Tag Archives: Mac OS X

iPhone Mac OS X Mac OS X Server

MacIT Presentation

I enjoy going to MacIT so much. Paul Kent ran a great little conference in Monterrey one year and I am so glad that I started going to Macworld around that time. I missed it last year while trying to trim back on the travel and am pretty stoked I got to get there again this year. Special thanks to everyone I saw and was able to hang out with. Considering there isn’t a single person I didn’t want to hang out with, sorry if I didn’t see you or get to spend any time. Thanks to Duncan and Kevin White for making time to do the podcasts (hopefully the background noise is low enough so we can get them posted!).

Also, this is a top-notch production. Kathy, Paul, the board (Arek, Dan, John, Kevin, Duncan, etc) and everyone else I’ve ever interacted with there are absolutely amazing. I would love nothing more than to not get a chance to speak next year because a flood of amazing talks burst on the scene. Start thinking about what you could talk about now so I can show up and sit in the back and watch you do your thing! :)

And if you were in my session and asked about the presentation when the conference site was on the fritz (which could have also been my fault BTW), the presentation is here: MacIT 2014

Screen Shot 2014-03-29 at 11.09.44 PM

Unix Xsan

One Liner Script To Check If Xsan Is Installed

The following will tell you whether Xsan has been installed on a client system. Here we’re checking if the file exists using the [] for a file (I always quote paths that aren’t variables when doing this type of thing) and and then echoing a response that it does.

[ -f "/Library/Preferences/Xsan/uuid" ] && echo "Xsan is installed"

If the file exists, we could also perform some other tasks or use an else and make changes, like copying an authorization and fsnameservers file into the directory when installing StorNext clients on OS X. The way I would likely do this, if I were saying if the uuid file doesn’t exist, do a task would be:

[ | -f "/Library/Preferences/Xsan/uuid" ] && echo "Xsan is not installed"

In the above example, placing the pipe in front acts as a negative operator, so these two lines are basically the opposite of one another.


Mac OS X Server

Install OS X Server

Installing Mavericks Server is about as easy as installing Keynote. First, open the Mac App Store and search for OS X Server. Then, click the button to buy the software, or if you’ve already purchased the software click on the Install button.

Screen Shot 2013-11-05 at 2.50.39 PMThe Server app downloads to your /Applications directory which you can watch happen by watching the status in LaunchPad.

Screen Shot 2013-11-05 at 2.55.21 PM

Once the download is finished, click on the Server app in LaunchPad or open the Server app to start the initial configuration wizard.

Screen Shot 2013-11-05 at 3.01.46 PM

When you first click on the Server app, you will be prompted to setup your server. Click Continue.

Screen Shot 2013-11-05 at 3.02.26 PMAgree to the licensing agreement by clicking Agree.

Screen Shot 2013-11-05 at 3.04.07 PMAuthenticate with an administrative password if prompted.

Screen Shot 2013-11-05 at 3.04.52 PMServices are prepared. Be patient, there are literally big physical cog wheels turning in your computers head right about now.

Screen Shot 2013-11-05 at 3.05.41 PMThe Server Tutorials screen opens. Read them all or you can’t use the server. Actually, you can just close this screen, although they’re well done and you should read them.

Screen Shot 2013-11-05 at 3.06.59 PMOnce you close the screen, you’ll be in the app and your server install is complete. Well, kinda’. In articles on services I go into fixing host names and the such. But if this is a pretty basic server you’re all done.

Note: Now, before you make fun of how simple this is, note that there’s an item on an outline and this article is completing one of the items in my outline. Thank you for your judgement. -the mgmt

iPhone Mac OS X Server

Install Your Shiny New VPP Token For Profile Manager

Apple began rolling out new features with the new Volume Purchasing Program (VPP) program this week. There are lots of good things to know, here. First, the old way should still work. You’re not loosing the stuff you already invested in such as Configurator with those codes you might have used last year with supervision. However, you will need an MDM solution (Profile Manager, Casper, Absolute, FileWave, etc) to use the new tools. Also, the new token options are for one to one (1:1) environments. This isn’t for multi-tenant environments. You can only use these codes and options for iOS 7 and OS X 10.9 and above.

But this article isn’t about the fine print details of the new VPP. Instead, this article is about making Profile Manager work with your new VPP token. To get started, log into your VPP account. Once logged in, click on your account email address and then select Account Summary.

Screen Shot 2013-11-05 at 3.26.00 PM

Then, click on the Download Token link and your token will be downloaded to your ~/Downloads (or wherever you download stuff).

