krypted.com

Tiny Deathstars of Foulness

Some apps have defaults domains that don’t work the same as other apps and you need to use the -app option in defaults. This option is available for most apps, and sometimes I’ll use it to specifically crawl around for a specific setting I’m looking for. But for other apps, you need to interact with them there. So let’s look at Eclipse. Here, we can do a read with -app followed by the path:

defaults read -app /Applications/eclipse/Eclipse.app/

The output would be as follows:

{
NSNavLastRootDirectory = “~/smb/smb”;
NSNavPanelExpandedSizeForOpenMode = “{712, 426}”;
NSScrollAnimationEnabled = 0;
WebKitJavaEnabled = 0;
}

Now, let’s say you had a specific setting, like fixing an anti-aliasing issue:

defaults write -app /Applications/eclipse/Eclipse.app AppleAntiAliasingThreshold 19

#thanksaloteclipseupdaters

June 4th, 2017

Posted In: Java, Mac OS X, Mac OS X Server, Mac Security

Tags: ,

The software patching configuration built into most operating systems is configured so all that a user has to do is open a box at home, join the network and start using the computer right away. As environments grow from homes to small offices and then small offices grow into enterprises, at some point software updates and patches need to be managed centrally. Mavericks Server (OS X Server 3), as with its OS X Server predecessors has a Software Update service. The service in the Server app is known as Software Update and from the command line is known as swupdate.

The Software Update service, by default, stores each update in the /var/db/swupd directory. The Software Update servie is actually comprised of three components. The first is an Apache server, invoked by the /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.swupdate.host.plist LaunchDaemon. This LaunchDaemon invokes a httpd process and clients access updates from the server based on a manifest of updates available in the sucatalog. These are synchronized with Apple Software Updates via /Applications/Server.app/Contents/ServerRoot/usr/sbin/swupd_syncd, the LaunchDaemon for swupdate at /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.swupdate.sync.plist. The Apache version is now Apache/2.2.22.

Clients can be pointed at the server then via a Profile or using the defaults command to edit the /Library/Preferences/com.apple.SoftwareUpdate.plist file. The contents of this file can be read using the following command:

defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist

To point a client to a server via the command line, use a command such as the following:

sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://mavserver.pretendco.lan:8088/index.sucatalog

But first, you’ll need to configure and start the Software Update service. Lucky you, it’s quick (although quick in a hurry up and wait kind of way). To get started, open the Server app and then click on the Software Update service.

Screen Shot 2013-10-06 at 8.24.19 PMBy default, updates are set to simply mirror the Apple servers, by default, enabling each update that Apple publishes, effectively proxying updates. You can use the Manual button if you would like to configure updates to either manually be approved and manually synchronized or just manually approved but automatically copied from Apple. Otherwise click on the ON button and wait for the updates to cache to simply mirror the Apple servers.

If you would like to manually configure updates, click on the Manual option and then click on the Updates tab.

Screen Shot 2013-10-06 at 8.58.16 PMThe first item in the Updates tab is the “Automatically download new updates” checkbox. This option downloads all of the updates but does not enable them. The Updates tab also displays all available updates. click on one and then click on the cog-wheel icon towards the bottom of the screen to configure its behavior (Download, Enable, Disable, Remove and View Update).

Note: The only option for updates in an Automatic configuration environment is disable.

The service can be managed using serveradmin. To start Software Update, use the start option, followed by the swupdate service identifier:

sudo serveradmin start swupdate

To stop the service, replace start with stop:

sudo serveradmin stop swupdate

To see the status of the service, including the location of updates, the paths to log files, when the service was started and the number of updates running, use the fullstatus option:

sudo serveradmin fullstatus swupdate

The output of which appears as follows:

swupdate:state = "RUNNING"
swupdate:lastChecktime = 2013-10-07 01:25:05 +0000
swupdate:syncStatus = "INPROGRESS"
swupdate:syncServiceState = "RUNNING"
swupdate:setStateVersion = 1
swupdate:lastProductsUpdate = 2013-10-06 04:02:16 +0000
swupdate:logPaths:swupdateAccessLog = "/var/log/swupd/swupd_access_log"
swupdate:logPaths:swupdateErrorLog = "/var/log/swupd/swupd_error_log"
swupdate:logPaths:swupdateServiceLog = "/var/log/swupd/swupd_syncd_log"
swupdate:readWriteSettingsVersion = 1
swupdate:checkError = no
swupdate:pluginVers = "10.8.93 (93)"
swupdate:updatesDocRoot = "/Library/Server/Software Update/Data/"
swupdate:hostServiceState = "RUNNING"
swupdate:autoMirror = no
swupdate:numOfEnabledPkg = 0
swupdate:servicePortsAreRestricted = "NO"
swupdate:numOfMirroredPkg = 0
swupdate:autoMirrorOnlyNew = no
swupdate:startTime = 2013-10-07 01:25:05 +0000
swupdate:autoEnable = no

