Tiny Deathstars of Foulness

In case your Mac just isn’t emo enough for ya’, Apple’s provided us a cool little new feature in Yosemite called dark mode. No, this won’t cause Hellboy to leap forth from your MacBook Air. Well, maybe he’ll visit your MacBook Pro, but I haven’t tested that so please don’t quote me on that. Instead, you’ll get the nice new dark menu bar:

Screen Shot 2015-09-10 at 10.41.10 PM

But that’s not all folks! Your dock will also get all dark and gothy!

Screen Shot 2015-09-10 at 10.41.29 PM

To turn it on, just open the General System Preference pane and check the box for “Use dark menu bar and Dock”.

Screen Shot 2015-09-10 at 10.42.23 PM

Enjoy! Oh, and if that’s not emo enough for you feel free to watch this sad emo love song video (yes, I googled for “sad emo” to find it; no, it’s not bookmarked; yes, I bought eyeliner after watching it; yes, then my high school self time travelled to present day and kicked the crap out of me; yes, I thanked him).

October 5th, 2015

Posted In: Mac OS X

Tags: , , , , , ,

Leave a Comment

DNS is DNS. And named is named. Except in OS X Server. Sometimes. The configuration files for the DNS services in OS X Server are stored in /Library/Server/named. This represents a faux root of named configuration data, similar to how that configuration data is stored in /var/named on most other platforms. Having the data in /Library/Server/ makes it more portable across systems. The current version of BIND is 9.9.7-P2.

Traditionally, you would edit this configuration data by simply editing the configuration files, and that’s absolutely still an option. In OS X Server 5 (for El Capitan and Yosemite), a new command is available at /Applications/ called dnsconfig. The dnsconfig command appears simple at first. However, the options available are actually far more complicated than they initially appear. The verbs available include help (show help information), list (show the contents of configurations and zone files), add (create records and zones) and delete (remove records and zones).

To view data available in the service, use the list verb. Options available when using the list verb include –acl (show ACLs), –view (show BIND view data), –zone (show domains configured in the service), –rr (show resource records) and –rrtype (show types of resource records). For example, let’s say you have a domain called pretendco.lan and you would like to view information about that zone. You could use the dnsconfig command along with the list verb and then the –zone option and the domain name:

/Applications/ list --zone=pretendco.lan

The output would show you information about the listed zone, usually including View data:

allow-transfer: none
allow-update: none 

To see a specific record, use the –rr option, followed by = and then the fqdn, so to see ecserver.pretendco.lan:

/Applications/ list --rr=ecserver.pretendco.lan

By default views are enabled and a view called is created when the DNS server first starts up. You can create other views to control what different requests from different subnets see; however, even if you don’t create any views, you’ll need to add the –view option followed by the name of the view (– to any records that you want to create. To create a record, use the add verb. You can add a view (–view), a zone (–zone) or a record (–rr). Let’s start by adding a record to the pretendco.lan from our previous example. In this case we’ll add an A record called www that points to the IP address of

/Applications/ add --zone=pretendco.lan --rr=www A

You can add a zone, by providing the –view to add the zone to and not providing a –rr option. Let’s add krypted.lan:

/Applications/ add --zone=krypted.lan

Use the delete verb to remove the data just created:

/Applications/ delete --zone=krypted.lan

Or to delete that one www record earlier, just swap the add with a delete:

/Applications/ delete --zone=pretendco.lan --rr=www A

Exit codes would be “Zone krypted.lan removed.” and “Removed 1 resource record.” respectively for the two commands. You can also use the –option option when creating objects, along with the following options (each taken as a value followed by an =, with this information taken by the help page):

  • allow-transfer Takes one or more address match list entry. Address match list entries consist of any of these forms: IP addresses, Subnets or Keywords.
  • allow-recursion Takes one or more address match list entry.
  • allow-update Takes one or more address match list entry.
  • allow-query Takes one or more address match list entry.
  • allow-query-cache Takes one or more address match list entry.
  • forwarders Takes one or more IP addresses, e.g.
  • directory Takes a directory path
  • tkey-gssapi-credential Takes a kerberos service principal
  • tkey-domain Takes a kerberos realm
  • update-policy Takes one complete update-policy entry where you can grant or deny various matched objects and specify the dentity of the user/machine that is allowed/disallowed to update.. You can also identify match-type (Type of match to be used in evaulating the entry) and match-name (Name used to match) as well as rr-types (Resource record types that can be updated)

Overall, this command is one of the better updates we’ve seen from Apple when it comes to managing DNS in a long time. It shows a commitment to continuing to make the service better, when you add records or remove them you can instantly refresh the Server app and see the updates. It’s clear a lot of work went into this and it’s a great tool for when you’re imaging systems and want to create records back on a server or when you’re trying to script the creation of a bulk list of records (e.g. from a cached file from a downed host). It also makes working with Views as easy as I’ve seen it in most platforms and is overall a breeze to work with as compared to using the serveradmin command to populate objects so the GUI doesn’t break when you update records by hitting files directly.

October 5th, 2015

Posted In: Mac OS X Server

Tags: , , , , , , , ,

Leave a Comment

One of the easiest things to do in OS X is to remotely run an installation package using the installer command. You can do some similar tasks in Windows, although the commands aren’t quite as cut and dry. The Start-Process command can be used to kick off an executable. Here, we will kick off the msiexec.exe and feed it an argument, which is the msi file to install silently. We’ll then wait for it to complete:

{Start-Process -FilePath "msiexec.exe" -ArgumentList "/i TEST.msi /qb" -Wait -Passthru}

August 19th, 2015

Posted In: Windows Server, Windows XP

Tags: , , , , ,

The serveradmin command has an option to run commands. I’ve talked about these in past articles, for doing tasks like asking how many concurrent NFS connections are open on a host. Well, here’s another, and it’s a simple command. Here, we’re going to look at whether the Open Directory server has a CA. To do so, we’ll use the serveradmin command, along with the command verb. Then, we’ll add the certs option, followed by command= and then the payload of the command. In this case that’s isODCAPresent:

sudo serveradmin command certs:command = isODCAPresent

This is a simple, informational command, similar to the web:command of getSites or the mail:command of getConnectedUsers. Enjoy!

July 8th, 2015

Posted In: Mac OS X, Mac OS X Server, Mass Deployment

Tags: , , , , , , ,

The serverctl command can be used to start and stop services in OS X Server. Use serverctl with a list verb to show a list of services:

serverctl list

Grab a service (without the quotes) and feed it back into serverctl with the enable option and a service= option to identify the service:

serverctl enable

Or disable, using the disable verb:

serverctl disable

July 2nd, 2015

Posted In: Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , ,

From Take Control:

Apple Mail. It’s hard to get by on a Mac or iOS device without it. But living with Mail can be a recipe for hair-pulling frustration, whether because of connection failures caused by Mail’s mysteriously unreliable automatic settings detection or trying to figure out the difference between long and short swipes in the iOS version. No one knows more about Mail than Joe Kissell, and he has distilled his most important advice into the second edition of “Take Control of Apple Mail,” now completely revised and updated to explain Mail in 10.10 Yosemite and iOS 8. 183 pages of goodness is only $15.

Point others here >

Apple’s Pages word processor built a loyal following because it wasn’t Microsoft Word, but Apple threw us a curveball with the release of Pages 5 for the Mac and Pages 2 for iOS, removing numerous features and shuffling the interface around. Michael Cohen has spent the last year spelunking through the depths of Pages on the Mac, in iOS, and in iCloud to ferret out what has changed, how to accomplish both everyday and complex word processing and layout tasks, and the best ways to work back and forth in all three versions of Pages via iCloud Drive in Yosemite and iOS 8. At 266 pages, “Take Control of Pages” comprehensively documents what you want to do in Pages for $20.

Point others here >

Thank you for your support of the Take Control series, and may all your wishes comes true this holiday season!

December 19th, 2014

Posted In: Articles and Books

Tags: , , ,

Thanks to all the awesome work from Adam and Tanya Engst, Tidbits announced today that my Take Control of OS X Server is now available! To quote some of the Tidbits writeup:

Some projects turn out to be harder than expected, and while Charles Edge’s “Take Control of OS X Server” was one of them, we’re extremely pleased to announce that the full 235-page book is now available in PDF, EPUB, and Mobipocket versions to help anyone in a home or small office environment looking to get started with Apple’s OS X Server.

