Managing OS X

Radmind, being a set of UNIX tools, originally supported only case-sensitive transcripts. Mac OS X’s HFS+ filesystem, developed by Apple pre-NeXT purchase, is a case-preserving, case-insensitive filesystem.

Support for case-insensitive transcripts was later added to the radmind tools.

As it turns out, it is perfectly possible to use radmind with case-sensitive transcripts to manage an OS X HFS+ filesystem. There are sometimes a few annoyances, but it generally works OK. Worst case, you might have to run the radmind tools twice to get the filesystem update when there is a case change: the first run might remove the lowercase version of the file, and the second run would install the uppercase version. Or a sharp radmind admin might be able to avoid the problem altogether by renaming files in troublesome transcripts.
Read the rest of this post »

If you are doing an in-place upgrade from Tiger to Leopard without using the Apple Leopard Install DVD, you may need a way to convert existing local or mobile accounts from NetInfo to the dslocal store.

Here’s a script that converts local accounts; it requires the nicl binary, which you can copy from any Tiger installation.

For local accounts, it uses nicl to read the account info, and dscl to create a new corresponding account. For mobile accounts, it uses createmobileaccount to recreate the mobile account.

Enjoy.

When launchd debuted with Tiger, Apple moved the execution of the periodic jobs, previously scheduled by cron, to launchd. I had been using anacron, as I wanted these jobs to run even if the machine had been off or asleep at the magic hour. Under Tiger, I kept using anacron, as there were lots of reports of launchd not reliably running repeating jobs.

In Leopard, these issues seemed to have been solved, and in my testing, launchd would reliably run the periodic jobs and even run them after wake up if the machine had been asleep during the scheduled time.

But I (and Apple) missed something: launchd still won’t run missed tasks if the machine is off when the job was scheduled.
Read the rest of this post »

Folders added to the Dock on Leopard machines do not behave as stacks or folders.

Steps to Reproduce:
1. Open Workgroup Manager.
2. Select a user object to manage.
3. Click the Preferences icon.
4. Click the Dock item in the Preferences management view.
5. Select Manage: Once
6. Add some folders to the User’s dock. (For example, /Applications and /Applications/Utilities)
7. Click Apply Now and Done
8. On a managed Leopard machine, log in as the user.
9. Note that the folders now appear in the user’s dock, but…

The newly added dock folder items should behave as Stacks or Folders. Instead, they behave like documents - clicking on them opens them in the Finder, but there is no other folder-like behavior in the Dock (no pop-up menu, no stacks behavior)

Workaround:
In the Preferences Details view in WGM, select com.apple.dock, then Once->Document Tiles->Document Tile->Tile Type and edit the value from “file-tile” to “directory-tile”. This causes the expected behavior in the managed Dock, but causes Workgroup Manager to throw a bunch of assertion errors if you select the Dock in Preferences->Overview view. This may also exhibit undesired behavior with Tiger clients - so test.

Enforcing a screensaver for security reasons has given me a lot of headaches over the years.

You’d think something as simple and basic as enforcing a screensaver would be easy. There have been plenty of hacks to do so. I developed one for 10.1 that I also used for 10.2 and 10.3. Later, I moved to a script that ran at login that used defaults -currentHost write com.apple.screensaver to set the desired preferences at each log in.
Read the rest of this post »

I had assumed that the driver for the USB Ethernet adapter was loaded at boot time, and not available to EFI. This would mean that you would not be able to NetBoot using the USB Ethernet adapter.

I assumed wrong.

While I don’t yet have a MacBook Air-compatible NetBoot (or NetInstall) image, the MacBook Air does attempt to NetBoot over its USB Ethernet interface:


Feb 15 09:53:10 xserve06 bootpd[1411]: BSDP DISCOVER [en2] 1,0:1e:c2:fb:b0:26 arch=i386 sysid=MacBookAir1,1
Feb 15 09:53:12 xserve06 bootpd[1411]: BSDP INFORM [en2] 1,0:1e:c2:fb:b0:26 arch=i386 sysid=MacBookAir1,1
Feb 15 09:53:12 xserve06 bootpd[1411]: NetBoot: [1,0:1e:c2:fb:b0:26] BSDP ACK[LIST] sent 172.30.160.46 pktsize 339
Feb 15 09:53:20 xserve06 bootpd[1411]: BSDP INFORM [en2] 1,0:1e:c2:fb:b0:26 NetBoot195 arch=i386 sysid=MacBookAir1,1
Feb 15 09:53:20 xserve06 bootpd[1411]: NetBoot: [1,0:1e:c2:fb:b0:26] BSDP ACK[SELECT] sent 172.30.160.46 pktsize 396


This is good news for our deployment - eventually we should be able to image MacBook Airs just like any other Mac.

MacOSXHints has a hint on customizing the Dock for Leopard’s guest account.

This turns out to be yet another application of MCX records in the local directory service. The idea can be expanded to customize lots more things the Guest account can and cannot do - just use Workgroup Manager to manage preferences for the Guest account!

If you are thinking about deploying Microsoft Office 2008 in your environment, there are some preferences you should consider managing.

Microsoft has provided a high-level overview here. But it’s short on details. Here’s a few…
Read the rest of this post »

10.5.2 places a Time Machine menuextra in the menu bar for all users.

We’re not encouraging the use of Time Machine in our organization. I’ve removed it from the default dock, and am managing the preference to prevent Time Machine from asking if you want to use each new external disk for backups. Users can still use Time Machine, we’re just de-emphasizing it. Therefore, I want to remove the Time Machine menu extra from the menu bar by default.

If you import the Preference Manifests in /System/Library/CoreServices/ManagedClient.app, you gain the ability to easily manage MenuExtras. But the Time Machine menu extra has not yet been added to the list of menu extras. No matter - you can edit it like so:

Just select Edit… from the popup menu and enter TimeMachine.menu instead of one of the pre-populated choices. You’ll see the little badge warning you that your entry does not match the manifest. That’s OK, it will still work. Setting the value to “false” will cause the TimeMachine menu to be removed from the menu bar at the next login.

I’m managing it once, so it’s off by default, but users can turn it back on if they want.

In an earlier article about putting MCX data into the local DS store, I mentioned that I’m using radmind to deliver the pieces to each client machine. Here’s a little more detail on that.
Read the rest of this post »