OS X installing Profiles .mobileconfig files through ARD command line

I've not quite got OS X server running pushing changes to macs yet, so in the mean time I have to change a profile through the web service, download it and install it on the machines I want to update.

I found this article which helped doing it through command line:

/usr/bin/profiles -I -F "/Library/MyOrganization/Company Wi-Fi.mobileconfig"

I first copied the file to "Users/Shared" then ran this script. To improve it, I could make a pkg file which ran a script to install the file. That is the next step

Apple Remote Desktop ARD preferences and presets transfer

It's always good to have a backup of all the preferences and tasks you have saved in ARD. I thought I had it sussed,  just need the file:

~/Library/Prefeences/com.apple.remotedesktop.plist

Turns out as of version 3.7 it's all been 'sandbox'ed. That means these prefences files have been moved to:
~/Library/Container/com.apple.remotedesktop/Library/Preferences/com.apple.remotedesktop.plist

But not only this, it has to have the right ACL's (permissions)

What I tried to do is copy this file between accounts and it ended up replacing the copied file with a blank one every time. It wasn't until I read this post which mentioned resetting ACL's. THis is the command they suggested using:

{ sudo chflags -R nouchg,nouappnd ~ $TMPDIR.. ; sudo chown -R $UID:staff ~ $_ ; sudo chmod -R u+rwX ~ $_ ; chmod -R -N ~ $_ ; } 2> /dev/null
So first I copied the com.apple.remotedesktop.plist file to  

~/Library/Container/com.apple.remotedesktop/Library/Preferences/com.apple.remotedesktop.plist

I then ran the command in terminal.

Then I logged out and back in again.

Crash bang wollop it worked.

Cheers

installing iLife through Apple Remote Desktop Task Server

So, I need to install iLife '09 through ARD Task Server on 17 machines. When install the iLife '09.mpkg file from my machine straight to one machine it works fine. If I give it the option to use the task server it comes up with:
Completed but failed on 1 package ""

In console on that machine I found this line:

17/12/2013 16:03:26.476 com.apple.RemoteDesktop.agent: iLife09.mpkg/Contents/Installers/iPhoto.mpkg/Contents/Installers/iPhotoContent.pkg/Contents/Archive.pax.gz: (Empty error message)

I tried renaming the mpkg file so as not to have the '09 but did not effect it.

I'm now trying it from the command line. The plan is to just send some commands to the machine to mount the server share, and run the installer:

mkdir /Volumes/YourTMPFolder

mount -t afp afp://admin:yourPassword@your.server.here/YourShare /Volumes/YourTMPFolder

installer -package /Volumes//Volumes/YourTMPFolder/iLife09.mpkg -target /
umount /Volumes/YourTMPFolder

Works perfectly!

Deleting 'forced' local home folders created from OS X 10.7 Active Directory Logins

When users log in to the apple macs at the college it creates a local home on the machine to save preferences and files, and mounts their home drive too.

After a year these fill up. After a few searches and researches, looks like the easiest way is to write a script which deletes all folders except certain ones. Looks like you can use the 'find' command. Found a good example here:

find . -maxdepth 1 -not -name 'filename.gif' -iname '*.gif' -delete

Here's the man page for find

So, I don't want to delete the folders:
Guest
Shared
administrator
media

So:

find . -maxdepth 1 -not -name 'Guest' -not -name 'Shared' -not -name 'administrator' -not -name 'media' -name '*' -delete

I tried '*.*' but it only then deletes files with '.' in them, not folders. '*' selects everything including folders

Actually, I found here that the slightly better way to do it was to use the -exec rm instead of -delete. This then tells you which directories were actually deleted:

find /Users/Shared -maxdepth 1 -mindepth 1 -not -name 'administrator' -not -name 'Guest' -not -name 'Shared' -not -name 'media' -exec rm -Rvf {} \;

The -mindepth 1 option makes sure it doesn't delete the parent directory.

A longer term solution would be to delete these folders on logout, so the students and staff could get used to not relying on these folders.

