Tiny Deathstars of Foulness

It can be tough to get information about larger Mac deployments. I’ve written a few books on it. Apple has built some pages on it. But many prefer to consume their content through video. As such, Sean Collins has teamed up with to put together an IT Administrator’s Guide for El Capitan. With topics ranging from SIP to DEP, and all the acronyms in the middle, Sean’s soothing voice will guide you through what you need to get started with a new Mac deployment.

Screen Shot 2016-01-15 at 2.11.19 PM

Many a job can seem daunting, but with this latest addition to our arsenal, you’ll instantly feel less intimidated. It’s like the Sun A of the Mac world. But afterwards, when you go into corpse pose, you won’t fall asleep, because the content is too good. Check it out here:

January 15th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , ,

There is a nice review of my iOS in the Enterprise book up on MacDirectory. It is available at:,com_reviews/task,viewDetail/review_id,504

Overall the review was good. I understand not liking the font choice for the book. Luckily this type of thing isn’t something we authors have a choice about, so I take it as an overall good review!

April 25th, 2011

Posted In: Articles and Books, iPhone, Mac Security, Mass Deployment

Tags: , ,

I’ve been watching the MacTech Conference and then Boot Camps for some time. After hearing of the resounding success of the Conference last summer I was then stoked to hear that the January Boot Camp went extremely well. A MacTech Boot Camp is a regional, single-track seminar designed specifically for consultants and techs. MacTech Conference is a multi-day conference for IT professionals with a focus on enterprise and development whereas the Boot Camps are for consultants and techs focused on home users and small to medium sized businesses. Both are going really well. is now a media sponsor of MacTech Boot Camps! This means I get discounts to offer my readers! There is a Dallas Boot Camp coming up on April 27th and a Boston Boot Camp on May 18th. You can get a discount ($200 off) by signing up at There is also one is Los Angeles on July 27th and one in Chicago on August 31st to round out the summer. You can get early bird pricing and a discount for those ($200 off) at

There’s a lot of information covered in the Boot Camps, with each city hosting about 9 sessions of 45 minutes each. For a list of topics, see The 2011 curriculum includes:

  • Building Your Brand: Marketing and Business Concerns
  • An Experts Guide to Working with Clients
  • Best practices: Hardware, Software and Network Deployment
  • Troubleshooting Hardware, Software and Network Problems
  • Integrating Mobility into Small Business
  • Windows Concerns in a Mac Office
  • Scripting, Storage and Protecting Oneself: Backing up, Archiving and Restoring Data
  • How to Make Remote Consulting Work for You
  • You Can’t Know Everything: Getting the Support You Need

Certification testing is also available the day before the Boot Camps start through third party testing centers. This lets you get a lot of education out of the way at once (and at a discount) so you can focus on other stuff for the rest of the summer! For more on certification options:

And let’s not forget that the second MacTech conference is going back to the Los Angeles area, from November 2nd through 4th at the Universal Sheraton! 3 days, meals included lots of very technical, enterprise oriented fun will be had by all!

April 12th, 2011

Posted In: Articles and Books, Business, certifications, Consulting, iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , ,

An excerpt-turned-article of mine just appeared in iPhone Life Magazine. IT’s called The Inevitability of the iPhone in the Enterprise:

Hope you enjoy!

January 21st, 2011

Posted In: iPhone

Tags: , ,

Josh Barrett, of posted a mini-review of my latest book, the Enterprise iPhone and iPad Administrator’s Guide. It’s an interesting look at iPads making their way into law firms despite the often reluctant IT admins who have to support them. Big thanks to Josh for a favorable review!

January 20th, 2011

Posted In: Articles and Books

Tags: , , , ,

The Mac OS X App Store was released earlier this month as a part of the Mac OS X 10.6.6 update. The App Store, with over 1,000 applications (including a couple of server tools), allowing people to download and install applications on Mac OS X computers without needing to understand how to click through the screens of a standard package installer, drag applications from disk images into the /Applications folder or basically how to do practically anything except for click and provide a valid credit card number. As with the App Store that debuted with the iPhone, the App Store for Mac OS X is clearly aimed at residential customers, but being that these computers are used in enterprises around the world, the impact to managed environments cannot be discounted. I decided to do plenty of testing and reading before I wrote this up, so hopefully you’ll find it helpful, if not very timely.

The first and probably most important aspect of the App Store to most who are charged with managing large numbers of Mac OS X computers is that only administrative users can install software from the App Store. This little fact makes the App Store itself a non-issue for most enterprises, who do not make typical users administrative users. Because only administrative accounts can download and install applications, there is little risk created from leaving the App Store on client computers.

Applications installed from the App Store can only be deployed into the /Applications directory. These applications are owned by System, with read-only access given to the wheel group and everyone else. No ACLs are used, so while a single user purchases the software any user on the system can open it. If you copy the software to another computer then you will be prompted to authorize it using the same Apple ID that was used to purchase it.