As you’ll likely remember, we published this book chapter by chapter for TidBITS members, finishing it in early September (see “‘Take Control of OS X Server’ Streaming in TidBITS,” 12 May 2014). Doing so got the information out more quickly, broke up the writing and editing effort, and elicited reader comments that helped us refine the text.

Normally, we would have moved right into final editing and published the book quickly, but from mid-September on, our attention has been focused on OS X 10.10 Yosemite, iOS 8, and our new Take Control Crash Course series. We were working non-stop, and while we wanted to release “Take Control of OS X Server,” we felt it was more important to finish the books about Apple’s new operating systems for the thousands of people who rely on Take Control for technical assistance.

During that time, we had the entire book copyedited by Caroline Rose, who’s best known for writing and editing Inside Macintosh Volumes I through III at Apple and being the editor in chief at NeXT. Plus, we went over the book carefully to ensure that it used consistent terminology and examples, optimized the outline, and improved many of the screenshots.

The main problem with this delay was that Apple has now updated OS X Server from version 3.2.2 (Mavericks Server, which is what we used when writing the book) to 4.0 (Yosemite Server, which is all that works in Yosemite). Updating the book for Yosemite Server would delay it even longer. Luckily for us, veteran system administrators say that you should never upgrade OS X Server on a production machine right away. And even luckier, the changes in Yosemite Server turn out to be extremely minor (a sidebar in the Introduction outlines them), so those who want to get started now can use the instructions in the book with no problem. It’s also still possible to buy Mavericks Server and install it on a Mac running Mavericks, as long as you have the right Mac App Store link from the book. We are planning to update the book for Yosemite Server (which mostly involves retaking screenshots and changing the “mavserver” name used in examples) in early 2015 — it will be a free update for all purchasers.

Screen Shot 2014-11-24 at 7.59.44 PM

You can find out more about the book at An update will be due out in early 2015, so stay tuned for more!

November 24th, 2014

Posted In: Articles and Books, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , ,

Configuring Calendar Server in Yosemite Server is a fairly simple and straight forward process. The Calendar Server is a CalDAV Server, leveraging HTTP and HTTPS, running on ports 8008 and 8443 respectively. To enable the Calendar service in Yosemite Server, open the Server application and click on Calendar in the SERVICES section of the sidebar.


Once open, click on Edit to enable email notifications of invitations in the Calendar Server. Provide the email address and then click on the Next button.


At the Configure Server Email Address screen, provide the type of incoming mail service in use, provide the address of the mail server and then the port number used, if not a standard port for HTTPS-based IMAP (or POP if you’d prefer), the user name and the valid password for the account. Then click on the Next button.


At the outgoing mail server screen, provide the Outgoing Mail Server address, the port, whether or not SSL is in use (it should be if possible), the password protocol, the user name and the password. Then click on the Next button.


At the Mail Account Summary screen, review the settings and if correct, click Finish. Back at the service configuration screen, click on the plus sign (“+”) and provide a type of location, an address, a delegate, a name for the location, whether or not invitations to the resource are accepted and then enter the account name for any accounts that can manage the location’s calendar (they will auto-complete, so there’s no need to remember users and groups exactly). Click Done to complete the setup. Use the Resource setting in type to configure a resource instead of a location. The two are the same, except the Type field.


There are a number of settings that can also be configured. But those are exposed only at the command line. To configure them, open the command line and then review the list of Calendar service settings using the list option of the serveradmin command:

sudo serveradmin settings calendar

There are a number of settings for the Calendar service, including the following:

