Over the years, the terms Magic, Golden, Triangle, Augments, Directory, Domains and Active have given the administrators of Mac OS X environments fits. So when you think about using Active Directory to manage iOS devices through the Profile Manager service, built into Lion Server, you may think that it’s a complicated thing to piece together. You may remember those days when you had to manually craft service principals because xgrid wouldn’t play nice with Acive Directory, or you might think of twisting augmented records to support CalDAV. But you’re gonna’ have to forget all that, ’cause getting Profile Manager to talk to Active Directory is one of the easiest things…
-
-
Disable AutoUpdates in Google Chrome
More and more deployments seem to come with sending Google Chrome out to client systems. Chrome is yet another application with built-in updating to make the process of owning software a bit less tedious for end users. However, in large deployments, we usually need to disable such a feature. Given how talented they are, the Googlers that built the automatic updaters went ahead and showed great foresight and made it easy to disable. Simply set the checkInterval key in com.google.Keystone.Agent to 0, done using defaults here: defaults write com.google.Keystone.Agent checkInterval 0 Once disabled, use defaults to set the checkInterval key to how frequently you’d like the check to run (in…
-
Configuring Spam Assassin In Mac OS X Lion Server
The built-in message hygiene in Lion Server is provided by Spam Assassin and clamav (amavis). Lion Server’s Server Admin application has an easy-to-use way of configuring some of the more basic settings for Spam Assassin. Spam Assassin’s rules are configured in /etc/mail/spamassassin/local.cf. If you open this into a standard text editor then you can insert blocks that are rules. Each rule has the ability to either locate text within a header (such as an email address), a subject or in the text of an email. To use Spam Assassin to block messages that have the word viagra in them, for example, you would insert the following block: body NO_MORE_VIAGRA /viagra/i…
-
Talking A Look Under Apple Configurator's Hood
Apple Configurator has now been in my grubby hands long enough for me to start looking at it a little deeper than I did in the introductory article I did awhile back. Architecturally, Apple Configurator keeps its data in ~/Library/Application Support/com.apple.configurator. Here, you’ll find a directory called IPSWs, another called Resources, file called AppleConfigurator.storedata and another called Users.storedata. The IPSWs directory is where operating system versions, per model of iOS are stored. These look something like iPad2,1_5.1_9B176_Restore.ipsw, which is iOS 5.1 for a standard iPad 2. iPad 1, the retina display iPad, as well as each iPod Touch and iPhone 4 each have their own entry as well. The IPSWs…
-
Using Payload Variables in Profile Manager
Profile Manager allows you to leave certain fields that are user-centric blank and it will prompt at the time that the profile is installed for the blank information. These are usually user-centric fields, such as short name and password. You can also create a profile in Profile Manager for each user you want to setup mail, Exchange, iCal, Address Book and other services that are tied to a specific user. You can enter the username for each and leave the password blank and the user will be prompted for the password but have the username filled in. And then there are payload variables. Note: Before we get started on Payload…
-
Enabling Spotlight For Network Volumes
Spotlight doesn’t automatically index network volumes. To configure spotlight to index network volumes, use the mdutil command followed by an arbitrary path, with the -i option and then the on parameter. For example, for a volume called Galvatron, you would enable indexing using the following command: mdutil /Volumes/Galvatron -i on To monitor the status of the indexing process: mdutil /Volumes/Galvatron -s If this happens to cause any problems, use the off parameter instead, along with the same command to disable indexing of that volume. mdutil /Volumes/Galvatron -i off You can send the mdutil commands through Apple Remote Desktop. For example, I’ve needed to toggle indexing on and then off, for…
-
Setting Up Profile Manager in Lion Server
New in Lion Server, Profile Manager is the most substantial new service added to Mac OS X Server in recent memory. A lot of engineering has gone into it since the introduction in 10.7.0 and in 10.7.3, Profile Manager represents a service that is ready for actual deployments. I have written a number of articles about Profile Manager, but they all revolved around working with Profile Manager once the service is setup and configured. Therefore, I have decided to document the steps used to take a system out of the box and configure it for Profile Manager. Before we get started, let’s prep the system for the service. This starts…
-
2012 Penn State MacAdmins Conference
Don’t let the theft of the Paternoville sign fool ya’, State College is as safe as ever. That is, until a bunch of Mac guys descend on the Nittany Lion Shrine. Yes, it’s that time of the year again when Mac guys from around the world (and yes, all of the speakers are male) descend upon Pennsylvania State University from throughout the Big 10 and beyond to discuss the Penn State mascot, the Nittany Lion. Actually, it’s a mountain lion, so we can’t discuss it quite yet at that point, but we can talk about a slightly bigger cat: Lion. Lion deployment, scripted tools, Munki, InstaDMG, Puppet, migrations, “postPC,” PSU…
-
Fixing Service Issues When Upgrading to 10.7.3 Server
The 10.7.2 to 10.7.3 update for Lion Server has introduced a few issues in some environments that I’ve seen. It just so happens that the update corrects a lot of behavior with Lion Server while also introducing new features, so it’s something you’re gonna’ need to do eventually. Therefore, before I update, I would strongly recommend backing up all of your services, your service data and Open Directory. Once you’ve run the 10.7.3 update, there are a few things that I’ve seen happen. The first is that the web server won’t start. If this happens, reset the web server back to factory default: serveradmin command web:command=restoreFactorySettings Once it’s reset, you…