There are also a number of options available using the serveradmin settings that aren’t exposed to the Server app. These include a feature I used to use a lot in the beginning of deployments with poor bandwidth, only mirroring new updates, which is available to swupdate via the autoMirrorOnlyNew option. To configure:

sudo serveradmin settings swupdate:autoMirrorOnlyNew = yes

Also, the service can throttle bandwidth for clients. To use this option, run the following command:

sudo serveradmin settings swupdate:limitBandwidth = yes

And configure bandwidth using the syncBandwidth option, as follows:

sudo serveradmin settings swupdate:syncBandwidth = 10

To automatically sync updates but not enable them (as the checkboxes allow for in the Server app, use the following command:

sudo serveradmin settings swupdate:autoEnable = no

The port (by default 8088) can be managed using the portToUse option, here being used to set it to 80 (clients need this in their catalog URL from here on out):

sudo serveradmin settings swupdate:portToUse = 80

Finally, administrators can purge old packages that are no longer needed using the PurgeUnused option:

sudo serveradmin swupdate:PurgeUnused = yes

One of the biggest drawbacks of the Software Update service in OS X Mavericks Server in my opinion is the fact that it does not allow for serving 3rd party packages, from vendors such as Microsoft or Adobe. To provide those vendors with a manifest file and a quick little path option to add those manifest files, a nice middle ground could be found between the Mac App Store and the built in software update options in OS X. But then, we wouldn’t want to make it too easy.

Another issue many have had is that users need administrative passwords to run updates and don’t have them (technically this isn’t a problem with the OS X Server part of the stack, but it’s related). While many options have come up for this, one is to just run the softwareupdate command for clients via ARD or a similar tool.

Many environments have used these issues to look at tools such as Reposado or third party patch management tools such as JAMF Software’s the Casper Suite (JAMF also makes a reposado-based VM that mimics the swupdate options), FileWave, Absolute Manage and others. Overall, the update service in Mavericks Server is easily configured, easily managed and easily deployed to clients. It is what it needs to be for a large percentage of OS X Mavericks (10.9) Server administrators. This makes it a very viable option and if you’ve already got a Mountain Lion computer sitting around with clients not yet using a centralized update server, well worth enabling.

October 23rd, 2013

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , , , , , , , , , ,

Finder Preferences allow users to change the sidebar, alter how searches work, show file extensions, configure label names, alter what devices show up on the desktop of a system and control the behavior of Finder windows. You can access Finder Preferences either using the Preferences menu (under the Finder menu) with the Finder as the active application or using the Command-, keystroke.

There are a number of reasons I’ve seen people want to disable Finder Preferences, such as controlling user experience and easing support of the user experience for OS X. To do so, send a boolean ProhibitFinderPreferences key to com.apple.finder as TRUE (and kill the Finder):

defaults write com.apple.finder ProhibitFinderPreferences -bool true; killall Finder

To change it back:

defaults write com.apple.finder ProhibitFinderPreferences -bool false; killall Finder

September 6th, 2013

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , ,

Did you know that you can ask Apple Configurator to give you a lot more logs than it does by default? Holy crap. Makes life so much simpler when you’re having problems, to actually get real logs. And then there’s that… To get more logs, close Apple Configurator and then write All into the LogLevel key in com.apple.configurator:

defaults write com.apple.configurator LogLevel ALL

Re-open Apple Configurator and you’re golden. Then, have some problems and be so happy to get some logs, viewable in Console.

Screen Shot 2013-09-03 at 12.40.21 AM

September 4th, 2013

Posted In: iPhone, Mac OS X, Mac OS X Server

Tags: , , ,

By default, the OS X help window automatically overlays other screens. I’ve now added to my lab imaging sequence to disable this as I use help windows from time to time but want other windows in the foreground when I command-tab to them. To make the change, write a DevMode key as boolean true into com.apple.helpviewer using the defaults command as follows:

defaults write com.apple.helpviewer DevMode -bool true

To disable:

defaults write com.apple.helpviewer DevMode -bool false

August 15th, 2013

Posted In: Mac OS X

Tags: , , , , , , , ,

One of those annoying little things is when you ARD into a system and the Dock is nowhere to be seen. Why do we (or should I say they) autohide Docks on servers? Either way, when I ARD into a box and I don’t see a Dock I have this line saved as a Template:

defaults write com.apple.dock autohide -bool false; killall Dock

By writing an autohide key that is false into com.apple.dock for the currently logged in user, I don’t have to deal with the Dock disappearing any more. You need to kill the Dock and let it respawn, thus the killall as well.

