From Chris.Lang at vu.edu.au Sun Aug 3 21:06:58 2008 From: Chris.Lang at vu.edu.au (Chris Lang) Date: Mon, 04 Aug 2008 14:06:58 +1000 Subject: [Casper] Packaging Symantec Antivirus version 10 Message-ID: Hi All, I am a new user to Casper and had a quick query. I have packaged up Symantec Antivirus for OS X version 10. Which seems to work fine. When I deploy it though the app works fine but live update and the scheduler fail with errors. Has anyone packaged this up successfully or had issues similar to mine when doing it? Regards, Chris Lang Chris Lang Support Services Advisor Client Services Information Technology Services Phone: +61 3 9919 2735 Fax: +61 3 9919 2785 Mobile: +61 411 259 496 Email: Chris.Lang at vu.edu.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080804/3b62bc41/attachment.html From william.smith at merrillcorp.com Mon Aug 4 07:34:59 2008 From: william.smith at merrillcorp.com (Smith, William) Date: Mon, 04 Aug 2008 09:34:59 -0500 Subject: [Casper] Packaging Symantec Antivirus version 10 In-Reply-To: Message-ID: On 8/3/08 11:06 PM, "Chris Lang" wrote: > Hi All, > > I am a new user to Casper and had a quick query. > > I have packaged up Symantec Antivirus for OS X version 10. Which seems to > work fine. When I deploy it though the app works fine but live update and the > scheduler fail with errors. Has anyone packaged this up successfully or had > issues similar to mine when doing it? Hi Chris! No need to package SAV. You can deploy .pkg files with Casper. We have created additional packages for preferences, internal LiveUpdate server address and the SACM client and also have a script that runs after imaging to update antivirus definitions. Be sure you're running the latest version, which is 10.2.x, so that you also get the menu icon. With 10.1 and earlier that was a separate install. -- bill William M. Smith, Technical Analyst MCS IT Merrill Communications, LLC (651) 632-1492 From ERNSTCS at uwec.edu Mon Aug 4 13:20:39 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Mon, 4 Aug 2008 15:20:39 -0500 Subject: [Casper] Old Xserve Hardware Message-ID: Afternoon, Totally unrelated to the JSS product (although they did run it for me for a long time now), but I'm drawing on the community aspect of JAMF here. I have two PowerPC Xserve G5 systems, Single 2GHz, 2GB, 3 x 80GB drives, and I'm wondering if there is any interest in them somehow. I'm not really seeing much for these systems on eBay. They need a good home for the right price...which currently has not been set. Ping me if you have interest or forward on to someone who may. Thanks, Craig Ernst Systems Management & Configuration ---------------------------------- University of Wisconsin-Eau Claire Learning & Technology Services 105 Garfield Ave Eau Claire, WI 54701 Phone: (715) 836-3639 Fax: (715) 836-6001 ---------------------------------- ernstcs at uwec.edu From swood at integerdallas.com Mon Aug 4 16:14:03 2008 From: swood at integerdallas.com (Steve Wood) Date: Mon, 04 Aug 2008 18:14:03 -0500 Subject: [Casper] Change jamf Helper Splash Screen Message-ID: Is there a way to customize the new splash screen that shows up after imaging a machine and installing say Adobe products? Nice touch by the way, it makes it easier to notice a machine is being imaged still instead of looking for the jamf helper name in the menu bar. However, I?d like to throw our company logo in there maybe, and maybe throw some text in that splash screen. Is it possible? Steve Wood Director of IT swood at integerdallas.com The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201 T 214.758.6813 | F 214.758.6901 | C 940.312.2475 -- The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential. If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission. Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited. Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080804/a46da83d/attachment.htm From ERNSTCS at uwec.edu Mon Aug 4 17:53:28 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Mon, 4 Aug 2008 19:53:28 -0500 Subject: [Casper] Change jamf Helper Splash Screen In-Reply-To: Message-ID: I had a similar request for customization so I could script the installation of like Final Cut Pro to happen at startup as well so the package wasn't cached, it's just so big with the content. It'd call the binary with the text/images I'd want on the screen, etc. I like your idea. Craig E On 8/4/08 6:14 PM, "Steve Wood" wrote: Is there a way to customize the new splash screen that shows up after imaging a machine and installing say Adobe products? Nice touch by the way, it makes it easier to notice a machine is being imaged still instead of looking for the jamf helper name in the menu bar. However, I'd like to throw our company logo in there maybe, and maybe throw some text in that splash screen. Is it possible? Steve Wood Director of IT swood at integerdallas.com The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201 T 214.758.6813 | F 214.758.6901 | C 940.312.2475 ________________________________ -- The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential. If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission. Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited. Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080804/92ec6301/attachment.htm From CMyers at uclan.ac.uk Tue Aug 5 01:58:47 2008 From: CMyers at uclan.ac.uk (Criss Myers) Date: Tue, 05 Aug 2008 09:58:47 +0100 Subject: [Casper] Change jamf Helper Splash Screen In-Reply-To: References: Message-ID: <48982457.BB96.0081.0@uclan.ac.uk> Hi, I would go along with this and love to be able to edit the first run to add final cut studio, logic studio and komplete all of which are over 40gb installs, Also editing the Self Service background would be nice as well with a corporate logo Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Tue, Aug 5, 2008 at 12:14 AM, in message , Steve Wood wrote: Is there a way to customize the new splash screen that shows up after imaging a machine and installing say Adobe products? Nice touch by the way, it makes it easier to notice a machine is being imaged still instead of looking for the jamf helper name in the menu bar. However, I?d like to throw our company logo in there maybe, and maybe throw some text in that splash screen. Is it possible? Steve Wood Director of IT swood at integerdallas.com The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201 T 214.758.6813 | F 214.758.6901 | C 940.312.2475 > >> -- > The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential. If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission. Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited. Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800 > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080805/bc9335db/attachment.html From ERNSTCS at uwec.edu Tue Aug 5 05:49:36 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Tue, 5 Aug 2008 07:49:36 -0500 Subject: [Casper] Change jamf Helper Splash Screen In-Reply-To: <48982457.BB96.0081.0@uclan.ac.uk> Message-ID: Hi Criss, You can modify the first run script at least to be able to install things by creating a script you have set to run at reboot that calls the binary using the install verb, but of course you can't call the jamf helper splash screen. You probably already knew this and specifically meant edit it like we've said with the splash screen so sorry if I'm repeating info. Craig E On 8/5/08 3:58 AM, "Criss Myers" wrote: Hi, I would go along with this and love to be able to edit the first run to add final cut studio, logic studio and komplete all of which are over 40gb installs, Also editing the Self Service background would be nice as well with a corporate logo Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Tue, Aug 5, 2008 at 12:14 AM, in message , Steve Wood wrote: Is there a way to customize the new splash screen that shows up after imaging a machine and installing say Adobe products? Nice touch by the way, it makes it easier to notice a machine is being imaged still instead of looking for the jamf helper name in the menu bar. However, I'd like to throw our company logo in there maybe, and maybe throw some text in that splash screen. Is it possible? Steve Wood Director of IT swood at integerdallas.com The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201 T 214.758.6813 | F 214.758.6901 | C 940.312.2475 > > ________________________________ > -- > The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential. If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission. Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited. Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800 > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080805/0db9ccf6/attachment-0001.html From tgreenleaf at saintmarksschool.org Tue Aug 5 12:26:52 2008 From: tgreenleaf at saintmarksschool.org (Tatian Greenleaf) Date: Tue, 05 Aug 2008 12:26:52 -0700 Subject: [Casper] Computer name won't stick Message-ID: This isn't directly related to Casper, but it is a problem I'm having after I re-image computers. On about half of our eMacs, the Computer Name (sharing name) will not stick. I can change it in the Sharing pref panel, but after restarting the computer, it reverts back. Has anyone experienced this? I read that it could be related to open directory / LDAP settings, but I don't know how to prevent it from happening. ____________________________ Tatian Greenleaf Associate Director of Technology Saint Mark's School (415) 472-8000 x1014 From NATHANIEL.LINDLEY at spps.org Tue Aug 5 12:39:44 2008 From: NATHANIEL.LINDLEY at spps.org (NATHANIEL.LINDLEY at spps.org) Date: Tue, 5 Aug 2008 14:39:44 -0500 Subject: [Casper] Computer name won't stick In-Reply-To: Message-ID: Tatian, Check in Workgroup Manager to see if the computers are part of a list and you have the "enforce computer name" checkbox in WGM for that machine or group. -Nathaniel "Tatian Greenleaf" Sent by: casper-bounces at list.jamfsoftware.com 08/05/08 02:26 PM To casper at list.jamfsoftware.com cc Subject [Casper] Computer name won't stick This isn't directly related to Casper, but it is a problem I'm having after I re-image computers. On about half of our eMacs, the Computer Name (sharing name) will not stick. I can change it in the Sharing pref panel, but after restarting the computer, it reverts back. Has anyone experienced this? I read that it could be related to open directory / LDAP settings, but I don't know how to prevent it from happening. ____________________________ Tatian Greenleaf Associate Director of Technology Saint Mark's School (415) 472-8000 x1014 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080805/7c345c42/attachment.htm From tgreenleaf at saintmarksschool.org Wed Aug 6 16:29:57 2008 From: tgreenleaf at saintmarksschool.org (Tatian Greenleaf) Date: Wed, 06 Aug 2008 16:29:57 -0700 Subject: [Casper] Computer name won't stick [FIXED] In-Reply-To: References: Message-ID: Thanks... I had a tough time finding the checkbox, but once I did, it seems to have done the trick: [Image:8608_43019_0.png] Tatian casper at list.jamfsoftware.com writes: >Message: 2 >Date: Tue, 5 Aug 2008 14:39:44 -0500 >From: NATHANIEL.LINDLEY at spps.org >Subject: Re: [Casper] Computer name won't stick >To: "Tatian Greenleaf" >Cc: casper-bounces at list.jamfsoftware.com, casper at list.jamfsoftware.com >Message-ID: > >Content-Type: text/plain; charset="us-ascii" > >Tatian, >Check in Workgroup Manager to see if the computers are part of a list and >you have the "enforce computer name" checkbox in WGM for that machine or >group. >-Nathaniel -------------- next part -------------- A non-text attachment was scrubbed... Name: 8608_43019_0.png Type: image/png Size: 7733 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080806/9e453031/attachment.png From rcorbin at mac.com Thu Aug 7 11:10:28 2008 From: rcorbin at mac.com (Roger Corbin) Date: Thu, 07 Aug 2008 11:10:28 -0700 Subject: [Casper] Enable Leopard Guest Account ? In-Reply-To: <51FB031C-BC46-45D5-881A-B57E2B7DF760@apple.com> References: <51FB031C-BC46-45D5-881A-B57E2B7DF760@apple.com> Message-ID: <1A4EC0CB-C209-4D75-93B4-377C0727FA8E@mac.com> Thanks for the tip on this John but I seem to have hit another strange roadblock. Is it just me or is there no way to browse the network for computers and add them as computer accounts in 10.5 server's Workgroup Manager ? There used to be a browse function in 10.4.x Workgroup Manager where you could browse the network for machines and then drag them in. I have been looking all over for this function in 10.5 WGM. After I couldn't find it I started reading through the manual to see what it says. All it mentions is adding them by MAC address. Is this feature really gone ? Are they planning to add it back ? As a plan B is there some way to import a list of MAC addresses ? I can't say I really want to enter in hundreds of MAC addresses in by hand. Roger Corbin Richmond School District #38 On 31-Jul-08, at 1:02 PM, John DeTroye wrote: > Workgroup Manager, Login prefs - has a checkbox to enable Guest > account on all managed systems. If you want it on only a few > systems, create a computer group of just those systems, then set > that pref just for that group. > > johnd > > On Jul 31, 2008, at 1:45 PM, Roger Corbin wrote: > >> The 10.5.x OS package that we are currently using has the Leopard >> guest account disabled. >> >> We have a few machines out there that we would actually like to >> enable >> this on. I'm trying to figure out if there >> is a way to enable it via command line, but I can't find any command >> line interface to that setting. >> >> Has anyone out there managed to do this ? >> >> I can have Casper create a guest account, but it would be nice to use >> the standard Leopard one as all the >> data gets erased each time a guest user logs out. >> >> Roger Corbin >> Richmond School District 38 >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > > -- > John DeTroye Email: johnd at apple.com > Sr. Consulting Engineer Work: 303-933-1807 > Systems Management Specialist Fax: 303-979-6616 > Apple - Education iChat: johnd at mac.com > Tips and Tricks Docs - http://idisk.mac.com/johnd > -- > > > > From RIVERAR at email.chop.edu Thu Aug 7 12:00:51 2008 From: RIVERAR at email.chop.edu (Raymond Rivera) Date: Thu, 07 Aug 2008 15:00:51 -0400 Subject: [Casper] Casper Digest, Vol 20, Issue 4 Message-ID: I will be out of the office from Thursday , August 7 until Monday, August 11 and will be returning on Tuesday August 12. From rcorbin at mac.com Thu Aug 7 13:05:03 2008 From: rcorbin at mac.com (Roger Corbin) Date: Thu, 07 Aug 2008 13:05:03 -0700 Subject: [Casper] Enable Leopard Guest Account ? [Fixed] In-Reply-To: <1A4EC0CB-C209-4D75-93B4-377C0727FA8E@mac.com> References: <51FB031C-BC46-45D5-881A-B57E2B7DF760@apple.com> <1A4EC0CB-C209-4D75-93B4-377C0727FA8E@mac.com> Message-ID: With the help from someone on the OS X servers list I have it figured out. You need to go to the Computers Groups tab and look at the members section. At that point there is a button with a "..." label that if clicked on let's you browse the network and add members. Somehow it just wasn't as obvious as it was in 10.4. Roger On 7-Aug-08, at 11:10 AM, Roger Corbin wrote: > Thanks for the tip on this John but I seem to have hit another > strange roadblock. > > Is it just me or is there no way to browse the network for computers > and add them as computer accounts in 10.5 server's Workgroup > Manager ? There used to be a browse function in 10.4.x Workgroup > Manager where you could browse the network for machines and then > drag them in. I have been looking all over for this function in 10.5 > WGM. After I couldn't find it I started reading through the manual > to see what it says. All it mentions is adding them by MAC address. > Is this feature really gone ? Are they planning to add it back ? As > a plan B is there some way to import a list of MAC addresses ? I > can't say I really want to enter in hundreds of MAC addresses in by > hand. > > Roger Corbin > Richmond School District #38 > > On 31-Jul-08, at 1:02 PM, John DeTroye wrote: > >> Workgroup Manager, Login prefs - has a checkbox to enable Guest >> account on all managed systems. If you want it on only a few >> systems, create a computer group of just those systems, then set >> that pref just for that group. >> >> johnd >> >> On Jul 31, 2008, at 1:45 PM, Roger Corbin wrote: >> >>> The 10.5.x OS package that we are currently using has the Leopard >>> guest account disabled. >>> >>> We have a few machines out there that we would actually like to >>> enable >>> this on. I'm trying to figure out if there >>> is a way to enable it via command line, but I can't find any command >>> line interface to that setting. >>> >>> Has anyone out there managed to do this ? >>> >>> I can have Casper create a guest account, but it would be nice to >>> use >>> the standard Leopard one as all the >>> data gets erased each time a guest user logs out. >>> >>> Roger Corbin >>> Richmond School District 38 >>> _______________________________________________ >>> Casper mailing list >>> Casper at list.jamfsoftware.com >>> http://list.jamfsoftware.com/mailman/listinfo/casper >> >> -- >> John DeTroye Email: johnd at apple.com >> Sr. Consulting Engineer Work: 303-933-1807 >> Systems Management Specialist Fax: 303-979-6616 >> Apple - Education iChat: johnd at mac.com >> Tips and Tricks Docs - http://idisk.mac.com/johnd >> -- >> >> >> >> > From paul.austin at wachovia.com Sun Aug 10 17:39:34 2008 From: paul.austin at wachovia.com (Paul Austin) Date: Sun, 10 Aug 2008 20:39:34 -0400 Subject: [Casper] Office 2008 Template bug Message-ID: Has anyone been able to put together a package to deal with the Office 2008 template bug yet? This is the bug where Word, Powerpoint, and Excel files are saved as templates when saved from a web site or from an attachment in mail. Documentation on a fix for Office can be found in this posting: http://discussions.apple.com/message.jspa?messageID=6401575#6403855. I put together a package with the updated files in it, but have been unable to figure out a way to script the command. It needs to be run as each user on a system to function. Thanks Paul Austin Wachovia Desktop Services 704 427-0903 From ERNSTCS at uwec.edu Mon Aug 11 10:46:13 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Mon, 11 Aug 2008 12:46:13 -0500 Subject: [Casper] Change jamf Helper Splash Screen In-Reply-To: <48982457.BB96.0081.0@uclan.ac.uk> Message-ID: I have another use for being able to customize the jamfHelper, and that is for my nightly maintenance script I run at startup during a reboot in the AM. Depending on the amount of data being moved around it would be nice if someone couldn't see the login screen while that process was occurring and tell them maintenance is being performed until it had finished. Craig E On 8/5/08 3:58 AM, "Criss Myers" wrote: Hi, I would go along with this and love to be able to edit the first run to add final cut studio, logic studio and komplete all of which are over 40gb installs, Also editing the Self Service background would be nice as well with a corporate logo Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Tue, Aug 5, 2008 at 12:14 AM, in message , Steve Wood wrote: Is there a way to customize the new splash screen that shows up after imaging a machine and installing say Adobe products? Nice touch by the way, it makes it easier to notice a machine is being imaged still instead of looking for the jamf helper name in the menu bar. However, I'd like to throw our company logo in there maybe, and maybe throw some text in that splash screen. Is it possible? Steve Wood Director of IT swood at integerdallas.com The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201 T 214.758.6813 | F 214.758.6901 | C 940.312.2475 > > ________________________________ > -- > The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential. If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission. Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited. Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800 > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080811/28ba0209/attachment.html From tgreenleaf at saintmarksschool.org Mon Aug 11 11:32:00 2008 From: tgreenleaf at saintmarksschool.org (Tatian Greenleaf) Date: Mon, 11 Aug 2008 11:32:00 -0700 Subject: [Casper] How to reset DNS for JSS? Message-ID: I can't seem to find this anywhere... how do I reset the IP Address/DNS for the JSS? I originally setup the JSS to use a DNS Name, but I now need to switch it back to an IP Address for use with netbooting. Thanks, ____________________________ Tatian Greenleaf Associate Director of Technology Saint Mark's School (415) 472-8000 x1014 From joelande at hibbing.k12.mn.us Mon Aug 11 11:44:03 2008 From: joelande at hibbing.k12.mn.us (Joel R. Anderson) Date: Mon, 11 Aug 2008 13:44:03 -0500 Subject: [Casper] How to reset DNS for JSS? In-Reply-To: References: Message-ID: "Tatian Greenleaf" on August 11, 2008 at 1:32 PM -0500 wrote: > I originally setup the JSS to use a DNS Name, but I now need >to switch it back to an IP Address for use with netbooting. I can't answer your specific question (we have only been running Casper for 10 days, and haven't had our "JumpStart" yet), but we NetBoot with JSS's DNS name without any problems. ''''''' ^-O-O-^ +----oOO----(_)--------------+ | Joel Anderson | | Director of Technology | | Hibbing Public Schools | | www.hibbing.k12.mn.us | +----------------------oOO---+ |__|__| || || ooO Ooo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080811/48f7b682/attachment.html From tlarki at kckps.org Mon Aug 11 11:44:49 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 11 Aug 2008 13:44:49 -0500 Subject: [Casper] How to reset DNS for JSS? Message-ID: <48A0425102000039000011FD@gwoes4.kckps.org> When you create your Netboot installer/image it asks you to point it to your casper application. Before you create if, if you hold down the option key and open up Casper.app it will ask you for the JSS info. You can simply put an IP address in there instead of DNS. Or, if you are feeling tricky your client machines store the JSS info in /etc/jamf.conf so you can edit that holds the JSS info. For example, since I am at my iMac right this moment, I will show you what it looks like: tlarkin$ cat /etc/jamf.conf #### #### jamf.conf -- JAMF Software Configuration File #### this file will allow Recon, Casper and the jamf command line #### application to locate the JSS (JAMF Software Server) they need #### to communicate with serverAddress = xs001-casper.kckps.org serverPort = 9006 securePort = 8443 serverPath = ssl = true vncPort = 5999 Where it says "server address" you can just put in your IP instead of DNS, and then do a mass copy of that file via ARD admin or a casper policy or whatever. I think it would be easier to build the netboot image though the way I first explained it. Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> "Tatian Greenleaf" 08/11/08 1:36 PM >>> I can't seem to find this anywhere... how do I reset the IP Address/DNS for the JSS? I originally setup the JSS to use a DNS Name, but I now need to switch it back to an IP Address for use with netbooting. Thanks, ____________________________ Tatian Greenleaf Associate Director of Technology Saint Mark's School (415) 472-8000 x1014 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From tlarki at kckps.org Mon Aug 11 11:46:41 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 11 Aug 2008 13:46:41 -0500 Subject: [Casper] How to reset DNS for JSS? Message-ID: <48A042C10200003900001202@gwoes4.kckps.org> I assume you are netbooting behind NAT? I just did the same thing and since I didn't feel like forwarding a bunch of ports for DNS to go through NAT, I just decided to do that same thing you did and do it by IP address. Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> "Joel R. Anderson" 08/11/08 1:44 PM >>> "Tatian Greenleaf" on August 11, 2008 at 1:32 PM -0500 wrote: > I originally setup the JSS to use a DNS Name, but I now need >to switch it back to an IP Address for use with netbooting. I can't answer your specific question (we have only been running Casper for 10 days, and haven't had our "JumpStart" yet), but we NetBoot with JSS's DNS name without any problems. ''''''' ^-O-O-^ +----oOO----(_)--------------+ | Joel Anderson | | Director of Technology | | Hibbing Public Schools | | www.hibbing.k12.mn.us | +----------------------oOO---+ |__|__| || || ooO Ooo From ERNSTCS at uwec.edu Mon Aug 11 11:47:33 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Mon, 11 Aug 2008 13:47:33 -0500 Subject: [Casper] How to reset DNS for JSS? In-Reply-To: Message-ID: You can run the following command on the clients: /usr/sbin/jamf createConf -server -target '/Volumes/Macintosh HD' -port 9006 -securePort 8443 -ssl Check: /usr/sbin/jamf help createConf Craig E On 8/11/08 1:32 PM, "Tatian Greenleaf" wrote: I can't seem to find this anywhere... how do I reset the IP Address/DNS for the JSS? I originally setup the JSS to use a DNS Name, but I now need to switch it back to an IP Address for use with netbooting. Thanks, ____________________________ Tatian Greenleaf Associate Director of Technology Saint Mark's School (415) 472-8000 x1014 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080811/10c7056c/attachment.htm From joelande at hibbing.k12.mn.us Mon Aug 11 11:48:09 2008 From: joelande at hibbing.k12.mn.us (Joel R. Anderson) Date: Mon, 11 Aug 2008 13:48:09 -0500 Subject: [Casper] How to reset DNS for JSS? In-Reply-To: <48A042C10200003900001202@gwoes4.kckps.org> References: <48A042C10200003900001202@gwoes4.kckps.org> Message-ID: "Thomas Larkin" on August 11, 2008 at 1:46 PM -0500 wrote: >I assume you are netbooting behind NAT? Yes, and using the FQDN works just fine ''''''' ^-O-O-^ +----oOO----(_)--------------+ | Joel Anderson | | Director of Technology | | Hibbing Public Schools | | www.hibbing.k12.mn.us | +----------------------oOO---+ |__|__| || || ooO Ooo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080811/7b80f9cb/attachment.htm From tgreenleaf at saintmarksschool.org Mon Aug 11 11:46:55 2008 From: tgreenleaf at saintmarksschool.org (Tatian Greenleaf) Date: Mon, 11 Aug 2008 11:46:55 -0700 Subject: [Casper] How to reset DNS for JSS? In-Reply-To: References: Message-ID: Am I right in assuming that will only fix it on that individual client? I'm looking for a way at the server level, since all of my clients are trying to connect to the DNS Name and timing out. Tatian "Ernst, Craig S." writes: >You can run the following command on the clients: > >/usr/sbin/jamf createConf ?server -target ?/Volumes/Macintosh HD? >-porrt 9006 ?securePort 8443 ?ssl > >Check: /usr/sbin/jamf help createConf > >Craig E From tlarki at kckps.org Mon Aug 11 11:53:46 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 11 Aug 2008 13:53:46 -0500 Subject: [Casper] How to reset DNS for JSS? Message-ID: <48A0446A020000390000120D@gwoes4.kckps.org> If you are netbooting behind NAT, and want to use an IP instead of DNS just recreate the netboot image/installer and configure the casper app to look at the IP instead of the DNS, or modify the /etc/jamf.conf file like I had mentioned earlier. Hope that helps you, Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> "Tatian Greenleaf" 08/11/08 1:51 PM >>> Am I right in assuming that will only fix it on that individual client? I'm looking for a way at the server level, since all of my clients are trying to connect to the DNS Name and timing out. Tatian "Ernst, Craig S." writes: >You can run the following command on the clients: > >/usr/sbin/jamf createConf ?server -target ?/Volumes/Macintosh HD? >-porrt 9006 ?securePort 8443 ?ssl > >Check: /usr/sbin/jamf help createConf > >Craig E _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From ERNSTCS at uwec.edu Mon Aug 11 12:04:18 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Mon, 11 Aug 2008 14:04:18 -0500 Subject: [Casper] How to reset DNS for JSS? In-Reply-To: Message-ID: That's the thing though...the "Clients" are busted so you have to update the /etc/jamf.conf file on all the clients. If you use Casper (Remote) to perform this command on anything you can currently talk to this will fix the client piece. As far as when a new machine gets imaged then you have to do what Thomas suggests as the etc file gets written with the same server as the Casper (Imaging) application uses. Craig E On 8/11/08 1:46 PM, "Tatian Greenleaf" wrote: Am I right in assuming that will only fix it on that individual client? I'm looking for a way at the server level, since all of my clients are trying to connect to the DNS Name and timing out. Tatian "Ernst, Craig S." writes: >You can run the following command on the clients: > >/usr/sbin/jamf createConf -server -target '/Volumes/Macintosh HD' >-porrt 9006 -securePort 8443 -ssl > >Check: /usr/sbin/jamf help createConf > >Craig E -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080811/68f72a2a/attachment.htm From mwv1 at meadwestvaco.com Mon Aug 11 12:23:20 2008 From: mwv1 at meadwestvaco.com (Michael W VanVliet) Date: Mon, 11 Aug 2008 15:23:20 -0400 Subject: [Casper] Michael W VanVliet is out of the office. Message-ID: I will be out of the office starting 08/11/2008 and will not return until 08/18/2008. I will respond to your message when I return. This electronic message contains information from MeadWestvaco Corporation or subsidiary companies, which may be confidential, privileged or otherwise protected from disclosure. The information is intended to be used solely by the recipient(s) named. If you are not an intended recipient, be aware that any review, disclosure, copying, distribution or use of this transmission or its contents is prohibited. If you have received this transmission in error, please notify MeadWestvaco immediately at postmaster at mwv.com. From josh at jamfsoftware.com Mon Aug 11 12:54:32 2008 From: josh at jamfsoftware.com (Josh Holland) Date: Mon, 11 Aug 2008 12:54:32 -0700 Subject: [Casper] How to reset DNS for JSS? In-Reply-To: Message-ID: Hello, I just want to clarify what it is you are trying to accomplish. The JAMF configuration file (/etc/jamf.conf) on the client is only used for checking in to the JSS (ie for updating the client's IP and checking for Policies etc), and does not affect NetBoot. In fact, we recommend using a fully qualified DNS name for this. Your NetBoot server's IP address should be entered in the JSS > Management tab > NetBoot Servers. Once set there, when you tell your clients to NetBoot to a specific server using Casper Remote or a Policy, it will use that IP address. Please let me know if I am understanding the issue correctly, and if the above will resolve the problem. Thanks, Josh ............................................................................ Joshua Holland Sr. Systems Engineer ............................................................................ JAMF Software 1011 Washington Ave S. #350 Minneapolis, MN 55415 ............................................................................ Office (612) 605-6625 Fax (612) 332-9054 ............................................................................ http://www.jamfsoftware.com On 8/11/08 1:32 PM, "Tatian Greenleaf" wrote: I can't seem to find this anywhere... how do I reset the IP Address/DNS for the JSS? I originally setup the JSS to use a DNS Name, but I now need to switch it back to an IP Address for use with netbooting. Thanks, ____________________________ Tatian Greenleaf Associate Director of Technology Saint Mark's School (415) 472-8000 x1014 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080811/6c5ad051/attachment.htm From tlarki at kckps.org Mon Aug 11 13:07:23 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 11 Aug 2008 15:07:23 -0500 Subject: [Casper] enable root account via casper policy? Message-ID: <48A05528020000390000122B@gwoes4.kckps.org> So, Well I thought it would be a good idea to not enable the root account since there was no practical or real use for it. Now, there is a practical use for it, mainly with students (since I am in edu) and AUP violations. Is there a way to enable it remotely, say through a casper policy? It looks as if I use the dscl command and put a password on the root account it will enable it next reboot? Has anyone tried this? If I do a dscl . list /Users it will list that the root account is there but it is not enabled in my main image. I think if I put a password on the account it would be accessible. Has anyone done anything like this before? Thanks, Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 From tlarki at kckps.org Mon Aug 11 13:37:56 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 11 Aug 2008 15:37:56 -0500 Subject: [Casper] enable root account via casper policy? Message-ID: <48A05BC70200003900001239@gwoes4.kckps.org> Well my Google-Fu sucks, because I didn't come up with the answer, but Cam emailed me the proper command and it works /usr/sbin/dsenableroot -u local_admin -p local_admin_pw -r root_password Of course fill in the blanks and that is how you enable the root account. just FYI for anyone who was curious. Thx Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> "Thomas Larkin" 08/11/08 3:06 PM >>> So, Well I thought it would be a good idea to not enable the root account since there was no practical or real use for it. Now, there is a practical use for it, mainly with students (since I am in edu) and AUP violations. Is there a way to enable it remotely, say through a casper policy? It looks as if I use the dscl command and put a password on the root account it will enable it next reboot? Has anyone tried this? If I do a dscl . list /Users it will list that the root account is there but it is not enabled in my main image. I think if I put a password on the account it would be accessible. Has anyone done anything like this before? Thanks, Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From cpb10 at cam.ac.uk Tue Aug 12 08:30:35 2008 From: cpb10 at cam.ac.uk (Clare Bartlet) Date: Tue, 12 Aug 2008 16:30:35 +0100 Subject: [Casper] Store on JSS setting won't stick Message-ID: For some reason the setting 'Store on JSS' isn't sticking I have been going to Inventory, search for computers and then individually edit their autorun data. Other settings in here such as 'Run Automatically' are being saving but if I tick Store on JSS and then the Save Autorun Data when I come back to look again it hasn't been saved. Any idea what is going on here? it's very frustrating..... Clare -------------------------------------------- Clare Bartlet mailto:cpb10 at cam.ac.uk Macintosh Support phone: +44 1223 334723 University of Cambridge Computing Service New Museums Site, Pembroke Street, Cambridge CB2 3QH -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080812/2869d823/attachment.html From nicometo.tim at mayo.edu Tue Aug 12 08:36:56 2008 From: nicometo.tim at mayo.edu (Tim Nicometo) Date: Tue, 12 Aug 2008 10:36:56 -0500 Subject: [Casper] Casper Admin 6 Speed Message-ID: We recently upgraded to Casper version 6, and I have noticed that copy files to Casper Admin as well as saving appears to take about 3-4 times as long as it used to. Has anyone else noticed this, or is it just me? Thanks... Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080812/81c0fb6c/attachment.html From eyoung at thayer.org Tue Aug 12 09:33:22 2008 From: eyoung at thayer.org (Eric Young) Date: Tue, 12 Aug 2008 12:33:22 -0400 Subject: [Casper] Casper Admin 6 Speed In-Reply-To: References: Message-ID: <8119D559-32F5-44E9-888F-4143EBCC521C@thayer.org> nice and responsive here. I would even say that 6 feels a bit faster than 5 for copies and the like. On Aug 12, 2008, at 11:36 AM, Tim Nicometo wrote: > We recently upgraded to Casper version 6, and I have noticed that > copy files to Casper Admin as well as saving appears to take about > 3-4 times as long as it used to. Has anyone else noticed this, or > is it just me? Thanks... > > Tim > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080812/51e131a5/attachment.htm From ERNSTCS at uwec.edu Tue Aug 12 10:46:32 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Tue, 12 Aug 2008 12:46:32 -0500 Subject: [Casper] Casper Admin 6 Speed In-Reply-To: <8119D559-32F5-44E9-888F-4143EBCC521C@thayer.org> Message-ID: I'd have to agree with Eric, that I think things have been faster. Craig On 8/12/08 11:33 AM, "Eric Young" wrote: nice and responsive here. I would even say that 6 feels a bit faster than 5 for copies and the like. On Aug 12, 2008, at 11:36 AM, Tim Nicometo wrote: We recently upgraded to Casper version 6, and I have noticed that copy files to Casper Admin as well as saving appears to take about 3-4 times as long as it used to. Has anyone else noticed this, or is it just me? Thanks... Tim _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080812/95fc9d09/attachment.html From jeremymatthews at mac.com Tue Aug 12 10:54:17 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Tue, 12 Aug 2008 13:54:17 -0400 Subject: [Casper] Casper Admin 6 Speed In-Reply-To: References: Message-ID: <58E68A00-5B9B-400A-89F3-D2AA3BF53BFB@mac.com> I would say Casper 6 has been about the same for us as 5 - except when we use additional distribution points it seems to take longer, even though that is a separate syncing function. Thanks, j On Aug 12, 2008, at 1:46 PM, casper-request at list.jamfsoftware.com wrote: > We recently upgraded to Casper version 6, and I have noticed that > copy files > to Casper Admin as well as saving appears to take about 3-4 times as > long as > it used to. Has anyone else noticed this, or is it just me? > Thanks... From Chris.Lang at vu.edu.au Tue Aug 12 17:22:04 2008 From: Chris.Lang at vu.edu.au (Chris Lang) Date: Wed, 13 Aug 2008 10:22:04 +1000 Subject: [Casper] Self Service Policy Descriptions Message-ID: Hi All, Just a quick question, I am trying to add a lengthy description to a software deploy that I am making available via self service. The description is just plain text but I need carriage returns and line wraps in it to make it readable however when I check the self service app the line breaks have been stripped out and the text is just wrapped. Is there a way to customize the way that the description is displayed via HTML tags or another method? Regards, Chris Chris Lang Support Services Advisor Client Services Information Technology Services Phone: +61 3 9919 2735 Fax: +61 3 9919 2785 Mobile: +61 411 259 496 Email: Chris.Lang at vu.edu.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080813/8a65d0c6/attachment.htm From joelande at hibbing.k12.mn.us Tue Aug 12 18:45:30 2008 From: joelande at hibbing.k12.mn.us (Joel R. Anderson) Date: Tue, 12 Aug 2008 20:45:30 -0500 Subject: [Casper] Self Service Policy Descriptions In-Reply-To: References: Message-ID: Chris Lang on August 12, 2008 at 7:22 PM -0500 wrote: >Is there a way to customize the way that the description is displayed via >HTML tags or another method? If it is HTML, did you try the
