We run the following on all macs with a wireless card as a offline policy via Casper at logout.
This script will:
- Enable the wireless service if it’s not been enabled.
- Clear any set DNS servers & search domains (can be turned off for 10.4, reasoning is that 10.5+ can receive DNS from DHCP)
- Turns off the wireless card.
The script itself has been built from a few scripts contained within Caspers Resource Kit & then modified for 10.7+ by myself.
UPDATE: Updated to now work with Lion
The Extension Attribute below checks to see if Mac has either an Airport or Wireless & returns “Yes” is the Mac has one & “No” if it doesn’t.
UPDATE: For 10.8+ see: Managing Apple Software Update Server Across Multiple Servers 10.8+.
An internal Apple Software Update Server (ASUS) allows administrators to control what software updates client computers download etc.. more information about this service can be found here.
This all works great, but the initial setup requires you to manually tick each update to enable it to be downloaded.
This can be a bit of a pain especially when managing mulitple servers.
The following post advises on how to setup a Master ASUS with other servers Replicating the enabled updates. Saving the Admin time when setting up new servers & allowing central management.
Apples KB article on this, gives examples on how to add a network group or mobile account user to the lpadmin group.
If you simply wish each mac account to be a member of the lpadmin group, run the following:
sudo dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin
This is an oldie but a goodie..
I’ve found in various environments that if you’ve got AD Mobile Accounts setup on a mac that has an Airport Card as is not connected to the Office LAN logins can take upto 10 minutes.
In all of these environments, the AD Domain was not resolvable outside the LAN.
There are three solutions for this:
Throughout my career as a Mac Admin i’ve often been asked to enforce a screen saver. One environment required a screen saver to always be set, but to allow people to change the desktop background. Another required a screen saver to be set to the corporate standard at each login. This script has been used in both environments to great affect.