Tag Archives: defaults

Mac OS X Mass Deployment

Password Hints and Retries in OS X

You can customize the number of times that you enter an incorrect password before you get the password hint in the loginwindow on OS X. To do so, use the defaults command to send a RetriesUntilHint integer key into com.apple.loginwindow.plist stored at /Library/Preferences using the following command:

defaults write /Library/Preferences/com.apple.loginwindow RetriesUntilHint -integer 10

Mac OS X Mac OS X Server Mac Security Mass Deployment

Who Needs Root When You Can Have Simple Finder

Here’s the thing: I’m not very good with computers. So to keep me from hurting myself too badly, I need the simplest interface available that allows me to run multiple applications. But most of the command keys shouldn’t work in this interface and I should only have Finder, file and Help menus.

Luckily for my poor MacBook Airs, Apple thought of people like me when they wrote the Finder and invented something called Simple Finder which makes OS X even simpler than it is by default to use. To enable Simple Finder, just go to Parental controls, enable controls for a user and then check the box for Simple Finder. Or, if you have an entire population of users like me, who simply can’t be trusted with a full operating environment, you can send the InterfaceLevel key with the contents of simple (easy to remember for those of us who resemble said key) to com.apple.finder and restart our friendly neighborhood Finder:

defaults write com.apple.finder InterfaceLevel simple; killall Finder

Come to think of it, maybe I’m not so awful. Let’s say I want to turn that whole Simple Finder thing right back off. Well, all we have to do is delete that key we created and then restart the Finder:

defaults delete com.apple.finder InterfaceLevel; killall Finder

Actually, I am terrible with these things. So much so that it’s not appropriate for me to use a computer. Therefore, just take it away. I’ll be better off using that Samsung with Windows 8 for awhile. At least there, I won’t be able to get any of my apps open or find any of the administrative tools that could damage the computer!

Mac OS X Mac OS X Server Mac Security Mass Deployment

Disable the Go To Folder Menu Item

For many environments, securing OS X is basically trying to make the computer act more like an iOS device. Some of the easier tasks involve disabling access to certain apps, sandboxing and controlling access to certain features. One of the steps en route to building an iOS-esque environment in OS X is to disable that Go to Folder… option. To do so, set the ProhibitGoToFolder key as true in com.apple.finder:

defaults write com.apple.finder ProhibitGoToFolder -bool true

Then reboot, or kill the Finder:

killall Finder

To undo, set the ProhibitGoToFolder as false:

defaults write com.apple.finder ProhibitGoToFolder -bool false

Mac OS X Mac OS X Server Mac Security Mass Deployment

Programmatically Disable Notification Center in Mountain Lion (aka My Battery Life Sucks)

There are a few ways I like to extend my battery life on my MacBook Air. These days, it’s increasingly important to conserve battery life as the transition to Mountain Lion (Mac OS X 10.8) has caused my battery life to spiral into so much of a vortex that I am concerned that my laptop must be shooting raw electricity out of the bottom (which would certainly explain why my hair has a tendency to be perpendicular with the ground when I exit a plane). Ever since moving to Mountain Lion (yes, this includes 10.8.2), I’m lucky to get 3 hours of battery life out of the Mac that used to give me at least 5 hours…

There are a number of tricks that I use to extend battery life. Some are obvious, such as dimming the screen, only using an app at a time, killing off menu items, temporarily stop Spotlight Indexing and killing off LaunchDaemons and LaunchAgents that I’m not using. I even used to used an app called CoolBookController to throttle my processor speeds while flying. But that doesn’t work as of Lion (certainly not in Mountain Lion).

One thing that I’ve been able to do that extends my battery life a little more (maybe an extra half hour) is to kill off Notification Center (I wrote about customizing Notification Center earlier here). I know, I know, it shouldn’t matter… But recently, a customer asked me to script disabling Notification Center. Since I’ve been killing it off with a script, this was a pretty straight forward task. It’s easy to disable Notification Center temporarily using the GUI. Simply click on the Notification Center icon in the menu bar and then scroll up to see the “Show Alerts and Banners” button. Click OFF or ON to toggle it off and on. As you can see, Notification Center then starts back up the next day.

To disable Notification Center from the command line, write a KeepAlive key that is false into the /System/Library/LaunchAgents/com.apple.notificationcenterui.plist like so:

sudo defaults write /System/Library/LaunchAgents/com.apple.notificationcenterui KeepAlive -bool false

Then, if you kill NotificationCenter off, it’ll stay off:

killall NotificationCenter

If you want to re-enable Notification Center, you’d just run the same with a true:

sudo defaults write /System/Library/LaunchAgents/com.apple.notificationcenterui KeepAlive -bool true

The easy way to then get it back is to reboot. Now, just for giggles, Notification Center is actually the /System/Library/CoreServices/NotificationCenter.app and in there lies the /System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter binary. If you open it, you’ll get multiple Notification Center icons in the menu bar. I’m not sure why I decided to try that at some point. But it’s kinda’ fun…

Ultimately, I travel with multiple MacBooks, so rather than toss one of them in a checked bag, or one destined for the overhead, I am temporarily just keeping a second 11 in the bag I keep under the seat in front of me for now…

Mac OS X

Showing iTunes Track & Song Titles In The Dock

When I’m writing, I like to listen to music in the background. When writing, I also like to have everything minimized so I can quickly grab a screenshot of the desktop where needed. This means that when I run into a track that doesn’t work with whatever I’m writing that I would need to unminimize iTunes, click the next button and then re-minimize iTunes. Awhile back I found a better way but can’t remember where for attribution. So, part of my default user template and imaging framework now includes setting the iTunes Dock icon to show the track that I’m playing so I can easily go to the next song, filing away the current song to remove from whatever playlist at a later date in case I’ve forgotten who the artist was. By default the iTunes Dock icon doesn’t show the current playing track. To tell it to:

defaults write com.apple.dock itunes-notifications -bool TRUE

Then killall Dock:

killall Dock

Now when you click on iTunes in the dock and hold the mouse down, you’ll see the following:

