMatch to remove other entries: Could this not be used more simply to remove those that are Domain Admins? For the local account I see this for one user: Is there not an object that demonstrates it is a Domain Admin that can be used to exclude those Domain Admins?

I might have thought it was an issue with the cached FileWave Central preferences file, but if you see the same thing when you use FileWave Central on any computer or with any FileWave Central account, then that is really odd. I'd recommend raising this with support.

I would recommend, when building out Custom Fields for both Windows and macOS, that the format returned matches. Looking at the scripts, it appears that windows will provide a space separated list, whilst macOS will provide a list with each item on a new line. It comes into its element when using Inventory Queries and differing string formats may come to haunt later on. Set up this way, the above is relying upon FileWave to reformat the newline characters. For example, rather than rely upon FileWave managing my separator, I explicitly define one in my Custom Field script, which in this example provides a comma separated output for both: # Windows $(foreach($line in ((Gwmi win32_groupuser | Where-Object groupcomponent -like '*"Administrators"').PartComponent)){$line.Split('"')[-2]}) -Join "," # macOS /usr/bin/dscl . -read /Groups/admin GroupMembership | awk -F ": " '{ print $2}' | tr " " "," Now, I say that is what my Custom Field is, but I take this a step further. When dealing with multiple pieces of information within the same line, searching for one becomes awkward. Imagine you have users with names that contain other users, e.g. macOS01: root,groot,roo macOS02: root,groot,roopak macOS03 root,roo macOS04 root,roopak Disclaimer: 'I am not Groot', but 'I am Groot'! If it was desirable to find those devices who have an admin whose name is roo, how would you exclude macOS02 or macOS04? With that in mind, consider using a top and tail of the separator also: # Windows $admin_users = $(foreach($line in ((Gwmi win32_groupuser | Where-Object groupcomponent -like '*"Administrators"').PartComponent)){$line.Split('"')[-2]}) -Join "," Write-Host ("," + $admin_users + ",") # macOS /usr/bin/dscl . -read /Groups/admin GroupMembership | awk -F ": " '{ print ","$2","}' | tr " " "," This alters the returned values: macOS01: ,root,groot,roo, macOS02: ,root,groot,roopak, macOS03 ,root,roo, macOS04 ,root,roopak, There is now the option to search for ,roo, and only the correct devices will be found.

For the moment, if it assists... If you hover over the Client Groups you get a pop-up: It informs the direct contents, not contents of sub groups. Rather than exporting, if you select devices, you can choose to make clones and choose a group to add those clones into: Once dropped into the group, you could use the same above feature to see the count list, then either choose to keep or delete this group afterwards. You may select one or more devices and choose to alter a Custom Field value. In the same way, you could select the devices chosen, set a Custom Field and use that as either Smart Group criteria or an Inventory Query to observe the devices. Queries immediately show the quantity of devices, both in the side bar and in an observed query tab header

Also, what do you see if you right click on a device and choose 'Set Permissions'. Is Delete an option?

The Delete button is always there also. I'd raise a ticket with support, this is not normal.

Not sure I understand correctly, whether you wish to have something instal using Kiosk and whilst installing a message would appear to the user or if you want to inform the user that something new is in the Kiosk or something otherwise. Hopefully the following will cover you. You can use the following bat script to present a message to users: %windir%\Sysnative\msg * /TIME:100 Party Time Details on MSFT website: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/msg

If you have a file in the following location within a Fileset, it should appear on the Desktop for all users once they have accepted the installation from Kiosk. The below image is for a Windows 11 device, where the path is 'C:\Users\Public\Desktop', unlike a Windows 10 device which is 'C:\Users\Public\Public Desktop'(or is it!). You could of course add the file to the relative path for each OS within the Fileset, but by using the above Documents and Settings special folder, FileWave will do the necessary work for you to ensure it is in the correct location for both Windows 11 and Windows 10. Windows 11 from the above screenshot Fileset: Windows 10, from the above screenshot Fileset (notice the difference between Properties and Explorer): The special Documents and Settings Folder in FileWave has you covered for all of this.

IT is currently aware of an issue with Keycloak - SSO and they are looking into it now. We apologize about the inconvenience. It will prevent you from authenticating to Foundry, Support, Alliance Forums or anything else that uses SSO.

Open up the properties of the Fileset and from the Kiosk tab select Documents as a Category, then in the association, open up the association and ensure Kiosk is selected.

Something for support to look at for you.

Do you see the same thing if you try with a different computer or a different computer user account on the same computer?

Not gone: This sounds like you are using an account that doesn't have permissions to delete this or more clients.

Right, once the enrolment profile is removed, anything installed via MDM is potentially removed. All managed profiles will be removed, but VPP Apps are a case by case. Each VPP Fileset has the following setting: But, there is also developer choice involved here, since the licence for the App will no longer be available. The experience at this point is then actioned by the settings the developer applied to the App, which could be anything from not caring and the App still working, to prompts, etc. Clearing the certificates would prevent conflicts; the conflict occurs because there is an active record and a device with enough matching criteria checks in with the same details, but is lacking the dedicated client certificate that is currently stored in the DB.

