Posts Tagged ‘Mac OS X’

Mavericks Is Here, And It’s Free!

Tuesday, October 22nd, 2013

At 318 we’ve been hard at work preparing for the release of OS X 10.9, Mavericks and OS X Server 3.0. We’ve spent a lot of time writing, testing and filing our findings away. And now the time is here. Mavericks is available on the App Store, with OS X Server and iOS 7.0.3. Additionally, JAMF has released Casper 9.2 and other vendors are releasing patches as quickly as they can.

With new updates to Safari, the addition of iBooks, the new Maps app, better integration of the Calendar, Finder tagging, a new multiple display manager, newer automation features for FileVault, iCloud Keychain, new Notifications and Finder tags, Mavericks is sure to inspire a lot of people to upgrade immediately. Especially now that Apple has announced it’s free! Before you have hundreds of people upgrade in your environment though, check out the new Caching Server 2 in Mavericks Server app. It’s awesome and will help make sure you can still stream some Howard Stern while everyone is doing the upgrade.

OS X Server also gets a bunch of new updates, with Profile Manager 3 adding more that you can control/deploy, Xcode server providing code sharing, new command line options, new options within existing services, etc. Definitely check it out!

And if you need any help with this stuff, we’re more than happy to help prepare for and implement upgrades, whether it’s just for a few clients or for a few thousand!

Remote Desktop 2

Monday, October 21st, 2013
Up until the last few days, Microsoft’s Remote Desktop Connection client for OS X was getting a bit long in the tooth. But, just in case you missed it because of the Windows 8.1 update, Microsoft also released a new version of Remote Desktop Connection for Mac and its first versions for Android and iOS. Software is available only in each device’s app store:

Enroll Existing 10.8 Machines In Profile Manager (or another MDM) Using Apple Remote Desktop

Thursday, October 17th, 2013

Since we can now do less and less with MCX, we need to rely on Profile Manager for user and machine-specific management inside of OD. This is very easy if you are re-imaging all of your machines (using automated enrollment with Deploy Studio), but what about environments that have upgraded to 10.8 organically? Or if you’re attempting to manage machines that are already in use? If you’ve got ARD or SSH access, you’re in luck, as you can very easily push an Enrollment Profile that will automatically enroll the machine at the next reboot. This is done by manipulating files in /private/var/db/ConfigurationProfiles/Setup/. You can build a set of tasks in ARD to perform the following tasks.

First, we want to rm /private/var/db/ConfigurationProfiles/Setup/.profileSetupDone. At startup, OS X looks for this file and if not found, it will load any profiles found in the containing Setup folder. Make sure this command is run as root.

ARD1

Secondly, we need to actually copy the Enrollment Profile (and Trust Profile if needed) into /private/var/db/ConfigurationProfiles/Setup/. The profiles are loaded in alphabetical order, so make sure the names of the files will ensure that the Trust Profile runs first, or the Enrollment Profile will fail if you have not properly signed your configuration profiles. A good test to see if you need to send the Trust Profile as well is to install the Enrollment Profile you downloaded manually on a fresh test system – if it installs without error, you’re OK to use just that. If you get an error about needing a Trust Profile, either adjust your settings in Server.app to properly sign the Enrollment Profile in server, or install the Trust Profile on the machines as well.

ARD2

Note: You don’t have to install two profiles using most 3rd party MDM solutions, such as Casper, FileWave, etc.

It is important that we get the correct Enrollment Profile to load onto our target machines – you can’t simply log into yourserver.com/mydevices and use the profile that results from the “Enroll” link – this is a per-device file.  We need to get our Enrollment Profile from the admin page (yourserver.com/profilemanager). Once logged in, click the “+” in the bottom left corner and select “Enrollment Profile”.

Image1

Configure the profile as shown below and then download.

Image2

You can also download the Trust Profile from the same screen if needed.

