Tag Archives: Apple

Articles and Books Mac OS X Mac OS X Server Mac Security Mass Deployment Network Printing public speaking

MacIT Is Coming Back In July

MacWorld is kinda’ dead. Long live MacWorld (I cry nightly over this). But MacIT, alive and well and awesome (I hadn’t really spent any time on the floor for a long time anyway)! Here’s the email announcing the MacIT dates, which will be July 14th through 16th in Santa Clara! I’m super-stoked! :)

MacIT_logo_emailDear MacIT constituents,

Mark your calendars for MacIT 2015!

I’m pleased to announce that we have secured dates for the MacIT 2015 Conference. This year’s event will be held July 14-16 at the Santa Clara Convention Center in Silicon Valley (Santa Clara, CA). Our team is hard at work to ensure the first “stand alone” MacIT is a must-attend event for enterprise professionals. The program committee is currently vetting themes and topics for the conference and our call for presenters is currently posted on our website – http://www.macitconf.com. Our returning sponsors, JAMF, Code42, ESET, Parallels, and CoSoSys are ready to preview their iOS and OS X solutions at MacIT 2015, and our sponsor recruitment team is in discussions with many of the manufacturers you have requested access to.

The world of enterprise integration for iOS and OS X continues to evolve at an exciting pace and MacIT continues to be a unique meeting and marketplace for the enterprise professional. MacIT will continue to focus on all things “Apple in the Enterprise” – technology and standards tutorials, realistic product and solution chain evaluations, candid analysis, case studies, peer problem solving, access to key vendors, and insights to help you assess Apple’s role in the enterprise technology world, and how these tools can best be put to work in your organization. Our goal is always to provide you the best (quantity and quality) content, presenters, manufacturers, and professional networking access to make you a success in your deployment projects.

I look forward to keeping in touch with you via email and social media with event updates and announcements over the coming months, and hope to see you at MacIT 2015.

Best Regards,

Paul Kent Conference Chairman, MacIT

MacIT on Twitter: https://twitter.com/MacITConf #MacIT2015

MacIT on Facebook: https://www.facebook.com/pages/MacIT/151684994917868

Active Directory Mac OS X Mac OS X Server Mac Security Mass Deployment

Destroy Open Directory Servers Using The Server App

You can destroy an LDAP server using the Server app (and still using slapconfig -destroyldapserver). To do so, open the Server app and click on Open Directory. Then click on the Open Directory server in the list of servers.

Screen Shot 2015-01-16 at 11.22.15 PM

When prompted to destroy the LDAP Master, click on Next.

Screen Shot 2014-12-15 at 10.09.56 PM

When asked if you’re sure, click Continue.

Screen Shot 2014-12-15 at 10.10.00 PM

When asked if you’re really, really sure, click Destroy.

Screen Shot 2014-12-15 at 10.10.03 PM

Wait.

Bushel iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

Enroll Devices Into Bushel

To manage a device from Bushel, it must first be added to your Bushel. The technical whiz-bang name for that process is Enrollment. We currently provide 3 ways to enroll devices into your Bushel. All three are available on the Enrollment page when you’re logged into Bushel.

Screen Shot 2014-09-11 at 11.41.46 AM

The first and best way to enroll devices into your Bushel is an Apple program called the Device Enrollment Program, or DEP for short. DEP is a way of tying devices to your Bushel so that they cannot be removed from the device, even if the device is wiped. Other than through DEP,  all enrollment into your Bushel is optional on the devices and so devices can be unenrolled at will. DEP requires an actual DEP account with Apple, which you can sign up for at https://deploy.apple.com/qforms/open/register/index/avs.

The second way to enroll devices into your Bushel is via Open Enrollment. When you Configure Open Enrollment you create a link that allows your users to enroll without logging into the portal. Simply open Open Enrollment from the Enrollment page and click Enable. Once enabled, you’ll see the URL to enroll devices.