Installing Wacom Bamboo Pen and Touch on OS X using ARD Apple Remote Desktop error

It's a long story, but I'll cut it short. Anyhow, I have 12 x Wacom Bamboo Pen and Touch model number CTH-470 and they need installing on all Mac Computers. No problem, except the installer looks like an .app file. If you view the package contents you find a couple of pkg files. The most important is the "Install Bamboo.pkg".

Running this installer locally installs the tablet minus the dock (I don't think it's important). So, next thing is to try via Apple Remote Desktop (ARD). This ends up coming up with an error:

"Install Bamboo.pkg" could not be installed. Error message: "running package scripts..."

Well, just like the last time I tried to install Wacom tablets through ARD, turns out this error message isn't really an error message. After a reboot the tablet works like a dream on the computer.

Hope this helps someone.

Apple Remote Desktop 3 with OS X 10.7 probs

Seem to be having quite a few problems since moving onto 10.7 with remote desktop 3 and task server 3.4 (xserve OS X 10.4.8)

What I think it boils down to is accidentally upgrading to ARD 3.6. I since downgraded but required a bit of uninstallation which Macs don't do by default.

Found this info on uninstalling ARD:

sudo rm -rf /var/db/RemoteManagement
sudo rm /Library/Preferences/com.apple.RemoteDesktop.plist
rm ~/Library/Preferences/com.apple.RemoteDesktop.plist 

For Apple Remote Desktop 3, run these commands in Terminal as well:

sudo rm -r /Library/Application\ Support/Apple/Remote\ Desktop/
rm -r ~/Library/Application\ Support/Remote\ Desktop/

To Remove Apple Remote Desktop, execute these commands in Terminal:

sudo rm -rf /System/Library/CoreServices/Menu\ Extras/RemoteDesktop.menu
sudo rm -rf /System/Library/CoreServices/RemoteManagement/
sudo rm -rf /System/Library/PreferencePanes/ARDPref.prefPane
sudo rm -rf /System/Library/StartupItems/RemoteDesktopAgent/
sudo rm /Library/Preferences/com.apple.ARDAgent.plist
sudo rm /Library/Preferences/com.apple.RemoteManagement.plist

I Then re-installed ARD 3.5.1 and clients 3.5.1

Because I've got so much save in ARD, I made a point to backup the ARD plist files in ~/Library/Preferences

This means I have all my saved scripts.

deploying Flash Player on OS X using Apple Remote Desktop

So, all computer suites now have outdated flash players. To deploy I found it VERY difficult to find the official solution. Adobe tend to want each computer to be installed by a user:

http://www.adobe.com/devnet/flashplayer/enterprise_deployment.html


But of course students log in and do not have permission to install! Luckily someone found a quick solution here. Turns out the flash installer (.app!!!) comes with a pkg file. Solved. (haven't tried it yet!!)

Just tried it on OS X 10.6 and worked perfectly!!

Don't know why this isn't documented very much.

Basically:

1. download flash player
2. right click on the install flash player.app file and select "Show package contents"
3. go to Contents > Resources > Adobe Flash Player.pkg
4. copy this and use Apple Remote Desktop to deploy!

Cheers


The latest news is that you're best off applying for the latest distribution, which involves filling out a small form, confirming your email address, and then waiting for approval. Takes about 1 hour. Here's a link:

http://www.adobe.com/uk/products/players/flash-player-distribution.html

They then send you a link to the installer (pkg file) Yay!

Setting all Apple Macs to use network time servers

So I wanted to change all the Macs here to use our specific network time servers so that their time is never out and so cause login issues. I did it by first finding the command line arguments, then making a shell script, then making a pkg file which the OS X task server sent to all the machines when they are powered on.

