Managing Windows Processes Through PowerShell

March 26th, 2014 by Charles Edge

You can use the get-process and stop-process commandlet lets to manage troublesone issues in Windows Server. In the following example, we’ll use the get-process commandlet to obtain some information about the Store.exe process, which is causing our server to run poorly:

get-process Store*

Which returns the following:

Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
221 8 -871013 -1941127 -13 43.67 1234 Store

Here, you see the process ID and can kill the process using the stop-process command let:

stop-process -id 1234

You can then start the process back up if needed:

start-process Store.exe -verb open

We Love The AFP548 Podcast

March 7th, 2014 by Charles Edge

Archion Management In AVID Unity Environments

March 6th, 2014 by Charles Edge

Archion SATA to fibre channel arrays are very similar to most other SATA to fibre arrays except Archion units are optimized for Avid Unity use. They are typically sixteen drive units which come preconfigured as three 5 drive RAID-5 sets with one spare. Each RAID-5 set is divided up into four logical drives which are approximately the size of the physical drives (obviously) so that the Unity thinks it is dealing with real individual drives.

Certain organizations (Keycode, most notably) disable SMART checking and auto-replacement of failing drives. When working on an Archion, this is the first thing to check and to reenable. Avid Unity systems can drop all clients and the File Manager can stop operating if a persistently failing drive which causes pauses during access of failing blocks continues to be used.

Like most other SATA to fibre channel arrays, Archion units also support sending alerts via SMTP. This should also be configured so that any warnings or failures can be handled as soon as possible after an event occurs.

The drives are numbered going across from one through sixteen. RAID set 1 would be drives one through five, RAID set 2 would be six through ten, RAID set 3 would be eleven through fifteen, and drive sixteen would be the spare. You can generally gauge the amount of time an Archion has been in use based on how many drives are no longer in the proper order. As drives fail and the spare gets used, the replaced drive becomes the spare, so after a few years the numbering will be quite inconsistent.

Since Avid Unity SANs are typically used 24/7, it may not be feasible to ask everyone to stop working to bring the File Manager down. Hot swapping a failed drive should work, but File Manager will fail if a certain number of I/O operations get queued without being dispatched. In order to minimize the possibility of File Manager failing, it is recommended to attempt hot swap of the failed drive when Unity activity is relatively quiet. This is much more true if a drive which needs to be replaced is in an active RAID set since the rescan of the drives will result in the automatic rebuild of that RAID set.

The Archion has a Java based GUI which is accessible through a web browser. The default IP address for an Archion is 192.168.1.123 (which is based on Avid Unity defaults in the 192.168.1.0/24 subnet). Additional Archion units will have addresses right above 123.

The default password is 00000000 (eight zeros). After logging in you will typically want to check the event log, check the SMART status of all drives, wait until the Unity is relatively idle, swap the failed drive, then check the event logs to make sure everything happened as planned.

Due to the fact that rebuilding a RAID set reads every block on every disk in that set, it is recommended that SMART status be checked and the event log checked again after the rebuild is finished. If the failed drive is replaced after the array has had time to finish rebuilding, then the checks while swapping the drive suffice.

Archion units generally do not require manual intervention when swapping drives. Like most other arrays, the unit will sound an annoying alarm when a drive fails and show a red LED on the drive which has failed. When you replace the failed drive with a new drive, the unit will automatically turn that drive into the hot spare without any intervention.

It is recommended to log in and check the status during and after swap simply to ensure that the array which was rebuilding as a result of the failed drive has had no errors or warnings during rebuild. It is entirely possible that exercising the drives during rebuild can cause another drive to begin to fail or to fail. Checking the event log after the rebuild has completed is always recommended.

Upgrade Lifesize Video Conferencing Units

March 5th, 2014 by Charles Edge

Updating a Lifesize Head Unit requires Internet Explorer on Windows with Flash installed. To run the update, first login to www.lifesize.com to download updates. From here, click on Support and then Software Downloads. Then click on the serial number of your unit and choose the file to download from the column on the right.

Once downloaded, login to the Head Unit using the IP address and password (by default the password for a Lifesize is 1234. Once downloaded, click on the Maintenance Tab on the right and select System Upgrade. Browse to your update (which is a .cmg file) and then click on the Upgrade button. Now wait until the unit restarts and test a connection.

Setting up iMedica

March 1st, 2014 by Charles Edge

iMedica is an Eletcronic Health Record (”EHR”) Electronic Data Interchange (”EDI”) used for Partner Relationship Management (”PRM”). It is used in the health industry to manage front and back office activities that occur in regular medical business. It utilizes SQL Databases, Active Directory authentication, and streamlined OCR input.

Note: The following assumes that the server is already setup as a DC, and ALL workstations have already been joined to the domain.

Non-Cache Clients are clients that will constantly be in communication with the iMedica server when iMedica is running on the client. To use non-cached clients, first verify users can log onto the machine using Active Directory account. Cache Clients require MSDE or MS SQL Server Personal with Enterprise Manager.

Once all requirements have been completed, an iMedica tech will need access to the server. Create ANOTHER account, with admin privledges. Call iMedica, or follow schedule, and they will install the iMedica software on the server REMOTELY. This will take about 4-5 hours. Once the server is ready, the workstations will need to be configured to communicate with iMedica with the iMedica client.

The iMedica technician who installed the Server portion, should e-mail the client a list of how to install the iMedica client, and attach the appropriate databases to the client. Please keep in mind that THIS NEEDS TO BE DONE FOR EACH USER THAT WILL BE USING A COMPUTER. So, if there’s a windows computer that will have 5 nurses logging in with their AD credentials, then you need to install the iMedica client 5 TIMES under each user account. The user accounts DO NOT need to be local administrators.

The following needs to be completed WITH a local administrator account:

  • Go to “\\servername\imedica_install\PreInstall_items\tabletPCRuntime” and run setup.exe
  • Go to “\\servername\imedica_install\PreInstall_items\Tablet PC SDK 1.7” and run setup.exe

Client Setup: Initially Installing and Configuring the Client:

  • Go to “\\servername\imedica_client_install\” and run iMedica.Prm.Client.exe
  • After it is installed, it will automatically open. Once it is open, do the following:
  • Click on “Advanced >>”
  • Click on the magnifying glass that has now revealed itself below the “Advanced >>” button
  • Click “New”
  • You will now create 2 database connections. One to the Production Database, and another to a Training Database.
  • Production Database
  • Fill out the fields as follows: ID:
  • Enter the “Dr.s initials”-DB
  • Enter the NAME: “Dr’s name” -Server PRM
  • Enter the Application Server: “servername” (ex. this-server)
  • Enter the SQL Server: “servername”
  • Enter the DATABASE: PRM
  • Click “OK”
  • For the training Database fill out the fields as follows:
  • Enter the ID: Training
  • Enter the NAME: Training DB
  • Enter the Application Server: “servername” (ex. this-server)
  • Enter the SQL Server: “servername”
  • DATABASE: PRMTraining
  • Click “OK”
  • Highlight the “Training” database, and click “OK”
  • Remove the checkmark from the box labeled “Use Windows login user”
  • Login with the imedica admin credentials that you created during server prep/setup.

A successful configuration will allow you to login to the program without any errors. For the client setup, follow Steps 1-2 (a,b, &c), 7-9 from Stage 2: Phase B. You will need to login as each user on the computer and initiate the install. Ignore steps 3-6 from Stage 2: Phase B since the computer has already made the connection.

There can also be two types of scanners in an iMedica deployment. One will be a “card scanner” for Driver’s Licenses, and Insurance Cards. The Second will be a multiplex multiple page scanner for medical records. To setup the scanners:

  • Determine which workstation will be the “card scanner” and which will be used for “medical records”. There doesn’t have to be anything special with the workstations other than the workstaions having been prepped for iMedica, and already having iMedica installed.
  • Connect the card scanner to the workstation.
  • Login to the workstation using an administrator account
  • Insert the CD that the card scanner came with.
  • Install the drivers automatically from the CD.
  • Go to Control Panel -> Scanners and doubleclick on it.
  • Proceed as if you were going to scan, it will now ask to calibrate.
  • Place in a black and white paper (the scanner should have came with “calibration papers”) in the scanner.
  • Run calibration, and close the scanner dialogue box.
  • Login as a user that will be using iMedica on the card scanner workstation
  • Login to iMedica using the Training Database.
  • Click on “Find Patient”
  • Click the patient’s name
  • On the new window, click on the patient’s name again.
  • Wait about 30 seconds for the “Driver’s License Number” to become a hyperlink.
  • Click on the “Driver’s License Number” hyperlink.
  • Click on Import
  • Place anyone’s driver’s license into the scanner (picture first face down)
  • Choose “CSSN Driver License Import”
  • It will now have the Driver’s License scanned in. Click OK.
  • The driver’s license information is now bound into the patient’s information, the picture tied to the patient’s profile, and all of the info from the driver’s license OCR’d into the appropriate fields into iMedica.

To install the medical record scanner:

  1. Connect the card scanner to the workstation.
  2. Login to the workstation using an administrator account
  3. Insert the CD that the card scanner came with.
  4. Install the drivers automatically from the CD.
  5. Go to Control Panel -> Scanners and doubleclick on it.
  6. Proceed as if you were going to scan, it will now ask to calibrate.
  7. Place in a black and white paper (the scanner should have came with “calibration papers”) in the scanner.
  8. Run calibration, and close the scanner dialogue box.
  9. If calibration is not available, that’s OK.
  10. Some scanners will not have that available.

Once this has been done, iMedica has now been rolled out. All that’s left is training and possible transfer of data from the old records system to the new one, which will be done with iMedica themselves.

When a new employee arrives, they will need to have an account in Active Directory, and have iMedica installed on EVERY worksation that the user will have to possibly work at. When a new workstation is purchased, the installation steps from earlier will have to be followed to prep the workstation and add the users.

Checking ClamAV Logs

February 20th, 2014 by Charles Edge

As with all Antivirus packages, we should be checking logs routinely. The following steps basically lay out what to do:

1. Log into servers

2. There are 3 log files we are concerned with:

  • /var/log/clamd.log – this is the sytem log for CLAM-AV
  • /var/log/freshclam.log – this is the log for update definitions for CLAM-AV
  • /var/log/clamscan.log – this is the weekly output of the Clam AV scheduled scan log file

3. To read the log files perform the following commands with elevated privileges:

  • a. Cat /var/log/clamscan.log – each weekly scan is separated by a complete line of ‘—-‘
  • b. Cat /var/log/freshclam.log – make sure that Clam-AV is using a current virus definition database, and no errors are occurring
  • c. Cat /var/log/clamd.log – confirm there are no errors causing the service to crash

4. The Virus Scans are scheduled to run every Saturday at 3am every week.

5. ClamAV only supports virus definition updates to be installed up to 3 previous versions of ClamAV. Freshclam will show if the current ClamAV is out of date. To update ClamAV follow the instructions here:

http://wiki.clamav.net/Main/UpgradeInstructions

Switching Tapes with Tandberg and Backup Exec

February 15th, 2014 by Charles Edge

In this example article, we’ll use a standard Tandberg, running Backup Exec. The Library is called “Exabyte 001″ in Backup Exec in this example. To switch tapes:

1. Open Backup Exec
2. Go to Devices
3. Click on Exabyte 001
4. Right click on Exabyte 001 and select ‘Unlock’
5. Physically go to the Tandberg unit
6. There are two buttons on the right. Press the bottom right button.
7. Remove the autoloader on the right.
8. Remove the appropriate number of tapes from the autoloader and place the appropirate number of tapes into the library.
9. Slide the autoloader into the Tandberg Unit
10. The Tandberg Unit will inventory the tapes
11. Re-inventory the tapes in Backup Exec by right clicking on Exabyte 001 and selecting Inventory.

NOTE: If they are all new tapes, the goal is to ensure that they all report as Blank Media instead of Unknown media. The tapes are barcoded.

