Back when I worked with Xsan a lot more than I do now, one of the things we spent a lot of time doing was working with metadata and journal data on Xsan volumes. You can also view journal data for non-Xsan volumes. The hfs.util binary is used to view journal data about volumes. In this example, we’ll look at the journal size and location the boot volume of our system:
/System/Library/Filesystems/hfs.fs/Contents/Resources/hfs.util -I /Volumes/Macintosh\ HD
The output shows the size of the journal and the location, as follows:
/Volumes/Macintosh HD : journal size 40960 k at offset 0x1a38b000
krypted November 25th, 2015
Repair permissions was unceremoniously removed from OS X in El Capitan. This staple of the Mac gurus toolkit disappeared. There was no 21 gun salute, there was no flaming casket sent out to sea and there was no sweet, sweet wake to get drunk at. Instead, there was pain. There was pain, because when the button disappeared, the need did not. Need proof? If you haven’t yet run it, let’s check your system to verify the permissions of the standard packages:
sudo /usr/libexec/repair_packages --verify --standard-pkgs --volume /
In the above command, we used the repair_packages binary, which has not changed in awhile. We then feed that the –verify option and the –standard-pkgs option, finally providing the volume of the current boot volume using –volume followed by the /. Pretty straight forward. Assuming there’s something to repair, the below will actually run that repair operation:
sudo /usr/libexec/repair_packages --repair --standard-pkgs --volume /
Where’s the sweet, sweet button? The rest of the screen is so darn lonely without it.
And now that you know the command, feel free to throw it in your self service. That way users can do it without opening terminal or using an admin password!
krypted November 22nd, 2015
This is my 3,000th post on Krypted.com. The past 3,000 posts have primarily been about OS X Server, Mac automation, Mac deployment, scripting, iOS deployments, troubleshooting, Xsan, Windows Servers, Exchange Server, Powershell, security, and other technical things that I have done in my career. I started the site in response to a request from my first publisher. But it took on a mind of its own. And I’m happy with the way it’s turned out.
My life has changed a lot over these past 11 years. I got married and then I got divorced. I now have a wonderful daughter. I became a partner and the Chief Technology Officer of 318 and helped to shape it into what was the largest provider of Apple services, I left Los Angeles and moved to Minnesota, left 318 to help start up a new MDM for small businesses at JAMF Software called Bushel, and now I have become the Consulting Engineering Manager at JAMF. In these 11 years, I have made a lot of friends along the way. Friends who helped me so much. I have written 14 more books, spoken at over a hundred conferences, watched the Apple community flourish, and watched the emergence of the Post-PC era.
In these 11 years, a lot has happened. Twitter and Facebook have emerged. Microsoft has hit hard times. Apple has risen like a phoenix from those dark ashes. Unix has proved a constant. Open Source has come into the Mac world. The Linux gurus are still waiting for Linux on the desktop to take over the world. Apps. iOS. iPad. Mobility. Android. Wearables. Less certifications. More admins. And you can see these trends in the traffic for the site. For example, the top post I’ve ever written is now a list of Fitbit badges. The second top post is a list of crosh commands. My list of my favorite hacking movies is the third top post. None of these have to do with scripting, Apple, or any of the articles that I’ve spent the most time writing.
That’s the first 3,000 posts. What’s next? 3,000 more posts? Documenting the unfolding of the Post-PC era? Documenting the rise and fall of more technologies? I will keep writing, that’s for sure. I will continue doing everything I can to help build out the Apple community. And I will enjoy it. I’ve learned a lot about writing along this path. But I have a lot more to learn.
The past 3,000 posts have mostly been technical in nature. I’ve shown few of my opinions, choosing to keep things how-to oriented and very technical. Sure, there’s the occasional movie trailer when I have a “squee” moment. But pretty technical, overall. I’ve been lucky to have been honored to speak at many conferences around the world. One thing I’ve noticed over the past few years is that when people ask me to speak at conferences, they ask me to speak about broader topics. They don’t want me doing a technical deep dive. People use the term thought leader. And while I don’t necessarily agree, maybe it’s time I step up and write more of those kinds of articles here and there.
I’ve learned so much from you these 11 years. But I feel like I’ve barely scratched the surface. I look forward to learning together over the course of the next 3,000 posts! Thank you for your support. Without it, I’d have probably stopped at 10 articles!
krypted November 16th, 2015
One of the tasks you’ll need to perform in Apple Configurator 2, is to assign Profiles to iOS devices in order to set them up with features or restrict the device from using certain features. I cover creating a profile here. To get started applying a profile to a device, bring up the Blueprints screen.
