Preventing users from disabling FileVault 2

Posted May 21, 2014 by GregN
Categories: Deployment, Mavericks, MCX, OS X, Security

FileVaultI’ve seen a few online questions about how to prevent users from turning off FileVault 2.

The first line of defense, of course, is to not give admin rights to those users. As of Mavericks, however, there is an additional tool — you can use a configuration profile to prevent turning off FileVault (or at least disable the controls in the Security and Privacy preference pane — very clever users with admin rights might still able to turn it off using Disk Utility or the command-line diskutil tool).

Here is a configuration profile that disables the “Turn off FileVault” button in the FileVault tab of the Security and Privacy preference pane.

Since admin users can also remove configuration profiles, you should probably also lock this profile, requiring a password to remove it. That’s an exercise left for the reader, but here’s a starting point…

Add something like this to the PayloadContent array:

<dict>
    <key>PayloadDescription</key>
    <string>Configures Configuration Profile security</string>
    <key>PayloadDisplayName</key>
    <string>Profile Security</string>
    <key>PayloadIdentifier</key>
    <string>0dc319a0-c331-0131-eeb5-000c294ab81b.alacarte.ProfileSecurity</string>
    <key>PayloadType</key>
    <string>com.apple.profileRemovalPassword</string>
    <key>PayloadUUID</key>
    <string>65a90a90-c331-0131-eeb9-000c294ab81b</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>RemovalPassword</key>
    <string>PrOf1leReM0v@lPa$$w0rdG0esHere</string>
</dict>

MacSysAdmin 2014

Posted May 2, 2014 by GregN
Categories: Commentary, General, OS X

Gothenburg
I’m excited to be presenting once again at MacSysAdmin 2014 in Gothenburg, Sweden!

https://macsysadmin.se/2014/Home.html

The current plan is that I will talk about what’s new in Munki (so I’d better finish a lot of the stuff I’m working on before then!) and, together with Tim Sutton, a detailed talk on AutoPkg.

MacSysAdmin is September 16th through September 19th, 2014 – hope to see you there!

Xcode 5 Cocoa-Python Templates

Posted April 30, 2014 by GregN
Categories: Mavericks, OS X, Python

Xcode

A couple of years ago I made some Xcode 4 project and file templates available to help in creating new projects that use Cocoa-Python, also known as PyObjC.

These templates kind-of, sort-of worked with Xcode 5, but due to changes in how Apple is supporting Python development, required some manual tweaking.

(See https://developer.apple.com/library/mac/technotes/tn2328/_index.html for “Changes To Embedding Python Using Xcode 5.0″)

I’ve updated the templates so they should “just work” with Xcode 5:

https://github.com/gregneagle/Xcode5CocoaPythonTemplates

Enjoy.

Penn State MacAdmins Conference 2014

Posted April 24, 2014 by GregN
Categories: General, OS X

This year, the Penn State MacAdmins Conference is from July 9 – 11 with pre-conference workshops on July 8th.

http://macadmins.psu.edu

I’ll be leading a pre-conference workshop (with my colleague Matt Schnittker) on Python for the Systems Administrator, and talking about AutoPkg (http://autopkg.github.io/autopkg/) along with Tim Sutton.

Hope to see you there!

Reporting on Bluetooth Mouse/Keyboard battery status

Posted April 23, 2014 by GregN
Categories: General, OS X, Scripting

On the MacEnterprise list (http://lists.psu.edu/archives/macenterprise.html), Michael Edwards posed an interesting question:

Anyone know of a handy way to monitor the status of bluetooth keyboard/trackpad battery levels on remote machines? We have several Mac Mini’s that use them, that are machines with no primary individual user – so it would be handy to get notified (email or similar) when the batteries need to be changed.

So I thought it might be fun to figure out how to answer this.
Read the rest of this post »

OS X Beta Seed Program

Posted April 22, 2014 by GregN
Categories: Deployment, General, Mavericks, OS X

Mavericks

I’ve always advocated that Mac admins join the Mac Developer Program in order to get early access to OS X builds for testing and deployment planning.

I still think that’s a good idea. But if for whatever reason you can’t, Apple has a new program of interest:

OS X Beta Seed Program

I think it’s unlikely this will get you access to early builds of 10.10 (or whatever it’s numbered), but you can test 10.9.3…

MacTech Conference 2013

Posted November 5, 2013 by GregN
Categories: General, Mavericks, OS X, Python, Scripting

MacTech_Conference_2013-Gradient-logo-200x073My colleague, Matt Schnittker, and I will be leading a workshop on “Python for Systems Administrators” on Wednesday at MacTech Conference 2013.

If you are planning on participating in the workshop, please visit here first to get your class materials: http://gregneagle.github.io/mtc2013_python/

Hope to see you there!


Follow

Get every new post delivered to your Inbox.

Join 180 other followers