I wrote an article on using the profiles command awhile back, available at https://krypted.com//mac-security/profile-manager-and-profiles/. There is a nifty new feature in the profiles command in Mavericks, where you can configure profiles to install at the next boot, rather than immediately. Use the -s to define a startup profile and take note that if it fails, the profile will attempt to install at each subsequent reboot until installed. To use the command, simply add a -s then the -F for the profile and the -f to automatically confirm, as follows (and I like to throw in a -v usually for good measure): profiles -s -F /Profiles/SuperAwesome.mobileconfig -f -v And that’s it. Nice…
-
-
Setup the DNS Service in OS X Mavericks Server
Under the hood, OS X Server has a number of substantial changes; however, at first the Server app (Server 3) appears to have had very few changes. The changes in the Server app were far more substantial in the Mountain Lion version of OS X Server. All of the options from Mountain Lion are still there and using the new command line interface for managing the service, there are far more options than ever before. The DNS service in OS X Server, as with previous versions, is based on bind 9 (BIND 9.9.2-P2 to be exact). This is very much compatible with practically every DNS server in the world, including…
-
Managing DNS Services From the Command Line in Mavericks Server
DNS is DNS. And named is named. Except in OS X Server. The configuration files for the DNS services in OS X Server are stored in /Library/Server/named. This represents a faux root of named configuration data, similar to how that configuration data is stored in /var/named on most other platforms. Having the data in /Library/Server/ makes it more portable across systems. Traditionally, you would edit this configuration data by simply editing the configuration files, and that’s absolutely still an option. In Mavericks Server (Server 3), a new command is available at /Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks/DNSManager.framework called dnsconfig. The dnsconfig command appears simple at first. However, the options available are actually far more complicated…
-
OS X & Recent Servers
Click on your Apple, then click on Servers. Here, you’ll see a list of the recent servers you’ve logged into. Now open a Connect to Server dialog (Command-K) and then click the disclosure triangle for the recent servers. There are two different values here. How’s that possible? Well, the first list mirrors the ~/Library/com.apple.NetAuthAgent.plist contents. To view the contents use defaults to read the domain: defaults read com.apple.NetAuthAgent Which shows the following information, mirroring the list shown in the first screenshot (Servers under the Recent Items list of the Apple menu): { PreviouslySelectedShares = { "10.1.1.6" = ( "_JOBS1" ); "192.168.210.175" = ( Desktop ); "192.168.55.2" = ( 318SERVER, "Disk Images"…
-
Connect to Currently Logged In User Using ARD
When you’re kickstarting ARD/Screen Sharing, you might notice times when you are asked if you want to connect to the local logged in user or to a new session, which shows the login window. In most cases, I want to connect to the console user, or that locally logged in user. To go right there, instead of seeing the OS X login window, you can use the defaults command to write a VNCAlwaysStartOnConsole key (boolean, true) into com.apple.RemoteManagement.plist in /Library/Preferences, as follows: defaults write /Library/Preferences/com.apple.RemoteManagement VNCAlwaysStartOnConsole -bool true The newer features here are pretty cool and really nice to have, but I’ve now added this to a lot of my…
-
More Information About DHCP Leases in OS X
You can obtain a pretty decent amount of information about leases your OS X computer gets just by looking in the Network System Preference pane, for each interface. However, you can get a little lot more information, as with most things, from the command line. First, we’re going to take a look at en0 on our host and see what the MAC address is: ifconfig en0 ether Now, we can look in the /var/db/dhcpclient/leases directory to see a list of all of the leases we have running on our system. Based on the MAC address of our computer, we should see a file there that starts with the name of…
-
Open Directory Backups Fail Due To HostName Problems
If you don’t have a HostName set on your computer then Open Directory backups are likely to fail using Time Machine. How did you promote to an Open Directory Master if you don’t have functional backups you may ask? Let’s not worry about that for now. Instead, let’s turn our attention to /var/backups. You see, if you enable Time Machine on an OS X Server, you’ll get a ServerBackup_OpenDirectoryMaster.sparseimage in that folder, which contains your Open Directory backups and gets picked up by our pal Time Machine. You can manually run a backup using the opendirectorybackup script at /Applications/Server.app/Contents/ServerRoot/usr/libexec/server_backup/opendirectorybackup. This could be automated, using expect to send a password, but…
-
iCloud, Location Services, iOS 7 and Organization Owned Devices
When Apple showed off the latest and greatest options for managing and tracking iOS devices remotely using iCloud accounts, many an Enterprise and School District said “wait, what?” The reason is that if an iOS device is running Find My iPhone and a device is stolen the device cannot be activated again without logging into the iCloud account that Find My iPhone was installed with. This could represent an issue if an employee is fired or if students turn in their iPads after a year of running Find My iPad. Imagine asking an employee you just fired or a student you just expelled to enter their iCloud password so you…
-
Accepting Always-On FaceTime Calls
I’ve been experimenting with using FaceTime as an always-on video conferencing system. However things like network interruptions happen. Therefore, it’s never a bad idea to plan for that and allow either end of a call to initiate a new call without someone on the other end hitting accept. To do so, we can just send a boolean AutoAcceptInvites key to com.apple.FaceTime: defaults write com.apple.FaceTime AutoAcceptInvites -bool true After restarting FaceTime, incoming calls will automatically answer. Since we might take a machine and do something differently, we might need to disable this again. To disable this feature: defaults write com.apple.FaceTime AutoAcceptInvites -bool false
-
Show File Extensions
In OS X, we don’t see file extensions by default. However, in a number of environments it’s very useful to have them. To see them in the Finder, send a boolean AppleShowAllExtensions key to the NSGlobalDomain as True, then restart the Finder. defaults write NSGlobalDomain AppleShowAllExtensions -bool true; killall Finder To change back to not seeing extensions: defaults write NSGlobalDomain AppleShowAllExtensions -bool false; killall Finder