Before we have this conversation, I want to give you some bad news. Your passwords aren’t going to migrate. The good news is that you only do directory services migrations every decade or two. The better news is that I’m not actually sure you need a directory service in the traditional sense that you’ve built directory services. With Apple’s Enterprise Connect and Nomad, we no longer need to bind in order to get Kerberos functionality. With MCX long-dead(ish) you’re now better off doing policies through configuration profiles. So where does that leave us? There are some options. On Prem Active Directory. I can setup Active Directory in about 10 minutes.…
-
-
Is Imaging Dead In OS X?
I love answering a question with a question. Is asr still in OS X? Is NetInstall still in OS X Server? Can OS X still NetBoot? Does System Image Utility still work? The answer to all of these is yes. Therefore, the answer to “Is imaging dead” is clearly no. Is it on its way out, maybe. Debatable. Is it changing? Of course. When does Apple not evolve? What have we seen recently? Well, the rhetoric would point to the fact that imaging is dying. That seems clear. And this is slowly coming out of people at Apple. The word imaging is becoming a bad thing. But, as a customer…
-
Using The Profiles Command In Yosemite
You can export profiles from Apple Configurator or Profile Manager (or some of the 3rd party MDM tools). You can then install profiles by just opening them and installing. Once profiles are installed on a Mac, mdmclient, a binary located in /usr/libexec will process changes such as wiping a system that has been FileVaulted (note you need to FileVault if you want to wipe an OS X Lion client computer). /System/Library/LaunchDaemons and /System/Library/LaunchAgents has a mdmclient daemon and agent respectively that start it up automatically. To script profile deployment, administrators can add and remove configuration profiles using the new /usr/bin/profiles command. To see all profiles, aggregated, use the profiles command…
-
Deploying and Managing Google Chrome: The Rough Guide
The following is a post from the most excellent Nick McSpadden. It is very well written and I am proud that it is the first article published on this site using the new submissions page. Looks like it’s time to change the banner from my Notes from the Underground, er, I mean, Field, to just Notes from the Field! Greetings! This is a sort of follow-up to my guide on managing Firefox, this time focusing on managing Google Chrome. I’m working on current Chrome version 18 (which just today got updated to 19), and I don’t know for sure how far back this will work, but I think anything higher…
-
Deploying and Managing Firefox: The Rough Guide
Another Great Article Submitted From Nick McSpadden: After working with this for a bit, I’ve come up with a step by step installation process for Firefox 10 ESR + CCK deployment on Mac OS. Firefox CCK Guide – Part I Most of the information about add-ons that you’ll need is in Mike Kaply’s blog: Integrating Add-ons into Firefox 1) Install CCK Wizard in Firefox 10 ESR 2) Run and configure CCK Wizard the way you want 3) Save the CCK data into a “CCK” folder anywhere you’d like. This folder will contain: cck.config cck.xpi xpi/ directory 4) When done, open up CCK/xpi.config 5) Copy the contents of the id=<name> key…
-
Dealing With Profile Manager Conflicts in Lion
Changing OS X Settings for Profiles bound to clients results in Managed Client changes (mcxread shows them) and inserts the info into Managed Client in this order: User Computer Computer Group Everyone User Group The data in the managed client attributes is replaced completely and not per-key. Installing profiles from the command line provides more information as to what is going on behind the scenes. Having said this, in some cases I can get a Provisioning Profile Validation: failed to read CMS (-25257) error when attempting to install the same profile a second time. In other cases it just fails if I try to run verbosely (in those cases it…
-
Server Admin Comic?
-
Managing iTunes en Masse
iTunes is cool. But there are some features that many organizations want to limit as when they are used by a large number of people they can become problematic. Apple allows you to manage iTunes for Windows and Mac OS X clients. For Windows, there are a number of registry keys that can be used and for Mac OS X there is the ~/Library/Preferences/com.apple.iTunes.plist file, or more importantly the ability to Add the aforementioned file into the Workgroup Manager Managed Preferences. Once added you will be able to set a number of options to manage, including the following (which are self explanatory for the most part): allowiTunesUAccess disableAppleTV disableAutomaticDeviceSync disableCheckForUpdates…
-
Disabling Dashboard
The other day I saw someone remove the Dashboard icon from the Dock as a way of disabling it entirely. Probably not the best route. It’s pretty easy though. The command to disable: defaults write com.apple.dashboard mcx-disabled -boolean yes And of course if you’ve disabled, you might want to turn it back on using this handy-dandy double-negative: defaults write com.apple.dashboard mcx-disabled -boolean no
-
Mac OS X Server: Using Open Directory to Control SideBar
Recently I had a scenario where I wanted to disable all of the menu items using an MCX for some NetBoot clients. To do so, I ended up building a custom MCX. To do so, first open Workgroup Manager and click on the group in question. Then click on Preferences and then the Details tab. Next, click on the + sign and browse to /System/Library/CoreServices. Next click on Menu Extras and click on the pencil. Here drop down the Always disclosure triangle and click on the New Key button. From here, name the key with menu item in question (or create multiple keys) and set the Type to Boolean and…