How To: Change the “Automatic Proxy Configuration” url in System Preferences via a Script


The “Automatic Proxy Configuration” url in System Preferences is used to point the clients to a PAC file to set the proxy server when on the Office LAN. Below are some scripts to manage this setting.

Continue reading

How To: Use fstab within a Casper Imaging workflow


For my future deployments, i’ve decided to partition my managed Macs HD’s with 33% for the OS (which i’ve kept as being called Macintosh HD) & the remaining 67% as User data (which i’ve labelled Users HD).

To do this i’ve been using fstab to mount the “Users HD” partition to /Users. Below is how i achieve this, hope it helps.

Continue reading

How To: Silently Setup VPN on 10.6 & 10.7


The below is hugely plagarised from a script posted by Mark Bolwell to the Mac Enterprise list.

I use a version of the below in my Casper Imaging workflow to configure the a VPN Cisco IPSec network connection. As i run it at Imaging time i’ve added some logic so it only runs on MacBook models (which you may wish to remove).

The difference for using the below to the other versions i’ve seems is that this method can be ran “silently” with no GUI interaction. As such it can be leveraged to be used with Self-Service.

Continue reading

How To: Turn off Wireless Card


We run the following on all macs with a wireless card as a offline policy via Casper at logout.

This script will:

  1. Enable the wireless service if it’s not been enabled.
  2. Clear any set DNS servers & search domains (can be turned off for 10.4, reasoning is that 10.5+ can receive DNS from DHCP)
  3. Turns off the wireless card.

The script itself has been built from a few scripts contained within Caspers Resource Kit & then modified for 10.7+ by myself.

How To: Map Drives & Printers Based On AD Group Membership On OSX


UPDATE: Now works with Lion as it reads the correct node name as seen in Directory Utility.

Having recently started a new role, I needed a mechanism for my Mac users to map drives & printers at login.

Script Logic’s Desktop Authority is used by my new employs PC Admins to mount drives & printers on the PC Clients.

This is using AD Security Groups to map both drives & printers &  I decided to follow this methodology for the Mac clients.

This solution actually has 3 parts;

  1. AppleScript App
  2. LaunchAgent
  3. Postflight Script

And below, I’ll piece it all together.

Continue reading

Need to find out if a Mac has an Wireless Card?

UPDATE: Updated to now work with Lion

The Extension Attribute below checks to see if Mac has either an  Airport  or  Wireless & returns “Yes” is the Mac has one & “No” if it doesn’t.

Continue reading

Managing Apple Software Update Server Across Multiple Servers 10.5/10.6/10.7

UPDATE: For 10.8+ see: Managing Apple Software Update Server Across Multiple Servers 10.8+.

An internal Apple Software Update Server (ASUS) allows administrators to control what software updates client computers download etc.. more information about this service can be found here.

This all works great, but the initial setup requires you to manually tick each update to enable it to be downloaded.

This can be a bit of a pain especially when managing mulitple servers.

The following post advises on how to setup a Master ASUS with other servers Replicating the enabled updates. Saving the Admin time when setting up new servers & allowing central management.

Continue reading

How To: Stop Directory Utility Mounting Home Folder At Login


OSX’s built-in AD Plugin allows for the automated mounting of home/profile folders. The following can be used to disable this mounting:

sudo dsconfigad -useuncpath disable

How To: Script Generating a Kerberos Ticket Granting Ticket (TGT) during an Active Directory user’s initial login


I had this issue with a drive mapping app i create not mapping drives at initial login for AD accounts (this app will be discussed in another post shortly).

The Apple KB with the same title as this post advises how to fix, but if you wish to script it do the following:


How To: Allow All Users To Add Or Remove Printers


Apples KB article on this, gives examples on how to add a network group or mobile account user to the lpadmin group.

If you simply wish each mac account to be a member of the lpadmin group, run the following:

sudo dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin