Category Archives: Mass Deployment

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

DeviceScout

DeviceScout is a tool that leverages JAMF’s Casper Suite to show administrators vital statistics and show alerts on client systems. These alerts display some of the critical aspects of systems, from encryption to disk capacity to backups, there are a number of pretty cool aspects of DeviceScout.

Screen Shot 2014-04-18 at 2.55.47 PM

Using the device view, you can view serial numbers, device types, check-in status, boot volumes, memory, etc. It’s a lot of insight into what you have on your systems. I’m a huge fan of such visibility. You will need to be running Casper to leverage DeviceScout, but it provides a very simple interface for management and even techs to see what’s going on in your enterprise in as quick a manner as possible. Inventory, security status, backup status and a support menu at your fingertips.

With very simple pricing, check out what they have to offer at http://www.devicescout.com.

Mac OS X Mac OS X Server Mac Security Mass Deployment public speaking

MacSysAdmin 2014!

Well, it’s that time of the year when one of my favorite conferences opens up registration! Come one, come all to MacSysAdmin for good times, good people and lots of fun Macinnerdiness! I hope to see you there! The official page is up at http://www.macsysadmin.se.
Screen Shot 2014-04-13 at 8.02.49 PM

Mac OS X Mac OS X Server Mac Security Mass Deployment

Redirect Logs To A Syslog Server In OS X

I could have sworn that I’ve written this up before, but I just tried to link it into the article for tomorrow and it’s not on my site, so here goes. To redirect logs in OS X to a syslog server, open /etc/syslog.conf and add the following line (assuming an IP of 10.10.10.92 – replace that with the IP of your syslog box):

*.*                                       @10.10.10.92

To customize the port number (e.g. 9200) use @10.10.10.92:9200 instead. This should be instant but you can always use launchctl to unload and reload syslog if for some reason it isn’t. If you’re scripting this you can then programmatically send some information to the server. For example, if you enter the following, you should see an entry for testtesttest in your syslog server for the host you just configured:

logger testtesttest

Active Directory Mass Deployment Windows Server Windows XP

Change Active Directory Forest Mode With A Script

Changing the Forest Mode in Active Directory can be scripted. I find this useful when regression testing such tasks in a sandbox (e.g. restore image, automate login, change mode, run tests, etc). The script is very simple. First, you’ll import he ActiveDirectory modules:

Import-Module -Name ActiveDirectory

Then you’ll check for the mode prior to running:

Get-ADForest | Format-Table ForestMode

Then you’ll change the forest and domain modes (one per line):

Set-ADForestMode –Identity “krypted.com” –ForestMode Windows2008Forest
Set-ADDomainMode –Identity “krypted.com” –DomainMode Windows2008Domain

Then you’ll report the result:

Get-ADForest | Format-Table Name , ForestMode

The end result could be as simple as three lines if just testing:

Import-Module -Name ActiveDirectory
Set-ADForestMode –Identity “krypted.com” –ForestMode Windows2008Forest
Set-ADDomainMode –Identity “krypted.com” –DomainMode Windows2008Domain

Active Directory Mass Deployment Microsoft Exchange Server Network Infrastructure Windows Server

Use Active Directory Commandlets On Computers That Aren’t Domain Controllers

By default, the Active Directory Powershell management tools are not installed on Windows Servers. Commandlets are instead installed when the Active Directory Domain Controller role is added. However, you can install them even without installing the role. To do so, open Server Manager and go to Add and Remove Roles and Features. Don’t add any Roles, instead skip to add features. Then open Remote Server Administration Tools and then Role Administration Tools. From there expand on AD DS and AD LDS Tools and then highlight the Active Directory Module for Windows PowerShell.

ADTools

Once enabled, click Next through the end of the wizard. Once the wizard is complete, open Powershell and use the following command:

import-module ActiveDirectory

Once you’ve imported the Active Directory modules, let’s test it by creating a user with the new-aduser commandlet, as follows (assuming a name of krypted):

new-aduser -name krypted

Mac OS X Mass Deployment

Password Hints and Retries in OS X

You can customize the number of times that you enter an incorrect password before you get the password hint in the loginwindow on OS X. To do so, use the defaults command to send a RetriesUntilHint integer key into com.apple.loginwindow.plist stored at /Library/Preferences using the following command:

defaults write /Library/Preferences/com.apple.loginwindow RetriesUntilHint -integer 10

Mac OS X Mac OS X Server Mac Security Mass Deployment

That Time I Interviewed Andrina For An AFP548 Podcast

Hey, remember that time I interviewed Andrina in an AFP548 podcast? That was totally fun! We should do that again. Maybe I’ll pronounce toller right next time! #cloudwords

Mac OS X Mac OS X Server Mac Security Mass Deployment public speaking

MacAdmins Conference at Penn State

Straight from our good friends at PSU:

Register Now for the 2014 MacAdmins Conference!

We’re proud to announce that early-bird registration for the 2014 MacAdmins Conference is now open!

This year’s conference will be bigger and better than ever, with over 50 sessions on Mac and iOS administration topics, 5 brand new pre-conference workshops, and 3 amazing evening events.

Early-bird registration price is the same as last year:
* $400 conference only (July 9-11) <http://macadmins.psu.edu/conference/registration/>
* $550 conference plus pre-conf workshop (July 8-11) <http://macadmins.psu.edu/conference/registration/>

Early-bird pricing ends April 30, and we expect to sell out quickly, so register now:

<http://macadmins.psu.edu/conference/registration/>

** Pre-Conference Workshops
—————————

This year we’re introducing pre-conference workshops – 5 full-day sessions on the most important topics facing today’s Mac and iOS System Administrator:
* D&D – Deployment and Delivery
* iOS and Mobile Device Management
* More Shell Scripting than Necessary
* Python and Git for System Admins
* Mac Admin Fundamentals

Visit our Workshops <http://macadmins.psu.edu/workshops/> page for detailed descriptions. Space on these workshops is limited and they will fill up fast!  Secure your spot today. <http://macadmins.psu.edu/conference/registration/>

** Thanks for the Session Submissions!
————————————–

We had a tremendous response to our conference session call for proposals.  If you submitted a session, you’ll be hearing from us in the next few days.

** New Hashtag:  #psumac
————————————————————

The MacAdmins Conference at Penn State is @psumacconf <https://twitter.com/psumacconf> on Twitter and our official hashtag is #psumac <https://twitter.com/search?&q=%23psumac> .

Update your Twitter clients and saved searches accordingly!

============================================================

Mac OS X Mac OS X Server Mac Security Mass Deployment public speaking

MacIT Early Bird Registration

If you haven’t signed up for one of my favorite conferences ever, MacIT (alongside Macworld) then you should give it a go. If you’ve never been, it’s great and if you’ve been then it’s great to catch up with old friends. I hope to see you there!

————————————

MacIT®, taking place March 26-29, 2014, in San Francisco, CA at Moscone Center North (alongside Macworld/iWorld), is the definitive event for understanding Apple technology implementation and management in enterprise environments. Our esteemed faculty of industry experts provide detailed, impartial analysis of the technology and solution chains you face when putting iOS, OS X and Apple hardware products to work in large enterprise.

MacIT 2014 features sessions on: MDM, BYOD, IPv6, VMs, SNMP, Mavericks, iOS7 and more!

MacIT 2014 opens with a thought-provoking keynote: What the Enterprise Needs from Apple – IT Execs Speak Out.

In this special panel discussion led by IDG Communications’ Chief Content Officer John Gallant, leading IT executives and a top Apple analyst share their views on what the enterprise needs from Apple. What gaps exist in current Apple offerings? How does IT want to deal with – or not deal with – Apple? How can enterprise IT and Apple build a more fruitful partnership that makes life easier for the business and helps Apple build even better products for a future in which the line is increasingly blurred between work and the rest of our lives? The session will highlight opportunities for Apple and other companies to improve the Apple ecosystem at work.

unnamed
MacIT is uniquely positioned to help today’s IT/IS and Network managers face and conquer the mobile implementation challenges they face daily.

Register today to join your IT colleagues, technology leaders and industry experts, at the definitive event for deploying and managing Apple in the enterprise.

Register by February 28th to Save!

For the full conference program and list of speakers, visit www.macitconf.com
We look forward to seeing you next March!

Mac OS X Mac OS X Server Mac Security Mass Deployment Windows XP

Scripting PGP Whole Disk Encryption On A Mac (or Windows, really)

The PGP Whole Disk Encryption (WDE) tools have a command line interface for both OS X and Windows. The options are mostly the same across the two. We’ll focus on two for the purposes of this little article. The first is –list-user and the second is –change-passphrase, although there are a number of other options. A general breakdown of the options include the following:

  • –enum – show the disks available
  • –disk-status – show the encryption status disk indicated with the –disk option
  • –stop – stop the encryption or decryption process of a –disk using –passphrase
  • –instrument – Install BootGuard using the –disk option followed by the number of the disk
  • –uninstrument – Remove BootGuard using the –disk option followed by the number of the disk
  • –add-user – Add a PGP user (include a user name followed by –passphrase and the passphrase, as well as –disk and the number of the disk)
  • –change-passphrase – Change the password on –disk for user specified with -u on –domain with the -i to make it interactive (with an option to include a –recovery-token if you don’t have the password)
  • –list-user – List the PGP users with access to a –disk
  • –encrypt – Manually enable encryption on a –disk using a –passphrase
  • –decrypt – Disable encryption by decrypting the disk at –disk using a –passphrase
  • –recover – allow a user to recover a –disk when BootGuard is unavailable using the –passphrase

symc_pgp_wholedisk_0So let’s put these in motion. First, let’s just look at all the disks available using the –enum option:

pgpwde --enum

OK, so disk 0 is my only volume and it’s bootable. Nothing has been encrypted yet. So let’s confirm by looking at –disk-status:

pgpwde --disk-status --disk 0

Now, let’s see who’s got access to that disk:

pgpwde --list-user --disk 0

Then, let’s enable BootGuard on our volume:

pgpwde --instrument --disk 0

And then add user cedge to be able to unlock that volume, with a passphrase of krypted:

pgpwde --add-user cedge --passphrase krypted --disk 0

And then let’s encrypt it:

pgpwde --encrypt --passphrase krypted --disk 0

And finally, to change the password of that cedge account to something more secure:

pgpwde --change-passphrase --disk 0 -u cedge --passphrase krypted --new-passphrase "!Ab@nK$Ru13z"

To make scripting this a bit easier, you can also choose to skip the whole –passphrase option (since you might not know the current passphrase since they’re not typically reversible) you can use the –recovery-token option (assuming you have a token).

Note: No passwords were hurt in the writing of this article.