Middlebury

Difference between revisions of "Advanced Mac Configuration Topics"

m
(Tagged: Moving this page to the Internal wiki.)
Line 1: Line 1:
 +
'''NOTE: This page contains information that is only useful to Helpdesk / LIS faculty and staff. Therefore I'm considering moving this information to our Internal wiki. If you feel that this information is important to the general public and/or do NOT think that this move is appropriate, please comment on the discussion page.'''
 +
 +
--[[User:Christopher Hunt|Hunt, Christopher]] 14:59, 17 November 2009 (UTC)
 +
 
== System, disks, users  ==
 
== System, disks, users  ==
  
 
==== Refresh disk arbitration  ====
 
==== Refresh disk arbitration  ====
  
Note: This may force disks that haven't mounted to mount.  
+
Note: This may force disks that haven't mounted to mount.
 
<pre>disktool -r
 
<pre>disktool -r
</pre>  
+
</pre>
 
==== Enable Journaling  ====
 
==== Enable Journaling  ====
<pre>diskutil enableJournal /</pre>  
+
<pre>diskutil enableJournal /</pre>
 
==== Matching Mac Model Name with Model Identifier, Mac OS X Build, production date, and Apple Hardware Test version  ====
 
==== Matching Mac Model Name with Model Identifier, Mac OS X Build, production date, and Apple Hardware Test version  ====
  
#Get Model IDENTIFIER from System profiler (it will look like Model Identifier: MacBookPro2,2)  
+
#Get Model IDENTIFIER from System profiler (it will look like Model Identifier: MacBookPro2,2)
#Visit http://mactracker.dreamhosters.com/iphone/#_modelWindow and find the model with that identifier  
+
#Visit http://mactracker.dreamhosters.com/iphone/#_modelWindow and find the model with that identifier
 
#Done
 
#Done
  
More useful resources:  
+
More useful resources:
  
*http://support.apple.com/kb/HT1159  
+
*http://support.apple.com/kb/HT1159
*http://www.chipmunk.nl/cgi-fast/applemodel.cgi  
+
*http://www.chipmunk.nl/cgi-fast/applemodel.cgi
*http://www.apple.com/support/  
+
*http://www.apple.com/support/
*http://www.apple.com/support/serviceassistant/  
+
*http://www.apple.com/support/serviceassistant/
 
*http://mactracker.dreamhosters.com/iphone/#_modelWindow
 
*http://mactracker.dreamhosters.com/iphone/#_modelWindow
  
 
==== Programatically Delete Cached User Accounts  ====
 
==== Programatically Delete Cached User Accounts  ====
  
From http://developer.apple.com/releasenotes/MacOSXServer/RN-DirectoryServices/index.html  
+
From http://developer.apple.com/releasenotes/MacOSXServer/RN-DirectoryServices/index.html
 
<pre># Script to remove cached accounts in the local DS node
 
<pre># Script to remove cached accounts in the local DS node
 
# This should work in both Tiger and Leopard
 
# This should work in both Tiger and Leopard
Line 37: Line 41:
 
dscl . -delete /Users/$cuser                    # now we delete the record using dscl
 
dscl . -delete /Users/$cuser                    # now we delete the record using dscl
 
done
 
done
</pre>  
+
</pre>
More resources: http://www.macosxhints.com/article.php?story=20080127172157404 <br> http://www.google.com/search?client=safari&amp;rls=en-us&amp;q=leopard+script+delete+user+account+dscl&amp;ie=UTF-8&amp;oe=UTF-8  
+
More resources: http://www.macosxhints.com/article.php?story=20080127172157404 <br> http://www.google.com/search?client=safari&amp;rls=en-us&amp;q=leopard+script+delete+user+account+dscl&amp;ie=UTF-8&amp;oe=UTF-8
  
 
==== Enabling Directory Service debug logging  ====
 
==== Enabling Directory Service debug logging  ====
 
<pre>sudo touch /Library/Preferences/DirectoryService/.DSLogDebugAtStart
 
<pre>sudo touch /Library/Preferences/DirectoryService/.DSLogDebugAtStart
 
sudo sudo killall -USR1 DirectoryService
 
sudo sudo killall -USR1 DirectoryService
</pre>  
+
</pre>
 
==== Disabling Directory Service debug logging  ====
 
==== Disabling Directory Service debug logging  ====
 
<pre>sudo rm /Library/Preferences/DirectoryService/.DSLogDebugAtStart
 
<pre>sudo rm /Library/Preferences/DirectoryService/.DSLogDebugAtStart
 
sudo sudo killall -USR1 DirectoryService
 
sudo sudo killall -USR1 DirectoryService
</pre>  
+
</pre>
 
==== Resetting Mac OS&nbsp;X Machine Account Domain Password<br>  ====
 
==== Resetting Mac OS&nbsp;X Machine Account Domain Password<br>  ====
  
See http://www.afp548.com/article.php?story=20061217110502523<br>  
+
See http://www.afp548.com/article.php?story=20061217110502523<br>
  
 
==== Forcefully remove a Mac from the domain  ====
 
==== Forcefully remove a Mac from the domain  ====
<pre>sudo dsconfigad -r -f -u username -p password</pre>  
+
<pre>sudo dsconfigad -r -f -u username -p password</pre>
Where "username" is the username that was used to add the machine to the domain, and "password" is this username's password.  
+
Where "username" is the username that was used to add the machine to the domain, and "password" is this username's password.
  
 
==== Resetting Directory Service Settings  ====
 
==== Resetting Directory Service Settings  ====
  
This is useful in cases where removing/adding the computer from/to the domain does not work using the standard method ([[Manually Add a Mac to the Domain|Manually Add a Mac to the Domain]]). The instructions below forcefully remove (unbind) the mac from the domain:<br>  
+
This is useful in cases where removing/adding the computer from/to the domain does not work using the standard method ([[Manually Add a Mac to the Domain|Manually Add a Mac to the Domain]]). The instructions below forcefully remove (unbind) the mac from the domain:<br>
  
#Login with a local account.  
+
#Login with a local account.
#Open the Terminal application  
+
#Open the Terminal application
 
#Enter each of the lines below, followed by pressing enter:
 
#Enter each of the lines below, followed by pressing enter:
 
<pre>sudo rm -rdfv /Library/Preferences/DirectoryService
 
<pre>sudo rm -rdfv /Library/Preferences/DirectoryService
 
sudo rm -rdfv /var/db/dslocal/nodes/Default/config
 
sudo rm -rdfv /var/db/dslocal/nodes/Default/config
sudo sudo killall -USR1 DirectoryService</pre>  
+
sudo sudo killall -USR1 DirectoryService</pre>
#Open Macintosh HD =&gt; Applications =&gt; Utilities =&gt; MIDD =&gt; Midd1stBootConfig.  
+
#Open Macintosh HD =&gt; Applications =&gt; Utilities =&gt; MIDD =&gt; Midd1stBootConfig.
#Follow the on-screen instructions. When the "Update User Template" application opens, click "Quit".  
+
#Follow the on-screen instructions. When the "Update User Template" application opens, click "Quit".
 
#Reboot and try logging in again with your domain account. If that fails [[Manually Add a Mac to the Domain]].
 
#Reboot and try logging in again with your domain account. If that fails [[Manually Add a Mac to the Domain]].
  
 
==== Reset Mac user or admin password  ====
 
==== Reset Mac user or admin password  ====
  
Can require install disks to reset if you have forgotten the old password. [http://support.apple.com/kb/HT1274 Help here]  
+
Can require install disks to reset if you have forgotten the old password. [http://support.apple.com/kb/HT1274 Help here]
  
 
==== Give admin (administrator) privileges to a user using the Terminal  ====
 
==== Give admin (administrator) privileges to a user using the Terminal  ====
  
Open Terminal, type the line below, hit enter:  
+
Open Terminal, type the line below, hit enter:
<pre>sudo dscl . -append /Groups/admin GroupMembership usernamegoeshere</pre>  
+
<pre>sudo dscl . -append /Groups/admin GroupMembership usernamegoeshere</pre>
To check who's an admin currently:  
+
To check who's an admin currently:
<pre>dscl . -read /Groups/admin | grep GroupMembership</pre>  
+
<pre>dscl . -read /Groups/admin | grep GroupMembership</pre>
The above can also be used in ARD commands or in shell scripts.  
+
The above can also be used in ARD commands or in shell scripts.
  