tag? ''''''' ^-O-O-^ +----oOO----(_)--------------+ | Joel Anderson | | Director of Technology | | Hibbing Public Schools | | www.hibbing.k12.mn.us | +----------------------oOO---+ |__|__| || || ooO Ooo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080812/7b276bdc/attachment.html From tlarki at kckps.org Wed Aug 13 13:29:16 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 13 Aug 2008 15:29:16 -0500 Subject: [Casper] migrating JSS to new server Message-ID: <48A2FDCC02000039000013E0@gwoes4.kckps.org> So, I got my new servers in and want to migrate my JSS to my new awesome intel xeon xserve. I am exporting the MySQL database now. When I set up the JSS at home for when I want to take my work home I just installed JSS with the setup utility and then imported my exported database and it seemed to pick everything up. Any tips or caveats or anything else I should know in doing this? I will be upgrading to version 6 as well, so I can just import my version 5.13 into 6 with out any issues? I was beta testing 6 at home and it worked for me at home, but this is a live environment so I would like any feed back anyone can give me. Thanks tom From Halvorson.Jason at mayo.edu Wed Aug 13 13:52:43 2008 From: Halvorson.Jason at mayo.edu (Jason Halvorson) Date: Wed, 13 Aug 2008 15:52:43 -0500 Subject: [Casper] migrating JSS to new server - tip In-Reply-To: <48A2FDCC02000039000013E0@gwoes4.kckps.org> Message-ID: Just double check that your distribution point is created and permissioned correctly after the move, especially if your JSS is also a distribution share. I recently moved from a G5 Desktop to a Intel Xserve. The process went so smoothly that I felt I had to check all the pieces (Casper Remote, Casper Admin, JSS) over three times. Jason > From: Thomas Larkin > Date: Wed, 13 Aug 2008 15:29:16 -0500 > To: > Subject: [Casper] migrating JSS to new server > > So, I got my new servers in and want to migrate my JSS to my new awesome intel > xeon xserve. I am exporting the MySQL database now. > > When I set up the JSS at home for when I want to take my work home I just > installed JSS with the setup utility and then imported my exported database > and it seemed to pick everything up. > > Any tips or caveats or anything else I should know in doing this? I will be > upgrading to version 6 as well, so I can just import my version 5.13 into 6 > with out any issues? > > I was beta testing 6 at home and it worked for me at home, but this is a live > environment so I would like any feed back anyone can give me. > > Thanks > > tom > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper From HPOSTMAN at capousd.org Wed Aug 13 14:35:28 2008 From: HPOSTMAN at capousd.org (Postman, Hillary) Date: Wed, 13 Aug 2008 14:35:28 -0700 Subject: [Casper] migrating JSS to new server In-Reply-To: <48A2FDCC02000039000013E0@gwoes4.kckps.org> References: <48A2FDCC02000039000013E0@gwoes4.kckps.org> Message-ID: <91068919656B4F49948AE1E05E77FFAD06633AE0@DIST-WIN-MAIL-8.cusdnet.org> If you are migrating you also have to remove the top two keys from the config file on the server, (System/Library/LaunchDaemons/com.jamfsoftware.tomcat.plist) I did call in to get this help because we couldn't start the Tomcat portion of the server without doing this. Apparently the fix is coming but you will have to manually do this. My instructions aren't quite together enough to send so I recommend putting in a call to tech support. Hillary Hillary Postman Technology Support Specialist III Capistrano Unified School District 33122 Valle Road San Juan Capistrano, CA 92675 (949) 234-5530/FAX: (949) 487-5431 -----Original Message----- From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of Thomas Larkin Sent: Wednesday, August 13, 2008 1:29 PM To: casper at list.jamfsoftware.com Subject: [Casper] migrating JSS to new server So, I got my new servers in and want to migrate my JSS to my new awesome intel xeon xserve. I am exporting the MySQL database now. When I set up the JSS at home for when I want to take my work home I just installed JSS with the setup utility and then imported my exported database and it seemed to pick everything up. Any tips or caveats or anything else I should know in doing this? I will be upgrading to version 6 as well, so I can just import my version 5.13 into 6 with out any issues? I was beta testing 6 at home and it worked for me at home, but this is a live environment so I would like any feed back anyone can give me. Thanks tom _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From Chris.Lang at vu.edu.au Wed Aug 13 15:18:07 2008 From: Chris.Lang at vu.edu.au (Chris Lang) Date: Thu, 14 Aug 2008 08:18:07 +1000 Subject: [Casper] Packaging Cisco VPN issues Message-ID: Hi, Sorry about the last post for some reason sent from one of the other accounts I have running. I have packaged Cisco VPN using composer and uploaded the package to the JSS. When I deploy via either HTTP or AFP it downloads or mounts the package but doesn?t copy any of the content? Has anyone experienced this with this app or other packages. I am using Casper 6 and other composer packages I have created all work fine. Regards, Chris Chris Lang Support Services Advisor Client Services Information Technology Services Phone: +61 3 9919 2735 Fax: +61 3 9919 2785 Mobile: +61 411 259 496 Email: Chris.Lang at vu.edu.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080814/b60a5599/attachment.html From TLARKI at kckps.org Thu Aug 14 07:02:35 2008 From: TLARKI at kckps.org (Thomas Larkin) Date: Thu, 14 Aug 2008 09:02:35 -0500 Subject: [Casper] migrating JSS to new server In-Reply-To: <48A3F4AB020000390000141B@gwoes4.kckps.org> References: <48A3F4AB0200003900001418@gwoes4.kckps.org> <48A3F4AB020000390000141B@gwoes4.kckps.org> Message-ID: <48A3F4AB020000390000141B@gwoes4.kckps.org> Got it done last night all is well but I forgot to transfer some packages. Which is actually ok because I had some bad habits which were fixed at the cca training back in june. It was easy and straight forward. I just upgraded the old one to 6 the created a full back up. Set up new server with afp and raid then installed the jss and restored the back up and voila all done. A very painless procedure. -----Original Message----- From: "Postman, Hillary" To: casper at list.jamfsoftware.com BCC: Thomas Larkin Creation Date: 8/13 4:35 pm Subject: Re: [Casper] migrating JSS to new server If you are migrating you also have to remove the top two keys from the config file on the server, (System/Library/LaunchDaemons/com.jamfsoftware.tomcat.plist) I did call in to get this help because we couldn't start the Tomcat portion of the server without doing this. Apparently the fix is coming but you will have to manually do this. My instructions aren't quite together enough to send so I recommend putting in a call to tech support. Hillary Hillary Postman Technology Support Specialist III Capistrano Unified School District 33122 Valle Road San Juan Capistrano, CA 92675 (949) 234-5530/FAX: (949) 487-5431 -----Original Message----- From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of Thomas Larkin Sent: Wednesday, August 13, 2008 1:29 PM To: casper at list.jamfsoftware.com Subject: [Casper] migrating JSS to new server So, I got my new servers in and want to migrate my JSS to my new awesome intel xeon xserve. I am exporting the MySQL database now. When I set up the JSS at home for when I want to take my work home I just installed JSS with the setup utility and then imported my exported database and it seemed to pick everything up. Any tips or caveats or anything else I should know in doing this? I will be upgrading to version 6 as well, so I can just import my version 5.13 into 6 with out any issues? I was beta testing 6 at home and it worked for me at home, but this is a live environment so I would like any feed back anyone can give me. Thanks tom _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From ERNSTCS at uwec.edu Thu Aug 14 07:04:58 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Thu, 14 Aug 2008 09:04:58 -0500 Subject: [Casper] migrating JSS to new server In-Reply-To: <48A3F4AB020000390000141B@gwoes4.kckps.org> Message-ID: Yes...yes it is... Don't you wish everything was that easy? On 8/14/08 9:02 AM, "Thomas Larkin" wrote: voila all done. A very painless procedure. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080814/e29cc0a5/attachment.html From rcorbin at mac.com Thu Aug 14 09:45:32 2008 From: rcorbin at mac.com (Roger Corbin) Date: Thu, 14 Aug 2008 09:45:32 -0700 Subject: [Casper] Permissions On Casper share point In-Reply-To: References: Message-ID: I've read (and heard) in the past that the permissions on the Casper package share points need to be set with "Others" having read only permissions. This appears to be needed in our case as the Casper share points are on the same server that is running the Netboot service. I just wanted to confirm this is the case and see what others might be doing in this regard. Right now we use the Admin account as the Read/Write account to the share point. We have another imaging account as the read only account. That imaging account is part of a group called imaging. We have given the imaging group read only access to that share point. So the permissions for the casper share point is set to Owner : admin read and write Group : imaging read only Everyone : read only This is all working fine right now, but the fact that users could possibly get access to packages or scripts does bother me a bit, so I just thought I see what others might be doing in this regard. Roger Corbin Richmond School District #38 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080814/04e0827e/attachment.html From jeremymatthews at mac.com Thu Aug 14 10:09:42 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Thu, 14 Aug 2008 13:09:42 -0400 Subject: [Casper] User-based shell scripts after self-service installation Message-ID: <544AAC52-1E1B-4A07-A8AC-169C9AC2CE20@mac.com> Lets say you have a self-service item, iWork for example. After iWork is installed by the user, you want to serialize iWork by way of either: 1) writing user defaults to that users' preference file (assume you would choose to add a script in casper and run after the package is installed) 2) Deposit a file into the users' /Library/Preferences/ directory I can't attempt yet (our Casper is offline) - but need to continue working to deploy these once it is online. Does either method work? They sure don't work in packagemaker as postinstall scripts....since installer runs as root it can't understand the concept of "~" outside of the root user itself. Thanks, jeremy From ERNSTCS at uwec.edu Thu Aug 14 10:20:44 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Thu, 14 Aug 2008 12:20:44 -0500 Subject: [Casper] User-based shell scripts after self-service installation In-Reply-To: <544AAC52-1E1B-4A07-A8AC-169C9AC2CE20@mac.com> Message-ID: The problem you might run into here is that the serialization that's created on one machine won't work on a another as it is bound to the hardware it was originally installed on. This is the case with many Apple software products. To get around this you typically need to purchase Volume licensing, which is 5 or more. And realisitically we do that to get the media that allows for a non-hardware bound install that can be packaged and deployed to multiple machines. I know that this is what we do for Final Cut Studio as well as Final Cut Express. I imagine that iWork is the same. Perhaps this will answer your question. Craig E On 8/14/08 12:09 PM, "Jeremy Matthews" wrote: Lets say you have a self-service item, iWork for example. After iWork is installed by the user, you want to serialize iWork by way of either: 1) writing user defaults to that users' preference file (assume you would choose to add a script in casper and run after the package is installed) 2) Deposit a file into the users' /Library/Preferences/ directory I can't attempt yet (our Casper is offline) - but need to continue working to deploy these once it is online. Does either method work? They sure don't work in packagemaker as postinstall scripts....since installer runs as root it can't understand the concept of "~" outside of the root user itself. Thanks, jeremy _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080814/04793874/attachment.html From RIVERAR at email.chop.edu Thu Aug 14 10:21:43 2008 From: RIVERAR at email.chop.edu (Raymond Rivera) Date: Thu, 14 Aug 2008 13:21:43 -0400 Subject: [Casper] Casper Digest, Vol 20, Issue 11 Message-ID: I will be back in the office on Tuesday, August 19, 2008. From jeremymatthews at mac.com Thu Aug 14 10:26:29 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Thu, 14 Aug 2008 13:26:29 -0400 Subject: [Casper] User-based shell scripts after self-service installation In-Reply-To: References: Message-ID: <04DF018D-750F-44EC-A474-1E75AF9D4A43@mac.com> Actually, we have volume licensing on everything possible - even when there are only a few licenses....except Final Cut Pro. All the consumer stuff doesn't seem to be bound by hardware...so far. So, is it doable using either of those methods for the non-hardware- bound apps? -j On Aug 14, 2008, at 1:20 PM, Ernst, Craig S. wrote: > The problem you might run into here is that the serialization that?s > created on one machine won?t work on a another as it is bound to the > hardware it was originally installed on. This is the case with many > Apple software products. To get around this you typically need to > purchase Volume licensing, which is 5 or more. And realisitically we > do that to get the media that allows for a non-hardware bound > install that can be packaged and deployed to multiple machines. I > know that this is what we do for Final Cut Studio as well as Final > Cut Express. I imagine that iWork is the same. > > Perhaps this will answer your question. > > Craig E > > > On 8/14/08 12:09 PM, "Jeremy Matthews" wrote: > > Lets say you have a self-service item, iWork for example. > After iWork is installed by the user, you want to serialize iWork by > way of either: > > 1) writing user defaults to that users' preference file (assume you > would choose to add a script in casper and run after the package is > installed) > 2) Deposit a file into the users' /Library/Preferences/ directory > > I can't attempt yet (our Casper is offline) - but need to continue > working to deploy these once it is online. Does either method work? > They sure don't work in packagemaker as postinstall scripts....since > installer runs as root it can't understand the concept of "~" outside > of the root user itself. > > Thanks, > jeremy > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080814/9d413242/attachment.htm From ERNSTCS at uwec.edu Thu Aug 14 10:40:11 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Thu, 14 Aug 2008 12:40:11 -0500 Subject: [Casper] User-based shell scripts after self-service installation In-Reply-To: <04DF018D-750F-44EC-A474-1E75AF9D4A43@mac.com> Message-ID: If you use Composer why wouldn't it just be part of the package, why does it need to be a separate file? Is this more for the security/licensing aspect so you don't go over your licenses by everyone just installing it since they see it? To answer your question, as long as it's just a file you want to modify with defaults or copy down it should work. Right now there would be no trigger to make that second portion happen. You would have to initiate that unless you do more scripting. =) Craig On 8/14/08 12:26 PM, "Jeremy Matthews" wrote: Actually, we have volume licensing on everything possible - even when there are only a few licenses....except Final Cut Pro. All the consumer stuff doesn't seem to be bound by hardware...so far. So, is it doable using either of those methods for the non-hardware-bound apps? -j On Aug 14, 2008, at 1:20 PM, Ernst, Craig S. wrote: The problem you might run into here is that the serialization that's created on one machine won't work on a another as it is bound to the hardware it was originally installed on. This is the case with many Apple software products. To get around this you typically need to purchase Volume licensing, which is 5 or more. And realisitically we do that to get the media that allows for a non-hardware bound install that can be packaged and deployed to multiple machines. I know that this is what we do for Final Cut Studio as well as Final Cut Express. I imagine that iWork is the same. Perhaps this will answer your question. Craig E On 8/14/08 12:09 PM, "Jeremy Matthews" wrote: Lets say you have a self-service item, iWork for example. After iWork is installed by the user, you want to serialize iWork by way of either: 1) writing user defaults to that users' preference file (assume you would choose to add a script in casper and run after the package is installed) 2) Deposit a file into the users' /Library/Preferences/ directory I can't attempt yet (our Casper is offline) - but need to continue working to deploy these once it is online. Does either method work? They sure don't work in packagemaker as postinstall scripts....since installer runs as root it can't understand the concept of "~" outside of the root user itself. Thanks, jeremy _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080814/e870222f/attachment.htm From jeremymatthews at mac.com Thu Aug 14 10:45:24 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Thu, 14 Aug 2008 13:45:24 -0400 Subject: [Casper] User-based shell scripts after self-service installation In-Reply-To: References: Message-ID: <46A12439-F8BF-4D1D-9E4B-81392CDF4D2E@mac.com> Many of those apps write licenses out to the users' defaults - not global defaults or the system - unfortunately. We're limiting those who can see what apps by computer groups. I suppose my question that, when a policy is executed by Casper, and it includes a script to modify user defaults, does it modify the user defaults for the person installing it, or root (which is how packagemaker works). Same goes for pushing a defaults file after an installation via self-service - will it install in that users' home directory (say it installs to ~/Library/Preferences) or instead, the root user (as in packagemaker). Thanks, j On Aug 14, 2008, at 1:40 PM, Ernst, Craig S. wrote: > If you use Composer why wouldn?t it just be part of the package, why > does it need to be a separate file? Is this more for the security/ > licensing aspect so you don?t go over your licenses by everyone just > installing it since they see it? > > To answer your question, as long as it?s just a file you want to > modify with defaults or copy down it should work. Right now there > would be no trigger to make that second portion happen. You would > have to initiate that unless you do more scripting. =) > > Craig > > > On 8/14/08 12:26 PM, "Jeremy Matthews" wrote: > > Actually, we have volume licensing on everything possible - even > when there are only a few licenses....except Final Cut Pro. > All the consumer stuff doesn't seem to be bound by hardware...so far. > > So, is it doable using either of those methods for the non-hardware- > bound apps? > > -j > > On Aug 14, 2008, at 1:20 PM, Ernst, Craig S. wrote: > > The problem you might run into here is that the serialization that?s > created on one machine won?t work on a another as it is bound to the > hardware it was originally installed on. This is the case with many > Apple software products. To get around this you typically need to > purchase Volume licensing, which is 5 or more. And realisitically we > do that to get the media that allows for a non-hardware bound > install that can be packaged and deployed to multiple machines. I > know that this is what we do for Final Cut Studio as well as Final > Cut Express. I imagine that iWork is the same. > > Perhaps this will answer your question. > > Craig E > > > On 8/14/08 12:09 PM, "Jeremy Matthews" > wrote: > > > Lets say you have a self-service item, iWork for example. > After iWork is installed by the user, you want to serialize iWork by > way of either: > > 1) writing user defaults to that users' preference file (assume you > would choose to add a script in casper and run after the package is > installed) > 2) Deposit a file into the users' /Library/Preferences/ directory > > I can't attempt yet (our Casper is offline) - but need to continue > working to deploy these once it is online. Does either method work? > They sure don't work in packagemaker as postinstall scripts....since > installer runs as root it can't understand the concept of "~" outside > of the root user itself. > > Thanks, > jeremy > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080814/a41a0ab0/attachment.html From miles.leacy at themacadmin.com Thu Aug 14 11:02:06 2008 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 14 Aug 2008 14:02:06 -0400 Subject: [Casper] User-based shell scripts after self-service installation In-Reply-To: References: <46A12439-F8BF-4D1D-9E4B-81392CDF4D2E@mac.com> Message-ID: The script will do what you tell it to. If you tell it to operate in user space, it will. I typically use a "for" command when I need to apply the same command to every item in a particular directory, such as /Users. For example: for i in $( ls /Users ) ; do defaults write /Users/$i/Library/Preferences/com.manufacturer.product key type value ; done Pardon me if my syntax isn't perfect, I don't have my script library or a Mac OS X box at hand at the moment, but this is the general idea. You can grep out stuff you don't want, or use if then else statements to avoid putting your files in places such as /Users/Shared. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080814/f8bdcaf7/attachment.html From jeremymatthews at mac.com Thu Aug 14 11:02:38 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Thu, 14 Aug 2008 14:02:38 -0400 Subject: [Casper] User-based shell scripts after self-service installation In-Reply-To: References: <46A12439-F8BF-4D1D-9E4B-81392CDF4D2E@mac.com> Message-ID: Ah - you know what, I was focusing on using the tilde too much. It makes total sense just to grep around or whoami and then execute based on that. Thanks, j On Aug 14, 2008, at 1:57 PM, Miles Leacy IV wrote: > The script will do what you tell it to. If you tell it to operate > in user space, it will. > > I typically use a "for" command when I need to apply the same > command to every item in a particular directory, such as /Users. > For example: > > for i in $( ls /Users ) ; do defaults write /Users/$i/Library/ > Preferences/com.manufacturer.product key type value ; done > > Pardon me if my syntax isn't perfect, I don't have my script library > or a Mac OS X box at hand at the moment, but this is the general > idea. You can grep out stuff you don't want, or use if then else > statements to avoid putting your files in places such as /Users/ > Shared. > From NATHANIEL.LINDLEY at spps.org Thu Aug 14 14:23:52 2008 From: NATHANIEL.LINDLEY at spps.org (NATHANIEL.LINDLEY at spps.org) Date: Thu, 14 Aug 2008 16:23:52 -0500 Subject: [Casper] Open Directory binding Message-ID: Can someone point me in the right direction for pushing/automating Open Directory binding with Casper Remote or policy? I'm thinking it will be dscl commands on 10.5, but will that work for 10.4? We need to remove current OD bindings from clients and then create a new OD binding on a whole bunch-o-machines. Thanks, -Nathaniel SPPS -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080814/fed33311/attachment.htm From chad.brewer at bend.k12.or.us Thu Aug 14 14:32:42 2008 From: chad.brewer at bend.k12.or.us (Chad Brewer) Date: Thu, 14 Aug 2008 14:32:42 -0700 Subject: [Casper] Open Directory binding In-Reply-To: References: Message-ID: Here's my script. We also bind to AD so I have it adding AD to the search policy ahead of LDAP. defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" "Active" dsconfigldap -v -a od.server.com -n od.server.com -u username -p password sleep 10 dscl /Search -create / SearchPolicy CSPSearchPath killall DirectoryService sleep 5 dscl /Search -create / SearchPolicy CSPSearchPath dscl /Search -append / CSPSearchPath "/Active Directory/All Domains" dscl /Search -append / CSPSearchPath /LDAPv3/od.server.com NATHANIEL.LINDLEY at spps.org on August 14, 2008 at 2:23 PM -0700 wrote: > >Can someone point me in the right direction for pushing/automating Open >Directory binding with Casper Remote or policy? I'm thinking it will be >dscl commands on 10.5, but will that work for 10.4? >We need to remove current OD bindings from clients and then create a new >OD binding on a whole bunch-o-machines. > >Thanks, >-Nathaniel > >SPPS_______________________________________________ >Casper mailing list >Casper at list.jamfsoftware.com >http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080814/f754c7cc/attachment.html From ron.prue at mynoahs.com Thu Aug 14 14:37:15 2008 From: ron.prue at mynoahs.com (Ron Prue) Date: Thu, 14 Aug 2008 15:37:15 -0600 Subject: [Casper] Upgrade to 6.0 now tomcat will not start Message-ID: Hi all, We have just upgraded to version 6.0 and now we cannot get Tomcat started. In the JSS setup utility it says that my Database Schema is 6.0, my SQL version is 5.0.45, and that my Tomcat version is unavailable . All other services are running fine and I have tried reinstalling JSS on the server to no avail. Any ideas? Ron Prue 1441 West Ute. Blvd Suite 100 Park City, UT 84098 435.214.2927 ron.prue at mynoahs.com From tlarki at kckps.org Thu Aug 14 15:13:30 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 14 Aug 2008 17:13:30 -0500 Subject: [Casper] Upgrade to 6.0 now tomcat will not start Message-ID: <48A467BA02000039000014A5@gwoes4.kckps.org> what version of OS X and what type of install? Tomcat works great on my new JSS installed it last night and migrated to 6.0 no issues here. I did a clean load of 10.5 server and set it up as a stand alone advanced server. Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> Ron Prue 08/14/08 4:38 PM >>> Hi all, We have just upgraded to version 6.0 and now we cannot get Tomcat started. In the JSS setup utility it says that my Database Schema is 6.0, my SQL version is 5.0.45, and that my Tomcat version is unavailable . All other services are running fine and I have tried reinstalling JSS on the server to no avail. Any ideas? Ron Prue 1441 West Ute. Blvd Suite 100 Park City, UT 84098 435.214.2927 ron.prue at mynoahs.com _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From ron.prue at mynoahs.com Thu Aug 14 15:16:29 2008 From: ron.prue at mynoahs.com (Ron Prue) Date: Thu, 14 Aug 2008 16:16:29 -0600 Subject: [Casper] Upgrade to 6.0 now tomcat will not start In-Reply-To: <48A467BA02000039000014A5@gwoes4.kckps.org> References: <48A467BA02000039000014A5@gwoes4.kckps.org> Message-ID: <472BBA6F-661A-4EF9-9550-49728CF9A518@mynoahs.com> We are on Leopard 10.5.4 using it as an Open Directory Master. Ron Prue 1441 West Ute. Blvd Suite 100 Park City, UT 84098 435.214.2927 ron.prue at mynoahs.com On Aug 14, 2008, at 4:13 PM, Thomas Larkin wrote: > what version of OS X and what type of install? Tomcat works great > on my new JSS installed it last night and migrated to 6.0 no issues > here. I did a clean load of 10.5 server and set it up as a stand > alone advanced server. > > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > cell: 913-449-7589 > office: 913-627-0351 >>>> Ron Prue 08/14/08 4:38 PM >>> > Hi all, > > We have just upgraded to version 6.0 and now we cannot get Tomcat > started. In the JSS setup utility it says that my Database Schema is > 6.0, my SQL version is 5.0.45, and that my Tomcat version is > unavailable . All other services are running fine and I have tried > reinstalling JSS on the server to no avail. > > Any ideas? > > > Ron Prue > 1441 West Ute. Blvd Suite 100 > Park City, UT 84098 > 435.214.2927 > ron.prue at mynoahs.com > > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > From HPOSTMAN at capousd.org Thu Aug 14 15:17:05 2008 From: HPOSTMAN at capousd.org (Postman, Hillary) Date: Thu, 14 Aug 2008 15:17:05 -0700 Subject: [Casper] Upgrade to 6.0 now tomcat will not start In-Reply-To: Message-ID: We had that same problem, call their support & they will walk you though manually starting and also editing the config file. It's a very quick fix and I'm sorry I can remember the exact thing I did or I'd share it here. Hillary Hillary Postman Technology Support Specialist III Capistrano Unified School District 33122 Valle Rd. San Juan Capistrano, CA (949) 234-5530 On 8/14/08 2:37 PM, "Ron Prue" wrote: > Hi all, > > We have just upgraded to version 6.0 and now we cannot get Tomcat > started. In the JSS setup utility it says that my Database Schema is > 6.0, my SQL version is 5.0.45, and that my Tomcat version is > unavailable . All other services are running fine and I have tried > reinstalling JSS on the server to no avail. > > Any ideas? > > > Ron Prue > 1441 West Ute. Blvd Suite 100 > Park City, UT 84098 > 435.214.2927 > ron.prue at mynoahs.com > > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper From tlarki at kckps.org Thu Aug 14 15:16:58 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 14 Aug 2008 17:16:58 -0500 Subject: [Casper] Open Directory binding Message-ID: <48A4688A02000039000014AF@gwoes4.kckps.org> I bind all clients to the ODM in the image, and then have post imaging and building level subnet policies that will rebind the client to the specific ODR that is in that building. here is my script. #!/bin/sh #This script binds a 10.4.11 or 10.5 client to an LDAP (OD) server. oldserver="odm.domain.com" newserver="odr.domain.com" /usr/sbin/dsconfigldap -r $oldserver /usr/bin/dscl localhost -delete /Search CSPSearchPath /LDAPv3/$oldserver /usr/bin/dscl localhost -delete /Contact CSPSearchPath /LDAPv3/$oldserver sleep 10 /usr/sbin/dsconfigldap -a $newserver /usr/bin/dscl localhost -create /Search SearchPolicy dsAttrTypeStandard:CSPSearchPath /usr/bin/dscl localhost -merge /Search CSPSearchPath /LDAPv3/$newserver /usr/bin/dscl localhost -create /Contact SearchPolicy dsAttrTypeStandard:CSPSearchPath /usr/bin/dscl localhost -merge /Contact CSPSearchPath /LDAPv3/$newserver So, effectively it removes the binding to the ODM, sleeps for 10 seconds for all connections to clear and then rebinds the client to specified ODR at the building the client is in. This helps reduce traffic for authentication over the WAN. I have it as a post image script and a policy that runs once per a computer on smart groups based on VLAN. Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> 08/14/08 4:28 PM >>> Can someone point me in the right direction for pushing/automating Open Directory binding with Casper Remote or policy? I'm thinking it will be dscl commands on 10.5, but will that work for 10.4? We need to remove current OD bindings from clients and then create a new OD binding on a whole bunch-o-machines. Thanks, -Nathaniel SPPS From tlarki at kckps.org Thu Aug 14 15:19:08 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 14 Aug 2008 17:19:08 -0500 Subject: [Casper] Upgrade to 6.0 now tomcat will not start Message-ID: <48A4690C02000039000014B4@gwoes4.kckps.org> I think when you run it on an ODM it modifies the tomcat launchd plist and you have to go in and modify that file to get it to work. JAMF support should know the answer. Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> Ron Prue 08/14/08 5:17 PM >>> We are on Leopard 10.5.4 using it as an Open Directory Master. Ron Prue 1441 West Ute. Blvd Suite 100 Park City, UT 84098 435.214.2927 ron.prue at mynoahs.com On Aug 14, 2008, at 4:13 PM, Thomas Larkin wrote: > what version of OS X and what type of install? Tomcat works great > on my new JSS installed it last night and migrated to 6.0 no issues > here. I did a clean load of 10.5 server and set it up as a stand > alone advanced server. > > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > cell: 913-449-7589 > office: 913-627-0351 >>>> Ron Prue 08/14/08 4:38 PM >>> > Hi all, > > We have just upgraded to version 6.0 and now we cannot get Tomcat > started. In the JSS setup utility it says that my Database Schema is > 6.0, my SQL version is 5.0.45, and that my Tomcat version is > unavailable . All other services are running fine and I have tried > reinstalling JSS on the server to no avail. > > Any ideas? > > > Ron Prue > 1441 West Ute. Blvd Suite 100 > Park City, UT 84098 > 435.214.2927 > ron.prue at mynoahs.com > > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > From ron.prue at mynoahs.com Thu Aug 14 15:20:38 2008 From: ron.prue at mynoahs.com (Ron Prue) Date: Thu, 14 Aug 2008 16:20:38 -0600 Subject: [Casper] Upgrade to 6.0 now tomcat will not start In-Reply-To: References: Message-ID: <704890C6-63B3-46FE-ACFA-C27A41FFFC3F@mynoahs.com> I will contact support as you suggest. Thanks Hillary and Thomas. Ron Prue 1441 West Ute. Blvd Suite 100 Park City, UT 84098 435.214.2927 ron.prue at mynoahs.com On Aug 14, 2008, at 4:17 PM, Postman, Hillary wrote: > We had that same problem, call their support & they will walk you > though > manually starting and also editing the config file. It's a very > quick fix > and I'm sorry I can remember the exact thing I did or I'd share it > here. > > Hillary > > > Hillary Postman > Technology Support Specialist III > Capistrano Unified School District > 33122 Valle Rd. > San Juan Capistrano, CA > (949) 234-5530 > > > > > On 8/14/08 2:37 PM, "Ron Prue" wrote: > >> Hi all, >> >> We have just upgraded to version 6.0 and now we cannot get Tomcat >> started. In the JSS setup utility it says that my Database Schema is >> 6.0, my SQL version is 5.0.45, and that my Tomcat version is >> unavailable . All other services are running fine and I have tried >> reinstalling JSS on the server to no avail. >> >> Any ideas? >> >> >> Ron Prue >> 1441 West Ute. Blvd Suite 100 >> Park City, UT 84098 >> 435.214.2927 >> ron.prue at mynoahs.com >> >> >> >> >> >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper From tlarki at kckps.org Fri Aug 15 16:17:03 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 15 Aug 2008 18:17:03 -0500 Subject: [Casper] FYI: self service command to reboot into boot camp Message-ID: <48A5C58B0200003900001562@gwoes4.kckps.org> So, after almost pulling my hair out trying to make a self service policy that will force a reboot into windows, I finally found the answer. At first I tried just having Casper set the boot volume to the boot camp partition, that did not work. JAMF support had me try the bless command, and that did not work either. The bless manual page is very lacking. It is actually quite simple, and I thought i would post this on the Casper list for anyone who deploys dual booting Macs with OS X/Windows and still wants to lock down firmware and manage the clients. so here are the very basic steps 1) Create new policy in JSS 2) Make it sure it is self service, add comments and custom logo if you want. I used the Windows XP logo for the policy. 3) On the reboot tab, force a reboot with your desired options. I force a reboot instantly, as I don't want my users interrupting it. 4) On the advanced tab, on the bottom there is a run unix command box, in there put this simple command /usr/sbin/bless --device /dev/ --setBoot --legacy --nextonly If you don't know the node your windows partition is on, simply in terminal do a diskutil list and it will list all of your partitions and the node they are on. For example, my windows partition is on /dev/disk0s3, so I would use that after the device flag. You have to have the --legacy option. This is because Macs don't use BIOS and need to be set for legacy support and was the missing factor in my debacle earlier. Now on the Windows side forcing the user back into OS X is a bit tricky, but I have a Novell object policy that runs a script for an application called autoIT, that forces the user back into OS X upon exiting a certain application. It works for me when manually invoked, but I have yet to toss it on my JSS. I have full confidence it will most likely work as advertised though. Just remember to test it before you put it in the live environment. Later, Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 From tlarki at kckps.org Mon Aug 18 07:39:30 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 18 Aug 2008 09:39:30 -0500 Subject: [Casper] wierd JSS error Message-ID: <48A9430302000039000015FA@gwoes4.kckps.org> anyone seen this before? Sending Wake On LAN command... Opening SSH Connection to 10.160.75.15... Authenticating... Successfully authenticated. Verifying Computer's Identity... The MAC Address has been verified. Checking Operating System Version... Running Mac OS X 10.5.3 (9D34) Verifying /usr/sbin/jamf... /usr/sbin/jamf is current (6.0) Verifying /usr/sbin/jamfvnc... /usr/sbin/jamfvnc is current (4.00) Verifying /private/etc/jamf.conf... The jamf.conf file was recreated. Preparing Management... Error Returned from JSS: Looking up user: java.sql.SQLException: Value '0000-00-00' can not be represented as java.sql.Timestamp Executing Policy 2008-08-18 at 9:35 AM | tlarkin | 1 Computer... Mounting afp://xs106-casper.kckps.org/CasperShare to /Volumes/CasperShare... Mounting afp://casper106.kckps.org/CasperShare to /Volumes/CasperShare... Installing self_serve.dmg... Filling User Home Directories from ... Installing self_serve.dmg... Closing package... Unmounting file server... Enforcing Management Framework... The Management Framework will be enforced as soon as all Policies are done executing. Submitting log to https://xs001-casper.kckps.org:8443/... Finished. From tlarki at kckps.org Mon Aug 18 08:02:05 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 18 Aug 2008 10:02:05 -0500 Subject: [Casper] CS3 upgrades Message-ID: <48A947F0020000390000161B@gwoes4.kckps.org> I have an upgrade disk of CS 3. It has an application DVD and an upgrade DVD. How would I go about creating a new up to date CS 3 deployable image? I have users pestering me for it already I found this on the old youtube http://www.youtube.com/watch?v=uI6aHpWPr6E However, it doesn't cover the Update disks. Thanks in advance for any insights. Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 From mcorippo at lblp.com Mon Aug 18 10:47:03 2008 From: mcorippo at lblp.com (mcorippo) Date: Mon, 18 Aug 2008 10:47:03 -0700 Subject: [Casper] fixDocks does not fix? Message-ID: Hi all, Just tried to use the jamf binary "fixDocks" verb to remove question marks for apps that don't exist in a particular set of machines. It doesn't appear to work. Anybody using this with success? Is there a trick to it? http://jamfsoftware.com/kb/article.php?id=021 In testing it does fix part of the Dock the dock removing questions marks for missing files and folders, but does not appear to do anything to remove broken links to nonexistent apps. Are we just missing something? TIA, Matt Corippo Lindamood-Bell Learning Processes I.T. Dept. - From john.brenner at merrillcorp.com Mon Aug 18 11:15:27 2008 From: john.brenner at merrillcorp.com (Brenner, John) Date: Mon, 18 Aug 2008 13:15:27 -0500 Subject: [Casper] fixDocks does not fix? In-Reply-To: Message-ID: My understanding is this only repairs, but does not remove broken links. On 8/18/08 12:47 PM, "mcorippo" wrote: > Hi all, > > Just tried to use the jamf binary "fixDocks" verb to remove question marks for > apps that don't exist in a particular set of machines. It doesn't appear to > work. > > Anybody using this with success? Is there a trick to it? > > http://jamfsoftware.com/kb/article.php?id=021 > > In testing it does fix part of the Dock the dock removing questions marks for > missing files and folders, but does not appear to do anything to remove broken > links to nonexistent apps. Are we just missing > something? > > > TIA, > Matt Corippo > Lindamood-Bell Learning Processes > I.T. Dept. > - > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper John Brenner | Merrill Corporation | IOG IT | 651-632-4072 From tlarki at kckps.org Mon Aug 18 11:44:09 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 18 Aug 2008 13:44:09 -0500 Subject: [Casper] new servers Message-ID: <48A97CA90200003900001678@gwoes4.kckps.org> So, I have 6 new servers set up and I have everything set up properly. The share point ACLs for my read only and read/write casper users, my packages, propagated permissions, and I can mount the share point in the finder on any mac by afp://domain.com/sharepoint and it works. however when I netboot my client into the server and try to image it I am getting the NiObjects error, which means it doesn't have permission to access the share....? Any ideas? Just upgraded to version 6. thanks, Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 From tlarki at kckps.org Mon Aug 18 12:22:13 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 18 Aug 2008 14:22:13 -0500 Subject: [Casper] new servers Message-ID: <48A9859502000039000016A0@gwoes4.kckps.org> Well, It is a DNS issue. Figure it out, it isn't doing reverse DNS look ups properly. Switched everything over to IPs until my network guy can fix DNS. Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> "Thomas Larkin" 08/18/08 1:45 PM >>> So, I have 6 new servers set up and I have everything set up properly. The share point ACLs for my read only and read/write casper users, my packages, propagated permissions, and I can mount the share point in the finder on any mac by afp://domain.com/sharepoint and it works. however when I netboot my client into the server and try to image it I am getting the NiObjects error, which means it doesn't have permission to access the share....? Any ideas? Just upgraded to version 6. thanks, Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From detroye1 at apple.com Mon Aug 18 12:35:45 2008 From: detroye1 at apple.com (John DeTroye) Date: Mon, 18 Aug 2008 13:35:45 -0600 Subject: [Casper] Leopard tips and tricks for MCX Message-ID: <98881C31-AF6E-41E6-B046-08C32E8DC548@apple.com> Gang, After a marathon few weeks, I have finished the first edition of the Leopard Tips and Tricks for MCX document. It is posted in the Public folder of my iDisk (johnd) in the "Latest Tips" folder. The pdf is about 9MB in size, and yes, please pass it on as you see fit. You can also reach it through the web at http://homepage.mac.com/johnd - a site that needs serious editing updates. Thanks, johnd -- John DeTroye Email: johnd at apple.com Sr. Consulting Engineer Work: 303-933-1807 Systems Management Specialist Fax: 303-979-6616 Apple - Education iChat: johnd at mac.com Tips and Tricks Docs - http://idisk.mac.com/johnd -- From jeff.johnson at glendale.k12.wi.us Mon Aug 18 15:47:24 2008 From: jeff.johnson at glendale.k12.wi.us (Jeff Johnson) Date: Mon, 18 Aug 2008 17:47:24 -0500 Subject: [Casper] error message using Casper Remote after upgrading to v6 Message-ID: I upgraded to v6 last week - seemed relatively painless and problem-free. However, when I tried to use the new Casper Remote for the first time today, I got this error message: Sending Wake On LAN command... Opening SSH Connection to 10.1.1.27... Authenticating... Successfully authenticated. Verifying Computer's Identity... The MAC Address has been verified. Checking Operating System Version... Running Mac OS X 10.4.11 (8S2167) Verifying /usr/sbin/jamf... /usr/sbin/jamf is current (6.0) Verifying /usr/sbin/jamfvnc... /usr/sbin/jamfvnc is current (4.00) Verifying /private/etc/jamf.conf... The jamf.conf file was recreated. Preparing Management... Downloading AS36117.dmg... Verifying DMG... Error: The downloaded package could not be verified. Enforcing Management Framework... The Management Framework will be enforced as soon as all Policies are done executing. Submitting log to https://casper:8443/... Finished. No matter what dmg file I try to deploy, I get the same error message ("Error: The downloaded package could not be verified.). All of these DMGs were successfully deployed prior to the upgrade. Any insights from the JAMF universe? Thanks Jeff Johnson Technology Coordinator Glendale-River Hills School District Glendale, WI 53209 jeff.johnson at glendale.k12.wi.us From ERNSTCS at uwec.edu Mon Aug 18 18:24:23 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Mon, 18 Aug 2008 20:24:23 -0500 Subject: [Casper] error message using Casper Remote after upgrading to v6 In-Reply-To: Message-ID: If you try to manually mount that DMG package on the share does the OS say it's bad? Otherwise I'd check permissions on the package. Craig E On 8/18/08 5:47 PM, "Jeff Johnson" wrote: I upgraded to v6 last week - seemed relatively painless and problem-free. However, when I tried to use the new Casper Remote for the first time today, I got this error message: Sending Wake On LAN command... Opening SSH Connection to 10.1.1.27... Authenticating... Successfully authenticated. Verifying Computer's Identity... The MAC Address has been verified. Checking Operating System Version... Running Mac OS X 10.4.11 (8S2167) Verifying /usr/sbin/jamf... /usr/sbin/jamf is current (6.0) Verifying /usr/sbin/jamfvnc... /usr/sbin/jamfvnc is current (4.00) Verifying /private/etc/jamf.conf... The jamf.conf file was recreated. Preparing Management... Downloading AS36117.dmg... Verifying DMG... Error: The downloaded package could not be verified. Enforcing Management Framework... The Management Framework will be enforced as soon as all Policies are done executing. Submitting log to https://casper:8443/... Finished. No matter what dmg file I try to deploy, I get the same error message ("Error: The downloaded package could not be verified.). All of these DMGs were successfully deployed prior to the upgrade. Any insights from the JAMF universe? Thanks Jeff Johnson Technology Coordinator Glendale-River Hills School District Glendale, WI 53209 jeff.johnson at glendale.k12.wi.us _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080818/00796520/attachment.html From tgreenleaf at saintmarksschool.org Tue Aug 19 11:16:31 2008 From: tgreenleaf at saintmarksschool.org (Tatian Greenleaf) Date: Tue, 19 Aug 2008 11:16:31 -0700 Subject: [Casper] error message using Casper Remote after upgrading to v6 In-Reply-To: References: Message-ID: I am seeing the same thing today. I have a call into JAMF support. I can mount the DMG file and I can even install it using Casper Imaging. But if I try to install the package using Casper Remote, I get the error mentioned ("The downloaded package could not be verified."). This seems independent of which package or which computers I use. These were packages that installed fine in the past. ____________________________ Tatian Greenleaf Associate Director of Technology Saint Mark's School (415) 472-8000 x1014 "Ernst, Craig S." writes: >If you try to manually mount that DMG package on the share does the OS >sayy it?s bad? Otherwise I?d check permissions on the package. > >Craig E From eric.winkelhake at us-resources.com Tue Aug 19 11:31:12 2008 From: eric.winkelhake at us-resources.com (Eric Winkelhake) Date: Tue, 19 Aug 2008 13:31:12 -0500 Subject: [Casper] error message using Casper Remote after upgrading to v6 In-Reply-To: Message-ID: VErify permissions on the said packages. In my experience this has always been the issue. -- Eric Winkelhake | Technology Services ? Mundocom | Re:Sources IT 35 West Wacker Drive, Suite 3000 | Chicago, IL 60601 Office: 312-220-1669 | Mobile: 312-519-5632 Email: Eric.Winkelhake at us-resources.com Open a Service Desk Ticket | Navigating IT | Training Now "Tatian Greenleaf" Sent by: casper-bounces at list.jamfsoftware.com 08/19/08 01:20 PM To "Ernst, Craig S." cc Casper List Subject Re: [Casper] error message using Casper Remote after upgrading to v6 I am seeing the same thing today. I have a call into JAMF support. I can mount the DMG file and I can even install it using Casper Imaging. But if I try to install the package using Casper Remote, I get the error mentioned ("The downloaded package could not be verified."). This seems independent of which package or which computers I use. These were packages that installed fine in the past. ____________________________ Tatian Greenleaf Associate Director of Technology Saint Mark's School (415) 472-8000 x1014 "Ernst, Craig S." writes: >If you try to manually mount that DMG package on the share does the OS >sayy it?s bad? Otherwise I?d check permissions on the package. > >Craig E _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper ------------------------------------------------------------------------ Disclaimer The information in this email and any attachments may contain proprietary and confidential information that is intended for the addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, retention or use of the contents of this information is prohibited. When addressed to our clients or vendors, any information contained in this e-mail or any attachments is subject to the terms and conditions in any governing contract. If you have received this e-mail in error, please immediately contact the sender and delete the e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080819/f22bede7/attachment-0001.