Should there be a server error (or stuck tape) in the Tandberg, follow these steps:
1. Stop all of the Backup Exec services.
2. Remove the two screws from the Tandberg tape library. Both screws are in the rear of the device, one at the bottom corner of each side (Not the screws that are screwed into the rack holes that are furthest outside).
3. Shutdown Tandberg by switching power switch to 0 on power supply at the rear of the device
4. Go to the front of the Tandberg and gently pull out the whole device about 5 inches.
5. Look at each side of the library. You’ll see a hole centered between the top and bottom of the side that’s stretched out from top to bottom.
6. Get a long tool (flat head scredriver, or small screwdriver) and stick it in the hole, starting from the bottom. Use your tool to pull up, catching the internal lever, that releases the magazine. Do this on each side of the Tandberg.
7. Remove both magazines.
8. Check to see if there are tapes missing in the magazine, if there are, inspect the inside of the Tandberg. If you see tape in the robotic arm, gently see if you can maneuver the arm to a comfortable position close to you. Then attempt to pull the tape out. Set this tape aside, and mark as “bad” with the current date. Use a sticky note.
9. Once the jam is clear, remove all tapes from both magazines. Place both empty magazines back into the Tandberg. Push Tandberg back in place.
10. Screw Tandberg back into rails at the rear of the rack.
11. Power on Tandberg
12. Check for errors. If there are no errors, then start Backup Exec services.
13. Run an inventory following Step 13 from Backup Tape Rotation above, and ensure that it inventories nothing OK.
14. If blank inventory is successful, run an eject following Steps 3 – 8 from Backup Tape Rotation above to eject magazine and place tapes back in – omitting the “bad” one.
15. Re-run the inventory from Backup Exec after the Tandberg runs its own auto-inventory.

Test Access to Microsoft Resources

January 17th, 2014 by Charles Edge

Microsoft provides a tool at https://testconnectivity.microsoft.com to test access to their servers and cloud services. Using the Remote connectivity analyzer you can test connections to Lync, review message headers, verify Autodiscover records are working properly, test outbound access to POP/SMTP/IMAP, verify mail flow from an IP, challenge single sign-on and of course test ActiveSync.

Screen Shot 2014-01-17 at 3.28.36 PM

Overall, the Remote Connectivity Analyzer is a great tool for any Microsoft tech and a valuable weapon in the Mac Admin’s batbelt as well!

Pulling Report Info from MunkiWebAdmin

November 6th, 2013 by Allister Banks

Alright, you’ve fallen in love with the Dashboard in MunkiWebAdmin – we don’t blame you, it’s quite the sight. Now you know one day you’ll hack on Django and the client pre/postflight scripts until you can add that perfect view to further extend it’s reporting and output functionality, but in the meantime you just want to export a list of all those machines still running 10.6.8. Mavericks is free, and them folks still on Snow Leo are long overdue. If you’ve only got a handful of clients, maybe you set up MunkiWebAdmin using sqlite(since nothing all that large is actually stored in the database itself.)

MunkiWebAdmin in action

Let’s go spelunking and try to output just those clients in a more digestible format than html, so I’d use the csv output option for starters. We could tool around in an interactive session with the sqlite binary, but in this example we’ll just run the query on that binary and cherry-pick the info we want. Most often, we’ll use the information submitted as a report by the pre- and postflight scripts munki runs, which dumps in to the reports_machine table. And the final part is as simple as you’d expect, we just select all from that particular table where the OS version equals exactly 10.6.8. Here’s the one-liner:

$sqlite3 -csv /Users/Shared/munkiwebadmin_env/munkiwebadmin/munkiwebadmin.db\
 "SELECT * FROM reports_machine WHERE os_version='10.6.8';"

 


And the resultant output:
b8:f6:b1:00:00:00,Berlin,"","",192.168.222.100,"MacBookPro10,1","Intel Core i7","2.6 GHz",x86_64,"8 GB"...

You can then open that in your favorite spreadsheet editing application and parse it for whatever is in store for it next!

Who’s Really In-Charge of Your Company’s Tech: Customers

November 1st, 2013 by Charles Edge

In June of 2007, Gartner analyst were warning all IT managers to stay away from Apple’s iPhone concluding that it wasn’t ready for business environments. In April 2010, the same advice could be heard about Apple’s iPad. What changed since then? Overwhelming customer demand.

Technologies such as Cloud Computing, Mobile (smartphones and tablets), Social Media have infiltrated businesses and have had an impact on how consumers and employees use technology, how they interact and engage with others, and how they create, use, and digest information. These trends are as much social as they are economic and technological.

CUSTOMERS ARE NOW IN CONTROL

At one point, you as the CEO or CFO of your organization and your IT manager could dictate how employees and customers could do business with you from a technology standpoint. That’s just not the case any more. Now, technology based products and services are designed with the consumer in mind and businesses will just have to figure out how to use them within their organizations. As an example, simply look at the fact that according to IDC research, tablets will outsell PCs in the 4th quarter of 2013.

KEY CONCEPTS FOR YOU TO KNOW

Below are a few ideas to consider that could help you stay ahead or on pace with the intersection of technology innovation and business growth.

  • Understand what is expected of you: the technology that customers and employees use at home or in their personal lives is so easy and sophisticated that when they do business with you or when they work for you, they will “demand” and expect more choices, instant responses, greater personalization, flexibility, and functionality.
  • Customers want increasingly more control and access – not less. The trends is moving with customers, you will that they will want to own their own information as well as gain access to their work applications. And if the can’t do that, then frustration will set in.
  • Technology use by customers is social context drive not just business:  In other words, the wave that is moving the adoption, expectations, and use of technology is about how we as a society are using technology. Therefore, it is not going to stop, its going to get crazier and for those who ignore it and try to keep doing “business as usual”, it could be disastrous.

The recent issues surrounding the Affordable Healthcare Act’s website exemplify these concepts.  People expect to have a website that works like Amazon when ordering their books or Facebook when they are posting their kid’s photos. If your technology is not live and working 24/7, it could be serious blow to your reputation (or poll numbers if you are a politician).

WHAT CAN YOU DO?

The good news is that the same technology innovation driving you crazy from business standpoint could also be used to help you serve existing and new customers in new ways that are both beneficial to them and to your as a business.

