Startup profiles configure profiles to install at the next boot, rather than immediately. Useful in a number of scenarios. Use the -s to define a startup profile and take note that if it fails, the profile will attempt to install at each subsequent reboot until installed. To use the command, simply add a -s then the -F for the profile and the -f to automatically confirm, as follows (and I like to throw in a -v usually for good measure): profiles -s -F /Profiles/SuperAwesome.mobileconfig -f -v And that’s it. Nice and easy and you now have profiles that only activate when a computer is started up.
-
-
Demote Open Directory Servers Using The Command Line in macOS Server
The command to create and tear down an Open Directory environment is slapconfig. When you disable Open Directory from the Server app you aren’t actually removing users. To do so, you’d use slapconfig along with the -destroyldapserver. When run, you get a little insight into what’s happening behind the scenes. This results in the following: bash-3.2# sudo slapconfig -destroyldapserver The logs are as follows: 2017-09-09 20:59:31 +0000 slapconfig -destroyldapserver 2017-09-09 20:59:31 +0000 Deleting Cert Authority related data 2017-09-09 20:59:31 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/krypted Open Directory Certificate Authority. 2017-09-09 20:59:31 +0000 command: /usr/sbin/xscertadmin add –reason 5 –issuer krypted Open Directory Certificate Authority –serial 1339109282 2017-09-09 20:59:51 +0000…
-
Programatically Manage Jabber Chat Rooms In macOS Server
Server comes with a command called RoomsAdminTool located at /Applications/Server.app/Contents/ServerRoot/usr/bin/RoomsAdminTool. This tool can list available rooms using a -l flag: RoomsAdminTool -l You can also create new rooms, using the following format, where krypted is the name of the room, the persistent option means the room is, er, persistent. The description option indicates a description used for the room. RoomsAdminTool -n krypted -c persistent yes description "This room is for friends of krypted only” To then delete the room, use the -d option: RoomsAdminTool -n krypted -d Add the -v to do it all verbosely. There are lots of other options as well, as follows (from the man page): Valid…
-
Quick and dirty: Pull a list of all filevault encrypted users on a Mac
In the following example script, I’m going to pull a list of just the usernames from fdesetup. sudo fdesetup list The output would be as follows: charlesedge,F4D8B61D-1234-1234-98F4-103470EE1234 emerald,2E1203EA-1234-4E0D-1234-717D27221234 admin,50058FCF-88DF-1234-1234-91FCF28C0488 I’ll then pipe them into sed and use the , as a delimiter, pulling * or everything before it: sudo fdesetup list | sed 's;,.*;;' As follows: charlesedge emerald admin
-
Using The WordPress API
WordPress has an app. That means there’s an API to normalize communication using a predictable programmatic interface. In this case, as with many others, that’s done using a standard REST interface to communicate. The easiest way to interact with any API is to just read some stuff from the server via curl. You can feed curl the URL to the API by using your URL followed by /wp-json – as follows, assuming a URL of https://www.krypted.com: curl https://krypted.com//wp-json To view header information: curl -s -D - https://krypted.com/ -o /dev/null In the below example we’ll ask for a list of posts by adding /wp/v2/posts to the URL: curl https://krypted.com//wp-json/wp/v2/posts You’ll see…
-
Query Tomcat Logs On Windows Servers
Tomcat logs events into the system log. You can use the get-wmiobject commandlet to see events. Here, we’ll look at a JSS and view only system events: Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' We can then use AND to further constrain to specific messages, in this case those containing Tomcat: Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' AND (Message like '%Tomcat%') We can then further constrain output to those with a specific EventCode with another compound statement: Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' AND (Message like '%Tomcat%') AND (EventCode=1024) For a comprehensive list of Windows event codes, see https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx. You could instead use get-eventlog to see system logs. For example, the…
-
Ways to work together with your employees to help keep their skills sharp
My latest inc.com piece is available at https://www.inc.com/charles-edge/your-employees-want-extra-training-but-youre-going-to-have-to-help-them-get-star.html. It starts off like this, if it’s your kinda’ thing: Employee engagement is dipping, according to a new study by human resources consultancy Aon Hewitt, but as an manager, you can make the workplace more appealing through positive initiatives such as employee training and development. Indeed, I’ve often had people I manage ask for more training. My answer is always an emphatic “yes.” But then something funny often happens: nothing. Giving staff approval for trainingdoesn’t necessarily mean that they’ll do it unless you follow up methodically and even micromanage the process. Why does this happen and what does it show about how employers…
-
Episode 41 of the MacAdmins Podcast with Taylor Boyko of SimpleMDM
-
Use DNS To Improve Caching Service Discoverability
Clients discover the Apple Caching service bundled with macOS Server (and in the future macOS) automatically. You can create a text recored for _aaplcache._tcp on your DNS server. That would look _aaplcache._tcp 518400 IN TXT “prs=192.168.50.100” Name: _aaplcache._tcp with a type of TXT and a TTL of 518400 seconds. The prs is the address to be used and is set to a value using prs=192.168.50.100.
-
Episode 38 of the MacAdmin Podcast, with plenty of WWDC predictionating