Choose a Blueprint and right-click on it. Choose Profiles…
Browse to the profile and then click on Add Profile.
The profile is then applied to any devices that the Blueprint is applied to. For more on Blueprints, view this article.
krypted November 15th, 2015
Apple Configurator 2 is a great new evolution in iOS initial and configuration management. And there are lots of great options. And to help you wrap your head around all this new fun stuff, I’ve written up a quick and dirty guide for using Apple Configurator 2.
It’s not completely done, but it will be shortly. Hope this help someone. Enjoy!
krypted November 14th, 2015
Enter Apple Configurator 2, a free tool on the Mac App Store. This tool basically fixes most setup challenges for iOS, but does so over USB. This means that Apple Configurator is not necessarily a replacement for MDM. In fact, you can deploy Trust and Entrollment profiles for MDM and automate the MDM enrollment for a device through Apple Configurator 2. Instead, Apple Configurator 2 is a tool that can either help to manage iOS devices during a mass deployment and do so in a manner that is easy enough that you don’t need a firm background in IT to manage devices on a day-to-day basis.
Here is what Apple Configurator can do:
Apple Configurator 2 does have some caveats, including the following:
I see a number of uses for Apple Configurator. Some of these use cases include:
These can enhance practically every environment I’ve worked with. But unless it’s a small environment (e.g. the labs), Apple Configurator isn’t a replacement for the tools already in use in most cases, like an MDM solution. Instead, it just makes things better. Overall, Apple Configurator 2 is a welcome addition to the bat belt that we all have for iOS management and deployment. Now that we’ve looked at the when/where of using it, let’s look at the how.
At this point, we’ll explore the Profiles options in Apple Configurator 2. To create profiles, use the File menu and click on New Profile.
At the Untitled profile name, enter a name in the Name field. This is how it will appear in the Profiles section of Apple Configurator. Because you can deploy multiple profiles, I’m just going to configure the SSID and Web Clip and call it MDM Enrollment Staging. Optionally, give it some notes, organization name, etc.
Next, we’ll go ahead and enter a name for our Web Clip and the URL that the device will point to.
We’ll also disable certain features of iOS. To do so, click on Restrictions, and uncheck various boxes in order to disable features you don’t wish to use.
Go ahead and close the window and you’ll be prompted to save the profile.
You’ll then see MDM Enrollment Staging.mobileconfig in the Finder where you selected to store it. You can also save an enrollment profile from Profile Manager as we explained here. We could go that further further and actually enroll the device by exporting the enrollment profile as well, but again, I want each user to provide their username and password so I as an administrator don’t have to go through and attach each device to a user in this scenario. I’ve been looking at importing devices and associating them with users via postgres, but that’s going to be another 3am article, on another night…
Apple Configurator 2is really a great tool when used in the right scenarios. In learning how it works and interacts I actually learned a lot about both iOS and Mac OS X that I didn’t know before. I hope I did the tool justice with how easy it is to use. This is a fairly long article and it’s probably more complicated than it needs to be in parts, but that’s more my method of trying to figure out what it’s doing than the tool being complicated. It’s not hard to figure out at all. I am sure I could teach any non-technical iOS admin basic use of Apple Configurator 2 in less than an hour.
Overall, in Apple Configurator 2, we have a new, powerful iteration in our arsenal that makes up the iOS administration ecosystem. I also hope that no matter what, if you manage iOS devices, that you’ll take a look at it. I expect you’ll find it useful in some part of your management toolkit!
krypted November 13th, 2015
Blueprints are a new option in Apple Configurator 2. Blueprints allow you setup a template of settings, options, apps, and restore data, and then apply those Blueprints on iOS devices. For example, if you have 1,000 iOS devices, you can create a Blueprint with a restore item, an enrollment profile, a default wallpaper, skip all of the activation steps, install 4 apps, and then enabling encrypted backups. The Blueprint will provide all of these features to any device that the Blueprint is applied to.
But then why not call it a group? Why call it a Blueprint? Because the word template is boring. And you’re not dynamically making changes to devices over the air. Instead you’re making changes to devices when you apply that Blueprint, or template to the device. And you’re building a device out based on the items in the Blueprint, so not entirely a template. But whatever on semantics.
To get started, open Apple Configurator 2.
Click on the Blueprints button and click on Edit Blueprints.