Image3

Once you’ve deleted the .profileSetupDone file and loaded the appropriate profiles, the machines will self-enroll at next reboot (or if you’re a heartless admin, you can force a reboot via ARD). You can now enjoy device management via Profile Manager!

MacPorts new-ish tricks, and a new-ish trickster, Rudix

Monday, May 14th, 2012

As the bucket-loads of package providers in Puppet may lead you to believe, if we do not study history we are doomed to repeat it. Or more to the point, there is no shortage of projects focused on solving the same ‘how do I get the bits of code I want to execute on a machine installed’ issue. Mac Sysadmins have used Fink and (originally named DarwinPorts) MacPorts to acquire various open source software and unix tools not bundled with the operating system. A disadvantage many people found in those projects was the reliance on developer tools and compile time to actually go through the build-from-source process, which brings us to the news that was brought to our attention this weekend, via the Twitter: MacPorts now hosts pre-built archives for Lion, which are used automatically when available. There are a few caveats (e.g. it would only be available to the projects with compatible licensing), but this functionality was added for Snow Leopard mid-last year, along with another interesting development: you can host your own custom pre-built archives on a local network as described here.

All of this is to say that if you thought the game was over and competing projects like Homebrew had won… then you haven’t been paying attention to all those innovators, putting more tools in our belts.

Speaking of optimizations in package management, while MacPorts can generate packages once you’ve acquired the source or binary archive, another project called Rudix goes one step further and hosts packages of the software it offers on googlecode. It specifically won’t build from source, but its packages are meant to include all the necessary dependencies, and like other managers it can be driven from the command line, and uninstall as necessary. No more excuses not to have iperf or mtr when you need it, and if you’d rather have a little more control over the version of ssh-copy-id than what Homebrew provides, you can use a project like the Luggage.

Video On Setting Up File Sharing In Lion Server

Friday, May 11th, 2012

Virtual Desktop Infrastructure (VDI) for Mac OS X

Thursday, March 8th, 2012

What is Virtual Desktop Infrastructure (VDI)? VDI is technology that enables you to connect to a host’s shared repository of virtualized environments and then allows you to run them on your computer or device, but still utilizing the host’s resources. In other words, it allows you to connect to an OS dedicated to you using your local device as a remote (read: thin) client.

The difference between VDI and Terminal Services or a traditional Citrix setup is that in a Terminal Server or Cirix setup, many users are connecting to a server, sharing the resources of the server, and are all still under the same end-user OS layer and hardware ecosystem. Using VDI, each user has a dedicated virtual machine running a workstation OS, now only under the same hardware ecosystem. Some VDI tools can then be synchronized to the local workstation and run offline as well, leveraging the local systems resources.

Mac OS X was initially left out of the virtual desktop infrastructure space. But with the introduction of VMware View 4.5, users of the Apple-based platform get a chance to dabble in leveraging a virtualized desktop infrastructure in much the same way that users of other platforms can. With VMware View Client for Tech Preview, Mac users can leverage PCoIP (PC over IP) instead of only relying on Remote Desktop for connecting to their virtual desktops. The current offerings of the VMware View Client for OS X do not offer the same type of features as the Windows version, but VMware is working on matching those features across their clients.

Citrix has its own implementation of VDI called XenDesktop. XenDesktop is similar in its offerings to VMware View and is another enterprise class option in VDI implementation. OS X can connect to the virtual desktop through Citrix Receiver. A difference bewteen the two would be the protocol which is used to deliver the best virtualized desktop expeirence. While VMware View uses PCoIP (UDP Based), Citrix XenDeskop uses HDX (High Definition Experience) which is TCP based. Both do a good job at connecting to their respective virtual desktop using different protocols, and both also support using Remote Desktop to connect to the virtual desktop.

Mokafive is a newcomer into the VDI scene, geared specifically to the Mac OS X platform. Mokafive takes a different spin on VDI, and sets up the virtual desktop to utilize the resources of the local device instead of a centralized server (it should be noted though, that both XenDesktop and VMware View now offer that same capability, each with its own unique implementation). Mokafive does so from a Mokefive server using a desktop virtual machine called a LivePC that it uses as a “golden image” (a master virtual machine that’s used for deployment).  One of its main strengths is it’s easy to understand and use.

