Category Archives: iPhone

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

Creating Users In Yosemite Server

There are three ways to create users in Yosemite Server (the Server app running on Yosemite if you’re so bored you feel the need to try and correct me). The first is using the Server app, the second is using the Users & Groups System Preference pane and the third is using the command line. In this article we will look at creating users in the Server app.

To do so, open the Server app and connect to your server. Then click on the Users entry in the ACCOUNTS list. The list of users is displayed, based on the directory domain(s) being browsed. A directory domain is a repository of account data, which can include local users, local network users and users in a shared directory service such as Open Directory and Active Directory.

Users1

The drop-down list allows you to see objects that are stored locally as well as on a shared directory server. Click on the plus sign to create a new account in the chosen Directory Domain.

Users2

When prompted, provide the following information about the new user:

  • Full Name: Usually the first and last name of the user.
  • Account Name: A shorter representation of that name with no spaces or special characters.
  • Email addresses: The email address to use if the account is going over quotas, has calendar invitations sent, or used for email hosted on the server, etc.
  • Password: The password the user will use to access services on the server.
  • Verify: The password a second time to make sure there are no spelling errors.
  • Allow user to administer this server: Optional field that grants the user administrative access to the server.
  • Home Folder: Optional field that by default creates local home directories for users that use the account but that also allows you to select a directory shared using the File Sharing service as a location for home folders. Each user in OS X has a home folder, this option defines whether that folder will reside on their computer or on a central server.
  • Keywords: Tags to make it easier to find users (a new feature for the Server app in Yosemite Server, but an old feature in the old Workgroup Manager).
  • Disk Quota: Define the amount of space an account can take up on servers.
  • Notes: Any information you’d like to enter to remember things about the user.

Note: Optionally, you can also drag an image onto the image shown in the New User screen if you’d like the user to have an avatar as done in the above screenshot.

Once the account details are as you would like, click on the Done button. The account will then be displayed in the list of available accounts. If the server has not been made an Open Directory server then you can only create local users through the Server app.

Once the account is created, right-click click on the user to see the option to edit the account you just created, edit their access to services hosted on the server, configure email information and change their password.

Users3

Click Edit User. Here, you have two new features. You can add the user to groups and use the checkbox for “log in” to disable the account.

Users4

Click Cancel and then using the cog wheel menu while the user is highlighted, note that you can, click on Edit Access to Services. Here, uncheck each service that the user should not have access to. If the service isn’t running then it’s not a big deal. You can highlight multiple accounts concurrently and then use this option to disable services for users en masse. Here, you can also edit your user templates (which are settings inherited by new users who you select that template for) as well as edit advanced options, such as changing the UID, default group, short name, aliases, default shell and home directory path. As the screen indicates, only change this stuff if you know exactly what you’re doing.

Users5

iPhone Mac OS X Mac OS X Server

Configure Apple Push Notifications In Yosemite Server

Push Notifications can be used in most every service in the Server app, especially in 3.5 for Yosemite (which I still like to call Yosemite Server as it makes me think of Yosemite Sam in a tux, pouring champagne). Any service that requires Push Notifications will provide the ability to setup APNS during the configuration of the service. But at this point, I usually just set up Push Notifications when I setup a new server.

Push1

To enable Push Notifications for services, you’ll first need to have a valid AppleID. Once you have an AppleID, open the Server app and then click on the name of the server. At the Overview screen, click on Settings.

Push2

At the Settings screen for your server, click on the check-box for “Enable Apple push notifications.” At the Apple Push Notification Services certificate screen, enter an AppleID if you have not yet configured APNS and click on OK. The Apple Push Notification Service certificate will then be configured.

Push3

The certificate is valid for one year, by default. Administrators receive an alert when the certificate is due to expire. To renew, open the same screen and click on the Renew button.

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

Using The Profiles Command In Yosemite

You can export profiles from Apple Configurator or Profile Manager (or some of the 3rd party MDM tools). You can then install profiles by just opening them and installing. Once profiles are installed on a Mac, mdmclient, a binary located in /usr/libexec will process changes such as wiping a system that has been FileVaulted (note you need to FileVault if you want to wipe an OS X Lion client computer). /System/Library/LaunchDaemons and /System/Library/LaunchAgents has a mdmclient daemon and agent respectively that start it up automatically.

To script profile deployment, administrators can add and remove configuration profiles using the new /usr/bin/profiles command. To see all profiles, aggregated, use the profiles command with just the -P option:

/usr/bin/profiles -P

As with managed preferences (and piggy backing on managed preferences for that matter), configuration profiles can be assigned to users or computers. To see just user profiles, use the -L option:

/usr/bin/profiles -L

You can remove all profiles using -D:

/usr/bin/profiles -D

The -I option installs profiles and the -R removes profiles. Use -p to indicate the profile is from a server or -F to indicate it’s source is a file. To remove a profile:

/usr/bin/profiles -R -F /tmp/HawkeyesTrickshot.mobileconfig

To remove one from a server:

/usr/bin/profiles -R -p com.WestCoastAvengers.HawkeyesTrickshot

The following installs HawkeyesTrickshot.mobileconfig from /tmp:

/usr/bin/profiles -I -F /tmp/HawkeyesTrickshot.mobileconfig

If created in Profile Manager:

/usr/bin/profiles -I -p com.WestCoastAvengers.HawkeyesTrickshot

There is a nifty new feature in the profiles command in Yosemite where you can configure profiles to install at the next boot, rather than immediately. Use the -s to define a startup profile and take note that if it fails, the profile will attempt to install at each subsequent reboot until installed. To use the command, simply add a -s then the -F for the profile and the -f to automatically confirm, as follows (and I like to throw in a -v usually for good measure):

profiles -s -F /Profiles/SuperAwesome.mobileconfig -f -v

And that’s it. Nice and easy and you now have profiles that only activate when a computer is started up. As of OS X Yosemite, the dscl command has extensions for dealing with profiles as well. These include the available MCX Profile Extensions:

-profileimport -profiledelete -profilelist [optArgs]
-profileexport
-profilehelp

To list all profiles from an Open Directory object, use 
-profilelist. To run, follow the dscl command with -u to specify a user, -P to specify the password for the user, then the IP address of the OD server (or name of the AD object), then the profilelist verb, then the relative path. Assuming a username of diradmin for the directory, a password of moonknight and then cedge user:

dscl -u diradmin -P moonknight 192.168.210.201 profilelist /LDAPv3/127.0.0.1/Users/cedge

To delete that information for the given user, swap the profilelist extension with profiledelete:

dscl -u diradmin -P apple 192.168.210.201 profilelist /LDAPv3/127.0.0.1/Users/cedge

If you would rather export all information to a directory called ProfileExports on the root of the drive:

dscl -u diradmin -P moonknight 192.168.210.201 profileexport . all -o /ProfileExports

Note: Provisioning profiles can also be managed, frequently using the lower-case variant of installation and removal (e.g. -i to install, -r to remove, -c to list and -d to delete all provisioning profiles). Provisioning profiles can also come with a -u option to show the uuid. Finally, the -V option verifies a provisioning profile.

In Yosemite we have a few new options, such as -H which shows whether a profile was installed, -z to define a removal password and -o to output a file path for removal information. Also, in Yosemite it seems as though if a configuration profile was pushed to you from MDM, you can’t remove it (fyi, I love having the word fail as a standalone in verbose output):

bash-3.2# profiles -P
_computerlevel[1] attribute: profileIdentifier: 772BED54-5EDF-4987-94B9-654456CF0B9A
_computerlevel[2] attribute: profileIdentifier: 00000000-0000-0000-A000-4A414D460003
_computerlevel[3] attribute: profileIdentifier: C11672D9-9AE2-4F09-B789-70D5678CB397
charlesedge[4] attribute: profileIdentifier: com.krypted.office365.a5f0e328-ea86-11e3-a26c-6476bab5f328
charlesedge[5] attribute: profileIdentifier: odr.krypted.com.ADD7E5A6-8EED-4B11-8470-C56C8DC1E2E6
_computerlevel[6] attribute: profileIdentifier: EE08ABE9-5CB8-48E3-8E02-E46AD0A03783
_computerlevel[7] attribute: profileIdentifier: F3C87B6E-185C-4F28-9BA7-6E02EACA37B1
_computerlevel[8] attribute: profileIdentifier: 24DA416D-093A-4E2E-9E6A-FEAD74B8B0F0
There are 8 configuration profiles installed

bash-3.2# profiles -r 772BED54-5EDF-4987-94B9-654456CF0B9A
bash-3.2# profiles -P
_computerlevel[1] attribute: profileIdentifier: F3C87B6E-185C-4F28-9BA7-6E02EACA37B1
_computerlevel[2] attribute: profileIdentifier: EE08ABE9-5CB8-48E3-8E02-E46AD0A03783
_computerlevel[3] attribute: profileIdentifier: 24DA416D-093A-4E2E-9E6A-FEAD74B8B0F0
_computerlevel[4] attribute: profileIdentifier: 00000000-0000-0000-A000-4A414D460003
_computerlevel[5] attribute: profileIdentifier: 772BED54-5EDF-4987-94B9-654456CF0B9A
_computerlevel[6] attribute: profileIdentifier: C11672D9-9AE2-4F09-B789-70D5678CB397
charlesedge[7] attribute: profileIdentifier: odr.krypted.com.ADD7E5A6-8EED-4B11-8470-C56C8DC1E2E6
charlesedge[8] attribute: profileIdentifier: com.krypted.office365.a5f0e328-ea86-11e3-a26c-6476bab5f328
There are 8 configuration profiles installed

bash-3.2# profiles -rv 772BED54-5EDF-4987-94B9-654456CF0B9A
profiles: verbose mode ON
profiles: returned error: -204
fail

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

Add Your VPP Token To Profile Manager Running on Yosemite (OS X Server)

Apple began rolling out new features with the new Volume Purchasing Program (VPP) program last year. There are lots of good things to know, here. First, the old way should still work. You’re not loosing the stuff you already invested in such as Configurator with those codes you might have used last year with supervision. However, you will need an MDM solution (Profile Manager, Casper, Absolute, FileWave, etc) to use the new tools. Also, the new token options are for one to one (1:1) environments. This isn’t for multi-tenant environments. You can only use these codes and options for iOS 7 and OS X 10.9 and 10.10. Also, if you install your vpptoken on Yosemite Server and you’re running that same vpptoken elsewhere, Yosemite Server will take all of the codes that have been issued for itself (feature or bug, you decide).

But this article isn’t about the fine print details of the new VPP. Instead, this article is about making Profile Manager work with your new VPP token. Before you get started, know that when you install your vpptoken, if it’s in use by another MDM, Profile Manager will unlicensed all apps with your other MDM. To get started, log into your VPP account. Once logged in, click on your account email address and then select Account Summary.

vpp1

Then, click on the Download Token link and your token will be downloaded to your ~/Downloads (or wherever you download stuff).

vpp2

Once you have your token, open the Server app and click on the Profile Manager service.

vpp3

Click on the checkbox for Distribute apps and books from the Volume Purchase Program.

vpp4

At the VPP Managed Distribution screen, drag the .vpptoken file downloaded earlier into the screen.

Click Continue. The VPP code email address will appear in the screen. Click Done.

vpp5

Back at the profile manager screen, you should then see that the checkbox is filled and you can now setup Profile Manager.

vpp6

The rest of the configuration of Profile Manager is covered in a previous article.

Note: The account used to configure the VPP information is not tracked in any serveradmin settings.

iPhone Mac OS X Mass Deployment

Casper 9.6 Released, Now With Yosemite Support

Now that Yosemite is out, there’s a lot of updates here and there. iOS 8.1 is destined to show on Monday, but in the meantime JAMF Software has released version 9.6 of the vaunted Casper Suite. To quote the most excellent marketing team:

We are excited to announce that version 9.6 of the Casper Suite is now available. This release can enable you and your organization to embrace new technologies from Apple. Please see the release notes for more information.

Casper Suite 9.6 includes features that can help you:

  • Ensure ease of adoption for your users and peace of mind for yourself with same-day support of OS X Yosemite.
  • Extend management capabilities with new settings and payloads in OS X and iOS configuration profiles.
  • Enhance DEP and Mac App Store distribution workflows.

Note: Version 9.6 of the Casper Suite does not include configuration changes or fixes for the POODLE SSLv3 vulnerability in the news, but JAMF is gathering information and working as quickly as possible to get a solution in place. We have your back – we will keep you informed and have a release or any fixes ready as soon as possible. For more information, visit: https://jamfnation.jamfsoftware.com/discussion.html?id=12151

If you plan to manage OS X Yosemite devices in your environment and you are currently using Casper Suite 8 series, please note that you will be required to upgrade to version 9.6. Check out this knowledge base article to see how to complete a simple and successful migration.

You can download this version of the Casper Suite by logging into your JAMF Nation user community account and navigating to “My Assets” under your profile.

iPhone Mac OS X Mac OS X Server

Manage File Shares In OS X Yosemite Server

File Services are perhaps the most important aspect of any server because file servers are often the first server an organization purchases. This has been changing over the past few years, with many a file being hosted by cloud solutions, such as Box, Dropbox, Google Drive, and of course, iCloud. But many still need a terrestrial server and for predominantly Apple environments, a Server app running on OS X Yosemite isn’t exactly a bad idea. There are a number of protocols built into OS X Yosemite Server dedicated to serving files, including AFP, SMB and WebDAV. These services, combined comprise the File Sharing service in OS X Yosemite running the Server app.

Note: I’ve got another article looking into FTP a little further but those are basically what I’ll stick to here.

File servers have shares. In OS X Yosemite Server we refer to these as Share Points. By default:

• File Sharing has some built-in Share Points that not all environments will require.
• Each of these shares is also served by AFP and SMB, something else you might not want (many purely Mac environments might not even need SMB). Or if you have iOS devices, you may only require WebDAV sharing.
• Each share has permissions that Apple provides which will work for some but not all.

In short, the default configuration probably isn’t going to work for everyone. Therefore, before we do anything else, let’s edit the shares to make them secure. The first step is to create all of your users and groups (or at least the ones that will get permissions to the shares). This is done in Server app using the Users and Groups entries in the List Pane. Once users and groups are created, open the Server app and then click on the File Sharing service in the SERVICES list in the List Pane. Here, you will see a list of the shares on the server.

Files1

If you’re just getting started, let’s go ahead and disable the built-in share by clicking on Groups in the list of shares and then clicking on the minus button on the screen.

As mentioned, shares can be shared out using different protocols. Next, we’re going to disable SMB for Public, simply as an example. To do so, double-click on Public and then uncheck the SMB protocol checkbox for the share.

Files2

When you’ve disabled SMB, click on the Done button to save the changes to the server. Editing shares is really that easy. Next, we’re going to create a new share for iPads to be able to put their work, above and beyond the WebDAV instance automatically used by the Wiki service. To create the share, first we’re going to create a directory for the share to live in on the computer, in this case in the /Shared Items/iPads directory.

Files3

Then from the File Sharing pane in Server app, click on the plus sign (“+”).

Files4

At the browse dialog, browse to the location of your iPad directory and then click on the Choose button.

Files5

At the File Sharing pane, double-click on the new iPads share. Note that there’s a new checkbox here called Encrypt connections. If you check this, you cannot use AFP and WebDAV.

Files6

At the screen for the iPads share, feel free to edit the name of the share (how it appears to users) as it by default uses the name of the directory for the name of the share. Then, it’s time to configure who has access to what on the share. Here, use the plus sign (“+”) in the Access section of the pane to add groups that should be able to have permission to access the share. Also, change the groups in the list that should have access by double-clicking on the name of the group and providing a new group name or clicking on the plus sign to add a user or group.

Files7

The permissions available in this screen for users that are added are Read & Write, Read Only/Read and Write. POSIX permissions (the bottom three entries) also have the option for No Access, but ACLs (the top entries comprise an Access Control List) don’t need such an option as if there is no ACE (Access Control Entry) for the object then No Access is assumed.

If more granular permissions are required then click on the name of the server in the Server app (the top item in the List Pane) and click on the Storage tab. Here, browse to the directory and click on Edit Permissions.

Files8

As can be seen, there are a number of other options that more granularly allow you to control permissions to files and directories in this view. If you make a share a home folder, you can use that share to store a home folder for a user account provided the server uses Open Directory. Once a share has been made an option for home folders it appears in both Workgroup Manager and the Server app as an available Home Folder location for users in that directory service.

Once you have created all the appropriate shares, deleted all the shares you no longer need and configured the appropriate permissions for the share, click on the ON button to start the File Sharing service.

Files9

To connect to a share, use the Connect to Server dialog, available by clicking Connect to Server in the Go menu. A change that happened back in Mavericks is that when you enter an address, the client connects over SMB by default (which is even better now that those connections can be encrypted). If you’d like to connect via AFP ‘cause you’re all old school, enter afp:// in front of the address and then click Connect.

The File Sharing service can also be controlled from the command line. Mac OS X Server provides the sharing command. You can create, delete and augment information for share points using sharing. To create a share point for AFP you can use the following command:

sharing -a -A

So let’s say you have a directory at /Shares/Public and you want to create a share point called PUBLIC. You can use the following command:

sharing -a /Shares/Public -A PUBLIC

Now, the -a here will create the share for AFP but what if you want to create a share for other protocols? Well, -F does FTP and -S does SMB. Once created you can disable the share using the following command:

sharing -r PUBLIC

To then get a listing of shares you can use the following command:

sharing -l

You can also use the serveradmin command to manage file shares as well as the sharing service. To see settings for file shares, use the serveradmin command along with the settings option and then define the sharing service:

sudo serveradmin settings sharing

Sharing settings include the following:

sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:smbName = "iPads"
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:afpIsGuestAccessEnabled = no
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:webDAVName = "iPads"
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:smbEncrypted = no
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:smbDirectoryMask = "0755"
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:afpName = "iPads"
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:smbCreateMask = "0644"
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:nfsExportRecord = _empty_array
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:path = "/Volumes/Macintosh HD/Shared Items/iPads"
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:smbUseStrictLocking = yes
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:smbIsGuestAccessEnabled = no
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:name = "iPads"
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:smbInheritPermissions = yes
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:ftpName = "iPads"
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:smbIsShared = yes
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:afpIsShared = yes
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:smbUseOplocks = yes
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:webDAVIsShared = yes
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:dsAttrTypeNative\:sharepoint_group_id = "E500829F-6589-4A34-9D3B-C7FDC71400B4"
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:mountedOnPath = "/"
sharing:sharePointList:_array_id:/Volumes/Macintosh HD/Shared Items/iPads:isIndexingEnabled = no

To see settings for the services use the serveradmin command with the settings option followed by the services: afp and smb:

sudo serveradmin settings afp

AFP settings include:

afp:maxGuests = -1
afp:afpTCPPort = 548
afp:clientSleepTime = 24
afp:replyCacheQuantum = 32
afp:maxConnections = -1
afp:sendGreetingOnce = no
afp:reconnectTTLInMin = 1440
afp:clientSleepOnOff = yes
afp:loginGreeting = ""
afp:errorLogPath = "/Library/Logs/AppleFileService/AppleFileServiceError.log"
afp:errorLogTime = 0
afp:activityLogTime = 7
afp:errorLogSize = 1000
afp:kerberosPrincipal = "afpserver/LKDC:SHA1.5776019F497F854DBA581884DE3A1AC7BBF69E22@LKDC:SHA1.5776019F497F854DBA581884DE3A1AC7BBF69E22"
afp:recon1SrvrKeyTTLHrs = 168
afp:idleDisconnectOnOff = no
afp:reconnectFlag = "no_admin_kills"
afp:activityLog = yes
afp:reconnectKeyLocation = "/private/etc/AFP.conf"
afp:loginGreetingTime = 1315436086
afp:adminGetsSp = yes
afp:fullServerMode = yes
afp:idleDisconnectMsg = ""
afp:updateHomeDirQuota = yes
afp:activityLogPath = "/Library/Logs/AppleFileService/AppleFileServiceAccess.log"
afp:authenticationMode = "standard_and_kerberos"
afp:admin31GetsSp = no
afp:shutdownThreshold = 3
afp:TCPQuantum = 1048576
afp:allowSendMessage = yes
afp:idleDisconnectTime = 10
afp:loggingAttributes:logOpenFork = yes
afp:loggingAttributes:logDelete = yes
afp:loggingAttributes:logCreateDir = yes
afp:loggingAttributes:logLogin = yes
afp:loggingAttributes:logLogout = yes
afp:loggingAttributes:logCreateFile = yes
afp:tickleTime = 30
afp:specialAdminPrivs = no
afp:noNetworkUsers = no
afp:idleDisconnectFlag:adminUsers = yes
afp:idleDisconnectFlag:registeredUsers = yes
afp:idleDisconnectFlag:usersWithOpenFiles = yes
afp:idleDisconnectFlag:guestUsers = yes
afp:recon1TokenTTLMins = 10080
afp:guestAccess = yes
afp:allowRootLogin = no
afp:activityLogSize = 1000
afp:afpServerEncoding = 0
afp:createHomeDir = yes

To see a run-down of some of the options for afp, see this article I did previously. Additionally, for a run-down of smb options, see this one.

