Tiny Deathstars of Foulness

Looks like Sal et al posted a suite of Automator Actions to link the Casper Suite to Apple Configurator at In my limited tests so far they work pretty darn well!

Screen Shot 2016-07-14 at 12.09.27 PM

Some pretty cool things here, like having the JSS rename a mobile device when managed through Apple Configurator, having Apple Configurator instruct the JSS to remove a device from a group, clear passcodes, update inventory, and other common tasks involved in workflows when leveraging Apple Configurator for en masse device management. Good stuff!

July 14th, 2016

Posted In: Apple Configurator, iPhone, JAMF

Tags: , , , , , ,

I frequently write about adding entries in OS X Servers configuration database using serveradmin. But there are a lot of causes for various symptoms in OS X and trying some post of mine might end up biting you later, if it doesn’t fix your problem and you end up leaving the keys in place in OS X Server. Therefore, let’s look at something I might tell you to do, such as set a mail relay host from serveradmin:

serveradmin settings mail:postfix:smtp_auth_relay_dict:smtp_auth_relay_host =

Once the setting has been configured, you might want to get rid of it outright. Now, this one happens to be exposed in the GUI, so you could set it there. But that’s not really any fun. According to the man page, you should be able to delete the keys and array entries using delete as the payload. But this is one place where the man page is actually incorrect. Let’s test by using delete as the entry, as follows:

serveradmin settings mail:postfix:smtp_auth_relay_dict:smtp_auth_relay_host = delete

Run serveradmin settings for mail to list all the settings:

serveradmin settings mail

And you’ll note that the key is actually just like you typed in, where rather than expand to function as a “delete the key” command, delete becomes the actual payload as a string:

serveradmin settings mail:postfix:smtp_auth_relay_dict:smtp_auth_relay_host = "delete"

Many services have a corresponding property list that contains their settings. These are stored in /Library/Server in a Config directory nested inside the service name. So for example, settings for the mail service would be stored in /Library/Server/Mail/Config/MailServicesOther.plist. In the same folder is MailServicesOther.10.8.plist, which references the settings files for a few other services that help to make up the Mail service. Delete the array entry and you’ll have achieved your goal of removing the entry.

Some of the service configuration files are .config files instead of property lists. In those cases, look for the keys in the configuration file and restart after you change them, but make sure to check that the changes took as many times you might have something else you need to do. I frequently use fsevents to see which configuration file I’m editing when I run a command in serveradmin and then find the correct value in the plist that I’ve altered once I’ve changed something in serveradmin. Overall, the man page illustrates the most desirable way to delete custom entries. However, in the absence of this working, it’s worth noting other ways to achieve the same result.

July 4th, 2012

Posted In: Mac OS X Server

Tags: , , , , , ,

When you are configuring ExtremeZ-IP as a print server, you will need to set up and configure each printer. However, if you already have setup and configured printer queues for the Windows server, you can import existing queues into ExtremeZ-IP. This can be done programatically via the ExtremeZ-IP EZIPUTIL command line tool.

EZIPUTIL has a number of options, whereby the SERVER option is used to configure global settings for ExtremeZ-IP, VOLUME is used to create, edit and delete print queues and PRINT is used to manage shared print queues. Each of the options also has a number of switches for the feature(s) that are being managed. These are structured as standard switches that are used in Windows batch scripting. The /IMPORT switch can be used to import print queues. By defining the WINDOWS setting for the import, you will recreate all printer queues from Windows. This command would look like the following:


Once the command has been completed, you can then list printer queues using the /LIST switch:


Once you have created printer queues you will often end up needing to remove a queue or three. To remove a printer queue, you will use the /REMOVE switch along with a /NAME switch to specify the printer queue that you are removing. For example, to remove a queue called Accounting_499 you would use the following command:


The VOLUME option has a similar feature in the /REPLICATE_SMB switch, which allows you to replicate existing SMB/CIFS shares:


The /REMOVE switch can also be used with the VOLUME option. If you have created volumes you can also remove those from the command line. For example, to remove a shared volume called Accounting_Files, you would use the following command:


March 1st, 2011

Posted In: Mac OS X Server, Mass Deployment, Network Infrastructure, Windows Server

Tags: , , , , , , , ,

In a number of environments, where SMB, AFP and other file sharing protocols are used with Mac OS X, Windows and Linux clients, there are a number of hidden files that Mac OS X leaves behind. For anyone who has managed an environment like this you’re likely to notice the .DS_Store files and potentially even have tried taking measures to get rid of them. However, try as you might they’re likely to have come back repeatedly. But you don’t have to live with them.

You can tell your Windows clients not to show hidden files.  From Windows XP, open an explorer.exe window (Windows Explorer, also accessible by browsing any folder on the hard drive) and from here click on the View tab and then click on Do not show hidden files and folders.  For Vista and up, click on the Folder Options control panel and then choose the View tab and then click on Do not show hidden files and folders.

But if this is proving unwieldy then you can tell each Mac OS X user account not to make them.  This isn’t to say that you should – this is how Mac OS X tracks the view and icon placements of a folder.  But if you need to get rid of them you need to get rid of them…  To do so you’re going to create a file called in the ~/Library/Preferences of each user account that contains the following:

DSDontWriteNetworkStores = true;

The easiest way to go about this is to simply run the following command for each user on each system:

defaults write DSDontWriteNetworkStores true

You can use the as a managed preference, or for future users you can also go ahead and add the file to the user template by dropping it into /System/Library/User Template/English.lproj/Library/Preferences.

