There aren’t any options in Lion Server’s Profile Manager to remove applications. There are a number of environments where this can be annoying. For example, if you are upgrading or maybe just accidentally upload an app that you don’t want people to see for the rest of the existence of the Profile Manager server. To see which applications have been installed and which have each id: psql -U krypted -d device_management -c "select * from public.ios_applications limit 1000 offset 0;" The above command is a standard psql command, as shown in a previous article I worked on in a previous post. But this time I’m injecting the SQL query into…
-
-
Working with Postgres from the Command Line in Lion Server
Mac OS X Server 10.7, Lion Server, comes with a few substantial back-end changes. One of these is the move from SQLite3 to PostgreSQL for many of the back-end databases, including Wiki and Podcast Producer (collab), Webmail (roundcubemail), iCal Server and Address Book Server (caldav) and as the back-end to the newest service in Lion Server, Profile Manager (device_management). As such, it’s now important to be able to use PostgreSQL the way we once used SQLite3, when trying to augment the data that these databases contains, as there currently aren’t a lot of options for editing this data (aside from manually of course). Postgres has a number of commands that…
-
Open Directory Requires 2 CPUs
I was recently experimenting with Parallels to run some Lion Server VMs and I must have wasted a couple of hours trying to get Lion Server up and running as a Profile Manager host in a VM. Then I had the good sense to complain to Arek Dreyer, who I’m guessing had complained to Andrina Kelly who had, well, answered the riddle. Apparently you need to enable a second core in order to promote to an Open Directory Master in Parallels. To enable said second CPU, open Parallels, go to the configure screen for the VM and then make sure CPUs is set to some number higher than 1. Who…
-
Dealing With Profile Manager Conflicts in Lion
Changing OS X Settings for Profiles bound to clients results in Managed Client changes (mcxread shows them) and inserts the info into Managed Client in this order: User Computer Computer Group Everyone User Group The data in the managed client attributes is replaced completely and not per-key. Installing profiles from the command line provides more information as to what is going on behind the scenes. Having said this, in some cases I can get a Provisioning Profile Validation: failed to read CMS (-25257) error when attempting to install the same profile a second time. In other cases it just fails if I try to run verbosely (in those cases it…
-
My OS X Server Book From O'Reilly On Amazon!
I usually don’t like to discuss books (except in person with friends/colleagues) very much until I have an ISBN number. Well, here it is! My next book is going to address what I consider the most important challenge to Apple Server nerds like myself: can a server really be installed off the app store with no technical skills? I also tackle the meaning of life (somewhere on page 42) in this book, but that’s not nearly as interesting a topic… I am about 80 percent done with it and it should be out within the next 5 to 6 weeks. One of the things that really impresses me about O’Reilly…
-
LoginWindow: PolicyBanners and Backgrounds
The Login Window in OS X is the screen you see while you’re typing in a username and password. There are a number of customizations used in some environments to make the system easier for users to use, or to make it more specific to a given user environment. One such is customizing the Login Window’s background, which can be done by replacing this file with one that you would like to use: /System/Library/PrivateFrameworks/LoginUIKit.framework/Versions/A/Frameworks/LoginUICore.framework/Versions/A/Resources/appleLinen.png You can also configure a message to be shown to users. This message, often referred to as an Acceptable Use Policy, can be used as a policy banner that users must accept in order to log…
-
Exporting Information From iPhone Configuration Utility
In a previous post I looked at automating iPhone and iPad deployment. There, we looked at the iPhone Configuration Utility. Now that Profile Manager is built into Mac OS X Server in Lion, and with the number of 3rd party MDM solutions on the market, many users of iPhone Configuration Utility are looking to extract information from it and move it into other places. Many of these places can import property lists. If you look at the file header for .mobileconfig and .deviceinfo files you’ll notice that they begin with the familiar: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"><dict> Given that .mobileconfig and .deviceinfo files…
-
Lion Server: Using Profile Manager's Debug Mode
I’ve seen a lot of traffic about people troubleshooting problems with Mac OS X Server’s new Profile Manager service. One of the more useful things in troubleshooting anything (including Profile Manager in Lion) is the debug mode. It’s easy to turn on, just run the following command from any Lion Server with Profile Manager installed: sudo defaults write /Library/Preferences/com.apple.ProfileManager debugMode 3 You will then get more information in the logs and be well armed to troubleshoot issues that arise in Mac OS X Server 10.7’s Profile Manager.