 
==== Upgrade groups to the new UID format<br>  ====
 
==== Upgrade groups to the new UID format<br>  ====
  
This allows nested group (i.e. a domain group to be a member of a local group).<br>  
+
This allows nested group (i.e. a domain group to be a member of a local group).<br>
  
dseditgroup -o edit -t group -f n groupnamegoes here<br>  
+
dseditgroup -o edit -t group -f n groupnamegoes here<br>
  
<br>  
+
<br>
  
 
==== Make the admin group a member of the _lpadmin group<br>  ====
 
==== Make the admin group a member of the _lpadmin group<br>  ====
  
*'''Easy solution: '''Connect to smb://middfiles.middlebury.edu/middfiles and open Software =&gt; Software Macintosh =&gt; Quick-Fixes. Double-click Add Printer - Permissions Problem Fix (lpadmin).app<br>  
+
*'''Easy solution: '''Connect to smb://middfiles.middlebury.edu/middfiles and open Software =&gt; Software Macintosh =&gt; Quick-Fixes. Double-click Add Printer - Permissions Problem Fix (lpadmin).app<br>
 
*The harder solution (run commands below): This converts the _lpadmin and the admin group to the new format, adds the key NestedGroups to the _lpadmin group and populates it with the GUID of the admin group. Finally, the admin account is made a member of the _lpadmin group.
 
*The harder solution (run commands below): This converts the _lpadmin and the admin group to the new format, adds the key NestedGroups to the _lpadmin group and populates it with the GUID of the admin group. Finally, the admin account is made a member of the _lpadmin group.
  
dseditgroup -o edit -t group -f n admin<br>dseditgroup -o edit -t group -f n _lpadmin<br>dseditgroup -o edit -a admin -t group _lpadmin<br>dscl localhost -create /Local/Default/Groups/_lpadmin NestedGroups ABCDEFAB-CDEF-ABCD-EFAB-CDEF-00000050<br>dseditgroup -o edit -a admin -t group _lpadmin<br>  
+
dseditgroup -o edit -t group -f n admin<br>dseditgroup -o edit -t group -f n _lpadmin<br>dseditgroup -o edit -a admin -t group _lpadmin<br>dscl localhost -create /Local/Default/Groups/_lpadmin NestedGroups ABCDEFAB-CDEF-ABCD-EFAB-CDEF-00000050<br>dseditgroup -o edit -a admin -t group _lpadmin<br>
  
 
==== Add an application to the dock using a script  ====
 
==== Add an application to the dock using a script  ====
Line 102: Line 106:
 
<pre>defaults write com.apple.dock persistent-apps -array-add "&lt;dict&gt;&lt;key&gt;tile-data&lt;/key&gt;&lt;dict&gt;\
 
<pre>defaults write com.apple.dock persistent-apps -array-add "&lt;dict&gt;&lt;key&gt;tile-data&lt;/key&gt;&lt;dict&gt;\
 
&lt;key&gt;file-data&lt;/key&gt;&lt;dict&gt;&lt;key&gt;_CFURLString&lt;/key&gt;&lt;string&gt;/Applications/Final Cut Express.app&lt;/string&gt;\
 
&lt;key&gt;file-data&lt;/key&gt;&lt;dict&gt;&lt;key&gt;_CFURLString&lt;/key&gt;&lt;string&gt;/Applications/Final Cut Express.app&lt;/string&gt;\
&lt;key&gt;_CFURLStringType&lt;/key&gt;&lt;integer&gt;0&lt;/integer&gt;&lt;/dict&gt;&lt;/dict&gt;&lt;/dict&gt;";</pre>  
+
&lt;key&gt;_CFURLStringType&lt;/key&gt;&lt;integer&gt;0&lt;/integer&gt;&lt;/dict&gt;&lt;/dict&gt;&lt;/dict&gt;";</pre>
 
*Add for default user template:
 
*Add for default user template:
 
<pre>defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.dock \
 
<pre>defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.dock \
 
persistent-apps -array-add "&lt;dict&gt;&lt;key&gt;tile-data&lt;/key&gt;&lt;dict&gt;&lt;key&gt;file-data&lt;/key&gt;\
 
persistent-apps -array-add "&lt;dict&gt;&lt;key&gt;tile-data&lt;/key&gt;&lt;dict&gt;&lt;key&gt;file-data&lt;/key&gt;\
 
&lt;dict&gt;&lt;key&gt;_CFURLString&lt;/key&gt;&lt;string&gt;/Applications/Final Cut Express.app&lt;/string&gt;\
 
&lt;dict&gt;&lt;key&gt;_CFURLString&lt;/key&gt;&lt;string&gt;/Applications/Final Cut Express.app&lt;/string&gt;\
&lt;key&gt;_CFURLStringType&lt;/key&gt;&lt;integer&gt;0&lt;/integer&gt;&lt;/dict&gt;&lt;/dict&gt;&lt;/dict&gt;";</pre>  
+
&lt;key&gt;_CFURLStringType&lt;/key&gt;&lt;integer&gt;0&lt;/integer&gt;&lt;/dict&gt;&lt;/dict&gt;&lt;/dict&gt;";</pre>
 
*Add for all users (current and future):
 
*Add for all users (current and future):
 
<pre>for folder in /Users/*
 
<pre>for folder in /Users/*
Line 117: Line 121:
 
currentuser=`basename $folder`
 
currentuser=`basename $folder`
 
chown $currentuser $folder/Library/Preferences/com.apple.dock.plist
 
chown $currentuser $folder/Library/Preferences/com.apple.dock.plist
done</pre>  
+
done</pre>
 
==== Run a command for each user  ====
 
==== Run a command for each user  ====
  
for folder in /Users/* echo "Doing a command for $folder" done  
+
for folder in /Users/* echo "Doing a command for $folder" done
  
For example, this command sets the default printer to LIB242K:  
+
For example, this command sets the default printer to LIB242K:
 
<pre>for folder in /Users/*
 
<pre>for folder in /Users/*
 
do
 
do
 
echo Default LIB242K &gt; $folder/.cups/lpoptions
 
echo Default LIB242K &gt; $folder/.cups/lpoptions
 
chmod 777 $folder/.cups/lpoptions
 
chmod 777 $folder/.cups/lpoptions
done</pre>  
+
done</pre>
 
<br>
 
<br>
  
 
==== Distribute a file to each user's home dir<br>  ====
 
==== Distribute a file to each user's home dir<br>  ====
  
E.g. distribute custom print settings to each user  
+
E.g. distribute custom print settings to each user
 
<pre>for folder in /Users/*
 
<pre>for folder in /Users/*
 
do
 
do
Line 140: Line 144:
 
$folder/Library/Preferences/com.apple.print.custompresets.plist
 
$folder/Library/Preferences/com.apple.print.custompresets.plist
 
chmod 777 $folder/Library/Preferences/com.apple.print.custompresets.plist
 
chmod 777 $folder/Library/Preferences/com.apple.print.custompresets.plist
done</pre>  
+
done</pre>
 
== ARD techniques  ==
 
== ARD techniques  ==
  
 
==== Known ARD Issues  ====
 
==== Known ARD Issues  ====
  
See [[Known ARD Issues]].<br>  
+
See [[Known ARD Issues]].<br>
  
 
==== Desirable ARD commands  ====
 
==== Desirable ARD commands  ====
  
*Set disk permissions. Ignore permissions.  
+
*Set disk permissions. Ignore permissions.
*Add ACLS for folders  
+
*Add ACLS for folders
*Run login permission script  
+
*Run login permission script
*unbind/rename/rebind/rescan/apply proper admin privs.  
+
*unbind/rename/rebind/rescan/apply proper admin privs.
 
*login items fix
 
*login items fix
  
 
==== Installing (Pushing) Adobe CS via ARD  ====
 
==== Installing (Pushing) Adobe CS via ARD  ====
  
'''Note: This assumes you've created a disk image with the applications (from /Applications), and a disk image with the settings (in /Library/Application Support, as well as /Library/Preferences).'''  
+
'''Note: This assumes you've created a disk image with the applications (from /Applications), and a disk image with the settings (in /Library/Application Support, as well as /Library/Preferences).'''
 