Screen Shot 2013-11-05 at 3.18.22 PM

Once you have your token, open the Server app and click on the Profile Manager service.

Screen Shot 2013-11-05 at 3.14.35 PMClick on the checkbox for Distribute apps and books from the Volume Purchase Program.

Screen Shot 2013-11-05 at 3.14.43 PMAt the VPP Managed Distribution screen, drag the .vpptoken file downloaded earlier into the screen.

Screen Shot 2013-11-05 at 3.15.02 PMClick Continue. The VPP code email address will appear in the screen. Click Done.

Screen Shot 2013-11-05 at 3.15.08 PMBack at the profile manager screen, you should then see that the checkbox is filled and you can now setup Profile Manager.

Screen Shot 2013-11-05 at 3.15.14 PMThe rest of the configuration of Profile Manager is covered in the article I did earlier on Profile Manager 3.

Note: The account used to configure the VPP information is not tracked in any serveradmin settings.

Mac OS X Mac OS X Server Mac Security Mass Deployment

Manage Profiles From The Command Line In OS X 10.9

You can export profiles from Apple Configurator or Profile Manager (or some of the 3rd party MDM tools). You can then install profiles by just opening them and installing. Once profiles are installed on a Mac, mdmclient, a binary located in /usr/libexec will process changes such as wiping a system that has been FileVaulted (note you need to FileVault if you want to wipe an OS X Lion client computer). /System/Library/LaunchDaemons and /System/Library/LaunchAgents has a mdmclient daemon and agent respectively that start it up automatically.

NEWScreen-Shot-2013-10-07-at-3.50.40-PMTo script profile deployment, administrators can add and remove configuration profiles using the new /usr/bin/profiles command. To see all profiles, aggregated, use the profiles command with just the -P option:

/usr/bin/profiles -P

As with managed preferences (and piggy backing on managed preferences for that matter), configuration profiles can be assigned to users or computers. To see just user profiles, use the -L option:

/usr/bin/profiles -L

You can remove all profiles using -D:

/usr/bin/profiles -D

The -I option installs profiles and the -R removes profiles. Use -p to indicate the profile is from a server or -F to indicate it’s source is a file. To remove a profile:

/usr/bin/profiles -R -F /tmp/HawkeyesTrickshot.mobileconfig

To remove one from a server:

/usr/bin/profiles -R -p com.WestCoastAvengers.HawkeyesTrickshot

The following installs HawkeyesTrickshot.mobileconfig from /tmp:

/usr/bin/profiles -I -F /tmp/HawkeyesTrickshot.mobileconfig

If created in Profile Manager:

/usr/bin/profiles -I -p com.WestCoastAvengers.HawkeyesTrickshot

There is a nifty new feature in the profiles command in Mavericks, where you can configure profiles to install at the next boot, rather than immediately. Use the -s to define a startup profile and take note that if it fails, the profile will attempt to install at each subsequent reboot until installed. To use the command, simply add a -s then the -F for the profile and the -f to automatically confirm, as follows (and I like to throw in a -v usually for good measure):

profiles -s -F /Profiles/SuperAwesome.mobileconfig -f -v

And that’s it. Nice and easy and you now have profiles that only activate when a computer is started up. As of OS X Mavericks, the dscl command has extensions for dealing with profiles as well. These include the available MCX Profile Extensions:

-profileimport -profiledelete -profilelist [optArgs]

To list all profiles from an Open Directory object, use 
-profilelist. To run, follow the dscl command with -u to specify a user, -P to specify the password for the user, then the IP address of the OD server (or name of the AD object), then the profilelist verb, then the relative path. Assuming a username of diradmin for the directory, a password of moonknight and then cedge user:

dscl -u diradmin -P moonknight profilelist /LDAPv3/

To delete that information for the given user, swap the profilelist extension with profiledelete:
dscl -u diradmin -P apple profilelist /LDAPv3/
If you would rather export all information to a directory called ProfileExports on the root of the drive:

dscl -u diradmin -P moonknight profileexport . all -o /ProfileExports

Mac OS X Mac OS X Server Mac Security Mass Deployment

Build and Reverse MD5 Hashes Programatically

An MD5 hash encodes a string into a 128-bit fingerprint in a one-way transaction that nets the same result no matter what computer you’re using to generate hashes. I know it’s hard to imagine, but the md5 command will create a hash. There are a few ways people go about doing such things. The easiest way I’ve found is to echo the string into md5, most easily done using a command such as the following, which simply echoes out the word test to the md5 command on a Mac:

echo -n test | md5

And the output is a simple hash:


The reason I use the -n is because if you just echo without it the new line is included.

