From jared.nichols at ll.mit.edu  Mon Dec  1 05:38:26 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Mon, 1 Dec 2008 08:38:26 -0500
Subject: [Casper] Script help
In-Reply-To: <C558A504.162AD%bstewart@brocku.ca>
Message-ID: <C5595302.173AC%jared.nichols@ll.mit.edu>

Hi Bruce-

This is what we've been doing from ePolicy, but sometimes things don't work as advertised.  McAfee's documentation is historically weak as well.  Fortunately, a good number of the macs that connect to ePO are managed with Casper, so I can use this secondary solution as a backup.

Thanks
j

On 11/30/08 20:16 , "Bruce Stewart" <bstewart at brocku.ca> wrote:

Hi,
An alternative would be to use the reporting and policy enforcement tools from NAI called ePolicy. This is a separate install that allows an ePolicy server to get info on VirusScan versions, engines, DATs, scan settings and control it all for PC and Mac from one server. We use it university wide for all faculty, staff and students in our residences. Works great but it is not free like a shell script ran by Casper.

Bruce
________________________________
Bruce Stewart
Information Technology Services
Brock University
bruce at brocku.ca


On 24/11/08 10:17 AM, "Nichols, Jared" <jared.nichols at ll.mit.edu> wrote:

Hi-

What's the best way to have a machine report its DAT anti-virus level?  We use McAfee VirusScan 8.6.1, which stores its dats in /usr/local/vscanx/dats.  All I really need is an "ls" on that folder as the folders contained within "dats" are the dat levels, e.g. "5443" for the most recent.  The resource kit has a nice script, but it's for Virex.  VirusScan doesn't have the uvscan command that the script references (or at least not that I'm aware of)

Anyway...

At my old job I used Apple Remote Desktop and could just display the results of an LS command on my admin workstation.  How do I get something similar with Casper?

I was thinking that I'd have a script do an LS on /usr/local/vscanx/dats and pipe that to a file that used a query to networksetup to name it the name of the computer.  Then, I'd copy it to my CasperShare.  Wrong way about it?

Thanks!!!

j


________________________________
Confidentiality Notice: This e-mail, including any attachments, may contain confidential or privileged information. If you are not the intended recipient, please notify the sender by e-mail and immediately delete this message and its contents. Thank you.


--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081201/c4e80dba/attachment.htm 

From rharter at uwsp.edu  Tue Dec  2 14:19:02 2008
From: rharter at uwsp.edu (Ryan Harter)
Date: Tue, 2 Dec 2008 16:19:02 -0600
Subject: [Casper] How to make PKG run at reboot
Message-ID: <F18611CB-B476-4FA9-A9AA-57FEF3B5C7D8@uwsp.edu>

I was under the impression that if I put a pkg installer in a config  
that it would run at reboot but apparently I'm wrong about that.  Does  
anyone know of a way to do this.  I know I can create a custom trigger  
and a policy that will do the install, but that just seams messy.  I  
would like to just have someone check the installer in Imaging and  
have in install at reboot.

The reason I want to do this is because many pkg installers have pre  
and postflight scripts that do various things and are based off of the  
booted volume.  For instance, with ADmit Mac you can create a custom  
installation that will join the domain automatically, but this can't  
be done unless you are booted into the target disk.  Their postflight  
script also does a bunch of other things and since their deployment  
tool packages this all up as a pkg I would like to keep it that way  
since it's cleaner and easier.

Any ideas?

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081202/601f7cf6/attachment.htm 

From jeremymatthews at mac.com  Wed Dec  3 11:22:30 2008
From: jeremymatthews at mac.com (Jeremy Matthews)
Date: Wed, 03 Dec 2008 14:22:30 -0500
Subject: [Casper] Adobe Installers - From Adobe
Message-ID: <187235FD-87BE-4AD8-BFE1-C15D538D8A6C@mac.com>

Thought this was a good read...working on my email to him now...

http://blogs.adobe.com/jnack/2008/12/notes_from_installer_mgmt.html#more

Thanks,
jeremy

From william.smith at merrillcorp.com  Wed Dec  3 12:53:36 2008
From: william.smith at merrillcorp.com (Smith, William)
Date: Wed, 03 Dec 2008 14:53:36 -0600
Subject: [Casper] Adobe Installers - From Adobe
In-Reply-To: <187235FD-87BE-4AD8-BFE1-C15D538D8A6C@mac.com>
Message-ID: <C55C4DF0.7C18%william.smith@merrillcorp.com>

Definitely worth reading. Passing it along to my co-workers.