<pre>hdiutil attach /adobepro.dmg
 
<pre>hdiutil attach /adobepro.dmg
 
ditto -V /Volumes/adobepro /Applications
 
ditto -V /Volumes/adobepro /Applications
Line 167: Line 171:
 
hdiutil detach /Volumes/settings
 
hdiutil detach /Volumes/settings
 
rm -rdfv /settings.dmg
 
rm -rdfv /settings.dmg
</pre>  
+
</pre>
 
==== Installing LabStats via ARD  ====
 
==== Installing LabStats via ARD  ====
  
 
*Requirements: If the client computers are running Mac OS X Leopard, you need LabStats version 4.4.x (at least).
 
*Requirements: If the client computers are running Mac OS X Leopard, you need LabStats version 4.4.x (at least).
  
#On your ARD computer, visit the labstats admin page and download the Mac installer.  
+
#On your ARD computer, visit the labstats admin page and download the Mac installer.
#Unzip it the package, and you will get two files (one ending in tar.gz, one ending in conf)  
+
#Unzip it the package, and you will get two files (one ending in tar.gz, one ending in conf)
#Unpack the tar file (double-clicking should suffice) until you see the install package (ends with pkg).  
+
#Unpack the tar file (double-clicking should suffice) until you see the install package (ends with pkg).
#Open ARD, select the client computers (the ones that need labstats), then click "Copy"  
+
#Open ARD, select the client computers (the ones that need labstats), then click "Copy"
#Drag the pkg file and the conf file to the upper portion of the copy window (you can also use the + button), under "Place Item In" specify the full destination to "/tmp" (without the quotes), then click Copy.  
+
#Drag the pkg file and the conf file to the upper portion of the copy window (you can also use the + button), under "Place Item In" specify the full destination to "/tmp" (without the quotes), then click Copy.
#When the copy process finishes, select the same computers again and click the Unix command button. In the window that appears, paste these lines in the upper portion: <pre>installer -package /tmp/labstats_mac_client_installer.pkg -target / </pre> <pre>rm -rdfv /tmp/labstats* </pre>  
+
#When the copy process finishes, select the same computers again and click the Unix command button. In the window that appears, paste these lines in the upper portion: <pre>installer -package /tmp/labstats_mac_client_installer.pkg -target / </pre> <pre>rm -rdfv /tmp/labstats* </pre>
 
#Under "Run the command as" enter the user "root" and click "Send"
 
#Under "Run the command as" enter the user "root" and click "Send"
  
 
==== Mute or set volume via ARD  ====
 
==== Mute or set volume via ARD  ====
 
<pre>osascript -e "set volume 0"
 
<pre>osascript -e "set volume 0"
</pre>  
+
</pre>
Change the zero to another number to set the volume to a higher value. Zero is mute. This seems to be system wide. It also mutes the startup chime. Good for classrooms. If headphones are plugged in, they have a separate volume setting.  
+
Change the zero to another number to set the volume to a higher value. Zero is mute. This seems to be system wide. It also mutes the startup chime. Good for classrooms. If headphones are plugged in, they have a separate volume setting.
  
 
==== Make Macs Speak via ARD  ====
 
==== Make Macs Speak via ARD  ====
 
<pre>say "I hate Macs"
 
<pre>say "I hate Macs"
</pre>  
+
</pre>
 
==== Set the Open Firmware password via ARD  ====
 
==== Set the Open Firmware password via ARD  ====
  
'''Note: You need our Open Firmware package for this! It should be on our Mac server.'''  
+
'''Note: You need our Open Firmware package for this! It should be on our Mac server.'''
<pre>sudo ofpassword set blahblah123</pre>  
+
<pre>sudo ofpassword set blahblah123</pre>
 
==== Enable SSH via ARD  ====
 
==== Enable SSH via ARD  ====
  
This seems to work:  
+
This seems to work:
<pre>systemsetup -setremotelogin on</pre>  
+
<pre>systemsetup -setremotelogin on</pre>
Some other ideas:  
+
Some other ideas:
 
<pre>echo yes | /System/Library/CoreServices/RemoteManagment/ARDAgent.app/Contents/Support/systemsetup -setremotelogin on
 
<pre>echo yes | /System/Library/CoreServices/RemoteManagment/ARDAgent.app/Contents/Support/systemsetup -setremotelogin on
 
/sbin/service ssh start
 
/sbin/service ssh start
 
echo "AdminsPassHere" | sudo service ssh start
 
echo "AdminsPassHere" | sudo service ssh start
</pre>  
+
</pre>
This seems to work until reboot:  
+
This seems to work until reboot:
<pre>/usr/sbin/sshd</pre>  
+
<pre>/usr/sbin/sshd</pre>
 
==== Enable ARD remotely  ====
 
==== Enable ARD remotely  ====
  
e.g. via SSH  
+
e.g. via SSH
 
<pre>sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -on -users admin -privs -all
 
<pre>sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -on -users admin -privs -all
</pre>  
+
</pre>
If nothing's been enabled, the full line should look like: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -restart -agent -menu  
+
If nothing's been enabled, the full line should look like: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -restart -agent -menu
  
 
==== Mount AFP volume via applescript via ARD  ====
 
==== Mount AFP volume via applescript via ARD  ====
<pre>osascript -e 'mount volume "afp://user:password@computername/Macintosh HD"'</pre>  
+
<pre>osascript -e 'mount volume "afp://user:password@computername/Macintosh HD"'</pre>
 
==== Check if a process is running via ARD  ====
 
==== Check if a process is running via ARD  ====
  
E.g. Check if AFP server is running  
+
E.g. Check if AFP server is running
<pre>ps -axww | grep -i "AppleFileServer"</pre>  
+
<pre>ps -axww | grep -i "AppleFileServer"</pre>
 
==== Start AFP sharing remotely  ====
 
==== Start AFP sharing remotely  ====
  
#Change /etc/hostconfig so that AFPSERVER=-YES=  
+
#Change /etc/hostconfig so that AFPSERVER=-YES=
 
#Send unix script <pre>sudo AppleFileServer</pre> TWICE
 
#Send unix script <pre>sudo AppleFileServer</pre> TWICE
  
 
==== Get folder size via ARD  ====
 
==== Get folder size via ARD  ====
<pre>du -d 1 -h /Users/Shared/editingclass</pre>  
+
<pre>du -d 1 -h /Users/Shared/editingclass</pre>
 
==== Set power management on Macs via ARD<br>  ====
 
==== Set power management on Macs via ARD<br>  ====
  
Can be done using the pmset command. Remember to always execute this command as user "root" in ARD. Examples:  
+
Can be done using the pmset command. Remember to always execute this command as user "root" in ARD. Examples:
  
*'''Instructor stations''' that need to remain awake for the duration the class: <pre>pmset -a sleep 0 disksleep 10 displaysleep 75</pre> The sleep parameter tells the computer never to sleep, disksleep makes the hard disk spin down in 10 minutes, displaysleep makes the monitor remain awake for 75 minutes.  
+
*'''Instructor stations''' that need to remain awake for the duration the class: <pre>pmset -a sleep 0 disksleep 10 displaysleep 75</pre> The sleep parameter tells the computer never to sleep, disksleep makes the hard disk spin down in 10 minutes, displaysleep makes the monitor remain awake for 75 minutes.
*'''Regular workstations''' that need to remain awake for management purposes can turn off the screen (e.g. after 35 mins) and spin down the hard disk to save power: <pre>pmset -a sleep 0 disksleep 10 displaysleep 35</pre>  
+
*'''Regular workstations''' that need to remain awake for management purposes can turn off the screen (e.g. after 35 mins) and spin down the hard disk to save power: <pre>pmset -a sleep 0 disksleep 10 displaysleep 35</pre>
 
*Alternatively, the machines can be turned off / set to sleep whenever and you designate a "remote management" time period (say, every day after 3:00am). The Mac OS X power management allows you to set the computer to wake up or power on at a specific day and time. This way if a machine was turned off or set to sleep, it can become available for updates, etc. Here's an example: <pre>pmset repeat wakeorpoweron MTWRF 03:00:00</pre> This wakes the machine (if it's asleep) or powers it on (if it's turned off), every weekday at 3am.
 
*Alternatively, the machines can be turned off / set to sleep whenever and you designate a "remote management" time period (say, every day after 3:00am). The Mac OS X power management allows you to set the computer to wake up or power on at a specific day and time. This way if a machine was turned off or set to sleep, it can become available for updates, etc. Here's an example: <pre>pmset repeat wakeorpoweron MTWRF 03:00:00</pre> This wakes the machine (if it's asleep) or powers it on (if it's turned off), every weekday at 3am.
  