Here's the step by step guide:

1. finding the command line arguments:
1. sudo systemsetup -setnetworktimeserver your.time.server.ac.uk
2. sudo systemsetup -setusingnetworktime on
2. making a shell script
1. make a new plain text document using "TextEdit"
2. make the first line:
1. #!/bin/bash
3. paste the two lines from 1.1 and 1.2
4. save as (untick "add .txt file extension) and put .sh at the end
5. make it executable
1. in terminal type:
1. chmod 744 nameOfShellScript.sh
3. make a .pkg file which runs this script
1. I use Iceberg. Here are the screenshots:








2. When done, go to Build > build
3. navigate to the project folder in Finder and inside the "Build" folder you'll find the .pkg file.
4. test it on a computer
5. Send to all machine
1. I use Apple Remote Desktop Task Server for this

1. select the computers in a list
2. click "Install Packages"
3. select the package
4. select "run this task from: The Task Server on your.task.server.ac.uk"
5. sorted
2. sorted
6. sorted

sendLogon.app and installer

Well, after much troubles over getting NHR to also run sendLogon on startup, I decided to just make an application which ran the sendLogon script:

/usr/bin/sendLogon 145.xxx.xxx.xxx 5438 $(logname)

1. I simply made it in Automator:
1. 
2. Next I made an installation package to install it along with the sendLogon command program

I used Apple Remote Desktop's "Task Server" to install it on all managed machines. And finally I used Workgroup Manager to have it as a Login Item on the managed machines.

I think it works out better this way, as there is a little bit more control over it.

Deploying Maya 2012 and Backburner

So, I want to set up a nice little render farm, and so need all machines to have the software on. First things first, deployment.

I had a look at the Maya install dmg and found that the initial application is not a pkg file. But fortunately, inside the package contents:
/Volumes/Maya/Install\ Maya\ 2012.app/Contents/Resources/Maya....

• Maya2012.mpkg
• Additional Items
• ADC_docs6.0.pkg
• AdLM_standalone.mpkg
• AutodeskBackburner2012.mpkg
• AutodeskDirectConnect6.0.pkg
• AutodeskUninstaller.pkg
• Composite2012.pkg
• CraftDirectorStudioMaya2012.dmg
• Maya_quicktime_components.pkg
• autodesk.backburner.monitor-2012.0_423_i386.pkg
• autodesk.webentry-1.0-603.i386.pkg
• backburner-2012.0_1560_i386.pkg
• dmmPluginForMaya2012x64.pkg

All I did was to highlight all these files and have Apple Remote Desktop install them for me, minus "CraftDirectorStudioMaya2012.dmg" which I am don't think I need.

On going to the computer I tested this process on, I found that a user was already logged on and a message saying:
a certain process needed "Rosetta" installing should I do so?

I clicked yes and forgot to read which Application it was. Looking in the logs I found:
20/04/2012 11:44:06 com.apple.coreservices.uiagent[1050] 11:44:06CoreServicesUIAgent[1050] : Application failed to launch (id = aksusbd, version = Unknown reason = kLSNoRosettaEnvironmentErr)

It was this "aksusbd" which needed it.

I also found in the logs that the install process tries to start backburner and comes up with the same error message I came up with here:
/usr/discreet/backburner/backburner: line 64: syntax error: unexpected end of file


I can fix this simply by copying the fixed version of the backburner file. 


just found this update for backburner. Found on this page

OS X automatically changing a password

This is a follow up from the post which describes the problems with 'locking' down a printer. I've finally decided that we are locking down the computer attached to the printer, and changing it's password each day so only people who know the password can print.

So, I've just tested "passwd" command and found it quite useful. It has given me a few ideas.

• When typing "passwd" when you're already logged in
• it assumes you're changing your password
• It asks for your old one, a new one, and retype the new one. Done.
• When typing in from an admin account "passwd stephenl"
• it asks you as if you were the user whose password is being changed as before.
• When doing this through root login (i.e. from Apple Remote Desktops send command)
• it just asks for a new password twice. Easy.

So, I worked out two ways I could do this:

1. I could simply have some scheduled tasks setup in ARD which sends these commands on certain days
2. I could set up a totally self sufficient system when the machine is switched on, it looks at the day, and determines which password to use.