calendar:SSLCertificate = "/etc/certificates/Server Fallback SSL Certificate.11C002258ECABBFB37846C9B0CEA59391D4759AD.cert.pem"
calendar:EnableCalDAV = yes
calendar:Notifications:Services:APNS:CardDAV:CertificatePath = "/Library/Server/Calendar and Contacts/Config/Certificates/"
calendar:Notifications:Services:APNS:CardDAV:PrivateKeyPath = "/Library/Server/Calendar and Contacts/Config/Certificates/"
calendar:Notifications:Services:APNS:CardDAV:AuthorityChainPath = "/Library/Server/Calendar and Contacts/Config/Certificates/"
calendar:Notifications:Services:APNS:CalDAV:CertificatePath = "/Library/Server/Calendar and Contacts/Config/Certificates/"
calendar:Notifications:Services:APNS:CalDAV:PrivateKeyPath = "/Library/Server/Calendar and Contacts/Config/Certificates/"
calendar:Notifications:Services:APNS:CalDAV:AuthorityChainPath = "/Library/Server/Calendar and Contacts/Config/Certificates/"
calendar:Notifications:Services:APNS:Enabled = yes
calendar:SSLAuthorityChain = "/etc/certificates/Server Fallback SSL Certificate.11C002258ECABBFB37846C9B0CEA59391D4759AD.chain.pem"
calendar:DefaultLogLevel = "warn"
calendar:Authentication:Digest:Enabled = yes
calendar:Authentication:Digest:AllowedOverWireUnencrypted = yes
calendar:Authentication:Kerberos:Enabled = yes
calendar:Authentication:Kerberos:AllowedOverWireUnencrypted = yes
calendar:Authentication:Wiki:Enabled = yes
calendar:Authentication:Basic:Enabled = yes
calendar:Authentication:Basic:AllowedOverWireUnencrypted = no
calendar:ServerHostName = ""
calendar:Scheduling:iMIP:Sending:UseSSL = yes
calendar:Scheduling:iMIP:Sending:Server = ""
calendar:Scheduling:iMIP:Sending:Address = ""
calendar:Scheduling:iMIP:Sending:Username = "admin"
calendar:Scheduling:iMIP:Sending:Password = "Mitroae123"
calendar:Scheduling:iMIP:Sending:Port = 465
calendar:Scheduling:iMIP:Enabled = yes
calendar:Scheduling:iMIP:Receiving:UseSSL = yes
calendar:Scheduling:iMIP:Receiving:Server = ""
calendar:Scheduling:iMIP:Receiving:Type = "imap"
calendar:Scheduling:iMIP:Receiving:Username = "krypted"
calendar:Scheduling:iMIP:Receiving:Password = "Mitroae123"
calendar:Scheduling:iMIP:Receiving:Port = 993
calendar:DataRoot = "/Library/Server/Calendar and Contacts/Data"
calendar:EnableCardDAV = no
calendar:SSLPort = 8443
calendar:LogLevels = _empty_dictionary
calendar:DirectoryAddressBook:params:queryUserRecords = no
calendar:DirectoryAddressBook:params:queryPeopleRecords = no
calendar:SSLPrivateKey = "/etc/certificates/Server Fallback SSL Certificate.11C002258ECABBFB37846C9B0CEA59391D4759AD.key.pem"
calendar:EnableSSL = yes
calendar:RedirectHTTPToHTTPS = yes
calendar:EnableAPNS = yes
calendar:EnableSearchAddressBook = no
calendar:HTTPPort = 8008

One of the more common settings to configure is the port number that CalDAV runs on. To configure HTTP:

sudo serveradmin settings calendar:HTTPPort = 8008


sudo serveradmin settings calendar:SSLPort = 8443

You can then start the service using the start option:

sudo serveradmin start calendar

Or to stop it:

sudo serveradmin stop calendar

Or to get the status:

sudo serveradmin fullstatus calendar

Full status indicates that the three services are running:

calendar:readWriteSettingsVersion = 1
calendar:setStateVersion = 1
calendar:state = "RUNNING"
calendar:contactsState = "RUNNING"
calendar:calendarState = "RUNNING"

Once the Calendar server is configured, use the Calendar application to communicate with the server. Open the Calendar application and click on the Calendar menu and select Preferences. From the Preferences screen, click on Accounts to bring up a list of accounts. Here, click on the plus sign (“+”) to bring up the “Add an Account” screen.


At the “Add an Account” screen, select Add CalDAV Account.