With all of the VDI options that are out, there’s an acronym that’s being used called BYOC (Bring Your Own Computer).  With this idea, companies may begin to allow more employees to bring their Macbooks to work and then run the corporate virtual desktop on their Macbooks without the IT staff having to be too concerned about line of business application compatibility on OS X since it will just run on the corporate virtual desktop.  Choosing the VDI to do this for your company seems to be more of a question of which solution lines up best with your current infrastructure/familiarity vs. simplicity. If you would like to discuss VDI or other forms of virtualization with 318, please contact your Professional Services Manager or sales@318.com if you do not yet have one.

Mac OS X 10.7.3 and 10.7.3 Server Now Available

Wednesday, February 1st, 2012

Mac OS X 10.7.3 and Mac OS X Server 10.7.3 are now available for download through software update:


The update comes with fixes to better language, smart card ServerBackup, Profile Manager, opendirectoryd/directory images, file sharing and support for a number of other aspects of the OS. Some specific aspects include disconnecting specific users w/ Server.app, more ACL information in Server.app, setting login greetings, etc.

The client update and available information is available at OS X Lion Update 10.7.3 (Client)

The client combo update and available information is available at OS X Lion Update 10.7.3 (Client Combo)

The server update is available at OS X Lion Update 10.7.3 (Server)

The server combo update is available at OS X Lion Update 10.7.3 (Server) Combo

The Server Admin Tools are available at Server Admin Tools 10.7.3

Also, ARD has been revved up to 3.5.2. It is available at Apple Remote Desktop 3.5.2 Client

Also, of note, AirPort Utility also got an update yesterday. It is available at AirPort Utility 6.0 for Mac OS X Lion

Serial Adaptors, screen and OS X

Thursday, June 9th, 2011

Many of us use a Keyspan Serial adapter to manage devices with serial ports on them. Those who find you need to console into devices but hate the fact that you have to either use Zterm (which is no longer maintained) or boot a Windows Virtual Machine will find an application called goSerial pretty handy. GoSerial makes a Keyspan serial to usb adaptor, connected with a null modem cable, useful. You will be in CLI heaven in moments. goSerial can be downloaded here.

You can also use the screen command. The screen command will open a virtual terminal and provide the functionality of an old DEC VT100 terminal. Screen is one of the more useful tools when dealing with several servers concurrently, or several VT sessions as the case may be.

To open a screen session into an APC:

screen /dev/tty.KeySerial1 2400

To open a screen session into a Qlogic:

screen /dev/tty.KeySerial1 9600

To open a screen session into a Promise RAID:

screen /dev/tty.KeySerial1 115200

To see your active screens:

screen -ls

The output will show screens similar to the following:
6077.ttys001.krypted2 (Detached)

When you list the screens you’ll note that some can be detached. You can also start a screen detached. To do so, use the -d flag when invoking the screen (or -D if you don’t want to fork the process. To attach to a detached screen, use the -r option:

screen -r 6077.ttys001.krypted2

Or if you only have one active screen that has been detached, -R will automatically reconnect to it. It can be useful to have more friendly names when working with multiple screen sessions. To attach to an attached screen session, use -x:

screen -x 6077.ttys001.krypted2

To provide an easy-to-remember name, use the -s option. To initiate a screen called simply Qlogic, using the above Qlogic rate:

screen -s Qlogic /dev/tty.KeySerial1 9600

By creating a .screenrc file in your home directory you can also set many of the options for screen.