Number 1 is the easiest as I know how to do this.

Number 2 is harder as I'd have to write a script which:

1. loads at startup
2. uses root to change passwords
3. finds out what day it is
4. changes the password accordingly

Now I've written it out in logical order it doesn't sound too difficult.

Just found this post which describes how to simply make a startup script

Password for printing on OS X 10.6 and changing every day

Here's some info:

The need a password tickbox in mcxprinting has limiting effects. It appears in Photoshop that it only prompts for a password if you change the print settings for the printer! Seems to only stop you if you're using the OS X printer interface. Any other interface might get around the password facility.

I suppose one option is to see if the CUPS printing facility has an admin password thingy.

Alternatively, you could just have one user which can log into the machine.

One thing we need to do is to get something automatic in place which automatically changes the password depending on the day.

Found this which describes the use of passwd command line utility to change a users password. We could set up something automatic which would change the administrators password every day and loop.

Another thought I had was to share the printer with the server, but call the instance on the machine something miscellaneous like -error-, and have another printer set up which connects to the server. That way we can use it like any other! I think this is the best solution yet.

So, I tried to setup a network printer:

1. I set up the printer on the machine and called it "-error1-" so no-one would use it
2. ticked the "printer sharing" box in system preferences
1. also ticked the windows sharing box
3. I read somewhere it was best to turn the firewall on, so I did. I checked to see the exceptions and printing and smb were listed
4. Next I went to the windows 2000 server added a 'local port' printer
1. using port "\\123.45.67.89\-error1-" and used the right windows driver for it so papercut would be able to work out paper size etc.
2. I shared this printer with the name "n239-Ep7600"
5. I did a test print from the windows server and it came out fine, although it wanted the roll paper instead of sheet paper feed.
6. On the Mac I set up the networked printer, using LPR, the ip address of the server and the queue name "N239-Ep7600"
1. gave it the correct print driver
7. I performed a test print from the OS X machine and it came up with some sort of "rasterize" error.

/Library/Printers/EPSON/InkjetPrinter2/Filter/rastertoescpII.app/Contents/MacOS/rastertoescpII failed

I can only assume that the print driver cannot cope with being sent through a network, and has to "rasterize" it on the fly?

Another option is to have the print queue paused for every printjob which requires an administrator to unpause it. Found this post which is for os x 10.5 and involves CUPs config file.

Adobe CS 5 updates for Deployment through ARD - Adobe Application Manager

So, I want to update Camera RAW on all the apple macs. How do I do this as the installer is a stupid .app file and not a nice PKG file. Well, you use the "Adobe Application Manager" of course!

So I just downloaded version 2.1. Interestingly their installer for it is also an .app file!!

Well, I can't believe it but it is unbelievably easy to make a pkg file. My only thought is why they need to give you the application to do it. Can't they host it on their site?

Anyway, I took some screenshots, although it is very self-explanitory:

A little note:
I came back to this recently and found Adobe Application Manager had trouble loading up. I later found the correct Application Manager to load up is in Directory:

/Library/Application\ Support/Adobe/OOBE/PDApp/core/Adobe\ Application\ Manager.app, which might not be very obvious!!

Deleting all print queues on OS X using Command Line

So, here's a little script which deletes all the print queues on OS X. I run it through Apple Remote Desktop's "Send Unix Command" as root:


for printer in `lpstat -a | awk '{print $1}'`
do
echo Deleting $printer
lpadmin -x $printer
done

We're moving our print server to a UniFLOW system and so I need to get rid of all the print queues and add new ones (adding them through Workgroup Manager).

Thought I'd make a little pkg file which I can send to all machines through ARD Task Server. I did it through Iceberg. Here's a few screen shots of it with notes:

Adding a preflight script to run

This is the script which runs on preflight

Simple really, but works.