CalDAV from the Account Type menu and then enter the User Name and password configured on the server, and add the address of the server if you don’t have any service records pointing to the server. The User Name is usually the name provided in Server app, followed by @ and then the address of the server.


Once the server is configured it appears in the list of accounts in the sidebar of the Calendar app. Create calendars in the account and then to share a calendar, right-click on the calendar and click on Share Calendar…


At the Share Calendar screen, provide the name the calendar should appear as to others and click on the plus sign (“+”) and enter any accounts to delegate administration to.


Back at the Calendar Settings screen, use the settings to configure Availability and refresh rate of calendars, as seen above. Click on Server Settings to assign custom port numbers.


Click on the Delegation tab to view any accounts you’ve been given access to.


Use the Edit button to configure who has delegated access to calendars, as opposed to configuring subscriptions.

Overall, the Calendar service in Yosemite Server is one of the easiest to configure. Most of the work goes into settings configured on client systems. This, as with Exchange, dedistributes administration, often making administration more complicated than with many other tools. But that’s a good thing; no one wants to access other peoples accounts, for calendars or mail for that matter, without those users knowing that it was done, as will happen when resetting passwords…

October 16th, 2014

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , , , , ,

The NetBoot service allows administrators of OS X computers to leverage images hosted on a server to boot computers to a central location and put a new image on them, upgrade them and perform automations based on upgrades and images. Since the very first versions of OS X, the service has been called NetBoot. In the Server app, Apple provides a number of options surrounding the NetInstall service, based on Automator-style actions, now calling the service NetInstall.

The first step to configuring the NetInstall service is to decide what you want the service to do. There are three options available in System Image Utility (available under the Tools menu of the Server app in OS X Server):

  • Create a NetBoot Image: Allows Macs to boot over the network to a disk image hosted on a server.
  • Create a NetInstall Image: Leverage NetBoot as a boot disk so that an image hosted on a server can be used to run an OS X installer.
  • Create a NetRestore Image: Leverage NetBoot as a boot disk so that you can restore a computer that has been configured over a network. Use this option to restore an image that has been prepared.

For the purposes of this example, we’re going to use an OS X Yosemite (10.10) installer running Server 3 to boot an OS X computer over the network. The first step in doing so is to create a Network Disk Image of 10.10, or the 10.10 installation media (which is the Install OS X Yosemite bundle for this example). Before setting it up, download the Install OS X Yosemite installer app into the /Applications directory from the App Store.

To then set up the NetBoot disk image (you can’t start the NetInstall service until you give it an image to serve), often referred to as the NetBoot set, open the Server app and then click on System Image Utility from the Tools menu of OS X.


When System Image Utility opens, click on the Install OS X Yosemite entry in the list of available sources. Then, in the list of options, click on NetInstall Image and then click on the Continue button.


At the Image Settings screen, enter the name the NetBoot set will have in the Network Disk field. Then, enter a description of what is on the NetBoot set in the Description field. If the image will be served from multiple servers, check the box for “Image will be served from more than one server.”
Then provide an account name, short name and password in the Image Settings screen. Once provided, click Create to generate the Network Disk Image.


When prompted, click on the Agree button to accept the licensing agreement.


Then, when prompted, select a location to store the Disk Image, provide any tags to be applied to the files that comprise the image and click on Save.


The computer will then start creating the NetBoot set. Once finished, it’s time to set up the NetInstall service in OS X Yosemite Server. To get started, go back to the Server app.


First, define which disk will host NetBoot Images. To do so, click on the Edit Storage Settings button. At the Storage Settings overlay, select the volume that Images will be hosted as well as the volume that Client Data will be hosted. The Image is what you are creating and the Client Data is dynamic data stored in images.


If you only have one disk, as in this example, click on “Images & Client Data” for that disk. Then click on the OK button. Once you’ve selected a disk to store your image, we need to copy the disk image into the Library/NetBoot/NetBootSP0 folder of the disk used for images. Once in the appropriate folder, click on the Edit button for the Enable NetInstall on: field


Check the box for the interface you want to serve images over (if you only have one then it’s pretty obvious which interface this will be. Click on the OK button to save your settings. Then, click on the Images tab.