Screen Shot 2014-09-11 at 11.43.44 AM

The third way to enroll devices is manually. Simply log into your Bushel, click on Enrollment and then click on the Enroll button for Enroll This Device. When prompted for “Who will this device belong to?” enter the username (e.g. the user’s name in front of their email address most likely or the username for your email system if it’s something different than that). Also provide the email address itself in the Email Address field and then click Enroll This Device. Now, if you want to enroll the device you’re using, simply complete the screen prompts for the profile installation and you’ll be good to go. Or, you can save the mobileconfig file that’s downloaded and send it to others in order to allow them to install it as well. Simply cancel the installation process (most easily done from a Mac) and distribute the Enroll.mobileconfig file as needed. You can also put a user’s name in front of the file name, so you know which will enroll each user. If you need to enroll 3 or 4 people in other countries or cities, this might be the best option!

Screen Shot 2014-09-11 at 11.48.46 AM

OK, so we basically gave 4 ways to enroll. But that’s because we’re trying to make it as easy as possible to enroll devices into your Bushel.

Articles and Books Bushel Consulting Mac OS X Mac OS X Server Mac Security Mass Deployment personal

Childproof Your Mac

When I put a computer in my daughters room, I soon realized I could no longer watch over her shoulder as she worked away at school games, Minecraft and of course Civilization (after all, that was my first game). So much as I wrote an article a long time ago about child-proofing an iPad, now I’m writing about child-proofing a Mac.

For me, I find that child-proofing is a bit like taking my kid to McDonald’s. I said never ever ever ever would I do this and then… Well, peer pressure, ya’ll… So if I have to do it, I figure someone else might. So here’s a quick and dirty guide to doing so. The gist of this guide is to continue using the same admin account that was created when you setup the computer initially. But to also create another account for the child, one that has some restrictions to keep them in a customized user experience. This might be to keep them out of things they try to do on purpose, keep them from accidentally finding some things they shouldn’t or maybe just to customize the user experience to make the computer easier to use (after all, if they can’t remove Minecraft from the Dock, they can’t come crying when they can’t find it.

Create a Managed Account

Most of the work that needs to be done, can be done within the System Preferences. This is available under the Apple menu as System Preferences…

Screen Shot 2014-12-26 at 5.09.00 PM

Once open, click on the Users & Groups System Preference.

Screen Shot 2014-12-26 at 5.09.41 PM

At the Users & Groups System Preference pane, click on the plus sign (+).

Childproof_Managed_Account

 

At the new account screen, choose “Managed with Parental Controls” in the New Account field. Then provide the child’s name in the Full Name field and an Account Name will be automatically created (note that I shortened the name in this example to make it easier for the child to log in).

Assuming your child doesn’t have their own iCloud account, set the password to “Use separate password” and then type it in. Once you’re happy with these settings, create the new account, which can be managed with Parental Controls by clicking on the Create User button.

Childproof_User

Restrict Applications and The Dock

Once the account is created, click on the “Enable parental controls” checkbox and then on the Open Parental Controls… button.

Screen Shot 2014-12-26 at 5.01.32 PM

At the Parental Controls System Preference pane, you’ll have a few options.

  • Check the Use Simple Finder box if you’d like the user to have a limited user experience (no command keys, only certain windows open, etc). I would usually only recommend doing this if you have very small children (like maybe pre-school age). I usually like them to be able to do as much as possible to foster the whole hacker mentality nice and young!
  • Check the box for Limit Applications if you’d only like certain apps to open. This is right up front on the main screen because it’s kinda’ important. Use the Allowed Apps section to select which apps can and can’t be opened (if there’s a checkbox beside the app name it can be opened by the user).
  • Use the Allow App Store Apps drop-down list to to set an age ranking minimum. These are available in 4+, 9+, 12+, 17+ and All (which basically disables restrictions).
  • Check the box for “Prevent the Dock from being modified” if you would like to restrict the new account from being able to edit the Dock. I usually wait for this, as I like to customize the Dock by putting the apps I want the child to open into the Dock. To do so, skip now, log in as the new user, log out and then customize the Dock. Once you’re done, log out, log in as an administrative user and then check the box.