Here are a few things you can do:

  • Determine how your customer using technology now? Are they using PCs, tablets, smartphones? Are they virtual? Do they still use paper or are they going digital?
  • How can you give your customer more choices? Can you let them control what messages they receive from you? Can you give them access to parts of your internal information that could help them in their business? Can you share more info with them?
  • Do you have the right infrastructure in place to accommodate your customers? Do you have systems that they can access securely and via the devices they use such as mobile (smartphone, tablets), desktop, etc. Can you share with them easily and securely?
  • Are you proactively planning how you can get a head of the curve (and competitors) and researching how you can use mobile, social, and personal devices to do business with your customers?

Another thing to consider is outsourcing your technology. A good outsource IT provider could managing your IT environment in such a way that it will save you money and allow you to focus on your core competencies as well as meet your customers expectation by ensuring that your systems run smoothly.

However, just as in important, choose a provider with the thought leaders or innovation expertise that could help you stay ahead of the technology curve so a leader in your industry and not playing catch up with competitors.

The Cost Considerations of Managed Services

October 30th, 2013 by Charles Edge

With the economic, social, and technology trends pushing IT outsourcing concepts into the spotlight for businesses, it has become increasingly important for CFOs to take a serious look at managed services. For companies, managed services has been a boon in reducing or avoiding cost, helping businesses shift from a capex to an opex model, and or reducing complexity and risk, and for accessing new IT expertise without taking on additional employee headcount.

For many CFOs, eliminating or reducing upfront hardware or monthly employee cost is usually seen as the most important factor when choosing to go towards a managed service or IT outsourcing model, however, we at 318 recommend that you take in a thorough analysis of all the cost involved in your current in-house model and see how it compares to outsourcing.

Below are some typical cost that should be taken into consideration:

Labor

  • Salaries and wages
  • Overtime/Benefits
  • Payroll Taxes
  • Travel

Hardware/Software

  • Purchases & Upgrades
  • Sales Tax (Local/State)
  • Shipping
  • Installation
  • Write Offs
  • Disposal Cost
  • Licensing
  • Implementation

Maintenance

  • Hardware and Software
  • Other products/services
  • Staffing

Access Control/Security

  • Infrastructure
  • Administration
  • Monitoring

Recovery/Disaster Recovery

  • Staffing
  • Hardware/Software
  • Testing
  • Insurance/Compliance

Technical Expertise

  • Internal/External Resources
  • Training
  • Staffing

Facilities

  • Building and Floor Space
  • Property Taxes
  • Utilities and Security
  • Furniture/Equipment

Ongoing support

  • Insurance
  • Audits
  • Legal
  • Service levels

These are just some of the issues that CFOs need to consider. So when all is said, done, and analyzed, is it worth it? From a financial perspective, it may be. One thing is for sure, the trends are definitely moving in the direction where soon rather than later it will not only be a financially smart move to outsource your IT needs and focus on your expertise but it will be an expected business practice.

Let us know what you think, we would love to receive your feedback. You can reach us at sales@318.com.

Resolve Quarantined Mailbox Issues in Exchange

October 24th, 2013 by Charles Edge

Exchange 2010 will quarantine a corrupt, or poisoned, mailbox in the Information Store database. If a  mailbox is corrupt, dirty or poisoned, rather than forcing us to run eseutil or isinteg while the database is offline, Exchange just quarantines the mailbox. If you run into one of these, you can remove from the quarantine to run a mailbox repair by deleting a registry key. To figure out which key to run, first locate the GUID of the mailbox using PowerShell:

Get-MailboxStatistics -identity USERNAME | fl

Then copy the mailbox GUID and open up the registry and make a backup (which I do every time I change the registry btw) of the registry. Then view the following key:

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MSEXCHANGEIS\\PRIVATE-(DB GUID)\QUARANTINEDMAILBOXES\MAILBOXGUID

Delete the key for the mailbox that displays as poisoned. Then, restart the Information Store and run a quick iisreset.

JAMF Software releases Casper 9.2 for OS X 10.9

October 23rd, 2013 by William Smith

Apple released OS X 10.9 (Mavericks) Tuesday and within an hour JAMF Software had released Casper 9.2  with support for Mavericks. Current customers can log in to their accounts at https://jamfnation.jamfsoftware.com/login.html to download the update.

Casper 9.2 includes some bug fixes and new features just for Mavericks. It also includes some new features independent of Mavericks such as support for deploying Mac OS X 10.7 and later upgrades using an OS X installer downloaded directly from the Mac App Store.

JAMF has published full Casper 9.2 release notes on its site.

NTP and Mavericks

October 22nd, 2013 by Erin Scott

Configuring NTP on the latest version of OSX is, in typical Apple fashion, almost deceptively easy.  As in previous versions of OSX any Mac can serve as an Network Time Protocol server with the check of one button.  Once this is done you’ll be able to act as a network clock for any computer on your local area network.

 

To get ntpd going, simply do the following.

 

First open your system preferences and head over to date & time

Screen Shot 2013-10-22 at 4.54.17 PMYou’ll notice that the box to update from a network time server is unhecked.  And if you look at the following port scan you’ll see that the NTP port, port 123, is closed.

Picture 1

Now check the box

Screen Shot 2013-10-22 at 4.54.21 PM

And notice that the NTP daemon starts up and listens on the correct port.

Picture 2

What could be easier?  Now get out there and synchronize your stop watches!

 

Mavericks Is Here, And It’s Free!

October 22nd, 2013 by Charles Edge

At 318 we’ve been hard at work preparing for the release of OS X 10.9, Mavericks and OS X Server 3.0. We’ve spent a lot of time writing, testing and filing our findings away. And now the time is here. Mavericks is available on the App Store, with OS X Server and iOS 7.0.3. Additionally, JAMF has released Casper 9.2 and other vendors are releasing patches as quickly as they can.

With new updates to Safari, the addition of iBooks, the new Maps app, better integration of the Calendar, Finder tagging, a new multiple display manager, newer automation features for FileVault, iCloud Keychain, new Notifications and Finder tags, Mavericks is sure to inspire a lot of people to upgrade immediately. Especially now that Apple has announced it’s free! Before you have hundreds of people upgrade in your environment though, check out the new Caching Server 2 in Mavericks Server app. It’s awesome and will help make sure you can still stream some Howard Stern while everyone is doing the upgrade.