 
==== Get Link Speed  ====
 
==== Get Link Speed  ====
<pre>ioreg -l | grep "IOLinkSpeed"</pre>  
+
<pre>ioreg -l | grep "IOLinkSpeed"</pre>
Divide by 1000000 to get "human readable".  
+
Divide by 1000000 to get "human readable".
  
 
== Application tips  ==
 
== Application tips  ==
Line 239: Line 243:
 
==== Pushing LabStats via ARD<br>  ====
 
==== Pushing LabStats via ARD<br>  ====
  
Labstats can be pushed via ARD. There are two methods, both start with the same process:<br>  
+
Labstats can be pushed via ARD. There are two methods, both start with the same process:<br>
  
#On a machine with ARD, grab the Mac labstats installer from http://labserver:8080/admin  
+
#On a machine with ARD, grab the Mac labstats installer from http://labserver:8080/admin
 
#Unpack it, you'll get two files - a pkg package and a "conf" file. <br>
 
#Unpack it, you'll get two files - a pkg package and a "conf" file. <br>
  
Method 1: Copy the labstats.conf file INSIDE the installer (ctrl+click on the installer, open Contents =&gt; Resources =&gt; drag the conf file in here). Open the file named "postflight", delete everything in it and replace it with:<br>  
+
Method 1: Copy the labstats.conf file INSIDE the installer (ctrl+click on the installer, open Contents =&gt; Resources =&gt; drag the conf file in here). Open the file named "postflight", delete everything in it and replace it with:<br>
 
<pre>#!/bin/sh
 
<pre>#!/bin/sh
  
Line 250: Line 254:
 
chown root:wheel /private/etc/labstats.conf
 
chown root:wheel /private/etc/labstats.conf
 
SystemStarter start LabstatsClient
 
SystemStarter start LabstatsClient
</pre>  
+
</pre>
Method 2: Push the default config file AFTER pushing labstats: Use the ARD "copy" button to copy the conf file to a custom destination: /etc<br>  
+
Method 2: Push the default config file AFTER pushing labstats: Use the ARD "copy" button to copy the conf file to a custom destination: /etc<br>
  
 
==== Reset Spotlight  ====
 
==== Reset Spotlight  ====
Line 257: Line 261:
 
sudo mdutil -E /
 
sudo mdutil -E /
 
sudo mdutil -i on /
 
sudo mdutil -i on /
</pre>  
+
</pre>
 
==== Update Symantec AntiVirus  ====
 
==== Update Symantec AntiVirus  ====
 
<pre>LiveUpdate -update LUal -liveupdatequiet YES -liveupdateautoquit YES
 
<pre>LiveUpdate -update LUal -liveupdatequiet YES -liveupdateautoquit YES
</pre>  
+
</pre>
LiveUpdate tends to be in the root library support folder: /Library/Application\ Support/Norton\ Solutions\ Support/LiveUpdate/LiveUpdate.app/Contents/MacOS/LiveUpdate -update LUal -liveupdatequiet YES -liveupdateautoquit YES  
+
LiveUpdate tends to be in the root library support folder: /Library/Application\ Support/Norton\ Solutions\ Support/LiveUpdate/LiveUpdate.app/Contents/MacOS/LiveUpdate -update LUal -liveupdatequiet YES -liveupdateautoquit YES
  
 
==== Check when an application was last opened  ====
 
==== Check when an application was last opened  ====
<pre>mdls -name kMDItemLastUsedDate /Application/Application.app</pre>  
+
<pre>mdls -name kMDItemLastUsedDate /Application/Application.app</pre>
Check an entire folder:  
+
Check an entire folder:
<pre>mdls -name kMDItemLastUsedDate /Application/*</pre>  
+
<pre>mdls -name kMDItemLastUsedDate /Application/*</pre>
Filter applications from an entire folder:  
+
Filter applications from an entire folder:
 
<pre>mdls /Applications/Adobe\ Photoshop\ CS/* | egrep '(kMDItemLastUsedDate|kMDItemDisplayName)' \
 
<pre>mdls /Applications/Adobe\ Photoshop\ CS/* | egrep '(kMDItemLastUsedDate|kMDItemDisplayName)' \
| egrep '(kMDItemLastUsedDate)|(app)'</pre>  
+
| egrep '(kMDItemLastUsedDate)|(app)'</pre>
Batch checking  
+
Batch checking
 
<pre>mdls "/Applications/Macromedia Dreamweaver MX 2004/Dreamweaver MX 2004" \
 
<pre>mdls "/Applications/Macromedia Dreamweaver MX 2004/Dreamweaver MX 2004" \
 
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'
 
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'
Line 288: Line 292:
 
| egrep '(kMDItemDisplayName|2008-10*|2008-11*)'
 
| egrep '(kMDItemDisplayName|2008-10*|2008-11*)'
  
</pre>  
+
</pre>
 
==== X11 and the PATH variable in Leopard and&nbsp;Snowleopard<br>  ====
 
==== X11 and the PATH variable in Leopard and&nbsp;Snowleopard<br>  ====
  
There seems to be no way to directly set the X11 PATH variable. However, if you correctly set your PATH variable in the Terminal (check the command path_helper), you can then launch xterm (X11) from Terminal.app and it will inherit the PATH variable.  
+
There seems to be no way to directly set the X11 PATH variable. However, if you correctly set your PATH variable in the Terminal (check the command path_helper), you can then launch xterm (X11) from Terminal.app and it will inherit the PATH variable.
  
 
A massive X11 FAQ is available here: http://forums.macosxhints.com/showthread.php?t=80171<br>
 
A massive X11 FAQ is available here: http://forums.macosxhints.com/showthread.php?t=80171<br>
Line 298: Line 302:
  
 
==== Get MAC Address  ====
 
==== Get MAC Address  ====
<pre>/sbin/ifconfig en0 | grep ether | cut -d' ' -f 2</pre>  
+
<pre>/sbin/ifconfig en0 | grep ether | cut -d' ' -f 2</pre>
 
==== Set computer name  ====
 
==== Set computer name  ====
 
<pre>sudo scutil --set LocalHostName NEWCOMPUTERNAME
 
<pre>sudo scutil --set LocalHostName NEWCOMPUTERNAME
 
sudo scutil --set ComputerName NEWCOMPUTERNAME
 
sudo scutil --set ComputerName NEWCOMPUTERNAME
</pre>  
+
</pre>
 
==== Printers: Install, delete, set as default  ====
 
==== Printers: Install, delete, set as default  ====
  
'''List installed printers'''  
+
'''List installed printers'''
 
<pre>lpstat -p
 
<pre>lpstat -p
</pre>  
+
</pre>
'''Install'''  
+
'''Install'''
<pre>lpadmin -p printer_name -E -v lpd://server/printer -P path-to-ppd.gz</pre>  
+
<pre>lpadmin -p printer_name -E -v lpd://server/printer -P path-to-ppd.gz</pre>
 
*An example with a compressed ppd:
 
*An example with a compressed ppd:
  
lpadmin -p printer_name -E -v lpd://server/printer -P /Library/Printers/PPDs/Contents/Resources/HP\ LaserJet\ 4050\ Series.gz  
+
lpadmin -p printer_name -E -v lpd://server/printer -P /Library/Printers/PPDs/Contents/Resources/HP\ LaserJet\ 4050\ Series.gz
  
 
*Or an uncompressed ppd:
 
*Or an uncompressed ppd:
  
lpadmin -p printer_name -E -v lpd://server/printer -P /Library/Printers/PPDs/Contents/Resources/HP\ LaserJet\ 4050\ Series.ppd  
+
lpadmin -p printer_name -E -v lpd://server/printer -P /Library/Printers/PPDs/Contents/Resources/HP\ LaserJet\ 4050\ Series.ppd
  
