• Mac OS X

    Device Snapshots and Crafting A Restore Device User Experience for Macs

    I recently worked on something where a design requirement was to build a good snapshot restore option but not to use Time Machine backups. You can capture a snapshot of a Mac without enabling Time Machine. To do so, you’d still use the same binary as you would with Time Machine, /usr/bin/tmutil. To do so, simply use the snapshot verb as follows: /usr/bin/tmutil snapshot Once you’ve run that, you get output similar to the following: Created local snapshot with date: 2019-04-12-110248 Now you have a snapshot that can be used to restore a Mac using the steps shown in this article: https://maclovin.org/blog-native/2017/restoring-from-a-snapshot-with-apfs. You can make a snapshot at the provisioning…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Encrypting Volumes in OS X Mountain Lion

    Encrypting a volume in OS X Mountain Lion couldn’t be easier. In this article, we will look at three ways to encrypt OS X Lion volumes. The reason there are three ways is that booted volumes and non-booted volumes have different methods for enabling encryption. The third way to enable encryption on a volume is to do so through Encrypting Attached Storage For non-boot volumes, just control-click or right-click on them and then click on Encrypt “VOLUMENAME” where the name of the volume is in quotes. When prompted, provide an encryption password for the volume, verify that password and if you so choose, provide a hint. Once the encryption process…

  • Mac OS X,  Mac OS X Server,  Mass Deployment

    DeployStudio: Rename a Volume with Host Name

    DeployStudio has the ability to rename volumes as part of a standard workflow. These are typically set to something like “Macintosh HD” (the default) or “Computer Lab” or something like that. But what if you wanted to name the volume something unique to a given computer, which makes it easier to keep track with what you are doing across a number of servers? You could create a workflow for each computer and change the hard drive name for each to something unique; but that would be tedious and pollute your list of workflows, likely resulting in accidentally running the wrong workflow at times. Instead, you could look at a really…

  • Mac OS X,  Mass Deployment

    Verifying & Repairing Permissions

    Disk Utility has a nifty little button to Verify Disk Permissions and another to Repair Disk Permissions. Many use this frequently over the course of basic Mac OS X troubleshooting. The underlying functionality is also exposed at the command line. Diskutil (located in /usr/sbin) has the verifyPermissions and repairPermissions, which roughly correspond to the buttons in Disk Utility. Because these can be run against different disks, each will need the volume indicated following the verb. For example, to run a Verify Disk Permissions against a volume called Seldon, you would use the following command: diskutil verifyPermissions /Volumes/Seldon To then run a Repair Disk Permissions on that same volume, you would…

  • Mac OS X,  Mac OS X Server

    Enabling RAID Mirrors Redux

    When new versions of operating systems come out sometimes articles need to be updated. It’s always nice when someone else does the hard part. Recently, Ben Levy, an Apple Consultant from Los Angeles, did some work on an article I did awhile back. To quote Ben, the new procedure is to: 1. Boot from something other than your intended RAIDed boot drive, open Terminal and use diskutil list to identify the relevant disks and partitions. 2. diskutil appleRAID enable mirror disk0s2 – (assuming correctly identified slice, yours may be different) This command turns your primary disk into a RAID mirror without a mirror 3. Reboot back to your boot drive…

  • Mac OS X

    Programatically Secure Erasing Free Space

    One of those security things that pops up every now and then is to use the secure erase feature of Mac OS X, located in Disk Utility. But you can access this same feature from the command line using the secureErase option in diskutil followed by the freespace option. The format of the command is: diskutil secureErase freespace [level] [device] The levels are as follows (per the man page as not all of these are specified in Disk Utility): Single-pass zero-fill erase Single-pass random-fill erase US DoD 7-pass secure erase Gutmann algorithm 35-pass secure erase US DoE algorithm 3-pass secure erase So for example, let’s say you had a volume…