If any of you had an issue with discord unexpectedly quitting from 5th Oct, it was due to an incorrectly submitted update. The developers have patched this. You can get around this though, since it only impacts ARM devices. Select Discord and Get Info Choose the option to 'Open using Rosetta' Open Discord It will run the update to pull the latest patch and should now open Quit the App Untick the option to 'Open using Rosetta You should now see Discord open as expected without Rosetta'

When a MDM enrolled device is archived, a command to remove the enrolment profile is sent to the device. There is no equivalent to MDM re-enrol when a device is re-instated, so any MDM enrolment will need to be re-actioned.

Think of the Client view as a live dashboard. The database that contains this information is actually different therefore from Inventory. As such, it is not available in Inventory Queries. However, you can add any Inventory items to the Client view. I'd therefore recommend using an Administration Custom Field to populate the desired comment, rather than the Comments field, and add this Custom Field to the Client view. It is then both available from the Client view and also as an Inventory item. Comments existed before the extensive Custom Fields were available, but now that the Custom Fields exist in this form, the Comments field isn't really required anymore.

I've altered the Fileset and moved the trigger to a hidden file. Whilst doing this, I amended the script so that the default block version is an older version. There should never be the instance that the file is not there to supply a version, so this would be unexpected, hence blocking an older version as an error capture. The version that was in the KB would trigger the user warning if the script was to be changed; that shouldn't happen anymore.

Doesn't matter. The script 'if' block is just there in case the value is empty, but the value shouldn't actually ever be empty, the plist should always have a value. By all means alter it as you desire, but as suggested it should never be read. The example shows how you can manipulate the script with the plist to define the minimum version regardless.

Although possible, this is in no way Black and White (I thank you. I am available for Weddings and Christenings). There is more than one way to achieve this and none of them are simplistic and will be unique (definitely by Vendor and likely also by printer model). I have had to do this though in the past, when working for a Publishing Company and also do this on home devices (but the methods between these differed). For a method outline (you'd need some PS time if you wanted something actually more precise and built out): I have a Fileset Group: We have the PKG a Fileset of some files and then Profiles. Fileset of files contains: The plist was pre-configured on a single device and once the Printer was configured as desired the file copied out. The top of the file looks like: % /usr/libexec/PlistBuddy -c "Print" '/Users/sholden/Desktop/com.apple.print.custompresets.forprinter.HP_ENVY_5640_series___mini.plist' Dict { com.apple.print.lastPresetPrefType = 4 com.apple.print.lastPresetPref = Draft Plain Double Sided com.apple.print.customPresetNames = Array { Draft Plain Double Sided } Draft Plain Double Sided = Dict { com.apple.print.preset.id = Draft Plain Double Sided As such we have a definition of a saved setup called 'Draft Plain Double Sided'. To highlight a couple of entries within this file: HPPenConfig = black-and-color HPGrayscaleMode = black-only Similarly with the printers.conf: The start_cups script: #!/bin/zsh launchctl start /System/Library/LaunchDaemons/org.cups.cupsd.plist lpadmin -p "HP_ENVY_5640_series___mini" -L "Ground Floor Reception" -E -v "dnssd://HP%20ENVY%205640%20series%20%40%20mini._ipps._tcp.local./?uuid=00b5475a-db72-3fa7-4812-dd55944a873b" -P /Library/Printers/PPDs/Contents/Resources/"HP ENVY 5640 series.ppd.gz" 2>/dev/null The stop just has just the launchctl line, but with stop instead of start So we have the files built out and a way to stop and start cups, we then have a Profile: We can see that the last preset pref is referencing the name of the definition from within the supplied plist. This is one method. Other methods could be achieved using a CUPS server and pre-defining items server side, but that might still end up requiring editing of local files. Hope this helps!

FileWave Anywhere needs to be written more explicitly, as it is in Central: In fact, even if you choose an App that exists in the list, in the background it is always Bundle Identifier. NotificationSettings = Array { Dict { BadgesEnabled = true ShowInCarPlay = true ShowInLockScreen = true AlertType = 1 GroupingType = 0 CriticalAlertEnabled = true SoundsEnabled = true BundleIdentifier = com.microsoft.teams PreviewType = 0 NotificationsEnabled = true ShowInNotificationCenter = true } Dict { ShowInLockScreen = true DisplayName = Apple Books NotificationsEnabled = true CriticalAlertEnabled = true AlertType = 1 AppType = System App BadgesEnabled = true SoundsEnabled = true ShowInCarPlay = true BundleIdentifier = com.apple.iBooks ShowInNotificationCenter = true PreviewType = 0 GroupingType = 0 } } Hence, if the App does not show in the list, you must enter the Bundle ID of the App. Using FileWave Central, you can choose to export any payload. As such, creating a profile of any App that did already exist in the list and then choosing to export it, helps highlight what is expected. I would have expected both our support to work out it is Bundle ID if they didn't already know and Apple support to have been able to mention it needs to be Bundle ID, so sorry for that. However: Before: After: Also be aware, when you search using FileWave Central, this will query the App Store: The Bundle ID shown here is the one from the App Store: Teams on the App Store is iOS only, so this is the iOS App Bundle ID, not the macOS one. If you are unsure of the ID, you can always find this out from a device which has the software installed, either locally from the device or from FileWave; either using a query or from the device info: Device: Query:

KBs updated for macOS 14 and iOS 17 compatibility: https://kb.filewave.com/books/macos/page/macos-14-compatible-devices-custom-field https://kb.filewave.com/books/ios-ipados/page/ios-17-compatible-devices-query