Archive for the ‘Mass Deployments’ Category

Hiding a Restore Partition With jamf

Monday, August 9th, 2010

The jamf command that is placed inside the /usr/sbin directory has a number of things it does really well. Many of the tasks exposed in Casper Admin can be tapped into using shell scripts.

One nice option that the Casper Suite has for the mobile users in many an enterprise is the ability to restore a given machine to a known good working state. Casper addresses this using a concept known as a restore partition. The restore partition can be used to deploy a base set of packages to a client, or maybe just a functional operating system that hooks back into the JSS, or JAMF Software Server. Because you want the restore partition to be somewhat undefiled, you can hide it. Then, if a user needs to boot to the restore partition, they would simply boot the computer holding down the option key and select Restore (or whatever you have named it).

The /usr/sbin/jamf command can then be used to hide that restore partition using the hideRestore option. For example, assuming that the restore partition is named Restore, the following command will hide it:

/usr/sbin/jamf hideRestore

But, you might find that you want to deploy multiple hidden partitions. So let’s say that you had another for running disk tools. In our environment we could call it 318Tools. So to hide it as well, we would use the same command, but with the -name option followed by the name of the other partition we would like to hide, like so:

/usr/sbin/jamf hideRestore -name 318Tools

Overall, there are a number of uses other than simple patch management with the Casper Suite, and this is just one of the small things you can do with the jamf command, an integral part of the Suite.

Posted in Mac OS X, Mass Deployments | Comments Off

MergeSafBookmarks Now Open Sourced

Tuesday, December 22nd, 2009

318 has open sourced our mergeSafBookmarks python script. This tool can read in a pair of property lists and merge them into a single resultant bookmarks file for Safari. This takes a lot of the work out of pushing bookmarks to existing users as part of your deployment. You can find it here:

http://mergebookmarks.sourceforge.net

Note: The script also looks at existing bookmarks and doesn’t merge in duplicates.

Link To:

Tags: , ,
Posted in Mac OS X, Mass Deployments | Comments Off

318 Open Sources the ASR Setup Tool

Monday, December 14th, 2009

318 has decided to open source our ASR Setup Tool under GPLv3. The tool can now be found at http://asrsetup.sourceforge.net. The ASR Setup Tool is built as a wrapper for the asr command line suite from Apple. The description from SourceForge:

Developed by 318 Inc., ASR Setup Toll is an application for setting up Apple Software Restore (“ASR”). In the context of the ASR Setup Tool, ASR is used for setting up a multicast stream that can then be leveraged for imaging Mac OS X computers.

We hope you enjoy!

Tags: , , , ,
Posted in Mac OS X, Mac OS X Server, Mass Deployments | Comments Off

Mac OS X 10.6.2 Server Available

Tuesday, November 10th, 2009

Mac OS X 10.6.2 Server is now available. This update represents a great step for environments that have either already made to, or are preparing/planning the upgrade to, Snow Leopard Server. In this update, Apple addresses the following issues (from Apple.com):

  • adding and removing imported users in Server Preferences
  • synchronizing Portable Home Directory content
  • using iCal web interface within select time zones
  • previewing and capturing dual-source video in Podcast Capture
  • server-side filtering of incoming mail messages
  • using chained digital certificates for mail services
  • creating images with System Image Utility
  • automating installation of NetRestore images
  • preventing brute force password attacks
  • using sudo command with authenticated Open Directory binding
  • binding to Active Directory domains with invalid service records
  • creation of mobile accounts for Active Directory users
  • correcting a problem that would cause the Software Update cache to grow excessively

Tags: , , , ,
Posted in Mac OS X Server, Mass Deployments | Comments Off

New Video on System Image Utility in Snow Leopard

Tuesday, September 1st, 2009

Now that NetRestore has been moved into Mac OS X Server (kinda), we have created a new video on creating a NetRestore image for Snow Leopard.

Tags: , ,
Posted in Mac OS X, Mac OS X Server, Mass Deployments | Comments Off

Google Apps and BlackBerry

Friday, May 15th, 2009

Google Apps has taken another step towards the capacity for enterprise integration. Google Apps Connector for BlackBerry Enterprise Server will be available in July. Google was fairly quick to release a product that allowed for interaction with the iPhone and has recently added an ActiveSync option to connect to their mail services, allowing for the synchronization of contacts, mail and calendars to devices running Windows Mobile and the iPhone. This additional step simply completes offering up Google Apps to the major smartphones on the market. And with recent directory services integration offerings, Google Apps seems more than ever like a viable option in the enterprise space.

As partners of Research in Motion, Microsoft and Apple, 318 would be happy to work with you to formulate a unified strategy for managing, application development and application delivery for your mobile enterprise – no matter the platform.