Web Restrictions

Next, click on the Web tab. Here, you’ll effectively have 3 options: don’t restrict any content, let Apple try and block inappropriate content and build a whitelist of allowed content (with all other content blocked). Now, it’s worth mentioning that there can be an annoying element here, which is that if a site needs to be opened up for access, a child might come bugging you. But I like that, so I’m configuring this.

Screen Shot 2014-12-26 at 5.01.40 PM

Options include:

  • Allow unrestricted access to websites: Don’t block any content. Allow unfettered access to all websites ever.
  • Try to limit access to adult websites automatically: Click on the Customize button to add white and blacklisted sites, or sites that were accidentally restricted or allowed that maybe shouldn’t of. Or, if you want to restrict access to a specific web-based game that has become problematic.Screen Shot 2014-12-26 at 5.46.23 PM
  • Allow access to only these websites: This option allows access to only the websites you allow access to. A word of warning here, a lot of sites pull content from other sites, which can be kinda’ annoying…

Note: It’s worth mentioning that I discovered a few websites I’d of never tried to use in the allow list, so worth checking them out to see if your child will dig on some of these sites!

Once you’re satisfied with the options you’ve configured, click on the People tab.

Configure Who Your Child Can Communicate With

At the People screen, you can configure who the person using the Managed Account can communicate with. Here, restrict access to Game Center, restrict who the account can send and receive mail with and of course, who the account can use the Messages app with.

Screen Shot 2014-12-26 at 5.02.09 PM

The above options include the following:

  • Allow joining Game Center multiplayer games: Uncheck this box to restrict the user from playing any multiplayer games that use Game Center to connect people. If the user is using a game that doesn’t integrate with Game Center then they would still be able to use that game to enter into a multi-player game.
  • Allow adding Game Center friends: Uncheck this box to keep the user with the Managed Account from adding any new friends in Game Center.
  • Limit Mail to allowed contacts: Only allow people in the Allowed Contacts section to exchange emails with the user of the account.
  • Send requests to: Define an email address that can receive a contact request and approve it. I use this so that when my daughter needs something she can let me know.
  • Limit Messages to allowed contacts: Only allow people in the Allowed Contacts section to message with the user of the account.
  • Allowed Contacts: Use the plus sign at the bottom of this section of the screen to add new contacts and the minus button to remove contacts.

Note: Apple rarely uses the word restrict. Instead, they prefer to allow things to happen by default and then let you disallow these features. Basically the same thing, but keep this in mind when you’re configuring accounts as sometimes you can accidentally click the wrong thing if you’re not accustomed to such double-negativery. 

Once you have configured who the user of this account can communicate with, click on the Time Limits tab.

Configure Time Limits

Time limits are used to restrict what times the user can use the computer as well as how long per day that the user can actually use the computer. The options available include:

  • Limit weekday use to: Define a maximum number of hours that the managed user can use the computer on a given workday between Monday through Friday. This can be anywhere from half an hour to 8 hours of time.
  • Limit weekend use to: Define a maximum number of hours that the managed user can use the computer on a given Saturday or Sunday. This can be anywhere from half an hour to 8 hours of time.
  • School nights: Define the time frames where the computer cannot be used by the Managed User on Sunday through Thursday evenings. For example, the below screen shows that on weeknights, the Emerald Edge user can’t use the computer from 8PM to 6AM.
  • Weekend: Define the time frames where the computer cannot be used by the Managed User on Friday and Saturday nights. For example, the below screen shows that on weeknights, the Emerald Edge user can’t use the computer from 8PM to 6AM.

Screen Shot 2014-12-26 at 5.02.40 PM

Time limits are the only things that matter for some who like to physically sit with a child while they use a computer, as you might just want to keep the child from waking up in the middle of the night and accidentally seeing something that scares them. But for many, time limits won’t be enough, as kids might spend hours gaming or doing homework unmonitored.

