Advanced Mac Configuration Topics

System, disks, users

Refresh disk arbitration

Note: This may force disks that haven't mounted to mount.

disktool -r

Enable Journaling

diskutil enableJournal /

Matching Mac Model Name with Model Identifier, Mac OS X Build, production date, and Apple Hardware Test version

Get Model IDENTIFIER from System profiler (it will look like Model Identifier: MacBookPro2,2)
Visit http://mactracker.dreamhosters.com/iphone/#_modelWindow and find the model with that identifier
Done

More useful resources:

Programatically Delete Cached User Accounts

From http://developer.apple.com/releasenotes/MacOSXServer/RN-DirectoryServices/index.html

# Script to remove cached accounts in the local DS node
# This should work in both Tiger and Leopard
# Run this script as root or with sudo
#!/bin/sh

# dscl searching only does exact matches.  So we list the records and pipe them through to grep to find the list of records we want.  The first column will be the username and we get that using awk.
# We also remove the line endings with tr to make it one long string.

for cuser in `dscl . -list /Users AuthenticationAuthority | grep LocalCachedUser | awk '{print $1}' | tr '\n' ' '`; do
dscl . -delete /Users/$cuser                    # now we delete the record using dscl
done

More resources: http://www.macosxhints.com/article.php?story=20080127172157404
http://www.google.com/search?client=safari&rls=en-us&q=leopard+script+delete+user+account+dscl&ie=UTF-8&oe=UTF-8

Enabling Directory Service debug logging

sudo touch /Library/Preferences/DirectoryService/.DSLogDebugAtStart
sudo sudo killall -USR1 DirectoryService

Disabling Directory Service debug logging

sudo rm /Library/Preferences/DirectoryService/.DSLogDebugAtStart
sudo sudo killall -USR1 DirectoryService

Resetting Directory Service Settings

I was having trouble logging in with my AD account to some iMacs added to our AD. In fact, not a single AD account was able to login. Directory Utility claimed it can't see the domain controller (which it could, since it was online, in the same subnet as other identical computers, it could ping the domain and packets were sent back and forth between it and the domain, without loss). Unbinding it didn't work, but it offered to force the ubind, which I did. Then I was unable to bind it back (updated to 10.5.6 rebooted, still not binding). The error I kept getting was invalid username and password (after entering the domain username and password that we use for binding). Using the same username and password worked on other computers (either brand new, or existing computers that I unbound, then bound back with no issues -- again same subnet, same image). I deleted the computer accounts from the domain, but the problem persisted. Finally, I used fseventer to see what's being access during the bind process. The system threw the error message not after communicating with the domain, but after checking the plists in /Library/Preferences/DirectoryService and /var/db/dslocal/nodes/Default/config -- so I deleted these two folders and was able to bind back with no issues!

sudo rm -rdfv /Library/Preferences/DirectoryService
sudo rm -rdfv /var/db/dslocal/nodes/Default/config
sudo sudo killall -USR1 DirectoryService

ARD techniques

Desirable ARD commands

Set disk permissions. Ignore permissions.
Add ACLS for folders
Run login permission script
unbind/rename/rebind/rescan/apply proper admin privs.
login items fix

Pushing Adobe CS via ARD

Note: This assumes you've created a disk image with the applications (from /Applications), and a disk image with the settings (in /Library/Application Support, as well as /Library/Preferences).

hdiutil attach /adobepro.dmg
ditto -V /Volumes/adobepro /Applications
hdiutil detach /Volumes/adobepro
rm -rdfv /adobepro.dmg

hdiutil attach /settings.dmg
ditto -V /Volumes/settings /Library
hdiutil detach /Volumes/settings
rm -rdfv /settings.dmg

Mute or set volume via ARD

osascript -e "set volume 0"

Change the zero to another number to set the volume to a higher value. Zero is mute. This seems to be system wide. It also mutes the startup chime. Good for classrooms. If headphones are plugged in, they have a separate volume setting.

Make Macs Speak via ARD

say "I hate Macs"

Set the Open Firmware password via ARD

Note: You need our Open Firmware package for this! It should be on our Mac server.

sudo ofpassword set blahblah123

Enable SSH via ARD

This seems to work:

systemsetup -setremotelogin on

Some other ideas:

echo yes | /System/Library/CoreServices/RemoteManagment/ARDAgent.app/Contents/Support/systemsetup -setremotelogin on
/sbin/service ssh start
echo "AdminsPassHere" | sudo service ssh start

This seems to work until reboot:

/usr/sbin/sshd

Enable ARD remotely

e.g. via SSH

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -on -users admin -privs -all

If nothing's been enabled, the full line should look like: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -restart -agent -menu

Mount AFP volume via applescript via ARD

osascript -e 'mount volume "afp://user:password@computername/Macintosh HD"'

Check if a process is running via ARD

E.g. Check if AFP server is running

ps -axww | grep -i "AppleFileServer"