Each server can host multiple images. The Images tab displays a list of NetBoot images stored in the Library/NetBoot/NetBootSP0 directory. By default, images have a red indicator light. This means they’re not being served over any specific protocol yet. Double-click on an image.


At the image settings screen, check the box for “Make available over” and for many environments, select NFS as the protocol. Note, you can also restrict access to the image to certain models of Apple computers and/or certain MAC addresses by using the “Image is visible to” and “Restrict access to this images” options respectively. Additionally, use the Make this image available for diskless booting option to allow computers without hard drives to boot to the image.


Click on the Done button and the image will appear as green in the list of images. Click on the image and then click on the cog-wheel icon. Click on “Use as Default Boot Image” to set an image to be the default images computers boot to when booting to NetBoot. Now, it’s as easy as clicking on the ON button. Do so to start the service.


Once started, open a Terminal window. Here, let’s get a status of the service using the serveradmin fullstatus option (along with the service name, which is still netboot from the command line):

sudo serveradmin fullstatus netboot

The output of which shows the various components, logs and states of components:

netboot:state = “RUNNING”
netboot:stateTFTP = “RUNNING”
netboot:readWriteSettingsVersion = 1
netboot:netBootConnectionsArray = _empty_array
netboot:logPaths:netBootLog = “/var/log/system.log”
netboot:dhcpLeasesArray = _empty_array
netboot:stateDHCP = “STOPPED”
netboot:stateHTTP = “RUNNING”
netboot:serviceCanStart = 0
netboot:timeOfSnapshot = “2014-10-07 18:39:33 +0000″
netboot:stateNFS = “RUNNING”
netboot:stateImageArray:_array_index:0:_array_index:0 = 0
netboot:stateImageArray:_array_index:0:_array_index:1 = 0
netboot:stateImageArray:_array_index:0:_array_index:2 = 0
netboot:stateImageArray:_array_index:0:_array_index:3 = 0
netboot:stateImageArray:_array_index:0:_array_index:4 = 2
netboot:stateImageArray:_array_index:1:_array_index:0 = 0
netboot:stateImageArray:_array_index:1:_array_index:1 = 0
netboot:stateImageArray:_array_index:1:_array_index:2 = 0
netboot:stateImageArray:_array_index:1:_array_index:3 = 0
netboot:stateImageArray:_array_index:1:_array_index:4 = 2
netboot:stateImageArray:_array_index:2:_array_index:0 = 0
netboot:stateImageArray:_array_index:2:_array_index:1 = 0
netboot:stateImageArray:_array_index:2:_array_index:2 = 0
netboot:stateImageArray:_array_index:2:_array_index:3 = 0
netboot:stateImageArray:_array_index:2:_array_index:4 = 2
netboot:stateImageArray:_array_index:3:_array_index:0 = 0
netboot:stateImageArray:_array_index:3:_array_index:1 = 0
netboot:stateImageArray:_array_index:3:_array_index:2 = 0
netboot:stateImageArray:_array_index:3:_array_index:3 = 0
netboot:stateImageArray:_array_index:3:_array_index:4 = 2
netboot:servicePortsRestrictionInfo = _empty_array
netboot:netBootClientsArray = _empty_array
netboot:servicePortsAreRestricted = “NO”
netboot:setStateVersion = 1
netboot:startedTime = “”
netboot:stateAFP = “RUNNING”

And to start the service when not running:

sudo serveradmin start netboot

There are also a number of settings available at the command line that are not in the graphical interface. For example, to allow writing to the NetBoot share:

sudo serveradmin settings netboot:netBootStorageRecordsArray:_array_index:0:readOnlyShare = no

Or to get more verbose logs:

sudo serveradmin settings netboot:logging_level = “HIGH”