Tags: , , , ,
Posted in Mac OS X, Mass Deployments, Network Architecture, Web Development | Comments Off

Mass Deploying Firefox Preferences for Mac OS X

Friday, April 24th, 2009

Firefox has a number of preferences.  Not all are available in the GUI.  To access these preferences, you can simply open Firefox and type the following in the address bar:

about: config

This will allow you to customize preferences, whether or not they’re otherwise known, line by line.  These can then be copied between users, by inserting lines into the preferences file.

Like with most applications on Mac OS X, the preferences for Firefox can be deployed en masse.  It is a bit more complicated than deploying preferences for some other applications.  The reason for this is that the path to the preference file isn’t the same for all users.  The file is located in the ~/Library/Application Support/Firefox/Profiles directory.  It is an 8 character string followed by .default.  For example, lzwntwo9.default.  In this folder is a file called prefs.js, which contains all of the preferences for Firefox.  For example, the following line will disable the check for whether you wish Firefox to be the default web browser for a user:

user_pref(“browser.shell.checkDefaultBrowser”, false);

Once you know what preferences you’d like to push out there are two options to do so (there might be more, but these are the two we’ve used):

  • The first is to edit items in the Firefox.app bundle.  Most of these can be edited using the /Applications/Firefox.app/Contents/MacOS/defaults/profile/prefs.js file, although the home page will be set using the /Applications/Firefox.app/Contents/MacOS/browserconfig.properties file.  One note is that when you go to customize the prefs.js file it will give you a fairly nasty warning, but then it will push changes out to new accounts; however, don’t make any changes while the application is open.  Additionally, this method requires deleting the existing preferences, so if you simply want to push out updates you’ll need to resort to the second method.
  • For the second method, we look at a script that finds the name of the directory located in ~/Library/Application Support/Firefox/Profiles for the user (or all users for computer-based policies) of the system.  We then set that as a variable.  For example, using the output of ls ~/Library/Application\ Support/Firefox/Profiles/ as a variable called FFPREFSFOLDER would then be used to alter the contents of the js file using ls ~/Library/Application\ Support/Firefox/Profiles/$FFPREFSFOLDER/prefs.js as the actual path of the file for a user.

Now you can insert (or replace) the line that makes up the specific preference.  This isn’t nearly as clean as using defaults to push out Safari preferences.  But it does provide a way to push out Firefox preferences, be it as a file drop to replace the preferences in the application bundle or as a line edit to alter settings of an existing users browser.

Tags: , ,
Posted in Mac OS X, Mac OS X Server, Mass Deployments | Comments Off

ESX Patch Management

Tuesday, April 14th, 2009

VMware’s ESX Server, like any system, needs to be updated regularly. To see what patches have been installed on your ESX server use the following command:

esxupdate -query

Once you know what updates have already been applied to your system it’s time to go find the updates that still need to be applied. You can download the updates that have not yet been run at http://support.vmware.com/selfsupport/download/. Here you will see a bevy of information about each patch and can determine whether you consider it an important patch to run. At a minimum, all security patches should be run as often as your change control environment allows. Once downloaded make sure you have enough free space to install the software you’ve just downloaded and then you will need to copy the patches to the server (using ssh, scp or whatever tool you prefer to use to copy files to your ESX host). Now extract the patches prior to running them. To do so use the tar command, as follows:

tar xvzf .tgz

Once extracted, cd into the patch directory and then use the esxupdate command with the update flag and then the test flag, as follows:

esxupdate –test update

Provided that the update tests clean, run the update itself with the following command (still with a working directory inside the extracted tarball from a couple of steps ago):

esxupdate update

There are a couple of flags that can be used with esxupdate. Chief amongst them are -noreboot (which doesn’t reboot after a given update), -d, -b and -l (which are used for working with bundles and depots).

If esxupdate fails with an error code these can be cross referenced using the ESX Patch Management Guide.

You can also run patches without copying the updates to the server manually, although this will require you to know the URL of the patch. To do so, first locate the patch number that you would like to run. Then, open outgoing ports on the server as follows:

esxcfg-firewall -allowOutgoing

Next, issue the esxupdate command with the path embedded:

esxupdate –noreboot -r http:// update

Once you’ve looped through all the updates you are looking to run, lock down your ESX firewall again using the following command:

esxcfg-firewall -blockOutgoing

Tags: , , , , , ,
Posted in Linux, Mass Deployments, Scripts, Windows | Comments Off

Mac OS X Server: Cascading Software Updates

Thursday, August 7th, 2008

Software Update Services allow your server to cache updates from Apple and then redistribute them to clients within your organization. Now, this is going to greatly cut down on the amount of bandwidth consumed when new software patches are released. But if you have a large distributed organization you might want to have multiple Software Update Servers daisy-chained together in a cascade to download updates from each other and provide updates to sets of clients (maybe they’re geographically separated or you just have too many clients to provide updates to for just one server). Cascading the Software Update Services would further conserve bandwidth in your environment if you have multiple Software Update Servers.