OS X Server also gets a bunch of new updates, with Profile Manager 3 adding more that you can control/deploy, Xcode server providing code sharing, new command line options, new options within existing services, etc. Definitely check it out!

And if you need any help with this stuff, we’re more than happy to help prepare for and implement upgrades, whether it’s just for a few clients or for a few thousand!

Remote Desktop 2

October 21st, 2013 by Charles Edge
Up until the last few days, Microsoft’s Remote Desktop Connection client for OS X was getting a bit long in the tooth. But, just in case you missed it because of the Windows 8.1 update, Microsoft also released a new version of Remote Desktop Connection for Mac and its first versions for Android and iOS. Software is available only in each device’s app store:

Windows 8.1 Now Available

October 18th, 2013 by Charles Edge

Windows 8.1 is finally available. And better yet, it’s free if you already have Windows 8. There are a bunch of cool new features, including (drum roll) the return of the infamous Start button (which really just opens the Start screen)! To install, just open up the Store app and click on the first large tile on the left, which should say Windows 8.1. It’s easy to upgrade and if you’re using touch enabled devices (or not), it’s a great upgrade. If you’re not running Windows 8, the upgrade is only $119 (or $199 for Pro).

Other new stuff built into 8.1 includes:

  1. Enhanced multi-monitor support
  2. A customizable Start Screen
  3. A global search (integrated with Bing to make a Hero app that sorts the results nicely for you)
  4. The new Boot to Desktop option
  5. Automatic updating of your apps (similar to how that feature works in iOS 7)
  6. Live tiles
  7. New color/texture themes
  8. Desktop backgrounds on the Start screen
  9. Reading List (similar to the Reading List feature in Safari but extended across all Apps)
  10. A lock screen slide show that can display photos or let you take a Skype call.
  11. Calendar app
  12.  Alarm app
  13. Food & Drink app, which has lots of interesting content linked such as recipes and integration with Microsoft’s Health & Fitness tracker

There are also new options built into existing apps. Downloaded apps don’t pin to the Start screen any more, which should clean up the Start screen. Especially for the the apps you don’t use very often. Also, you can now just swipe up to get an all apps screen, which is a nice new gesture. You can also run two (or more actually) apps on the screen concurrently, with one app taking up a smaller amount of screen real estate on the side (a feature called Snap). Internet Explorer got unlimited tabs, which had never been an issue for me and as with iOS->OS X it can sync tabs across devices and create live tiles based on the content. In fact, you can app sync most apps between devices, so if you buy an app it can appear wherever you’ve opted into app syncing. Photo editing gets better. Tool tips get an upgrade as well.

The SkyDrive integration is only going to continue to increase. In Windows 8.1 SkyDrive uses placeholder files to point to data on your SkyDrive (an option that’s been available for Azure developers for a long time). You can then make any objects offline by mirroring the content to a Windows 8.1 device. This goes for Xbox as well, with that becoming more and more like iTunes on a Mac. You now have music, video, games, etc. Expect Amazon and Apple to be going hrmmm over the increased integration here!

Overall, if you’re a Windows 8 user, run the upgrade. If you’re not running Windows 8 and your hardware can support it, it’s getting closer and closer to that time to do the upgrade. And if you need any help along the way, please feel free to give us a call. We love to help you do more with cool new tech like this!

Enroll Existing 10.8 Machines In Profile Manager (or another MDM) Using Apple Remote Desktop

October 17th, 2013 by Charles Edge

Since we can now do less and less with MCX, we need to rely on Profile Manager for user and machine-specific management inside of OD. This is very easy if you are re-imaging all of your machines (using automated enrollment with Deploy Studio), but what about environments that have upgraded to 10.8 organically? Or if you’re attempting to manage machines that are already in use? If you’ve got ARD or SSH access, you’re in luck, as you can very easily push an Enrollment Profile that will automatically enroll the machine at the next reboot. This is done by manipulating files in /private/var/db/ConfigurationProfiles/Setup/. You can build a set of tasks in ARD to perform the following tasks.

First, we want to rm /private/var/db/ConfigurationProfiles/Setup/.profileSetupDone. At startup, OS X looks for this file and if not found, it will load any profiles found in the containing Setup folder. Make sure this command is run as root.

ARD1

Secondly, we need to actually copy the Enrollment Profile (and Trust Profile if needed) into /private/var/db/ConfigurationProfiles/Setup/. The profiles are loaded in alphabetical order, so make sure the names of the files will ensure that the Trust Profile runs first, or the Enrollment Profile will fail if you have not properly signed your configuration profiles. A good test to see if you need to send the Trust Profile as well is to install the Enrollment Profile you downloaded manually on a fresh test system – if it installs without error, you’re OK to use just that. If you get an error about needing a Trust Profile, either adjust your settings in Server.app to properly sign the Enrollment Profile in server, or install the Trust Profile on the machines as well.

ARD2

Note: You don’t have to install two profiles using most 3rd party MDM solutions, such as Casper, FileWave, etc.

It is important that we get the correct Enrollment Profile to load onto our target machines – you can’t simply log into yourserver.com/mydevices and use the profile that results from the “Enroll” link – this is a per-device file.  We need to get our Enrollment Profile from the admin page (yourserver.com/profilemanager). Once logged in, click the “+” in the bottom left corner and select “Enrollment Profile”.

Image1

Configure the profile as shown below and then download.

Image2

You can also download the Trust Profile from the same screen if needed.

Image3

Once you’ve deleted the .profileSetupDone file and loaded the appropriate profiles, the machines will self-enroll at next reboot (or if you’re a heartless admin, you can force a reboot via ARD). You can now enjoy device management via Profile Manager!

Files Not Showing For Xsan Clients When Uploaded Through Ethernet

October 15th, 2013 by Charles Edge

There is a problem with Xsan when using AFP or SMB heads in front of volumes, where when a user uploads or adds a file to the volume, the file is not readily available/visible to all users. This issue doesn’t occur every time a file is uploaded and nor does it cause files to actually disappear, only to need the user to restart their Finder in order to be able to see the object.