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 3903 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080819/f22bede7/attachment-0001.gif From snookkd at appstate.edu Tue Aug 19 11:39:35 2008 From: snookkd at appstate.edu (Kevin D Snook) Date: Tue, 19 Aug 2008 14:39:35 -0400 Subject: [Casper] error message using Casper Remote after upgrading to v6 Message-ID: ("The downloaded package could not be verified.") In our case this was a problem when we had http package distribution turned on for our CasperShare. Disabling http in the JSS Utility or JSS Web fixed our issues. JAMF support > Do you have HTTP enabled? If so, are they pointed to the correct file share? > Another reason may be that the packages may be too big if going through HTTP. > Can you disable HTTP, redeploy and see what happens. -------- Kevin D Snook Senior Macintosh Systems Administrator Desktop Services - IT Enterprise Systems Appalachian State University 2020 Raley Hall - Boone, NC 28608 828-262-6682 -------- Apple Certified Desktop Technician Apple Sales Professional Apple Product Professional From eyoung at thayer.org Tue Aug 19 11:50:22 2008 From: eyoung at thayer.org (Eric Young) Date: Tue, 19 Aug 2008 14:50:22 -0400 Subject: [Casper] error message using Casper Remote after upgrading to v6 In-Reply-To: References: Message-ID: There is a known bug with the JSS setup utility that can enable the HTTP download feature. Launching the utility and authenticating is enough to trigger it. to verify, log into your JSS and make sure HTTP is set to "no" for your distribution points.... unless you use HTTP then just please ignore me :-) -------------------------------------------------------------------------------------------- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. --Bene Gesserit Litany (Frank Herbert) -------------------------------------------------------------------------- Eric Young eyoung at thayer.org On Aug 19, 2008, at 2:39 PM, Kevin D Snook wrote: > ("The downloaded package could not be verified.") > > In our case this was a problem when we had http package distribution > turned > on for our CasperShare. > > Disabling http in the JSS Utility or JSS Web fixed our issues. > > JAMF support >> Do you have HTTP enabled? If so, are they pointed to the correct >> file share? >> Another reason may be that the packages may be too big if going >> through HTTP. >> Can you disable HTTP, redeploy and see what happens. > > -------- > Kevin D Snook > Senior Macintosh Systems Administrator > Desktop Services - IT Enterprise Systems > Appalachian State University > 2020 Raley Hall - Boone, NC 28608 > 828-262-6682 > -------- > Apple Certified Desktop Technician > Apple Sales Professional > Apple Product Professional > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper From tlarki at kckps.org Tue Aug 19 11:53:04 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 19 Aug 2008 13:53:04 -0500 Subject: [Casper] time stamp error message and server load balancing Message-ID: <48AACF8A0200003900001769@gwoes4.kckps.org> So, I ran across something very strange about 5 minutes ago. I have a CS3 package built and ready to be tested before I deploy it. So I a using Casper Remote to push out the package manually to see if it works, and well an error occurred and I was reading through the logs and saw this: Looking up user: java.sql.SQLException: Value '0000-00-00' can not be represented as java.sql.Timestamp Switching servers for load balacing... Executing Policy 2008-08-19 at 1:36 PM | tlarkin | 1 Computer... Mounting afp://casper106.kckps.org/CasperShare to /Volumes/CasperShare... Error: The package (CS3.dmg) could not be found. Then I saw that it switched to a different share point for load balancing and this is the bizzarre thing. For one my main share point is a brand spanking new intel xserve running a RAID with 4gigs of RAM. My back up for load balancing is a Core2Duo Mac mini. Why in the heck is it load balancing? Also, we haven't deployed my building yet so I have 1,357 Macbooks sitting on shelfs doing nothing right now in my office. So, why would the server even be taxed at this point to even try to load balance? I think I am going to turn load balancing off because that makes no sense. Activity monitor shows my CPUs using like 0.1% of the quad xeon processors, and RAM is being threaded out and there is still like over 2gigs of RAM not even being used. Of course I haven't synchronized my Mac Mini back up share points yet so when it load balanced it couldn't find CS3 and produced that error. So, I know why it ultimately didn't work but I don't understand the load balance option in the JSS. I think perhaps it just alternates transactions between servers, and well I want my Xserve doing the bulk of the work and only when it is being too taxed do I want the mini to help out. Thoughts? Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 From john.brenner at merrillcorp.com Tue Aug 19 11:52:01 2008 From: john.brenner at merrillcorp.com (Brenner, John) Date: Tue, 19 Aug 2008 13:52:01 -0500 Subject: [Casper] time stamp error message and server load balancing In-Reply-To: <48AACF8A0200003900001769@gwoes4.kckps.org> Message-ID: Network traffic? On 8/19/08 1:53 PM, "Thomas Larkin" wrote: > So, I ran across something very strange about 5 minutes ago. I have a CS3 > package built and ready to be tested before I deploy it. So I a using Casper > Remote to push out the package manually to see if it works, and well an error > occurred and I was reading through the logs and saw this: > > Looking up user: java.sql.SQLException: Value '0000-00-00' can not be > represented as java.sql.Timestamp > Switching servers for load balacing... > Executing Policy 2008-08-19 at 1:36 PM | tlarkin | 1 Computer... > Mounting afp://casper106.kckps.org/CasperShare to /Volumes/CasperShare... > Error: The package (CS3.dmg) could not be found. > > Then I saw that it switched to a different share point for load balancing and > this is the bizzarre thing. For one my main share point is a brand spanking > new intel xserve running a RAID with 4gigs of RAM. My back up for load > balancing is a Core2Duo Mac mini. Why in the heck is it load balancing? > Also, we haven't deployed my building yet so I have 1,357 Macbooks sitting on > shelfs doing nothing right now in my office. So, why would the server even be > taxed at this point to even try to load balance? > > I think I am going to turn load balancing off because that makes no sense. > Activity monitor shows my CPUs using like 0.1% of the quad xeon processors, > and RAM is being threaded out and there is still like over 2gigs of RAM not > even being used. > > Of course I haven't synchronized my Mac Mini back up share points yet so when > it load balanced it couldn't find CS3 and produced that error. So, I know why > it ultimately didn't work but I don't understand the load balance option in > the JSS. I think perhaps it just alternates transactions between servers, and > well I want my Xserve doing the bulk of the work and only when it is being too > taxed do I want the mini to help out. > > Thoughts? > > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > cell: 913-449-7589 > office: 913-627-0351 > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper John Brenner | Merrill Corporation | IOG IT | 651-632-4072 From tlarki at kckps.org Tue Aug 19 12:12:34 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 19 Aug 2008 14:12:34 -0500 Subject: [Casper] time stamp error message and server load balancing Message-ID: <48AAD3A80200003900001774@gwoes4.kckps.org> The client machine getting the policy is the only client on the VLAN period and there would be maybe a small hand full of teachers getting the self service updates in my building at the moment. I highly doubt there is any network traffic going to that distribution point server I will check server monitor and look at the AFP throughput for the last few hours and see what it looks like >>> "Brenner, John" 08/19/08 1:54 PM >>> Network traffic? On 8/19/08 1:53 PM, "Thomas Larkin" wrote: > So, I ran across something very strange about 5 minutes ago. I have a CS3 > package built and ready to be tested before I deploy it. So I a using Casper > Remote to push out the package manually to see if it works, and well an error > occurred and I was reading through the logs and saw this: > > Looking up user: java.sql.SQLException: Value '0000-00-00' can not be > represented as java.sql.Timestamp > Switching servers for load balacing... > Executing Policy 2008-08-19 at 1:36 PM | tlarkin | 1 Computer... > Mounting afp://casper106.kckps.org/CasperShare to /Volumes/CasperShare... > Error: The package (CS3.dmg) could not be found. > > Then I saw that it switched to a different share point for load balancing and > this is the bizzarre thing. For one my main share point is a brand spanking > new intel xserve running a RAID with 4gigs of RAM. My back up for load > balancing is a Core2Duo Mac mini. Why in the heck is it load balancing? > Also, we haven't deployed my building yet so I have 1,357 Macbooks sitting on > shelfs doing nothing right now in my office. So, why would the server even be > taxed at this point to even try to load balance? > > I think I am going to turn load balancing off because that makes no sense. > Activity monitor shows my CPUs using like 0.1% of the quad xeon processors, > and RAM is being threaded out and there is still like over 2gigs of RAM not > even being used. > > Of course I haven't synchronized my Mac Mini back up share points yet so when > it load balanced it couldn't find CS3 and produced that error. So, I know why > it ultimately didn't work but I don't understand the load balance option in > the JSS. I think perhaps it just alternates transactions between servers, and > well I want my Xserve doing the bulk of the work and only when it is being too > taxed do I want the mini to help out. > > Thoughts? > > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > cell: 913-449-7589 > office: 913-627-0351 > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper John Brenner | Merrill Corporation | IOG IT | 651-632-4072 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From tgreenleaf at saintmarksschool.org Tue Aug 19 12:32:10 2008 From: tgreenleaf at saintmarksschool.org (Tatian Greenleaf) Date: Tue, 19 Aug 2008 12:32:10 -0700 Subject: [Casper] error message using Casper Remote after upgrading to v6 In-Reply-To: References: Message-ID: That did it... thank you! I disabled HTTP downloads and that fixed the problem. I'm not sure how that got enabled, but apparently it had been. Tatian Kevin D Snook writes: >("The downloaded package could not be verified.") > >In our case this was a problem when we had http package distribution >turnerd >on for our CasperShare. > >Disabling http in the JSS Utility or JSS Web fixed our issues. > >JAMF support >> Do you have HTTP enabled? If so, are they pointed to the correct file >shDare? >> Another reason may be that the packages may be too big if going through >>HTTP. >> Can you disable HTTP, redeploy and see what happens. > >-------- >Kevin D Snook >Senior Macintosh Systems Administrator >Desktop Services - IT Enterprise Systems >Appalachian State University >2020 Raley Hall - Boone, NC 28608 >828-262-6682 >-------- >Apple Certified Desktop Technician >Apple Sales Professional >Apple Product Professional > > > >_______________________________________________ >Casper mailing list >Casper at list.jamfsoftware.com >http://list.jamfsoftware.com/mailman/listinfo/casper From tgreenleaf at saintmarksschool.org Tue Aug 19 14:05:20 2008 From: tgreenleaf at saintmarksschool.org (Tatian Greenleaf) Date: Tue, 19 Aug 2008 14:05:20 -0700 Subject: [Casper] error message using Casper Remote after upgrading to v6 In-Reply-To: References: Message-ID: You're right. I just verified that. Thanks for the advice! Tatian Kevin D Snook writes: >It seemed to enable itself every time I opened the JSS Utility app. Until >II >explicitly told the JSS Utility to turn off Apache. Now it remains off all >the time. > >Snook From tlarki at kckps.org Tue Aug 19 14:34:09 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 19 Aug 2008 16:34:09 -0500 Subject: [Casper] CS3 woes Message-ID: <48AAF60102000039000017C5@gwoes4.kckps.org> OK, so I never ran into this last year deploying CS3 and if I did I totally forgot how I fixed it. Error: The payloads directory does not exist at the specified base path (/Volumes/Adobe CS3 Design Premium) Closing package... Unmounting file server... Eh, Anyone? From jeremymatthews at mac.com Wed Aug 20 08:34:25 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Wed, 20 Aug 2008 11:34:25 -0400 Subject: [Casper] run script as different user? Message-ID: Casper can run scripts against your box, but it does so as a root user - what if I want to run the script as a different user, such as the one who is logged in - without prompting for a password (like su-)? Thanks, j From tlarki at kckps.org Wed Aug 20 08:42:39 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 20 Aug 2008 10:42:39 -0500 Subject: [Casper] run script as different user? Message-ID: <48ABF5200200003900001898@gwoes4.kckps.org> May I ask why you would want to do this? If you can script it, Casper can and will run it. If we know your higher goal perhaps we can better answer your question. Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> Jeremy Matthews 08/20/08 10:35 AM >>> Casper can run scripts against your box, but it does so as a root user - what if I want to run the script as a different user, such as the one who is logged in - without prompting for a password (like su-)? Thanks, j _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From jeremymatthews at mac.com Wed Aug 20 08:48:17 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Wed, 20 Aug 2008 11:48:17 -0400 Subject: [Casper] run script as different user? In-Reply-To: <48ABF5200200003900001898@gwoes4.kckps.org> References: <48ABF5200200003900001898@gwoes4.kckps.org> Message-ID: <83830618-3052-46EA-88B1-E4F4826B4CDD@mac.com> I want to write defaults to a plist for a user that won't get horked. Needs to be pre-created... Thanks, jeremy On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote: > May I ask why you would want to do this? > > If you can script it, Casper can and will run it. If we know your > higher goal perhaps we can better answer your question. > > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > cell: 913-449-7589 > office: 913-627-0351 >>>> Jeremy Matthews 08/20/08 10:35 AM >>> > Casper can run scripts against your box, but it does so as a root user > - what if I want to run the script as a different user, such as the > one who is logged in - without prompting for a password (like su-)? > > Thanks, > j > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > From tlarki at kckps.org Wed Aug 20 08:54:59 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 20 Aug 2008 10:54:59 -0500 Subject: [Casper] run script as different user? Message-ID: <48ABF80302000039000018AE@gwoes4.kckps.org> You can do this many ways. use a wild card and apply to all users enforce it from MCX if you are running Open Directory Use composer and take a snap shot of the modification and assign it to smart groups with in casper, then deploy set it up as a self service policy and use the ~/ for that users plist set it in the (forgot the file path) configuration file that pushes out new user settings every time a user is created What exactly are you trying to do? Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> Jeremy Matthews 08/20/08 10:49 AM >>> I want to write defaults to a plist for a user that won't get horked. Needs to be pre-created... Thanks, jeremy On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote: > May I ask why you would want to do this? > > If you can script it, Casper can and will run it. If we know your > higher goal perhaps we can better answer your question. > > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > cell: 913-449-7589 > office: 913-627-0351 >>>> Jeremy Matthews 08/20/08 10:35 AM >>> > Casper can run scripts against your box, but it does so as a root user > - what if I want to run the script as a different user, such as the > one who is logged in - without prompting for a password (like su-)? > > Thanks, > j > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > From jeremymatthews at mac.com Wed Aug 20 09:14:32 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Wed, 20 Aug 2008 12:14:32 -0400 Subject: [Casper] run script as different user? In-Reply-To: <48ABF80302000039000018AE@gwoes4.kckps.org> References: <48ABF80302000039000018AE@gwoes4.kckps.org> Message-ID: Tried applying to all users - the file is created, but I then have to go in a muck around with ownership - or else it gets overwritten when certain apps are launched and cannot find a valid plist. If I try to return the session user during an installation, it is usually root. Our 10.5 server is working, but clients are not binding properly, so MCX attributes are out - unless I want to push those out as well, but pointless until it is set for production. It was my understanding that composer used packagemaker, and therefore during an "installation", runs as root - which brings me back to the issue - script needs to run as a different user - without me asking the user to authenticate. Tried the tilde - didn't work. Config file sounds interesting....what is that about? Thanks, j On Aug 20, 2008, at 11:54 AM, Thomas Larkin wrote: > You can do this many ways. > > use a wild card and apply to all users > > enforce it from MCX if you are running Open Directory > > Use composer and take a snap shot of the modification and assign it > to smart groups with in casper, then deploy > > set it up as a self service policy and use the ~/ for that users plist > > set it in the (forgot the file path) configuration file that pushes > out new user settings every time a user is created > > What exactly are you trying to do? > > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > cell: 913-449-7589 > office: 913-627-0351 >>>> Jeremy Matthews 08/20/08 10:49 AM >>> > I want to write defaults to a plist for a user that won't get horked. > Needs to be pre-created... > > Thanks, > jeremy > > On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote: > >> May I ask why you would want to do this? >> >> If you can script it, Casper can and will run it. If we know your >> higher goal perhaps we can better answer your question. >> >> Thomas Larkin >> TIS Department >> KCKPS USD500 >> tlarki at kckps.org >> cell: 913-449-7589 >> office: 913-627-0351 >>>>> Jeremy Matthews 08/20/08 10:35 AM >>> >> Casper can run scripts against your box, but it does so as a root >> user >> - what if I want to run the script as a different user, such as the >> one who is logged in - without prompting for a password (like su-)? >> >> Thanks, >> j >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper >> > > From r.wessen at neu.edu Wed Aug 20 10:04:45 2008 From: r.wessen at neu.edu (r.wessen at neu.edu) Date: Wed, 20 Aug 2008 13:04:45 -0400 Subject: [Casper] run script as different user? In-Reply-To: Message-ID: Is your OD binding problem solved with this tip? http://support.apple.com/kb/TS1245 It's a common one when imaging 10.5, like the local SID in Windows if you have done MS imaging as well. In fact if anyone from JAMF is on this list, this would be a great feature to add when a 10.5 machine is first imaged. The first thing a machine should do is change the local KDC hash so each one is unique per machine. It seems to me to be enough of a problem that the imaging tools should take care of it, not a custom script by us users. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University C: (617) 799-4905 http://www.infoservices.neu.edu Jeremy Matthews Sent by: casper-bounces at list.jamfsoftware.com 08/20/2008 12:40 PM To Thomas Larkin cc casper at list.jamfsoftware.com Subject Re: [Casper] run script as different user? Tried applying to all users - the file is created, but I then have to go in a muck around with ownership - or else it gets overwritten when certain apps are launched and cannot find a valid plist. If I try to return the session user during an installation, it is usually root. Our 10.5 server is working, but clients are not binding properly, so MCX attributes are out - unless I want to push those out as well, but pointless until it is set for production. It was my understanding that composer used packagemaker, and therefore during an "installation", runs as root - which brings me back to the issue - script needs to run as a different user - without me asking the user to authenticate. Tried the tilde - didn't work. Config file sounds interesting....what is that about? Thanks, j On Aug 20, 2008, at 11:54 AM, Thomas Larkin wrote: > You can do this many ways. > > use a wild card and apply to all users > > enforce it from MCX if you are running Open Directory > > Use composer and take a snap shot of the modification and assign it > to smart groups with in casper, then deploy > > set it up as a self service policy and use the ~/ for that users plist > > set it in the (forgot the file path) configuration file that pushes > out new user settings every time a user is created > > What exactly are you trying to do? > > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > cell: 913-449-7589 > office: 913-627-0351 >>>> Jeremy Matthews 08/20/08 10:49 AM >>> > I want to write defaults to a plist for a user that won't get horked. > Needs to be pre-created... > > Thanks, > jeremy > > On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote: > >> May I ask why you would want to do this? >> >> If you can script it, Casper can and will run it. If we know your >> higher goal perhaps we can better answer your question. >> >> Thomas Larkin >> TIS Department >> KCKPS USD500 >> tlarki at kckps.org >> cell: 913-449-7589 >> office: 913-627-0351 >>>>> Jeremy Matthews 08/20/08 10:35 AM >>> >> Casper can run scripts against your box, but it does so as a root >> user >> - what if I want to run the script as a different user, such as the >> one who is logged in - without prompting for a password (like su-)? >> >> Thanks, >> j >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper >> > > _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/5ea6f668/attachment.htm From jeremymatthews at mac.com Wed Aug 20 10:13:40 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Wed, 20 Aug 2008 13:13:40 -0400 Subject: [Casper] run script as different user? In-Reply-To: <48AC5747020000810002F083@gwise-gw1.uclan.ac.uk> References: <48AC5747020000810002F083@gwise-gw1.uclan.ac.uk> Message-ID: Criss, We just got this working this morning...works pretty well - we're using a user-based LaunchAgent that runs on login. We even have the script securely delete itself, as well as the LaunchAgent (writing defaults shouldn't take more than one time)....cool stuff! Thanks, jeremy On Aug 20, 2008, at 12:41 PM, Criss Myers wrote: > what about a login hook to run the defaults company, i use that to > setup my screensaver prefs > > criss > > Criss Myers > Senior Customer Support Analyst (Mac Services) > Apple Certified Technical Coordinator v10.5 > LIS Business Support Team > Library 301 > University of Central Lancashire > Preston PR1 2HE > Ex 5054 > 01772 895054 >>>> Jeremy Matthews 20/08/08 5:14 PM >>> > Tried applying to all users - the file is created, but I then have to > go in a muck around with ownership - or else it gets overwritten when > certain apps are launched and cannot find a valid plist. If I try to > return the session user during an installation, it is usually root. > > Our 10.5 server is working, but clients are not binding properly, so > MCX attributes are out - unless I want to push those out as well, but > pointless until it is set for production. > > It was my understanding that composer used packagemaker, and therefore > during an "installation", runs as root - which brings me back to the > issue - script needs to run as a different user - without me asking > the user to authenticate. > > Tried the tilde - didn't work. > > Config file sounds interesting....what is that about? > > Thanks, > j > > On Aug 20, 2008, at 11:54 AM, Thomas Larkin wrote: > >> You can do this many ways. >> >> use a wild card and apply to all users >> >> enforce it from MCX if you are running Open Directory >> >> Use composer and take a snap shot of the modification and assign it >> to smart groups with in casper, then deploy >> >> set it up as a self service policy and use the ~/ for that users >> plist >> >> set it in the (forgot the file path) configuration file that pushes >> out new user settings every time a user is created >> >> What exactly are you trying to do? >> >> Thomas Larkin >> TIS Department >> KCKPS USD500 >> tlarki at kckps.org >> cell: 913-449-7589 >> office: 913-627-0351 >>>>> Jeremy Matthews 08/20/08 10:49 AM >>> >> I want to write defaults to a plist for a user that won't get horked. >> Needs to be pre-created... >> >> Thanks, >> jeremy >> >> On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote: >> >>> May I ask why you would want to do this? >>> >>> If you can script it, Casper can and will run it. If we know your >>> higher goal perhaps we can better answer your question. >>> >>> Thomas Larkin >>> TIS Department >>> KCKPS USD500 >>> tlarki at kckps.org >>> cell: 913-449-7589 >>> office: 913-627-0351 >>>>>> Jeremy Matthews 08/20/08 10:35 AM >>> >>> Casper can run scripts against your box, but it does so as a root >>> user >>> - what if I want to run the script as a different user, such as the >>> one who is logged in - without prompting for a password (like su-)? >>> >>> Thanks, >>> j >>> _______________________________________________ >>> Casper mailing list >>> Casper at list.jamfsoftware.com >>> http://list.jamfsoftware.com/mailman/listinfo/casper >>> >> >> > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > From jeremymatthews at mac.com Wed Aug 20 10:22:23 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Wed, 20 Aug 2008 13:22:23 -0400 Subject: [Casper] run script as different user? In-Reply-To: <48AC0193.7141.0039.0@kckps.org> References: <48ABF80302000039000018AE@gwoes4.kckps.org> <48AC0193.7141.0039.0@kckps.org> Message-ID: <9D8785BF-7E11-41CD-932E-F2CAD7AA60A3@mac.com> Thomas, We used a wild card...or at last, what I thought was a wild card: ---- for i in $( ls /Users ) do defaults write /Users/$i/Library/Preferences/com.panic.Transmit3 SerialNumber 333-333-333-333 done ---- Unfortunately, this runs as root, so permissions get horked, etc. As soon as the users launches the app (Transmit, in this case), the "bad" file gets overwritten. So, we still need to run another script to repair permissions on said file. I get the whole composer thing - right now we're tied to packagemaker - per policy for this environment everything has to be a package/ metapackage. Its messy, I know. Try reverse-engineering CS3 installs...when Casper can nicely handle that for you. Plus, composer wants to diff the whole disk still...while something like LanRev can watch specific directories...a lot faster when you know where things will be installed. Love to get OD finished - but until some issues are resolved its a no- go. We pushed out MCX stuff before...hopefully that will be our path in about 3 months. But not today, sadly. Thanks, j On Aug 20, 2008, at 12:35 PM, Thomas Larkin wrote: > Well, > > I still don't know what exactly you are trying to accomplish but I > can still give you a few pointers > > using a wild card in a script will apply to all users > > default write /Users/*/path/to/plist > > the above is an out of syntax quick and dirty example. The * is the > wild card > > Composer will capture any modifications you make to a file. To just > give you an example, we have some old legacy netware file shares > that only support plain text passwords. By default AFP does not > allow this. So, I had to edit the AFP plist file to allow plain > text passwords. Before I did, I took a snap shot, then edited the > file and took another snap shot and it picked up that I modified > that plist file. I then created a policy that pushes that plist > out, and since composer took a snap shot of where that file goes as > well, it runs as a root process and overwrites the original file > with my new one that allows for plain text passwords. This is > easier in my opinion that writing a script to add the settings, > especially when it comes to testing. You can modify ownership and > everything and Composer will keep those settings you set, convert it > to a dmg file and then you can toss it in Casper Admin, and then set > a policy in the JSS and you are done. > > Then under /System/Library/UserTemplates/English.lproj, you can set > up templates so that whenever a user account is created it will use > that template as the default settings. Place that plist file in the > template and it should replicate out to every user. > > I suggest you get your Open Directory running and enforce things by > group policy, it is a much nicer and easier way of managing the OS X > clients. > >>>> Jeremy Matthews 08/20/08 11:14 AM >>> > Tried applying to all users - the file is created, but I then have to > go in a muck around with ownership - or else it gets overwritten when > certain apps are launched and cannot find a valid plist. If I try to > return the session user during an installation, it is usually root. > > Our 10.5 server is working, but clients are not binding properly, so > MCX attributes are out - unless I want to push those out as well, but > pointless until it is set for production. > > It was my understanding that composer used packagemaker, and therefore > during an "installation", runs as root - which brings me back to the > issue - script needs to run as a different user - without me asking > the user to authenticate. > > Tried the tilde - didn't work. > > Config file sounds interesting....what is that about? > > Thanks, > j > > On Aug 20, 2008, at 11:54 AM, Thomas Larkin wrote: > >> You can do this many ways. >> >> use a wild card and apply to all users >> >> enforce it from MCX if you are running Open Directory >> >> Use composer and take a snap shot of the modification and assign it >> to smart groups with in casper, then deploy >> >> set it up as a self service policy and use the ~/ for that users >> plist >> >> set it in the (forgot the file path) configuration file that pushes >> out new user settings every time a user is created >> >> What exactly are you trying to do? >> >> Thomas Larkin >> TIS Department >> KCKPS USD500 >> tlarki at kckps.org >> cell: 913-449-7589 >> office: 913-627-0351 >>>>> Jeremy Matthews 08/20/08 10:49 AM >>> >> I want to write defaults to a plist for a user that won't get horked. >> Needs to be pre-created... >> >> Thanks, >> jeremy >> >> On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote: >> >>> May I ask why you would want to do this? >>> >>> If you can script it, Casper can and will run it. If we know your >>> higher goal perhaps we can better answer your question. >>> >>> Thomas Larkin >>> TIS Department >>> KCKPS USD500 >>> tlarki at kckps.org >>> cell: 913-449-7589 >>> office: 913-627-0351 >>>>>> Jeremy Matthews 08/20/08 10:35 AM >>> >>> Casper can run scripts against your box, but it does so as a root >>> user >>> - what if I want to run the script as a different user, such as the >>> one who is logged in - without prompting for a password (like su-)? >>> >>> Thanks, >>> j >>> _______________________________________________ >>> Casper mailing list >>> Casper at list.jamfsoftware.com >>> http://list.jamfsoftware.com/mailman/listinfo/casper >>> >> >> > > From jeremymatthews at mac.com Wed Aug 20 10:24:53 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Wed, 20 Aug 2008 13:24:53 -0400 Subject: [Casper] run script as different user? Message-ID: No - our issue occurs when you bind a machine, and it doesn't appear in WGM. It is one of our few remaining 10.5 server issues....of course 10.4.11 client/server works flawlessly. ----- Is your OD binding problem solved with this tip? http://support.apple.com/kb/TS1245 It's a common one when imaging 10.5, like the local SID in Windows if you have done MS imaging as well. In fact if anyone from JAMF is on this list, this would be a great feature to add when a 10.5 machine is first imaged. The first thing a machine should do is change the local KDC hash so each one is unique per machine. It seems to me to be enough of a problem that the imaging tools should take care of it, not a custom script by us users. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/07a02160/attachment.html From miles.leacy at themacadmin.com Wed Aug 20 10:27:30 2008 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Wed, 20 Aug 2008 13:27:30 -0400 Subject: [Casper] run script as different user? In-Reply-To: <9D8785BF-7E11-41CD-932E-F2CAD7AA60A3@mac.com> References: <48ABF80302000039000018AE@gwoes4.kckps.org> <48AC0193.7141.0039.0@kckps.org> <9D8785BF-7E11-41CD-932E-F2CAD7AA60A3@mac.com> Message-ID: On Wed, Aug 20, 2008 at 1:22 PM, Jeremy Matthews wrote: > Thomas, > > We used a wild card...or at last, what I thought was a wild card: > ---- > for i in $( ls /Users ) > do > defaults write /Users/$i/Library/Preferences/com.panic.Transmit3 > SerialNumber 333-333-333-333 > done > ---- > > Unfortunately, this runs as root, so permissions get horked, etc. Add the line: chown $i /Users/$i/Library/Preferences/com.panic.Transmit3.plist before the "done" statement. ta-daa! your users' plist now belongs to them. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/99d7888d/attachment.htm From jeremymatthews at mac.com Wed Aug 20 10:31:44 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Wed, 20 Aug 2008 13:31:44 -0400 Subject: [Casper] run script as different user? In-Reply-To: References: <48ABF80302000039000018AE@gwoes4.kckps.org> <48AC0193.7141.0039.0@kckps.org> <9D8785BF-7E11-41CD-932E-F2CAD7AA60A3@mac.com> Message-ID: <5DF32052-68C3-4D58-A5AC-AB1076291A11@mac.com> You know, the funny thing is that we tried that but our test machine wouldn't respect the command. I'm guessing at this point that since the script has a lot more running inside of it, it needs further dissasembly....something must be silently failing or changing it back. I know at one point we had a pseudo-security daemon that looked for new files, and would change them in whatever way that consultant saw fit (before my time). But, we have re-run ownership (standalone) and it does fix the issue. I think the set of setup scripts we "inherited" may need....further study. Thanks, j On Aug 20, 2008, at 1:27 PM, Miles Leacy wrote: > On Wed, Aug 20, 2008 at 1:22 PM, Jeremy Matthews > wrote: > Thomas, > > We used a wild card...or at last, what I thought was a wild card: > ---- > for i in $( ls /Users ) > do > defaults write /Users/$i/Library/Preferences/com.panic.Transmit3 > SerialNumber 333-333-333-333 > done > ---- > > Unfortunately, this runs as root, so permissions get horked, etc. > > Add the line: > chown $i /Users/$i/Library/Preferences/com.panic.Transmit3.plist > > before the "done" statement. > > ta-daa! your users' plist now belongs to them. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/502adc39/attachment.html From tlarki at kckps.org Wed Aug 20 10:31:59 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 20 Aug 2008 12:31:59 -0500 Subject: [Casper] run script as different user? Message-ID: <48AC0EBF02000039000018D3@gwoes4.kckps.org> Well, what about this #!