Category Archives: Mac Security

Mac OS X Mac OS X Server Mac Security Mass Deployment

Installing A Java JDK On Beta Versions Of OS X

Open the installation DMG and expand the package so we can edit objects inside the package, done with pkgutil:

pkgutil —expand “/Volumes/JDK 7 Update 67/JDK 7 Update 67.pkg” “/tmp/JDKTEMP.flat”

Next, we’re going to edit that Distribution file, which is what’s checking the OS version, using vi:

vi /tmp/JDKTEMP.flat/Dstribution

Then we’re going to look for the OS version (currently 10.7) in the pm_install section:

Edit OS version to 10.10

Then let’s save the file and then flatten the package, again using pkgutil:

pkgutil —flatten “/tmp/JDKNEW.flat” “/tmp/JDK7.pkg”

Finally fire up the package:

open /tmp/JDK7.pkg

And of course, finish running the installer. Good luck!

Mac OS X Server Mac Security Mass Deployment

Mail Chapter of Take Control of OS X Server Now Available

The Mail Server chapter of the Take Control book is now available up on I’m always torn when it comes to writing chapters on setting up mail servers. Is it socially irresponsible to help people potentially (but accidentally) create spam bots…

TCo OS X Server 1.0 Cover for PDF

Mac Security


How does he keep doing it?!?!?

Mac Security Mass Deployment MobileMe Network Infrastructure

Network Port Testing With Netcat

You can do some pretty simple testing of ports and network communications using strategies I’ve outlined in the past with tcpdump, trace route, telnet, curl, stroke and of course ping. However, netcat has a few interesting things you can do with it; namely actually run a port super-quickly to test traffic between subnets, forcing scans of ipv6 traffic, debugging sockets, keeping connections alive, parodying through SOCKS 4 and 5 and just checking for daemons that are listening rather than actually sending data to them.

In this first example, we’re going to just check that Apple’s web server is accessible (adding -v for verbose output):

/usr/bin/nc -v 80

The result would be pretty verbose

found 0 associations
found 1 connections:
outif en0
src port 50575
dst port 80
rank info not available
TCP aux info available

Connection to port 80 [tcp/http] succeeded!
HTTP/1.0 408 Request Time-out
Server: AkamaiGHost
Mime-Version: 1.0
Date: Tue, 29 Jul 2014 15:41:34 GMT
Content-Type: text/html
Content-Length: 218
Expires: Tue, 29 Jul 2014 15:41:34 GMT

<TITLE>Request Timeout</TITLE>
<H1>Request Timeout</H1>
The server timed out while waiting for the browser’s request.<P>

If we added a -w to timeout we’ll cut out all the cruft (but wouldn’t know that the server’s at Akamai). Next, we’ll get a little more specific and fire up a test to check Apple’s push gateway at, using port 2195:

/usr/bin/nc -v -w 15 2195

But, I want the cruft for the purposes of this article. Next, we can add a -4 to force connections over IPv4 and check the Apple feedback server and port 2196, also required for APNs functionality:

/usr/bin/nc -v -4 2196

Right about now, something is probably happening at Apple where they’re getting sick of me sending all this data their direction, so let’s add a -z option, to just scan for daemons, without actually sending any data their way:

/usr/bin/nc -vz -4 2196

Because of how NAT works, you might notice that the src port keeps changing (incrementing actually). Here’s the thing, we’re gonna’ go ahead and force our source port to stay the same as our destination port using the -p option:

/usr/bin/nc -vz -4 -p 2196 2196

Now, what if this is failing? Well, let’s spin up a listener. I like to start on my own subnet, then move to another subnet on the same network and ultimately to another network so I’m checking zone-by-zone so-to-speak, for such a failure. So, we can spin up a listener with netcat in a few seconds using the -l option on another host:

/usr/bin/nc -l 2196

Then I can scan myself:

/usr/bin/nc 2196

I could also do this as a range if I forgot which port I used per host:

/usr/bin/nc 2195-2196

Now, as is often the case, if our connection problem is because data isn’t parodying, we can also use nc to check that using the -x operator followed by an IP and then : and a port. For example:

/usr/bin/nc -vz -4 -w 10 -p 2196 -x 2195-2196

Fun times with push notifications. Enjoy.

Mac OS X Mac OS X Server Mac Security Mass Deployment public speaking

MacAdmins 2015

I was super-bummed that I missed the MacAdmins conference at Penn State University. But, all is not lost as MacAdmins will be held July 8-10 in 2015 at the Penn Stater Conference Center and I’ll be able to see all those awesome people there next year!

In the meantime, something fun and new is the 2014 MacAdmins Playlist to maybe get exposed to some new stuff:

As an aside, here’s a fun pic of @derflounder and I (and others) doing a round table from a few years ago on the Penn State site:

Screen Shot 2014-07-15 at 1.25.10 PM


Mac OS X Mac OS X Server Mac Security Mass Deployment

Interviewing Duncan for

Totally fun doing these interviews. If you’ve got a good story to tell, let’s do an episode!

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Minneapolis

Come One, Come All: To The JAMF Nation User Conference

If you do deployments of Apple products, there are a few conferences to look at. Based on where you are and what industry you are in, some of these are better than others. But if you use the Casper Suite or are considering doing so, it would be really hard to beat JNUC, the JAMF Nation User Conference.


And yes, I’d of said all this and posted this even if I hadn’t of come to work here a week and a half ago! So come one, come all to Minneapolis. And if you’re really nice, we’ll hook you up with some good old fashioned Minnesota lutefisk!

Mac OS X Mac OS X Server Mac Security Mass Deployment

Take Control Of OS X Server Now Available

For what amounts to my 12th book, I decided to try something a little different, which is namely to shoot for a slightly different audience than I’ve done with the rest of my books. The kind folks at Take Control Books have been great to work with and I’m super excited that Adam has posted the first part of Take Control of OS X Server on

TCo OS X Server 1.0 Cover for PDF

And, the first few chapters are totally free for TidBits members! Chapter 1 is available at and Chapter 2 is available at Fun times, hope you enjoy!

Mac OS X Mac OS X Server Mac Security

Reset Lost Admin Passwords In OS X

I’ve gotten a couple of questions about this and don’t remember where I posted it previously, so here goes again. If you forget a local admin password in OS X and you have physical access to the machine then unless you’re using full disk encryption or firmware passwords (and know those passwords) you can reset the password. To do so boot the computer or server from your recovery partition using Command-R at boot (or Option and then selecting the recovery partition).
At the Recovery Desktop open Terminal from the Utilities menu. From terminal use the following command:


When the Reset Password window appears, choose the volume you’d like to reset an account password for and then choose the username from the Select menu. Then enter the new password twice and click Save. Reboot and you should be able to login. At the first login you’ll likely want to reset the keychain as well, when prompted.

Mac OS X Mac OS X Server Mac Security Mass Deployment Unix Windows Server Xsan

Make iMovie Work With Network Volumes

I work with a lot of network storage and video world stuff. While most in the editorial world prefer FinalCut, Avid, Adobe and other tools for video management, I do see the occasional task done in iMovie. By default, iMovie doesn’t support using assets stored on network volumes. However, you can make it. To do so, just use defaults to write with a boolean allowNV key marked as true:

defaults write allowNV -bool TRUE