While the screen command is useful in connecting to external devices via the command line, that’s only a small part of what screen can do. Those using the Terminal application that comes with Mac OS X have been using an environment that acts like screen for some time. You invoke tabs and new terminal windows in order to leave, for example, a session tailing logs or editing a configuration file open, while using a separate session to read a man page or start a process. Screen takes all of this and packs it into one terminal screen for environments without such an interactive command line management tool. For example, if you ssh into a Linux host in a data center, you would have to initiate 2 sessions into hosts in order to have 2 concurrently running screens, whereas you would only need to invoke one ssh session (and you may be limited to one) and still have the flexibility you have with the Terminal screen, albeit in a single window perhaps.

For example, let’s say you ssh into a RHEL box and you want to invoke an emacs editor:

screen emacs prog.c

Now let’s say that you type a few lines of a new samba config file and you want to tail the samba logs to make sure you’re augmenting the correct options:

screen tail -f /var/log/samba/log.smbd

To then switch back to emacs:

screen -R

There’s lots more you can do with screen, but this should get ya’ started!

Suppressing the PHP Version

Thursday, April 28th, 2011

Yesterday, we looked at hiding the version of Apache being run on a web server. Today we’re going to look at suppressing the version of PHP.

By default, the PHP configuration file, php.ini, is stored at /etc/php5/apache2/php.ini (in most distributions of Linux) or just in /etc/php.ini (as with Mac OS X). In this file

vi /etc/php.ini

Then locate the expose_php variable within the file. Once found, set it to Off as follows:

expose_php = Off

Doing so will not improve the overall security of a system (unless you believe in security through obscurity). However, it is a good idea and will help defeat a number of vulnerability scanners. If you do suppress the Apache and PHP versioning information for the sake of passing a vulnerability scanner on a backported distribution of one of the packages then it would be a good idea to check the CVEs for the port you are using and verify that you are secure.

Backing Up Cisco Configurations Using Mac OS X

Friday, February 18th, 2011

Before you make configuration changes on devices you should make a backup of the device. You can basically use any platform you want to backup Cisco devices. Doing so in Mac OS X starts with the Terminal. So to backup a Cisco device you must first connect to the device in Terminal either through SSH or Telnet.

Then SSH to the device using the ssh command, followed by the username, an @ symbol and then the IP address or hostname of your device. Here, we’ll use an example of 64.32.49.172:

ssh admin@64.32.49.172

Note: One could also use telnet using the same type of string, but ssh is more secure.

Next, provide the password and you will see a prompt with the device name. Once connected to the device you will need to go into enable mode by typing “en” at the command prompt and hit enter. It may prompt you for an elevated privileges password, which you will need to know.

Once complete you will notice that the prompt turns from a > to a # symbol. The # symbol is akin to having root access. Now to backup the configuration of this device you will enter “show run” which is short for show running-config:

show run

You will see a ←-more→ prompt at the bottome of the page. Just hit the space bar until you are back a the prompt. Once you are at the prompt you will highlight all the text using your mouse that was just generated in the terminal and after its all highlighted hit “Command C” to copy the contents. Open your favorite text editor and use the “Command V” to paste the text. Be careful to use plain text here (I prefer to just use pico or vi rather than Word or TextEdit). Save the file as your configuration backup file for the Device.

NOTE: If you want to also get the IOS (IOS is different than iOS) version info you can run the “show version” instead of the “show run” command. And use the same steps to cut and paste.

If you cannot log into a device remotely, you can use a Keyspan adapter to use the serial port to connect to the device.

Patch Management Made Easy: StarDeploy

Wednesday, December 22nd, 2010

There is a new donateware tool available for Mac OS X called StarDeploy. StarDeploy is a straightforward patch management solution that allows you to place items in Applications, Libraries or User Folders on a centralized server and have those items sync to client systems. StarDeploy also allows you to push out packages using the centralized file share as well.

The combination of StarDeploy and DeployStudio allows you to image and then patch manage systems in simplistic environments fairly quickly, easily and to do so in a cost effective manner. However, StarDeploy isn’t as object oriented as JAMF’s Casper Suite, FileWave, Symantec’s Altiris or other solutions you may currently be using or reviewing. The solution manages somewhat flat structures. You can create multiple file shares if you have multiple groups, but compared to how Casper or other comparable tools operate, this could get somewhat tedious to manage in complex environments. However, the cost is a donation that you can make and so it is inexpensive.

In our use, StarDeploy has been able to easily push out packages to a large number of systems very quickly. The packages that you build for StarDeploy can then be moved into other solutions if you outgrow StarDeploy. This makes for a nice modular approach where you can grow into a more complex solution or even have StarDeploy work in conjunction with other solutions; for example: allowing StarDeploy to manage lab environments and using a more robust solution for more robust environments.

Overall, StarDeploy makes an excellent addition to the toolkit of anyone with a keen eye on managing large numbers of Mac OS X systems. If you would like to discuss using StarDeploy, JAMF’s Casper Suite, FileWave or other products for patch management, contact your 318 Professional Services Manager or sales@318.com today!

318 Press Releases

Friday, December 17th, 2010

Today, 318 released two press releases pertaining to initiatives within the mobility space. These include the following:

http://www.marketwire.com/press-release/Challenged-by-Deployment-of-Apple-iPads-in-Your-Enterprise-Tips-From-318-Consulting-1371111.htm

http://www.marketwire.com/press-release/Leading-Enterprise-Class-Apple-Consultancy-318-Becomes-iPad-Reseller-1371114.htm

Also worth note is that 318 has been a reseller for Research in Motion, the makers of the Blackberry and Blackberry Enterprise Server, Google Apps and a number of other solutions that fit nicely into the mobility space. If you would like to discuss any of these topics please reach out to us at 877.318.1318 for more information on services and products that 318 can work to integrate and manage for your organization.

Have iPad, Must Print?

Wednesday, December 8th, 2010

iOS 4.2 introduced a number of new features for the iPad. One of the most talked about was multi-tasking, along with AirPlay and Game Center. But another feature allows the iPad to be used by more people when at work: AirPrint. AirPrint introduces the ability to wirelessly print to AirPrint-enabled printers.

AirPrint-enabled printers are not yet common though, with HP having a number of devices supporting AirPrint currently include HP’s Envy e-All-in-One D410a, Photosmart Plus e-AiO (B2210a), Photosmart Premium e-AiO (C310a) and Photosmart Premium Fax e-AiO (C410a).

If you have a printer that you love and don’t want to wait for a new version of the firmware that supports AirPrint or want to buy one, then there is a great little app called Printopia that can be used to print through your computers, or even to image files on your computer. Printopia can be found at http://www.ecamm.com/mac/printopia.

Printing is not yet available for all apps that you may have installed. It is built into Safari, Mail, Photos, Pages, Keynote and Numbers. Printing is also available in some newer versions of third party applications.

Note: Printing is not available for any devices that do not yet support multi-tasking (which includes the iPhone 3g by the way).

Thinking Outside the Box: CrashPlan Pro

Monday, November 8th, 2010

There are a lot of organizations who are rethinking some basic concepts in Information Technology. One of these concepts is that you need to own, duplicate and even replicate user data between each of your sites so that you can have roaming profiles in Windows and mobile home directories in Mac OS X. For organizations with a large number of labs and users who roam between them, these challenges, which have dominated the infrastructure side of IT have been cumbersome for the past 15 to 20 years. But let’s rethink the “why.”

If you have labs, common in K12 and Higher Education but not so common in the corporate world, you need network home folders on the Mac OS X side, or its sister, portable home directories. On the Windows side, you need folder redirection. But a growing number of education environments are practicing the art of the one-to-one deployment, which strongly resembles what can be seen in the corporate world.

Between the big iron, massive SANs attached to the core switches licensing for DFS heads and the like, it can all get cost prohibitive. But we still do it because we think we need our data replicated. And some of us do. But one thing that we often say is that this data is not a backup. So if it isn’t a backup then how do we back these systems up. And if we do need to back these systems up then why are we also performing a layer of redundant synchronization? Does all of this result in 3 or 4 copies of the data, all in a from that cannot be reduplicated?

