UPDATE: Since 8.61+ User information can be submitted following the method outlined here.
For couple of years now i’ve ran various flavours of the below script via a login policy on my Mac clients.
The purpose of this script is to first check if the user is a network user, & if so then perform a lookup of their account against AD grabbing information that can then be submitted to the JSS in the relevant fields as per the above.
See below for the script:
Continue readingUPDATE: A tool called authbuddy has just come to my attention that will managed this better & for 10.7+.
Way back in November 2010 I posted a script that would unlock each secure system preference pane for non-admins, (this can be found here).
With Lion came a more granular way to achieve the same, but rather then have a script for 10.6 & another for 10.7 i’ve amalgamated them with an OS check in the script.
I had an issue where a user wished to change DVD region on their mac. Not being an Admin they were not able to change it themselves from what was initially set.
I use the script from the Casper Resource kit titled “unlockRegionCodeSetting.sh” as part of my First run script. This sets the DVD region to the region of the 1st entered DVD. So this didn’t resolve the issue of letting a non-admin change the DVD region code themselves.
The blog post here, explains the situation & what is required. The below script will merely perform what is mentioned in the bottom section of that post. Therefore allowing non-admins to change region code if they are prompted too.
Continue reading
The below is hugely plagarised from a script posted by Mark Bolwell to the Mac Enterprise list.
I use a version of the below in my Casper Imaging workflow to configure the a VPN Cisco IPSec network connection. As i run it at Imaging time i’ve added some logic so it only runs on MacBook models (which you may wish to remove).
The difference for using the below to the other versions i’ve seems is that this method can be ran “silently” with no GUI interaction. As such it can be leveraged to be used with Self-Service.
Continue readingUPDATE: With the release of 10.7.3, you can now do this via "Server.app", so i'd advise against the below method. If you have used the below & upgraded to 10.7.3 & have an error in "Server.app" when managing the web service, click here.
Port redirection is (simply put), where an end user enters: http://mygreatwebsite.com & they are redirected to http://mygreatwebsite.com:(someport).
On Snow Leopard server you could easily set port redirects from within the Server Admin.app, but in Lion server this has all been changed.
The basics of how to enable virtual hosts on Lion server, is covered in this post. As well as links to the more advanced options.
Once Virtual Hosts have been enabled, editing /private/etc/apache2/extra/httpd-vhosts.conf enable the redirects.
Continue readingUPDATE: The below can now be completed using 'Server.app' & as such i'd not advise you perform redirects this way. If you have performed the redirects as directed below, you may have an error which has a resolution mentioned here.
With the move to Lion Server, Apple stripped moved administering the Web service from the new Server.app.
This over-simplification has caused me some head scratching as many of the options I’d become familiar with had been replaced with little more than an On/Off switch.
But don’t fret! It turns out that these options still exist, it’s just you need to hunt for them.
Virtual hosts are best explained in the opening paragraph here. To enable this on Lion Server do the following
Continue reading
We run the following on all macs with a wireless card as a offline policy via Casper at logout.
This script will:
The script itself has been built from a few scripts contained within Caspers Resource Kit & then modified for 10.7+ by myself.
UPDATE: Now works with Lion as it reads the correct node name as seen in Directory Utility.
Having recently started a new role, I needed a mechanism for my Mac users to map drives & printers at login.
Script Logic’s Desktop Authority is used by my new employs PC Admins to mount drives & printers on the PC Clients.
This is using AD Security Groups to map both drives & printers & I decided to follow this methodology for the Mac clients.
This solution actually has 3 parts;
And below, I’ll piece it all together.
Continue readingUPDATE: For 10.8+ see: Managing Apple Software Update Server Across Multiple Servers 10.8+.
An internal Apple Software Update Server (ASUS) allows administrators to control what software updates client computers download etc.. more information about this service can be found here.
This all works great, but the initial setup requires you to manually tick each update to enable it to be downloaded.
This can be a bit of a pain especially when managing mulitple servers.
The following post advises on how to setup a Master ASUS with other servers Replicating the enabled updates. Saving the Admin time when setting up new servers & allowing central management.
Continue readingOSX’s built-in AD Plugin allows for the automated mounting of home/profile folders. The following can be used to disable this mounting:
sudo dsconfigad -useuncpath disable