'''Must be followed by'''  
+
'''Must be followed by'''
<pre>cupsenable printer_name</pre>  
+
<pre>cupsenable printer_name</pre>
'''Delete'''  
+
'''Delete'''
<pre>lpadmin -x printer_name</pre>  
+
<pre>lpadmin -x printer_name</pre>
e.g.:  
+
e.g.:
<pre>lpadmin -x AdobePDF7</pre>  
+
<pre>lpadmin -x AdobePDF7</pre>
'''Set as default'''  
+
'''Set as default'''
<pre>lpadmin -d printer_name</pre>  
+
<pre>lpadmin -d printer_name</pre>
'''Install but disable sharing and add description'''  
+
'''Install but disable sharing and add description'''
<pre>lpadmin -p printer_name -E -v lpd://server/printer -D "Room AB123" -P ppdpath -o printer-is-shared=false</pre>  
+
<pre>lpadmin -p printer_name -E -v lpd://server/printer -D "Room AB123" -P ppdpath -o printer-is-shared=false</pre>
 
==== Enabling Duplexing  ====
 
==== Enabling Duplexing  ====
  
On HP printers this should suffice:  
+
On HP printers this should suffice:
<pre>lpadmin -p prntr -E -v lpd://srv/prnt -D "rmnr" -P "ppdpath" -o "HPOption_Duplexer=True" -o Duplex=DuplexNoTumble</pre>  
+
<pre>lpadmin -p prntr -E -v lpd://srv/prnt -D "rmnr" -P "ppdpath" -o "HPOption_Duplexer=True" -o Duplex=DuplexNoTumble</pre>
On other models you can try listing the available printer options, then pass the appropriate option to lpadmin using the "-o" parameter. To list all available printer options, install the printer on any one workstation and then run:  
+
On other models you can try listing the available printer options, then pass the appropriate option to lpadmin using the "-o" parameter. To list all available printer options, install the printer on any one workstation and then run:
<pre>lpoptions -p printer_name -l</pre>  
+
<pre>lpoptions -p printer_name -l</pre>
For an HP laserjet the above command gives two options related to duplexing: '''HPOption_Duplexer''' and '''Duplex''' -- so those are the parameters passed using "-o" in the example above.  
+
For an HP laserjet the above command gives two options related to duplexing: '''HPOption_Duplexer''' and '''Duplex''' -- so those are the parameters passed using "-o" in the example above.
  
<br>  
+
<br>
  
 
== Misc  ==
 
== Misc  ==
Line 342: Line 346:
 
==== Remedying and preventing duplicate DDNS registrations in Mac OS X  ====
 
==== Remedying and preventing duplicate DDNS registrations in Mac OS X  ====
  
1) remove computer from domain 2) Run these commands sudo /usr/sbin/systemkeychain -k /Library/Keychains/System.keychain -C -f sudo rm -rf /var/db/krb5kdc sudo /usr/libexec/configureLocalKDC (ensure uniqueness of local kerberos db) 3) Follow these instructions: http://support.apple.com/kb/HT3169  
+
1) remove computer from domain 2) Run these commands sudo /usr/sbin/systemkeychain -k /Library/Keychains/System.keychain -C -f sudo rm -rf /var/db/krb5kdc sudo /usr/libexec/configureLocalKDC (ensure uniqueness of local kerberos db) 3) Follow these instructions: http://support.apple.com/kb/HT3169
  
4) Follow these instructions: http://support.apple.com/kb/HT3169  
+
4) Follow these instructions: http://support.apple.com/kb/HT3169
  
5) Rename computer as desired under System Preferences =&gt; Sharing, then run these commands: sudo hostname NEWCOMPUTERNAME sudo scutil --set ComputerName NEWCOMPUTERNAME sudo scutil --set LocalHostName NEWCOMPUTERNAME sudo scutil --set HostName NEWCOMPUTERNAME (ensure all possible host names are the same) 6) Open Directory Utility, AD plugin, rename computer as desired there, then bind to domain (adding to correct OU)  
+
5) Rename computer as desired under System Preferences =&gt; Sharing, then run these commands: sudo hostname NEWCOMPUTERNAME sudo scutil --set ComputerName NEWCOMPUTERNAME sudo scutil --set LocalHostName NEWCOMPUTERNAME sudo scutil --set HostName NEWCOMPUTERNAME (ensure all possible host names are the same) 6) Open Directory Utility, AD plugin, rename computer as desired there, then bind to domain (adding to correct OU)
  
May need to re-enter username/password in Xsan admin app. May need to remove computer from Xsan database and re-add.  
+
May need to re-enter username/password in Xsan admin app. May need to remove computer from Xsan database and re-add.
  
 
==== Connect to an AFP server from the command line  ====
 
==== Connect to an AFP server from the command line  ====
 
<pre>sudo mkdir /Volumes/myserver
 
<pre>sudo mkdir /Volumes/myserver
 
sudo mount_afp afp://username:password@servername/sharename /Volumes/myserver
 
sudo mount_afp afp://username:password@servername/sharename /Volumes/myserver
</pre>  
+
</pre>
 
==== Reimage a mac from an image using the command line asr  ====
 
==== Reimage a mac from an image using the command line asr  ====
<pre>sudo asr restore --source /Volumes/Source/Image.dmg --target /Volumes/Destination --erase --noverify</pre>  
+
<pre>sudo asr restore --source /Volumes/Source/Image.dmg --target /Volumes/Destination --erase --noverify</pre>
Note: This '''ERASES''' the destination drive. It also skips verification (which Disk Utility forces you to do, thus adding 10-15 minutes to the imaging process). Verification is GOOD, but sometimes, when you're sure that the image is healthy and your destination drive is healthy, it can be a waste of time.  
+
Note: This '''ERASES''' the destination drive. It also skips verification (which Disk Utility forces you to do, thus adding 10-15 minutes to the imaging process). Verification is GOOD, but sometimes, when you're sure that the image is healthy and your destination drive is healthy, it can be a waste of time.
  
 
==== Manipulating and modifying ACL permissions from the command line terminal  ====
 
==== Manipulating and modifying ACL permissions from the command line terminal  ====
  
Read ACL  
+
Read ACL
<pre>ls -le /path/to/dir</pre>  
+
<pre>ls -le /path/to/dir</pre>
Write ACL  
+
Write ACL
<pre>chmod -R +a "group:admin allow read write delete" /path/to/dir</pre>  
+
<pre>chmod -R +a "group:admin allow read write delete" /path/to/dir</pre>
Delete ACL  
+
Delete ACL
<pre>chmod -R -a# 0 /path/to/dir</pre>  
+
<pre>chmod -R -a# 0 /path/to/dir</pre>
 
==== Run an ASR server  ====
 
==== Run an ASR server  ====
  
GUI: Protonpack  
+
GUI: Protonpack
 
<pre>sudo asr -source /Volumes/Images/image.dmg -server /path/to/config.plist
 
<pre>sudo asr -source /Volumes/Images/image.dmg -server /path/to/config.plist
</pre>  
+
</pre>
 
==== Restore a client from an ASR server  ====
 
==== Restore a client from an ASR server  ====
  
GUI: NetRestore  
+
GUI: NetRestore
 
<pre>sudo asr -source asr://serverip -targer /Volumes/Volume -erase -noverify
 
<pre>sudo asr -source asr://serverip -targer /Volumes/Volume -erase -noverify
</pre>  
+
</pre>
 
==== Set expanded windows for save and print<br>  ====
 
==== Set expanded windows for save and print<br>  ====
  
defaults write -g PMPrintingExpandedStateForPrint -bool TRUE  
+
defaults write -g PMPrintingExpandedStateForPrint -bool TRUE
  
defaults write /Library/Preferences/.GlobalPreferences NSNavPanelExpandedStateForSaveMode -string 1  
+
defaults write /Library/Preferences/.GlobalPreferences NSNavPanelExpandedStateForSaveMode -string 1
  
<br>  
+
<br>
  
 
==== Make the help window and the add printer (addprinter.app) window act normal <br>  ====
 
==== Make the help window and the add printer (addprinter.app) window act normal <br>  ====
  
This makes the help window and addprinter.app window accessible to the Dock and command-tab.<br>  
+
This makes the help window and addprinter.app window accessible to the Dock and command-tab.<br>
  
i=/System/Library/CoreServices/AddPrinter.app/Contents/Info.plist<br>sudo defaults write "${i%.plist}" LSUIElement 0<br>sudo chmod 644 "$i"  
+
i=/System/Library/CoreServices/AddPrinter.app/Contents/Info.plist<br>sudo defaults write "${i%.plist}" LSUIElement 0<br>sudo chmod 644 "$i"
  