/bin/sh #write settings to plist /usr/sbin/defaults wite /Users/*/Library/Preferences/com.panic.Transmit3 SerialNumber 333-333-333-333 #now set ownership and permission /bin/chmod -777 /path/to/plist #now set ownership /usr/sbin/chown -R user:group /path/to/plist For your OD issues I have a script that works for 10.4.11 and 10.5 and I use it in my environment to unbind and rebind servers in OD. http://tlarkin.com/tech/shell-script-remove-clients-bindings-old-server-and-then-bind-them-new-directory-server Yeah my website sucks, I am learning CMS so go easy, and yes that was a shameless plug Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> Jeremy Matthews 08/20/08 12:23 PM >>> Thomas, We used a wild card...or at last, what I thought was a wild card: ---- for i in $( ls /Users ) do defaults write /Users/$i/Library/Preferences/com.panic.Transmit3 SerialNumber 333-333-333-333 done ---- Unfortunately, this runs as root, so permissions get horked, etc. As soon as the users launches the app (Transmit, in this case), the "bad" file gets overwritten. So, we still need to run another script to repair permissions on said file. I get the whole composer thing - right now we're tied to packagemaker - per policy for this environment everything has to be a package/ metapackage. Its messy, I know. Try reverse-engineering CS3 installs...when Casper can nicely handle that for you. Plus, composer wants to diff the whole disk still...while something like LanRev can watch specific directories...a lot faster when you know where things will be installed. Love to get OD finished - but until some issues are resolved its a no- go. We pushed out MCX stuff before...hopefully that will be our path in about 3 months. But not today, sadly. Thanks, j On Aug 20, 2008, at 12:35 PM, Thomas Larkin wrote: > Well, > > I still don't know what exactly you are trying to accomplish but I > can still give you a few pointers > > using a wild card in a script will apply to all users > > default write /Users/*/path/to/plist > > the above is an out of syntax quick and dirty example. The * is the > wild card > > Composer will capture any modifications you make to a file. To just > give you an example, we have some old legacy netware file shares > that only support plain text passwords. By default AFP does not > allow this. So, I had to edit the AFP plist file to allow plain > text passwords. Before I did, I took a snap shot, then edited the > file and took another snap shot and it picked up that I modified > that plist file. I then created a policy that pushes that plist > out, and since composer took a snap shot of where that file goes as > well, it runs as a root process and overwrites the original file > with my new one that allows for plain text passwords. This is > easier in my opinion that writing a script to add the settings, > especially when it comes to testing. You can modify ownership and > everything and Composer will keep those settings you set, convert it > to a dmg file and then you can toss it in Casper Admin, and then set > a policy in the JSS and you are done. > > Then under /System/Library/UserTemplates/English.lproj, you can set > up templates so that whenever a user account is created it will use > that template as the default settings. Place that plist file in the > template and it should replicate out to every user. > > I suggest you get your Open Directory running and enforce things by > group policy, it is a much nicer and easier way of managing the OS X > clients. > >>>> Jeremy Matthews 08/20/08 11:14 AM >>> > Tried applying to all users - the file is created, but I then have to > go in a muck around with ownership - or else it gets overwritten when > certain apps are launched and cannot find a valid plist. If I try to > return the session user during an installation, it is usually root. > > Our 10.5 server is working, but clients are not binding properly, so > MCX attributes are out - unless I want to push those out as well, but > pointless until it is set for production. > > It was my understanding that composer used packagemaker, and therefore > during an "installation", runs as root - which brings me back to the > issue - script needs to run as a different user - without me asking > the user to authenticate. > > Tried the tilde - didn't work. > > Config file sounds interesting....what is that about? > > Thanks, > j > > On Aug 20, 2008, at 11:54 AM, Thomas Larkin wrote: > >> You can do this many ways. >> >> use a wild card and apply to all users >> >> enforce it from MCX if you are running Open Directory >> >> Use composer and take a snap shot of the modification and assign it >> to smart groups with in casper, then deploy >> >> set it up as a self service policy and use the ~/ for that users >> plist >> >> set it in the (forgot the file path) configuration file that pushes >> out new user settings every time a user is created >> >> What exactly are you trying to do? >> >> Thomas Larkin >> TIS Department >> KCKPS USD500 >> tlarki at kckps.org >> cell: 913-449-7589 >> office: 913-627-0351 >>>>> Jeremy Matthews 08/20/08 10:49 AM >>> >> I want to write defaults to a plist for a user that won't get horked. >> Needs to be pre-created... >> >> Thanks, >> jeremy >> >> On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote: >> >>> May I ask why you would want to do this? >>> >>> If you can script it, Casper can and will run it. If we know your >>> higher goal perhaps we can better answer your question. >>> >>> Thomas Larkin >>> TIS Department >>> KCKPS USD500 >>> tlarki at kckps.org >>> cell: 913-449-7589 >>> office: 913-627-0351 >>>>>> Jeremy Matthews 08/20/08 10:35 AM >>> >>> Casper can run scripts against your box, but it does so as a root >>> user >>> - what if I want to run the script as a different user, such as the >>> one who is logged in - without prompting for a password (like su-)? >>> >>> Thanks, >>> j >>> _______________________________________________ >>> Casper mailing list >>> Casper at list.jamfsoftware.com >>> http://list.jamfsoftware.com/mailman/listinfo/casper >>> >> >> > > From r.wessen at neu.edu Wed Aug 20 10:34:19 2008 From: r.wessen at neu.edu (r.wessen at neu.edu) Date: Wed, 20 Aug 2008 13:34:19 -0400 Subject: [Casper] run script as different user? In-Reply-To: Message-ID: Right, when you try to bind, it thinks all your machines are the same because they all have the same local KDC hash. The first one will bind and nothing else will. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University C: (617) 799-4905 http://www.infoservices.neu.edu Jeremy Matthews Sent by: casper-bounces at list.jamfsoftware.com 08/20/2008 01:28 PM To casper at list.jamfsoftware.com cc Subject Re: [Casper] run script as different user? No - our issue occurs when you bind a machine, and it doesn't appear in WGM. It is one of our few remaining 10.5 server issues....of course 10.4.11 client/server works flawlessly. ----- Is your OD binding problem solved with this tip? http://support.apple.com/kb/TS1245 It's a common one when imaging 10.5, like the local SID in Windows if you have done MS imaging as well. In fact if anyone from JAMF is on this list, this would be a great feature to add when a 10.5 machine is first imaged. The first thing a machine should do is change the local KDC hash so each one is unique per machine. It seems to me to be enough of a problem that the imaging tools should take care of it, not a custom script by us users. _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/97f2cd90/attachment.htm From jeremymatthews at mac.com Wed Aug 20 10:36:04 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Wed, 20 Aug 2008 13:36:04 -0400 Subject: [Casper] run script as different user? In-Reply-To: <48AC0EBF02000039000018D3@gwoes4.kckps.org> References: <48AC0EBF02000039000018D3@gwoes4.kckps.org> Message-ID: <385B62CF-B5C5-44EB-907B-2ED406AE92B6@mac.com> Yep - we have similar scripts and those work...I think something in the master_setup script is destroyed, and I'll have to check on the whole security daemon...it looks for and attempts to disable and files that are created within 1 minute of login (excepting LoginHooks and LaunchAgents).....weird, I know.... The problem isn't binding macs to OD - its that the 10.5 Server cannot "see" them - nothing shows up in its list of computers. At. All. That is, except itself "$www.myserver.com" If anyone has insight there....I'm open. -j On Aug 20, 2008, at 1:31 PM, Thomas Larkin wrote: > Well, what about this > > #!/bin/sh > > #write settings to plist > > /usr/sbin/defaults wite /Users/*/Library/Preferences/ > com.panic.Transmit3 SerialNumber 333-333-333-333 > > #now set ownership and permission > > /bin/chmod -777 /path/to/plist > > #now set ownership > > /usr/sbin/chown -R user:group /path/to/plist > > For your OD issues I have a script that works for 10.4.11 and 10.5 > and I use it in my environment to unbind and rebind servers in OD. > > http://tlarkin.com/tech/shell-script-remove-clients-bindings-old-server-and-then-bind-them-new-directory-server > > Yeah my website sucks, I am learning CMS so go easy, and yes that > was a shameless plug > > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > cell: 913-449-7589 > office: 913-627-0351 >>>> Jeremy Matthews 08/20/08 12:23 PM >>> > Thomas, > > We used a wild card...or at last, what I thought was a wild card: > ---- > for i in $( ls /Users ) > do > defaults write /Users/$i/Library/Preferences/com.panic.Transmit3 > SerialNumber 333-333-333-333 > done > ---- > > Unfortunately, this runs as root, so permissions get horked, etc. As > soon as the users launches the app (Transmit, in this case), the "bad" > file gets overwritten. So, we still need to run another script to > repair permissions on said file. > > I get the whole composer thing - right now we're tied to packagemaker > - per policy for this environment everything has to be a package/ > metapackage. Its messy, I know. Try reverse-engineering CS3 > installs...when Casper can nicely handle that for you. Plus, composer > wants to diff the whole disk still...while something like LanRev can > watch specific directories...a lot faster when you know where things > will be installed. > > Love to get OD finished - but until some issues are resolved its a no- > go. We pushed out MCX stuff before...hopefully that will be our path > in about 3 months. But not today, sadly. > > Thanks, > j > > On Aug 20, 2008, at 12:35 PM, Thomas Larkin wrote: > >> Well, >> >> I still don't know what exactly you are trying to accomplish but I >> can still give you a few pointers >> >> using a wild card in a script will apply to all users >> >> default write /Users/*/path/to/ >> plist >> >> the above is an out of syntax quick and dirty example. The * is the >> wild card >> >> Composer will capture any modifications you make to a file. To just >> give you an example, we have some old legacy netware file shares >> that only support plain text passwords. By default AFP does not >> allow this. So, I had to edit the AFP plist file to allow plain >> text passwords. Before I did, I took a snap shot, then edited the >> file and took another snap shot and it picked up that I modified >> that plist file. I then created a policy that pushes that plist >> out, and since composer took a snap shot of where that file goes as >> well, it runs as a root process and overwrites the original file >> with my new one that allows for plain text passwords. This is >> easier in my opinion that writing a script to add the settings, >> especially when it comes to testing. You can modify ownership and >> everything and Composer will keep those settings you set, convert it >> to a dmg file and then you can toss it in Casper Admin, and then set >> a policy in the JSS and you are done. >> >> Then under /System/Library/UserTemplates/English.lproj, you can set >> up templates so that whenever a user account is created it will use >> that template as the default settings. Place that plist file in the >> template and it should replicate out to every user. >> >> I suggest you get your Open Directory running and enforce things by >> group policy, it is a much nicer and easier way of managing the OS X >> clients. >> >>>>> Jeremy Matthews 08/20/08 11:14 AM >>> >> Tried applying to all users - the file is created, but I then have to >> go in a muck around with ownership - or else it gets overwritten when >> certain apps are launched and cannot find a valid plist. If I try to >> return the session user during an installation, it is usually root. >> >> Our 10.5 server is working, but clients are not binding properly, so >> MCX attributes are out - unless I want to push those out as well, but >> pointless until it is set for production. >> >> It was my understanding that composer used packagemaker, and >> therefore >> during an "installation", runs as root - which brings me back to the >> issue - script needs to run as a different user - without me asking >> the user to authenticate. >> >> Tried the tilde - didn't work. >> >> Config file sounds interesting....what is that about? >> >> Thanks, >> j >> >> On Aug 20, 2008, at 11:54 AM, Thomas Larkin wrote: >> >>> You can do this many ways. >>> >>> use a wild card and apply to all users >>> >>> enforce it from MCX if you are running Open Directory >>> >>> Use composer and take a snap shot of the modification and assign it >>> to smart groups with in casper, then deploy >>> >>> set it up as a self service policy and use the ~/ for that users >>> plist >>> >>> set it in the (forgot the file path) configuration file that pushes >>> out new user settings every time a user is created >>> >>> What exactly are you trying to do? >>> >>> Thomas Larkin >>> TIS Department >>> KCKPS USD500 >>> tlarki at kckps.org >>> cell: 913-449-7589 >>> office: 913-627-0351 >>>>>> Jeremy Matthews 08/20/08 10:49 AM >>> >>> I want to write defaults to a plist for a user that won't get >>> horked. >>> Needs to be pre-created... >>> >>> Thanks, >>> jeremy >>> >>> On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote: >>> >>>> May I ask why you would want to do this? >>>> >>>> If you can script it, Casper can and will run it. If we know your >>>> higher goal perhaps we can better answer your question. >>>> >>>> Thomas Larkin >>>> TIS Department >>>> KCKPS USD500 >>>> tlarki at kckps.org >>>> cell: 913-449-7589 >>>> office: 913-627-0351 >>>>>>> Jeremy Matthews 08/20/08 10:35 AM >>> >>>> Casper can run scripts against your box, but it does so as a root >>>> user >>>> - what if I want to run the script as a different user, such as the >>>> one who is logged in - without prompting for a password (like su-)? >>>> >>>> Thanks, >>>> j >>>> _______________________________________________ >>>> Casper mailing list >>>> Casper at list.jamfsoftware.com >>>> http://list.jamfsoftware.com/mailman/listinfo/casper >>>> >>> >>> >> >> > > From william.smith at merrillcorp.com Wed Aug 20 10:39:06 2008 From: william.smith at merrillcorp.com (Smith, William) Date: Wed, 20 Aug 2008 12:39:06 -0500 Subject: [Casper] run script as different user? In-Reply-To: <5DF32052-68C3-4D58-A5AC-AB1076291A11@mac.com> Message-ID: On 8/20/08 12:31 PM, "Jeremy Matthews" wrote: > I'm guessing at this point that since the script has a lot more running inside > of it, it needs further dissasembly....something must be silently failing or > changing it back. I know at one point we had a pseudo-security daemon that > looked for new files, and would change them in whatever way that consultant > saw fit (before my time). For a while I had a long post-imaging script that took care of things like network settings, antivirus updates, etc., then I adopted the modular approach even with my scripts. Now I have several smaller scripts but they?re easier to maintain this way and I can apply them as part of the imaging process or run them individually to correct minor problems. If you?ve got one script doing several unrelated things then consider this approach. -- bill William M. Smith, Technical Analyst MCS IT Merrill Communications, LLC (651) 632-1492 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/e91b6305/attachment.html From miles.leacy at themacadmin.com Wed Aug 20 10:40:28 2008 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Wed, 20 Aug 2008 13:40:28 -0400 Subject: [Casper] run script as different user? In-Reply-To: <385B62CF-B5C5-44EB-907B-2ED406AE92B6@mac.com> References: <48AC0EBF02000039000018D3@gwoes4.kckps.org> <385B62CF-B5C5-44EB-907B-2ED406AE92B6@mac.com> Message-ID: OD doesn't discover computers. You need to create the records in the directory (using Workgroup Manager, typically) in order for them to appear in Workgroup Manager. Were the computer records created in OD, and now they're missing? On Wed, Aug 20, 2008 at 1:36 PM, Jeremy Matthews wrote: > Yep - we have similar scripts and those work...I think something in > the master_setup script is destroyed, and I'll have to check on the > whole security daemon...it looks for and attempts to disable and files > that are created within 1 minute of login (excepting LoginHooks and > LaunchAgents).....weird, I know.... > > The problem isn't binding macs to OD - its that the 10.5 Server cannot > "see" them - nothing shows up in its list of computers. > At. All. > > That is, except itself "$www.myserver.com" > > If anyone has insight there....I'm open. > > -j > > > On Aug 20, 2008, at 1:31 PM, Thomas Larkin wrote: > > > Well, what about this > > > > #!/bin/sh > > > > #write settings to plist > > > > /usr/sbin/defaults wite /Users/*/Library/Preferences/ > > com.panic.Transmit3 SerialNumber 333-333-333-333 > > > > #now set ownership and permission > > > > /bin/chmod -777 /path/to/plist > > > > #now set ownership > > > > /usr/sbin/chown -R user:group /path/to/plist > > > > For your OD issues I have a script that works for 10.4.11 and 10.5 > > and I use it in my environment to unbind and rebind servers in OD. > > > > > http://tlarkin.com/tech/shell-script-remove-clients-bindings-old-server-and-then-bind-them-new-directory-server > > > > Yeah my website sucks, I am learning CMS so go easy, and yes that > > was a shameless plug > > > > Thomas Larkin > > TIS Department > > KCKPS USD500 > > tlarki at kckps.org > > cell: 913-449-7589 > > office: 913-627-0351 > >>>> Jeremy Matthews 08/20/08 12:23 PM >>> > > Thomas, > > > > We used a wild card...or at last, what I thought was a wild card: > > ---- > > for i in $( ls /Users ) > > do > > defaults write /Users/$i/Library/Preferences/com.panic.Transmit3 > > SerialNumber 333-333-333-333 > > done > > ---- > > > > Unfortunately, this runs as root, so permissions get horked, etc. As > > soon as the users launches the app (Transmit, in this case), the "bad" > > file gets overwritten. So, we still need to run another script to > > repair permissions on said file. > > > > I get the whole composer thing - right now we're tied to packagemaker > > - per policy for this environment everything has to be a package/ > > metapackage. Its messy, I know. Try reverse-engineering CS3 > > installs...when Casper can nicely handle that for you. Plus, composer > > wants to diff the whole disk still...while something like LanRev can > > watch specific directories...a lot faster when you know where things > > will be installed. > > > > Love to get OD finished - but until some issues are resolved its a no- > > go. We pushed out MCX stuff before...hopefully that will be our path > > in about 3 months. But not today, sadly. > > > > Thanks, > > j > > > > On Aug 20, 2008, at 12:35 PM, Thomas Larkin wrote: > > > >> Well, > >> > >> I still don't know what exactly you are trying to accomplish but I > >> can still give you a few pointers > >> > >> using a wild card in a script will apply to all users > >> > >> default write /Users/*/path/to/ > >> plist > >> > >> the above is an out of syntax quick and dirty example. The * is the > >> wild card > >> > >> Composer will capture any modifications you make to a file. To just > >> give you an example, we have some old legacy netware file shares > >> that only support plain text passwords. By default AFP does not > >> allow this. So, I had to edit the AFP plist file to allow plain > >> text passwords. Before I did, I took a snap shot, then edited the > >> file and took another snap shot and it picked up that I modified > >> that plist file. I then created a policy that pushes that plist > >> out, and since composer took a snap shot of where that file goes as > >> well, it runs as a root process and overwrites the original file > >> with my new one that allows for plain text passwords. This is > >> easier in my opinion that writing a script to add the settings, > >> especially when it comes to testing. You can modify ownership and > >> everything and Composer will keep those settings you set, convert it > >> to a dmg file and then you can toss it in Casper Admin, and then set > >> a policy in the JSS and you are done. > >> > >> Then under /System/Library/UserTemplates/English.lproj, you can set > >> up templates so that whenever a user account is created it will use > >> that template as the default settings. Place that plist file in the > >> template and it should replicate out to every user. > >> > >> I suggest you get your Open Directory running and enforce things by > >> group policy, it is a much nicer and easier way of managing the OS X > >> clients. > >> > >>>>> Jeremy Matthews 08/20/08 11:14 AM >>> > >> Tried applying to all users - the file is created, but I then have to > >> go in a muck around with ownership - or else it gets overwritten when > >> certain apps are launched and cannot find a valid plist. If I try to > >> return the session user during an installation, it is usually root. > >> > >> Our 10.5 server is working, but clients are not binding properly, so > >> MCX attributes are out - unless I want to push those out as well, but > >> pointless until it is set for production. > >> > >> It was my understanding that composer used packagemaker, and > >> therefore > >> during an "installation", runs as root - which brings me back to the > >> issue - script needs to run as a different user - without me asking > >> the user to authenticate. > >> > >> Tried the tilde - didn't work. > >> > >> Config file sounds interesting....what is that about? > >> > >> Thanks, > >> j > >> > >> On Aug 20, 2008, at 11:54 AM, Thomas Larkin wrote: > >> > >>> You can do this many ways. > >>> > >>> use a wild card and apply to all users > >>> > >>> enforce it from MCX if you are running Open Directory > >>> > >>> Use composer and take a snap shot of the modification and assign it > >>> to smart groups with in casper, then deploy > >>> > >>> set it up as a self service policy and use the ~/ for that users > >>> plist > >>> > >>> set it in the (forgot the file path) configuration file that pushes > >>> out new user settings every time a user is created > >>> > >>> What exactly are you trying to do? > >>> > >>> Thomas Larkin > >>> TIS Department > >>> KCKPS USD500 > >>> tlarki at kckps.org > >>> cell: 913-449-7589 > >>> office: 913-627-0351 > >>>>>> Jeremy Matthews 08/20/08 10:49 AM >>> > >>> I want to write defaults to a plist for a user that won't get > >>> horked. > >>> Needs to be pre-created... > >>> > >>> Thanks, > >>> jeremy > >>> > >>> On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote: > >>> > >>>> May I ask why you would want to do this? > >>>> > >>>> If you can script it, Casper can and will run it. If we know your > >>>> higher goal perhaps we can better answer your question. > >>>> > >>>> Thomas Larkin > >>>> TIS Department > >>>> KCKPS USD500 > >>>> tlarki at kckps.org > >>>> cell: 913-449-7589 > >>>> office: 913-627-0351 > >>>>>>> Jeremy Matthews 08/20/08 10:35 AM >>> > >>>> Casper can run scripts against your box, but it does so as a root > >>>> user > >>>> - what if I want to run the script as a different user, such as the > >>>> one who is logged in - without prompting for a password (like su-)? > >>>> > >>>> Thanks, > >>>> j > >>>> _______________________________________________ > >>>> Casper mailing list > >>>> Casper at list.jamfsoftware.com > >>>> http://list.jamfsoftware.com/mailman/listinfo/casper > >>>> > >>> > >>> > >> > >> > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/043dba7e/attachment.htm From jeremymatthews at mac.com Wed Aug 20 10:42:12 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Wed, 20 Aug 2008 13:42:12 -0400 Subject: [Casper] run script as different user? In-Reply-To: References: <48AC0EBF02000039000018D3@gwoes4.kckps.org> <385B62CF-B5C5-44EB-907B-2ED406AE92B6@mac.com> Message-ID: Er....lemme back up. We would bind a mac to OD, and then it would show up in WGM under computers. This is the way its worked since about 10.3 - works fine in 10.4. We don't create computer records - OD does that for us during the binding process. No computer records evident... Thanks, j On Aug 20, 2008, at 1:39 PM, Miles Leacy IV wrote: > OD doesn't discover computers. You need to create the records in > the directory (using Workgroup Manager, typically) in order for them > to appear in Workgroup Manager. > > Were the computer records created in OD, and now they're missing? > > On Wed, Aug 20, 2008 at 1:36 PM, Jeremy Matthews > wrote: > Yep - we have similar scripts and those work...I think something in > the master_setup script is destroyed, and I'll have to check on the > whole security daemon...it looks for and attempts to disable and files > that are created within 1 minute of login (excepting LoginHooks and > LaunchAgents).....weird, I know.... > > The problem isn't binding macs to OD - its that the 10.5 Server cannot > "see" them - nothing shows up in its list of computers. > At. All. > > That is, except itself "$www.myserver.com" > > If anyone has insight there....I'm open. > > -j > > > On Aug 20, 2008, at 1:31 PM, Thomas Larkin wrote: > > > Well, what about this > > > > #!/bin/sh > > > > #write settings to plist > > > > /usr/sbin/defaults wite /Users/*/Library/Preferences/ > > com.panic.Transmit3 SerialNumber 333-333-333-333 > > > > #now set ownership and permission > > > > /bin/chmod -777 /path/to/plist > > > > #now set ownership > > > > /usr/sbin/chown -R user:group /path/to/plist > > > > For your OD issues I have a script that works for 10.4.11 and 10.5 > > and I use it in my environment to unbind and rebind servers in OD. > > > > http://tlarkin.com/tech/shell-script-remove-clients-bindings-old-server-and-then-bind-them-new-directory-server > > > > Yeah my website sucks, I am learning CMS so go easy, and yes that > > was a shameless plug > > > > Thomas Larkin > > TIS Department > > KCKPS USD500 > > tlarki at kckps.org > > cell: 913-449-7589 > > office: 913-627-0351 > >>>> Jeremy Matthews 08/20/08 12:23 PM >>> > > Thomas, > > > > We used a wild card...or at last, what I thought was a wild card: > > ---- > > for i in $( ls /Users ) > > do > > defaults write /Users/$i/Library/Preferences/com.panic.Transmit3 > > SerialNumber 333-333-333-333 > > done > > ---- > > > > Unfortunately, this runs as root, so permissions get horked, etc. As > > soon as the users launches the app (Transmit, in this case), the > "bad" > > file gets overwritten. So, we still need to run another script to > > repair permissions on said file. > > > > I get the whole composer thing - right now we're tied to > packagemaker > > - per policy for this environment everything has to be a package/ > > metapackage. Its messy, I know. Try reverse-engineering CS3 > > installs...when Casper can nicely handle that for you. Plus, > composer > > wants to diff the whole disk still...while something like LanRev can > > watch specific directories...a lot faster when you know where things > > will be installed. > > > > Love to get OD finished - but until some issues are resolved its a > no- > > go. We pushed out MCX stuff before...hopefully that will be our path > > in about 3 months. But not today, sadly. > > > > Thanks, > > j > > > > On Aug 20, 2008, at 12:35 PM, Thomas Larkin wrote: > > > >> Well, > >> > >> I still don't know what exactly you are trying to accomplish but I > >> can still give you a few pointers > >> > >> using a wild card in a script will apply to all users > >> > >> default write /Users/*/path/to/ > >> plist > >> > >> the above is an out of syntax quick and dirty example. The * is > the > >> wild card > >> > >> Composer will capture any modifications you make to a file. To > just > >> give you an example, we have some old legacy netware file shares > >> that only support plain text passwords. By default AFP does not > >> allow this. So, I had to edit the AFP plist file to allow plain > >> text passwords. Before I did, I took a snap shot, then edited the > >> file and took another snap shot and it picked up that I modified > >> that plist file. I then created a policy that pushes that plist > >> out, and since composer took a snap shot of where that file goes as > >> well, it runs as a root process and overwrites the original file > >> with my new one that allows for plain text passwords. This is > >> easier in my opinion that writing a script to add the settings, > >> especially when it comes to testing. You can modify ownership and > >> everything and Composer will keep those settings you set, convert > it > >> to a dmg file and then you can toss it in Casper Admin, and then > set > >> a policy in the JSS and you are done. > >> > >> Then under /System/Library/UserTemplates/English.lproj, you can set > >> up templates so that whenever a user account is created it will use > >> that template as the default settings. Place that plist file in > the > >> template and it should replicate out to every user. > >> > >> I suggest you get your Open Directory running and enforce things by > >> group policy, it is a much nicer and easier way of managing the > OS X > >> clients. > >> > >>>>> Jeremy Matthews 08/20/08 11:14 AM >>> > >> Tried applying to all users - the file is created, but I then > have to > >> go in a muck around with ownership - or else it gets overwritten > when > >> certain apps are launched and cannot find a valid plist. If I try > to > >> return the session user during an installation, it is usually root. > >> > >> Our 10.5 server is working, but clients are not binding properly, > so > >> MCX attributes are out - unless I want to push those out as well, > but > >> pointless until it is set for production. > >> > >> It was my understanding that composer used packagemaker, and > >> therefore > >> during an "installation", runs as root - which brings me back to > the > >> issue - script needs to run as a different user - without me asking > >> the user to authenticate. > >> > >> Tried the tilde - didn't work. > >> > >> Config file sounds interesting....what is that about? > >> > >> Thanks, > >> j > >> > >> On Aug 20, 2008, at 11:54 AM, Thomas Larkin wrote: > >> > >>> You can do this many ways. > >>> > >>> use a wild card and apply to all users > >>> > >>> enforce it from MCX if you are running Open Directory > >>> > >>> Use composer and take a snap shot of the modification and assign > it > >>> to smart groups with in casper, then deploy > >>> > >>> set it up as a self service policy and use the ~/ for that users > >>> plist > >>> > >>> set it in the (forgot the file path) configuration file that > pushes > >>> out new user settings every time a user is created > >>> > >>> What exactly are you trying to do? > >>> > >>> Thomas Larkin > >>> TIS Department > >>> KCKPS USD500 > >>> tlarki at kckps.org > >>> cell: 913-449-7589 > >>> office: 913-627-0351 > >>>>>> Jeremy Matthews 08/20/08 10:49 AM >>> > >>> I want to write defaults to a plist for a user that won't get > >>> horked. > >>> Needs to be pre-created... > >>> > >>> Thanks, > >>> jeremy > >>> > >>> On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote: > >>> > >>>> May I ask why you would want to do this? > >>>> > >>>> If you can script it, Casper can and will run it. If we know > your > >>>> higher goal perhaps we can better answer your question. > >>>> > >>>> Thomas Larkin > >>>> TIS Department > >>>> KCKPS USD500 > >>>> tlarki at kckps.org > >>>> cell: 913-449-7589 > >>>> office: 913-627-0351 > >>>>>>> Jeremy Matthews 08/20/08 10:35 AM >>> > >>>> Casper can run scripts against your box, but it does so as a root > >>>> user > >>>> - what if I want to run the script as a different user, such as > the > >>>> one who is logged in - without prompting for a password (like > su-)? > >>>> > >>>> Thanks, > >>>> j > >>>> _______________________________________________ > >>>> Casper mailing list > >>>> Casper at list.jamfsoftware.com > >>>> http://list.jamfsoftware.com/mailman/listinfo/casper > >>>> > >>> > >>> > >> > >> > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/d5ad7e49/attachment.html From miles.leacy at themacadmin.com Wed Aug 20 10:42:50 2008 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Wed, 20 Aug 2008 13:42:50 -0400 Subject: [Casper] run script as different user? In-Reply-To: References: <5DF32052-68C3-4D58-A5AC-AB1076291A11@mac.com> Message-ID: Absolutely. Think of and approach scripts just like packaging. A big script requires a lot of work to update and is more prone to problems. Small scripts, even containing a single command, are easy to write, troubleshoot & update. 2008/8/20 Smith, William > On 8/20/08 12:31 PM, "Jeremy Matthews" wrote: > > I'm guessing at this point that since the script has a lot more running > inside of it, it needs further dissasembly....something must be silently > failing or changing it back. I know at one point we had a pseudo-security > daemon that looked for new files, and would change them in whatever way that > consultant saw fit (before my time). > > > For a while I had a long post-imaging script that took care of things like > network settings, antivirus updates, etc., then I adopted the modular > approach even with my scripts. Now I have several smaller scripts but > they're easier to maintain this way and I can apply them as part of the > imaging process or run them individually to correct minor problems. > > If you've got one script doing several unrelated things then consider this > approach. > > -- > > bill > > William M. Smith, Technical Analyst > MCS IT > Merrill Communications, LLC > (651) 632-1492 > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/f0ef3deb/attachment.htm From miles.leacy at themacadmin.com Wed Aug 20 10:52:13 2008 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Wed, 20 Aug 2008 13:52:13 -0400 Subject: [Casper] run script as different user? In-Reply-To: References: <48AC0EBF02000039000018D3@gwoes4.kckps.org> <385B62CF-B5C5-44EB-907B-2ED406AE92B6@mac.com> Message-ID: Perhaps its procedural baggage, but I've always created the computer record in WGM before binding the client via Directory Access/Directory Utility. On Wed, Aug 20, 2008 at 1:42 PM, Jeremy Matthews wrote: > Er....lemme back up. > We would bind a mac to OD, and then it would show up in WGM under > computers. This is the way its worked since about 10.3 - works fine in 10.4. > We don't create computer records - OD does that for us during the binding > process. > > No computer records evident... > > Thanks, > j > > > On Aug 20, 2008, at 1:39 PM, Miles Leacy IV wrote: > > OD doesn't discover computers. You need to create the records in the > directory (using Workgroup Manager, typically) in order for them to appear > in Workgroup Manager. > Were the computer records created in OD, and now they're missing? > > On Wed, Aug 20, 2008 at 1:36 PM, Jeremy Matthews wrote: > >> Yep - we have similar scripts and those work...I think something in >> the master_setup script is destroyed, and I'll have to check on the >> whole security daemon...it looks for and attempts to disable and files >> that are created within 1 minute of login (excepting LoginHooks and >> LaunchAgents).....weird, I know.... >> >> The problem isn't binding macs to OD - its that the 10.5 Server cannot >> "see" them - nothing shows up in its list of computers. >> At. All. >> >> That is, except itself "$www.myserver.com" >> >> If anyone has insight there....I'm open. >> >> -j >> >> >> On Aug 20, 2008, at 1:31 PM, Thomas Larkin wrote: >> >> > Well, what about this >> > >> > #!/bin/sh >> > >> > #write settings to plist >> > >> > /usr/sbin/defaults wite /Users/*/Library/Preferences/ >> > com.panic.Transmit3 SerialNumber 333-333-333-333 >> > >> > #now set ownership and permission >> > >> > /bin/chmod -777 /path/to/plist >> > >> > #now set ownership >> > >> > /usr/sbin/chown -R user:group /path/to/plist >> > >> > For your OD issues I have a script that works for 10.4.11 and 10.5 >> > and I use it in my environment to unbind and rebind servers in OD. >> > >> > >> http://tlarkin.com/tech/shell-script-remove-clients-bindings-old-server-and-then-bind-them-new-directory-server >> > >> > Yeah my website sucks, I am learning CMS so go easy, and yes that >> > was a shameless plug >> > >> > Thomas Larkin >> > TIS Department >> > KCKPS USD500 >> > tlarki at kckps.org >> > cell: 913-449-7589 >> > office: 913-627-0351 >> >>>> Jeremy Matthews 08/20/08 12:23 PM >>> >> > Thomas, >> > >> > We used a wild card...or at last, what I thought was a wild card: >> > ---- >> > for i in $( ls /Users ) >> > do >> > defaults write /Users/$i/Library/Preferences/com.panic.Transmit3 >> > SerialNumber 333-333-333-333 >> > done >> > ---- >> > >> > Unfortunately, this runs as root, so permissions get horked, etc. As >> > soon as the users launches the app (Transmit, in this case), the "bad" >> > file gets overwritten. So, we still need to run another script to >> > repair permissions on said file. >> > >> > I get the whole composer thing - right now we're tied to packagemaker >> > - per policy for this environment everything has to be a package/ >> > metapackage. Its messy, I know. Try reverse-engineering CS3 >> > installs...when Casper can nicely handle that for you. Plus, composer >> > wants to diff the whole disk still...while something like LanRev can >> > watch specific directories...a lot faster when you know where things >> > will be installed. >> > >> > Love to get OD finished - but until some issues are resolved its a no- >> > go. We pushed out MCX stuff before...hopefully that will be our path >> > in about 3 months. But not today, sadly. >> > >> > Thanks, >> > j >> > >> > On Aug 20, 2008, at 12:35 PM, Thomas Larkin wrote: >> > >> >> Well, >> >> >> >> I still don't know what exactly you are trying to accomplish but I >> >> can still give you a few pointers >> >> >> >> using a wild card in a script will apply to all users >> >> >> >> default write /Users/*/path/to/ >> >> plist >> >> >> >> the above is an out of syntax quick and dirty example. The * is the >> >> wild card >> >> >> >> Composer will capture any modifications you make to a file. To just >> >> give you an example, we have some old legacy netware file shares >> >> that only support plain text passwords. By default AFP does not >> >> allow this. So, I had to edit the AFP plist file to allow plain >> >> text passwords. Before I did, I took a snap shot, then edited the >> >> file and took another snap shot and it picked up that I modified >> >> that plist file. I then created a policy that pushes that plist >> >> out, and since composer took a snap shot of where that file goes as >> >> well, it runs as a root process and overwrites the original file >> >> with my new one that allows for plain text passwords. This is >> >> easier in my opinion that writing a script to add the settings, >> >> especially when it comes to testing. You can modify ownership and >> >> everything and Composer will keep those settings you set, convert it >> >> to a dmg file and then you can toss it in Casper Admin, and then set >> >> a policy in the JSS and you are done. >> >> >> >> Then under /System/Library/UserTemplates/English.lproj, you can set >> >> up templates so that whenever a user account is created it will use >> >> that template as the default settings. Place that plist file in the >> >> template and it should replicate out to every user. >> >> >> >> I suggest you get your Open Directory running and enforce things by >> >> group policy, it is a much nicer and easier way of managing the OS X >> >> clients. >> >> >> >>>>> Jeremy Matthews 08/20/08 11:14 AM >>> >> >> Tried applying to all users - the file is created, but I then have to >> >> go in a muck around with ownership - or else it gets overwritten when >> >> certain apps are launched and cannot find a valid plist. If I try to >> >> return the session user during an installation, it is usually root. >> >> >> >> Our 10.5 server is working, but clients are not binding properly, so >> >> MCX attributes are out - unless I want to push those out as well, but >> >> pointless until it is set for production. >> >> >> >> It was my understanding that composer used packagemaker, and >> >> therefore >> >> during an "installation", runs as root - which brings me back to the >> >> issue - script needs to run as a different user - without me asking >> >> the user to authenticate. >> >> >> >> Tried the tilde - didn't work. >> >> >> >> Config file sounds interesting....what is that about? >> >> >> >> Thanks, >> >> j >> >> >> >> On Aug 20, 2008, at 11:54 AM, Thomas Larkin wrote: >> >> >> >>> You can do this many ways. >> >>> >> >>> use a wild card and apply to all users >> >>> >> >>> enforce it from MCX if you are running Open Directory >> >>> >> >>> Use composer and take a snap shot of the modification and assign it >> >>> to smart groups with in casper, then deploy >> >>> >> >>> set it up as a self service policy and use the ~/ for that users >> >>> plist >> >>> >> >>> set it in the (forgot the file path) configuration file that pushes >> >>> out new user settings every time a user is created >> >>> >> >>> What exactly are you trying to do? >> >>> >> >>> Thomas Larkin >> >>> TIS Department >> >>> KCKPS USD500 >> >>> tlarki at kckps.org >> >>> cell: 913-449-7589 >> >>> office: 913-627-0351 >> >>>>>> Jeremy Matthews 08/20/08 10:49 AM >>> >> >>> I want to write defaults to a plist for a user that won't get >> >>> horked. >> >>> Needs to be pre-created... >> >>> >> >>> Thanks, >> >>> jeremy >> >>> >> >>> On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote: >> >>> >> >>>> May I ask why you would want to do this? >> >>>> >> >>>> If you can script it, Casper can and will run it. If we know your >> >>>> higher goal perhaps we can better answer your question. >> >>>> >> >>>> Thomas Larkin >> >>>> TIS Department >> >>>> KCKPS USD500 >> >>>> tlarki at kckps.org >> >>>> cell: 913-449-7589 >> >>>> office: 913-627-0351 >> >>>>>>> Jeremy Matthews 08/20/08 10:35 AM >>> >> >>>> Casper can run scripts against your box, but it does so as a root >> >>>> user >> >>>> - what if I want to run the script as a different user, such as the >> >>>> one who is logged in - without prompting for a password (like su-)? >> >>>> >> >>>> Thanks, >> >>>> j >> >>>> _______________________________________________ >> >>>> Casper mailing list >> >>>> Casper at list.jamfsoftware.com >> >>>> http://list.jamfsoftware.com/mailman/listinfo/casper >> >>>> >> >>> >> >>> >> >> >> >> >> > >> > >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper >> > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/69caeaf9/attachment-0001.htm From Jim.OringJr at schawk.com Wed Aug 20 10:53:57 2008 From: Jim.OringJr at schawk.com (Jim Oring, Jr.) Date: Wed, 20 Aug 2008 12:53:57 -0500 Subject: [Casper] (no subject) Message-ID: Where can I find the Casper 6 upgrade? JIM ORING, JR. IT DEPARTMENT SCHAWK! T 323.258.4111 D 323.551.6517 M 909.904.2839 F 323.259.0428 jim.oringjr at schawk.com 3116 West Avenue 32 Los Angeles, CA 90065 USA schawk.com Please consider the impact to the environment and your responsibility toward protecting it before printing this e-mail. This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this e-mail message is not the intended recipient, or the employee or agent responsible for delivery of the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is prohibited. If you have received this e-mail in error, please notify us immediately by telephone at 847.827.9494 and also indicate the sender's name. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/7a46464c/attachment.html From Dustin.Dorey at district196.org Wed Aug 20 11:00:25 2008 From: Dustin.Dorey at district196.org (Dorey, Dustin) Date: Wed, 20 Aug 2008 13:00:25 -0500 Subject: [Casper] (no subject) In-Reply-To: Message-ID: You should have been notified via e-mail with a link to the download, I was told that the week it was released they were sending the e-mail out in waves so that everyone would not be trying to download it at once. If you have not received it yet, I would contact your JAMF sales rep. they should be able to get it in your hands. Personally if I were you I?d wait for 6.0.1 though. We upgraded and it has it?s own set of headaches, and we?ve been told that 6.0.1 is close. -- Dustin Dorey Technology Support Cluster Specialist Independent School District 196 14445 Diamond Path West Rosemount MN, 55068 dustin.dorey at district196.org (952) 423-7971 On 8/20/08 12:53 PM, "Jim Oring, Jr." wrote: > Where can I find the Casper 6 upgrade? > > JIM ORING, JR. > IT DEPARTMENT > > SCHAWK! > T 323.258.4111 > D 323.551.6517 > M 909.904.2839 > F 323.259.0428 > jim.oringjr at schawk.com > > 3116 West Avenue 32 > Los Angeles, CA 90065 USA > schawk.com > > Please consider the impact to the environment and your responsibility toward > protecting it before > printing this e-mail. > > This e-mail is intended only for the use of the individual or entity to which > it is addressed and may contain information that is privileged, confidential > and exempt from disclosure under applicable law. If the reader of this e-mail > message is not the intended recipient, or the employee or agent responsible > for delivery of the message to the intended recipient, you are hereby notified > that any dissemination, distribution or copying of this communication is > prohibited. If you have received this e-mail in error, please notify us > immediately by telephone at 847.827.9494 and also indicate the sender's name. > Thank you. > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/8f561149/attachment.html From rharter at uwsp.edu Wed Aug 20 11:45:57 2008 From: rharter at uwsp.edu (Ryan Harter) Date: Wed, 20 Aug 2008 13:45:57 -0500 Subject: [Casper] run script as different user? In-Reply-To: <5DF32052-68C3-4D58-A5AC-AB1076291A11@mac.com> References: <48ABF80302000039000018AE@gwoes4.kckps.org> <48AC0193.7141.0039.0@kckps.org> <9D8785BF-7E11-41CD-932E-F2CAD7AA60A3@mac.com> <5DF32052-68C3-4D58-A5AC-AB1076291A11@mac.com> Message-ID: <7F8B1B28-8413-4FDF-9BA7-B748E2EF27C0@uwsp.edu> Since these scripts are being run in the root context you should be able to run commands with su without being prompted. The trick is that you will not be able to just run 'su $user' and then list the commands after that, you will have to run 'su $user -c "command to run"' for every command you need to run. We currently do this with several scripts that we run, including one that chown's files (for roving profiles) just like you are trying to do. For us, the script would look like this: for i in $( ls /Users ) do su $i -c "defaults write /Users/$i/Library/Preferences/ com.panic.Transmit3 SerialNumber 333-333-333-333" done Like I said, we do similar things and, as long as we are running individual commands with the -c parameter, it works fine with no promts. Note that this is only the case if you are running this as root, an administrator account will not be able to su without prompts. Hope it helps. Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu On Aug 20, 2008, at 12:31 PM, Jeremy Matthews wrote: > You know, the funny thing is that we tried that but our test machine > wouldn't respect the command. > > I'm guessing at this point that since the script has a lot more > running inside of it, it needs further dissasembly....something must > be silently failing or changing it back. I know at one point we had > a pseudo-security daemon that looked for new files, and would change > them in whatever way that consultant saw fit (before my time). > > But, we have re-run ownership (standalone) and it does fix the > issue. I think the set of setup scripts we "inherited" may > need....further study. > > Thanks, > j > > On Aug 20, 2008, at 1:27 PM, Miles Leacy wrote: > >> On Wed, Aug 20, 2008 at 1:22 PM, Jeremy Matthews > > wrote: >> Thomas, >> >> We used a wild card...or at last, what I thought was a wild card: >> ---- >> for i in $( ls /Users ) >> do >> defaults write /Users/$i/Library/Preferences/com.panic.Transmit3 >> SerialNumber 333-333-333-333 >> done >> ---- >> >> Unfortunately, this runs as root, so permissions get horked, etc. >> >> Add the line: >> chown $i /Users/$i/Library/Preferences/com.panic.Transmit3.plist >> >> before the "done" statement. >> >> ta-daa! your users' plist now belongs to them. >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/a4318a8d/attachment.html From tlarki at kckps.org Wed Aug 20 11:46:36 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 20 Aug 2008 13:46:36 -0500 Subject: [Casper] weird JSS behavior Message-ID: <48AC203C020000390000190D@gwoes4.kckps.org> So, new JSS. 8gigs of RAM, dual quad-core xeons, and I am getting some weird things with it. For one, it seems to not be remembering my settings to Tomcat. I set it to run in 64-bit mode and gave it 4gigs of RAM and for some reason it doesn't save those settings. The JSS setup utility seems to time out when i run it to change the settings back. Fresh load of OS X server 10.5.4, fresh load of Casper 6.0, and an imported database from an older PPC G5 server but I upgraded it to 6.0 first, then exported the JSS database. Any thing I should know, or any pointers? thanks, Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 From sjhinding at isd194.k12.mn.us Wed Aug 20 14:40:35 2008 From: sjhinding at isd194.k12.mn.us (Sandy J. Hinding) Date: Wed, 20 Aug 2008 16:40:35 -0500 Subject: [Casper] Casper 6.0! Message-ID: Casper 6.0 is awesome. Our upgrade went almost perfectly. Our only issue came due to FEU boxes were checked, but no user data existed in those packages. Once I cleaned that up, everything has been working great. We have 3846 computers in our JSS (includes some archived/ retired) at 16 locations. We are using a single box to netboot, house our JSS and distribute packages, and the performance boost with 6.0 is excellent. I demo'd new features for our entire District Tech Staff and they can't wait to get there hands on it! Thanks to Jamf for the great work as always! Sandy Hinding Lead Macintosh Technician Casper Administrator CCA HelpDesk Manager Lakeville Area Public Schools -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/2c856e6d/attachment.htm From r.wessen at neu.edu Wed Aug 20 15:10:04 2008 From: r.wessen at neu.edu (r.wessen at neu.edu) Date: Wed, 20 Aug 2008 18:10:04 -0400 Subject: [Casper] Casper 6.0! In-Reply-To: Message-ID: While I'm glad you had a sucessful upgrade, the bugs I had to patch/workaround and specific open bug (not letting us netboot at all) with development doesn't let me share your glowing review. We are patiently awaiting the point release and hoping the issues are ironed out. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Sandy J. Hinding" Sent by: casper-bounces at list.jamfsoftware.com 08/20/08 05:44 PM To casper at list.jamfsoftware.com cc Subject [Casper] Casper 6.0! Casper 6.0 is awesome. Our upgrade went almost perfectly. Our only issue came due to FEU boxes were checked, but no user data existed in those packages. Once I cleaned that up, everything has been working great. We have 3846 computers in our JSS (includes some archived/ retired) at 16 locations. We are using a single box to netboot, house our JSS and distribute packages, and the performance boost with 6.0 is excellent. I demo'd new features for our entire District Tech Staff and they can't wait to get there hands on it! Thanks to Jamf for the great work as always! Sandy Hinding Lead Macintosh Technician Casper Administrator CCA HelpDesk Manager Lakeville Area Public Schools _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/409d01e0/attachment.htm From tlarki at kckps.org Wed Aug 20 15:18:02 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 20 Aug 2008 17:18:02 -0500 Subject: [Casper] Casper 6.0! Message-ID: <48AC517702000039000019AC@gwoes4.kckps.org> Bob what are your issues? I just migrated from 5.13 to 6.0 and I am netbooting and imaging still and I even used the same .nbi files. Are your casper servers part of your directory or are they stand alone? Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> 08/20/08 5:10 PM >>> While I'm glad you had a sucessful upgrade, the bugs I had to patch/workaround and specific open bug (not letting us netboot at all) with development doesn't let me share your glowing review. We are patiently awaiting the point release and hoping the issues are ironed out. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Sandy J. Hinding" Sent by: casper-bounces at list.jamfsoftware.com 08/20/08 05:44 PM To casper at list.jamfsoftware.com cc Subject [Casper] Casper 6.0! Casper 6.0 is awesome. Our upgrade went almost perfectly. Our only issue came due to FEU boxes were checked, but no user data existed in those packages. Once I cleaned that up, everything has been working great. We have 3846 computers in our JSS (includes some archived/ retired) at 16 locations. We are using a single box to netboot, house our JSS and distribute packages, and the performance boost with 6.0 is excellent. I demo'd new features for our entire District Tech Staff and they can't wait to get there hands on it! Thanks to Jamf for the great work as always! Sandy Hinding Lead Macintosh Technician Casper Administrator CCA HelpDesk Manager Lakeville Area Public Schools _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From ERNSTCS at uwec.edu Wed Aug 20 15:19:26 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Wed, 20 Aug 2008 17:19:26 -0500 Subject: [Casper] Casper 6.0! In-Reply-To: <48AC517702000039000019AC@gwoes4.kckps.org> Message-ID: Are you using the JSS to point to a specific NetBoot server added in the JSS that is NOT broadcast to your clients using BSDP? I found that it wouldn't set the boot information for a specific NetBoot server at all with Casper Remote, even when I used the Override Defaults option. Craig On 8/20/08 5:18 PM, "Thomas Larkin" wrote: Bob what are your issues? I just migrated from 5.13 to 6.0 and I am netbooting and imaging still and I even used the same .nbi files. Are your casper servers part of your directory or are they stand alone? Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> 08/20/08 5:10 PM >>> While I'm glad you had a sucessful upgrade, the bugs I had to patch/workaround and specific open bug (not letting us netboot at all) with development doesn't let me share your glowing review. We are patiently awaiting the point release and hoping the issues are ironed out. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Sandy J. Hinding" Sent by: casper-bounces at list.jamfsoftware.com 08/20/08 05:44 PM To casper at list.jamfsoftware.com cc Subject [Casper] Casper 6.0! Casper 6.0 is awesome. Our upgrade went almost perfectly. Our only issue came due to FEU boxes were checked, but no user data existed in those packages. Once I cleaned that up, everything has been working great. We have 3846 computers in our JSS (includes some archived/ retired) at 16 locations. We are using a single box to netboot, house our JSS and distribute packages, and the performance boost with 6.0 is excellent. I demo'd new features for our entire District Tech Staff and they can't wait to get there hands on it! Thanks to Jamf for the great work as always! Sandy Hinding Lead Macintosh Technician Casper Administrator CCA HelpDesk Manager Lakeville Area Public Schools _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/1c99f552/attachment.html From r.wessen at neu.edu Wed Aug 20 15:25:59 2008 From: r.wessen at neu.edu (r.wessen at neu.edu) Date: Wed, 20 Aug 2008 18:25:59 -0400 Subject: [Casper] Casper 6.0! In-Reply-To: <48AC517702000039000019AC@gwoes4.kckps.org> Message-ID: We can't use bootp to discover settings for our NetBoot servers. The parts in Casper that allow you to specify a NetBoot server (essentially setting a few variables in EFI) don't work, they appear to always set to bootp even if that's not what you specified. This all worked flawlessly in 5.11. We can Netboot with a custom script that sets everything in EFI, so the NetBoot server and image are fine. It's when using Casper 6 to specify explicit NetBoot settings that it doesn't work. This has been verified by support and I am waiting on which release the fix will make it into. Supposedly it may not make the next point release as that release was already in QA when I submitted the bug. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Thomas Larkin" 08/20/08 06:17 PM To , cc Subject Re: [Casper] Casper 6.0! Bob what are your issues? I just migrated from 5.13 to 6.0 and I am netbooting and imaging still and I even used the same .nbi files. Are your casper servers part of your directory or are they stand alone? Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> 08/20/08 5:10 PM >>> While I'm glad you had a sucessful upgrade, the bugs I had to patch/workaround and specific open bug (not letting us netboot at all) with development doesn't let me share your glowing review. We are patiently awaiting the point release and hoping the issues are ironed out. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Sandy J. Hinding" Sent by: casper-bounces at list.jamfsoftware.com 08/20/08 05:44 PM To casper at list.jamfsoftware.com cc Subject [Casper] Casper 6.0! Casper 6.0 is awesome. Our upgrade went almost perfectly. Our only issue came due to FEU boxes were checked, but no user data existed in those packages. Once I cleaned that up, everything has been working great. We have 3846 computers in our JSS (includes some archived/ retired) at 16 locations. We are using a single box to netboot, house our JSS and distribute packages, and the performance boost with 6.0 is excellent. I demo'd new features for our entire District Tech Staff and they can't wait to get there hands on it! Thanks to Jamf for the great work as always! Sandy Hinding Lead Macintosh Technician Casper Administrator CCA HelpDesk Manager Lakeville Area Public Schools _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/3ebd0ecd/attachment-0001.htm From r.wessen at neu.edu Wed Aug 20 15:27:01 2008 From: r.wessen at neu.edu (r.wessen at neu.edu) Date: Wed, 20 Aug 2008 18:27:01 -0400 Subject: [Casper] Casper 6.0! In-Reply-To: Message-ID: yeah, you're not alone. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Ernst, Craig S." 08/20/08 06:25 PM To Thomas Larkin , Casper List , "r.wessen at neu.edu" cc Subject Re: [Casper] Casper 6.0! Are you using the JSS to point to a specific NetBoot server added in the JSS that is NOT broadcast to your clients using BSDP? I found that it wouldn?t set the boot information for a specific NetBoot server at all with Casper Remote, even when I used the Override Defaults option. Craig On 8/20/08 5:18 PM, "Thomas Larkin" wrote: Bob what are your issues? I just migrated from 5.13 to 6.0 and I am netbooting and imaging still and I even used the same .nbi files. Are your casper servers part of your directory or are they stand alone? Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> 08/20/08 5:10 PM >>> While I'm glad you had a sucessful upgrade, the bugs I had to patch/workaround and specific open bug (not letting us netboot at all) with development doesn't let me share your glowing review. We are patiently awaiting the point release and hoping the issues are ironed out. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Sandy J. Hinding" Sent by: casper-bounces at list.jamfsoftware.com 08/20/08 05:44 PM To casper at list.jamfsoftware.com cc Subject [Casper] Casper 6.0! Casper 6.0 is awesome. Our upgrade went almost perfectly. Our only issue came due to FEU boxes were checked, but no user data existed in those packages. Once I cleaned that up, everything has been working great. We have 3846 computers in our JSS (includes some archived/ retired) at 16 locations. We are using a single box to netboot, house our JSS and distribute packages, and the performance boost with 6.0 is excellent. I demo'd new features for our entire District Tech Staff and they can't wait to get there hands on it! Thanks to Jamf for the great work as always! Sandy Hinding Lead Macintosh Technician Casper Administrator CCA HelpDesk Manager Lakeville Area Public Schools _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/6591e085/attachment.html From tlarki at kckps.org Wed Aug 20 15:31:47 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 20 Aug 2008 17:31:47 -0500 Subject: [Casper] Casper 6.0! Message-ID: <48AC547902000039000019B1@gwoes4.kckps.org> I have 5 netboot servers in my JSS that all point to them and the clients netboot no problem and imaging works, as long as I have gone through and make sure all the right scripts are in place. The only thing I have noticed so far is that I had pushed out a set of scripts via ARD admin to the servers and just tossed them in the CasperShare Scripts folder and it was working fine, until at 3AM when my Master server synchronizes down to my distribution points, it was copying over the old script again. So, I went into Casper Admin, deleted all those scripts, uploaded the scripts through Casper Admin and then Synchronized down to the distribution points. I still wish I could do selective Syncs. I don't need any of the PPC images in the high school servers, only in the middle schools do we have those computers. It is kind of annoying you have to sync out a 6 or 7 gig image to all file shares and maybe only one or two total need it I did have some sort of DNS issue, and changed all distribution points to point by IP instead of DNS and that is now fixed. Other than that I haven't had any major issues, and my deployment is: 25 to 30 Xserves 6,200 Mac clients 5 of those servers are netboot servers and distribution points and that is it. I would be curious to hear all of your exact issues as I, myself, may run into them at any point in time. We are still deploying our Macbooks out so a lot of them are in storage at the moment. However in two weeks we will be back to a full blown 6,000+ Macs on our network. Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> "Ernst, Craig S." 08/20/08 5:20 PM >>> Are you using the JSS to point to a specific NetBoot server added in the JSS that is NOT broadcast to your clients using BSDP? I found that it wouldn't set the boot information for a specific NetBoot server at all with Casper Remote, even when I used the Override Defaults option. Craig On 8/20/08 5:18 PM, "Thomas Larkin" wrote: Bob what are your issues? I just migrated from 5.13 to 6.0 and I am netbooting and imaging still and I even used the same .nbi files. Are your casper servers part of your directory or are they stand alone? Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> 08/20/08 5:10 PM >>> While I'm glad you had a sucessful upgrade, the bugs I had to patch/workaround and specific open bug (not letting us netboot at all) with development doesn't let me share your glowing review. We are patiently awaiting the point release and hoping the issues are ironed out. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Sandy J. Hinding" Sent by: casper-bounces at list.jamfsoftware.com 08/20/08 05:44 PM To casper at list.jamfsoftware.com cc Subject [Casper] Casper 6.0! Casper 6.0 is awesome. Our upgrade went almost perfectly. Our only issue came due to FEU boxes were checked, but no user data existed in those packages. Once I cleaned that up, everything has been working great. We have 3846 computers in our JSS (includes some archived/ retired) at 16 locations. We are using a single box to netboot, house our JSS and distribute packages, and the performance boost with 6.0 is excellent. I demo'd new features for our entire District Tech Staff and they can't wait to get there hands on it! Thanks to Jamf for the great work as always! Sandy Hinding Lead Macintosh Technician Casper Administrator CCA HelpDesk Manager Lakeville Area Public Schools _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From ERNSTCS at uwec.edu Wed Aug 20 15:57:20 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Wed, 20 Aug 2008 17:57:20 -0500 Subject: [Casper] Casper 6.0! In-Reply-To: <48AC547902000039000019B1@gwoes4.kckps.org> Message-ID: So the key was are these servers not configured to show up with BSDP, bootp, though? Do they show up in the startup disk options on those network segments? If so, of course they'll boot to them. =) Currently exploring an issue with Adobe updates not going out at FirstRun after Adobe CS3 software installs. The FUT FEU issue. More of my issues are related to how Leopard changed some things, particularly how if you have a script with a shutdown command (our nightly maintenance script) in it while a user is logged in and that user logs off before the shutdown time is met (5 minutes), at the point of log off that shutdown command is lost. I'm sure there are ways around this for me, but I just haven't had time to work it out... I'd like to be able to enable FileVault for all AD accounts that logon onto a box, without depending on OD and MCX for the setting, should just be a setting in the OS somewhere. You name it...overall Casper Suite 6.0 issues sit far below the additional capabilities it has given. Naturally, we'll never be fully satisfied, and will feature request JAMF to death. =) Craig On 8/20/08 5:31 PM, "Thomas Larkin" wrote: I have 5 netboot servers in my JSS that all point to them and the clients netboot no problem and imaging works, as long as I have gone through and make sure all the right scripts are in place. The only thing I have noticed so far is that I had pushed out a set of scripts via ARD admin to the servers and just tossed them in the CasperShare Scripts folder and it was working fine, until at 3AM when my Master server synchronizes down to my distribution points, it was copying over the old script again. So, I went into Casper Admin, deleted all those scripts, uploaded the scripts through Casper Admin and then Synchronized down to the distribution points. I still wish I could do selective Syncs. I don't need any of the PPC images in the high school servers, only in the middle schools do we have those computers. It is kind of annoying you have to sync out a 6 or 7 gig image to all file shares and maybe only one or two total need it I did have some sort of DNS issue, and changed all distribution points to point by IP instead of DNS and that is now fixed. Other than that I haven't had any major issues, and my deployment is: 25 to 30 Xserves 6,200 Mac clients 5 of those servers are netboot servers and distribution points and that is it. I would be curious to hear all of your exact issues as I, myself, may run into them at any point in time. We are still deploying our Macbooks out so a lot of them are in storage at the moment. However in two weeks we will be back to a full blown 6,000+ Macs on our network. Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> "Ernst, Craig S." 08/20/08 5:20 PM >>> Are you using the JSS to point to a specific NetBoot server added in the JSS that is NOT broadcast to your clients using BSDP? I found that it wouldn't set the boot information for a specific NetBoot server at all with Casper Remote, even when I used the Override Defaults option. Craig On 8/20/08 5:18 PM, "Thomas Larkin" wrote: Bob what are your issues? I just migrated from 5.13 to 6.0 and I am netbooting and imaging still and I even used the same .nbi files. Are your casper servers part of your directory or are they stand alone? Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> 08/20/08 5:10 PM >>> While I'm glad you had a sucessful upgrade, the bugs I had to patch/workaround and specific open bug (not letting us netboot at all) with development doesn't let me share your glowing review. We are patiently awaiting the point release and hoping the issues are ironed out. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Sandy J. Hinding" Sent by: casper-bounces at list.jamfsoftware.com 08/20/08 05:44 PM To casper at list.jamfsoftware.com cc Subject [Casper] Casper 6.0! Casper 6.0 is awesome. Our upgrade went almost perfectly. Our only issue came due to FEU boxes were checked, but no user data existed in those packages. Once I cleaned that up, everything has been working great. We have 3846 computers in our JSS (includes some archived/ retired) at 16 locations. We are using a single box to netboot, house our JSS and distribute packages, and the performance boost with 6.0 is excellent. I demo'd new features for our entire District Tech Staff and they can't wait to get there hands on it! Thanks to Jamf for the great work as always! Sandy Hinding Lead Macintosh Technician Casper Administrator CCA HelpDesk Manager Lakeville Area Public Schools _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/67cad22e/attachment.htm From r.wessen at neu.edu Wed Aug 20 16:03:16 2008 From: r.wessen at neu.edu (r.wessen at neu.edu) Date: Wed, 20 Aug 2008 19:03:16 -0400 Subject: [Casper] run script as different user? In-Reply-To: Message-ID: Chris - I replied to the whole list, your message just made it to me. I asked our Apple SE the same thing, he didn't know off the top of his head and we haven't tested it in house yet. MS doesn't assume each domain machine has a local KDC and in Windows you don't, it uses a Windows domain SID to uniquely identify each machine on the domain. This SID is generated when you join the domain (but the local SID is used for other things, which can cause other problems when there are duplicates). I imagine the issue does not impact AD for that reason and you still have to reset the local KDC if it is bound to AD if you want OD to work as well. OD assumes the local KDC is a good identifier for a system and uses it. This is solid thinking unless you are mass deploying an image after that local KDC has been seeded, then they all appear to be the same machine in OD. Again this is just a guess based on experience, but I have not tested yet. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University Chris Lang 08/20/08 06:48 PM To cc Subject Re: [Casper] run script as different user? Hi All, Just off topic would this OD issue also affect imaged machines bound to and AD domain that is using Kerberos? I assume looking that the logic behind it it would can anyone confirm. Regards, Chris On 21/08/08 3:04 AM, "r.wessen at neu.edu" wrote: Is your OD binding problem solved with this tip? http://support.apple.com/kb/TS1245 It's a common one when imaging 10.5, like the local SID in Windows if you have done MS imaging as well. In fact if anyone from JAMF is on this list, this would be a great feature to add when a 10.5 machine is first imaged. The first thing a machine should do is change the local KDC hash so each one is unique per machine. It seems to me to be enough of a problem that the imaging tools should take care of it, not a custom script by us users. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University C: (617) 799-4905 http://www.infoservices.neu.edu Jeremy Matthews Sent by: casper-bounces at list.jamfsoftware.com 08/20/2008 12:40 PM To Thomas Larkin cc casper at list.jamfsoftware.com Subject Re: [Casper] run script as different user? Tried applying to all users - the file is created, but I then have to go in a muck around with ownership - or else it gets overwritten when certain apps are launched and cannot find a valid plist. If I try to return the session user during an installation, it is usually root. Our 10.5 server is working, but clients are not binding properly, so MCX attributes are out - unless I want to push those out as well, but pointless until it is set for production. It was my understanding that composer used packagemaker, and therefore during an "installation", runs as root - which brings me back to the issue - script needs to run as a different user - without me asking the user to authenticate. Tried the tilde - didn't work. Config file sounds interesting....what is that about? Thanks, j On Aug 20, 2008, at 11:54 AM, Thomas Larkin wrote: > You can do this many ways. > > use a wild card and apply to all users > > enforce it from MCX if you are running Open Directory > > Use composer and take a snap shot of the modification and assign it > to smart groups with in casper, then deploy > > set it up as a self service policy and use the ~/ for that users plist > > set it in the (forgot the file path) configuration file that pushes > out new user settings every time a user is created > > What exactly are you trying to do? > > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > cell: 913-449-7589 > office: 913-627-0351 >>>> Jeremy Matthews 08/20/08 10:49 AM >>> > I want to write defaults to a plist for a user that won't get horked. > Needs to be pre-created... > > Thanks, > jeremy > > On Aug 20, 2008, at 11:42 AM, Thomas Larkin wrote: > >> May I ask why you would want to do this? >> >> If you can script it, Casper can and will run it. If we know your >> higher goal perhaps we can better answer your question. >> >> Thomas Larkin >> TIS Department >> KCKPS USD500 >> tlarki at kckps.org >> cell: 913-449-7589 >> office: 913-627-0351 >>>>> Jeremy Matthews 08/20/08 10:35 AM >>> >> Casper can run scripts against your box, but it does so as a root >> user >> - what if I want to run the script as a different user, such as the >> one who is logged in - without prompting for a password (like su-)? >> >> Thanks, >> j >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper >> > > _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/03c52a00/attachment-0001.html From r.wessen at neu.edu Wed Aug 20 16:11:35 2008 From: r.wessen at neu.edu (r.wessen at neu.edu) Date: Wed, 20 Aug 2008 19:11:35 -0400 Subject: [Casper] Casper 6.0! In-Reply-To: Message-ID: can't edit existing pre-stages without SQL errors...... not trying to be negative, i like the tool, it saves us tons of time, but this upgrade has been a pain. I was hoping to roll self-service and a new image for Sep 1...not looking so good right now. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Ernst, Craig S." 08/20/08 07:05 PM To Thomas Larkin , Casper List , "r.wessen at neu.edu" cc Subject Re: [Casper] Casper 6.0! So the key was are these servers not configured to show up with BSDP, bootp, though? Do they show up in the startup disk options on those network segments? If so, of course they?ll boot to them. =) Currently exploring an issue with Adobe updates not going out at FirstRun after Adobe CS3 software installs. The FUT FEU issue. More of my issues are related to how Leopard changed some things, particularly how if you have a script with a shutdown command (our nightly maintenance script) in it while a user is logged in and that user logs off before the shutdown time is met (5 minutes), at the point of log off that shutdown command is lost. I?m sure there are ways around this for me, but I just haven?t had time to work it out... I?d like to be able to enable FileVault for all AD accounts that logon onto a box, without depending on OD and MCX for the setting, should just be a setting in the OS somewhere. You name it...overall Casper Suite 6.0 issues sit far below the additional capabilities it has given. Naturally, we?ll never be fully satisfied, and will feature request JAMF to death. =) Craig On 8/20/08 5:31 PM, "Thomas Larkin" wrote: I have 5 netboot servers in my JSS that all point to them and the clients netboot no problem and imaging works, as long as I have gone through and make sure all the right scripts are in place. The only thing I have noticed so far is that I had pushed out a set of scripts via ARD admin to the servers and just tossed them in the CasperShare Scripts folder and it was working fine, until at 3AM when my Master server synchronizes down to my distribution points, it was copying over the old script again. So, I went into Casper Admin, deleted all those scripts, uploaded the scripts through Casper Admin and then Synchronized down to the distribution points. I still wish I could do selective Syncs. I don't need any of the PPC images in the high school servers, only in the middle schools do we have those computers. It is kind of annoying you have to sync out a 6 or 7 gig image to all file shares and maybe only one or two total need it I did have some sort of DNS issue, and changed all distribution points to point by IP instead of DNS and that is now fixed. Other than that I haven't had any major issues, and my deployment is: 25 to 30 Xserves 6,200 Mac clients 5 of those servers are netboot servers and distribution points and that is it. I would be curious to hear all of your exact issues as I, myself, may run into them at any point in time. We are still deploying our Macbooks out so a lot of them are in storage at the moment. However in two weeks we will be back to a full blown 6,000+ Macs on our network. Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> "Ernst, Craig S." 08/20/08 5:20 PM >>> Are you using the JSS to point to a specific NetBoot server added in the JSS that is NOT broadcast to your clients using BSDP? I found that it wouldn't set the boot information for a specific NetBoot server at all with Casper Remote, even when I used the Override Defaults option. Craig On 8/20/08 5:18 PM, "Thomas Larkin" wrote: Bob what are your issues? I just migrated from 5.13 to 6.0 and I am netbooting and imaging still and I even used the same .nbi files. Are your casper servers part of your directory or are they stand alone? Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> 08/20/08 5:10 PM >>> While I'm glad you had a sucessful upgrade, the bugs I had to patch/workaround and specific open bug (not letting us netboot at all) with development doesn't let me share your glowing review. We are patiently awaiting the point release and hoping the issues are ironed out. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Sandy J. Hinding" Sent by: casper-bounces at list.jamfsoftware.com 08/20/08 05:44 PM To casper at list.jamfsoftware.com cc Subject [Casper] Casper 6.0! Casper 6.0 is awesome. Our upgrade went almost perfectly. Our only issue came due to FEU boxes were checked, but no user data existed in those packages. Once I cleaned that up, everything has been working great. We have 3846 computers in our JSS (includes some archived/ retired) at 16 locations. We are using a single box to netboot, house our JSS and distribute packages, and the performance boost with 6.0 is excellent. I demo'd new features for our entire District Tech Staff and they can't wait to get there hands on it! Thanks to Jamf for the great work as always! Sandy Hinding Lead Macintosh Technician Casper Administrator CCA HelpDesk Manager Lakeville Area Public Schools _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/4da312cc/attachment.htm From john_wetter at hopkins.k12.mn.us Wed Aug 20 21:38:20 2008 From: john_wetter at hopkins.k12.mn.us (John Wetter) Date: Wed, 20 Aug 2008 23:38:20 -0500 Subject: [Casper] Casper 6.0! In-Reply-To: References: , Message-ID: <4058FCBF8DBA6646855ABFA27F869E51AF79AA9E2D@EXCHANGE.hopkins.hopkinsschools.org> We had a glitch with PreStages too. Contacted support and had it fixed the next morning. Our main upgrade issues seem to be that the backup from our original JSS didn't seem to include a few things... Even after trying another backup and restore we still had a couple glitches, but two calls to support made everything work. -John -- John Wetter Technology Support Administrator Technology & Information Services Hopkins Public Schools 952-988-5373 john_wetter at hopkins.k12.mn.us ________________________________ From: casper-bounces at list.jamfsoftware.com [casper-bounces at list.jamfsoftware.com] On Behalf Of r.wessen at neu.edu [r.wessen at neu.edu] Sent: Wednesday, August 20, 2008 6:11 PM To: Casper List Subject: Re: [Casper] Casper 6.0! can't edit existing pre-stages without SQL errors...... not trying to be negative, i like the tool, it saves us tons of time, but this upgrade has been a pain. I was hoping to roll self-service and a new image for Sep 1...not looking so good right now. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Ernst, Craig S." 08/20/08 07:05 PM To Thomas Larkin , Casper List , "r.wessen at neu.edu" cc Subject Re: [Casper] Casper 6.0! So the key was are these servers not configured to show up with BSDP, bootp, though? Do they show up in the startup disk options on those network segments? If so, of course they?ll boot to them. =) Currently exploring an issue with Adobe updates not going out at FirstRun after Adobe CS3 software installs. The FUT FEU issue. More of my issues are related to how Leopard changed some things, particularly how if you have a script with a shutdown command (our nightly maintenance script) in it while a user is logged in and that user logs off before the shutdown time is met (5 minutes), at the point of log off that shutdown command is lost. I?m sure there are ways around this for me, but I just haven?t had time to work it out... I?d like to be able to enable FileVault for all AD accounts that logon onto a box, without depending on OD and MCX for the setting, should just be a setting in the OS somewhere. You name it...overall Casper Suite 6.0 issues sit far below the additional capabilities it has given. Naturally, we?ll never be fully satisfied, and will feature request JAMF to death. =) Craig On 8/20/08 5:31 PM, "Thomas Larkin" > wrote: I have 5 netboot servers in my JSS that all point to them and the clients netboot no problem and imaging works, as long as I have gone through and make sure all the right scripts are in place. The only thing I have noticed so far is that I had pushed out a set of scripts via ARD admin to the servers and just tossed them in the CasperShare Scripts folder and it was working fine, until at 3AM when my Master server synchronizes down to my distribution points, it was copying over the old script again. So, I went into Casper Admin, deleted all those scripts, uploaded the scripts through Casper Admin and then Synchronized down to the distribution points. I still wish I could do selective Syncs. I don't need any of the PPC images in the high school servers, only in the middle schools do we have those computers. It is kind of annoying you have to sync out a 6 or 7 gig image to all file shares and maybe only one or two total need it I did have some sort of DNS issue, and changed all distribution points to point by IP instead of DNS and that is now fixed. Other than that I haven't had any major issues, and my deployment is: 25 to 30 Xserves 6,200 Mac clients 5 of those servers are netboot servers and distribution points and that is it. I would be curious to hear all of your exact issues as I, myself, may run into them at any point in time. We are still deploying our Macbooks out so a lot of them are in storage at the moment. However in two weeks we will be back to a full blown 6,000+ Macs on our network. Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> "Ernst, Craig S." > 08/20/08 5:20 PM >>> Are you using the JSS to point to a specific NetBoot server added in the JSS that is NOT broadcast to your clients using BSDP? I found that it wouldn't set the boot information for a specific NetBoot server at all with Casper Remote, even when I used the Override Defaults option. Craig On 8/20/08 5:18 PM, "Thomas Larkin" > wrote: Bob what are your issues? I just migrated from 5.13 to 6.0 and I am netbooting and imaging still and I even used the same .nbi files. Are your casper servers part of your directory or are they stand alone? Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org cell: 913-449-7589 office: 913-627-0351 >>> > 08/20/08 5:10 PM >>> While I'm glad you had a sucessful upgrade, the bugs I had to patch/workaround and specific open bug (not letting us netboot at all) with development doesn't let me share your glowing review. We are patiently awaiting the point release and hoping the issues are ironed out. ____________________ Bob Wessen System Administrator IS System Production Services 4 Hayden Hall Northeastern University "Sandy J. Hinding" > Sent by: casper-bounces at list.jamfsoftware.com 08/20/08 05:44 PM To casper at list.jamfsoftware.com cc Subject [Casper] Casper 6.0! Casper 6.0 is awesome. Our upgrade went almost perfectly. Our only issue came due to FEU boxes were checked, but no user data existed in those packages. Once I cleaned that up, everything has been working great. We have 3846 computers in our JSS (includes some archived/ retired) at 16 locations. We are using a single box to netboot, house our JSS and distribute packages, and the performance boost with 6.0 is excellent. I demo'd new features for our entire District Tech Staff and they can't wait to get there hands on it! Thanks to Jamf for the great work as always! Sandy Hinding Lead Macintosh Technician Casper Administrator CCA HelpDesk Manager Lakeville Area Public Schools _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080820/a6955d6f/attachment.htm From tom.welch at venturethree.com Thu Aug 21 01:11:02 2008 From: tom.welch at venturethree.com (Tom Welch) Date: Thu, 21 Aug 2008 09:11:02 +0100 Subject: [Casper] Casper 6.0! In-Reply-To: References: Message-ID: <2C75D7AF-906D-4EAE-B4A2-BF0D3E1BBF49@venturethree.com> I am also having a problem where by Adobe updates do not install after the adobe install. They do get coppied to the volume ready to be installed on boot but I've not checked thenconfig files yet to see if they are called. Also Adobe related: We have CS3 Premium but none of our users require Flash or Dreamweaver so I have disabled it within the Adobe install package. Buggers still install though? Never did it with Casper 5.13. Has anyone else seen this? I'm just in the process of talking to support about it at the moment. -- Many Thanks Tom Welch On 20 Aug 2008, at 23:57, "Ernst, Craig S." wrote: > So the key was are these servers not configured to show up with > BSDP, bootp, though? Do they show up in the startup disk options on > those network segments? If so, of course they?fll boot to them. =) > > Currently exploring an issue with Adobe updates not going out at > FirstRun after Adobe CS3 software installs. > > The FUT FEU issue. > > More of my issues are related to how Leopard changed some things, > particularly how if you have a script with a shutdown command (our > nightly maintenance script) in it while a user is logged in and that > user logs off before the shutdown time is met (5 minutes), at the > point of log off that shutdown command is lost. I?fm sure there are w > ays around this for me, but I just haven?ft had time to work it out... > > I?fd like to be able to enable FileVault for all AD accounts that log > on onto a box, without depending on OD and MCX for the setting, shou > ld just be a setting in the OS somewhere. > > You name it...overall Casper Suite 6.0 issues sit far below the > additional capabilities it has given. Naturally, we?fll never be full > y satisfied, and will feature request JAMF to death. =) > > Craig > > On 8/20/08 5:31 PM, "Thomas Larkin" wrote: > > I have 5 netboot servers in my JSS that all point to them and the > clients netboot no problem and imaging works, as long as I have gone > through and make sure all the right scripts are in place. > > The only thing I have noticed so far is that I had pushed out a set > of scripts via ARD admin to the servers and just tossed them in the > CasperShare Scripts folder and it was working fine, until at 3AM > when my Master server synchronizes down to my distribution points, > it was copying over the old script again. > > So, I went into Casper Admin, deleted all those scripts, uploaded > the scripts through Casper Admin and then Synchronized down to the > distribution points. > > I still wish I could do selective Syncs. I don't need any of the > PPC images in the high school servers, only in the middle schools do > we have those computers. > > It is kind of annoying you have to sync out a 6 or 7 gig image to > all file shares and maybe only one or two total need it > > > I did have some sort of DNS issue, and changed all distribution > points to point by IP instead of DNS and that is now fixed. > > Other than that I haven't had any major issues, and my deployment is: > > 25 to 30 Xserves > > 6,200 Mac clients > > 5 of those servers are netboot servers and distribution points and > that is it. > > I would be curious to hear all of your exact issues as I, myself, > may run into them at any point in time. We are still deploying our > Macbooks out so a lot of them are in storage at the moment. > However in two weeks we will be back to a full blown 6,000+ Macs on > our network. > > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > cell: 913-449-7589 > office: 913-627-0351 > >>> "Ernst, Craig S." 08/20/08 5:20 PM >>> > Are you using the JSS to point to a specific NetBoot server added in > the JSS that is NOT broadcast to your clients using BSDP? > > I found that it wouldn't set the boot information for a specific > NetBoot server at all with Casper Remote, even when I used the > Override Defaults option. > > Craig > > > On 8/20/08 5:18 PM, "Thomas Larkin" wrote: > > Bob what are your issues? I just migrated from 5.13 to 6.0 and I am > netbooting and imaging still and I even used the same .nbi files. > > Are your casper servers part of your directory or are they stand > alone? > > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > cell: 913-449-7589 > office: 913-627-0351 > >>> 08/20/08 5:10 PM >>> > While I'm glad you had a sucessful upgrade, the bugs I had to > patch/workaround and specific open bug (not letting us netboot at all) > with development doesn't let me share your glowing review. > > We are patiently awaiting the point release and hoping the issues are > ironed out. > > ____________________ > Bob Wessen > System Administrator > IS System Production Services > 4 Hayden Hall > Northeastern University > > > > > "Sandy J. Hinding" > Sent by: casper-bounces at list.jamfsoftware.com > 08/20/08 05:44 PM > > To > casper at list.jamfsoftware.com > cc > > Subject > [Casper] Casper 6.0! > > > > > > > Casper 6.0 is awesome. > Our upgrade went almost perfectly. Our only issue came due to FEU > boxes > were checked, but no user data existed in those packages. Once I > cleaned > that up, everything has been working great. > > We have 3846 computers in our JSS (includes some archived/ retired) > at 16 > locations. > We are using a single box to netboot, house our JSS and distribute > packages, and the performance boost with 6.0 is excellent. > I demo'd new features for our entire District Tech Staff and they > can't > wait to get there hands on it! > Thanks to Jamf for the great work as always! > Sandy Hinding > Lead Macintosh Technician > Casper Administrator CCA > HelpDesk Manager > Lakeville Area Public Schools > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080821/52c0dc43/attachment.htm From sjhinding at isd194.k12.mn.us Thu Aug 21 06:28:29 2008 From: sjhinding at isd194.k12.mn.us (Sandy J. Hinding) Date: Thu, 21 Aug 2008 08:28:29 -0500 Subject: [Casper] trim your posts Message-ID: Hi All! For the benefit of those on Digest, please only include in your message the relevant portions of the message to which you are replying. Edit your Subject line? Maybe shorten your signature too? Regards, Sandy Hinding (your mom :) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080821/0de6f6a9/attachment.htm From eyoung at thayer.org Thu Aug 21 07:10:46 2008 From: eyoung at thayer.org (Eric Young) Date: Thu, 21 Aug 2008 10:10:46 -0400 Subject: [Casper] Changing the default startup/login screen via a policy? Message-ID: <54A7D4BB-BE78-4FFE-A356-42CE4F32AAC7@thayer.org> Has anyone had any luck setting the DefaultDesktop.jpg (the one in the core services folder) to something custom? the manual method is rather involved..... thanks ------------------------------------------------ Those who believe in telekinetics, raise my hand --Kurt Vonnegut Eric Young eyoung at thayer.org 781-664-2286 Work From miles.leacy at themacadmin.com Thu Aug 21 07:25:12 2008 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 21 Aug 2008 10:25:12 -0400 Subject: [Casper] Changing the default startup/login screen via a policy? In-Reply-To: <54A7D4BB-BE78-4FFE-A356-42CE4F32AAC7@thayer.org> References: <54A7D4BB-BE78-4FFE-A356-42CE4F32AAC7@thayer.org> Message-ID: Why not just FUT & FEU with a desktop background package? If you replace /System/Library/CoreServices/DefaultDesktop.jpg and make sure the permissions are owned by root:wheel, with -rw-r--r--, is there still a problem? Sorry if I'm missing something. On Thu, Aug 21, 2008 at 10:10 AM, Eric Young wrote: > Has anyone had any luck setting the DefaultDesktop.jpg (the one in the > core services folder) to something custom? the manual method is > rather involved..... > > > thanks > > > > > > ------------------------------------------------ > Those who believe in telekinetics, raise my hand > --Kurt Vonnegut > > Eric Young > eyoung at thayer.org > 781-664-2286 Work > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080821/8b9cd20f/attachment.htm From eyoung at thayer.org Thu Aug 21 07:58:22 2008 From: eyoung at thayer.org (Eric Young) Date: Thu, 21 Aug 2008 10:58:22 -0400 Subject: [Casper] Changing the default startup/login screen via a policy? In-Reply-To: References: <54A7D4BB-BE78-4FFE-A356-42CE4F32AAC7@thayer.org> Message-ID: <3B5AD530-0367-41CB-81F8-B783C7C32162@thayer.org> I continued to pick at this after posting the question. The DefaultDesktop.jpg is the picture that appears at the log in screen (it used to be called Aqua blue pre 10.5) It is an oddball file because you cannot just swap it out on a booted system, since it lives in CoreServices. So it has to be renamed (with sudo), then the new file needs to be moved in and renamed and set for the right owner and permissions. I setup a policy with two parts. The first part delivers a payload to the regular desktop pictured folder in the /Library folder... you could use an existing pic just as easily. I then have the policy execute a script that runs the following CLi commands After the new pic is in place then trigger a reboot. mv /System/Library/CoreServices/DefaultDesktop.jpg DefaultDesktop.jpg.OLD cp /Library/Desktop\ Pictures/tobedefaultdesktop.jpg /System/Library/ CoreServices/DefaultDesktop.jpg chown root:wheel /System/Library/CoreServices/DefaultDesktop.jpg chmod 644 /System/Library/CoreServices/DefaultDesktop.jpg Og only knows why this has to be so convoluted... ______-------------------__________---------------_______---------- ________ Puritanism: The haunting fear that someone, somewhere, may be happy. - HL Mencken Eric Young eyoung at thayer.org On Aug 21, 2008, at 10:25 AM, Miles Leacy wrote: > Why not just FUT & FEU with a desktop background package? > > If you replace /System/Library/CoreServices/DefaultDesktop.jpg and > make sure the permissions are owned by root:wheel, with -rw-r--r--, > is there still a problem? > > Sorry if I'm missing something. > > On Thu, Aug 21, 2008 at 10:10 AM, Eric Young > wrote: > Has anyone had any luck setting the DefaultDesktop.jpg (the one in the > core services folder) to something custom? the manual method is > rather involved..... > > > thanks > > > > > > ------------------------------------------------ > Those who believe in telekinetics, raise my hand > --Kurt Vonnegut > > Eric Young > eyoung at thayer.org > 781-664-2286 Work > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080821/3a88c02f/attachment-0001.htm From eric.winkelhake at us-resources.com Thu Aug 21 08:02:26 2008 From: eric.winkelhake at us-resources.com (Eric Winkelhake) Date: Thu, 21 Aug 2008 10:02:26 -0500 Subject: [Casper] Changing the default startup/login screen via a policy? In-Reply-To: <3B5AD530-0367-41CB-81F8-B783C7C32162@thayer.org> Message-ID: you could just build it into your os image that is deployed. unless you really need to change existing machines. -- Eric Winkelhake | Technology Services ? Mundocom | Re:Sources IT 35 West Wacker Drive, Suite 3000 | Chicago, IL 60601 Office: 312-220-1669 | Mobile: 312-519-5632 Email: Eric.Winkelhake at us-resources.com Open a Service Desk Ticket | Navigating IT | Training Now Eric Young Sent by: casper-bounces at list.jamfsoftware.com 08/21/08 09:58 AM To Casper Listserv cc Subject Re: [Casper] Changing the default startup/login screen via a policy? I continued to pick at this after posting the question. The DefaultDesktop.jpg is the picture that appears at the log in screen (it used to be called Aqua blue pre 10.5) It is an oddball file because you cannot just swap it out on a booted system, since it lives in CoreServices. So it has to be renamed (with sudo), then the new file needs to be moved in and renamed and set for the right owner and permissions. I setup a policy with two parts. The first part delivers a payload to the regular desktop pictured folder in the /Library folder... you could use an existing pic just as easily. I then have the policy execute a script that runs the following CLi commands After the new pic is in place then trigger a reboot. mv /System/Library/CoreServices/DefaultDesktop.jpg DefaultDesktop.jpg.OLD cp /Library/Desktop\ Pictures/tobedefaultdesktop.jpg /System/Library/CoreServices/DefaultDesktop.jpg chown root:wheel /System/Library/CoreServices/DefaultDesktop.jpg chmod 644 /System/Library/CoreServices/DefaultDesktop.jpg Og only knows why this has to be so convoluted... ______-------------------__________---------------_______----------________ Puritanism: The haunting fear that someone, somewhere, may be happy. - HL Mencken Eric Young eyoung at thayer.org On Aug 21, 2008, at 10:25 AM, Miles Leacy wrote: Why not just FUT & FEU with a desktop background package? If you replace /System/Library/CoreServices/DefaultDesktop.jpg and make sure the permissions are owned by root:wheel, with -rw-r--r--, is there still a problem? Sorry if I'm missing something. On Thu, Aug 21, 2008 at 10:10 AM, Eric Young wrote: Has anyone had any luck setting the DefaultDesktop.jpg (the one in the core services folder) to something custom? the manual method is rather involved..... thanks ------------------------------------------------ Those who believe in telekinetics, raise my hand --Kurt Vonnegut Eric Young eyoung at thayer.org 781-664-2286 Work _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper ------------------------------------------------------------------------ Disclaimer The information in this email and any attachments may contain proprietary and confidential information that is intended for the addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, retention or use of the contents of this information is prohibited. When addressed to our clients or vendors, any information contained in this e-mail or any attachments is subject to the terms and conditions in any governing contract. If you have received this e-mail in error, please immediately contact the sender and delete the e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080821/8215a810/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 3903 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080821/8215a810/attachment.gif From cmyers at uclan.ac.uk Thu Aug 21 08:20:52 2008 From: cmyers at uclan.ac.uk (Criss Myers) Date: Thu, 21 Aug 2008 16:20:52 +0100 Subject: [Casper] Changing the default startup/login screen via a policy? Message-ID: <48AD95E4020000810002F1E7@gwise-gw1.uclan.ac.uk> you can edit the loginwindow.plist to point to any image you wish for the login window i place mine in /Library/Desktop Pictures/ criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> Eric Young 21/08/08 3:58 PM >>> I continued to pick at this after posting the question. The DefaultDesktop.jpg is the picture that appears at the log in screen (it used to be called Aqua blue pre 10.5) It is an oddball file because you cannot just swap it out on a booted system, since it lives in CoreServices. So it has to be renamed (with sudo), then the new file needs to be moved in and renamed and set for the right owner and permissions. I setup a policy with two parts. The first part delivers a payload to the regular desktop pictured folder in the /Library folder... you could use an existing pic just as easily. I then have the policy execute a script that runs the following CLi commands After the new pic is in place then trigger a reboot. mv /System/Library/CoreServices/DefaultDesktop.jpg DefaultDesktop.jpg.OLD cp /Library/Desktop\ Pictures/tobedefaultdesktop.jpg /System/Library/ CoreServices/DefaultDesktop.jpg chown root:wheel /System/Library/CoreServices/DefaultDesktop.jpg chmod 644 /System/Library/CoreServices/DefaultDesktop.jpg Og only knows why this has to be so convoluted... ______-------------------__________---------------_______---------- ________ Puritanism: The haunting fear that someone, somewhere, may be happy. - HL Mencken Eric Young eyoung at thayer.org On Aug 21, 2008, at 10:25 AM, Miles Leacy wrote: > Why not just FUT & FEU with a desktop background package? > > If you replace /System/Library/CoreServices/DefaultDesktop.jpg and > make sure the permissions are owned by root:wheel, with -rw-r--r--, > is there still a problem? > > Sorry if I'm missing something. > > On Thu, Aug 21, 2008 at 10:10 AM, Eric Young > wrote: > Has anyone had any luck setting the DefaultDesktop.jpg (the one in the > core services folder) to something custom? the manual method is > rather involved..... > > > thanks > > > > > > ------------------------------------------------ > Those who believe in telekinetics, raise my hand > --Kurt Vonnegut > > Eric Young > eyoung at thayer.org > 781-664-2286 Work > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > From cmyers at uclan.ac.uk Thu Aug 21 08:23:47 2008 From: cmyers at uclan.ac.uk (Criss Myers) Date: Thu, 21 Aug 2008 16:23:47 +0100 Subject: [Casper] Changing the default startup/login screen via a policy? Message-ID: <48AD9693020000810002F1F2@gwise-gw1.uclan.ac.uk> use this in your com.apple.loginwindow.plist use a policy to copy the picture you want and then use a defaults write command to set the plist for users desktop pics i use WGM to set the default desktop picture AdminHostInfo DSStatus DesktopPicture /Library/Desktop Pictures/LoginWindow.tif Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> Eric Young 21/08/08 3:58 PM >>> I continued to pick at this after posting the question. The DefaultDesktop.jpg is the picture that appears at the log in screen (it used to be called Aqua blue pre 10.5) It is an oddball file because you cannot just swap it out on a booted system, since it lives in CoreServices. So it has to be renamed (with sudo), then the new file needs to be moved in and renamed and set for the right owner and permissions. I setup a policy with two parts. The first part delivers a payload to the regular desktop pictured folder in the /Library folder... you could use an existing pic just as easily. I then have the policy execute a script that runs the following CLi commands After the new pic is in place then trigger a reboot. mv /System/Library/CoreServices/DefaultDesktop.jpg DefaultDesktop.jpg.OLD cp /Library/Desktop\ Pictures/tobedefaultdesktop.jpg /System/Library/ CoreServices/DefaultDesktop.jpg chown root:wheel /System/Library/CoreServices/DefaultDesktop.jpg chmod 644 /System/Library/CoreServices/DefaultDesktop.jpg Og only knows why this has to be so convoluted... ______-------------------__________---------------_______---------- ________ Puritanism: The haunting fear that someone, somewhere, may be happy. - HL Mencken Eric Young eyoung at thayer.org On Aug 21, 2008, at 10:25 AM, Miles Leacy wrote: > Why not just FUT & FEU with a desktop background package? > > If you replace /System/Library/CoreServices/DefaultDesktop.jpg and > make sure the permissions are owned by root:wheel, with -rw-r--r--, > is there still a problem? > > Sorry if I'm missing something. > > On Thu, Aug 21, 2008 at 10:10 AM, Eric Young > wrote: > Has anyone had any luck setting the DefaultDesktop.jpg (the one in the > core services folder) to something custom? the manual method is > rather involved..... > > > thanks > > > > > > ------------------------------------------------ > Those who believe in telekinetics, raise my hand > --Kurt Vonnegut > > Eric Young > eyoung at thayer.org > 781-664-2286 Work > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > From Halvorson.Jason at mayo.edu Thu Aug 21 09:57:47 2008 From: Halvorson.Jason at mayo.edu (Jason Halvorson) Date: Thu, 21 Aug 2008 11:57:47 -0500 Subject: [Casper] Changing the default startup/login screen via a policy? In-Reply-To: <54A7D4BB-BE78-4FFE-A356-42CE4F32AAC7@thayer.org> Message-ID: Here's how I do it on our base image. (At this point I have not switch to making it a package.) -----per my build documentation----- Change logon background 1. Copy MyCompanyLogo.jpg to ?/Library/Desktop Pictures? 2. Open /Applications/Utilities/Terminal.app 3. Enter the following commands in the Terminal window 3a. sudo chown root /Library/Desktop\ Pictures/MyCompanyLogo.jpg 3b. sudo defaults write /Library/Preferences/com.apple.loginwindow DesktopPicture /Library/Desktop\ Pictures/MyCompanyLogo.jpg 3c. exit REFERENCE: http://www.macworld.com/article/60979/2007/11/loginbkgnd2.html 4. Apple menu > Restart? ---------- Extra hints: In line 3b, if your using tab complete, be sure to delete the ".plist" extension at the end of com.apple.loginwindow In line 3b, it should be "...com.apple.loginwindow" space "DesktopPicture" space "/Library/Desk....." In line 3b, to the best of my knowledge, the key "DesktopPicture" is case sensitive and is one word. Jason > From: Eric Young > Date: Thu, 21 Aug 2008 10:10:46 -0400 > To: Casper Listserv > Subject: [Casper] Changing the default startup/login screen via a policy? > > Has anyone had any luck setting the DefaultDesktop.jpg (the one in the > core services folder) to something custom? the manual method is > rather involved..... > > > thanks > > > > > > ------------------------------------------------ > Those who believe in telekinetics, raise my hand > --Kurt Vonnegut > > Eric Young > eyoung at thayer.org > 781-664-2286 Work > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper From eyoung at thayer.org Thu Aug 21 10:02:13 2008 From: eyoung at thayer.org (Eric Young) Date: Thu, 21 Aug 2008 13:02:13 -0400 Subject: [Casper] Changing the default startup/login screen via a policy? In-Reply-To: References: Message-ID: <3C1ED5E3-CEF2-4F8A-8834-0B45BC341552@thayer.org> my wayback machine's got a busted thing-a-ma-bob :-) I already have a goodly portion deployed thanks to an almost literal drop dead date. Plus I like the freedom that adding it as a policy gives, so when the powers that be decide it's ugly or whatnot I can change it out. ------------------------------------------------------------- Where we have strong emotions, we're liable to fool ourselves. - Carl Sagan Eric Young eyoung at thayer.org On Aug 21, 2008, at 11:02 AM, Eric Winkelhake wrote: > > you could just build it into your os image that is deployed. unless > you really need to change existing machines. > > -- > Eric Winkelhake | Technology Services ? Mundocom | Re:Sources IT > 35 West Wacker Drive, Suite 3000 | Chicago, IL 60601 > Office: 312-220-1669 | Mobile: 312-519-5632 > Email: Eric.Winkelhake at us-resources.com > Open a Service Desk Ticket| Navigating IT | Training Now > > > > > > Eric Young > Sent by: casper-bounces at list.jamfsoftware.com > 08/21/08 09:58 AM > > To > Casper Listserv > cc > Subject > Re: [Casper] Changing the default startup/login screen via a policy? > > > > > > I continued to pick at this after posting the question. The > DefaultDesktop.jpg is the picture that appears at the log in screen > (it used to be called Aqua blue pre 10.5) It is an oddball file > because you cannot just swap it out on a booted system, since it > lives in CoreServices. So it has to be renamed (with sudo), then > the new file needs to be moved in and renamed and set for the right > owner and permissions. > > I setup a policy with two parts. The first part delivers a payload > to the regular desktop pictured folder in the /Library folder... you > could use an existing pic just as easily. I then have the policy > execute a script that runs the following CLi commands After the new > pic is in place then trigger a reboot. > > > mv /System/Library/CoreServices/DefaultDesktop.jpg > DefaultDesktop.jpg.OLD > cp /Library/Desktop\ Pictures/tobedefaultdesktop.jpg /System/Library/ > CoreServices/DefaultDesktop.jpg > chown root:wheel /System/Library/CoreServices/DefaultDesktop.jpg > chmod 644 /System/Library/CoreServices/DefaultDesktop.jpg > > > > > Og only knows why this has to be so convoluted... > > > > ______-------------------__________---------------_______---------- > ________ > Puritanism: The haunting fear that someone, somewhere, may be happy. > - HL Mencken > > Eric Young > eyoung at thayer.org > > > > On Aug 21, 2008, at 10:25 AM, Miles Leacy wrote: > > Why not just FUT & FEU with a desktop background package? > > If you replace /System/Library/CoreServices/DefaultDesktop.jpg and > make sure the permissions are owned by root:wheel, with -rw-r--r--, > is there still a problem? > > Sorry if I'm missing something. > > On Thu, Aug 21, 2008 at 10:10 AM, Eric Young > wrote: > Has anyone had any luck setting the DefaultDesktop.jpg (the one in the > core services folder) to something custom? the manual method is > rather involved..... > > > thanks > > > > > > ------------------------------------------------ > Those who believe in telekinetics, raise my hand > --Kurt Vonnegut > > Eric Young > eyoung at thayer.org > 781-664-2286 Work > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > > ------------------------------------------------------------------------ > Disclaimer > The information in this email and any attachments may contain > proprietary and confidential information that is intended for the > addressee(s) only. If you are not the intended recipient, you are > hereby notified that any disclosure, copying, distribution, > retention or use of the contents of this information is prohibited. > When addressed to our clients or vendors, any information contained > in this e-mail or any attachments is subject to the terms and > conditions in any governing contract. If you have received this e- > mail in error, please immediately contact the sender and delete the > e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080821/0a481759/attachment.html From Jesse.Almanrode at cabelas.com Fri Aug 22 07:10:20 2008 From: Jesse.Almanrode at cabelas.com (Jesse Almanrode) Date: Fri, 22 Aug 2008 08:10:20 -0600 Subject: [Casper] Schedule recon on Windows Box Message-ID: Good afternoon, We currently have recon installed on our Dell servers for reporting purposes for Casper. Is there a way to schedule the server to run recon on a repeating schedule similar to the Mac clients? How have other people done this? ------ Jesse Almanrode ?Sr. Systems Specialist? MIS Technical Services Cabela?s Inc. 308-255-2625 jhalmanr at cabelas.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080822/922f013d/attachment.htm From john.brenner at merrillcorp.com Fri Aug 22 07:12:27 2008 From: john.brenner at merrillcorp.com (Brenner, John) Date: Fri, 22 Aug 2008 09:12:27 -0500 Subject: [Casper] Schedule recon on Windows Box In-Reply-To: Message-ID: Task scheduler, call a batch file that enters the appropriate command line with your favorite switches. On 8/22/08 9:10 AM, "Jesse Almanrode" wrote: > Good afternoon, > > We currently have recon installed on our Dell servers for reporting purposes > for Casper. Is there a way to schedule the server to run recon on a > repeating schedule similar to the Mac clients? How have other people done > this? > > > ------ > Jesse Almanrode > ?Sr. Systems Specialist? > MIS Technical Services > Cabela?s Inc. > 308-255-2625 > jhalmanr at cabelas.com > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper John Brenner | Merrill Corporation | IOG IT | 651-632-4072 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080822/ad2c65b0/attachment.html From tlarki at kckps.org Fri Aug 22 09:08:55 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 22 Aug 2008 11:08:55 -0500 Subject: [Casper] self service policies Message-ID: <48AE9BAA0200003900001B80@gwoes4.kckps.org> So, I just created a CS3 self service policy and the policy works if I trigger it by start up but when I try to access it by self service it asks for admin rights to install. Is there a way with casper to suppress this? Also, it doesn't seem to install via self service, but it does when I trigger it by start up. Ideas? From cmyers at uclan.ac.uk Fri Aug 22 12:21:01 2008 From: cmyers at uclan.ac.uk (Criss Myers) Date: Fri, 22 Aug 2008 20:21:01 +0100 Subject: [Casper] self service policies Message-ID: <48AF1FAD020000810002F357@gwise-gw1.uclan.ac.uk> Hmm strangr, i install CS3 Master collection by startup, self service and capser remote and it install fine and all applications run, (only problem i have is premiere pro, but thats the same by any method) Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> "Thomas Larkin" 22/08/08 5:08 PM >>> So, I just created a CS3 self service policy and the policy works if I trigger it by start up but when I try to access it by self service it asks for admin rights to install. Is there a way with casper to suppress this? Also, it doesn't seem to install via self service, but it does when I trigger it by start up. Ideas? _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From Chris.Lang at vu.edu.au Sun Aug 24 16:08:04 2008 From: Chris.Lang at vu.edu.au (Chris Lang) Date: Mon, 25 Aug 2008 09:08:04 +1000 Subject: [Casper] self service policies In-Reply-To: <48AE9BAA0200003900001B80@gwoes4.kckps.org> Message-ID: Thomas, I setup an install via self service for CS 3 Web Premium. Triggered via policy in the JSS (there is a trigger policy on the JSS that is specifically for Self Service). The only change I made was to set the Self Service policy to no authentication and set the policy to target certain machines based on groups etc. Just made sure that the serial number was on the Adobe set I built and I suppress the EULA etc. I have a standard admin account that I use to on all machines and it deploys, for the most part, without error. Only errors I have been getting and it is very sporadic is that the install fails with error code 6. Chris Chris Lang Support Services Advisor Client Services Information Technology Services Phone: +61 3 9919 2735 Fax: +61 3 9919 2785 Mobile: +61 411 259 496 Email: Chris.Lang at vu.edu.au On 23/08/08 2:08 AM, "Thomas Larkin" wrote: > So, I just created a CS3 self service policy and the policy works if I trigger > it by start up but when I try to access it by self service it asks for admin > rights to install. Is there a way with casper to suppress this? Also, it > doesn't seem to install via self service, but it does when I trigger it by > start up. > > Ideas? > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper From eyoung at thayer.org Mon Aug 25 06:56:36 2008 From: eyoung at thayer.org (Eric Young) Date: Mon, 25 Aug 2008 09:56:36 -0400 Subject: [Casper] Making policies sequential. Message-ID: <48DE3A53-0FE5-45E0-B5D0-C6E6A7922F70@thayer.org> Is there a way to make policies sequential? I would like to setup a policy to run that is triggered by an earlier policy being successfully run on a given system. for example: A policy set to run once on all machines running 10.5 (members set with a smart group) to deploy a JPG that will be used as a desktop and login screen. Once that policy runs, I would like to be able to set another policy to run that only triggers on 10.5 machines that already have the JPG payload in place. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A cynic is a man who, when he smells flowers, looks around for a coffin. --H. L. Mencken Eric Young eyoung at thayer.org From eric.winkelhake at us-resources.com Mon Aug 25 07:08:19 2008 From: eric.winkelhake at us-resources.com (Eric Winkelhake) Date: Mon, 25 Aug 2008 09:08:19 -0500 Subject: [Casper] Making policies sequential. In-Reply-To: <48DE3A53-0FE5-45E0-B5D0-C6E6A7922F70@thayer.org> Message-ID: Why not use the same policy to execute both tasks?? -- Eric Winkelhake | Technology Services ? Mundocom | Re:Sources IT 35 West Wacker Drive, Suite 3000 | Chicago, IL 60601 Office: 312-220-1669 | Mobile: 312-519-5632 Email: Eric.Winkelhake at us-resources.com Open a Service Desk Ticket | Navigating IT | Training Now Eric Young Sent by: casper-bounces at list.jamfsoftware.com 08/25/08 08:56 AM To Casper Listserv cc Subject [Casper] Making policies sequential. Is there a way to make policies sequential? I would like to setup a policy to run that is triggered by an earlier policy being successfully run on a given system. for example: A policy set to run once on all machines running 10.5 (members set with a smart group) to deploy a JPG that will be used as a desktop and login screen. Once that policy runs, I would like to be able to set another policy to run that only triggers on 10.5 machines that already have the JPG payload in place. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A cynic is a man who, when he smells flowers, looks around for a coffin. --H. L. Mencken Eric Young eyoung at thayer.org _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper ------------------------------------------------------------------------ Disclaimer The information in this email and any attachments may contain proprietary and confidential information that is intended for the addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, retention or use of the contents of this information is prohibited. When addressed to our clients or vendors, any information contained in this e-mail or any attachments is subject to the terms and conditions in any governing contract. If you have received this e-mail in error, please immediately contact the sender and delete the e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080825/572efa4a/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 3903 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080825/572efa4a/attachment.gif From eyoung at thayer.org Mon Aug 25 07:16:19 2008 From: eyoung at thayer.org (Eric Young) Date: Mon, 25 Aug 2008 10:16:19 -0400 Subject: [Casper] Making policies sequential. In-Reply-To: References: Message-ID: Huh.. I dunno. I was concerned with duplicating work as some of the machines were already done. But the overhead of re-doing a handful of systems is nothing compared to knowing they all get touched... ------------------------------------------------ I'm living so far beyond my income that we may almost be said to be living apart. - ee cummings Eric Young eyoung at thayer.org On Aug 25, 2008, at 10:08 AM, Eric Winkelhake wrote: > > Why not use the same policy to execute both tasks?? > > -- > Eric Winkelhake | Technology Services ? Mundocom | Re:Sources IT > 35 West Wacker Drive, Suite 3000 | Chicago, IL 60601 > Office: 312-220-1669 | Mobile: 312-519-5632 > Email: Eric.Winkelhake at us-resources.com > Open a Service Desk Ticket| Navigating IT | Training Now > > > > > > Eric Young > Sent by: casper-bounces at list.jamfsoftware.com > 08/25/08 08:56 AM > > To > Casper Listserv > cc > Subject > [Casper] Making policies sequential. > > > > > > Is there a way to make policies sequential? I would like to setup a > policy to run that is triggered by an earlier policy being > successfully run on a given system. > > for example: A policy set to run once on all machines running 10.5 > (members set with a smart group) to deploy a JPG that will be used as > a desktop and login screen. Once that policy runs, I would like to be > able to set another policy to run that only triggers on 10.5 machines > that already have the JPG payload in place. > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > A cynic is a man who, when he smells flowers, looks around for a > coffin. > --H. L. Mencken > > Eric Young > eyoung at thayer.org > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > > ------------------------------------------------------------------------ > Disclaimer > The information in this email and any attachments may contain > proprietary and confidential information that is intended for the > addressee(s) only. If you are not the intended recipient, you are > hereby notified that any disclosure, copying, distribution, > retention or use of the contents of this information is prohibited. > When addressed to our clients or vendors, any information contained > in this e-mail or any attachments is subject to the terms and > conditions in any governing contract. If you have received this e- > mail in error, please immediately contact the sender and delete the > e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080825/94a12744/attachment.html From Cyrus.Vahhaji at bestbuy.com Mon Aug 25 08:03:32 2008 From: Cyrus.Vahhaji at bestbuy.com (Cyrus Vahhaji) Date: Mon, 25 Aug 2008 10:03:32 -0500 Subject: [Casper] Making policies sequential. In-Reply-To: Message-ID: Not sure if this will help but I?ll pass this along any way. At one point I had a need to run multiple policies in a particular order. To do so I relied on naming convention used for policy names (i.e. 1, 2, 3, etc.) and how each policy was triggered. Cyrus From: Eric Young Date: Mon, 25 Aug 2008 10:16:19 -0400 To: Casper Listserv Subject: Re: [Casper] Making policies sequential. Huh.. I dunno. I was concerned with duplicating work as some of the machines were already done. But the overhead of re-doing a handful of systems is nothing compared to knowing they all get touched... ------------------------------------------------ I'm living so far beyond my income that we may almost be said to be living apart. - ee cummings Eric Young eyoung at thayer.org On Aug 25, 2008, at 10:08 AM, Eric Winkelhake wrote: > > Why not use the same policy to execute both tasks?? > > -- > Eric Winkelhake | Technology Services ? Mundocom | Re:Sources IT > 35 West Wacker Drive, Suite 3000 | Chicago, IL 60601 > Office: 312-220-1669 | Mobile: 312-519-5632 > Email: Eric.Winkelhake at us-resources.com > > Open a Service Desk Ticket > | Navigating IT > | Training > Now > > > > > > > Eric Young > Sent by: casper-bounces at list.jamfsoftware.com08/25/08 08:56 AM > To > Casper Listserv > cc > Subject > [Casper] Making policies sequential. > > > > > Is there a way to make policies sequential? I would like to setup a > policy to run that is triggered by an earlier policy being > successfully run on a given system. > > for example: A policy set to run once on all machines running 10.5 > (members set with a smart group) to deploy a JPG that will be used as > a desktop and login screen. Once that policy runs, I would like to be > able to set another policy to run that only triggers on 10.5 machines > that already have the JPG payload in place. > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > A cynic is a man who, when he smells flowers, looks around for a coffin. > --H. L. Mencken > > Eric Young > eyoung at thayer.org > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > > ------------------------------------------------------------------------ > Disclaimer > The information in this email and any attachments may contain proprietary and > confidential information that is intended for the addressee(s) only. If you > are not the intended recipient, you are hereby notified that any disclosure, > copying, distribution, retention or use of the contents of this information is > prohibited. When addressed to our clients or vendors, any information > contained in this e-mail or any attachments is subject to the terms and > conditions in any governing contract. If you have received this e-mail in > error, please immediately contact the sender and delete the e-mail. > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080825/397aca5b/attachment.html From jeremymatthews at mac.com Mon Aug 25 08:38:33 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Mon, 25 Aug 2008 11:38:33 -0400 Subject: [Casper] naming machines Message-ID: Just curious on how folks are naming the machines out there.... In the past, I've used: 1) scripts to grab a file, parse, and then use that name with the corresponding mac address (not great for macbook airs) - also tedious. 2) System Image Utility (points to a file) 3) Casper - rename machines per their Casper machine name (was sometimes buggy in rev 5 for me) I'd like to hear what folks are using... Thanks, jeremy From bazmail at bazmac.co.uk Mon Aug 25 10:26:23 2008 From: bazmail at bazmac.co.uk (Michael Curtis) Date: Mon, 25 Aug 2008 18:26:23 +0100 Subject: [Casper] Adobe updates In-Reply-To: References: Message-ID: <7A2E20E6-78D6-4960-A512-DD08A9EF1FBD@bazmac.co.uk> Hi, Is their anyway of running Adobe Update from command line like the software update, softwareupdate -i -a? Not all my machines have all Adobe applications and it would be much easier to trigger off an update that way. Best wishes Michael ***************************************************** This E-Mail has been scanned by Sophos Anti-Virus ***************************************************** From rharter at uwsp.edu Mon Aug 25 15:27:43 2008 From: rharter at uwsp.edu (Ryan Harter) Date: Mon, 25 Aug 2008 17:27:43 -0500 Subject: [Casper] Default printer per config Message-ID: <5D9F444D-65A0-4C63-B51E-9DE819CE90C6@uwsp.edu> Hey all- I have some labs that share printers. ?s of now I have the four printers in both labs individual configs. The problem is that I want the printers that are physically in each lab to be default for each of those labs, i.e. I want 190print01 to be the default in the 190 lab, and 172print01 to be the default in the 172 lab while still installing the others. I have noticed that I can set the printer to be default in the info tab, but what takes precedence. I need to be able to tell the printer to be default in one config and not in another. Perhaps this should be more of a feature request to have an info tab for the configs, not the printers, saying which one is the default. Aside from this lab, I have many instances with faculty where I have printers that should be default in one place and not another. Any Ideas? Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080825/7f47b5ee/attachment.htm From eric.winkelhake at us-resources.com Mon Aug 25 15:48:46 2008 From: eric.winkelhake at us-resources.com (Eric Winkelhake) Date: Mon, 25 Aug 2008 17:48:46 -0500 Subject: [Casper] Default printer per config In-Reply-To: <5D9F444D-65A0-4C63-B51E-9DE819CE90C6@uwsp.edu> Message-ID: lpoptions -d -- Eric Winkelhake | Technology Services ? Mundocom | Re:Sources IT 35 West Wacker Drive, Suite 3000 | Chicago, IL 60601 Office: 312-220-1669 | Mobile: 312-519-5632 Email: Eric.Winkelhake at us-resources.com Open a Service Desk Ticket | Navigating IT | Training Now Ryan Harter Sent by: casper-bounces at list.jamfsoftware.com 08/25/08 05:32 PM To cc Subject [Casper] Default printer per config Hey all- I have some labs that share printers. ?s of now I have the four printers in both labs individual configs. The problem is that I want the printers that are physically in each lab to be default for each of those labs, i.e. I want 190print01 to be the default in the 190 lab, and 172print01 to be the default in the 172 lab while still installing the others. I have noticed that I can set the printer to be default in the info tab, but what takes precedence. I need to be able to tell the printer to be default in one config and not in another. Perhaps this should be more of a feature request to have an info tab for the configs, not the printers, saying which one is the default. Aside from this lab, I have many instances with faculty where I have printers that should be default in one place and not another. Any Ideas? Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper ------------------------------------------------------------------------ Disclaimer The information in this email and any attachments may contain proprietary and confidential information that is intended for the addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, retention or use of the contents of this information is prohibited. When addressed to our clients or vendors, any information contained in this e-mail or any attachments is subject to the terms and conditions in any governing contract. If you have received this e-mail in error, please immediately contact the sender and delete the e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080825/cc49ba66/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 3903 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080825/cc49ba66/attachment.gif From ERNSTCS at uwec.edu Mon Aug 25 17:49:56 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Mon, 25 Aug 2008 19:49:56 -0500 Subject: [Casper] Default printer per config In-Reply-To: Message-ID: You can also create a policy that installs the printers for a particular lab at login and then use the lpoptions to set the default with the advanced tab (that may not be necessary and an old version of JSS legacy thing, was going to verify that tomorrow actually). That way you are creating a policy for each location to allow you the flexibility you need. Craig E On 8/25/08 5:48 PM, "eric.winkelhake at us-resources.com" wrote: lpoptions -d -- Eric Winkelhake | Technology Services - Mundocom | Re:Sources IT 35 West Wacker Drive, Suite 3000 | Chicago, IL 60601 Office: 312-220-1669 | Mobile: 312-519-5632 Email: Eric.Winkelhake at us-resources.com Open a Service Desk Ticket | Navigating IT | Training Now [cid:3302538596_50402] Ryan Harter Sent by: casper-bounces at list.jamfsoftware.com08/25/08 05:32 PM To cc Subject [Casper] Default printer per config Hey all- I have some labs that share printers. ?s of now I have the four printers in both labs individual configs. The problem is that I want the printers that are physically in each lab to be default for each of those labs, i.e. I want 190print01 to be the default in the 190 lab, and 172print01 to be the default in the 172 lab while still installing the others. I have noticed that I can set the printer to be default in the info tab, but what takes precedence. I need to be able to tell the printer to be default in one config and not in another. Perhaps this should be more of a feature request to have an info tab for the configs, not the printers, saying which one is the default. Aside from this lab, I have many instances with faculty where I have printers that should be default in one place and not another. Any Ideas? Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper ------------------------------------------------------------------------ Disclaimer The information in this email and any attachments may contain proprietary and confidential information that is intended for the addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, retention or use of the contents of this information is prohibited. When addressed to our clients or vendors, any information contained in this e-mail or any attachments is subject to the terms and conditions in any governing contract. If you have received this e-mail in error, please immediately contact the sender and delete the e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080825/4eeb7930/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: image.gif Type: image/gif Size: 3903 bytes Desc: image.gif Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080825/4eeb7930/attachment-0001.gif From dlee at nuevaschool.org Tue Aug 26 15:28:39 2008 From: dlee at nuevaschool.org (Danny Lee) Date: Tue, 26 Aug 2008 15:28:39 -0700 Subject: [Casper] Hidden SSH account Message-ID: <54A18472-7569-4226-851E-1C3D8460AEE6@nuevaschool.org> Can anyone refresh my memory and remind me the command to create the hidden SSH account in the OS image? Thanks, Danny Lee Tech Support Specialist 650-350-4547 dlee at nuevaschool.org From tlarki at kckps.org Tue Aug 26 15:41:12 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 26 Aug 2008 17:41:12 -0500 Subject: [Casper] Hidden SSH account Message-ID: <48B43E200200003900001E6D@gwoes4.kckps.org> sudo /usr/sbin/jamf createAccount -username cadmin -realname "Casper Administrator" -password p at 55w0rd ?home /var/cadmin ?shell ?/bin/bash? -hiddenUser -admin change it around to your liking >>> Danny Lee 08/26/08 5:29 PM >>> Can anyone refresh my memory and remind me the command to create the hidden SSH account in the OS image? Thanks, Danny Lee Tech Support Specialist 650-350-4547 dlee at nuevaschool.org _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From tlarki at kckps.org Tue Aug 26 15:41:44 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 26 Aug 2008 17:41:44 -0500 Subject: [Casper] Hidden SSH account Message-ID: <48B43E3D0200003900001E70@gwoes4.kckps.org> Or Better yet also add the ssh account into your configuration from Casper Admin as well. >>> Danny Lee 08/26/08 5:29 PM >>> Can anyone refresh my memory and remind me the command to create the hidden SSH account in the OS image? Thanks, Danny Lee Tech Support Specialist 650-350-4547 dlee at nuevaschool.org _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From ERNSTCS at uwec.edu Tue Aug 26 16:23:05 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Tue, 26 Aug 2008 18:23:05 -0500 Subject: [Casper] Hidden SSH account In-Reply-To: <48B43E3D0200003900001E70@gwoes4.kckps.org> Message-ID: As always on a managed machine you can see the jamf binary commands and there options by going into terminal on a managed machine and typing: /usr/sbin jamf help Or just Jamf help Tom, I just want to make sure I'm understanding the comment below. Are you talking about the option for "Ensure that Computers Imaged with this Configuration are managed". If that's configured it will create the hidden account? Or what are you referring to. I wasn't under the impression it did that, actually created the account, unless that was something new in 6.0. That option merely stored that account information in the JSS for that machine so it knew how to connect with the remote tools. I know that if a machine has existing autorun data, imaging using prestaging, or when you are using Casper Imaging to image the computer you can enter that information into the Accounts tab. However, I don't think those options hide the account like the -hiddenUser switch does using the binary. I've always kept a current copy of the binary around on a network share to run that command, but if there was an easier way that'd be cool...sort of. Thanks, Craig E On 8/26/08 5:41 PM, "Thomas Larkin" wrote: Or Better yet also add the ssh account into your configuration from Casper Admin as well. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080826/ae341a78/attachment.htm From ERNSTCS at uwec.edu Tue Aug 26 16:25:23 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Tue, 26 Aug 2008 18:25:23 -0500 Subject: [Casper] Hidden SSH account In-Reply-To: Message-ID: Yup, that was: /usr/sbin/jamf help Slash stopped working, I'm sure of it! ;) On 8/26/08 6:23 PM, "Ernst, Craig S." wrote: As always on a managed machine you can see the jamf binary commands and there options by going into terminal on a managed machine and typing: /usr/sbin jamf help -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080826/c0016397/attachment.html From tlarki at kckps.org Tue Aug 26 16:46:12 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 26 Aug 2008 18:46:12 -0500 Subject: [Casper] Hidden SSH account Message-ID: <48B44F750200003900001E9B@gwoes4.kckps.org> According to my Casper bible it says this: "If you would like computers that are imaged with this configuration to be managed by Casper and the JSS, enter the enter the user name and password that allows access to this configuration via SSH in the fields labeled SSH username and SSH password" Wudi from JAMF totally went over that too at the CCA training, and I am not quite sure if it actually creates the account or not. I mean all you need is SSH to run, right? The account doesn't necessarily need a home directory since all the JAMF logs are piped out into like /var/jamf/jamf.log anyway right? Because your frame work is going to force SSH on, and recon will add the account, but when it adds the account I don't ever see an account show up in the finder, I do see it though if I do a dscl . list /Users I don't think I quite answered that question right either. >>> "Ernst, Craig S." 08/26/08 6:23 PM >>> As always on a managed machine you can see the jamf binary commands and there options by going into terminal on a managed machine and typing: /usr/sbin jamf help Or just Jamf help Tom, I just want to make sure I'm understanding the comment below. Are you talking about the option for "Ensure that Computers Imaged with this Configuration are managed". If that's configured it will create the hidden account? Or what are you referring to. I wasn't under the impression it did that, actually created the account, unless that was something new in 6.0. That option merely stored that account information in the JSS for that machine so it knew how to connect with the remote tools. I know that if a machine has existing autorun data, imaging using prestaging, or when you are using Casper Imaging to image the computer you can enter that information into the Accounts tab. However, I don't think those options hide the account like the -hiddenUser switch does using the binary. I've always kept a current copy of the binary around on a network share to run that command, but if there was an easier way that'd be cool...sort of. Thanks, Craig E On 8/26/08 5:41 PM, "Thomas Larkin" wrote: Or Better yet also add the ssh account into your configuration from Casper Admin as well. From ERNSTCS at uwec.edu Tue Aug 26 19:55:35 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Tue, 26 Aug 2008 21:55:35 -0500 Subject: [Casper] Hidden SSH account In-Reply-To: <48B44F750200003900001E9B@gwoes4.kckps.org> Message-ID: Someone else actually reads the manual?! =) * I'm pretty sure by setting the account information in the configuration it won't add the account, but if JAMF wants to confirm that and prove me wrong so I can save a step in my base image process that would be cool. * Correct you can have the framework make sure that Remote Access is enabled, it just turns on the service, but then your remote tools use that SSH account information stored in the JSS for that computer and is typically the account you specified in your imaging configuration. Typically this account is built into your base OS image, but perhaps this concept has changed since the days of yore. * Now this I could very well be wrong on, and again if JAMF wants to clarify, cool. I'd rather know what's right than not. I don't think Recon adds an account to your OS, all Recon really needs for an account is a user in the JSS to allow it to submit data when it runs. The manual (page 367 in the current 6 version) is somewhat vague to me about this setting in the management framework. What confuses me is that it says you need to select an account for machines not added to the JSS. Then what is it using to run Recon and submit data to the JSS if I don't have a specified account and it's a machine in the JSS? Is this what you see for a user with your dscl command, some secret account it adds? I just see the account I created with the binary in my base, but I do have an account specified in the framework as well and may not add an account if that's set? That setting has probably been used way before I took over here... * Yup, everything should log to jamf.log. I probably haven't answered it right either. I just want to make sure we're telling people the right things. My official CCA training may be out of date being version 4.x. Craig E On 8/26/08 6:46 PM, "Thomas Larkin" wrote: According to my Casper bible it says this: "If you would like computers that are imaged with this configuration to be managed by Casper and the JSS, enter the enter the user name and password that allows access to this configuration via SSH in the fields labeled SSH username and SSH password" Wudi from JAMF totally went over that too at the CCA training, and I am not quite sure if it actually creates the account or not. I mean all you need is SSH to run, right? The account doesn't necessarily need a home directory since all the JAMF logs are piped out into like /var/jamf/jamf.log anyway right? Because your frame work is going to force SSH on, and recon will add the account, but when it adds the account I don't ever see an account show up in the finder, I do see it though if I do a dscl . list /Users I don't think I quite answered that question right either. >>> "Ernst, Craig S." 08/26/08 6:23 PM >>> As always on a managed machine you can see the jamf binary commands and there options by going into terminal on a managed machine and typing: /usr/sbin jamf help Or just Jamf help Tom, I just want to make sure I'm understanding the comment below. Are you talking about the option for "Ensure that Computers Imaged with this Configuration are managed". If that's configured it will create the hidden account? Or what are you referring to. I wasn't under the impression it did that, actually created the account, unless that was something new in 6.0. That option merely stored that account information in the JSS for that machine so it knew how to connect with the remote tools. I know that if a machine has existing autorun data, imaging using prestaging, or when you are using Casper Imaging to image the computer you can enter that information into the Accounts tab. However, I don't think those options hide the account like the -hiddenUser switch does using the binary. I've always kept a current copy of the binary around on a network share to run that command, but if there was an easier way that'd be cool...sort of. Thanks, Craig E On 8/26/08 5:41 PM, "Thomas Larkin" wrote: Or Better yet also add the ssh account into your configuration from Casper Admin as well. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080826/6ae3eae1/attachment.htm From dlee at nuevaschool.org Tue Aug 26 20:15:56 2008 From: dlee at nuevaschool.org (Danny Lee) Date: Tue, 26 Aug 2008 20:15:56 -0700 Subject: [Casper] Hidden SSH account In-Reply-To: <48B43E200200003900001E6D@gwoes4.kckps.org> References: <48B43E200200003900001E6D@gwoes4.kckps.org> Message-ID: <120C68BA-6290-4B3B-8458-7D2603DFA58D@nuevaschool.org> This looks similar to what I have used to set up the hidden account, but Casper has been unable to use this account to manage our machines. I end up using an admin account that is not hidden to manage the machine and that seems to work. I think SSH is enabled for the hidden account but I am not totally sure. It just seems kinda pointless for the hidden account if it doesn't work. On Aug 26, 2008, at 3:41 PM, Thomas Larkin wrote: > sudo /usr/sbin/jamf createAccount -username cadmin -realname "Casper > Administrator" -password p at 55w0rd ?home /var/cadmin ?shell ?/bin/bash? > -hiddenUser -admin > > > change it around to your liking > >>>> Danny Lee 08/26/08 5:29 PM >>> > Can anyone refresh my memory and remind me the command to create the > hidden SSH account in the OS image? > > Thanks, > > Danny Lee > Tech Support Specialist > 650-350-4547 > dlee at nuevaschool.org > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > Danny Lee Tech Support Specialist 650-350-4547 dlee at nuevaschool.org From john_wetter at hopkins.k12.mn.us Tue Aug 26 21:44:51 2008 From: john_wetter at hopkins.k12.mn.us (John Wetter) Date: Tue, 26 Aug 2008 23:44:51 -0500 Subject: [Casper] Hidden SSH account In-Reply-To: References: <48B44F750200003900001E9B@gwoes4.kckps.org>, Message-ID: <4058FCBF8DBA6646855ABFA27F869E51AFB20664AA@EXCHANGE.hopkins.hopkinsschools.org> That's why when in doubt, I just use a quickadd package. Have an auto-login user on your JSS that just takes Recon, and hand out the QuickAdd package. Have it set to create the hidden user and recon and manage using that hidden user. If you run recon on a machine in the JSS, the user/pswd field should auto-populate if it is a managed computer. Recon does not add an account, hence why I just use a quickadd package. I think it's quite important to have Casper manage the computers with a hidden user. This way, if someone changes the visible admin username, you can still manage the computer. This also becomes handy if your admin password gets compromised as the netadmin user is still there to manage and change the password for your visible admin account. -John * Now this I could very well be wrong on, and again if JAMF wants to clarify, cool. I?d rather know what?s right than not. I don?t think Recon adds an account to your OS, all Recon really needs for an account is a user in the JSS to allow it to submit data when it runs. The manual (page 367 in the current 6 version) is somewhat vague to me about this setting in the management framework. What confuses me is that it says you need to select an account for machines not added to the JSS. Then what is it using to run Recon and submit data to the JSS if I don?t have a specified account and it?s a machine in the JSS? Is this what you see for a user with your dscl command, some secret account it adds? I just see the account I created with the binary in my base, but I do have an account specified in the framework as well and may not add an account if that?s set? That setting has probably been used way before I took over here... * Yup, everything should log to jamf.log. I probably haven?t answered it right either. I just want to make sure we?re telling people the right things. My official CCA training may be out of date being version 4.x. Craig E On 8/26/08 6:46 PM, "Thomas Larkin" > wrote: According to my Casper bible it says this: "If you would like computers that are imaged with this configuration to be managed by Casper and the JSS, enter the enter the user name and password that allows access to this configuration via SSH in the fields labeled SSH username and SSH password" Wudi from JAMF totally went over that too at the CCA training, and I am not quite sure if it actually creates the account or not. I mean all you need is SSH to run, right? The account doesn't necessarily need a home directory since all the JAMF logs are piped out into like /var/jamf/jamf.log anyway right? Because your frame work is going to force SSH on, and recon will add the account, but when it adds the account I don't ever see an account show up in the finder, I do see it though if I do a dscl . list /Users I don't think I quite answered that question right either. >>> "Ernst, Craig S." > 08/26/08 6:23 PM >>> As always on a managed machine you can see the jamf binary commands and there options by going into terminal on a managed machine and typing: /usr/sbin jamf help Or just Jamf help Tom, I just want to make sure I'm understanding the comment below. Are you talking about the option for "Ensure that Computers Imaged with this Configuration are managed". If that's configured it will create the hidden account? Or what are you referring to. I wasn't under the impression it did that, actually created the account, unless that was something new in 6.0. That option merely stored that account information in the JSS for that machine so it knew how to connect with the remote tools. I know that if a machine has existing autorun data, imaging using prestaging, or when you are using Casper Imaging to image the computer you can enter that information into the Accounts tab. However, I don't think those options hide the account like the -hiddenUser switch does using the binary. I've always kept a current copy of the binary around on a network share to run that command, but if there was an easier way that'd be cool...sort of. Thanks, Craig E On 8/26/08 5:41 PM, "Thomas Larkin" > wrote: Or Better yet also add the ssh account into your configuration from Casper Admin as well. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080826/10b43ba2/attachment.htm From james.partridge at oucs.ox.ac.uk Wed Aug 27 00:06:56 2008 From: james.partridge at oucs.ox.ac.uk (James Partridge) Date: Wed, 27 Aug 2008 08:06:56 +0100 Subject: [Casper] Hidden SSH account In-Reply-To: <120C68BA-6290-4B3B-8458-7D2603DFA58D@nuevaschool.org> References: <48B43E200200003900001E6D@gwoes4.kckps.org> <120C68BA-6290-4B3B-8458-7D2603DFA58D@nuevaschool.org> Message-ID: <787F6236-2D5C-4D9E-8ACC-3D3AD904F728@oucs.ox.ac.uk> On 27 Aug 2008, at 04:15, Danny Lee wrote: >> sudo /usr/sbin/jamf createAccount -username netadmin -realname >> "Casper >> Administrator" -password p at 55w0rd ?home /var/cadmin ?shell ?/bin/ >> bash? >> -hiddenUser -admin > > This looks similar to what I have used to set up the hidden account, > but Casper has been unable to use this account to manage our > machines. I end up using an admin account that is not hidden to > manage the machine and that seems to work. I think SSH is enabled for > the hidden account but I am not totally sure. It just seems kinda > pointless for the hidden account if it doesn't work. Something wrong here, then. We add a hidden admin account to all our managed machines (with a QuickAdd package generally) and it's essential to the way things work, particularly because amost all end users here are admins so can and will meddle. I agree with John Wetter about the importance of using a hidden account. In fact I'd go further and say that it's *essential* that the management account is hidden. If it's visible then people mess with it. There are a couple of checks you can do if this account isn't working for you: First, try logging in as the hidden user ('netadmin', 'cadmin', or whatever else you call it) on the client machine just to check it works locally. I do this in Terminal with 'su netadmin' but you can also do it from the login window, of course. If that works and your JSS still can't connect to the machine then maybe the hidden user password is garbled in the JSS. Pull up the machine in the JSS inventory, click on 'Edit', and in the 'Computer Info' tab retype the password in the 'Management Password' fields. I mention this even though it seems obvious because we've had occasional problems in the past with this field getting corrupted when using a QuickAdd package. If you can login as your 'netadmin' user locally, and you're sure the credentials are correct in the JSS, then everything should work, assuming that Remote Login is enabled on the client machines, of course. Those are really the only criteria you need to satisfy. Another big advantage of the hidden admin account is that you can use the kickstart command to enable ARD for that user and set all the necessary access privileges without this being visible to the end user in System Preferences. We always do this with the user's permission (extolling the virtues of remote access with ARD) so it's not a big secret, but it's critical that they can't see and tamper with the settings. They soon forget about it! The specific command we use is: "sudo /System/Library/CoreServices/ RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate - configure -access -on -users netadmin -privs -all -restart -agent" but see for more info. HTH, and apologies if all this is stating the obvious. James ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ James Partridge Systems Development & Support (Apple) NSMS Oxford University Computing Service 13 Banbury Road Oxford OX2 6NN Tel.: (01865) 273207 iChat: james.partridge at mac.com From ERNSTCS at uwec.edu Wed Aug 27 03:55:01 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Wed, 27 Aug 2008 05:55:01 -0500 Subject: [Casper] Hidden SSH account In-Reply-To: <787F6236-2D5C-4D9E-8ACC-3D3AD904F728@oucs.ox.ac.uk> Message-ID: I think that either method is fine as long as there is one account for management that is hidden. I think that's a best practice thing. Use the QuickAdd stuff from recon if you like to create the account or the command line. I'd take things one step further using command line for security and add another switch: jamf createAccount -username -realname -password -home /var/ -admin -hiddenUser -secureSSH My notes about this: * shell is optional unless you really plan to logon locally with that account on the box and have a preference * be careful with hiddenUser as I've missed the capital U in there at times * and secureSSH just sets the box so only that account can access the system via SSH, a little more security, but unless you know these accounts then others who don't but have admin on the box from other accounts like AD groups etc. will not be able to SSH in through terminal if they needed to for some reason. For us this hasn't been a problem thus far. They can still get at the machine in other ways given the right access in the JSS using the othe remote tools. That's all I got on this one. Craig E -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080827/6da792c3/attachment.html From jwrn3 at cam.ac.uk Wed Aug 27 06:19:16 2008 From: jwrn3 at cam.ac.uk (James Nairn) Date: Wed, 27 Aug 2008 14:19:16 +0100 Subject: [Casper] Configuration changes not being saved for Adobe installs Message-ID: <8B73C2AB-EDE3-4CA2-AE1C-296615E11B1A@cam.ac.uk> Hello, We have found some inconsistencies when dealing with Adobe installs and Casper v5.13. In the past we made a single package for CS3 and this worked very well. However for this AY we took advantage of Casper's ability do deal with CS3 and consequently made individual packages for each app, hoping that Casper would allow us to update the suite easily. We had problems with the updating mechanism at imaging time so we abandoned updating and planned to install the version that came on the media and leave it at that. Then we had more problems with the jamfHelper app and reverted back to our original single CS3 package. We now have the following problem: We deleted the Adobe Installer Images from All Items | Adobe Installer Packages; they were moved to the Deleted Packages folder as expected. The trash was then emptied from Casper Admin.app and the Deleted Packages directory was empty. Saved the changes in Casper Admin.app and then quit the app. On re-opening the app the Adobe Installer Packages for CS3 had miraculously reappeared under the 'All' view type but not under 'Adobe Installer Images'. They are visible both in the JSS and the app. Obviously the software packages themselves have not risen from the dead! At least once I have made changes using Casper Admin.app only to find they have not 'stuck' between sessions (and yes, I have saved!). This has caused some problems with our latest imaging round. Are you aware of other users having similar problems? Regards, James PS I was very tempted to change the subject line to 'Zombie CS3 installs' but... -- James Nairn mailto:jwrn3 at cam.ac.uk Macintosh Systems Specialist University of Cambridge Computing Service Pembroke St, Cambridge, CB2 3QH Tel (01223 7)63486 From tlarki at kckps.org Wed Aug 27 08:03:09 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 27 Aug 2008 10:03:09 -0500 Subject: [Casper] Hidden SSH account Message-ID: <48B5265D0200003900001EFB@gwoes4.kckps.org> Personally, I create two hidden local admin accounts on every machine for this exact reason. 1 is solely for casper stuff, and I don't give that password out at all. There is never a need to log into that account to do anything. The other one is a local hidden admin account for administration, troubleshooting, and maintenance of the computer. I hide them from the finder and put their home directory in /private/var. I sort of found a bug with Casper 6.0 already. It seems that when you try to update the Casper SSH account password on version 6, but your clients haven't updated their command line application yet, it doesn't change it right. Of course, someone in my department gave that password out to someone who didn't know what it was for, and I was forced to do a massive password change. So, I no longer give out the ssh account password, and all the casper servers have passwords that only me and one other person I work with know, both of us are CCA so I figured that would be best practice. So, I just made my update JAMF binary policy more aggressive as well as my update inventory. I also added the jamf command to change a password to that account since the built in feature seems to bug out a bit when working with a 5.13 client. Since the 5.13 was in my image and deployed to 6,000 Macbooks you can't really instantly update the command line app for casper. You could create post script actions for when you add quickadd.pkg that create accounts using the jamf binary, it is very easy and straight forward. I have a script that uses the JAMF binary that creates an account, runs recon, and sets master passwords for root, firmware and whatever else I need done. If you use the JAMF commands it makes your script less code and a lot easier to follow since they simplify it, and I prefer to keep things simple. >>> John Wetter 08/26/08 11:45 PM >>> That's why when in doubt, I just use a quickadd package. Have an auto-login user on your JSS that just takes Recon, and hand out the QuickAdd package. Have it set to create the hidden user and recon and manage using that hidden user. If you run recon on a machine in the JSS, the user/pswd field should auto-populate if it is a managed computer. Recon does not add an account, hence why I just use a quickadd package. I think it's quite important to have Casper manage the computers with a hidden user. This way, if someone changes the visible admin username, you can still manage the computer. This also becomes handy if your admin password gets compromised as the netadmin user is still there to manage and change the password for your visible admin account. -John * Now this I could very well be wrong on, and again if JAMF wants to clarify, cool. I?d rather know what?s right than not. I don?t think Recon adds an account to your OS, all Recon really needs for an account is a user in the JSS to allow it to submit data when it runs. The manual (page 367 in the current 6 version) is somewhat vague to me about this setting in the management framework. What confuses me is that it says you need to select an account for machines not added to the JSS. Then what is it using to run Recon and submit data to the JSS if I don?t have a specified account and it?s a machine in the JSS? Is this what you see for a user with your dscl command, some secret account it adds? I just see the account I created with the binary in my base, but I do have an account specified in the framework as well and may not add an account if that?s set? That setting has probably been used way before I took over here... * Yup, everything should log to jamf.log. I probably haven?t answered it right either. I just want to make sure we?re telling people the right things. My official CCA training may be out of date being version 4.x. Craig E On 8/26/08 6:46 PM, "Thomas Larkin" > wrote: According to my Casper bible it says this: "If you would lbe managed by Casper and the JSS, enter the enter the user name and password that allows access to this configuration via SSH in the fields labeled SSH username and SSH password" Wudi from JAMF totally went over that too at the CCA training, and I am not quite sure if it actually creates the account or not. I mean all you need is SSH to run, right? The account doesn't necessarily need a home directory since all the JAMF logs are piped out into like /var/jamf/jamf.log anyway right? Because your frame work is going to force SSH on, and recon will add the account, but when it adds the account I don't ever see an account show up in the finder, I do see it though if I do a dscl . list /Users I don't think I quite answered that question right either. >>> "Ernst, Craig S." > 08/26/08 6:23 PM >>> As always on a managed machine you can see the jamf binary commands and there options by going into terminal on a managed machine and typing: /usr/sbin jamf help Or just Jamf help Tom, I just want to make sure I'm understanding the comment below. Are you talking about the option for "Ensure that Computers Imaged with this Configuration are managed". If that's configured it will create the hidden account? Or what are you referring to. I wasn't under the impression it did that, actually created the account, unless that was something new in 6.0. That option merely stored that account information in the JSS for that machine so it knew how to connect with the remote tools. I know that if a machine has existing autorun data, imaging using prestaging, or when you are using Casper Imaging to image the computer you can enter that information into the Accounts tab. However, I don't think those options hide the account like the -hiddenUser switch does using the binary. I've always kept a current copy of the binary around on a network share to run that command, but if there was an easier way that'd be cool...sort of. Thanks, Craig E On 8/26/08 5:41 PM, "Thomas Larkin" > wrote: Or Better yet also add the ssh account into your configuration from Casper Admin as well. From bslutzky at mph.net Wed Aug 27 12:52:47 2008 From: bslutzky at mph.net (Slutzky, Ben) Date: Wed, 27 Aug 2008 15:52:47 -0400 Subject: [Casper] Alias for AD network folder (script?) Message-ID: Hi, This isn?t much of a Casper question, but maybe someone can help. Our Macs have single sign-on enabled with Active Directory, and are also bound to our Open Directory server for managed preferences. Users save to their network folder (their user folder listed in AD). But because the user network folders are stored in hard-to-find subfolders in a server share containing all network folders, it's difficult for users to find theirs when trying to save documents. (For instance, the path to a user's folder might be smb://file1/users/bsmith.) The actual server share (e.g., "users") is mounted by OS X as a volume when a user logs in, but they'd have to find their folder inside another folder in that volume. Although OS X automatically creates an alias directly to their folder on the dock, that alias isn't accessible from a file saving window. I couldn't find a way of "copying" the dock alias to the desktop. Can anyone think of a way (possibly with a script) for OS X to create an alias on the user's desktop that links directly to the current user's AD home directory - like the one that appears on the dock, but on the desktop? Any ideas would be appreciated. Ben Slutzky -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080827/0ef7c104/attachment.htm From cmyers at uclan.ac.uk Wed Aug 27 13:01:23 2008 From: cmyers at uclan.ac.uk (Criss Myers) Date: Wed, 27 Aug 2008 21:01:23 +0100 Subject: [Casper] Alias for AD network folder (script?) Message-ID: <48B5C0A3020000810002F753@gwise-gw1.uclan.ac.uk> hmm not at my server at the moment, i have exaclty the same setup as us, AA and OD, and my users folder get mounted correctly as their home folder, you can find it by the home icon and this is accessable in programs save box, so how do you mount yours? do they not save files to their Home folder??? with WGM you can also mount the users home folder at login as a folder on the desktop, you should also be able to navigate this from a save as box, but not at my server to test Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> "Slutzky, Ben" 27/08/08 8:52 PM >>> Hi, This isn?t much of a Casper question, but maybe someone can help. Our Macs have single sign-on enabled with Active Directory, and are also bound to our Open Directory server for managed preferences. Users save to their network folder (their user folder listed in AD). But because the user network folders are stored in hard-to-find subfolders in a server share containing all network folders, it's difficult for users to find theirs when trying to save documents. (For instance, the path to a user's folder might be smb://file1/users/bsmith.) The actual server share (e.g., "users") is mounted by OS X as a volume when a user logs in, but they'd have to find their folder inside another folder in that volume. Although OS X automatically creates an alias directly to their folder on the dock, that alias isn't accessible from a file saving window. I couldn't find a way of "copying" the dock alias to the desktop. Can anyone think of a way (possibly with a script) for OS X to create an alias on the user's desktop that links directly to the current user's AD home directory - like the one that appears on the dock, but on the desktop? Any ideas would be appreciated. Ben Slutzky From bslutzky at mph.net Wed Aug 27 13:23:52 2008 From: bslutzky at mph.net (Slutzky, Ben) Date: Wed, 27 Aug 2008 16:23:52 -0400 Subject: [Casper] Alias for AD network folder (script?) In-Reply-To: <48B5C0A3020000810002F753@gwise-gw1.uclan.ac.uk> Message-ID: No, with our Casper setup, we're wiping/re-imaging everything each week on most machines, so users must save files to their network folder. (Don't confuse this with their actual Mac home with Library, Music, etc. - I'm talking about a mounted location specified by AD, which would normally be mapped on a Windows workstation, and is mounted as a network volume in the Finder sidebar on Macs, where they can save files.) The user's network folder itself is not actually mounted, because each user's network folder is located *inside another folder in the actual server share* for all users' network folders. Users can theoretically navigate to their network folder inside that mounted volume (on the sidebar and desktop like you say), but that doesn't go directly to their own folder. For instance, our file server is MPHFS2, the share for all student folders is ST_HOME, and inside ST_HOME are a bunch of folders representing each graduating class. So the folder for John Smith, in the graduating class of 2008, would be at smb://MPHFS2/ST_HOME/08/JSMITH. The Mac would mount the ST_HOME volume on the sidebar and desktop, but John probably wouldn't know to find his folder in the 08 folder. We'd like a way to automatically create an alias to JSMITH on his desktop and sidebar. Thanks On 8/27/08 4:01 PM, "Criss Myers" wrote: > hmm > > not at my server at the moment, > > i have exaclty the same setup as us, AA and OD, and my users folder get > mounted correctly as their home folder, you can find it by the home icon > and this is accessable in programs save box, so how do you mount yours? > > do they not save files to their Home folder??? > > with WGM you can also mount the users home folder at login as a folder > on the desktop, you should also be able to navigate this from a save as > box, but not at my server to test > > Criss > > Criss Myers > Senior Customer Support Analyst (Mac Services) > Apple Certified Technical Coordinator v10.5 > LIS Business Support Team > Library 301 > University of Central Lancashire > Preston PR1 2HE > Ex 5054 > 01772 895054 >>>> "Slutzky, Ben" 27/08/08 8:52 PM >>> > Hi, > This isn??t much of a Casper question, but maybe someone can help. > Our Macs have single sign-on enabled with Active Directory, and are also > bound to our Open Directory server for managed preferences. Users save > to > their network folder (their user folder listed in AD). But because the > user > network folders are stored in hard-to-find subfolders in a server share > containing all network folders, it's difficult for users to find theirs > when > trying to save documents. (For instance, the path to a user's folder > might > be smb://file1/users/bsmith.) > The actual server share (e.g., "users") is mounted by OS X as a volume > when > a user logs in, but they'd have to find their folder inside another > folder > in that volume. Although OS X automatically creates an alias directly to > their folder on the dock, that alias isn't accessible from a file saving > window. I couldn't find a way of "copying" the dock alias to the > desktop. > > Can anyone think of a way (possibly with a script) for OS X to create an > alias on the user's desktop that links directly to the current user's AD > home directory - like the one that appears on the dock, but on the > desktop? > > Any ideas would be appreciated. > Ben Slutzky > From miles.leacy at themacadmin.com Wed Aug 27 15:11:27 2008 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Wed, 27 Aug 2008 18:11:27 -0400 Subject: [Casper] Alias for AD network folder (script?) In-Reply-To: References: Message-ID: I took this as a challenge, and now I'm frustrated. I believe I've got most of the pieces of this together, and that another pair of eyes will be able to see where my syntax is failing. ### Start Script userhome="\"/Volumes/Uservolume/Users/"`whoami`\" # tested echo $userhome > /tmp/userhome #tested osascript -e 'read posix file "/tmp/userhome"' # tested # above line returns contents of file which is the POSIX path to the client's folder, surrounded by quotes osascript -e 'set userhome to read posix file "/tmp/userhome"' -e 'tell application "Finder" to make alias file to posix file (userhome) at desktop' # above line fails with error: 77:128: execution error: Finder got an error: AppleEvent handler failed. (-10000) ### end script The following bash command: osascript -e 'tell application "Finder" to make alias file to posix file "/Users" at desktop' puts an alias on your desktop that points to /Users. I'm having trouble with the syntax to pass a variable to the Applescript "make alias" function from the bash shell. Based on the fact that the command above works, I assume that when the variable is properly inserted into the osascript command, you'll get the needed alias. Of course, you should be able to use the ln command: /bin/ln -s /Volumes/Uservolume/Users/`whoami` ~/Desktop/`whoami` 2008/8/27 Slutzky, Ben > Hi, > This isn't much of a Casper question, but maybe someone can help. > Our Macs have single sign-on enabled with Active Directory, and are also > bound to our Open Directory server for managed preferences. Users save to > their network folder (their user folder listed in AD). But because the user > network folders are stored in hard-to-find subfolders in a server share > containing all network folders, it's difficult for users to find theirs when > trying to save documents. (For instance, the path to a user's folder might > be smb://file1/users/bsmith.) > The actual server share (e.g., "users") is mounted by OS X as a volume when > a user logs in, but they'd have to find their folder inside another folder > in that volume. Although OS X automatically creates an alias directly to > their folder on the dock, that alias isn't accessible from a file saving > window. I couldn't find a way of "copying" the dock alias to the desktop. > > Can anyone think of a way (possibly with a script) for OS X to create an > alias on the user's desktop that links directly to the current user's AD > home directory - like the one that appears on the dock, but on the desktop? > > Any ideas would be appreciated. > Ben Slutzky > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080827/650bd613/attachment.htm From daniel.farnworth at thecreativepartnership.co.uk Thu Aug 28 05:13:14 2008 From: daniel.farnworth at thecreativepartnership.co.uk (Daniel Farnworth) Date: Thu, 28 Aug 2008 13:13:14 +0100 Subject: [Casper] trim your posts In-Reply-To: References: Message-ID: <936969D7-DE0A-408F-836A-04345AF66C8E@thecreativepartnership.co.uk> And for the benefit of those not on Digest, if you are on Digest please change the subject line of your replies to match the original subject of the thread (i.e. NOT "Re: [Casper] Digest #1234". Cheers Dan On 21 Aug 2008, at 14:28, Sandy J. Hinding wrote: > Hi All! > > For the benefit of those on Digest, please only include in your > message the relevant portions of the message to which you are > replying. > Edit your Subject line? > Maybe shorten your signature too? > > Regards, > Sandy Hinding (your mom :) > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -- Daniel Farnworth IT Manager The Creative Partnership daniel.farnworth at thecreativepartnership.co.uk http://www.thecreativepartnership.co.uk Tel: +44 (0)20 7439 7762 Fax: +44 (0)20 7437 1467 PGP Public Key available The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify postmaster at thecreativepartnership.co.uk immediately and then delete this email from your system. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of The Creative Partnership. The Creative Partnership has taken every reasonable precaution to ensure that any attachment to this e-mail has been swept for viruses. However, The Creative Partnership cannot accept liability for any damage sustained as a result of software viruses and would advise that you carry out your own virus checks before opening any attachment. From tlarki at kckps.org Thu Aug 28 06:46:11 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 28 Aug 2008 08:46:11 -0500 Subject: [Casper] CS 3, again ! Message-ID: <48B665D30200003900001F8A@gwoes4.kckps.org> So, now I am getting this error message. Unable to complete silent work flow, error 7. I swear this worked like three days ago when I tried it.... Fixes anyone? Thanks in advance tom From tgreenleaf at saintmarksschool.org Thu Aug 28 10:29:05 2008 From: tgreenleaf at saintmarksschool.org (Tatian Greenleaf) Date: Thu, 28 Aug 2008 10:29:05 -0700 Subject: [Casper] Script to startup MySQL Manager Message-ID: I'm sure this has been covered before, but I'm relatively new to Casper. Does anyone have a script or other method for turning on MySQL (for the JSS) in OS X Server 10.4? Currently, after we restart the machine, we have to remember to open MySQL Manager and turn the service back on. ____________________________ Tatian Greenleaf Associate Director of Technology Saint Mark's School (415) 472-8000 x1014 From tlarki at kckps.org Thu Aug 28 10:55:10 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 28 Aug 2008 12:55:10 -0500 Subject: [Casper] Script to startup MySQL Manager Message-ID: <48B6A02E0200003900001FF0@gwoes4.kckps.org> The JSS setup utility does all of that for you. At boot, the server running the JSS, automatically launches TomCat, MySQL, and all the other goodies the JSS needs. Now there have been some issues with 10.5 Server (I think...?) where you need to edit a plist file to allow Tomcat to start at boot up. However, my 10.5 servers work great. >>> "Tatian Greenleaf" 08/28/08 12:34 PM >>> I'm sure this has been covered before, but I'm relatively new to Casper. Does anyone have a script or other method for turning on MySQL (for the JSS) in OS X Server 10.4? Currently, after we restart the machine, we have to remember to open MySQL Manager and turn the service back on. ____________________________ Tatian Greenleaf Associate Director of Technology Saint Mark's School (415) 472-8000 x1014 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From tgreenleaf at saintmarksschool.org Thu Aug 28 11:08:02 2008 From: tgreenleaf at saintmarksschool.org (Tatian Greenleaf) Date: Thu, 28 Aug 2008 11:08:02 -0700 Subject: [Casper] Script to startup MySQL Manager In-Reply-To: <48B6A02E0200003900001FF0@gwoes4.kckps.org> References: <48B6A02E0200003900001FF0@gwoes4.kckps.org> Message-ID: For whatever reason, the JSS doesn't auto-start correctly on our server. We have to manually open MySQL manager, and stop and start the service to get it to work. I think I found the answer though. I am going to install the MySQL Startup Item that comes on ther Server installation disk and see if that does the trick. Tatian "Thomas Larkin" writes: >The JSS setup utility does all of that for you. At boot, the server >runniSng the JSS, automatically launches TomCat, MySQL, and all the other >rgoodies the JSS needs. > >Now there have been some issues with 10.5 Server (I think...?) where you >noeed to edit a plist file to allow Tomcat to start at boot up. However, >nmy 10.5 servers work great. From john.brenner at merrillcorp.com Thu Aug 28 12:52:14 2008 From: john.brenner at merrillcorp.com (Brenner, John) Date: Thu, 28 Aug 2008 14:52:14 -0500 Subject: [Casper] CS 3, again ! In-Reply-To: <48B665D30200003900001F8A@gwoes4.kckps.org> Message-ID: It's the install order, if there is any piece of CS3 installed prior to installing CS3 via a scripted install, it will fail with a error 7. On 8/28/08 8:46 AM, "Thomas Larkin" wrote: > So, now I am getting this error message. > > Unable to complete silent work flow, error 7. > > I swear this worked like three days ago when I tried it.... Fixes anyone? > > Thanks in advance > > tom > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper John Brenner | Merrill Corporation | IOG IT | 651-632-4072 From cmyers at uclan.ac.uk Thu Aug 28 13:20:27 2008 From: cmyers at uclan.ac.uk (Criss Myers) Date: Thu, 28 Aug 2008 21:20:27 +0100 Subject: [Casper] CS 3, again ! Message-ID: <48B7169B020000810002F8C8@gwise-gw1.uclan.ac.uk> hmmm ive installed with other Cs3 installs i install photoshop and then install illustrator later, all via self service Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> "Brenner, John" 28/08/08 8:52 PM >>> It's the install order, if there is any piece of CS3 installed prior to installing CS3 via a scripted install, it will fail with a error 7. On 8/28/08 8:46 AM, "Thomas Larkin" wrote: > So, now I am getting this error message. > > Unable to complete silent work flow, error 7. > > I swear this worked like three days ago when I tried it.... Fixes anyone? > > Thanks in advance > > tom > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper John Brenner | Merrill Corporation | IOG IT | 651-632-4072 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From jeremymatthews at mac.com Fri Aug 29 10:10:06 2008 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Fri, 29 Aug 2008 13:10:06 -0400 Subject: [Casper] This Apple Package did not have a valid index.bom file Message-ID: <69376379-49F3-444B-9A1D-77340629774E@mac.com> I uploaded iWork '08 to our Casper server, and set a self-service policy. When trying to install via self-service, the install process bombs out (silently and quickly). the Casper logs show this: /usr/sbin/jamf is version 6.0 Executing Policy iWork '08... Downloading BOM for iWork08.mpkg... This Apple Package did not have a valid index.bom file. Assuming it is a flat file package. Downloading http://myserver.cc.org:80/casper_files/Packages//iWork08.mpkg ... Installing Apple iWork '08... Installation failed. The installer reported: installer: Error the package path specified was invalid: '/Library/Application Support/JAMF/ Downloads/iWork08.mpkg'. Ideas? Thanks, jeremy -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/96a70bb1/attachment.htm From tom.welch at venturethree.com Fri Aug 29 10:19:39 2008 From: tom.welch at venturethree.com (Tom Welch) Date: Fri, 29 Aug 2008 18:19:39 +0100 Subject: [Casper] This Apple Package did not have a valid index.bom file In-Reply-To: <69376379-49F3-444B-9A1D-77340629774E@mac.com> References: <69376379-49F3-444B-9A1D-77340629774E@mac.com> Message-ID: <524B8802-EFDB-4B09-A667-7C1C4CAF08C0@venturethree.com> Hi jeremy I have seen this just today also! I got it trying to push the package though. I was going to try forcing an AFP connection rather than the default HTTP as I suspect it might be something to do with this. Didn't get time to try it though. -- Many thanks Tom Welch On 29 Aug 2008, at 18:10, Jeremy Matthews wrote: > I uploaded iWork '08 to our Casper server, and set a self-service > policy. > > When trying to install via self-service, the install process bombs > out (silently and quickly). > > the Casper logs show this: > /usr/sbin/jamf is version 6.0 > Executing Policy iWork '08... > Downloading BOM for iWork08.mpkg... > This Apple Package did not have a valid index.bom file. Assuming it > is a flat file package. > Downloading http://myserver.cc.org:80/casper_files/Packages//iWork08.mpkg > ... > Installing Apple iWork '08... > Installation failed. The installer reported: installer: Error the > package path specified was invalid: '/Library/Application Support/ > JAMF/Downloads/iWork08.mpkg'. > > Ideas? > > Thanks, > jeremy > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/961c0279/attachment.html From john.brenner at merrillcorp.com Fri Aug 29 12:34:56 2008 From: john.brenner at merrillcorp.com (Brenner, John) Date: Fri, 29 Aug 2008 14:34:56 -0500 Subject: [Casper] CS 3, again ! In-Reply-To: <48B7169B020000810002F8C8@gwise-gw1.uclan.ac.uk> Message-ID: OK maybe I should clarify If you use a Adobe installer for cs3 and there are any CS3 pieces already installed, the install will fail with a error 7. On 8/28/08 3:20 PM, "Criss Myers" wrote: > hmmm ive installed with other Cs3 installs > > i install photoshop and then install illustrator later, all via self service > > Criss Myers > Senior Customer Support Analyst (Mac Services) > Apple Certified Technical Coordinator v10.5 > LIS Business Support Team > Library 301 > University of Central Lancashire > Preston PR1 2HE > Ex 5054 > 01772 895054 >>>> "Brenner, John" 28/08/08 8:52 PM >>> > It's the install order, if there is any piece of CS3 installed prior to > installing CS3 via a scripted install, it will fail with a error 7. > > > On 8/28/08 8:46 AM, "Thomas Larkin" wrote: > >> So, now I am getting this error message. >> >> Unable to complete silent work flow, error 7. >> >> I swear this worked like three days ago when I tried it.... Fixes anyone? >> >> Thanks in advance >> >> tom >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > > > John Brenner | Merrill Corporation | IOG IT | 651-632-4072 > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > John Brenner | Merrill Corporation | IOG IT | 651-632-4072 From ERNSTCS at uwec.edu Fri Aug 29 12:36:54 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Fri, 29 Aug 2008 14:36:54 -0500 Subject: [Casper] This Apple Package did not have a valid index.bom file In-Reply-To: <524B8802-EFDB-4B09-A667-7C1C4CAF08C0@venturethree.com> Message-ID: You are correct in that the BOM part has to do with HTTP enabled distribution points. Some MPKG just can't install through the JSS, too. I'm tying to recall if iWork was one I was having issues with... Craig E On 8/29/08 12:19 PM, "Tom Welch" wrote: Hi jeremy I have seen this just today also! I got it trying to push the package though. I was going to try forcing an AFP connection rather than the default HTTP as I suspect it might be something to do with this. Didn't get time to try it though. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/3b34a6c3/attachment.htm From ron.prue at mynoahs.com Fri Aug 29 12:56:54 2008 From: ron.prue at mynoahs.com (Ron Prue) Date: Fri, 29 Aug 2008 13:56:54 -0600 Subject: [Casper] Searchable FAQ or Discussion? Message-ID: <04DA41D4-143C-4777-BA0D-8CE1371DCAEC@mynoahs.com> I am new to Casper and seem to be having difficulty with some of the most basic and mundane operations (ie, JSS installation on Leopard Server, Web admin authentication problems). I am trying to be as self sufficient as possible while I am learning so I was wondering if there is another resource that is searchable that I can glean some information from. Googling the errors does nothing and the Casper site does not seem to point anywhere other than this list and a Jumpstart session. Any direction would be much appreciated. Ron Prue Technical Services Noah Corporation w.435.214.2927 f.435.645.3936 http://www.mynoahs.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/2d6dee78/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Noahs Logo.png Type: image/png Size: 11936 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/2d6dee78/attachment.png From NATHANIEL.LINDLEY at spps.org Fri Aug 29 12:57:00 2008 From: NATHANIEL.LINDLEY at spps.org (NATHANIEL.LINDLEY at spps.org) Date: Fri, 29 Aug 2008 14:57:00 -0500 Subject: [Casper] Searchable FAQ or Discussion? In-Reply-To: <04DA41D4-143C-4777-BA0D-8CE1371DCAEC@mynoahs.com> Message-ID: I found their Knowledgebase online to be helpful, could use more content though. . . . http://jamfsoftware.com/kb -Nathaniel Ron Prue Sent by: casper-bounces at list.jamfsoftware.com 08/29/08 02:56 PM To casper at list.jamfsoftware.com cc Subject [Casper] Searchable FAQ or Discussion? I am new to Casper and seem to be having difficulty with some of the most basic and mundane operations (ie, JSS installation on Leopard Server, Web admin authentication problems). I am trying to be as self sufficient as possible while I am learning so I was wondering if there is another resource that is searchable that I can glean some information from. Googling the errors does nothing and the Casper site does not seem to point anywhere other than this list and a Jumpstart session. Any direction would be much appreciated. Ron Prue Technical Services Noah Corporation w.435.214.2927 f.435.645.3936 http://www.mynoahs.com _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/81fcf47a/attachment-0001.html From tlarki at kckps.org Fri Aug 29 13:24:59 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 29 Aug 2008 15:24:59 -0500 Subject: [Casper] Searchable FAQ or Discussion? Message-ID: <48B814CB0200003900002107@gwoes4.kckps.org> I just deployed 6 new Casper servers, 1 JSS and 5 new distribution points. I built them as stand alone from scratch and it was pretty painless. The documentation in the Casper Suite DMG file is pretty decent as well. This mailing list has a bunch of good resources too. Don't feel bad about asking any questions either. Half of the time I post questions to the mailing list I figure the answer out myself in a few hours and then sometimes post it. Or someone will email me the answer I was looking for. That is what it is for. So, just ask away your questions. >>> Ron Prue 08/29/08 2:58 PM >>> I am new to Casper and seem to be having difficulty with some of the most basic and mundane operations (ie, JSS installation on Leopard Server, Web admin authentication problems). I am trying to be as self sufficient as possible while I am learning so I was wondering if there is another resource that is searchable that I can glean some information from. Googling the errors does nothing and the Casper site does not seem to point anywhere other than this list and a Jumpstart session. Any direction would be much appreciated. Ron Prue Technical Services Noah Corporation w.435.214.2927 f.435.645.3936 http://www.mynoahs.com From ron.prue at mynoahs.com Fri Aug 29 13:41:44 2008 From: ron.prue at mynoahs.com (Ron Prue) Date: Fri, 29 Aug 2008 14:41:44 -0600 Subject: [Casper] Searchable FAQ or Discussion? In-Reply-To: <48B814CB0200003900002107@gwoes4.kckps.org> References: <48B814CB0200003900002107@gwoes4.kckps.org> Message-ID: <01F9A181-5822-49DB-AF19-9C2550F35E2C@mynoahs.com> Thanks for the link Nathaniel and the welcome Thomas. The error I am seeing specifically after installing 6.014 (the latest Tomcat update) is this: Error looking up jss_settings: java.sql.SQLException: Column 'smtp_is_secure' not found. That is placed above the login window in my web admin using FIrefox, Safari and Opera (so it doesn't appear to be a browser specific error). When I go to my Server Admin utility and select the MySQL tab, it shows no errors in the log or any settings that can be changed regarding smtp security. Sorry if this is an issue that is simple and common knowledge, but I really am a new server admin with little experience with Leopard Server. Ron Prue Technical Services Noah Corporation w.435.214.2927 f.435.645.3936 http://www.mynoahs.com On Aug 29, 2008, at 2:24 PM, Thomas Larkin wrote: > I just deployed 6 new Casper servers, 1 JSS and 5 new distribution > points. I built them as stand alone from scratch and it was pretty > painless. The documentation in the Casper Suite DMG file is pretty > decent as well. This mailing list has a bunch of good resources > too. Don't feel bad about asking any questions either. Half of the > time I post questions to the mailing list I figure the answer out > myself in a few hours and then sometimes post it. Or someone will > email me the answer I was looking for. > > That is what it is for. So, just ask away your questions. > >>>> Ron Prue 08/29/08 2:58 PM >>> > I am new to Casper and seem to be having difficulty with some of the > most basic and mundane operations (ie, JSS installation on Leopard > Server, Web admin authentication problems). I am trying to be as self > sufficient as possible while I am learning so I was wondering if there > is another resource that is searchable that I can glean some > information from. Googling the errors does nothing and the Casper > site does not seem to point anywhere other than this list and a > Jumpstart session. > > Any direction would be much appreciated. > > > Ron Prue > Technical Services > Noah Corporation > w.435.214.2927 > f.435.645.3936 > http://www.mynoahs.com > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/b39a765e/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: Noahs Logo.png Type: image/png Size: 11936 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/b39a765e/attachment.png From tlarki at kckps.org Fri Aug 29 14:09:47 2008 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 29 Aug 2008 16:09:47 -0500 Subject: [Casper] Searchable FAQ or Discussion? Message-ID: <48B81F4B020000390000211F@gwoes4.kckps.org> Is it part of an open directory or stand alone? How did you set up 10.5 server? Basic, advanced, or whatever option you used. I am running the most up to date JSS and have 10.5 but my server is stand alone and not part of the Directory, and it works great. >>> Ron Prue 08/29/08 3:42 PM >>> Thanks for the link Nathaniel and the welcome Thomas. The error I am seeing specifically after installing 6.014 (the latest Tomcat update) is this: Error looking up jss_settings: java.sql.SQLException: Column 'smtp_is_secure' not found. That is placed above the login window in my web admin using FIrefox, Safari and Opera (so it doesn't appear to be a browser specific error). When I go to my Server Admin utility and select the MySQL tab, it shows no errors in the log or any settings that can be changed regarding smtp security. Sorry if this is an issue that is simple and common knowledge, but I really am a new server admin with little experience with Leopard Server. Ron Prue Technical Services Noah Corporation w.435.214.2927 f.435.645.3936 http://www.mynoahs.com On Aug 29, 2008, at 2:24 PM, Thomas Larkin wrote: > I just deployed 6 new Casper servers, 1 JSS and 5 new distribution > points. I built them as stand alone from scratch and it was pretty > painless. The documentation in the Casper Suite DMG file is pretty > decent as well. This mailing list has a bunch of good resources > too. Don't feel bad about asking any questions either. Half of the > time I post questions to the mailing list I figure the answer out > myself in a few hours and then sometimes post it. Or someone will > email me the answer I was looking for. > > That is what it is for. So, just ask away your questions. > >>>> Ron Prue 08/29/08 2:58 PM >>> > I am new to Casper and seem to be having difficulty with some of the > most basic and mundane operations (ie, JSS installation on Leopard > Server, Web admin authentication problems). I am trying to be as self > sufficient as possible while I am learning so I was wondering if there > is another resource that is searchable that I can glean some > information from. Googling the errors does nothing and the Casper > site does not seem to point anywhere other than this list and a > Jumpstart session. > > Any direction would be much appreciated. > > > Ron Prue > Technical Services > Noah Corporation > w.435.214.2927 > f.435.645.3936 > http://www.mynoahs.com > > > > > From ERNSTCS at uwec.edu Fri Aug 29 14:30:43 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Fri, 29 Aug 2008 16:30:43 -0500 Subject: [Casper] Searchable FAQ or Discussion? In-Reply-To: <48B81F4B020000390000211F@gwoes4.kckps.org> Message-ID: Hi Ron, I have an Xserve installed as an advanced server, since it does more than one thing. Bound to Active Directory. You had to do a separate install of TomCat, or an upgrade? The JSS Setup Utility pretty much has taken care of everything, and in terms of the install portion I've not seen a problem in a long time, and I've reloaded it a few times moving things around and what not. It appears part of the setup script may have no completed properly for the database. I would go back into the JSS Setup Util first, click Uninstall JSS, check Drop Database, click uninstall, and then try install the database again. Or you could check all those options, wipe out the JSS, and start over. Have you tried this already? Otherwise, is this a machine you can start over on, and see if the same thing happens? The support folks can be very helpful as well, unfortunately it's a holiday weekend. Craig Ernst Systems Management & Configuration ---------------------------------- University of Wisconsin-Eau Claire Learning & Technology Services 105 Garfield Ave Eau Claire, WI 54701 Phone: (715) 836-3639 Fax: (715) 836-6001 ---------------------------------- ernstcs at uwec.edu On 8/29/08 4:09 PM, "Thomas Larkin" wrote: Is it part of an open directory or stand alone? How did you set up 10.5 server? Basic, advanced, or whatever option you used. I am running the most up to date JSS and have 10.5 but my server is stand alone and not part of the Directory, and it works great. >>> Ron Prue 08/29/08 3:42 PM >>> Thanks for the link Nathaniel and the welcome Thomas. The error I am seeing specifically after installing 6.014 (the latest Tomcat update) is this: Error looking up jss_settings: java.sql.SQLException: Column 'smtp_is_secure' not found. That is placed above the login window in my web admin using FIrefox, Safari and Opera (so it doesn't appear to be a browser specific error). When I go to my Server Admin utility and select the MySQL tab, it shows no errors in the log or any settings that can be changed regarding smtp security. Sorry if this is an issue that is simple and common knowledge, but I really am a new server admin with little experience with Leopard Server. Ron Prue Technical Services Noah Corporation w.435.214.2927 f.435.645.3936 http://www.mynoahs.com On Aug 29, 2008, at 2:24 PM, Thomas Larkin wrote: > I just deployed 6 new Casper servers, 1 JSS and 5 new distribution > points. I built them as stand alone from scratch and it was pretty > painless. The documentation in the Casper Suite DMG file is pretty > decent as well. This mailing list has a bunch of good resources > too. Don't feel bad about asking any questions either. Half of the > time I post questions to the mailing list I figure the answer out > myself in a few hours and then sometimes post it. Or someone will > email me the answer I was looking for. > > That is what it is for. So, just ask away your questions. > >>>> Ron Prue 08/29/08 2:58 PM >>> > I am new to Casper and seem to be having difficulty with some of the > most basic and mundane operations (ie, JSS installation on Leopard > Server, Web admin authentication problems). I am trying to be as self > sufficient as possible while I am learning so I was wondering if there > is another resource that is searchable that I can glean some > information from. Googling the errors does nothing and the Casper > site does not seem to point anywhere other than this list and a > Jumpstart session. > > Any direction would be much appreciated. > > > Ron Prue > Technical Services > Noah Corporation > w.435.214.2927 > f.435.645.3936 > http://www.mynoahs.com > > > > > _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/ae4f4c1e/attachment.htm From nick at jamfsoftware.com Fri Aug 29 14:34:13 2008 From: nick at jamfsoftware.com (Nick Amundsen) Date: Fri, 29 Aug 2008 14:34:13 -0700 Subject: [Casper] Searchable FAQ or Discussion? In-Reply-To: <01F9A181-5822-49DB-AF19-9C2550F35E2C@mynoahs.com> Message-ID: Ron, I'm going to drop in here since I believe the error message is suggesting that there is a column in the jss_settings table from your jamfsoftware database is missing. I would start by making a backup of your current database structure with the JSS Setup Utility. There was an upgrade script that should have run as part of the upgrade process from 5.13 to 6.0 that would have added this column into the jss_settings table for you, but the script can also be run through the JSS Setup Utility by clicking the "Export Components" button, then "Database Upgrade 5.13-->6.0". This will export a script that can then be run through the JSS Setup Utility by clicking "Database" in the "Servers & Services" pane, then clicking the "Troubleshooting" tab at the bottom of the setup utility, then clicking "Run a Script." There may be some errors returned as a result of running the script if the upgrade process partially upgraded the database, but it shouldn't be destructive. If this process does not resolve the issue, feel free to contact JAMF Support at 612-216-1296 or submit an email to support at jamfsoftware.com. Hope this helps! Nick Amundsen Product Specialist ............................................................. JAMF Software 1011 Washington Ave S. #350 Minneapolis, MN 55415 ............................................................. US Support (612) 216-1296 UK Support (020) 3002 3907 support at jamfsoftware.com ............................................................. http://www.jamfsoftware.com On 8/29/08 3:41 PM, "Ron Prue" wrote: Thanks for the link Nathaniel and the welcome Thomas. The error I am seeing specifically after installing 6.014 (the latest Tomcat update) is this: Error looking up jss_settings: java.sql.SQLException: Column 'smtp_is_secure' not found. That is placed above the login window in my web admin using FIrefox, Safari and Opera (so it doesn't appear to be a browser specific error). When I go to my Server Admin utility and select the MySQL tab, it shows no errors in the log or any settings that can be changed regarding smtp security. Sorry if this is an issue that is simple and common knowledge, but I really am a new server admin with little experience with Leopard Server. Ron Prue Technical Services Noah Corporation w.435.214.2927 f.435.645.3936 http://www.mynoahs.com [cid:3302872453_2619559] On Aug 29, 2008, at 2:24 PM, Thomas Larkin wrote: I just deployed 6 new Casper servers, 1 JSS and 5 new distribution points. I built them as stand alone from scratch and it was pretty painless. The documentation in the Casper Suite DMG file is pretty decent as well. This mailing list has a bunch of good resources too. Don't feel bad about asking any questions either. Half of the time I post questions to the mailing list I figure the answer out myself in a few hours and then sometimes post it. Or someone will email me the answer I was looking for. That is what it is for. So, just ask away your questions. Ron Prue 08/29/08 2:58 PM >>> I am new to Casper and seem to be having difficulty with some of the most basic and mundane operations (ie, JSS installation on Leopard Server, Web admin authentication problems). I am trying to be as self sufficient as possible while I am learning so I was wondering if there is another resource that is searchable that I can glean some information from. Googling the errors does nothing and the Casper site does not seem to point anywhere other than this list and a Jumpstart session. Any direction would be much appreciated. Ron Prue Technical Services Noah Corporation w.435.214.2927 f.435.645.3936 http://www.mynoahs.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/0f4ccfd0/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 11936 bytes Desc: image.png Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/0f4ccfd0/attachment-0001.png From ron.prue at mynoahs.com Fri Aug 29 14:49:43 2008 From: ron.prue at mynoahs.com (Ron Prue) Date: Fri, 29 Aug 2008 15:49:43 -0600 Subject: [Casper] SMTP Secure- Not Found In-Reply-To: References: Message-ID: <006492B9-5449-4EBD-99B8-7FE0B4F52DD7@mynoahs.com> Wow, thanks for each of you jumping in here with suggestions. Thomas - Sorry, this is bound to Open Directory as and Advanced Server with Mobility Accounts, WIKI's and previously a mail server. I thought this information might be needed-after I clicked send. Craig - This was an upgrade from 6.0 to 6.0.14 since Tomcat could not start with 6.0 and OD without editing a config file. If Nick's suggestion doesn't pan out, I may consider reinstalling from scratch as this is a new install that I can scrap if needed. Nick - I will try the suggestions you provided and reply back with the results. This may have to be tried early next week as we are wrapping up for the day and we have the long weekend here in the States. Thanks again to all who replied, I will report back. Ron Prue Technical Services Noah Corporation w.435.214.2927 f.435.645.3936 http://www.mynoahs.com On Aug 29, 2008, at 3:34 PM, Nick Amundsen wrote: > Ron, > > I?m going to drop in here since I believe the error message is > suggesting that there is a column in the jss_settings table from > your jamfsoftware database is missing. > > I would start by making a backup of your current database structure > with the JSS Setup Utility. There was an upgrade script that should > have run as part of the upgrade process from 5.13 to 6.0 that would > have added this column into the jss_settings table for you, but the > script can also be run through the JSS Setup Utility by clicking the > ?Export Components? button, then ?Database Upgrade 5.13-->6.0?. > > This will export a script that can then be run through the JSS Setup > Utility by clicking ?Database? in the ?Servers & Services? pane, > then clicking the ?Troubleshooting? tab at the bottom of the setup > utility, then clicking ?Run a Script.? There may be some errors > returned as a result of running the script if the upgrade process > partially upgraded the database, but it shouldn?t be destructive. > > If this process does not resolve the issue, feel free to contact > JAMF Support at 612-216-1296 or submit an email to support at jamfsoftware.com > . > > Hope this helps! > > Nick Amundsen > Product Specialist > ............................................................. > JAMF Software > 1011 Washington Ave S. #350 > Minneapolis, MN 55415 > ............................................................. > US Support (612) 216-1296 > UK Support (020) 3002 3907 > support at jamfsoftware.com > ............................................................. > http://www.jamfsoftware.com > > > On 8/29/08 3:41 PM, "Ron Prue" wrote: > > Thanks for the link Nathaniel and the welcome Thomas. > > The error I am seeing specifically after installing 6.014 (the > latest Tomcat update) is this: > > Error looking up jss_settings: java.sql.SQLException: Column > 'smtp_is_secure' not found. > > That is placed above the login window in my web admin using FIrefox, > Safari and Opera (so it doesn't appear to be a browser specific > error). When I go to my Server Admin utility and select the MySQL > tab, it shows no errors in the log or any settings that can be > changed regarding smtp security. > > Sorry if this is an issue that is simple and common knowledge, but I > really am a new server admin with little experience with Leopard > Server. > > > Ron Prue > Technical Services > Noah Corporation > w.435.214.2927 > f.435.645.3936 > http://www.mynoahs.com > > > > > On Aug 29, 2008, at 2:24 PM, Thomas Larkin wrote: > > I just deployed 6 new Casper servers, 1 JSS and 5 new distribution > points. I built them as stand alone from scratch and it was pretty > painless. The documentation in the Casper Suite DMG file is pretty > decent as well. This mailing list has a bunch of good resources > too. Don't feel bad about asking any questions either. Half of the > time I post questions to the mailing list I figure the answer out > myself in a few hours and then sometimes post it. Or someone will > email me the answer I was looking for. > > That is what it is for. So, just ask away your questions. > > Ron Prue 08/29/08 2:58 PM >>> > I am new to Casper and seem to be having difficulty with some of the > most basic and mundane operations (ie, JSS installation on Leopard > Server, Web admin authentication problems). I am trying to be as self > sufficient as possible while I am learning so I was wondering if there > is another resource that is searchable that I can glean some > information from. Googling the errors does nothing and the Casper > site does not seem to point anywhere other than this list and a > Jumpstart session. > > Any direction would be much appreciated. > > > Ron Prue > Technical Services > Noah Corporation > w.435.214.2927 > f.435.645.3936 > http://www.mynoahs.com > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/122bf91a/attachment-0001.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: Noahs Logo.png Type: image/png Size: 11936 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/122bf91a/attachment-0001.png From ron.prue at mynoahs.com Fri Aug 29 14:57:41 2008 From: ron.prue at mynoahs.com (Ron Prue) Date: Fri, 29 Aug 2008 15:57:41 -0600 Subject: [Casper] Searchable FAQ or Discussion? In-Reply-To: References: Message-ID: That worked beautifully. I can now login to the Web Admin. Thanks for the help everyone. Ron Prue Technical Services Noah Corporation w.435.214.2927 f.435.645.3936 http://www.mynoahs.com On Aug 29, 2008, at 3:34 PM, Nick Amundsen wrote: > Ron, > > I?m going to drop in here since I believe the error message is > suggesting that there is a column in the jss_settings table from > your jamfsoftware database is missing. > > I would start by making a backup of your current database structure > with the JSS Setup Utility. There was an upgrade script that should > have run as part of the upgrade process from 5.13 to 6.0 that would > have added this column into the jss_settings table for you, but the > script can also be run through the JSS Setup Utility by clicking the > ?Export Components? button, then ?Database Upgrade 5.13-->6.0?. > > This will export a script that can then be run through the JSS Setup > Utility by clicking ?Database? in the ?Servers & Services? pane, > then clicking the ?Troubleshooting? tab at the bottom of the setup > utility, then clicking ?Run a Script.? There may be some errors > returned as a result of running the script if the upgrade process > partially upgraded the database, but it shouldn?t be destructive. > > If this process does not resolve the issue, feel free to contact > JAMF Support at 612-216-1296 or submit an email to support at jamfsoftware.com > . > > Hope this helps! > > Nick Amundsen > Product Specialist > ............................................................. > JAMF Software > 1011 Washington Ave S. #350 > Minneapolis, MN 55415 > ............................................................. > US Support (612) 216-1296 > UK Support (020) 3002 3907 > support at jamfsoftware.com > ............................................................. > http://www.jamfsoftware.com > > > On 8/29/08 3:41 PM, "Ron Prue" wrote: > > Thanks for the link Nathaniel and the welcome Thomas. > > The error I am seeing specifically after installing 6.014 (the > latest Tomcat update) is this: > > Error looking up jss_settings: java.sql.SQLException: Column > 'smtp_is_secure' not found. > > That is placed above the login window in my web admin using FIrefox, > Safari and Opera (so it doesn't appear to be a browser specific > error). When I go to my Server Admin utility and select the MySQL > tab, it shows no errors in the log or any settings that can be > changed regarding smtp security. > > Sorry if this is an issue that is simple and common knowledge, but I > really am a new server admin with little experience with Leopard > Server. > > > Ron Prue > Technical Services > Noah Corporation > w.435.214.2927 > f.435.645.3936 > http://www.mynoahs.com > > > > > On Aug 29, 2008, at 2:24 PM, Thomas Larkin wrote: > > I just deployed 6 new Casper servers, 1 JSS and 5 new distribution > points. I built them as stand alone from scratch and it was pretty > painless. The documentation in the Casper Suite DMG file is pretty > decent as well. This mailing list has a bunch of good resources > too. Don't feel bad about asking any questions either. Half of the > time I post questions to the mailing list I figure the answer out > myself in a few hours and then sometimes post it. Or someone will > email me the answer I was looking for. > > That is what it is for. So, just ask away your questions. > > Ron Prue 08/29/08 2:58 PM >>> > I am new to Casper and seem to be having difficulty with some of the > most basic and mundane operations (ie, JSS installation on Leopard > Server, Web admin authentication problems). I am trying to be as self > sufficient as possible while I am learning so I was wondering if there > is another resource that is searchable that I can glean some > information from. Googling the errors does nothing and the Casper > site does not seem to point anywhere other than this list and a > Jumpstart session. > > Any direction would be much appreciated. > > > Ron Prue > Technical Services > Noah Corporation > w.435.214.2927 > f.435.645.3936 > http://www.mynoahs.com > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/2ea1b259/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Noahs Logo.png Type: image/png Size: 11936 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/2ea1b259/attachment-0001.png From ERNSTCS at uwec.edu Fri Aug 29 18:08:39 2008 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Fri, 29 Aug 2008 20:08:39 -0500 Subject: [Casper] Searchable FAQ or Discussion? In-Reply-To: Message-ID: Yeah, that Nick guy is da bomb (I wanted to say something that rhymes with HIT, but figured it was not appropriate). The responses you got, Ron, are normal. Usually quick. Don't normally see a JAMF person respond on here, but I get it...let the community help each other out and grow. =) And for those that celebrate it, have a great Labor Day Weekend. And for those in education and classes start next week Tuesday, I hope you aren't working all weekend. And for those using digest mode I trimmed my post. =P Craig E On 8/29/08 4:57 PM, "Ron Prue" wrote: That worked beautifully. I can now login to the Web Admin. Thanks for the help everyone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080829/a5d74ac5/attachment.htm From cmyers at uclan.ac.uk Sat Aug 30 03:15:54 2008 From: cmyers at uclan.ac.uk (Criss Myers) Date: Sat, 30 Aug 2008 11:15:54 +0100 Subject: [Casper] CS 3, again ! Message-ID: <48B92BEA020000810002FA90@gwise-gw1.uclan.ac.uk> Hi, yeah i understand that, but i do this and it works fine, i create a master collection install and then separate installs for each applications with shared components, and via self install i can install 1 and then the other without any problems, is this not what you mean? criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> "Brenner, John" 29/08/08 8:34 PM >>> OK maybe I should clarify If you use a Adobe installer for cs3 and there are any CS3 pieces already installed, the install will fail with a error 7. On 8/28/08 3:20 PM, "Criss Myers" wrote: > hmmm ive installed with other Cs3 installs > > i install photoshop and then install illustrator later, all via self service > > Criss Myers > Senior Customer Support Analyst (Mac Services) > Apple Certified Technical Coordinator v10.5 > LIS Business Support Team > Library 301 > University of Central Lancashire > Preston PR1 2HE > Ex 5054 > 01772 895054 >>>> "Brenner, John" 28/08/08 8:52 PM >>> > It's the install order, if there is any piece of CS3 installed prior to > installing CS3 via a scripted install, it will fail with a error 7. > > > On 8/28/08 8:46 AM, "Thomas Larkin" wrote: > >> So, now I am getting this error message. >> >> Unable to complete silent work flow, error 7. >> >> I swear this worked like three days ago when I tried it.... Fixes anyone? >> >> Thanks in advance >> >> tom >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > > > John Brenner | Merrill Corporation | IOG IT | 651-632-4072 > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > John Brenner | Merrill Corporation | IOG IT | 651-632-4072 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper