Monthly Archives: August 2009

Mac OS X Mac OS X Server Mac Security Mass Deployment

afp548 on Snow Leopard's Source Based Routing

I posted another article on Snow Leopard/Snow Leopard Server at afp548.com. This one is on the new Source Based Routing features available in Snow Leopard. Check it out here.

certifications Mac OS X Mac OS X Server Mac Security Mass Deployment

Snow Leopard Certifications

Apple has released the Snow Leopard certification information and site. To make a long story short, for those who are ACSA inclined, you basically have the Apple Certified Support Professional, which is just one exam based on the Snow 101 course. You then have the Apple Certified Technical Coordinator (ACTC), which is the Support Essentials Exam along with the Server Essentials Exam, based on the Snow 201 course.

Now for where the changes come into play. First and foremost security has returned, although it’s been lumped in with mobility, likely to focus the syllabus on settings through managed client (ie – automated FileVaulting). Therefore, I guess the SANS course will no longer be needed (I wrote it following the cancellation of the Apple security course), so this can be a pseudo-announcement that it is going away.

You can take Directory Services, Deployment or Security + Mobility (these are Snow 301, 302 & 303 respectively) in conjunction with the aforementioned Server Essentials Exam and then have an Apple Certified Specialist in that category. If you take all three then you will be an Apple Certified Systems Administrator. Overall, for most, not a lot of changing up in the program, but adding the additional specialist certifications is interesting and similar to how Microsoft added the MCTS which given the number of products Microsoft makes has a lot of potential choices for exams, each with its own unique identifier.

Mac OS X Mac OS X Server

Hey Snow Leopard, Where's My QuickTime Broadcaster

As you may have noticed, I’m posting a lot about where tools have moved or what happened to them right now. Next on my list is QuickTime Broadcaster. It’s no longer included in Mac OS X client. So to install it, go to the /Applications folder on Mac OS X Server 10.6. I’ll try and put future items into a single post so as not to pollute news readers out there. Thanks for the patience.

Mac OS X Mac OS X Server Mass Deployment

Snow Leopard & Directory.app

If you grew accustomed to using Directory.app in Leopard and you’re thinking about an upgrade to Snow Leopard then you might want to pause, if only for a moment. You see, there is no Directory.app in Snow Leopard. If you were using Directory.app to allow users to create Blogs and Wikis, then check out the new web interface and see if the specific functionality you seek is there; otherwise look into SACLs and consider pushing out Workgroup Manager. If you were using it to hook into LDAP and allow for looking up contact information then check out Address Book Server, included in 10.6 Server…

Active Directory Mac OS X Mac OS X Server Mass Deployment

Directory Utility in Snow Leopard

In Leopard, the Kerberos application got mad because the other utilities were making fun of him. So he went and hid in /System/Library/CoreServices and became an application that was summoned by other applications (ie – Keychain Utility) when they couldn’t do their own work and needed him. Directory Utility saw this and decided it looked like a pretty darn appealing way to go. So Directory Utility has now moved into /System/Library/CoreServices. Not that you will always need to use her. You see, if you open the Accounts System Preference pane and click on Login Options you’ll see Network Account Server. Here you can click on Join. With more space in the /Applications/Utilities playground it’s now possible for others to join in the fun. Especially since there are a few developers (such as DeployStudio) who now like to go there to hang out (even if they are uninvited, being from the wrong side of the development tracks and all).

Mac OS X Mac OS X Server Mac Security

Article on Malware on afp548.com

I did a little article for afp548 on how the new malware protection stuff in Snow Leopard works. If you’re in the mood to get your geek on, check it out at:
http://www.afp548.com/article.php?story=20090826235425679

Mac OS X Mac OS X Server

Using Podcast Composer in Podcast Producer 2

In Snow Leopard Server, Apple has introduced a whole new way to make Podcast workflows. It’s now simple to use, but still with amazing and powerful new automations that give Podcast Producer admins the ability to configure a host of new options quickly and easily. To get started, first setup Podcast Producer. Then, fire up Podcast Composer and go through 7 quick steps. First, provide a default name, author name and title for your workflow, then click on step 2.

Podcast Composer Step 1: Select a Source

Podcast Composer Step 1: Title & Author Information

In step two you’re going to configure the source of the video and audio. For each of the three options, Single Source, Dual Source and Montage, you’ll have an i to obtain more information about the source and configure settings more granularly. Single Source will perform much of the same functionality as Podcast Composer 1, you can select audio, video or Screen Recording (aka – screen capture). There’s a nice new feature for Automatic chapter generation for longer videos now, as well. Dual Source will allow users to use Keynote along with the video being captured, one of the coolest aspects of Podcast Composer 2 by far. You can select how the Keynote will interact with the video using some transitions familiar to users of both Keynote and iMovie. Finally, you can select Montage, which will use QuickLook to transition between various movies, images, documents (Word, Pages, PDF) and presentations (PowerPoint & Keynote) – if QuickLook can interpret it then you can drop them in.

Podcast Composer Step 2: Select a Source

When you’ve defined your source, let’s move on to Step 3, a very basic editorial workflow going from left to right on the screen, again using the information overlay (when you mouse over an item) to first define an Introduction movie, then a title sequence and effects for the title (which is user defined using your defaults), then the watermark (which you can now place anywhere on the screen, control the opacity for and place a bar along the bottom with information from your title bar and finally you define the exit credits. For all of these Apple has provided some stock footage but you can also define your own as well.

Podcast Composer Step 3: Intros, Outros & Watermarks

In step 4, define the output format (or formats as you can output a number of different clips if you so choose). Here, you can set the video and audio codecs that you would like to use. You don’t actually usually need to change anything in this step once it has been predefined in the workflow on the server.