The end of the Xserve is nigh, and now for something completely different?

Awhile back, someone told me that you could back an unlimited amount of data up to the cloud for a price that was so cheap that I was stunned. There were a couple of products that I reviewed: CrashPlan and Backblaze. Both are pretty darn awesome. But the bandwidth to back 3,000 users up to someone else’s cloud can become pretty darn cost prohibitive. Enter CrashPlan Pro: you can host that cloud in your own location, or in multiple locations if you have the need to do so, and all on relatively inexpensive hardware, either leveraging the hardware that you already own or even the CrashPlan Pro appliances, rack mountable goodness that scales to store up to 72TB of data per unit, to store data that gets deduplicated before it gets copied to the device over the wire, providing substantial storage savings, not to mention reduced congestion on your wire (or wireless).

And to top it all off, CrashPlan Pro offers extensibility in the form of a REST-based API that allows building that which you may need but which the developers have not yet though (or more likely had time) to build. The API actually makes CrashPlan Pro a possible destination for Final Cut, amongst other things.

Oh, and did we mention the client can run on Mac OS X, Windows, Linux and Solaris?!?!

318 partners with a number of vendors to help you rethink your IT conundrum, leveraging the best advances of today and tomorrow. We are pleased to add CrashPlan as our latest, in a long list of valued partners. Contact your 318 Professional Services Manager, or sales@318.com now for more information.

MergeSafBookmarks Now Open Sourced

Tuesday, December 22nd, 2009

318 has open sourced our mergeSafBookmarks python script. This tool can read in a pair of property lists and merge them into a single resultant bookmarks file for Safari. This takes a lot of the work out of pushing bookmarks to existing users as part of your deployment. You can find it here:

http://mergebookmarks.sourceforge.net

Note: The script also looks at existing bookmarks and doesn’t merge in duplicates.

318 Open Sources the ASR Setup Tool

Monday, December 14th, 2009

318 has decided to open source our ASR Setup Tool under GPLv3. The tool can now be found at http://asrsetup.sourceforge.net. The ASR Setup Tool is built as a wrapper for the asr command line suite from Apple. The description from SourceForge:

Developed by 318 Inc., ASR Setup Toll is an application for setting up Apple Software Restore (“ASR”). In the context of the ASR Setup Tool, ASR is used for setting up a multicast stream that can then be leveraged for imaging Mac OS X computers.

We hope you enjoy!

Google Apps Connector for BlackBerry

Wednesday, December 2nd, 2009

Using the Google Apps Connector for BlackBerry means that your Blackberry users can keep using the mobile platform that they love, with Google Apps. The Google Apps Connector allows users to access mail, calendar and contacts using the built-in applications for doing so rather than needing a 3rd party application. The Google Apps Connector plugs into BlackBerry Enterprise Server and connects from your organization to Google, handing off the traffic destined to handhelds through Research In Motion in much the same way that Blackberry Enterprise Server for Exchange works.

The 1.5 version of the Google Apps connector for Blackberry has now been released. This update brings maturity, additional capacity and overall performance enhancements. But most importantly, it can be run on 64-bit operating systems. You can also now use BlackBerry Professional with the Google Apps Connector for BlackBerry Enterprise Server.

If your organization is considering a move to Google Apps, contact 318 now and we can help to plan the transition; whether from Exchange or Lotus Notes or even good ‘ole postfix, 318 is here to help!