We’ve been using this freeware app as a workaround until Apple comes up with a patch: https://www.macupdate.com/app/mac/24714/refresh-finder

[New in Casper 9.1] Identify iOS 7 devices managed by ‘Find My iPhone’

October 1st, 2013 by William Smith

Find My iPhoneEnterprise and educational institutions have a new tool in Casper 9.1 for identifying iOS 7 devices under Apple’s new Activation Lock management. This tool becomes increasingly important if employees or students are allowed to use their personal Apple IDs with their devices because only they can return the device in an unmanaged state.

Apple introduced “Find My iPhone” in iOS 3 allowing users to track their own devices or others with their owners’ permission. Since that time Apple has added remote lock to prevent use of a lost device and remote erase to wipe data from the device when the owner can’t recover it.

With iOS 7 Activation Lock is automatically enabled when remotely locking or erasing a device, making using or selling it difficult without first entering the password for the Apple ID that locked it and then removing the management. When a remote lock or erase command is issued Activation Lock effectively bricks the device preventing anyone from erasing or reactivating it.

JAMF Software released Casper 9.1 the same day Apple released iOS 7 and added the new field “Device Locator Service Enabled” for identifying iOS 7 devices tied to  Apple IDs that can remotely lock or erase them. This field appears both under the General payload of an individual device as well as a criterion under Smart Mobile Device Groups.

Device Locator Service Enabled

Casper can only identify whether the device location service is enabled. It cannot report the Apple ID itself managing the device.

As part of any device return policy for an employee’s departure from his company or a student’s end-of-year equipment return, administrators should review whether the Device Locator Service Enabled field is true or false for the device. The employee or student must remove the device from his Apple ID prior to returning the equipment. He must do this on the device itself under Settings > iCloud and turning off Find My iPhone or Find My iPad. This requires he enter his Apple ID password to complete disabling the management.

While iOS 6 and earlier devices include the remote lock, locate and erase features they don’t include Activation Lock. This is new in iOS 7.

Apple has made no announcements about whether OS X 10.9 (Mavericks) will include this option as part of its “Find My Mac” feature set.

[New in Casper 9] Use keyboard shortcuts in JSS

September 30th, 2013 by William Smith

Matthew Fjerstad with JAMF Software recently posted a handful of keyboard shortcuts for the JAMF Software Server (JSS) in Casper 9. Updating JSS items in Casper 8 and earlier was as simple as clicking a link and editing the record. To enable new features in version 9 the JAMF developers changed this behavior to require clicking additional buttons when changing information.

Clicking extra buttons meant adding tedious steps when working in the JSS so the JAMF Software developers included these new editing and navigation commands.

N = New (from a list view)

To add a new object such as a new JSS user account, press N. This applies wherever a New button appears.

Press N

E = Edit

To edit an object such as an existing JSS user account, press E. This applies wherever an Edit button appears.

Press E

B = Done or Back

To return to a list after viewing an object such as an existing JSS user account, press B. This applies wherever an Done button appears.

Press D

Control-C = Cancel

To quit editing an object without making any changes, press Control-C. This applies wherever the Cancel button appears.

Control-S = Save

To save changes after editing an object, press Control-S. This applies wherever the Save button appears.

Press Control C or S

Control-D = Delete

To delete an object such as an existing JSS user account, press Control-D. This applies wherever a Delete button appears.

Press Control D

Wishes Granted! Apple Configurator 1.4 and iOS 7

September 25th, 2013 by Allister Banks

Back in June, we posted about common irritations of iOS(6) device deployment, especially in schools or other environments trying to remove features that could distract students. Just like with the Genie, we asked for three wishes:

- 1. Prevent the addition of other email accounts, or 2. the sign-in (or creation!) of Twitter/Facebook(/Vimeo/Flickr, etc.) accounts

Yay! Rejoice in the implementation of your feature requests! At least when on a supervised device, you can now have these options show up as greyed out.

- 3. Disable the setting of a password lock…

Boo! This is still in the realm of things only an MDM can do for you. But at least it’s not something new that MDM’s need to implement. More agile ways to interact with App Lock should be showing up in a lot more vendors products for a ‘do not pass go, do not collect $200 dollars’ way to lead a group of iPads through the exact app they should be using. Something new we’re definitely looking forward to for MDM vendors to implement is…

Over-the-Air Supervision!

Won’t it be neat when we don’t need to tether all these devices to get those extra management features?

And One More Thing

Screen Shot 2013-09-24 at 2.35.14 PM

Oh, and one last feature I made reference to in passing, you can now sync a Supervised device to a computer! …With the caveat that you need to designate that functionality at the time you move the device into Supervise mode, and the specific Restriction payload needs setting appropriately.

Screen Shot 2013-09-24 at 2.34.29 PM

We hope you enjoy the bounty that a new OS and updated admin tools brings.

Add OS X Network Settings Remotely (Without Breaking Stuff)

September 23rd, 2013 by Allister Banks

So you’re going to send a computer off to a colocation facility, and it’ll use a static IP and DNS when it gets there, the info for which it’ll need before it arrives. Just like colo, you access this computer remotely to prepare it for its trip, but don’t want to knock it off the network while prepping this info, so you can verify it’s good to go and shut it down.

It’s the type of thing, like setting up email accounts programmatically, that somebody should have figured out and shared with the community as some point. But even if my google-fu is weak, I guess I can deal with having tomatoes thrown at me, so here’s a rough mock-up:

 

#!/bin/bash
# purpose: add a network location with manual IP info without switching 
#   This script lets you fill in settings and apply them on en0(assuming that's active)
#   but only interrupts current connectivity long enough to apply the settings,
#   it then immediately switches back. (It also assumes a 'Static' location doesn't already exist...)
#   Use at your own risk! No warranty granted or implied! Tell us we're doing it rong on twitter!
# author: Allister Banks, 318 Inc.

# set -x

declare -xr networksetup="/usr/sbin/networksetup"

declare -xr MYIP="192.168.111.177"
declare -xr MYMASK="255.255.255.0"
declare -xr MYROUTER="192.168.111.1"
declare -xr DNSSERVERS="8.8.8.8 8.8.4.4"

declare -x PORTANDSERVICE=`$networksetup -listallhardwareports | awk '/en0/{print x};{x=$0}' | cut -d ' ' -f 3`

$networksetup -createlocation "Static" populate
$networksetup -switchtolocation "Static"
$networksetup -setmanual $PORTANDSERVICE $MYIP $MYMASK $MYROUTER
$networksetup -setdnsservers $PORTANDSERVICE $DNSSERVERS
$networksetup -switchtolocation Automatic

exit 0

Caveats: The script assumes the interface you want to be active in the future is en0, just for ease of testing before deployment. Also, that there isn’t already a network location called ‘Static’, and that you do want all interface populated upon creation(because I couldn’t think of particularly good reasons why not.)