When an administrative user purchases an application, they are not prompted for a system password, only an App Store password, which uses the same Apple ID used for the iTunes Store and the iOS App Store. Application updates are handled using the familiar Updates screen borrowed from the iOS App Store, which includes the nifty Update All option.

As far as controlling the user’s experience with the App Store, there are a few options. Administrators can remove the App Store application bundle (which can be replaced any time) from /Applications. Administrators can also black list the application using managed preferences/parental controls. A Dock item is added by default and can be removed as well. Removing both the Dock item and the Application bundle will then remove the App Store menu item from the Apple menu. You can also block the hosts at, which includes,,,, and possibly These will communicate over ports 80 and 443, according to the operation being used. There is also a launch daemon at /System/Library/LaunchAgents/ that should be unloaded and likely removed if you’re going to outright disable the App Store. However, the only real way I would personally disable is using a managed preference.

There is also a property list file for the App Store that can be used to manage the application in Workgroup Manager in ~/Library/Preferences/ However, there isn’t much that can be done here at this time.

Because applications are tied to users, when a user moves computers you will want to backup and restore the applications for the user. To do so, here’s the captain obvious article for ya’:

The App Store is not a replacement for a good patch management system. Software distribution cannot be managed centrally using the App Store and Software Update Server in Mac OS X Server does not currently cache applications from the App Store. Trying to think of a way to shoehorn the App Store into a software distribution system such as JAMF’s Casper Suite, Absolute Manage or FileWave is just asking for a world of pain, so let’s pretend that we never brought it up. If your organization isn’t able to license one of the aforementioned products, check out Star Deploy from or munki from Finally, I think that Apple’s done a great job with the App Store for a version 1 release. I think that my wife loves it and that over time if Apple chooses to do more with it then great; otherwise, all of the options we’ve been using, from the installer command on, are still at our disposal.

January 18th, 2011

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , , , , ,

The Enterprise iPhone and iPad Administrator’s Guide is now shipping (and rapidly moving up in Amazon’s rankings)! There have also been a couple of sightings in Border’s.

Apress also sent out a press release and an email blast regarding the book in the past week. So, feel free to buy it using the link below! :)

December 9th, 2010

Posted In: Articles and Books, iPhone

Tags: , , , , , , , , , , , , , , ,

The only thing I can think of that I would change about the iPhone is to have the ability to add a layer of full disk encryption. In lieu of that, Good, the makers of GoodLink, have reinvented themselves as the iPhone in the Enterprise front runner in my book. They did this by duplicating much of the functionality of the native iPhone applications, but did so in a manner that stores its data in an encrypted disk image. Communications to the iPhone from the Good servers are also encrypted with similar fervor. And if you have Domino instead of Exchange then you have equal functionality, great for a number of environments!

So what does Good get you? Well, much of what you get without Good. You have email, synchronized mail, push notification (although the push from Good actually works with mail, calendars and contacts). You also get calendars and contacts. But you had that before; now it’s just sitting on an encrypted disk image and can easily be wiped; or in the event that the device cannot be accessed over the air, it will be sitting on an AES-192 encrypted disk image.

What else does Good get you? A centralized management dashboard (that is web based), more granular policies and reporting. The tunnel, as we mentioned, is encrypted, but it also requires no incoming ports, attractive for many environments with concerns about ActiveSync security, etc.

Overall, I’ve only had a few hours at using Good for Enterprise, and I already feel like an old pro at it. It’s simpler than Blackberry Enterprise to manage, but also lacks some of the extensibility. It’s more expensive than just leveraging ActiveSync, but then also lacks some of the security concerns that many have there. A great product to check out, but make sure that your end users will be OK using the Good client as it is a little different from the native clients built into the iPhone!

December 23rd, 2009

Posted In: iPhone

Tags: , , , ,

Tired of carrying around that RSA SecurID token thingie from 1994, all beige and chewed on routinely by kids and dogs alike? RSA now has an iPhone app for that. Using the SecurID token you can have the exact same functionality using the iPhone that you would otherwise have to use a keychain dongle for. If you’re like me and have been trying to reduce the items you carry on your person for a long time this is a fantastic new option. And in a way, RSA is just helping to make a case for using an iPhone in highly secured Enterprise environments (not that they’re not helping to make the same case with their Blackberry version of a SecurID application).

The application is free, but you’re organization will have likely already purchased a seed that costs much more than an iPhone app that they charge for would have made them… Tokens will need some conversion and then users will need to click on a link to install them (I’ll cover that later if I can find the time) but once you have it setup then it will be a bit easier to deploy. I’d like to find a way to insert it into a provisioning profile but again I’ll just need a bit more time to figure that out. Look for further posts at a later date.

July 23rd, 2009

Posted In: iPhone, Mac Security

Tags: , , ,

The basic steps to use BRU, Tivoli, Atempo, Bakbone and PresSTORE are all covered in the latest edition of Michael Dhaliwal’s Enterprise Backup Whitepaper, available on his personal site.

April 5th, 2009

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , , , ,

Next Page »