To stop the service:

sudo serveradmin stop netboot

In the beginning of this article, I mentioned that ways to configure NetInstall images. I’ll cover NetInstall and NetRestore in later articles as they tend to be more involved workflow-wise than copying a volume into a Network Disk Image. But to end this one, many an old-school admin might wonder where all the settings went that used to be in the GUI. Well, serveradmin still maintains a lot of the older stuff. To see a list of all available settings, run serveradmin with the settings verb and then netboot:

sudo serveradmin settings netboot

If there was a feature you want to use (e.g. maximum users), you should see it in the resultant list:

netboot:netBootFiltersRecordsArray = _empty_array
netboot:netBootStorageRecordsArray:_array_index:0:sharepoint = yes
netboot:netBootStorageRecordsArray:_array_index:0:clients = yes
netboot:netBootStorageRecordsArray:_array_index:0:volType = “hfs”
netboot:netBootStorageRecordsArray:_array_index:0:okToDeleteSharepoint = no
netboot:netBootStorageRecordsArray:_array_index:0:readOnlyShare = no
netboot:netBootStorageRecordsArray:_array_index:0:path = “/”
netboot:netBootStorageRecordsArray:_array_index:0:okToDeleteClients = yes
netboot:netBootStorageRecordsArray:_array_index:0:volName = “Yos”
netboot:netBootStorageRecordsArray:_array_index:1:sharepoint = yes
netboot:netBootStorageRecordsArray:_array_index:1:clients = yes
netboot:netBootStorageRecordsArray:_array_index:1:volType = “hfs”
netboot:netBootStorageRecordsArray:_array_index:1:okToDeleteSharepoint = yes
netboot:netBootStorageRecordsArray:_array_index:1:readOnlyShare = no
netboot:netBootStorageRecordsArray:_array_index:1:path = “/Volumes/Base_Image”
netboot:netBootStorageRecordsArray:_array_index:1:okToDeleteClients = yes
netboot:netBootStorageRecordsArray:_array_index:1:volName = “Base_Image”
netboot:netBootStorageRecordsArray:_array_index:2:sharepoint = yes
netboot:netBootStorageRecordsArray:_array_index:2:clients = yes
netboot:netBootStorageRecordsArray:_array_index:2:volType = “hfs”
netboot:netBootStorageRecordsArray:_array_index:2:okToDeleteSharepoint = yes
netboot:netBootStorageRecordsArray:_array_index:2:readOnlyShare = no
netboot:netBootStorageRecordsArray:_array_index:2:path = “/Volumes/New Volume 1″
netboot:netBootStorageRecordsArray:_array_index:2:okToDeleteClients = yes
netboot:netBootStorageRecordsArray:_array_index:2:volName = “New Volume”
netboot:netBootPortsRecordsArray:_array_index:0:deviceAtIndex = “en3″
netboot:netBootPortsRecordsArray:_array_index:0:isEnabledAtIndex = yes
netboot:netBootPortsRecordsArray:_array_index:0:nameAtIndex = “USB Ethernet”
netboot:logging_level = “MEDIUM”
netboot:filterEnabled = no
netboot:netBootImagesRecordsArray:_array_index:0:imageType = “netboot”
netboot:netBootImagesRecordsArray:_array_index:0:IsInstall = no
netboot:netBootImagesRecordsArray:_array_index:0:Kind = “1”
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:0 = “iMac10,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:1 = “iMac11,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:2 = “iMac11,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:3 = “iMac11,3″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:4 = “iMac12,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:5 = “iMac12,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:6 = “iMac13,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:7 = “iMac13,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:8 = “iMac13,3″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:9 = “iMac7,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:10 = “iMac8,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:11 = “iMac9,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:12 = “Mac-031B6874CF7F642A”
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:13 = “Mac-27ADBB7B4CEE8E61″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:14 = “Mac-50619A408DB004DA”
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:15 = “Mac-77EB7D7DAF985301″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:16 = “MacBook5,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:17 = “MacBook5,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:18 = “MacBook6,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:19 = “MacBook7,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:20 = “MacBookAir2,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:21 = “MacBookAir3,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:22 = “MacBookAir3,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:23 = “MacBookAir4,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:24 = “MacBookAir4,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:25 = “MacBookAir5,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:26 = “MacBookAir5,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:27 = “MacBookAir6,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:28 = “MacBookAir6,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:29 = “MacBookPro10,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:30 = “MacBookPro10,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:31 = “MacBookPro3,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:32 = “MacBookPro4,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:33 = “MacBookPro5,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:34 = “MacBookPro5,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:35 = “MacBookPro5,3″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:36 = “MacBookPro5,4″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:37 = “MacBookPro5,5″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:38 = “MacBookPro6,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:39 = “MacBookPro6,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:40 = “MacBookPro7,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:41 = “MacBookPro8,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:42 = “MacBookPro8,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:43 = “MacBookPro8,3″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:44 = “MacBookPro9,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:45 = “MacBookPro9,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:46 = “Macmini3,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:47 = “Macmini4,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:48 = “Macmini5,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:49 = “Macmini5,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:50 = “Macmini5,3″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:51 = “Macmini6,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:52 = “Macmini6,2″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:53 = “MacPro3,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:54 = “MacPro4,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:55 = “MacPro5,1″
netboot:netBootImagesRecordsArray:_array_index:0:DisabledSystemIdentifiers:_array_index:56 = “Xserve3,1″
netboot:netBootImagesRecordsArray:_array_index:0:Description = “NetBoot of OS X 10.10 (13A598) Install (7.14 GB).”
netboot:netBootImagesRecordsArray:_array_index:0:Name = “NetBoot of Install OS X Yosemite”
netboot:netBootImagesRecordsArray:_array_index:0:pathToImage = “/Library/NetBoot/NetBootSP0/NetBoot of Install OS X Yosemite.nbi/NBImageInfo.plist”
netboot:netBootImagesRecordsArray:_array_index:0:Index = 1280
netboot:netBootImagesRecordsArray:_array_index:0:osVersion = “10.10”
netboot:netBootImagesRecordsArray:_array_index:0:BackwardCompatible = no
netboot:netBootImagesRecordsArray:_array_index:0:SupportsDiskless = no
netboot:netBootImagesRecordsArray:_array_index:0:EnabledSystemIdentifiers = _empty_array
netboot:netBootImagesRecordsArray:_array_index:0:Language = “Default”
netboot:netBootImagesRecordsArray:_array_index:0:BootFile = “booter”
netboot:netBootImagesRecordsArray:_array_index:0:IsDefault = no
netboot:netBootImagesRecordsArray:_array_index:0:Type = “HTTP”
netboot:netBootImagesRecordsArray:_array_index:0:Architectures = “4”
netboot:netBootImagesRecordsArray:_array_index:0:IsEnabled = yes
netboot:netBootImagesRecordsArray:_array_index:0:RootPath = “NetBoot.dmg”
netboot:afpUsersMax = “50”