If you find the need, give it a try and tweet at us with your questions/comments!


Write and run scripts through BBEdit and TextWrangler

September 4th, 2013 by William Smith

Part of my job is writing shell scripts. These are scripts for administrative work rather than end-user applications and they’re usually short and non-interactive. I can’t justify purchasing expensive code-writing tools for this type and frequency of work but I do prefer something more than just TextEdit. I could write a website using TextEdit but that would be painful. The same applies to scripts.

Two of my favorite script-writing tools are from Bare Bones Software: BBEdit and TextWrangler. These are actually text editors but that’s really all that’s needed for basic scripting. I recommend TextWrangler because it’s free and really powerful. For those who want more I recommend purchasing BBEdit, which is the big brother to TextWrangler.

Here’s just one thing I like about each when writing scripts.

TextWrangler

Part of script writing is testing the code. Sometimes I’m just writing a snippet and only need to test a line or two. TextWrangler (and BBEdit) include a shebang (#!) menu to let me run code from the text I’ve just typed.

I can open a new TextWrangler document and enter a simple script to tell me today’s date:

#!/bin/sh
	date "+Today's date is %m/%d/%Y"
exit 0

To run this script I don’t even need to save the document. I can just choose #! > Run:

Sheband > Run

and the result opens in a new window.

Shebang > Run output

If my script syntax were incorrect, such as omitting the final double-quote on the second line, the result would the same as if I had saved the file, made it executable and run it in Terminal.

Shebang > Run error

BBEdit

BBEdit has a feature called Shell Worksheets, which act kind of like an interactive script. I can create a new worksheet by choosing File menu > New > Shell Worksheet.

A new shell worksheet is based on the default UNIX shell, which is generally bash. It doesn’t require a shebang at the beginning of my code. I can enter my date command and then press Enter (on an extended keyboard) or Command-Return and that one line is not only executed but the result is displayed below.

Shell worksheet

If I have several lines of code I can highlight any one or multiple lines and press Enter or Command-Return to execute those lines. All output will appear after the last line of highlighted commands.

Better than TextEdit

Working within TextWrangler or BBEdit enables me to write and quickly test code without having to save my script and make it executable. In addition to quickly executing commands both applications feature line numbering and syntax highlighting to make reading and debugging scripts much easier.

For a better understanding of these tools consult the User Manual under the Help menu in each application.

Increase Shared Memory for Postgres

August 16th, 2013 by Charles Edge

The default installation of Postgres in OS X Server can be pretty useful. You may find that as your databases grow that you need to increase the amount of shared memory that those databases can access. This is a kernel thing, so requires sysctl to get just right. You can do so manually just to get your heavy lifting done and oftentimes you won’t need the settings to persist across a restart. Before doing anything I like to just grab a snapshot of all my kernel MIBs:

sysctl -a > ~/Desktop/kernmibs

I like increasing these incrementally, so to bring up the maximum memory to 16 megs and increase some of the other settings equally, you might look to do something like this:

sysctl -w kern.sysv.shmmax=16777216
sysctl -w kern.sysv.shmmni=256
sysctl -w kern.sysv.shmseg=64
sysctl -w kern.sysv.shmall=393216

To change back, just restart (or use sysctl -w to load them back in). If you need more for things other than loading and converting databases or patching postgres, then you can bring them up even higher (I like to increment in multiples):

sysctl -w kern.sysv.shmmax=268435456

Change the Maximum Message Size In OS X Mail Server

August 14th, 2013 by Charles Edge

The default size limit of new mail messages in OS X 10.8 Server is 10 MB. That’s small for many environments. To increase to 20 MB, open Terminal. Use serveradmin to increase the number, plugging it into mail:postfix:message_size_limit as follows:

serveradmin settings mail:postfix:message_size_limit = 20971520

To change it back, you would use:

serveradmin settings mail:postfix:message_size_limit = 10485760

Cat skinning technique #12 or “Convert to plist and then read”

August 13th, 2013 by William Smith

I’ve seen amazing things done to extract data from most anything with command-line tools such as awk, sed and regex. Just like “there’s more than one way to skin a cat”, there’s more than one way to get a result.

During some recent scripting research I noticed in the man page for the command I was using an option that allowed me to convert the data to an easier to parse format. Although the output for this option was much longer than normal output, I was able to avoid devising a complex regex for getting the data I needed.

Enough babble! I present yet another way to extract information from a blob of data or “cat skinning technique #12″.

This command when run in the Terminal returned a load of information about my OS X user account.

dscl . read /Users/tempuser

I appended an attribute called “Comment” and I gave the attribute a value of “Temporary account.”

sudo dscl . append /Users/tempuser Comment "Temporary account."

I could read this attribute quickly using:

dscl . read /Users/tempuser Comment

The result was:

Comment:
 Temporary account.

I added a second and third comment by running the append command a couple more times:

Comment:
 Temporary account.
 Expires: July 31, 2013.
 Manager: Martin Moose.

Now, how could I go about getting the expiration date from the comment? This is where awk-, sed- and regex-loving scripters would begin piping the results into something like:

dscl . read /Users/tempuser Comment | sed -n '3p'

The problem with this command was it left a blank leading space (note how the values for the comment were slightly indented in the above result).

I could pipe this again into another sed command along with some complicated regex magic to remove the leading space, which actually gave me what I wanted:

dscl . read /Users/tempuser Comment | sed -n '3p' | sed -e 's/^[ \t]*//'

As an administrator needing to get the job done I would be happy with this solution. If I were to post that one-liner into a forum, though, I’d be ridiculed for using the same command multiple times or for piping more than once.