More Stuffs

Next, click the Other tab. Here, you’ve got the miscellaneous restrictions that really don’t fit anywhere else in Parental Controls. The options available include the following:

  • Disable built-in camera: Turn off the built-in camera for the user. Note that third party cameras wills till work for the user.
  • Disable Dictation: Turn off Dictation/Speakable Items for the user. Note that apps like Dragon Naturally Speaking can still be used.
  • Hide profanity in Dictionary: Use this option to disable any articles in the Dictionary app that have profanity in them.
  • Limit printer administration: Don’t allow the user to manage printers. Note that if you do this, you’ll want to install any Bonjour printers first.
  • Disable changing the password: Don’t allow the user to change the password.
  • Limit CD and DVD burning: Disable any optical media writing for the Managed Account.

Screen Shot 2014-12-26 at 5.03.09 PM

Note: I know I said earlier that Apple rarely says restrict or disable. They will get around to fixing this screen eventually… ;)

View Logs

Once you have configured parental Controls, click on that Logs button in the lower right corner of the screen. Here, you’ll see the following:

  • Show activity for: Indicate the period of time to show logs for.
  • Websites Visited: A list of the websites accessed by the user of the managed account. Note that no third party web browsers are shown unless they use Apple’s webkit (which is basically not really any).
  • Websites Blocked: A list of any websites that were blocked while attempting to access them.
  • Applications: A list of the applications used by the user of the managed account.
  • Messages: Transcripts of conversations sent and received using the Messages app. Note that any third party chatting apps aren’t logged here.
  • Clear Log: Deletes the log. Use this after you’ve checked the behavior and wish to have the next time you check only show you what’s changed.

Screen Shot 2014-12-26 at 5.02.49 PM

And that’s what you can do with Parental Controls. But there’s more, which we’ll look at shortly. When you click out of a field, the settings are changed in a System Preference, so you should be able to just close the window and have your settings persist.

Conclusion

We’ve gone through creating a new account, restricting access to what that account can do and how and when to use these options. But there’s much, much more than we can cover in this article. There are tons of other restrictions that don’t fit into these basic options, accessed either through what are known as managed preferences or via profiles, which can easily be created by tools like Apple Configurator, Profile Manager and 3rd party mobile device management tools such as Bushel.

Screen Shot 2014-12-26 at 6.13.22 PM

Ultimately, I can pretty much break out of about any managed environment you put me in. And in the age of YouTube, chances are that your child has many the same materials I’ve either presented, written or that others have written. So please don’t consider these options as much more than just a general guideline unless you’re using a Device Enrollment Program-enabled device.

Anyway, good luck, and you’re a good parent for caring.

Mac OS X Mac OS X Server Mac Security Mass Deployment

Show Volumes On The OS X Desktop

I spent a lot of time on Windows a long time ago. And one of the things I got used to was having hard drives on the desktop. And I liked it. So when Apple took them off the desktop I started running these commands on new accounts only own systems. The other day when I gave them to someone, they said I should post them. So here goes…

To show removable media (cards, etc):

defaults write com.apple.finder ShowRemovableMediaOnDesktop -bool true

To show external hard drives (USB, Thunderbolt, firewire, etc):

defaults write com.apple.finder ShowExternalHardDrivesOnDesktop -bool true

To show mounted servers (AFP, SMB, NFS, etc):

defaults write com.apple.finder ShowMountedServersOnDesktop -bool true

To show internal hard drives:

defaults write com.apple.finder ShowHardDrivesOnDesktop -bool true

Mac OS X Mac OS X Server Mac Security Mass Deployment

Disable Natural Scrolling With a Script

I guess it’s a sign of my age. But I can’t stand that whole natural scrolling thing. So I disable it as a part of my imaging process. To do so, set the com.apple.swipescrolldirection global domain to false using defaults, as follows:

defaults write NSGlobalDomain com.apple.swipescrolldirection -bool false

To set it back:

defaults write NSGlobalDomain com.apple.swipescrolldirection -bool true

Mac OS X Mass Deployment

Disable The Startup Sound In OS X

Sometimes you have to reboot on an airplane or with someone sleeping close by. When this happens, it helps if you’ve disabled the startup sound in OS X. To do so, run the following command to set nvram with an empty SystemAudioVolume:

sudo nvram SystemAudioVolume=” “

Mac OS X Mac OS X Server Mac Security

See How Long The Active User Has Logged In On A Mac

The following will grab you an integer of the number of hours an active user has logged into a computer:

user=$( ls -l /dev/console | awk '{ print $3 }' ) ; ac users $user | awk '{ print $2 }'

