When planning to migrate from managed preferences to profiles, one of the important aspects to consider is automated enrollment. One of the more important aspects of automating a traditional managed preferences environment is to automate the binding to directory services. You do not bind to Profile Manager; however, you do enroll devices. Much like binding computers to Lion Server’s Open Directory (by default), certificates and host names are important aspects of the enrollment process. Much as with local managed preferences, management via profiles can be done through the command line and without any involvement from a centralized source. I had written an article awhile back on using profiles from the…
-
-
Disable AutoUpdates in Google Chrome
More and more deployments seem to come with sending Google Chrome out to client systems. Chrome is yet another application with built-in updating to make the process of owning software a bit less tedious for end users. However, in large deployments, we usually need to disable such a feature. Given how talented they are, the Googlers that built the automatic updaters went ahead and showed great foresight and made it easy to disable. Simply set the checkInterval key in com.google.Keystone.Agent to 0, done using defaults here: defaults write com.google.Keystone.Agent checkInterval 0 Once disabled, use defaults to set the checkInterval key to how frequently you’d like the check to run (in…
-
Configuring Spam Assassin In Mac OS X Lion Server
The built-in message hygiene in Lion Server is provided by Spam Assassin and clamav (amavis). Lion Server’s Server Admin application has an easy-to-use way of configuring some of the more basic settings for Spam Assassin. Spam Assassin’s rules are configured in /etc/mail/spamassassin/local.cf. If you open this into a standard text editor then you can insert blocks that are rules. Each rule has the ability to either locate text within a header (such as an email address), a subject or in the text of an email. To use Spam Assassin to block messages that have the word viagra in them, for example, you would insert the following block: body NO_MORE_VIAGRA /viagra/i…
-
Enabling Spotlight For Network Volumes
Spotlight doesn’t automatically index network volumes. To configure spotlight to index network volumes, use the mdutil command followed by an arbitrary path, with the -i option and then the on parameter. For example, for a volume called Galvatron, you would enable indexing using the following command: mdutil /Volumes/Galvatron -i on To monitor the status of the indexing process: mdutil /Volumes/Galvatron -s If this happens to cause any problems, use the off parameter instead, along with the same command to disable indexing of that volume. mdutil /Volumes/Galvatron -i off You can send the mdutil commands through Apple Remote Desktop. For example, I’ve needed to toggle indexing on and then off, for…
-
2012 Penn State MacAdmins Conference
Don’t let the theft of the Paternoville sign fool ya’, State College is as safe as ever. That is, until a bunch of Mac guys descend on the Nittany Lion Shrine. Yes, it’s that time of the year again when Mac guys from around the world (and yes, all of the speakers are male) descend upon Pennsylvania State University from throughout the Big 10 and beyond to discuss the Penn State mascot, the Nittany Lion. Actually, it’s a mountain lion, so we can’t discuss it quite yet at that point, but we can talk about a slightly bigger cat: Lion. Lion deployment, scripted tools, Munki, InstaDMG, Puppet, migrations, “postPC,” PSU…
-
Pentesting Mac OS X Server With Nessus 5
One of my favorite tools for penetration testing is Nessus from Tenable Network Security. Nessus 5 is the latest release in the family of vulnerability scanners that is probably amongst the most prolific. Nessus 5 does discovery, configuration auditing, profiling, looks at patch management and performs vulnerability analysis on a variety of platforms. Nessus can also run on a Linux, Windows or Mac OS X and can be used to scan and keep track of vulnerabilities for practically any platform, including Mac OS X. To install Nessus, go to the Nessus site and click on the Download button, around the middle of the page. Agree to the download agreement and…
-
Restarting PresSTORE Services
A number of PresSTORE backup servers also provide other services in the environments they are installed in. Therefore, restarting PresSTORE services without restarting the host that runs the PresSTORE services can be done via the command line so that you don’t have to restart the server that is doing backups. To stop the PresSTORE server agent, use the stop-server command stored in /usr/local/aw: sudo /usr/local/aw/stop-server To the restart the server, use the start-server command, stored in the same location: /usr/local/aw/start-server The restart can also be done as a different user by invoking the -u operator followed by (and therefore defining) a user. The server occasionally stops itself for internal housecleaning,…
-
Backing Up and Reindexing The Profile Manager Database in Lion Server
A common task when scaling databases is to reindex tables within the database. This process makes lookups faster and databases run butter. Reindexing becomes a pretty easy step before or after backing up the database as a general housekeeping step. To backup the database, you’ll use the pg_dump command, defining the user with -U and then the database with -d. In the case of Profile Manager, the database is device_management. Given that data is distributed across a lot of tables in the device_management database, the below script will backup the device_management database and then reindex each of the tables. If you follow previous articles to enable the Postgres user, you…
-
Free MacWorld Exhibit Code and iFan Pass Savings
As usual, there are a lot of great events going on at MacWorld | iWorld. If you’re interested in joining us in a couple of weeks in San Francisco for what I’m sure will be a great conference, then you can use my speaker codes to do so. To do so, during the registration process enter a PRIORITY CODE of: BNB35106 This will give 100 FREE Exhibit Only Passes OR $15.00 OFF an iFan Pass. This code is unique to me, so other speakers have codes as well. The code will stop offering free exhibit passes once the 100th person registers for this. The $15.00 savings off an iFan pass…
-
lsregister: How Files Are Handled in Mac OS X
The lsregister command is used to query and manage the Launch Services database, or the database that is used to determine the default application used to open files of various types. lsregister is part of Core Services, and stored in /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support. To see the options available to lsregister, run the command with no operators: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister You can dump the database to the screen using the -dump option: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump You can then grep the database or redirect the output into a text file for parsing: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump > dump.txt Sometimes applications don’t open with a given file type. When this happens, you can quickly and easily check if the problem…