October 16th, 2014

Posted In: Uncategorized

Tags: , , , , , , , , , ,

There are a number of tools available for using Syslog in a Windows environment. I’ll look at Snare as it’s pretty flexible and easy to configure. First download the snare installation executable from Once downloaded run the installer and simply follow all of the default options, unless you’d like to password protect the admin page, at which point choose that. Note that the admin page is by default only available to localhost.

Once installed, run the “Restore Remote Access to Snare for Windows” script.

Screen Shot 2014-04-10 at 10.56.43 AM

Then open and click on Network Configuration in the red sidebar. There, we can define the name that will be used in syslog (or leave blank to use the hostname), the port of your syslog server (we used 514 here) and the address of your syslog server (we used logger here but it could be an IP or fqdn).

Screen Shot 2014-04-08 at 10.58.04 AM


Once you have the settings you’d like to use, scroll down and save your configuration settings. Then, open Services and restart the Snare service.

Screen Shot 2014-04-08 at 10.56.22 AM

Then run the Disable Remote Access to Snare for Windows option and you’re done. Now, if you’re deploying Snare across a lot of hosts, you might find that scripting the config is faster. You can send the Destination hostname (here listed as meh) and Destination Port (here 514) via regedit commands (Destination and DestPort respectively) and then restart the service.

Screen Shot 2014-04-08 at 10.56.51 AM

I’ll do another article at some point on setting up a logstash server to dump all these logs into. Logstash can also parse the xml so you can search for each attribute in the logs and with elasticsearch/hadoop/Kibana makes for an elegant interface for parsing through these things.

April 13th, 2014

Posted In: Active Directory, Windows Server, Windows XP

Tags: , , , , , , ,

Next Page »