 

Mac OS X

Quick-Tip: Menu Items Modifier Keys In OS X

A modifier key is a key that when held in combination with another key, causes a unique behavior. For example, Command-c copies highlighted data to your clipboard. The Finder modifier keys are pretty well documented. But a number of menu items support modifier keys as well. For example:

  • Click on the Dropbox item in your menu, you’ll be able to see the status of files that have sync’d as well as a cogwheel with the typical settings for an app like Dropbox. Option-click on the Dropbox menu item, you’ll see the items under the cogwheel menu.
  • Option-click the Wi-Fi menu item to see extended Wi-Fi information.
  • Option-click Bluetooth, you’ll see version and MAC address information for your bluetooth interface (note that the extended options are usually greyed out/informational).
  • Option-click on the sound menu item and you can switch input and output devices (these extended options are actually shown as you can switch between things).
  • Option-click AirPlay and you get, well, the same menu. So not all support extended information and options.
  • Option-click Go to see Library.
  • Option-click the Menu menu to see shift modifier keys to access All options (this actually works on a lot of menus such as Finder, File and Edit, but even within some apps).
  • Option-click on the Notifications menu item and you disable Notification Center.

Screen Shot 2014-12-01 at 8.15.03 PM

But my favorite, for Apple apps, if you command-click on items, you can just drag them out of your menu. This saves you from firing up System Preferences and unchecking the box to remove them from the menu.

personal

What A Morning!

It’s a random Friday morning. I wake up ready to work and the radio on my AirPort stops working. I reset the device, do everything I know to do, but there is no SSID, no radio signal whatsoever. What to do? String a cable across the room so that it can get ripped out of a computer when the crazed, six year old invariably streaks through the office having watched Power Rangers and looking to chop me into pieces? Not a chance. I’ll just run out to the closest Apple store and grab a quick replacement.

So I hop in the car and drive to the mall. What is going on with parking? I finally find a spot out in no-mans-land, but wait – an 80-something year old woman in a brand new red Civic swings in front of me, practically clipping my bumper to steal my spot hanging me a bird and yelling “here’s my Holiday cheer” in the process. Wow. Wait, did that middle fingernail really have a picture of Santa painted on it?!?! Suburbs…

There’s another spot a little further out, but wait – again my life is put in danger! This time by a car load of 40-something year old women with shorter in the back than in the front, some with a little spike action in the back but all with at minimum two colors in their hair and at least 5 shades between them – which is less shades than the stitches on their bejeweled jean pockets… After wondering whether my car would fit in the back of their Yukon, I think I’ll find another spot!

After a quick scan, much akin to a running back trying to figure out where that linebacker and free safety are, I see a carload of nuns and orphans, with hate and fear in their eyes, about to take a spot. I slam on the gas, flip right in front of them and gently rest my car between those beautiful golden lines. I hear a scream as their tires scream to a halt and see poor Tiny Tim’s face writhe as his crutch smacks him in the back of his head, knocking him out cold; but I am finally in a spot, after at least 15 minutes of searching and at least 2 near death incidents. As I sit, heart pounding, I wonder at how I was able to get caught up in the craziness. But more importantly, what is the craziness about?

I exit the car and start making my way towards the mall entrance. After traversing the distance of a marathon, with a group of nuns seemingly chasing behind (my time was 3 hours and 2 minutes, theirs 3 hours and 1 minute – but they were slowed up by Tiny Tim until they left him behind) I finally approach the door of the mall. Just then, the Salvation Army guy pounces from behind a column, ringing the Vorpal bell so loudly that I can see the sound waves approaching and feel the 1d6+5 hit points of damage they do inside my temples. I pull a spin move, stiff arm his bucket dropping a buck in there and while I have no idea how he’s made it this far, this fast I see Tiny Tim lunging at me from my periphery. Recalling all those Georgia games, I hurdle Tim in a manner that Knowshown Moreno would be proud of and fall into the door of the mall, feeling the warmth already thawing out my semi-frost bitten feet. I sigh.