Once I’m done working with the box, I can show the dock again:

defaults write com.apple.dock autohide -bool true; killall Dock

Or, instead of all this, as diskutant once pointed out, just use Command-Option-d when you ARD in and then again when you log out!

August 30th, 2012

Posted In: Mac OS X

Tags: , , , , , , ,

I was recently working on a new project developing against Twitter using their JSON interface. Turns out that the Twitter app has an awesome little feature to assist with such a task, a Console. To see the menu for the Console, enable the Develop menu, by putting a true boolean ShowDevelopMenu key into the com.twitter.twitter-mac.plist:

defaults write com.twitter.twitter-mac ShowDevelopMenu -bool true

Once enabled, use the Develop menu to open Console. Here, you can select various buttons and see the GET, POST, PUT or DELETE sent. as well as the entities sent.

To disable the Develop menu:

defaults write com.twitter.twitter-mac ShowDevelopMenu -bool false

August 26th, 2012

Posted In: Mac OS X

Tags: , , , , , , , , , ,

When Lion was new, I put up a post about clearing out information on saved applications states. Saved application states are a new feature in Lion that remembers the screens that were open and where each was when you quit applications. The reason for that post was that those states were causing a few minor issues with applications.

There are a few applications that the saving of application states is really awesome for. I think it will mostly be different for each persons workflow. Personally I like saving the state of Terminal, Safari and a few others. However, the state of some others can be a bit annoying for me. For example, Word.

Luckily, you can control which applications have saved states and which do not. To do so, first find the application in ~/Library/Saved Application State. These usually are the bundleid of the application followed by .savedState. Using the bundleid (or whatever is listed if not the bundleid), you’ll then send a NSQuitAlwaysKeepWindows key to the defaults domain for that id with a boolean setting of true or false. For example, to disable the saved state for Microsoft Word:

defaults write com.microsoft.word NSQuitAlwaysKeepsWindows -bool false

To re-enable it, just send a true value into the same key:

defaults write com.microsoft.word NSQuitAlwaysKeepsWindows -bool true

September 16th, 2011

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , ,

Netatalk seems to always have some issue with OS X. Why I still use little NAS boxes for this that and the other is beyond me. I got stuck dealing with this for a little while and if you’re using Netatalk w/ a DHCAST128 UAM you probably will too. For more on DHCAST see the Netatalk page on UAM support. Kerberos and DHX2 are arguably better, but I’ve found they don’t always work right on some of my NAS boxes.

This wasn’t just a quick defaults command as it was in previous instances. It’s not much of a script but the following should fix it if you’re having this issue like I was.

/usr/bin/defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1
/bin/sleep 60
/usr/bin/defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array “Cleartxt Passwrd” “MS2.0″ “2-Way Randnum exchange”

I had to reboot on one of my machines after this but on the others I didn’t. Hope it helps someone else…

And if you want to go back to the way things were before, simply remove com.AppleShareClient.plist from /Library/Preferences (w/ sudo):

rm /Library/Preferences/com.apple.AppleShareClient.plist

July 21st, 2011

Posted In: Mac OS X, Mac Security

Tags: , , , , , , ,

Fast User Switching, when enabled, allows users to leave one session open and hop to another user account. Great for training, testing and impressing friends (ok, so maybe it won’t impress your friends, but the thumb trick is getting old). To enable Fast User Switching, open the Accounts System Preference pane and click on Login Options. Then check the box for Show fast user switching menu. By default you’ll then see your user name in the menu bar.

To do this from the command line:

defaults write /Library/Preferences/.GlobalPreferences MultipleSessionEnabled -bool 'YES'

To then disable it from the command line:

defaults write /Library/Preferences/.GlobalPreferences MultipleSessionEnabled -bool 'NO'

What’s really cool though, is once enabled, you can switch users with a script as well, using the command line options available with CGSession, located in the user.menu item at /System/Library/CoreServices/Menu Extras/User.menu/Contents/Resources/CGSession.

/System/Library/CoreServices/Menu Extras/User.menu/Contents/Resources/CGSession -switchToUserID 501

Or to simply go to a login screen:

/System/Library/CoreServices/Menu Extras/User.menu/Contents/Resources/CGSession -suspend

June 7th, 2011

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , ,

Next Page »