I learned a few years back to try to exhaust the options provided by a single command rather than snipping away at results using a centipede of short commands. After viewing the man page for dscl I found a useful option—it could output the result in plist format. That’s the same format for preference files. Administrators familiar with managing preferences are also familiar with command line tools like defaults and PlistBuddy.

I added the extra option:

dscl -plist . read /Users/tempuser Comment

Although it returned lengthier output I had structure to the information:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>dsAttrTypeStandard:Comment</key>
	<array>
		<string>Temporary account.</string>
		<string>Expires: July 31, 2013.</string>
		<string>Manager: Martin Moose.</string>
	</array>
</dict>
</plist>

Both the defaults and PlistBuddy command line tools only read plist files, which meant I needed to redirect this information into a file. The /private/tmp folder was a convenient place to store transient stuff:

dscl -plist . read /Users/tempuser Comment > /private/tmp/myfile.plist

All I needed to do was read the file. Because this plist file contained an array, PlistBuddy was much better suited to reading it than defaults. After a little trial and error I put a two-liner together:

dscl -plist . read /Users/tempuser Comment > /private/tmp/myfile.plist
/usr/libexec/PlistBuddy -c "print :dsAttrTypeStandard\:Comment:1" /private/tmp/myfile.plist

In plain language the PlistBuddy command said: “Read the value for the key ‘dsAttrTypeStandard:Comment’ and return index 1 (indexes start at 0) from the file myfile.plist.” The result returned was:

Expires: July 31, 2013.

The ‘Hidden’ Summary Tab

August 9th, 2013 by Allister Banks

Do you want AirPort Utility to look how it used to? Howsabout something akin to the Logs interface you could use to see connected client’s? Well, mashing the option key has paid off again! As alerted to me on the Twitter via an @dmnelson re-tweet, https://twitter.com/jeff_lamarche/status/364905545272012800


This doesn’t really get you more in the way of features, but when change is scary and goes jingly-jangly in our pockets, seeing a familiar modal dialog makes us feel at ease.

summary

Inconsistent Upgrade Behavior on Software-Mirrored RAID Volumes

August 8th, 2013 by Allister Banks

It came up again recently, so this post is to warn folks treading the same path in the near future. First a little ‘brass tacks’ background: As you probably know, as of 10.7 Lion’s Mac App Store-only distribution, you can choose the option to extract the InstallESD.dmg from the Install Mac OS X (insert big cat name here) application, and avoid duplicitous downloads and manual Apple ID logins. One could even automate the process on a network that supports NetInstall with a redundantly named NetInstall set to essentially ‘virtualize’ or serve up the installer app on the network.

We’ve found recently that more than a few environments are just getting around to upgrading after taking a ‘wait and see’ approach to Lion, and jumping straight to 10.8 Mountain Lion. Getting to the meat after all this preamble… it was also, at one time, considered best practice to use RAID to mirror the boot disk, even without a hardware card to remove the CPU overhead. (It hadn’t been considered a factor then, but even modern storage virtualization *cough*Drobo*cough* can perform… poorly. I personally recommend what I call a ‘lazy mirror’, having CCC clone the volume and putting less writes on the disk over time, and getting the redundancy of CCC reporting SMART status of the source and destination.)

When upgrading a software-mirror’d boot drives OS, you get a message about features been unavailable, namely FileVault2 and the Recovery Partition it relies upon. If it detects the machine being upgraded is running (a relic of a bygone era, a separate OS called quaintly) ‘Mac OS X Server,’ it additionally warns that the server functionality will be suspended until Server.app 2.x can be installed via… the Mac App Store. We’ve found it can do an upgrade of those paused services(at least those that are still provided by the 2.2.1 version of the Server application) and pick up where it left off without incident after being installed and launched.

If, however, you use a Mac App Store-downloaded application to perform the process, we’ve seen higher success rates of a stable upgrade. If instead you tried to save time with either the InstallESD.dmg or NetInstall set methods mentioned earlier, a failure symptom occurred that, post-update, the disk would never complete its first boot(verbose boot was not conclusive as to reasons, either.) Moving the application bundle to another machine(volume license codes have, of course, been applied to the appropriate AppleID on the machines designated for upgrades,) hasn’t been as successful, although the recommended repackaging of the Install app, as Apple has referred to in certain documentation, wasn’t attempted this particular time. In some cases even breaking the software mirror didn’t allow the disk to complete an upgrade successfully. Another symptom before we could tell it was going to fail is the drop-down sheet warning of the loss of server functionality would immediately cause the entire window to lose focus while about to initiate the update. A radar has not been filed due to the fact that a supported(albeit semi time-intensive) method exists and as been more consistently successful.

Apple Mail 6.2 – Unexpectedly Quits When Selecting Messages

July 19th, 2013 by Michael Hendry

I recently ran into an interesting issue, with Apple Mail seeming to randomly crash.

While browsing Apple Mail and selecting certain e-mails, Apple Mail would ‘Unexpectedly Quit’. The mail messages that would cause these quits were seemingly random. None were from the same contact, they had no shared elements (attachments, subject line, invalid characters, etc.), there was nothing that would help to distinguish the cause of these crashes.

The only element that seemed to line up, was that there each had multiple recipients in the To: field, perhaps indicting a corrupted recipients file. To test this, I tried to open and review the previous recipients.

Screen Shot 2013-07-19 at 10.33.04 AM

On selecting previous recipients, mail would become non-responsive and hang indefinitely. This appeared to indicate the cause of the unexpected quit was a corrupted MailRecents-V4.abcdmr.

This was fixed with the following steps:

- Close out of Mail

- Open Finder,

- From the Go menu, select Go To Folder… and paste in the following: ~/Library/Application Support/AddressBook/

 

Screen Shot 2013-07-19 at 1.58.22 PM

 

- When the window opens, select the MailRecents-V4.abcdmr and and rename it to “OldMailRecents-V4.abcdmr”

Screen Shot 2013-07-19 at 2.02.38 PM

- Reopen Mail, and breathe a sigh of relief.

That’s it!

Note: The above steps will erase your autocomplete for previous recipients. If you have a backup of your MailRecents-V4.abcdmr through Time Machine or Crashplan, restore that file (from a point prior to the date you started experiencing the issue)  to the above Library path and complete the rest of the above steps.