Monthly Archives: March 2010

Mac OS X Mac OS X Server Mac Security Mass Deployment

Macs in Enterprise Survey, etc.

A couple of recent media items to note. The first is the Enterprise Desktop Alliance has released a new version of their annual Mac in the Enterprise survey. It can be found here:

Apparently someone from CIO Magazine (one of the few that I read routinely) picked up on the release and did an article on it, which can be found here. While he agreed with many of the points from the survey he also seemed to be a little critical that integrating Macs into enterprise environments was all about TCO reduction. Some great points in both and whether you agree with the methodology or message of either, it’s still worth reading. And a quote from CIO to summarize why I tend to use my ACSA a bit more than my MCSE:

“A Mac administrator may cost more than a PC administrator.”

Mac OS X Mac Security Mass Deployment

New Tool For Hiding Users

HideAUser is a little tool for hiding a user. Once run, the loginwindow of Mac OS X will not show the user(s) specified. For multiple users, simply type the short name of each seperated by a space. Then attempt to login and see if the list shows the user you indicated not to show.

Click Here to Download HideAUser

personal

Rube

Thanks for the link, David.

Mac OS X Mass Deployment

More repairPermissions

Yesterday I looked at using diskutil to repair the permissions on a boot volume. You can also use diskutil to repair the permissions on a non-booted volume provided that there is a valid Mac OS X installation on that volume. To do so you would simply provide the path to that volume rather than to the blessed boot volume. For example, if the disk that we mentioned in the previous article were called Seldon and it was in a host booted to target disk mode then you would simply provide the path /Volumes/Seldon as before:

diskutil repairPermissions /Volumes/Seldon

In the event that you are scripting and want to take into account a dynamic target you can use a positional parameter or create the script on the fly. If you will then be using a package to choose a destination folder you can send a variable to the script and you would then use $1 in the place of /Volumes/Seldon, indicating a positional parameter. For example, a script might appear as follows:

#!/bin/bash
diskutil repairPermissions $1

This is how Mike Bombich used to summon repair permissions in NetRestore (if memory serves then his script is practically identical to the one I list here but I’m on a flight can’t cross-reference ’cause I’m still too cheap to get a GoGo account). In watching his scripts mature, I picked up running a repairPermissions as a post-flight deployment task. Since doing so I’ve noticed a slight decrease in the amount of troublesome hosts deployed to the tune of maybe 1 out of 40 imaging projects per year. If the volume name is identical across all hosts then this can be as simple as listing the first command above. If the volume will be a boot volume then you can use the bless command, as indicated yesterday, to grab the volume name.