Archive for the ‘OS X’ category

MacTech Conference 2013

November 5, 2013

MacTech_Conference_2013-Gradient-logo-200x073My colleague, Matt Schnittker, and I will be leading a workshop on “Python for Systems Administrators” on Wednesday at MacTech Conference 2013.

If you are planning on participating in the workshop, please visit here first to get your class materials: http://gregneagle.github.io/mtc2013_python/

Hope to see you there!

Mavericks and Multiple Displays

November 3, 2013

In OS X 10.9 Mavericks, Apple changed multiple display behavior in the most dramatic way since 1987. By default, each display now has its own menu bar. Windows can be dragged from one display to another, but they cannot span displays. And putting an application into full screen mode affects only one display. You can use other displays, either with multiple applications, or with other full-screen applications. Apple describes this behavior as “Displays have separate Spaces”, and indeed the effect is almost like having multiple Macs connected to a single keyboard and mouse. I find that I like the new behavior, as I tend to put different applications on different displays.

This is a very different way of working with multiple displays, and might cause some confusion and annoyance for your users and support staff if they aren’t aware of the change, or if it affects their workflows. If you or your users prefer the “old” pre-Mavericks behavior, it’s simple to revert. Open the Mission Control preference pane in System Preferences, and uncheck “Displays have separate Spaces”. A logout is required to effect the change.

If you think you need to manage this for your users, to revert to pre-Mavericks behavior, set “spans-displays” in the “com.apple.spaces” preferences domain to TRUE.


% defaults write com.apple.spaces spans-displays -bool TRUE

You could probably use MCX or a configuration profile to manage this as well.

VPN menu in Mavericks

November 3, 2013

If you use Apple’s built-in VPN and rely on the VPN menu bar item, you might have noticed that that in Mavericks the menu item no longer shows the connection time by default.

That can lead people to believe the VPN connection has not been established, or for users to forget they are connected. It’s quite easy to turn the feature back on: just select “Show Time Connected” from the VPN menu item.

If you want to manage this for your users, the preference is stored in the “com.apple.networkConnect” domain as a boolean value under “VPNShowTime”:

% defaults read com.apple.networkConnect
{
VPNShowTime = 1;
}

You could almost certainly set this with MCX or a configuration profile.

AutoDMG

October 22, 2013

If you’ve been using InstaDMG to create compiled modular deployment images, you may find it takes some work to get it to work with Mavericks.

Might I suggest a look at AutoDMG?

Works great to build Mountain Lion and Mavericks modular images; comes with a GUI(!) but usable from the command-line as well if you want to automate it!

Congratulations to MagerValp (Per Olofsson) on an excellent tool. It’s still in early development, but is shaping up very quickly.

Mavericks day

October 22, 2013

Mavericks
Apple released OS X Mavericks today. What does that mean for some of your favorite open source tools?

The Munki preview release here is Mavericks-ready.

createOSXInstallPkg here supports packaging a Mavericks install.

And Reposado can replicate Apple Software Updates for Tiger through Mavericks.

Undocumented options

April 30, 2013

Rich Trouton posted today about undocumented options for the asr command-line utility.

On Twitter, Marnin asked:

Lots of OS X utilities have undocumented options. Take for example /usr/sbin/softwareupdate — the command-line Apple Software Update utility.

It’s had several undocumented options for years. (more…)

10.8.3 supported platforms

March 15, 2013

A follow-up to yesterday’s post on 10.8.3.

I had hoped that the “SupportedModelProperties” list in the InstallESD.dmg’s /System/Library/CoreServices/PlatformSupport.plist would serve as a more-or-less human parseable list of supported models.

But it appears that there are some supported models that do not appear in the “SupportedModelProperties” list, but whose board-ids do appear in the “SupportedBoardIds” list in that same file.

In any case, the _real_ thing that causes the the installer to decide whether or not to proceed is this function in the OSInstall.mpkg’s Distribution file:

function isSupportedPlatform(){

	if( isVirtualMachine() ){
		return true;
	}
	
	var platformSupportValues=["Mac-F42D88C8","Mac-F2218EA9","Mac-F42D86A9","Mac-F22C8AC8","Mac-F22586C8","Mac-AFD8A9D944EA4843","Mac-F227BEC8","Mac-F226BEC8","Mac-7DF2A3B5E5D671ED","Mac-942B59F58194171B","Mac-2E6FAB96566FE58C","Mac-F42D89C8","Mac-00BE6ED71E35EB86","Mac-4B7AC7E43945597E","Mac-F22C89C8","Mac-942459F5819B171B","Mac-F42388C8","Mac-F223BEC8","Mac-F4238CC8","Mac-F222BEC8","Mac-4BC72D62AD45599E","Mac-F2268DC8","Mac-F2208EC8","Mac-66F35F19FE2A0D05","Mac-F4238BC8","Mac-F221BEC8","Mac-C08A6BB70A942AC2","Mac-8ED6AF5B48C039E1","Mac-F2238AC8","Mac-FC02E91DDD3FA6A4","Mac-6F01561E16C75D06","Mac-742912EFDBEE19B3","Mac-F22589C8","Mac-F22587A1","Mac-F22788AA","Mac-F42C86C8","Mac-942C5DF58193131B","Mac-F2238BAE","Mac-F22C86C8","Mac-F2268CC8","Mac-F2218FC8","Mac-7BA5B2794B2CDB12","Mac-F65AE981FFA204ED","Mac-031AEE4D24BFF0B1","Mac-F22587C8","Mac-F42D89A9","Mac-F2268AC8","Mac-F42C89C8","Mac-942452F5819B1C1B","Mac-F2218FA9","Mac-F221DCC8","Mac-94245B3640C91C81","Mac-F42D86C8","Mac-F2268EC8","Mac-F2268DAE","Mac-F42C88C8","Mac-94245A3940C91C80","Mac-F42386C8","Mac-C3EC7CD22292981F","Mac-942B5BF58194151B","Mac-F2218EC8"];
	var boardID = system.ioregistry.fromPath('IOService:/')['board-id'];
	
