krypted.com

Tiny Deathstars of Foulness

One of my favorite things to do every year is head to Gothenburg to see Tycho, Patrik, and the rest of the wonderful country of Sweden (and city of Gothenburg). It’s a great city and Tycho does a great job to curate MacSysAdmin into an informative conference. And, the site is now live to buy your tickets for the 2016 event!

Screen Shot 2016-05-09 at 2.59.40 PM

It’s one of those conferences that sells out, so don’t wait too long to pick up your ticket! 🙂

May 10th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast, Mass Deployment

Tags: , , , ,

May 6th, 2016

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , , ,

A number of systems require you to use complex characters in passwords and passcodes. Here is a list of characters that can be used, along with the name and the associated unicode:

  •    (Space) U+0020
  • ! (Exclamation) U+0021
  • ” (Double quotes) U+0022
  • # (Number sign) U+0023
  • $ (Dollar sign) U+0024
  • % (Percent) U+0025
  • & (Ampersand) U+0026
  • ‘  (Single quotes) U+0027
  • ( (Left parenthesis) U+0028
  • ) (Right parenthesis) U+0029
  • * (Asterisk) U+002A
  • + (Plus) U+002B
  • , (Comma) U+002C
  • – (Minus sign) U+002D
  • . (Period) U+002E
  • / (Slash) U+002F
  • : (Colon) U+003A
  • ; (Semicolon) U+003B
  • < (Less than sign) U+003C (not allowed in all systems)
  • = (Equal sign) U+003D
  • > (Greater than sign) U+003E (not allowed in all systems)
  • ? (Question) U+003F
  • @ (At sign) U+0040
  • [ (Left bracket) U+005B
  • \ (Backslash) U+005C
  • ] (Right bracket) U+005D
  • ^ (Caret) U+005E
  • _ (Underscore) U+005F
  • ` (Backtick) U+0060
  • { (Left curly bracket/brace) U+007B
  • | (Vertical bar) U+007C
  • } (Right curly bracket/brace) U+007D
  • ~ (Tilde) U+007E

April 29th, 2016

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , ,

Use the following keys to do fun things when typing a command in bash (mostly keybindings):

  1. Use the up arrow to run the previous command
  2. Continue using the arrow to scroll to commands further in the history
  3. Use Control-r to search through your command history
  4. Control-w deletes the last word
  5. Control-u deletes the line you were typing
  6. Control-a moves the cursor to the beginning of the line
  7. Control-e moves the cursor to the end of the line
  8. Control-l clears the screen
  9. Control-b moves the cursor backward by a character
  10. Control-u moves the cursor forward by a character
  11. Control-_ is an undo
  12. “man readline” shows the bash keybindings (ymmv per OS)
  13. Tab completes an argument
  14. !! repeats the last command. Useful when using sudo in front of the last line from bash
  15. !$ repeats the last argument for a command
  16. $_ shows the last word from the previous command
  17. “cd -” is like a back button
  18. !!:p outputs the last command with arguments
  19. cd !!:* cd into the argument from the previous command
  20. Escape-. expands the argument from the last command
  21. pbcopy and pbpaste accesses the clipboard from Terminal
  22. Use ; to separate commands in a single line
  23. Use | to pipe output to another command
  24. Use > to send output to a new file, or >> to append output to the end of a file or < to bring input from a file
  25. “Open .” opens the current working directory in a Finder window

Enjoy!

March 21st, 2016

Posted In: Mac OS X, Mac OS X Server, Programming

Tags: , , , ,

There are two defaults keys that can be used to manage the recent places options in the OS X Finder. Both are in the .GlobalPreferences. The first is NSNavRecentPlaces and the second is NSNavRecentPlacesLimit.

The NSNavRecentPlacesLimit key limits the number of items that are stored in the list. To increase the default to, let’s say, 20, use the defaults command to set the NSNavRecentPlacesLimit key to an integer of 20:

defaults write .GlobalPreferences NSNavRecentPlacesLimit -int 20

Then use defaults to read the setting:

defaults read NSNavRecentPlacesLimit

You’ll need to “killall Finder” in order to see this in a Finder Save dialog. You can also inject items into the RecentPlaces array, called NSNavRecentPlaces, or delete the objects in the array. The array appears as follows:

NSNavRecentPlaces =     (
"~/Desktop",
"/Users",
"~/Desktop/Work",
"~/Documents",
"~/Desktop/Daneel"
);

You can set these using defaults write as well, writing the NSNavRecentPlaces as a list of quoted and comma separated values (note the ‘):

defaults write NSNavRecentPlaces = '("/test","/test2","/test3")';

Or, if you only want to clear the recent places list, delete the key:

defaults delete .GlobalPreferences NSNavRecentPlaces

March 11th, 2016

Posted In: Mac OS X, Mass Deployment

Tags: , , , , , , , ,

The LDIFDE utility exports and imports objects from and to Active Directory using the ldif format, which is kinda’ like csv when it gets really drunk and can’t stay on one line. Luckily, ldif can’t drive. Actually, each attribute/field is on a line (which allows for arrays) and an empty line starts the next record. Which can make for a pretty messy looking file the first time you look at one. The csvde command can be used to export data into the csv format instead. In it’s simplest form the ldifde command can be used to export AD objects just using a -f option to specify the location (the working directory that we’re running the ldifde command from if using powershell to do so or remove .\ if using a standard command prompt):

ldifde -f .\ADExport.ldf

This exports all attributes of all objects, which overlap with many in a target Active Directory and so can’t be imported. Therefore, you have to limit the scope of what you’re exporting, which you can do in a few ways. The first is to only export a given OU. To limit, you’ll define a dn with a -d flag followed by the actual dn of the OU you’re exporting and then you’d add a -p for subtree. In the following example we’ll export all of the objects from the sales OU to the SalesOUExport.ldf file:

ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -f .\SalesOUExport.ldf

Restoring objects still results in an error that the server is “Unwilling To Perform” the import because “The modification was not permitted for security reasons.” Basically, this just means “hey I’m not going to import into some of the fields that I know I have to reserve for objects managed by the system, such as creation date (whencreated), last changed date (whenchanged), etc. So we can take some of these and omit them from our export. You can use ADMT or just look at an ldif or csv file to determine which attributes from the schema that you think need to be omitted, but at a minimum it should include objectguid, uSNCreated, uSNChanged, whencreated and when changed (and a lot of the Exchange attributes if you’ve extended the schema for your forest). To omit use the -o and enclose the omitted attributes in parenthesis. In the following example, we’ll export to the SalesOUExportO.ldf file, and add the -o flag to the previous command:

ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -f .\SalesOUExportO.ldf

You can also omit using the -m flag, which includes only the essential attributes, so we’ll add that to the command as well:

ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -m -f .\SalesOUExportO.ldf

Use the -l option to limit the attributes being exported to only those specified.

The -r option restricts the export to a given category or class. For example, if we only wanted to export users, we can restrict to objectClass-User

ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -r "(objectClass=user)" -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -m -f .\SalesOUExportOM.ldf

Now I’m feeling like we have a good restricted set of data that we’re moving. Let’s go ahead and give importing a shot on a target server. To do so, we’ll just use -i to specify this is an import, followed by -k to say “don’t stop if you have a problem with just one record”, -f to define a file and -j to write a log. We’ll use the working directory for the file path and the log path, assuming this is being done by calling the .exe from within powershell:

ldifde -i -k -f .\SalesOUExportOM.ldf -j .\

Once complete, the exported objects should appear once you close and re-open Active Directory Users and Computers. You can also export one object, then programmatically create objects in an ldif file as needed by importing them into Active Directory using ldifde.

February 27th, 2016

Posted In: Active Directory

Tags: , , , , , , , ,

So you’re ready to write some software? Or test some cool stuff. Or build something awesome. You can use the CREATE DATABASE statement to get started, by creating a database. To do so is pretty easy, simply run that statement followed by a name for the database (called Customers):

CREATE DATABASE Customers;

Once you’ve created a database, it’s time to create tables, which can be done using the CREATE TABLE statement. The Syntax of that statement looks something like this, defining a set of columns, their data type and the size of the column (in the form of a maximum length), all wrapped in parenthesis with each column separated by a comma:

CREATE TABLE nameoftable
(
column datatype(size),
column datatype(size),
);

So to create the Customers table that we’ve been using through these articles, we’ll use the following SQL Statement:

CREATE TABLE Customers
(
ID integer(255),
Site varchar(255),
Contact varchar(255),
Address varchar(255),
City varchar(255),
Zip integer(255),
Country varchar(255),
);

Columns are created with data types. In the previous example, we named columns of integers and varchars. The available data types include the following:

  • CHARACTER: A string of characters using a defined length
  • VARCHAR: A variable length string of characters using a maximum length
  • BINARY: A binary string
  • BOOLEAN: TRUE or FALSE
  • VARBINARY: Binary string in a variable length, with a defined maximum length
  • INTEGER: A number with no decimals
  • SMALLINT: A 5 digit or less number with no decimals
  • BIGINT: A 19 digit or less number with no decimals
  • DECIMAL: Number with decimals
  • FLOAT: Floating number in base 10
  • REAL: Number
  • DOUBLEPRECISION: Approximate number
  • DATE: Year, month, and day in separated values
  • TIME: Hour, minute, and second in separated values
  • TIMESTAMP: Time in the form of year, month, day, hour, minute, and second
  • INTERVAL: A period of time
  • ARRAY: Ordered collection of data
  • MULTISITE: Unordered collection of data
  • XML: Stores XML

February 15th, 2016

Posted In: SQL

Tags: , , , , , , , , , , , , , , ,

Linux and OS X come with the makekey command installed, usually in /usr/libexec/makekey. You can use this binary to create /etc/passwd file entries of hashed passwords. To use the command, simply pipe some text into the command. Here, we’ll echo testpassword into makekey:

echo testpassword | /usr/libexec/makekey

And we’ll get a simple output, such as:

woNH11o4mqvAc

There are certainly other ways to do something like this, but when writing a script you may use in either a Linux or OS X environment, this is one place where you should have a modicum of success crossing platforms.

January 9th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , ,

Pretty much every script I’m working on these days must be run as root. Checking what user is running something is pretty straight forward, as there’s a built-in shell variable for $USER that contains the user running a script. To see this real quick, simply run the following:

echo $USER

You can then put this into your scripts. I’ve been using the same block of code for decades, which can be run in a script by itself if you’d like to paste this into one.

if [[ $USER != "root" ]]; then
echo "This script must be run as root"
else
echo "You are root"
exit 1
fi

Note: Keep in mind that the built-in $USER variable is case sensitive.

Obviously, most people won’t keep the lines that contain the else and you are root echo statements. You can just remove these or replace them with the meat of your script that requires elevated privileges to run. Enjoy.

December 21st, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Unix

Tags: , , , , , , , ,

Next Page »