<br>i=/System/Library/CoreServices/Help\ Viewer.app/Contents/Info.plist<br>sudo defaults write "${i%.plist}" LSUIElement 0<br>sudo chmod 644 "$i"<br>  
+
<br>i=/System/Library/CoreServices/Help\ Viewer.app/Contents/Info.plist<br>sudo defaults write "${i%.plist}" LSUIElement 0<br>sudo chmod 644 "$i"<br>
  
 
==== Slipstreaming Office 2008 for Mac  ====
 
==== Slipstreaming Office 2008 for Mac  ====
  
See: [[Slipstreaming Office 2008 for Mac]]  
+
See: [[Slipstreaming Office 2008 for Mac]]
  
 
==== Apple System Image Utility Tips  ====
 
==== Apple System Image Utility Tips  ====
Line 418: Line 422:
  
 
done
 
done
</pre>  
+
</pre>
 
==== Deleting ALL cached domain user accounts  ====
 
==== Deleting ALL cached domain user accounts  ====
  
You can also delete all accounts from the entire semester:  
+
You can also delete all accounts from the entire semester:
 
<pre># Deleting cached domain accounts (this means local accounts will remain untouched)
 
<pre># Deleting cached domain accounts (this means local accounts will remain untouched)
 
for cuser in `dscl . -list /Users AuthenticationAuthority | grep LocalCachedUser | awk '{print $1}' | tr '\n' ' '`; do
 
for cuser in `dscl . -list /Users AuthenticationAuthority | grep LocalCachedUser | awk '{print $1}' | tr '\n' ' '`; do
Line 433: Line 437:
 
rm -rdfv /Users/Shared/.*
 
rm -rdfv /Users/Shared/.*
  
</pre>  
+
</pre>
 
==== Deleting ALL cached domain accounts except those on a custom list  ====
 
==== Deleting ALL cached domain accounts except those on a custom list  ====
 
<pre>#Set the warning flag to off (case sensitive) if you want to start the deletion of accounts.
 
<pre>#Set the warning flag to off (case sensitive) if you want to start the deletion of accounts.
Line 472: Line 476:
 
fi
 
fi
 
fi
 
fi
</pre>  
+
</pre>
 
=== Erasing a volume entirely and setting permissions<br>  ===
 
=== Erasing a volume entirely and setting permissions<br>  ===
 
<pre>#Set the warning flag to off (case sensitive) if you want to start the deletion.
 
<pre>#Set the warning flag to off (case sensitive) if you want to start the deletion.
Line 498: Line 502:
 
vsdbutil -c "/Volumes/Save Here"
 
vsdbutil -c "/Volumes/Save Here"
 
fi
 
fi
</pre>  
+
</pre>
 
*Alternatively, you can replace the "diskutil eraseVolume..." lines with something like rm -rdf "/Volumes/path/to/specific folder to clear"
 
*Alternatively, you can replace the "diskutil eraseVolume..." lines with something like rm -rdf "/Volumes/path/to/specific folder to clear"

Revision as of 09:59, 17 November 2009

NOTE: This page contains information that is only useful to Helpdesk / LIS faculty and staff. Therefore I'm considering moving this information to our Internal wiki. If you feel that this information is important to the general public and/or do NOT think that this move is appropriate, please comment on the discussion page.

--Hunt, Christopher 14:59, 17 November 2009 (UTC)

System, disks, users

Refresh disk arbitration

Note: This may force disks that haven't mounted to mount.

disktool -r

Enable Journaling

diskutil enableJournal /

Matching Mac Model Name with Model Identifier, Mac OS X Build, production date, and Apple Hardware Test version

  1. Get Model IDENTIFIER from System profiler (it will look like Model Identifier: MacBookPro2,2)
  2. Visit http://mactracker.dreamhosters.com/iphone/#_modelWindow and find the model with that identifier
  3. Done

More useful resources:

Programatically Delete Cached User Accounts

From http://developer.apple.com/releasenotes/MacOSXServer/RN-DirectoryServices/index.html

# Script to remove cached accounts in the local DS node
# This should work in both Tiger and Leopard
# Run this script as root or with sudo
#!/bin/sh

# dscl searching only does exact matches.  So we list the records and pipe them through to grep to find the list of records we want.
# The first column will be the username and we get that using awk.
# We also remove the line endings with tr to make it one long string.

for cuser in `dscl . -list /Users AuthenticationAuthority | grep LocalCachedUser | awk '{print $1}' | tr '\n' ' '`; do
dscl . -delete /Users/$cuser                    # now we delete the record using dscl
done

More resources: http://www.macosxhints.com/article.php?story=20080127172157404
http://www.google.com/search?client=safari&rls=en-us&q=leopard+script+delete+user+account+dscl&ie=UTF-8&oe=UTF-8

Enabling Directory Service debug logging

sudo touch /Library/Preferences/DirectoryService/.DSLogDebugAtStart
sudo sudo killall -USR1 DirectoryService

Disabling Directory Service debug logging

sudo rm /Library/Preferences/DirectoryService/.DSLogDebugAtStart
sudo sudo killall -USR1 DirectoryService

Resetting Mac OS X Machine Account Domain Password

See http://www.afp548.com/article.php?story=20061217110502523

Forcefully remove a Mac from the domain

sudo dsconfigad -r -f -u username -p password

Where "username" is the username that was used to add the machine to the domain, and "password" is this username's password.

Resetting Directory Service Settings

This is useful in cases where removing/adding the computer from/to the domain does not work using the standard method (Manually Add a Mac to the Domain). The instructions below forcefully remove (unbind) the mac from the domain:

  1. Login with a local account.
  2. Open the Terminal application
  3. Enter each of the lines below, followed by pressing enter:
sudo rm -rdfv /Library/Preferences/DirectoryService
sudo rm -rdfv /var/db/dslocal/nodes/Default/config
sudo sudo killall -USR1 DirectoryService
  1. Open Macintosh HD => Applications => Utilities => MIDD => Midd1stBootConfig.
  2. Follow the on-screen instructions. When the "Update User Template" application opens, click "Quit".
  3. Reboot and try logging in again with your domain account. If that fails Manually Add a Mac to the Domain.

Reset Mac user or admin password

Can require install disks to reset if you have forgotten the old password. Help here

Give admin (administrator) privileges to a user using the Terminal

Open Terminal, type the line below, hit enter:

sudo dscl . -append /Groups/admin GroupMembership usernamegoeshere

To check who's an admin currently:

dscl . -read /Groups/admin | grep GroupMembership

The above can also be used in ARD commands or in shell scripts.

Upgrade groups to the new UID format

This allows nested group (i.e. a domain group to be a member of a local group).

dseditgroup -o edit -t group -f n groupnamegoes here


Make the admin group a member of the _lpadmin group

  • Easy solution: Connect to smb://middfiles.middlebury.edu/middfiles and open Software => Software Macintosh => Quick-Fixes. Double-click Add Printer - Permissions Problem Fix (lpadmin).app
  • The harder solution (run commands below): This converts the _lpadmin and the admin group to the new format, adds the key NestedGroups to the _lpadmin group and populates it with the GUID of the admin group. Finally, the admin account is made a member of the _lpadmin group.

dseditgroup -o edit -t group -f n admin
dseditgroup -o edit -t group -f n _lpadmin
dseditgroup -o edit -a admin -t group _lpadmin
dscl localhost -create /Local/Default/Groups/_lpadmin NestedGroups ABCDEFAB-CDEF-ABCD-EFAB-CDEF-00000050
dseditgroup -o edit -a admin -t group _lpadmin

Add an application to the dock using a script

  • Add for current user:
defaults write com.apple.dock persistent-apps -array-add "<dict><key>tile-data</key><dict>\
<key>file-data</key><dict><key>_CFURLString</key><string>/Applications/Final Cut Express.app</string>\
<key>_CFURLStringType</key><integer>0</integer></dict></dict></dict>";
  • Add for default user template:
defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.dock \
persistent-apps -array-add "<dict><key>tile-data</key><dict><key>file-data</key>\
<dict><key>_CFURLString</key><string>/Applications/Final Cut Express.app</string>\
<key>_CFURLStringType</key><integer>0</integer></dict></dict></dict>";
  • Add for all users (current and future):
for folder in /Users/*
do
defaults write $folder/Library/Preferences/com.apple.dock persistent-apps -array-add \
"<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key>\
<string>/Applications/Final Cut Express.app</string><key>_CFURLStringType</key>\
<integer>0</integer></dict></dict></dict>";
currentuser=`basename $folder`
chown $currentuser $folder/Library/Preferences/com.apple.dock.plist
done

Run a command for each user

for folder in /Users/* echo "Doing a command for $folder" done

For example, this command sets the default printer to LIB242K:

for folder in /Users/*
do
echo Default LIB242K > $folder/.cups/lpoptions
chmod 777 $folder/.cups/lpoptions
done


Distribute a file to each user's home dir

E.g. distribute custom print settings to each user

for folder in /Users/*
do
ditto -V $folder/Library/Preferences/com.apple.print.custompresets.plist \
$folder/Library/Preferences/com.apple.print.custompresets.bak
ditto -V /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.print.custompresets.plist \
$folder/Library/Preferences/com.apple.print.custompresets.plist
chmod 777 $folder/Library/Preferences/com.apple.print.custompresets.plist
done

ARD techniques

Known ARD Issues

See Known ARD Issues.

