Category Archives: Mass Deployment

Mac OS X Server Mac Security Mass Deployment

Mail Chapter of Take Control of OS X Server Now Available

The Mail Server chapter of the Take Control book is now available up on I’m always torn when it comes to writing chapters on setting up mail servers. Is it socially irresponsible to help people potentially (but accidentally) create spam bots…

TCo OS X Server 1.0 Cover for PDF

Mac Security Mass Deployment MobileMe Network Infrastructure

Network Port Testing With Netcat

You can do some pretty simple testing of ports and network communications using strategies I’ve outlined in the past with tcpdump, trace route, telnet, curl, stroke and of course ping. However, netcat has a few interesting things you can do with it; namely actually run a port super-quickly to test traffic between subnets, forcing scans of ipv6 traffic, debugging sockets, keeping connections alive, parodying through SOCKS 4 and 5 and just checking for daemons that are listening rather than actually sending data to them.

In this first example, we’re going to just check that Apple’s web server is accessible (adding -v for verbose output):

/usr/bin/nc -v 80

The result would be pretty verbose

found 0 associations
found 1 connections:
outif en0
src port 50575
dst port 80
rank info not available
TCP aux info available

Connection to port 80 [tcp/http] succeeded!
HTTP/1.0 408 Request Time-out
Server: AkamaiGHost
Mime-Version: 1.0
Date: Tue, 29 Jul 2014 15:41:34 GMT
Content-Type: text/html
Content-Length: 218
Expires: Tue, 29 Jul 2014 15:41:34 GMT

<TITLE>Request Timeout</TITLE>
<H1>Request Timeout</H1>
The server timed out while waiting for the browser’s request.<P>

If we added a -w to timeout we’ll cut out all the cruft (but wouldn’t know that the server’s at Akamai). Next, we’ll get a little more specific and fire up a test to check Apple’s push gateway at, using port 2195:

/usr/bin/nc -v -w 15 2195

But, I want the cruft for the purposes of this article. Next, we can add a -4 to force connections over IPv4 and check the Apple feedback server and port 2196, also required for APNs functionality:

/usr/bin/nc -v -4 2196

Right about now, something is probably happening at Apple where they’re getting sick of me sending all this data their direction, so let’s add a -z option, to just scan for daemons, without actually sending any data their way:

/usr/bin/nc -vz -4 2196

Because of how NAT works, you might notice that the src port keeps changing (incrementing actually). Here’s the thing, we’re gonna’ go ahead and force our source port to stay the same as our destination port using the -p option:

/usr/bin/nc -vz -4 -p 2196 2196

Now, what if this is failing? Well, let’s spin up a listener. I like to start on my own subnet, then move to another subnet on the same network and ultimately to another network so I’m checking zone-by-zone so-to-speak, for such a failure. So, we can spin up a listener with netcat in a few seconds using the -l option on another host:

/usr/bin/nc -l 2196

Then I can scan myself:

/usr/bin/nc 2196

I could also do this as a range if I forgot which port I used per host:

/usr/bin/nc 2195-2196

Now, as is often the case, if our connection problem is because data isn’t parodying, we can also use nc to check that using the -x operator followed by an IP and then : and a port. For example:

/usr/bin/nc -vz -4 -w 10 -p 2196 -x 2195-2196

Fun times with push notifications. Enjoy.

Mac OS X Mac OS X Server Mac Security Mass Deployment public speaking

MacAdmins 2015

I was super-bummed that I missed the MacAdmins conference at Penn State University. But, all is not lost as MacAdmins will be held July 8-10 in 2015 at the Penn Stater Conference Center and I’ll be able to see all those awesome people there next year!

In the meantime, something fun and new is the 2014 MacAdmins Playlist to maybe get exposed to some new stuff:

As an aside, here’s a fun pic of @derflounder and I (and others) doing a round table from a few years ago on the Penn State site:

Screen Shot 2014-07-15 at 1.25.10 PM


Mac OS X Mac OS X Server Mac Security Mass Deployment

Interviewing Duncan for

Totally fun doing these interviews. If you’ve got a good story to tell, let’s do an episode!

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Minneapolis

Come One, Come All: To The JAMF Nation User Conference

If you do deployments of Apple products, there are a few conferences to look at. Based on where you are and what industry you are in, some of these are better than others. But if you use the Casper Suite or are considering doing so, it would be really hard to beat JNUC, the JAMF Nation User Conference.


And yes, I’d of said all this and posted this even if I hadn’t of come to work here a week and a half ago! So come one, come all to Minneapolis. And if you’re really nice, we’ll hook you up with some good old fashioned Minnesota lutefisk!

Mac OS X Mac OS X Server Mac Security Mass Deployment

Take Control Of OS X Server Now Available

For what amounts to my 12th book, I decided to try something a little different, which is namely to shoot for a slightly different audience than I’ve done with the rest of my books. The kind folks at Take Control Books have been great to work with and I’m super excited that Adam has posted the first part of Take Control of OS X Server on

TCo OS X Server 1.0 Cover for PDF

And, the first few chapters are totally free for TidBits members! Chapter 1 is available at and Chapter 2 is available at Fun times, hope you enjoy!

Mac OS X Mac OS X Server Mac Security Mass Deployment Unix Windows Server Xsan

Make iMovie Work With Network Volumes

I work with a lot of network storage and video world stuff. While most in the editorial world prefer FinalCut, Avid, Adobe and other tools for video management, I do see the occasional task done in iMovie. By default, iMovie doesn’t support using assets stored on network volumes. However, you can make it. To do so, just use defaults to write with a boolean allowNV key marked as true:

defaults write allowNV -bool TRUE


iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment


DeviceScout is a tool that leverages JAMF’s Casper Suite to show administrators vital statistics and show alerts on client systems. These alerts display some of the critical aspects of systems, from encryption to disk capacity to backups, there are a number of pretty cool aspects of DeviceScout.

Screen Shot 2014-04-18 at 2.55.47 PM

Using the device view, you can view serial numbers, device types, check-in status, boot volumes, memory, etc. It’s a lot of insight into what you have on your systems. I’m a huge fan of such visibility. You will need to be running Casper to leverage DeviceScout, but it provides a very simple interface for management and even techs to see what’s going on in your enterprise in as quick a manner as possible. Inventory, security status, backup status and a support menu at your fingertips.

With very simple pricing, check out what they have to offer at

Mac OS X Mac OS X Server Mac Security Mass Deployment public speaking

MacSysAdmin 2014!

Well, it’s that time of the year when one of my favorite conferences opens up registration! Come one, come all to MacSysAdmin for good times, good people and lots of fun Macinnerdiness! I hope to see you there! The official page is up at
Screen Shot 2014-04-13 at 8.02.49 PM

Mac OS X Mac OS X Server Mac Security Mass Deployment

Redirect Logs To A Syslog Server In OS X

I could have sworn that I’ve written this up before, but I just tried to link it into the article for tomorrow and it’s not on my site, so here goes. To redirect logs in OS X to a syslog server, open /etc/syslog.conf and add the following line (assuming an IP of – replace that with the IP of your syslog box):

*.*                                       @

To customize the port number (e.g. 9200) use @ instead. This should be instant but you can always use launchctl to unload and reload syslog if for some reason it isn’t. If you’re scripting this you can then programmatically send some information to the server. For example, if you enter the following, you should see an entry for testtesttest in your syslog server for the host you just configured:

logger testtesttest