Notice that when you’re working on Blueprints, you’ll always have a blue bar towards the bottom of the screen. Blueprints are tiled on the screen, although as you get more and more of them, you can view them in a list.
Right-click on the Blueprint. Here, you’ll have a number of options. As you can see below, you can then Add Apps. For more on adding Apps, see this page.
You can also change the name of devices en masse, using variables, which I explore in this article.
For supervised devices, you can also use your Blueprints to change the wallpaper of devices, which I explore here.
Blueprints also support using Profiles that you save to your drive and then apply to the Blueprints.
Blueprints also support restoring saved backups onto devices, as I explore here.
For kiosk and single purpose systems, you can also enter into Single App Mode programmatically.
You can also configure automated enrollment, as described here. Overall, Blueprints make a great new option in Apple Configurator 2. These allow you to more easily save a collection of settings that were previously manually configured in Apple Configurator 1. Manually configuring settings left room for error, so Blueprints should keep that from happening.
krypted November 11th, 2015
When you join a wireless network on a Mac, the information for that network is cached into the com.apple.airport.preferences property list. You can access this information using the following command, constraining output to the LastConnected field and the next 7 lines:
<code>defaults read /Library/Preferences/SystemConfiguration/com.apple.airport.preferences | grep LastConnected -A 7</code>
krypted November 11th, 2015
One of the common tasks to perform when doing some larger iOS deployments is to restore an iOS device as part of setting the device up for users. Restoring a device will retain a few things like icon placement on a device. To restore a device, we’ll first create a backup, described here. As of Apple Configurator 2, you can use iTunes and Apple Configurator 2-sourced backups of devices. You can also now assign the restore task to a Blueprint or do so manually.
To get started with restoring a device, first plug in a device and open Apple Configurator.
Right-click on a device and then choose the Restore from Backup… option.
You’ll then be prompted to verify that you want to restore the device. To restore the device, click Restore.
At the “Restore from the backup screen”, select the backup to use as your restore point and click Restore.
When prompted, provide the password for the backup and click on the Restore Backup button.
If the device has been prepared, you will be prompted to approve the restore. Assuming you actually want to restore the device, click on the Restore button.
You will need to accept the iOS licensing agreement. Click Accept when prompted.
The restore will start.
You can also assign a Back Up to a Blueprint. Then, any time the Blueprint is assigned to a device, you will restore the selected backup. To do so, bring up the Edit Blueprint screen and then right-click on the Blueprint to edit.
Select Restore from Backup… from the menu and select the appropriate backup. Then, when the Blueprint is applied to a device, the device will be restored using the selected backup.
krypted November 9th, 2015
One of the primary use cases for Apple Configurator 1 and Apple Configurator 2 is to get apps on devices. Even with MDM, you can use Apple Configurator 2 for app deployment. The value here might be that you end up transferring 10 gigs of apps over a USB cable, rather than over the air in larger deployments. Here, we’ll look at a basic app deployment using Apple Configurator 2.
To get started, first download the app and get it in iTunes. This can be accomplished by copying the .ipa file for an app onto a device, or syncing an iOS device with iTunes that has the app installed. Take care that the Apple ID associated with the app will be applied on the device. Then, open Apple Configurator 2 and choose a Blueprint (View -> Edit Blueprints) you’d like to apply, or deploy, this app to. Once uploaded and assigned, any device that you apply the Blueprint to will receive the app. Right-click on the Blueprint and click on Add and then choose Apps in the submenu.
You will need to authenticate to the iTunes Store using an Apple ID. Notice that if you’ve previously connected Apple Configurator 2 to the iTunes Store that you will routinely get prompted to reconnect when the key expires (seems to be after a good 4 hours of inactivity, but not sure yet exactly when to expect – this might be a bit annoying for environments that have students that don’t have that password doing some of the work).
The when you authenticate, you’ll be prompted for a list of apps to install. Here, we’re just going to choose some generic app and click on Add Apps (yes, that’s plural, you can choose more than one).
The app will be listed. Any device the Blueprint is applied to then receives the app.
You can also assign an app to a device manually. To do so, control-click (or right-click) on a device and then use Add to choose the Apps… option. The rest of this process is pretty much the same.
Overall, these options are similar but a bit more matured than they were in Apple Configurator 1. There are a few other pretty cool options that we’ll explore soon, but for now this should get you started in getting apps as a part of your Apple Configurator 2 deployment.
krypted November 9th, 2015