Start AFP sharing remotely

Change /etc/hostconfig so that AFPSERVER=-YES=
Send unix script
```
sudo AppleFileServer
```
TWICE

Get folder size via ARD

du -d 1 -h /Users/Shared/editingclass

Application tips

Reset Spotlight

sudo mdutil -i off /
sudo mdutil -E /
sudo mdutil -i on /

Update Symantec AntiVirus

LiveUpdate -update LUal -liveupdatequiet YES -liveupdateautoquit YES

LiveUpdate tends to be in the root library support folder: /Library/Application\ Support/Norton\ Solutions\ Support/LiveUpdate/LiveUpdate.app/Contents/MacOS/LiveUpdate -update LUal -liveupdatequiet YES -liveupdateautoquit YES

Check when an application was last opened

mdls -name kMDItemLastUsedDate /Application/Application.app

Check an entire folder:

mdls -name kMDItemLastUsedDate /Application/*

Filter applications from an entire folder:

mdls /Applications/Adobe\ Photoshop\ CS/* | egrep '(kMDItemLastUsedDate|kMDItemDisplayName)' \
| egrep '(kMDItemLastUsedDate)|(app)'

Batch checking

mdls "/Applications/Macromedia Dreamweaver MX 2004/Dreamweaver MX 2004" \
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'
mdls "/Applications/Macromedia Flash MX 2004/Flash MX 2004" \
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'
mdls "/Applications/Macromedia Fireworks MX 2004/Fireworks MX 2004" \
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'

mdls "/Applications/Adobe Photoshop CS/Adobe Photoshop CS.app" \
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'
mdls "/Applications/Adobe InDesign CS/InDesign CS.app" \
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'
mdls "/Applications/Adobe Illustrator CS/Illustrator CS.app" \
| egrep '(kMDItemLastUsedDate|kMDItemDisplayName)'  | egrep '(kMDItemDisplayName|2008-10*|2008-11*)'

mdls "/Applications/GarageBand.app" | egrep '(kMDItemLastUsedDate|kMDItemDisplayName)' \
| egrep '(kMDItemDisplayName|2008-10*|2008-11*)'

Network & Printers

Get MAC Address

/sbin/ifconfig en0 | grep ether | cut -d' ' -f 2

Set computer name

sudo scutil --set LocalHostName NEWCOMPUTERNAME
sudo scutil --set ComputerName NEWCOMPUTERNAME

Printers: Install, delete, set as default

List installed printers

lpstat -p

Install

lpadmin -p printer_name -E -v lpd://server/printer -P path-to-ppd.gz

An example with a compressed ppd:

lpadmin -p printer_name -E -v lpd://server/printer -P /Library/Printers/PPDs/Contents/Resources/HP\ LaserJet\ 4050\ Series.gz

Or an uncompressed ppd:

lpadmin -p printer_name -E -v lpd://server/printer -P /Library/Printers/PPDs/Contents/Resources/HP\ LaserJet\ 4050\ Series.ppd

Must be followed by

cupsenable printer_name

Delete

lpadmin -x printer_name

e.g.:

lpadmin -x AdobePDF7

Set as default

lpadmin -d printer_name

Install but disable sharing and add description

lpadmin -p printer_name -E -v lpd://server/printer -D "Room AB123" -P ppdpath -o printer-is-shared=false

Enabling Duplexing

On HP printers this should suffice:

lpadmin -p prntr -E -v lpd://srv/prnt -D "rmnr" -P "ppdpath" -o "HPOption_Duplexer=True" -o Duplex=DuplexNoTumble

On other models you can try listing the available printer options, then pass the appropriate option to lpadmin using the "-o" parameter. To list all available printer options, install the printer on any one workstation and then run:

lpoptions -p printer_name -l

For an HP laserjet the above command gives two options related to duplexing: HPOption_Duplexer and Duplex -- so those are the parameters passed using "-o" in the example above.

Misc

Connect to an AFP server from the command line

sudo mkdir /Volumes/myserver
sudo mount_afp afp://username:password@servername/sharename /Volumes/myserver

Reimage a mac from an image using the command line asr

sudo asr restore --source /Volumes/Source/Image.dmg --target /Volumes/Destination --erase --noverify

Note: This ERASES the destination drive. It also skips verification (which Disk Utility forces you to do, thus adding 10-15 minutes to the imaging process). Verification is GOOD, but sometimes, when you're sure that the image is healthy and your destination drive is healthy, it can be a waste of time.

Manipulating and modifying ACL permissions from the command line terminal

Read ACL

ls -le /path/to/dir

Write ACL

chmod -R +a "group:admin allow read write delete" /path/to/dir

Delete ACL

chmod -R -a# 0 /path/to/dir

Run an ASR server

GUI: Protonpack

sudo asr -source /Volumes/Images/image.dmg -server /path/to/config.plist

Restore a client from an ASR server

GUI: NetRestore

sudo asr -source asr://serverip -targer /Volumes/Volume -erase -noverify

Library & ITS Wiki