Monthly Archives: October 2012

Mass Deployment

More Information On Session From JAMF Nation

JAMF has posted some information on the session I did at JAMF Nation User Conference a few days ago. I’m guessing they’ll be posting the videos up there soon enough.

More information at http://www.jamfsoftware.com/news/2012/10/25/session-mass-ios-deployments.

Mac OS X Mac OS X Server Mass Deployment

Keynote From JAMF Nation

In case you were there and would like a copy, here’s the slides from the presentation I did this week at the JAMF Nation User Conference 2012. If you weren’t there, then perhaps they will help you in some way.

JNUC2012

The session was recorded so I’ll try and post when it becomes available for download.

personal

Iron Man 3

Mac OS X Mac OS X Server Mac Security Mass Deployment

Programmatically Disable Notification Center in Mountain Lion (aka My Battery Life Sucks)

There are a few ways I like to extend my battery life on my MacBook Air. These days, it’s increasingly important to conserve battery life as the transition to Mountain Lion (Mac OS X 10.8) has caused my battery life to spiral into so much of a vortex that I am concerned that my laptop must be shooting raw electricity out of the bottom (which would certainly explain why my hair has a tendency to be perpendicular with the ground when I exit a plane). Ever since moving to Mountain Lion (yes, this includes 10.8.2), I’m lucky to get 3 hours of battery life out of the Mac that used to give me at least 5 hours…

There are a number of tricks that I use to extend battery life. Some are obvious, such as dimming the screen, only using an app at a time, killing off menu items, temporarily stop Spotlight Indexing and killing off LaunchDaemons and LaunchAgents that I’m not using. I even used to used an app called CoolBookController to throttle my processor speeds while flying. But that doesn’t work as of Lion (certainly not in Mountain Lion).

One thing that I’ve been able to do that extends my battery life a little more (maybe an extra half hour) is to kill off Notification Center (I wrote about customizing Notification Center earlier here). I know, I know, it shouldn’t matter… But recently, a customer asked me to script disabling Notification Center. Since I’ve been killing it off with a script, this was a pretty straight forward task. It’s easy to disable Notification Center temporarily using the GUI. Simply click on the Notification Center icon in the menu bar and then scroll up to see the “Show Alerts and Banners” button. Click OFF or ON to toggle it off and on. As you can see, Notification Center then starts back up the next day.

To disable Notification Center from the command line, write a KeepAlive key that is false into the /System/Library/LaunchAgents/com.apple.notificationcenterui.plist like so:

sudo defaults write /System/Library/LaunchAgents/com.apple.notificationcenterui KeepAlive -bool false

Then, if you kill NotificationCenter off, it’ll stay off:

killall NotificationCenter

If you want to re-enable Notification Center, you’d just run the same with a true:

sudo defaults write /System/Library/LaunchAgents/com.apple.notificationcenterui KeepAlive -bool true

The easy way to then get it back is to reboot. Now, just for giggles, Notification Center is actually the /System/Library/CoreServices/NotificationCenter.app and in there lies the /System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter binary. If you open it, you’ll get multiple Notification Center icons in the menu bar. I’m not sure why I decided to try that at some point. But it’s kinda’ fun…

Ultimately, I travel with multiple MacBooks, so rather than toss one of them in a checked bag, or one destined for the overhead, I am temporarily just keeping a second 11 in the bag I keep under the seat in front of me for now…

public speaking

MacTech Conference 2012 In Retrospect

I love going to conferences. MacTech Conference this year is a great example of why. The conference organizers and staff did a superb job, the attendees were top notch and the weather was just right. But it was the same last year in all three regards. What I felt really made MacTech special this year was the Disney pixie dust magic coming together with all of that. And I was only there for a day, regrettably…

The talent level at these events continues to be top notch. As Jeff, Nigel, Peter, Gary, now Zack and others have moved on to other platforms and other roles I have continually wondered whether the Mac community would stay as vibrant and talented. But what I forget is that there are more and more people joining us every year as well as tons that have been there all along and just not been as attention-deprived as those of us who tend to write a lot.

The talent has shifted, for sure. Once upon a time the OS X community offered an upgrade. Get good at the client and then the server. Now, it’s become more about get good at the client and then get really good at the client. This ends up involving getting good at automating things, scripting, 3rd party management tools such as JAMF and even going beyond scripting and writing things that we feel the OS should have. Ed Eigerman, from Google, with the first talk of the IT track really drove this home with an excellently thought out jab at the lack of Apple Remote Desktop development.

While the talent has shifted, the community has continued to get stronger. This is no more evident than when you get to see Rich Trouton, Derick Okihara, Armin Briegel, Aaron Freimark, Nathan Toups and others in one day. I’m sure I’d throw a lot of other names in that list, but either a) I have more to say about them later or b) I didn’t actually see them the day I was there.

I hope that I can continue to in some way help to grow and shape the community. Allister Banks, who practiced his talk the night before delivering it, has been a great addition to my team at 318. While his contributions to the community are his own, I’m glad that I’m able to give him the freedom to work on community projects and speak at conferences with company time (as well as what seems like plenty of his own time). I have also brought in a few more people recently that I hope will continue to contribute plenty to this community that has given me so much (and I will likely be hiring more soon if you’re interested!). But Allister deserves praise for a great presentation, assuming it went as well in front of the MacTech audience as it did for me.