Podcast Composer Step 4: Export Settings

Podcast Composer Step 4: Export Settings

In Step 5, choose where the recordings are to end up.  Using this is really nice as you can simultaneously send your new podcast to a wiki, a Final Cut Server and a workflow-defined directory.  If sending to a directory or a Final Cut Server then you have the option to perform further automations against the file.

Podcast Composer Step 5: Destinations

Podcast Composer Step 5: Destinations

In Step 6, choose who to notify (if anyone) about the new podcast.

Configuring Notifications in Step 6

Step 7 is to deploy the podcast workflow to your server. Simply click Save to output a file or Deploy to actually add that workflow to a Podcast Producer server (plug in host name, user name and password and hit save). Now, when users go to use Podcast Capture they’ll be able to use the new workflow!

Podcast Composer is a great start to allowing systems administrators to take more use of Podcast Producer 2 and all its new features without having to go out and learn complex ruby programming. I hope you enjoy it as much as I clearly have been.

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

Snow Leopard Server Videos

A number of videos I’ve been working on for Snow Leopard Server topics. My first time experimenting with YouTube playlists so please be gentle if it’s weird looking… They’ll be posted individually into the 318 TechJournal shortly. These are mostly covering the new features of Mac OS X 10.6 Server, although some of the older videos might be on other topics.

Mac OS X Mac OS X Server Mac Security Xsan

Hey Spotlight, Skip This Folder…

Whether it’s an Xsan with a wacky mdworker thread, a regular old box trying to scan a whole bunch of files you want it to skip or even a directory that you want to keep private, you can tell Spotlight not to scan a specified folder on your system. Simply use the following command, with the working directory of the shell as whatever directory you want skipped:

touch .metadata_never_index

In other words, create a file called .metadata_never_index in a folder and Spotlight will skip it. This isn’t to say it skips subfolders…

Mac OS X Mac OS X Server Mac Security Mass Deployment

Kickstarting ARD

The Command Line Fibre Channel Management and Setting up the Network Stack from the Command Line articles I did on Xsanity covered a couple of tasks that you more than likely perform on every client system you setup.  Now let’s look at another.   Whether you are deploying Xsan or managing it, assuming you have more than 1 machine to manage (and why would you use Xsan if you don’t) then a little Apple Remote Desktop (ARD) can make your life a lot easier.  You might be deploying a package to install the Final Cut Server.app or you might be installing Xsan remotely.  Or maybe you’re quitting Final Cut Pro or closing a Finder window so that you can unmount that volume that otherwise just won’t unmount.  Either way, centralized administration almost requires you to enable Remote Management and if you’re looking to automate every aspect of a deployment then you’ll certainly be doing so.

To enable Remote Management for the ARD client is easy enough.  Simply open up System Preferences, click on the Sharing System Preference pane, check the box for Remote Management and then check the boxes for the features you’d like to enable (eg – Observe, Control, etc).  By default, all users have access to do whichever tasks you define.  Straight forward enough…

But what if you are deploying 40 Xsan and Final Cut Server clients, 2-3 Metadata Controllers along with 20 members of a render farm?  Let’s just say that during the process you decide that you need to limit only your companies admin account to control the computers (otherwise users will start messing around with one anothers stuff)?  Even if you enabled Remote Management at installation time, now you need to go touch 65 computers?  Or what if you can SSH into a metadata controller but not tap in through Remote Management?  Or need to configure that shiny new Xserve that didn’t ship with a video dongle?

Enter kickstart.  The kickstart command is located in the /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources directory (the rest of this article assumes this to be your working directory, and assumes you are running these commands with elevated privileges).  To start off, we’re going to configure Remote Management.  To do so we’re going to use the -configure option with kickstart and enable access to the host (-access), checking all the boxes from the Remote Management Options… button (-privs -all) for the xsan admin user (-users xsanadmin):

./kickstart -configure -access -on -privs -all -users -xsanadmin

You can also enable access to Open Directory accounts if your Xsan includes those.  In the following we’ll configure Remote Management to allow Open Directory logins (-setdirlogins yes and then enable the specific groups that will have access (-setdirgroups -dirgroups) to the Open Directory group called xsanadmins:

./kickstart -configure -clientopts -setdirlogins yes -setdirgroups -dirgroups xsanadmins

You can also configure each of the check boxes for each permission independently, using -DeleteFiles, -ControlObserve, -TextMessages, -ShowObserve, -OpenQuitApps, -GenerateReports, -RestartShutDown, -SendFiles, -ChangeSettings and -ObserveOnly.

The global options for the Remote Desktop client can also be set.  To do so you would add the -clientopts option and specify which of the features to configure. Other than the Directory Services options, these include those settings accessible through the Computer Settings… button.  Show Remote Management status in menu bar can be enabled using -setmenuextra yes.  Anyone may request permission to control screen can be enabled using -setreqperm yes.  VNC viewers may control screen with password can be enabled using -vnclegacy yes.  You can also set the password using -vncpw followed by the password you would like to use.  You can also set the Computer Information fields using -computerinfo followed by -set1, -set2, -set3 and -set4.

But kickstart isn’t just for setting up the ARD client.  You can also restart Remote Management when you are having problems by running the -restart option when SSH’d into a host:

./kickstart -restart -agent -console

And what the Xsan admin giveth the Xsan admin can taketh away; you can disable Remote Management access by setting -access to off:

./kickstart -configure -access -off

You can also use kickstart to install and uninstall packages, but in my experience you’re gonna’ want to use the Remote Desktop software to do that.  For more on the options available in kickstart, check out:

./kickstart -help

Finally, if you would rather perform a file drop to deploy settings (or use the defaults/plutil commands to deploy settings) then you’ll need to know the property lists, or domains that the preference files are stored in.  Because kickstart is not compiled you can find these in the variable definitions at the beginning of the script.