But just then I see a shopping cart barreling down on me at a break-neck pace. I roll away just in time and see who I guess to be Large Marge from Pee-Wee’s Big Adventure wearing a bedazzled Green Bay Packers sweater and shrieking with laughter. Before I can contemplate what in tarnation is wrong with people the group of nuns flings the door open just behind me, with a bloody stump of an arm still clasping his bell waving over their heads. They lock their eyes on me and hurl the stump in my direction. I sprint into the mall, juking right, then left and then an old school swim move to get past the thin, pale, faux-hawk toting/director glasses wearing college kid who for some reason is foaming at the mouth and snarling at me. Once past, I look back and see him lock onto the nuns. I smile just as he gets beamed in the head with that bell arm. I can’t help but think, maybe the Cowboys should bring her in to replace Romo… (too soon, I know).

Like a northstar, I see the Apple logo over the heads of seemingly rioting hipsters. The skinny jeans apparently got so tight, they’ve cut off circulation to those Fluevog-laden feet. There isn’t a pair of uncracked Gucci glasses amongst them as these lumbersexuals (it is Movember ya’ll) battle it out for who gets to complain about the coffee at the Caribou in the middle of the mall. I get an idea! I pull the crossbow from my computer bag (you do take a crossbow everywhere, right?!?!), rip the knit cap from one of the hipsters, tie a piece of yarn to my bolt and fire it just right, so the yarn unravels as the bolt loops through all the gaged earholes tying them together  and parting hipster beards like the red sea. At last, the Apple store is in sight.

I see a father with his 3 children sitting on the floor eating ice cream. They are sitting in an aura of protection in front of the Apple Store. There is a nice young lady at the door of the Apple Store. As I cross the threshold of the store I notice the number of people inside. The nuns, Large Marge, the ladies from the Yukon, Tiny Tim (apparently he found a supercharged wheelchair and changed his name to Timmy 2000 – TIMMMAAAAAAHHHHHGGGG!!!!) and the poor one armed Salvation Army guy approach but slam into what is apparently a force field against crazy surrounding the Apple Store. Boob, relief!

I move to the back of the store, passing the Geico lizard, peaking from behind the genius bar (that would explain the angry cavemen in True Religions and a Favre jersey hovering outside the store). There, I see the AirPort that I am there for. But no, I have a question. Crap. It’s busy. A nice young lady (another nice young lady – after all the crazy it’s kinda’ hard to believe) approaches and asks if I need anything, seeing the furrow in my brow – or am i perma-furrowed?). Why yes, I respond. She knows more than someone her age should about 802.11ac but alas not the answer to my question, but wait here, I’ll be right back. Ya’ right?!?! Within a few seconds she appears again, with another nice young lady who actually does know the answer to my question. Well good grief, I guess I should get two of them then… She swipes my card, gives me a bag with my schwag in it and actually gives me the small business discount, apparently having remembered me from a previous ACN event. Wow.

I look back at the door with the forcefield, Large Marge (now armed with a curtain rod from Macy’s, Tiny Tim (now armed with a bolo made from Bang and Olufsen speakers and speaker-wire), the Nuns (wielding torches made from burning t-shirts from Spencer’s) and of course the now one armed Salvation Army guy wielding fugly fashion victim white sunglasses from Louis Vitton with tight, pegged $900 jeans and a monotone rasta hat that makes Bob Marley roll over in his grave. I know I will survive though, as Apple has called in Bruce Campbell to escort us all to our cars. Finally, I think to ask. What is wrong with people today? Ash looks down at me and asks “what is wrong with you people, going to the mall on Black Friday?!?!”

I didn’t know what I was getting into. I just needed an AirPort. On Black Friday I was able to walk into the Apple Store at Rosedale Center and in less than 15 minutes, walk out the door with what I needed. The only good experience in the whole mall – even on Black Friday! Kudos to you Apple and to the whole team at Rosedale. Wait, I forgot, I needed a new Apple TV. I should go back in…