Apple Remote Desktop Task Server trouble

Just after rebooting the xserver I noticed an error in the logs made by ARDAgent:

Jan 27 14:20:19 Xserve ARDAgent[460]: Bind error on TCP port 3283.  Error number: 48 Address already in use

Looking at remote desktop on my machine I noticed it was having trouble communicating with the task server. I tried restarting the ARD service to no avail.

I looked through some more logs as it appeared that something else had taken that port. The only logical things would have been iChat and another VNC service running. I checked IChat out and it wasn't running. I did find another log entry just after reboot, but before the ARD error which was registered to OSXVNC. Sure enough this was running. I shut down the service and made sure it wasn't starting up any more at startup.

As soon as this was done the task server was back up!

Deploying Canon EOS 230M stuff on Mac OS X using Iceberg

So we have some lovely HD SL Cameras from Canon. Some sort of EOS model. Very nice. It comes with some software which you need to use these cameras with OS X. Unfortunately Canon neglected to use Apples standard package installer concept and made there own (or bought one it). So I've now got to find a way to put this software on all the machines.

There are two simple ways:

1. would be to simply copy these applications to other computers.
2. Would be to utilise the "Record" facility in the Application "Package Maker" which would hopefully record the files and scripts that the Canon install program performed. (Can't find a copy of Package Maker though!)

Having tried number 1. it looks like it's worked alright. So next is to make a pkg file which puts these apps in the Applications folder. I shall refer to a previous post here how I made a pkg file which installed "fix everything please" and sendlogon.

So, here's how I did it:

1. I used a free Application called Iceberg
2. Made a new project and created a nice little folder for the project
3. Entered the standard details for the Settings

1. I put Admin Authorisation so there would be some control
4. Skipped through the other sections to get to the Files section

1. I made /Applications the Default Destination
2. In Applications I right clicked and selected "Add Files..."
3. I selected the folder which was in my Applications folder on the computer (I'd installed it earlier)
4. I noticed that it didn't show the folders inside the "Canon Utilities". I was just about to click the "Add files..." option again but I did see an option to "Expand All". I clicked it and what do you know, it updated the folder to have all the subfolders it should have had!
5. Next I clicked "Build" and it was done.

Just doing testing at the moment...

Yep, works like a dream!

Why NHR didn't work! Finally

So, after many, many trials and tribulations I've finally worked out why NHR wasn't working. Simply because I tried to install it over itself. Basically the files were already there. Doh!

So to fix it in all the mac suites I basically have to:

1. Get rid of the NHR files on't computers
1. run the uninstall file
2. run a small script to delete the /etc/hooks and /etc/login.hook and /etc/logout.hook
2. Install the NHR.pkg file again (through task server)

So, as I'm running it all through the task server anyway, I'll try and line up the uninstall and install files sequentially, so that it works in the right order. It should do.

Done 

Making a pkg file for installing sendLogon for Bloxx on OS X

In a previous post I described how we're getting a new web filtering system called Bloxx, which needs the sendLogon program to be installed and run as a login script on all the Apple Macs (OS X).

I used Iceberg free application to make the PKG file as I've used it before with relative ease, and also couldn't find the latest official Apple PKG maker app!!

Its all working now so here's how I did it:

1. Made a new project in Iceburg, and made a nice little folder to hold all the files needed (makes it easier to find things)
2. I filled in the top section "Settings"

3. Next was the "Scripts" section. I had to make a script which changed the com.apple.loginwindow plist file to add the LoginHook /usr/bin/login.sh
1. I ran nano from the command line (nano ~Desktop/sendLogonfiles/Install\ sendLogon/writeloginhook.sh)
    and typed:
2.  #!/bin/tcsh
   sudo defaults write com.apple.loginwindow LoginHook /usr/bin/login.sh
3. I found I had to put "sudo" into the script so that it had the right permissions to write to the file. Not sure why else it didn't work?
4. I saved the file and made the file executable - chmod 755 ~Desktop/sendLogonfiles/Install\ sendLogon/writeloginhook.sh
4. I then added this script to the "PostFlight" script, and set the path to "Relative". Note - I found an article here documenting the definition of each of these types of scripts. Most were concerned with whether this was an upgrade or not, and would only run once.

