Mac OS X Server Mac Security Mass Deployment

Mail Chapter of Take Control of OS X Server Now Available

The Mail Server chapter of the Take Control book is now available up on I’m always torn when it comes to writing chapters on setting up mail servers. Is it socially irresponsible to help people potentially (but accidentally) create spam bots…

TCo OS X Server 1.0 Cover for PDF

Mac Security


How does he keep doing it?!?!?

Mac Security Mass Deployment MobileMe Network Infrastructure

Network Port Testing With Netcat

You can do some pretty simple testing of ports and network communications using strategies I’ve outlined in the past with tcpdump, trace route, telnet, curl, stroke and of course ping. However, netcat has a few interesting things you can do with it; namely actually run a port super-quickly to test traffic between subnets, forcing scans of ipv6 traffic, debugging sockets, keeping connections alive, parodying through SOCKS 4 and 5 and just checking for daemons that are listening rather than actually sending data to them.

In this first example, we’re going to just check that Apple’s web server is accessible (adding -v for verbose output):

/usr/bin/nc -v 80

The result would be pretty verbose

found 0 associations
found 1 connections:
outif en0
src port 50575
dst port 80
rank info not available
TCP aux info available

Connection to port 80 [tcp/http] succeeded!
HTTP/1.0 408 Request Time-out
Server: AkamaiGHost
Mime-Version: 1.0
Date: Tue, 29 Jul 2014 15:41:34 GMT
Content-Type: text/html
Content-Length: 218
Expires: Tue, 29 Jul 2014 15:41:34 GMT

<TITLE>Request Timeout</TITLE>
<H1>Request Timeout</H1>
The server timed out while waiting for the browser’s request.<P>

If we added a -w to timeout we’ll cut out all the cruft (but wouldn’t know that the server’s at Akamai). Next, we’ll get a little more specific and fire up a test to check Apple’s push gateway at, using port 2195:

/usr/bin/nc -v -w 15 2195

But, I want the cruft for the purposes of this article. Next, we can add a -4 to force connections over IPv4 and check the Apple feedback server and port 2196, also required for APNs functionality:

/usr/bin/nc -v -4 2196

Right about now, something is probably happening at Apple where they’re getting sick of me sending all this data their direction, so let’s add a -z option, to just scan for daemons, without actually sending any data their way:

/usr/bin/nc -vz -4 2196

Because of how NAT works, you might notice that the src port keeps changing (incrementing actually). Here’s the thing, we’re gonna’ go ahead and force our source port to stay the same as our destination port using the -p option:

/usr/bin/nc -vz -4 -p 2196 2196

Now, what if this is failing? Well, let’s spin up a listener. I like to start on my own subnet, then move to another subnet on the same network and ultimately to another network so I’m checking zone-by-zone so-to-speak, for such a failure. So, we can spin up a listener with netcat in a few seconds using the -l option on another host:

/usr/bin/nc -l 2196

Then I can scan myself:

/usr/bin/nc 2196

I could also do this as a range if I forgot which port I used per host:

/usr/bin/nc 2195-2196

Now, as is often the case, if our connection problem is because data isn’t parodying, we can also use nc to check that using the -x operator followed by an IP and then : and a port. For example:

/usr/bin/nc -vz -4 -w 10 -p 2196 -x 2195-2196

Fun times with push notifications. Enjoy.

Mac OS X Mac OS X Server Mac Security Mass Deployment public speaking

MacAdmins 2015

I was super-bummed that I missed the MacAdmins conference at Penn State University. But, all is not lost as MacAdmins will be held July 8-10 in 2015 at the Penn Stater Conference Center and I’ll be able to see all those awesome people there next year!

In the meantime, something fun and new is the 2014 MacAdmins Playlist to maybe get exposed to some new stuff:

As an aside, here’s a fun pic of @derflounder and I (and others) doing a round table from a few years ago on the Penn State site:

Screen Shot 2014-07-15 at 1.25.10 PM



No Tasks In The Sprint Got Moved To The Backlog!


Mac OS X Mac OS X Server

(Cross-Post) Video from JSS-autopkg-addon Presentation

JSS-autopkg-addon Presentation from Allister Banks on Vimeo.

(Guest post by Allister Banks)

On June 26th, I had the pleasure of being invited by @Tecnico1931 to the NYC Metro JAMF user group meeting.

A worksheet I created for this event may be found here:

See also Shea Craig’s python-jss, and thanks go out to James Barclay, Sam Johnson, and all the folks mentioned in the video.



Some time ago, I had the good fortune of reading Guy Kawasaki’s Enchantment (thanks to MacTech for hooking me up with it!). It was a book filled with many of the things that are good in the business world today and how to make them better by adopting them in your own organization. Since reading that book, I’ve looked for enchantment. I’ve searched in the technology coming out of new products, in social causes that I’ve become involved with, in trips out of town and within myself.

Today (now yesterday), I was truly enchanted. At my new employer, there is a charitable foundation publicly released at the JNUC last year. I thought it was cool when it was introduced. But seeing the eyes of the person that administers the program light up as she went through all the nooks and crannies and seeing the importance placed upon it at the organization really made me take an even greater notice.

I like to give my time and whatever resources possible back to my community. I’ve never considered this charity, nor my duty, nor commendable, nor enough. Instead it’s just part of being a person. To see someone who is so enchanted with what the company is doing in that regard, that they can bring that enchantment to others and engage a room of new hires fresh off a heavy lunch (let alone keep them awake) was just… enchanting.


Thanks to all involved for the experience and I look forward to many more like it!

Mac OS X Mac OS X Server

Chapter 5 of Take Control of OS X Server Now Available

Chapter 5 of my next book is now available from for members at

TCo OS X Server 1.0 Cover for PDF

While much of the chapter ended up on the cutting room floor, it’s worth mentioning that it is tailored to the audience. I think I learned a valuable lesson here, in reviewing too much vs. too little vs. just enough. Thanks again to Adam and Tanya for their infinite patience and wisdom!

Mac OS X Mac OS X Server Mac Security Mass Deployment

Interviewing Duncan for

Totally fun doing these interviews. If you’ve got a good story to tell, let’s do an episode!

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Minneapolis

Come One, Come All: To The JAMF Nation User Conference

If you do deployments of Apple products, there are a few conferences to look at. Based on where you are and what industry you are in, some of these are better than others. But if you use the Casper Suite or are considering doing so, it would be really hard to beat JNUC, the JAMF Nation User Conference.


And yes, I’d of said all this and posted this even if I hadn’t of come to work here a week and a half ago! So come one, come all to Minneapolis. And if you’re really nice, we’ll hook you up with some good old fashioned Minnesota lutefisk!