Desirable ARD commands

  • Set disk permissions. Ignore permissions.
  • Add ACLS for folders
  • Run login permission script
  • unbind/rename/rebind/rescan/apply proper admin privs.
  • login items fix

Installing (Pushing) Adobe CS via ARD

Note: This assumes you've created a disk image with the applications (from /Applications), and a disk image with the settings (in /Library/Application Support, as well as /Library/Preferences).

hdiutil attach /adobepro.dmg
ditto -V /Volumes/adobepro /Applications
hdiutil detach /Volumes/adobepro
rm -rdfv /adobepro.dmg

hdiutil attach /settings.dmg
ditto -V /Volumes/settings /Library
hdiutil detach /Volumes/settings
rm -rdfv /settings.dmg

Installing LabStats via ARD

  • Requirements: If the client computers are running Mac OS X Leopard, you need LabStats version 4.4.x (at least).
  1. On your ARD computer, visit the labstats admin page and download the Mac installer.
  2. Unzip it the package, and you will get two files (one ending in tar.gz, one ending in conf)
  3. Unpack the tar file (double-clicking should suffice) until you see the install package (ends with pkg).
  4. Open ARD, select the client computers (the ones that need labstats), then click "Copy"
  5. Drag the pkg file and the conf file to the upper portion of the copy window (you can also use the + button), under "Place Item In" specify the full destination to "/tmp" (without the quotes), then click Copy.
  6. When the copy process finishes, select the same computers again and click the Unix command button. In the window that appears, paste these lines in the upper portion:
    installer -package /tmp/labstats_mac_client_installer.pkg -target / 
    rm -rdfv /tmp/labstats* 
  7. Under "Run the command as" enter the user "root" and click "Send"

Mute or set volume via ARD

osascript -e "set volume 0"

Change the zero to another number to set the volume to a higher value. Zero is mute. This seems to be system wide. It also mutes the startup chime. Good for classrooms. If headphones are plugged in, they have a separate volume setting.

Make Macs Speak via ARD

say "I hate Macs"

Set the Open Firmware password via ARD

Note: You need our Open Firmware package for this! It should be on our Mac server.

sudo ofpassword set blahblah123

Enable SSH via ARD

This seems to work:

systemsetup -setremotelogin on

Some other ideas:

echo yes | /System/Library/CoreServices/RemoteManagment/ARDAgent.app/Contents/Support/systemsetup -setremotelogin on
/sbin/service ssh start
echo "AdminsPassHere" | sudo service ssh start

This seems to work until reboot:

/usr/sbin/sshd

Enable ARD remotely

e.g. via SSH

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -on -users admin -privs -all

If nothing's been enabled, the full line should look like: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -restart -agent -menu

Mount AFP volume via applescript via ARD

osascript -e 'mount volume "afp://user:password@computername/Macintosh HD"'

Check if a process is running via ARD

E.g. Check if AFP server is running

ps -axww | grep -i "AppleFileServer"

Start AFP sharing remotely

  1. Change /etc/hostconfig so that AFPSERVER=-YES=
  2. Send unix script
    sudo AppleFileServer
    TWICE

Get folder size via ARD

du -d 1 -h /Users/Shared/editingclass

Set power management on Macs via ARD

Can be done using the pmset command. Remember to always execute this command as user "root" in ARD. Examples:

  • Instructor stations that need to remain awake for the duration the class:
    pmset -a sleep 0 disksleep 10 displaysleep 75
    The sleep parameter tells the computer never to sleep, disksleep makes the hard disk spin down in 10 minutes, displaysleep makes the monitor remain awake for 75 minutes.
  • Regular workstations that need to remain awake for management purposes can turn off the screen (e.g. after 35 mins) and spin down the hard disk to save power:
    pmset -a sleep 0 disksleep 10 displaysleep 35
  • Alternatively, the machines can be turned off / set to sleep whenever and you designate a "remote management" time period (say, every day after 3:00am). The Mac OS X power management allows you to set the computer to wake up or power on at a specific day and time. This way if a machine was turned off or set to sleep, it can become available for updates, etc. Here's an example:
    pmset repeat wakeorpoweron MTWRF 03:00:00
    This wakes the machine (if it's asleep) or powers it on (if it's turned off), every weekday at 3am.

Get Link Speed

ioreg -l | grep "IOLinkSpeed"

Divide by 1000000 to get "human readable".

Application tips

Pushing LabStats via ARD

Labstats can be pushed via ARD. There are two methods, both start with the same process:

  1. On a machine with ARD, grab the Mac labstats installer from http://labserver:8080/admin
  2. Unpack it, you'll get two files - a pkg package and a "conf" file.

Method 1: Copy the labstats.conf file INSIDE the installer (ctrl+click on the installer, open Contents => Resources => drag the conf file in here). Open the file named "postflight", delete everything in it and replace it with:

#!/bin/sh

ditto "$1/Contents/Resources/labstats.conf" /private/etc/labstats.conf
chown root:wheel /private/etc/labstats.conf
SystemStarter start LabstatsClient

Method 2: Push the default config file AFTER pushing labstats: Use the ARD "copy" button to copy the conf file to a custom destination: /etc

Reset Spotlight

sudo mdutil -i off /
sudo mdutil -E /
sudo mdutil -i on /

Update Symantec AntiVirus

LiveUpdate -update LUal -liveupdatequiet YES -liveupdateautoquit YES

LiveUpdate tends to be in the root library support folder: /Library/Application\ Support/Norton\ Solutions\ Support/LiveUpdate/LiveUpdate.app/Contents/MacOS/LiveUpdate -update LUal -liveupdatequiet YES -liveupdateautoquit YES

Check when an application was last opened

mdls -name kMDItemLastUsedDate /Application/Application.app

Check an entire folder:

mdls -name kMDItemLastUsedDate /Application/*

Filter applications from an entire folder:

mdls /Applications/Adobe\ Photoshop\ CS/* | egrep '(kMDItemLastUsedDate|kMDItemDisplayName)' \
| egrep '(kMDItemLastUsedDate)|(app)'

Batch checking

mdls "/Applications/Macromedia Dreamweaver MX 2004/Dreamweaver MX 2004" \
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'
mdls "/Applications/Macromedia Flash MX 2004/Flash MX 2004" \
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'
mdls "/Applications/Macromedia Fireworks MX 2004/Fireworks MX 2004" \
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'

mdls "/Applications/Adobe Photoshop CS/Adobe Photoshop CS.app" \
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'
mdls "/Applications/Adobe InDesign CS/InDesign CS.app" \
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'
mdls "/Applications/Adobe Illustrator CS/Illustrator CS.app" \
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'

mdls "/Applications/GarageBand.app" | egrep '(kMDItemLastUsedDate|kMDItemDisplayName)' \
| egrep '(kMDItemDisplayName|2008-10*|2008-11*)'

X11 and the PATH variable in Leopard and Snowleopard

There seems to be no way to directly set the X11 PATH variable. However, if you correctly set your PATH variable in the Terminal (check the command path_helper), you can then launch xterm (X11) from Terminal.app and it will inherit the PATH variable.