5. Finally was the "Files" section. 

1. I firstly put the files in the project folder.
2. I set these files with the correct permissions (as in the tutorial folder for sendLogon). chmod 755
3. Then, in Iceberg, I had to add the folders; /usr/ and /usr/bin/, which were not there.
4. I then made the "Default Destination" the /usr/bin/ folder
5. Finally I added the login.sh file and the sendLogon file.

I've just tested this through the Apple Remote Desktop Task Server on a single MacBook Pro and worked a charm (had to ring ICT though to add its' IP address to the Bloxx list of computers with sendLogon working)

Note: There is potential also for adding to this a little script which changes the proxy settings to the system and maybe also Firefox, but it would be easier to control these settings through a .pac file or .wpad file.

New Web Filter - Bloxx and sendLogon deployment on OS X

So we've now got a new web filtering system which needs testing on the Macs and then deploying. The new system is currently running alongside the old, the later of which will slowly be phased out.

The new system does come with one small bonus for the Apple Macs as it works alongside a program called "sendLogon" which sends the credentials of the user to the server and automatically authenticating them to use the internet. This sendLogon was downloaded here, and comes with instructions:

Running sendLogon automatically on Mac OSX
You need to take the following steps:

1) Download the Send Logon program from http://www.bloxx.com/downloads/sendLogon_osx_10.4.universal.tar.gz to the desktop.
2) Browse to ‘Applications->Utilities’ and run the ‘Terminal’ application.
3) Type ‘cd ~/Desktop’.
4) Type 'tar zxvf sendLogon_osx_10.4.universal.tar.gz'.
5) Type ‘sudo cp sendLogon /usr/bin’ and enter your password when prompted.
6) Type ‘sudo nano /usr/bin/login.sh’.
7) Enter the following lines:

#!/bin/tcsh

/usr/bin/sendLogon 3898 $1

8) When finished, press ctrl-o followed by return, to save the file.
9) Press ctrl-x to exit.
10) Run the following commands to set the correct permissions on the utility and login script:

sudo chmod 755 /usr/bin/login.sh
sudo chmod 755 /usr/bin/sendLogon

11) Run the following command:

sudo defaults write com.apple.loginwindow LoginHook /usr/bin/login.sh

The sendLogon utility should now run for every user that logs on.

This all worked splendidly. Our server address is XXX.XXX.XXX.21. The proxy settings are XXX.XXX.XXX.23 port 8080 though. Just need to remember that the computer has to be in the list of this filter system as using the sendLogon program (took me 20 mins before I remembered this!).

To deploy this the idea is to create a pkg file which copies the two files login.sh and sendLogon to /usr/bin and also sends the command for the LoginHook.

Note that all the Macs I will run this on do not have any login scripts which run from the computer and hence it doesn't matter if you overwrite the login.sh file. For those who do have login scripts then they will need to append to this file, which isn't too hard.

I will use the Iceberg App to create the pkg file and run it through the task server to deploy to all computer suites and staff machines.

We did have a choice whether to control the LoginHook from the Xserver or just have the clients controled locally. We chose the later as ICT Services do not control the Xserver, which is just used for the one Directorate.

I shall note in a later post how I created the pkg file.

Bootpicker rebooting back into OS X i.e. not Windows

I have many computer suites which are set up as "Dual Boot". I install bootpicker through ARD and set the plist file settings through ARD also. I had a little trouble with some MacBook Pro's I set up in this way. It all appeared to work, what with the bootpicker screen coming up. But upon clicking "Windows" it rebooted the machine straight back into OS X.

This takes quite some time to realise if your busy multitasking, as you think: Oh, whoops, forgot to click Windows, better click it!

So I thought I'd best look into it. After a minute I figured out that all you need to do was a PRAM reset. i.e. hold down "cmd + alt + p + r" for at least one beep (maybe up to three)

After doing this it all worked beautifully. I guess there must be some setting in the PRAM which needs refreshing?