• iPhone,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Integrating Mac OS X Lion Server's Profile Manager With Active Directory

    Over the years, the terms Magic, Golden, Triangle, Augments, Directory, Domains and Active have given the administrators of Mac OS X environments fits. So when you think about using Active Directory to manage iOS devices through the Profile Manager service, built into Lion Server, you may think that it’s a complicated thing to piece together. You may remember those days when you had to manually craft service principals because xgrid wouldn’t play nice with Acive Directory, or you might think of twisting augmented records to support CalDAV. But you’re gonna’ have to forget all that, ’cause getting Profile Manager to talk to Active Directory is one of the easiest things…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Disable AutoUpdates in Google Chrome

    More and more deployments seem to come with sending Google Chrome out to client systems. Chrome is yet another application with built-in updating to make the process of owning software a bit less tedious for end users. However, in large deployments, we usually need to disable such a feature. Given how talented they are, the Googlers that built the automatic updaters went ahead and showed great foresight and made it easy to disable. Simply set the checkInterval key in com.google.Keystone.Agent to 0, done using defaults here: defaults write com.google.Keystone.Agent checkInterval 0 Once disabled, use defaults to set the checkInterval key to how frequently you’d like the check to run (in…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Ubuntu,  Unix

    Configuring Spam Assassin In Mac OS X Lion Server

    The built-in message hygiene in Lion Server is provided by Spam Assassin and clamav (amavis). Lion Server’s Server Admin application has an easy-to-use way of configuring some of the more basic settings for Spam Assassin. Spam Assassin’s rules are configured in /etc/mail/spamassassin/local.cf. If you open this into a standard text editor then you can insert blocks that are rules. Each rule has the ability to either locate text within a header (such as an email address), a subject or in the text of an email. To use Spam Assassin to block messages that have the word viagra in them, for example, you would insert the following block: body NO_MORE_VIAGRA /viagra/i…

  • iPhone,  Mac OS X Server,  Mass Deployment

    Talking A Look Under Apple Configurator's Hood

    Apple Configurator has now been in my grubby hands long enough for me to start looking at it a little deeper than I did in the introductory article I did awhile back. Architecturally, Apple Configurator keeps its data in ~/Library/Application Support/com.apple.configurator. Here, you’ll find a directory called IPSWs, another called Resources, file called AppleConfigurator.storedata and another called Users.storedata. The IPSWs directory is where operating system versions, per model of iOS are stored. These look something like iPad2,1_5.1_9B176_Restore.ipsw, which is iOS 5.1 for a standard iPad 2. iPad 1, the retina display iPad, as well as each iPod Touch and iPhone 4 each have their own entry as well. The IPSWs…

  • Mac OS X,  Mac OS X Server

    Configuring Out of Office Messages in Lion Server

    One of the more common administrative tasks for any administrator of a mail server is to work with users on enabling various rules. One such rule is the Out of Office email messages. These messages can be enabled to automatically send responses to people that send email to those accounts when a user is not going to be checking mail. These can be somewhat frustrating for people on list serves, but they are a great way to be able to step away from your email in the event that you’re, I don’t know, Out of the Office. I should learn to rely on these more when I’m on vacation, but…

  • iPhone,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Using Payload Variables in Profile Manager

    Profile Manager allows you to leave certain fields that are user-centric blank and it will prompt at the time that the profile is installed for the blank information. These are usually user-centric fields, such as short name and password. You can also create a profile in Profile Manager for each user you want to setup mail, Exchange, iCal, Address Book and other services that are tied to a specific user. You can enter the username for each and leave the password blank and the user will be prompted for the password but have the username filled in. And then there are payload variables. Note: Before we get started on Payload…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment,  Xsan

    Enabling Spotlight For Network Volumes

    Spotlight doesn’t automatically index network volumes. To configure spotlight to index network volumes, use the mdutil command followed by an arbitrary path, with the -i option and then the on parameter. For example, for a volume called Galvatron, you would enable indexing using the following command: mdutil /Volumes/Galvatron -i on To monitor the status of the indexing process: mdutil /Volumes/Galvatron -s If this happens to cause any problems, use the off parameter instead, along with the same command to disable indexing of that volume. mdutil /Volumes/Galvatron -i off You can send the mdutil commands through Apple Remote Desktop. For example, I’ve needed to toggle indexing on and then off, for…

  • iPhone,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Setting Up Profile Manager in Lion Server

    New in Lion Server, Profile Manager is the most substantial new service added to Mac OS X Server in recent memory. A lot of engineering has gone into it since the introduction in 10.7.0 and in 10.7.3, Profile Manager represents a service that is ready for actual deployments. I have written a number of articles about Profile Manager, but they all revolved around working with Profile Manager once the service is setup and configured. Therefore, I have decided to document the steps used to take a system out of the box and configure it for Profile Manager. Before we get started, let’s prep the system for the service. This starts…

  • Football,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment,  Time Machine

    2012 Penn State MacAdmins Conference

    Don’t let the theft of the Paternoville sign fool ya’, State College is as safe as ever. That is, until a bunch of Mac guys descend on the Nittany Lion Shrine. Yes, it’s that time of the year again when Mac guys from around the world (and yes, all of the speakers are male) descend upon Pennsylvania State University from throughout the Big 10 and beyond to discuss the Penn State mascot, the Nittany Lion. Actually, it’s a mountain lion, so we can’t discuss it quite yet at that point, but we can talk about a slightly bigger cat: Lion. Lion deployment, scripted tools, Munki, InstaDMG, Puppet, migrations, “postPC,” PSU…

  • Mac OS X Server

    Fixing Service Issues When Upgrading to 10.7.3 Server

    The 10.7.2 to 10.7.3 update for Lion Server has introduced a few issues in some environments that I’ve seen. It just so happens that the update corrects a lot of behavior with Lion Server while also introducing new features, so it’s something you’re gonna’ need to do eventually. Therefore, before I update, I would strongly recommend backing up all of your services, your service data and Open Directory. Once you’ve run the 10.7.3 update, there are a few things that I’ve seen happen. The first is that the web server won’t start. If this happens, reset the web server back to factory default: serveradmin command web:command=restoreFactorySettings Once it’s reset, you…