• Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    10 Tips on Policy Enforcement and Tracking for Mac OS X

    Large deployments of Mac OS X based systems are becoming more and more prevalent. In some ways, this is due to one to one programs and more frequent enterprise deployments of Mac OS X. As such, people are more and more looking to manage systems. And any time you have systems being managed, those using managed systems start looking to break the management of the computers. Therefore, a new topic comes up: trying to discern when a system has broken out of the management framework. For example, how do you know when users have broken your firmware password? How do you know when they’ve circumvented your managed preferences framework to…

  • Mac OS X Server,  Mac Security

    Managing Lion Server's Adaptive Firewall From the Command Line

    Previously, I had done an article on using the adaptive firewall in Mac OS x Server. But I hadn’t looked at controlling it from the command line yet. In Lion Server, the firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. The most basic task you can…

  • iPhone,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Dealing With Profile Manager Conflicts in Lion

    Changing OS X Settings for Profiles bound to clients results in Managed Client changes (mcxread shows them) and inserts the info into Managed Client in this order: User Computer Computer Group Everyone User Group The data in the managed client attributes is replaced completely and not per-key. Installing profiles from the command line provides more information as to what is going on behind the scenes. Having said this, in some cases I can get a Provisioning Profile Validation: failed to read CMS (-25257) error when attempting to install the same profile a second time. In other cases it just fails if I try to run verbosely (in those cases it…

  • Articles and Books,  iPhone,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    My OS X Server Book From O'Reilly On Amazon!

    I usually don’t like to discuss books (except in person with friends/colleagues) very much until I have an ISBN number. Well, here it is! My next book is going to address what I consider the most important challenge to Apple Server nerds like myself: can a server really be installed off the app store with no technical skills? I also tackle the meaning of life (somewhere on page 42) in this book, but that’s not nearly as interesting a topic… I am about 80 percent done with it and it should be out within the next 5 to 6 weeks. One of the things that really impresses me about O’Reilly…

  • Mac OS X

    Suppressing the iCloud Dialog During Imaging and Through ARD

    The latest update of Lion for Mac OS X 10.7.2 comes with an interesting new option, where it prompts users to log into iCloud. This setting is stored in com.apple.SetupAssistant.plist in the DidSeeCloudSetup key. Configuring the boolean with a positive value then suppresses the prompt for the user: defaults write /System/Library/User Template/Non_localized/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -boolean YES If you have configured it and you want to run it again, just revert to NO: defaults write /System/Library/User Template/Non_localized/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -boolean NO These commands can be sent out through Apple Remote Desktop, or some other patch management system.

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Controlling Saved Application States

    When Lion was new, I put up a post about clearing out information on saved applications states. Saved application states are a new feature in Lion that remembers the screens that were open and where each was when you quit applications. The reason for that post was that those states were causing a few minor issues with applications. There are a few applications that the saving of application states is really awesome for. I think it will mostly be different for each persons workflow. Personally I like saving the state of Terminal, Safari and a few others. However, the state of some others can be a bit annoying for me.…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Disable AirDrop in Mac OS X Lion

    Lion comes with this nifty option called AirDrop, which allows users to share files directly. In many environments, this represents a perceived security risk (whether real or not) and must be disabled. To disable AirDrop: defaults write com.apple.NetworkBrowser DisableAirDrop -boolean YES To turn it back on: defaults write com.apple.NetworkBrowser DisableAirDrop -boolean NO This is done per-user and so can also be done via Managed Preferences, profiles and/or at imaging time.

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Mass Deploying Time Machine in Mac OS X Lion

    A lot of environments want to use Time Machine at scale. But prior to Lion there hasn’t been a simple way to do so. Apple has introduced a new weapon in the war to backup client computers in the new command tmutil that was introduced in OS X Lion. The tmutil command allows administrators to enable Time Machine, make snapshots, kick off backups, delete snapshots, perform restores, configure options within Time Machine and, with a little scripting, build a centralized dashboard, pulling in Time Machine statistics from clients. Enabling Time Machine The first thing to know is that pretty much everything you do in Time Machine is going to require…

  • Mac OS X

    Fixing Color Problems with Ubuntu

    The Terminal application defaults have a problem passing colors with Ubuntu and other types of Linux machines with properly formed .bashrc files. This is because those systems do not know how to interpret the Lion xterm-color256 terminal declaration. The fix is to change this setting to xterm-color. This needs to be done for each Terminal default. Click on each (Basic, Grass, Homebrew, etc) and then click on the Advanced tab. From there, just set the Declare terminal as: to xterm-color and close. This can also be done through the command line. These settings are stored in the com.apple.Terminal.plist per user, in their ~/Library/Preferences. The key for each is in TerminalType,…