Mac OS X 10.6.2 Now Available

Monday, November 9th, 2009

For those considering a migration for Snow Leopard or those who have already moved into Snow Leopard, you will be interested to know that Apple has released the 10.6.2 update that has been in progress for some time. Updates and issue resolutions that are included (from Apple):

  • an issue that might cause your system to logout unexpectedly
  • a graphics distortion in Safari Top Sites
  • Spotlight search results not showing Exchange contacts
  • a problem that prevented authenticating as an administrative user
  • issues when using NTFS and WebDAV file servers
  • the reliability of menu extras
  • an issue with the 4-finger swipe gesture
  • an issue that causes Mail to quit unexpectedly when setting up an Exchange server Address Book becoming unresponsive when editing
  • a problem adding images to contacts in Address Book
  • an issue that prevented opening files downloaded from the Internet
  • Safari plug-in reliability
  • general reliability improvements for iWork, iLife, Aperture, Final Cut Studio, MobileMe, and iDisk
  • an issue that caused data to be deleted when using a guest account

Mac OS X 10.6.2 represents Apple coming another step to making Snow Leopard ready for mass integration in most any environment. If you have not already done so, consider contacting your 318 representative now to start planning for your migration!

318 & MacWorld 2010

Thursday, September 24th, 2009

318 is proud to announce that we will have 3 speakers doing a total of 4 sessions at the upcoming MacWorld Conference & Expo in San Francisco in February. Speakers will be Beau Hunter, Zack Smith and Charles Edge.

We will also be announcing some events as the conference gets closer. If you are planning to attend then you can sign up here. We hope to see you there!

Video: Increase MTU on Mac OS X

Tuesday, July 28th, 2009

Mass Deploying Firefox Preferences for Mac OS X

Friday, April 24th, 2009

Firefox has a number of preferences.  Not all are available in the GUI.  To access these preferences, you can simply open Firefox and type the following in the address bar:

about: config

This will allow you to customize preferences, whether or not they’re otherwise known, line by line.  These can then be copied between users, by inserting lines into the preferences file.

Like with most applications on Mac OS X, the preferences for Firefox can be deployed en masse.  It is a bit more complicated than deploying preferences for some other applications.  The reason for this is that the path to the preference file isn’t the same for all users.  The file is located in the ~/Library/Application Support/Firefox/Profiles directory.  It is an 8 character string followed by .default.  For example, lzwntwo9.default.  In this folder is a file called prefs.js, which contains all of the preferences for Firefox.  For example, the following line will disable the check for whether you wish Firefox to be the default web browser for a user:

user_pref(“browser.shell.checkDefaultBrowser”, false);

Once you know what preferences you’d like to push out there are two options to do so (there might be more, but these are the two we’ve used):

  • The first is to edit items in the Firefox.app bundle.  Most of these can be edited using the /Applications/Firefox.app/Contents/MacOS/defaults/profile/prefs.js file, although the home page will be set using the /Applications/Firefox.app/Contents/MacOS/browserconfig.properties file.  One note is that when you go to customize the prefs.js file it will give you a fairly nasty warning, but then it will push changes out to new accounts; however, don’t make any changes while the application is open.  Additionally, this method requires deleting the existing preferences, so if you simply want to push out updates you’ll need to resort to the second method.
  • For the second method, we look at a script that finds the name of the directory located in ~/Library/Application Support/Firefox/Profiles for the user (or all users for computer-based policies) of the system.  We then set that as a variable.  For example, using the output of ls ~/Library/Application\ Support/Firefox/Profiles/ as a variable called FFPREFSFOLDER would then be used to alter the contents of the js file using ls ~/Library/Application\ Support/Firefox/Profiles/$FFPREFSFOLDER/prefs.js as the actual path of the file for a user.

Now you can insert (or replace) the line that makes up the specific preference.  This isn’t nearly as clean as using defaults to push out Safari preferences.  But it does provide a way to push out Firefox preferences, be it as a file drop to replace the preferences in the application bundle or as a line edit to alter settings of an existing users browser.

