Network and Portable Home slides

Here is a slightly modified version of the slides I used at presentation earlier in 2008 on the topic of Network and Portable Home Directories.

Macworld 2009 MCX presentation

Here is a PDF of my presentation at Macworld SF 2008 on Managing OS X Clients with or without Open Directory.

Firmware Updates Redux

Mac firmware updates generally need some sort of user intervention in order to apply them.

This makes it very difficult to automate the process. I did manage at one point to automate SMC updates, but EFI updates and other hardware (keyboards, trackpads, graphics) each have their own issues.

So I finally decided to just punt on the issue. Here’s what I do now: a script runs at login and checks softwareupdate, looking for available firmware updates. If there are any, the user is notified to call the help desk.
Read the rest of this post »

iTunes preference management

Workgroup Manager/MCX supports managing some iTunes preferences if you use the Preference Details and add the Managed Client preference managements.

It turns out there are a few more things you can manage if you look here.

These additional items include:

• disableCheckForUpdates
• disableAutomaticDeviceSync
• disableGetAlbumArtwork
• disablePlugins

and more. These also seem to work as regular default keys. For example:

defaults write com.apple.iTunes disableCheckForUpdates -bool YES

turns off and disables automatic checking for updates. You might want to do that if you manage installation of iTunes updates yourself.

Firefox default settings

Something I see pop up now and again is questions on how to define certain default settings (proxies, home pages, etc) for all users of Firefox. I was surprised to find that I had never posted on this topic before.

It turns out that you can edit a few files inside the Firefox bundle to set default preference values.
Here’s what I do…
Read the rest of this post »

Radmind: converting to case-insensitive transcripts

Radmind, being a set of UNIX tools, originally supported only case-sensitive transcripts. Mac OS X’s HFS+ filesystem, developed by Apple pre-NeXT purchase, is a case-preserving, case-insensitive filesystem.

Support for case-insensitive transcripts was later added to the radmind tools.

As it turns out, it is perfectly possible to use radmind with case-sensitive transcripts to manage an OS X HFS+ filesystem. There are sometimes a few annoyances, but it generally works OK. Worst case, you might have to run the radmind tools twice to get the filesystem update when there is a case change: the first run might remove the lowercase version of the file, and the second run would install the uppercase version. Or a sharp radmind admin might be able to avoid the problem altogether by renaming files in troublesome transcripts.
Read the rest of this post »

Converting NetInfo accounts to dslocal

If you are doing an in-place upgrade from Tiger to Leopard without using the Apple Leopard Install DVD, you may need a way to convert existing local or mobile accounts from NetInfo to the dslocal store.

Here’s a script that converts local accounts; it requires the nicl binary, which you can copy from any Tiger installation.

For local accounts, it uses nicl to read the account info, and dscl to create a new corresponding account. For mobile accounts, it uses createmobileaccount to recreate the mobile account.

Enjoy.

launchd vs periodic

When launchd debuted with Tiger, Apple moved the execution of the periodic jobs, previously scheduled by cron, to launchd. I had been using anacron, as I wanted these jobs to run even if the machine had been off or asleep at the magic hour. Under Tiger, I kept using anacron, as there were lots of reports of launchd not reliably running repeating jobs.

In Leopard, these issues seemed to have been solved, and in my testing, launchd would reliably run the periodic jobs and even run them after wake up if the machine had been asleep during the scheduled time.

But I (and Apple) missed something: launchd still won’t run missed tasks if the machine is off when the job was scheduled.
Read the rest of this post »

Managed Client: managed Dock folders have incorrect behavior on Leopard

Folders added to the Dock on Leopard machines do not behave as stacks or folders.

Steps to Reproduce:
1. Open Workgroup Manager.
2. Select a user object to manage.
3. Click the Preferences icon.
4. Click the Dock item in the Preferences management view.
5. Select Manage: Once
6. Add some folders to the User’s dock. (For example, /Applications and /Applications/Utilities)
7. Click Apply Now and Done
8. On a managed Leopard machine, log in as the user.
9. Note that the folders now appear in the user’s dock, but…

The newly added dock folder items should behave as Stacks or Folders. Instead, they behave like documents – clicking on them opens them in the Finder, but there is no other folder-like behavior in the Dock (no pop-up menu, no stacks behavior)

Workaround:
In the Preferences Details view in WGM, select com.apple.dock, then Once->Document Tiles->Document Tile->Tile Type and edit the value from “file-tile” to “directory-tile”. This causes the expected behavior in the managed Dock, but causes Workgroup Manager to throw a bunch of assertion errors if you select the Dock in Preferences->Overview view. This may also exhibit undesired behavior with Tiger clients – so test.

MCX vs the screensaver (and Leopard!)

Enforcing a screensaver for security reasons has given me a lot of headaches over the years.

You’d think something as simple and basic as enforcing a screensaver would be easy. There have been plenty of hacks to do so. I developed one for 10.1 that I also used for 10.2 and 10.3. Later, I moved to a script that ran at login that used defaults -currentHost write com.apple.screensaver to set the desired preferences at each log in.
Read the rest of this post »