While this will keep new .DS_Store files from being generated on network volumes (aka NetworkStores) it will not do so for local volumes, including those on an Xsan (since Xsan volumes are basically interpreted by the finder as a local volume in this context).  It’s also worth noting that you’ll probably need to reboot after you run these commands.

Once you’ve disabled the creation of new .DS_Store files you’ll more than likely want to eliminate the ones that are already on your volume.  To do so, you can use the find command in conjunction with the -name flag and -exec flag followed by rm as follows (replacing /path/to/share with the path to your actual share):

find /path/to/share -name .DS_Store -exec rm {} ;

For the above command to process correctly you’ll need the account it’s run as to be able to access files in all folders of the tree where a .DS_Store file may exist.  If you find that new .DS_Store files are created after this is all complete, then look at the owner of the new files.  Typically you’ll find a user account was skipped and it’s the user who is listed as the owner of the new .DS_Store files.

May 24th, 2009

Posted In: Mac OS X, Mac OS X Server, Mass Deployment, Ubuntu, Unix, Xsan

Tags: , , , , , , , , ,

For some reason the uninstaller from Symantec doesn’t work in removing Norton (NAV 10). My guess, without delving into their uninstaller too deeply is that they ran into what I ran into, which is that the* processes are prefixed by a bracketed alphanumeric sequence. To get around this I listed them and used grep to grab each one, then awk to grab the label and did a launchctl stop against the label name once I had it. The rest of this script is pretty straight forward forcing the rm of each of the contents of the items from the snapshot plus the items from the pkg BoM.  Here’s the script, or you can download it here:

#! /bin/bash
launchctl stop `launchctl list | grep | awk ‘{print $3}’`
launchctl stop `launchctl list | grep | awk ‘{print $3}’`
launchctl stop `launchctl list | grep | awk ‘{print $3}’`
launchctl stop `launchctl list | grep | awk ‘{print $3}’`
kextunload -b com.Symantec.SymEvent.kext
kextunload -b com.Symantec.SymOSXKernelUtilities.kext
kextunload -b com.Symantec.kext.KTUM
rm /etc/liveupdate.conf
rm /etc/Symantec.conf
rm /usr/bin/symsched
rm /usr/bin/navx
rm ~/Library/Preferences/com.Symantec.Scheduler.plist
rm /Users/Shared/snorosx
rm -rfd /Library/Contextual Menu Items/NAVCMPlugin.plugin
rm -rfd /Applications/Symantec Solutions
rm -rfd /Applications/Norton AntiVirus
rm -rfd /Library/Receipts/NAVContextualMenu.pkg
rm -rfd /Library/Receipts/NAVEngine.pkg
rm -rfd /Library/Receipts/Norton AntiVirus.pkg
rm -rfd /Library/Receipts/SymEvent.pkg
rm -rfd /Library/Receipts/SymOSXKernelUtilities.pkg
rm -rfd /Library/Receipts/NortonQuickMenu.pkg
rm -rfd /Library/Receipts/SymSharedFrameworks.pkg
rm -rfd /Library/Receipts/Norton AutoProtect.pkg
rm -rfd /Library/Recepits/Symantec Scheduled Scans.pkg
rm -rfd /Library/Recepits/Symantec Scheduled Scans.pkg
rm -rfd /Library/Recepits/Symantec Scheduled Scans.pkg
rm -rfd /Library/Receipts/navx.pkg
rm -rfd /Library/Receipts/LiveUpdate.pkg
rm -rfd /Library/Receipts/Symantec Scheduler.pkg
rm -rfd /Library/Receipts/Stuffit.pkg
rm -rfd /Library/Receipts/SymInstallExtras.pkg
rm -rfd /Library/Receipts/SymHelpScripts.pkg
rm -rfd /Library/Receipts/SymantecUninstaller.pkg
rm -rfd /Library/Receipts/Symantec Alerts.pkg
rm -rfd /Library/Application Support/Norton Solutions Support
rm /Library/Application Support/NAV.history
rm -rfd /Library/Application Support/Symantec
rm -rfd /Library/PreferencePanes/SymantecQuickMenu.prefPane
rm -rfd /Library/PreferencePanes/APPrefPane.prefPane
rm -rfd /Library/PrivateFrameworks/SymAppKitAdditions.framework
rm -rfd /Library/PrivateFrameworks/SymBase.framework
rm -rfd /Library/PrivateFrameworks/SymNetworking.framework
rm -rfd /Library/PrivateFrameworks/SymSystem.framework
rm -rfd /Library/PrivateFrameworks/SymScheduler.framework
rm -rfd /Library/StartupItems/NortonAutoProtect
rm -rfd /Library/StartupItems/NortonMissedTasks
rm -rfd /Library/Documentation/Help/Norton Help Scripts
rm -rfd /Library/Widgets/Symantec Alerts.wdgt
rm -rfd /System/Library/Extensions/SymEvent.kext
rm -rfd /System/Library/Extensions/SymOSXKernelUtilities.kext
rm -rfd /System/Library/Extensions/KTUM.kext
rm /System/Library/Extensions.mkext.NxdE

Oh, since most everything I do on this site requires elevated privileges I usually forget to mention it, but this script will require those…

May 5th, 2009

Posted In: Mac OS X, Mac Security, Mass Deployment

Tags: , , , , ,