In order to cascade Software Updates from one server to another you would first setup your first Software Update Server. Let’s say that we set it up as SUS1.domain.com and set it to run on port 8080. Next you would setup your second server (let’s call it SUS2.domain.com) and edit the “metaindexURL” key (by default it’s set to be swscan.apple.com) of the file, /etc/swupd/swupd.plist. So you would change the key to be SUS1.domain.com/content/meta/mirror-config-1.plist.

Posted in Mac OS X, Mac OS X Server, Mass Deployments, Network Architecture | Comments Off

Leopard Server: New Managed Preferences

Wednesday, June 11th, 2008

If you’re familiar with Managed Preferences in Tiger then you’re basically already familiar with Managed Preferences in Leopard Server. But there are some great new features that Apple has provided us with by popular demand. These include the following:

Applications
There are now more features to the Applications Managed Preference. You can allow or disallow applications by selecting them individually or a folder. This means that you can allow access to applications located in the /Applications folder but disallow all applications located in the /Applications/Utilities folder. There are also now controls for allowing specific widgets and disabling Front Row.

Finder
There are new options to limit users from doing tasks when in the Finder such as Ejecting a disk, connecting to servers, rebooting and burning disks.

Login
You can now control the list of users that are displayed to a user during login times to show Mobile accounts and network users. You can show/hide the restart button, disable automatic logon, enable Fast User switching, set the local computer record name to the name of the computer on the server, enable guest access, control the inactive time to logout users and configure computer based Access Control Lists.

Mobility
Mobility now allows administrators to set an expiry for a users home folder on the system they are logging into. This allows administrators to keep local desktop systems from getting polluted with hundreds of home folders without using custom scripts to do so. Administrators can also now force accounts on local systems to use FileVault with Mobility accounts to keep data on local systems as secure as possible and set quota’s for user home directories. Finally, it is also now possible to control the path that the user home folder is located on local desktops.

Network
Administrators can now Disable Internet Sharing, Airport and Bluetooth for client computers.

Parental Controls
Hide profanity in the dictionary, control access to web sites, set the amount of time per day that a computer is allowed to be used and set times when login is not allowed in this new Managed Preference.

Printing
Force users to put their user name, date and/or MAC address in a page that is sent with each print job.

System Preferences
Allow or deny access to each System Preference (including the new ones).

Tags: , ,
Posted in Directory Services, IT Management, Mac OS X Server, Mass Deployments | Comments Off

Using the JAMF Binary with the Casper Suite

Thursday, October 25th, 2007

Casper is an incredibly useful tool for package deployment, maintaining records of the systems in your environment and policy management. But for those of you already using Casper (or considering it) you’ll be glad to know that you can use the jamf binary to do all kinds of fun stuff that can help with troubleshooting computers in your environment. For example:

The following command will setup a hidden SSH user and restrict SSH access to be allowed by only that user:
jamf createAccount -username casperadmin -realname "Casper Admin" -password capseradmin -home /Users/casperadmin -hiddenUser -admin -secureSSH

This command can be used to display a popup on the system it’s run on that says “Hello Minnesota”:
jamf displayMessage -message "Hello Minnesota"

The following command will unmount a mounted server called mainserver:
jamf unmountServer -mountPoint /Volumes/mainserver

The following command can be used to change a users home page in all of their web browsers:
jamf setHomePage -homepage www.318.com

The following command can be used to fire up the SSH daemon:
jamf startSSH

The following command can be used to fix the By Host files on the local machine:
jamf fixByHostFiles -target 127.0.0.1

The following command can be used to run a Fix Permissions on the local machine:
jamf fixPermissions /

The following can be used to flush all of the caches on your local system:
jamf flushCaches -flushSystem

The following can be used to bless the drive externaldrive:
jamf bless -target /Volumes/externaldrive

The following can be used to run a software update on the local system:
jamf runSoftwareUpdate

The following can be used to bind to an AD environment (rather than dsconfigad if for some reason you just didn’t like using dsconfigad), but would need all the parameters for your environment put in as flags:
jamf bindAD

The following can be used to enable OpenFirmware passwords on your computer to secretpass:
jamf setOFP -mode full -password secretpass

Most of these options are available inside the Casper suite, but the ability to do some simple tasks very quickly from the terminal is yet another reason to fall in love with Casper.

Posted in Mac OS X, Mac OS X Server, Mass Deployments | Comments Off