	if( !boardID || platformSupportValues.length == 0 ) {
		return false
	}
	for( var i = 0; i < platformSupportValues.length; i++ ){
	 	if( boardID == platformSupportValues[i] ){
				return true;
	  	}	
	}

	return false;
}

Unfortunately, I have not found a reliable resource for mapping board-ids to models.

10.8.3

March 14, 2013

Mountain Lion image

Today Apple finally released OS X 10.8.3.

This release has been awaited by many Mac admins as the hope was that this version would support all Macs capable of running Mountain Lion. Prior to this release, the Late 2012 Macs (iMacs, 13″ Retina MacBookPros and Mac minis) required a different build of 10.8.2 than did other Macs.

This required having multiple restore images or OS installer pkgs and possibly multiple NetBoot disks to support all the Macs in your organization.

The hope (and assumption) was that 10.8.3 would unify the Mountain Lion builds, and that all recent machines would be able to use the new version.

How, though, to be sure? One way is to look at what Apple says. Mount the InstallESD.dmg disk image inside the 10.8.3 Install OS X Mountain Lion.app and take a look at /System/Library/CoreServices/PlatformSupport.plist.

One of the keys in this plist looks like this:

	<key>SupportedModelProperties</key>
	<array>
		<string>MacBookPro4,1</string>
		<string>Macmini5,3</string>
		<string>Macmini5,2</string>
		<string>Macmini5,1</string>
		<string>MacBookPro5,1</string>
		<string>MacPro4,1</string>
		<string>MacBookPro5,2</string>
		<string>MacBookPro5,5</string>
		<string>MacBookPro5,4</string>
		<string>Macmini4,1</string>
		<string>iMac11,1</string>
		<string>iMac11,2</string>
		<string>iMac11,3</string>
		<string>MacBook7,1</string>
		<string>MacBookPro3,1</string>
		<string>MacPro5,1</string>
		<string>iMac9,1</string>
		<string>Macmini3,1</string>
		<string>MacBookPro6,1</string>
		<string>iMac12,2</string>
		<string>iMac12,1</string>
		<string>MacBook5,1</string>
		<string>MacBook5,2</string>
		<string>iMac10,1</string>
		<string>MacBookPro7,1</string>
		<string>MacBookAir4,1</string>
		<string>MacBookPro5,3</string>
		<string>MacBookPro6,2</string>
		<string>iMac8,1</string>
		<string>MacBookAir3,1</string>
		<string>MacBookAir3,2</string>
		<string>Xserve3,1</string>
		<string>MacBookAir2,1</string>
		<string>MacBookPro8,1</string>
		<string>MacBookPro8,2</string>
		<string>MacBookPro8,3</string>
		<string>iMac7,1</string>
		<string>MacBook6,1</string>
		<string>MacPro3,1</string>
		<string>MacBookAir4,2</string>
	</array>

If your Macs are in this list, they should be supported by 10.8.3.

UPDATE: There are some Macs NOT in this list that are also supported by 10.8.3 — those are the “Late 2012″ Macs. See the follow-up post.

XProtect Updater Redux

February 8, 2013

In the past 24 hours, Apple has released an update to the XProtect malware definitions. If your Macs have received the latest XProtect definitions, Adobe Flash Player will be blocked unless it is the version current as of yesterday (11.5.502.149).

If you have already updated your clients to that version of the Flash Player, good for you!

If you don’t want to be surprised by this sort of thing and have to scramble to address it, might I point you here?

Disabling iCloud as default save location

February 5, 2013

icloud-logo
Krypted.com has a new post on disabling iCloud as the default save location for new documents.

This feature affects apps that can save to iCloud, and only if the user has an iCloud account configured for the current login.

Still, you might want to turn this off by default for all users in your organization so they don’t accidentally store company documents on Apple’s servers. The Krypted.com post shows a command-line way to change this setting for a single user. How might you do this for all users?

One way would be to install a computer-level profile that installs the right settings. Here’s one.

If installed as root using the /usr/bin/profiles tool:

sudo profiles -I -F DontSaveNewDocumentsToiCloud.mobileconfig

This setting will be applied Once to all users as they login.

DontSaveNewDocumentsToiCloud.mobileconfig was created using Tim Sutton’s mcxToProfile tool.


Follow

Get every new post delivered to your Inbox.

Join 170 other followers