Enable and Disable Root from the Command Line

Monday, April 6th, 2009

In Tiger and below you used NetInfo Manager to enable and disable the root account in Mac OS X.  However, in Leopard and above you use the Directory Utility.  But you can also use the command line.  In /usr/sbin there is a handy little tool called dsenableroot.  To use it, simply open up Terminal.app and type dsenableroot.  It will then prompt you for your password.  Provided you type that correctly it will then prompt you for the password you desire the root account to have twice.  Assuming the target passwords match, at this point you should see something similar to the following in your secure.log file:

Apr  6 09:38 client162 com.apple.SecurityServer[22]: checkpw() succeeded, creating credential for user root

There are other options you can use with the dsenableroot command.  The -u, -p and -r flags can be used to put the username, password and root password into the command, so that it is not interactive.  For example, the following would set the root password on a machine to TANSTAAFL! and use the username of Mike with a password of WyomingKnott:
dsenableroot -u Mike -p WyomingKnott -r TANSTAAFL!
The dsenableroot command can also disable the root account.  To do so, simply use the -d flag.  This can be done interactively with just dsenableroot followed by -d.  It can also be done as in the above example in a non-interactive manner (useful for scripting or sending via ARD):
dsenableroot -d -u Mike -p WyomingKnott
You can also use dsenableroot to change the password of the root account, or stick with the passwd command for that.
There is an undocumented option with dsenableroot, but it’s simply a very unexciting way to get a version:
dsenableroot -appleversion
Which should spit out a comma delimited output (well, almost) that can be used to (for example), verify that the dsenableroot command hasn’t been tampered with (although a checksum might be better for something like that):
dsenableroot, Apple Computer, Inc., Version 112

Mac OS X: Show Only Active Apps in the Dock

Thursday, April 2nd, 2009

The dock should have the applications you commonly need to get to.  However, some simply want it to show them the applications that are open.  You can do this by running the following command:

defaults write com.apple.dock static-only -bool TRUE

Once run, reboot, or just restart your dock with the following command:

killall Dock

To undo it:

defaults write com.apple.dock static-only -bool FALSE

Disable Shadows for Screen Shots

Wednesday, March 4th, 2009

Shadows make our screen shots look better. But we can’t always use them. There are times when we need to go ahead and disable them due to some reason or another. If you need to disable the shadows on screen captures, you can do so using the following command:
defaults write com.apple.screencapture disable-shadow -bool true

To then enable the shadows, you would use the following command:
defaults write com.apple.screencapture disable-shadow -bool false

File Replication

Thursday, February 19th, 2009

Performing replication between physical locations is always an interesting task. Perhaps you’re only using your second location for a hot/cold site or maybe it’s a full blown branch office. In many cases, file replication can be achieved with no scripting, using off the shelf products such as Retrospect or even Carbon Copy Cloner. Other times, the needs are more granular and you may choose to script a solutions, as is often done using rsync.

However, a number of customers have found these solutions to leave something to be desired. Enter File Replication Pro. File Replication Pro allows administrators to replicate data between two locations in a variety of fashions and across a variety of operating systems in a highly configurable manner. Furthermore, File Replication Pro provides delta synchronization rather than full file copies, which means that you’re only pushing changes to files and not the full file over your replication medium, greatly reducing required bandwidth. File Replication Pro is also multi-platform (built on Java), allowing administrators to synchronize Sun, Windows, Mac OS X, etc.

If you struggle with File Replication issues, then we can help. Whatever the medium may be, give us a call and we can help you to determine the best solution for your needs!

Indicating a Software Update Server in Mac OS X Tiger

Sunday, June 11th, 2006

It is possible to specify a server for the Software Update application or service to use in Mac OS X 10.4. Simply open a Terminal window and type the following commands (for these examples, we are using the 318server as our software update server):

defaults write com.apple.SoftwareUpdate CatalogURL “http://318server.three18.com:8088/”

This writes the pref only for the user that runs the command, and only affects the GUI Software Update tool.

defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL “http://318server.three18.com:8088/”

Writes the pref system-wide, so any user on that system who runs the GUI tool will get the specified server.

sudo defaults write com.apple.SoftwareUpdate CatalogURL “http://318server.three18.com:8088/”

Writes the pref for the root user, so the command line ‘softwareupdate’ tool will use the specified server. Especially handy if the system is managed by ARD, since the softwareupdate command is invoked using the root user.