If you later decide you don’t like this:

defaults write com.apple.dock itunes-notifications -bool FALSE

And then killall Dock:

killall Dock

Mac OS X Mac OS X Server Mac Security Mass Deployment

Disable Shadows on Screencapture in OS X Mountain Lion

The process has changed a little bit in Mountain Lion for disabling shadows on screen shots, sometimes… By default, there’s no com.apple.screencapture manifest, so the first step is to create it with the boolean disable-shadow key set to true. This part is the same as with Lion:

defaults write com.apple.screencapture disable-shadow -bool TRUE

Now check that disable-shadow shows as a 1:

defaults read com.apple.screencapture

But where it’s a little different is that you previously killed SystemUIServer w/out sudo:

killall SystemUIServer

SystemUIServer would then open back up and screenshots wouldn’t have shadows. And this still works sometimes. But now, I’ve noticed across the 30 or so systems in my lab that while you don’t get an error, the process doesn’t actually change the screen shots from time to time. Sometimes, you need to put sudo in front of the killall now:

sudo killall SystemUIServer

Now everything should work as intended.

Mac OS X

A Better Way To Paste Addresses from Mail

One of my little irritations about OS X just got easier. When I’m using Mail and I copy and email address and paste it somewhere, it has the name of the contact bracing the email address wrapped with a <>. This is a royal pain. I am pretty sure that every single flippin’ time I’ve removed the cruft around the email address. While digging around in com.apple.mail I noticed a key for AddressesIncludeNameOnPasteboard that was set to True. Holy crap. Change to False and this minor irritation is gone. Viola, OS X is now even better:

defaults write com.apple.mail AddressesIncludeNameOnPasteboard -bool FALSE

To set it back:

defaults write com.apple.mail AddressesIncludeNameOnPasteboard -bool TRUE

I’m sure others have uncovered this before me (mostly because I googled it after I found it). So nothing really new here, but pretty sure that one will save me at least 3 minutes per year. Yay for me.

Mac OS X

Disable Rubber Band Scrolling In Lion & Up

10.7 and up have a little feature called elastic scrolling. When you get to the top of a page and you keep scrolling you see the linen background. There is a NAS devices whose web portals seems to be pretty shady overall, but specifically seems to lock up when this rubber band effect kicks in. So to disable:

defaults write -g NSScrollViewRubberbanding -bool FALSE

To disable the disable, or re-enable the effect:

defaults write -g NSScrollViewRubberbanding -bool TRUE

Mass Deployment Windows Server Windows XP

Powershell Goodies From Vexasoft

There are a number of features that make mass deployment of Mac OS X pretty easy. Some of these would be great to have in Windows. These range from systemconfiguration to networksetup and the ability to look at packages that have been installed and review their bills of material. Well, the good people at Vexasoft have built a number of Powershell libraries that, while they aren’t named as such, do a number of the features that these commands do, just for Windows clients via Powershell. And the best part is, a number of them are free.

Let’s look at what some of these commands do:

  • First, there are the cmdlets used to manage the network stack (so similar to various verbs in networksetup). These include Add-NetworkAdapterDNS, Add-NetworkAdapterGateway, Add-NetworkAdapterIP, Disable-NetworkAdapter, Enable-NetworkAdapter, Get-NetworkAdapter, Remove-NetworkAdapterIP, Remove-NetworkAdapterGateway, Remove-NetworkAdapterDNS, Set-(followed by the others from the above sets) and Rename-NetworkAdapter.
  • Second, you can automate binding with Set-Domain. This is similar to dsconfigad but less awesome because it’s third party, but still more awesome than the native tools because it’s easier.
  • Third, rename the system. This is similar to scutil, hostname, sets. Just use Rename-Computer to change the name of a Windows system.
  • My favorite, having written something similar, is probably Get-RemoteDesktopConfig and Set-RemoteDesktopConfig, similar to the kickstart options in OS X.
  • And a tool similar to installer in OS X, Install-MSIProduct, which installs MSIs.
  • Sixth, there’s Set-Pagefile, because if you’re gonna’ change it, do so while imaging to save a reboot later…
  • While there are others, the final one I’d like to mention is still free: Get-RegistryKey, which gives us the ability to basically run the closest thing to defaults commands I’ve found against the Windows platform.

They install as standard Powershell modules, making them easy to drop into practically any imaging environment. Much of these can be done via WMI or Powershell already, but will require a bit more legwork to script. Having them pre-built makes it easier than ever to perform some basic tasks for other platforms en masse, on Windows.

Mac OS X Mac OS X Server Mac Security Mass Deployment

Disable AutoUpdates in Google Chrome

More and more deployments seem to come with sending Google Chrome out to client systems. Chrome is yet another application with built-in updating to make the process of owning software a bit less tedious for end users. However, in large deployments, we usually need to disable such a feature. Given how talented they are, the Googlers that built the automatic updaters went ahead and showed great foresight and made it easy to disable. Simply set the checkInterval key in com.google.Keystone.Agent to 0, done using defaults here:

defaults write com.google.Keystone.Agent checkInterval 0

Once disabled, use defaults to set the checkInterval key to how frequently you’d like the check to run (in seconds):

defaults write com.google.Keystone.Agent checkInterval 36000