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Minneapolis

Come One, Come All: To The JAMF Nation User Conference

If you do deployments of Apple products, there are a few conferences to look at. Based on where you are and what industry you are in, some of these are better than others. But if you use the Casper Suite or are considering doing so, it would be really hard to beat JNUC, the JAMF Nation User Conference.

jamf-nation-user-conference-2014_1140_464_84_1399405603

And yes, I’d of said all this and posted this even if I hadn’t of come to work here a week and a half ago! So come one, come all to Minneapolis. And if you’re really nice, we’ll hook you up with some good old fashioned Minnesota lutefisk!

Home Automation iPhone Mac OS X

Which Apple TV Works With My TV?

I recently purchased a new TV (actually won, but that’s aside from the point). I put the DirecTV receiver on there and it worked like a charm. Then I put the Apple TV on and it appeared to work like a charm. But when the screensaver kicked in, the colors inverted. Sometimes I’d see lines across the screen and other times the Apple TV would get weird and just be blurry. I knew immediately that I was sending it too much. Turns out the new TV couldn’t do less than 1080p and the old Apple TV couldn’t do anything higher than 720p. To confirm, I looked up the serial number. All Apple TVs have Wi-Fi (up to 802.11n), 10/100 Ethernet, optical audio and an Infrared receiver for the remote control. So, here’s some information on model-specific connectivity to your other equipment:

Apple_TV_2nd_Generation_back

  • Early 2012 Model: Model A1427 or A1469, with HDMI that supports 720p or 1080p
  • Late 2010 Model: Model A1378, with HDMI supporting 720P
  • Early 2007 Mode (Silver): Model A1218, with HDMI supporting 480p and 720p as well as RCA and a built-in 40 or 160GB hard drive

apple-appletv12-channels-lg

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

DeviceScout

DeviceScout is a tool that leverages JAMF’s Casper Suite to show administrators vital statistics and show alerts on client systems. These alerts display some of the critical aspects of systems, from encryption to disk capacity to backups, there are a number of pretty cool aspects of DeviceScout.

Screen Shot 2014-04-18 at 2.55.47 PM

Using the device view, you can view serial numbers, device types, check-in status, boot volumes, memory, etc. It’s a lot of insight into what you have on your systems. I’m a huge fan of such visibility. You will need to be running Casper to leverage DeviceScout, but it provides a very simple interface for management and even techs to see what’s going on in your enterprise in as quick a manner as possible. Inventory, security status, backup status and a support menu at your fingertips.

With very simple pricing, check out what they have to offer at http://www.devicescout.com.

iPhone Mac OS X Mac OS X Server

MacIT Presentation

I enjoy going to MacIT so much. Paul Kent ran a great little conference in Monterrey one year and I am so glad that I started going to Macworld around that time. I missed it last year while trying to trim back on the travel and am pretty stoked I got to get there again this year. Special thanks to everyone I saw and was able to hang out with. Considering there isn’t a single person I didn’t want to hang out with, sorry if I didn’t see you or get to spend any time. Thanks to Duncan and Kevin White for making time to do the podcasts (hopefully the background noise is low enough so we can get them posted!).

Also, this is a top-notch production. Kathy, Paul, the board (Arek, Dan, John, Kevin, Duncan, etc) and everyone else I’ve ever interacted with there are absolutely amazing. I would love nothing more than to not get a chance to speak next year because a flood of amazing talks burst on the scene. Start thinking about what you could talk about now so I can show up and sit in the back and watch you do your thing! :)

And if you were in my session and asked about the presentation when the conference site was on the fritz (which could have also been my fault BTW), the presentation is here: MacIT 2014

Screen Shot 2014-03-29 at 11.09.44 PM