A massive X11 FAQ is available here: http://forums.macosxhints.com/showthread.php?t=80171

Network & Printers

Get MAC Address

/sbin/ifconfig en0 | grep ether | cut -d' ' -f 2

Set computer name

sudo scutil --set LocalHostName NEWCOMPUTERNAME
sudo scutil --set ComputerName NEWCOMPUTERNAME

Printers: Install, delete, set as default

List installed printers

lpstat -p

Install

lpadmin -p printer_name -E -v lpd://server/printer -P path-to-ppd.gz
  • An example with a compressed ppd:

lpadmin -p printer_name -E -v lpd://server/printer -P /Library/Printers/PPDs/Contents/Resources/HP\ LaserJet\ 4050\ Series.gz

  • Or an uncompressed ppd:

lpadmin -p printer_name -E -v lpd://server/printer -P /Library/Printers/PPDs/Contents/Resources/HP\ LaserJet\ 4050\ Series.ppd

Must be followed by

cupsenable printer_name

Delete

lpadmin -x printer_name

e.g.:

lpadmin -x AdobePDF7

Set as default

lpadmin -d printer_name

Install but disable sharing and add description

lpadmin -p printer_name -E -v lpd://server/printer -D "Room AB123" -P ppdpath -o printer-is-shared=false

Enabling Duplexing

On HP printers this should suffice:

lpadmin -p prntr -E -v lpd://srv/prnt -D "rmnr" -P "ppdpath" -o "HPOption_Duplexer=True" -o Duplex=DuplexNoTumble

On other models you can try listing the available printer options, then pass the appropriate option to lpadmin using the "-o" parameter. To list all available printer options, install the printer on any one workstation and then run:

lpoptions -p printer_name -l

For an HP laserjet the above command gives two options related to duplexing: HPOption_Duplexer and Duplex -- so those are the parameters passed using "-o" in the example above.


Misc

Remedying and preventing duplicate DDNS registrations in Mac OS X

1) remove computer from domain 2) Run these commands sudo /usr/sbin/systemkeychain -k /Library/Keychains/System.keychain -C -f sudo rm -rf /var/db/krb5kdc sudo /usr/libexec/configureLocalKDC (ensure uniqueness of local kerberos db) 3) Follow these instructions: http://support.apple.com/kb/HT3169

4) Follow these instructions: http://support.apple.com/kb/HT3169

5) Rename computer as desired under System Preferences => Sharing, then run these commands: sudo hostname NEWCOMPUTERNAME sudo scutil --set ComputerName NEWCOMPUTERNAME sudo scutil --set LocalHostName NEWCOMPUTERNAME sudo scutil --set HostName NEWCOMPUTERNAME (ensure all possible host names are the same) 6) Open Directory Utility, AD plugin, rename computer as desired there, then bind to domain (adding to correct OU)

May need to re-enter username/password in Xsan admin app. May need to remove computer from Xsan database and re-add.

Connect to an AFP server from the command line

sudo mkdir /Volumes/myserver
sudo mount_afp afp://username:password@servername/sharename /Volumes/myserver

Reimage a mac from an image using the command line asr

sudo asr restore --source /Volumes/Source/Image.dmg --target /Volumes/Destination --erase --noverify

Note: This ERASES the destination drive. It also skips verification (which Disk Utility forces you to do, thus adding 10-15 minutes to the imaging process). Verification is GOOD, but sometimes, when you're sure that the image is healthy and your destination drive is healthy, it can be a waste of time.

Manipulating and modifying ACL permissions from the command line terminal

Read ACL

ls -le /path/to/dir

Write ACL

chmod -R +a "group:admin allow read write delete" /path/to/dir

Delete ACL

chmod -R -a# 0 /path/to/dir

Run an ASR server

GUI: Protonpack

sudo asr -source /Volumes/Images/image.dmg -server /path/to/config.plist

Restore a client from an ASR server

GUI: NetRestore

sudo asr -source asr://serverip -targer /Volumes/Volume -erase -noverify

Set expanded windows for save and print

defaults write -g PMPrintingExpandedStateForPrint -bool TRUE

defaults write /Library/Preferences/.GlobalPreferences NSNavPanelExpandedStateForSaveMode -string 1


Make the help window and the add printer (addprinter.app) window act normal

This makes the help window and addprinter.app window accessible to the Dock and command-tab.

i=/System/Library/CoreServices/AddPrinter.app/Contents/Info.plist
sudo defaults write "${i%.plist}" LSUIElement 0
sudo chmod 644 "$i"


i=/System/Library/CoreServices/Help\ Viewer.app/Contents/Info.plist
sudo defaults write "${i%.plist}" LSUIElement 0
sudo chmod 644 "$i"

Slipstreaming Office 2008 for Mac

See: Slipstreaming Office 2008 for Mac

Apple System Image Utility Tips

  • When creating a workflow, "Define Image Source" needs to be on top and "Create Image" on the bottom of the workflow. The rest of the actions may have any order (or so it appears).

Archiving user accounts from a previous semester

cd /Users/
mkdir zz_PreviousSememsters
for cfolder in /Users/*
do
echo $cfolder
echo "$cfolder" | grep -x zz_PreviousSememsters
if [[ $? > 0 ]]
then
echo "absent"
mkdir "$cfolder"
mv -f "$cfolder" "/Users/zz_PreviousSememsters/"
else
echo "present"
return 0
fi

done

Deleting ALL cached domain user accounts

You can also delete all accounts from the entire semester:

# Deleting cached domain accounts (this means local accounts will remain untouched)
for cuser in `dscl . -list /Users AuthenticationAuthority | grep LocalCachedUser | awk '{print $1}' | tr '\n' ' '`; do
dscl . -delete /Users/$cuser
rm -rdfv /Users/$cuser
done


# Deleting the Shared files
rm -rdfv /Users/Shared/*
rm -rdfv /Users/Shared/.*

Deleting ALL cached domain accounts except those on a custom list

#Set the warning flag to off (case sensitive) if you want to start the deletion of accounts.
MIDD_WARNINGFLAG=on

#Set this flag to true if you want /Users/Shared to be deleted, as well.
MIDD_DELETESHARED=false

if [[ "$MIDD_WARNINGFLAG" == "on" ]]
then
echo "MIDD_WARNINGFLAG is enabled so I can't delete stuff."
echo "Look at the template/script that you just used and set the MIDD_WARNINGFLAG to off (case sensitive)."
else
ls -a /Users/
#Accounts listed here will not be deleted. Local accounts are not deleted by default.
MIDD_DONTDELETE=admin,jsmith,joejohn
# Deleting cached domain accounts (this means local accounts will remain untouched)
for cuser in `dscl . -list /Users AuthenticationAuthority | grep LocalCachedUser | awk '{print $1}' | tr '\n' ' '`; do
echo $MIDD_DONTDELETE | grep -i "$cuser"
if [ $? == 1 ]
then
echo "Deleting $cuser"
dscl . -delete /Users/$cuser
rm -rdf /Users/$cuser
else
echo "$cuser in exclusions list, not deleting"
fi
done

if [[ "$MIDD_DELETESHARED" == "true" ]]
then
# Deleting the Shared files
echo Deleting "/Users/Shared"
rm -rdfv /Users/Shared/*
rm -rdfv /Users/Shared/.*
else
echo "MIDD_DELETESHARED is set to false so I'm not deleting any files in /Users/Shared"
fi
fi

Erasing a volume entirely and setting permissions

#Set the warning flag to off (case sensitive) if you want to start the deletion.
MIDD_WARNINGFLAG=on

if [[ "$MIDD_WARNINGFLAG" == "on" ]]
then
echo "MIDD_WARNINGFLAG is enabled so I can't delete stuff."
echo "Look at the template/script that you just used and set the MIDD_WARNINGFLAG to off (case sensitive)."
else
echo Permissions status before erasing
vsdbutil -c /Volumes/SaveHere
vsdbutil -c "/Volumes/Save Here"

echo Erasing Save Here volumes
diskutil eraseVolume "HFS+" "Save Here" "/Volumes/Save Here"
diskutil eraseVolume "HFS+" "Save Here" /Volumes/SaveHere

echo Ensuring proper permissions status after erasing
vsdbutil -d /Volumes/SaveHere
vsdbutil -d "/Volumes/Save Here"

echo Reporting permissions status after erasing
vsdbutil -c /Volumes/SaveHere
vsdbutil -c "/Volumes/Save Here"
fi
  • Alternatively, you can replace the "diskutil eraseVolume..." lines with something like rm -rdf "/Volumes/path/to/specific folder to clear"
Powered by MediaWiki