Now, there is already a ton of hero-worship for Greg Neagle in the OS X sysadmin community. But I’ve never really jumped on that bandwagon. So let me just tell you how I feel about that… It is obviously completely deserved. I could go on and on about his code and his website and his public speaking and even that book he did. But you probably know about all of that already. What impresses me the most is how much he loves where he works: Disney. The way he puts Disney movies into his presentations, the way he talks about the creatives he enables, he’s a Disney man through and through. And from others I know within Disney he’s as highly regarded as they come both at work and in the community. The ability to take that love for your employer and fuse it with the love for the community has a lot to do with the night he was able to help put together for the MacTech community. He is responsible for a lot of the good things that happen inside the Mac community and it is great to see the appreciation that community has for him!

Speaking of Greg’s book, Ed Marczak (who wrote it with him) was wearing a tie. He ran dozens of miles around the valley while managing to do a little of his day job and a lot of cat herding of the speakers delivering the presentations he pretty much selected and coached. He called me while I was still developing the idea for mine, checked in before the conference and then while we were there carved out a little time to talk to me. After doing that with everyone, I’m not sure how he managed to have any fun at all. But his hard work has a lot to do with the quality of the presentations and the direction of the IT portion of the MacTech conference. Ed is in every way a class act and someone I hold in the highest regard. AND he was able to pull off a tie with as busy as he was!

And then there’s Neil Ticktin. Neil is a speaker, but not on the speaker list. Namely due to the fact that he puts on the conference. When WWDC didn’t have an IT track any more, a lot of people were complainy complainersons. Neil responded not with cluttering my inbox with countless gripes to message lists. Instead he took his position as the publisher of MacTech Magazine. And now it’s a national traveling show for consultants and in depth as well as a national conference showing off the best and the brightest. Neil (and his team) worked hard to put MacTech Conference together and  their contributions to the Apple community are something to be proud of.

With MacTech, MacWorld/MacIT, MacSysAdmin, Penn State MacAdmins and others one could spend all of their time just preparing for and attending conferences. With JAMF Nation User Conference this week, the conference season is basically coming to a close. I wish I could have spent more time with everyone and hope that I am able take part again soon. You all give me such hope for the future of the community and the platform, and I thank you for that and for the friendship you’ve provided me over the years.

I really wish I could have stayed up there all 3 days. Thanks to everyone I spoke with for the time you took to hang out. And for those I didn’t get a chance to see, I look forward to hearing about how you’re doing next time our paths cross! Now, let’s go ahead and book our flights early for MacTech 2013: Nov 6-8, 2013.

iPhone

Restricting Access To Sites On iOS Devices

One of the more common requests we get for iOS devices is to restrict what sites on the web that a device can access. This can be done in a number of ways. The best, in my experience, has been using a proxy.

In Apple Configurator 1.2 there’s an option for a Global HTTP Proxy for Supervised devices. This allows you to have a proxy for HTTP traffic that is persistent across apps.

Each Wi-Fi network that you push to devices also has the ability to have a proxy associated as well. This is supported by pretty much every MDM solution, with screens similar to the following, which is how you do it in Apple Configurator.

The above has I am all about layered defense, though. Or if a proxy is not an option then having an alternative. Another way to disable access to certain sites is to outright disable Safari and use another browser. This can be done with most MDM solutions as well as using a profile. To see what this would look like using Apple Configurator, see the below profile.

Now, once Safari has been disabled, you then need to provide a different browser. There are a number of third party browsers available on the App Store. Some provide enhanced features such as Flash integration while others remove features or restrict site access.

In this example we’re using the K9 Web Protection Browser. This browser is going to just block sites based on what the K9 folks deem appropriate. Other browsers of this type include X3watch, Mobicip (which can be centrally managed and has a ton of pretty awesome features), bSecure (which ties in with their online offerings for reporting, etc) and others.

While this type of thing isn’t likely to be implemented at a lot of companies, it is common in education environments and even on kiosk types of devices. There are a number of reasons I’m a strong proponent of a layered approach to policy management for iOS. By leveraging proxies, application restrictions, reporting and when possible Mobile Device Management, it becomes very possible to control the user experience to an iOS device in such a way that you can limit access to web sites matching a certain criteria.

Mac OS X Mac OS X Server

Regression Testing Video From MacTech

I made this video for my presentation at MacTech this year. The video demonstrates how to do a mission critical IT role in an organization in an automated fashion. Hopefully it helps you to automate such things in your life as well.

iPhone Mass Deployment

JAMF Nation User Conference 2012

I mentioned the JAMF Nation User Conference on the site before, but now I need to mention it again. Mostly because I’ll now be doing a presentation now. I know, I said I wasn’t going to be doing much public speaking. But the only conference I’ve been to in the last decade that I wasn’t speaking at has been the JAMF Nation User Conference. Sooo, how could I not, when the conference is, after all, in the city I live in! Anyway, my session has been added to the sessions page:

http://www.jamfsoftware.com/events/user-conferences/jamf-nation-user-conference-2012/sessions

Hope to see you there!