You can also use the -s option of md5 without echoing anything:

md5 -s "test"

Which outputs:

MD5 ("test") = 098f6bcd4621d373cade4e832627b4f6

If you then pop this unreversible hash into some tables of hashes or even sites that just do such things for you these days, you can basically reverse them pretty easily now:

curl http://md5.gromweb.com/?md5=098f6bcd4621d373cade4e832627b4f6 | grep "The MD5 hash"

Screen Shot 2013-11-04 at 8.05.22 PM

Now use something stronger. Something with numbers, letters, special characters, etc to make a hash. The resultant lookup is likely going to be empty when you attempt to reverse the hash. Therefore, to see if your password is easily reversed from the MySQL md5 tables of all those websites you put it into, convert it to a hash and then pop it into a reverse site.

echo -n noice

Mac OS X

Video on Setting Up a Munki Repo

(Allister Banks Guest Post:)

As part of my presentations at LOPSA-East(the pdf slides of this one is here) earlier this year, I wanted to demonstrate how quickly you can get a proof-of-concept of Munki running on a recent Mac OS without Server. I had always used Greg Neagle’s awesome intro articles for MacTech(especially part 2,) which were  created back in 10.6 days(simpler times, amirite?) This video takes you through the setup of a Munki repo, and goes on to demonstrate not only basic Munki interaction and functionality, but if you setup MunkiWebAdmin and the reporting scripts on your clients in addition, it does a quick tour of that interface.

Setting Up a Munki Repository on 10.7+, Quick MunkiWebAdmin Demo from Allister Banks on Vimeo.

Pardon the length, lack of sound and meme’s sprinkled throughout, but I hope it’s of use to someone!

Mac OS X Mac OS X Server Mac Security

Clear ASL Logs Following Upgrades

I’ve had a couple of servers that after upgrading to 10.9 I’ve noticed were pretty slow to open up Terminal. To fix, I just cleared the ASL logs. To do so, just rm the contents of /var/log/asl. Here, I back them up first:

cp -r /var/log/asl/ /Users/krypted/Desktop/asl/
rm -f /var/log/asl/*.asl

If you end up not needing them you can just delete the asl directory from your Desktop.

Mac OS X

Yet Another Article On Debug Menus: Xcode

Another day, another debug menu to point out. This time in Xcode. To enable:

defaults write com.apple.dt.Xcode ShowDVTDebugMenu -bool TRUE

To then disable the debug menu:

defaults write com.apple.dt.Xcode ShowDVTDebugMenu -bool FALSE

Mac OS X Mass Deployment

Debugging and Deploying iBooks

Just got to do my first troubleshooting for the iBooks app in OS X. Wasn’t a ton of info, so went digging for the debug menu that has become a staple of so many Apple apps. And it turns out that it was there. Looking at the plist for iBooksX prefs:

defaults read com.apple.iBooksX

This shows that we can go ahead and deploy a key to suppress the welcome screen (nice little deployment note made there) and a few other things. But what I was looking for is that BKShowDebugMenu key

BKAlreadyDisplayedWelcomeExperience = 1;
"BKBookshelfCategoryManager~012384" = 1;
BKBookshelfViewControllerFilterAction = 5;
BKBookshelfViewControllerSortAction = 1;
BKShowDebugMenu = 0;
BKSimulateCrashDuringMigration = 0;
LibraryCountDate = "2013-11-03 03:26:26 +0000";

Let’s just turn that sucker on:

defaults write com.apple.iBooksX BKShowDebugMenu -boolean TRUE

And then viola, the next time iBooks opens there’s a nice little Debug menu. Here, I was able to click Migrate from iTunes again (the option in the File menu didn’t work for me) and before you know it, all the titles that didn’t migrate over the first time magically appeared.

Screen Shot 2013-10-26 at 10.27.06 PM

Hope this helps someone. Also, if you want to suppress the “welcome experience” in iBooks during deployment:

defaults write com.apple.iBooksX BKAlreadyDisplayedWelcomeExperience -boolean TRUE

Finally, if you’re looking for a key that you can use to verify that a computer has actually logged in with an iTunes account in iBooks (could be helpful for keying off things in scripts or whatever), note that a CachedStorefrontID key (and a couple of other cached keys) is created when iBooks accesses the store or an AppleID for the first time.