Posts Tagged ‘profile’

Install A Profile On Apple TV Using Apple Configurator

Tuesday, November 13th, 2012

With a recent software update administrators gained the ability to apply network management profiles to 2nd and 3rd generation Apple TV devices. Apple TV supports applying profiles via HTTP download or using the most recent update to Apple Configurator, which had been for iOS devices only.

Applying a profile to an Apple TV using Apple Configurator requires:

Create a Wifi configuration

Most options in Apple Configurator apply only to iOS devices but wifi settings will apply to Apple TV as well. Creating a profile to configure wireless network settings can be useful for deploying multiple Apple TVs and preventing network changes.

  1. Launch Apple Configurator and make sure the Prepare pane in the toolbar is selected.
  2. Enter a meaningful name for this configuration.
    Start Apple Configurator
  3. Click the ” + ” button (plus) at the bottom of the window and select Create New Profile… from the drop down menu.
  4. Under the General settings payload of the new profile complete the mandatory fields of the payload.
    Profile General Settings
  5. Be sure to scroll to the bottom of the General settings payload window to include additional security information for allowing removal of the profile.
    General security settings
  6. Select Wi-Fi settings payload in the left column and populate the settings to join the Apple TV to a wireless network.
    Wi-Fi settings
  7. Click the Save button and the new profile will appear in the Profiles list for the configuration.
    Profiles list
  8. At this point connect the Mac to the Apple TV using the USB cable. If necessary, unplug the video cable leading to the television.
  9. Click the Prepare button at the bottom of the Apple Configurator window and click the Apply button when prompted.
    Apply
  10. The name from the Apple TV will appear in the right column and details about the progress will flash below the name. Applying the configuration should take just a few seconds. When the progress indicator to the right shows complete disconnect the USB cable from the Apple TV.
    Applying settings

Verify the profile

The profile name appears on the Apple TV under Settings.

  1. Navigate to the main menu of the Apple TV.
    Apple TV main screen
  2. Select Settings –> General.
    Apple TV settings
  3. Scroll to the bottom and select Profiles. Select the Apple TV – Wifi profile that was upload via Apple Configurator to view its details.
    Apple TV profile

If the profile allows removal then the Remove Profile button is available at the top of the profile information screen. Otherwise, it’s dimmed. The Apple Configurator can overwrite this profile with another one that allows it to be removed.

Publishing the profile to a website

Apple Configurator can also create a .mobileconfig file to publish to a website for download directly to the Apple TV. To create the file return to the Profiles list on the Prepare pane and highlight one or more profiles. Click the Share icon at the bottom to save the file.

Sandboxing Chrome

Friday, April 23rd, 2010

Thanks to Google for referencing our post introducing sandbox in their sandboxing design document for Chromium at:

http://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design

Their use of sandbox is really over and above what we’ve seen from any other vendor. Each installation contains 3 distinct sandbox profiles (currently I have 4.0.249.49 and version 5.0.342.9 although mileage here may vary according to updates), each profile allowing access to only files and resources that are absolutely necessary to complete the task that the process that leverages them requires. You can see the specific resources that are accessible by looking at these profiles. The profiles are located at:

  • /Applications/Google Chrome.app/Contents/Versions/4.0.249.49/Google Chrome Framework.framework/Resources/renderer.sb
  • /Applications/Google Chrome.app/Contents/Versions/4.0.249.49/Google Chrome Framework.framework/Resources/utility.sb
  • /Applications/Google Chrome.app/Contents/Versions/4.0.249.49/Google Chrome Framework.framework/Resources/worker.sb
You can view them easily using a simple cat command:

cat /Applications/Google\ Chrome.app/Contents/Versions/4.0.249.49/Google\ Chrome\ Framework.framework/Resources/renderer.sb

You can then edit the profiles easily. For example, if you want to enable debug logging for sandbox, etc. This allows you transparency into what Chrome is doing but also allows you to further tighten security. Although, they have really taken their time to secure Chrome well and locked things down, so we doubt much further restriction is necessary or really possible. Overall, Chrome provides a great example of taking sandbox to the next level and extending it much more into the applications with graphical user interfaces than we’ve seen it extended to thus far.

Terminal Server 2008 Load Balancing

Thursday, February 12th, 2009

Load balancing is fairly straight forward in Microsoft Windows Terminal Server 2008.  Before you get started you’ll need to have multiple terminal servers, a Windows 2008 Active Directory environment and a centralized location to store your user profiles. 

When setting up Terminal Servers with load balancing and redirected profiles, no single terminal server should get overloaded by users while another terminal server sits idle.  When a user tries to connect to the terminal server, the master terminal server checks the load on each one of the servers.  It then logs the user into the terminal server with the least load.  Since redirected profiles are setup, every user that logs in will have all of their desktop items, documents folder and pretty much everything that they will need.  The user does not even need to know that they are on a different terminal server then they were the last time that they logged in.

To install Terminal Server clustering first verify that you meet the prerequisites of centralized home folder storage, Active Directory 2008 and multiple terminal servers.  Then install the TerminalServer Session Broker service on each one of the servers.  Then on one of the servers, you need to add all of the terminal servers into the session directory under groups in Local Users and Groups.  You only need to add it on one server and the change will replicate.

The next thing you need to is setup an alias and put all of the IP addresses for the terminal servers to be associated with that alias.  Once complete, when you do an nslookup on that alias, it should display all of the IP addresses that you entered.           

Then you will need to make some changes to group policy.  It appears that you must have a 2008 Domain Controller setup with the most upgraded schema to be able to do this.   Go to Computer Settings -> Policies -> Administrative Templates -> Windows Components -> Terminal Services -> Terminal Server and then TS Session Broker.  In here you need to put the name of the alias under Configure TS Session Broker Farm Name.  Then put the name of main terminal server in Configure TS Session Broker name.  Also you need to enable Join TS Session Broker and also User TS Session Broker Load Balancing.  After you have that setup, save the Group Policy Object (GPO) and attach it to the Organizational Unit (OU) that holds the terminal servers.

Once your group policies are in place you can focus on making the lives of your users a bit easier by enabling redirected user profiles.  First, you will need a place to put all of the user profiles.  Then you will want to move all of the users that need to access the terminal servers into a new Organizational Unit, create a new group policy object and enable folder redirection.  To enable folder redirection, go to User Configuration -> Policies -> Windows Settings and then Folder Direction.  Here, enable each folder redirection policy that you feel the users in the organization will need (this is different for everyone and can require a little testing to get it perfect).  While the choices are a lot to consider at first, Appdata, Desktop and My Documents are the most standard ones to choose and represent a great starting point.  The basic setting is what you will most likely want to use and then just put the root path to your profile in.  It will then give you an example of where everything will be stored and you will verify that the user names and the folders that you created on the network share are the same.

Once all of the users will be able to log into any of the terminal servers and get the same exact environment no matter which server they log into you are mostly done.  Setting up load balancing, the worry of one terminal server being over used is no longer something you need to worry about with 2008.  Once the cluster is setup, the master terminal server will take care of the rest.