Thanks for sharing!

-- 

bill

William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492

On 12/3/08 1:22 PM, "Jeremy Matthews" <jeremymatthews at mac.com> wrote:

> Thought this was a good read...working on my email to him now...
> 
> http://blogs.adobe.com/jnack/2008/12/notes_from_installer_mgmt.html#more


From william.smith at merrillcorp.com  Wed Dec  3 13:30:56 2008
From: william.smith at merrillcorp.com (Smith, William)
Date: Wed, 03 Dec 2008 15:30:56 -0600
Subject: [Casper] [Feature request] jamf mount -fileserver
Message-ID: <C55C56B0.7C26%william.smith@merrillcorp.com>

I'm writing a simple script to use the silent install switch with Adobe CS4
and would prefer to run the Setup application from a disk image on a server.

We have about a dozen servers in as many locations and I'd like the script
to be smart enough to connect to the current workstation's default server.
Also, I don't like the idea of storing names/passwords in my scripts.

I'd like to see a new property added to the "jamf mount" CLI command similar
to "jamf mount -fileserver", which will query the JSS for the workstation's
default file repository server and mount it for me.

[For anyone interested, my workaround for this is to use Casper to copy the
entire CS4 install directory to the /tmp folder and mount it from there.
That part doesn't require scripting but it's a 3.5GB copy I'd like to avoid.

The JAMF folks have told me CS4 support is planned for Casper 6.1 but no
ETA.]

-- 

bill

William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492


From gmerkley at pcschools.us  Wed Dec  3 15:56:59 2008
From: gmerkley at pcschools.us (Galen Merkley)
Date: Wed, 3 Dec 2008 16:56:59 -0700
Subject: [Casper] Casper and One to One
Message-ID: <C55C6ADB.46BA%gmerkley@pcschools.us>

Hello Everyone,

    I am going to throw this question out here and see if anyone is
interested.  I work for a small K-12 school district in Park City, Utah.  We
are looking at doing a one to one project starting in a year.  We currently
use Casper for our laptop users, but we would like to expand Casper to
include the one to one student laptops.

Now onto the question.  We are visiting some districts in Virginia, and New
Jersey the first week of February.  I was wondering if there are any
districts in that area doing a one to one using Casper, that would be
willing to let us visit for a day.  If anyone is willing to share just let
me know, I know my boss, and district would be grateful.  If you want more
information, please don't hesitate to contact me.

Thanks,
Galen Merkley

Software Specialist
Park City School District
gmerkley at pcschools.us
(435) 645-5600 ext. 5020




From amir-bozorgzadeh at uiowa.edu  Fri Dec  5 12:16:36 2008
From: amir-bozorgzadeh at uiowa.edu (Bozorgzadeh, Amir J)
Date: Fri, 5 Dec 2008 14:16:36 -0600
Subject: [Casper] Netboot and casper
Message-ID: <C55EE844.19A83%amir-bozorgzadeh@uiowa.edu>

Ok I did this in the past and for the life of me I cannot remember how.

I am trying to create a netboot image. It will then autolaunch the Casper Imaging tool by placing it in my startup items of the netboot image. I got it all worked out up until... How do I set up the Casper Imaging tool to keep the settings so it installs my Base OS and other packages I want added to the base image on my client mac? Every time it launches from the startup it goes back to default settings. Is there documentation on the jamfsoftware website on how to do this? They talk about it briefly on the Support FAQ's but no links or anything on how to set it up. I am looking for a "zero touch" type solution.

Hope that all makes sense.

Thanks for any of your help.

________________________________
Amir Bozorgzadeh
Campus Technology Services
University of Iowa
2800 UCC
Iowa City, Iowa 52242
319-335-5480

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081205/47d6d071/attachment.htm 

From rharter at uwsp.edu  Fri Dec  5 12:23:09 2008
From: rharter at uwsp.edu (Ryan Harter)
Date: Fri, 5 Dec 2008 14:23:09 -0600
Subject: [Casper] Netboot and casper
In-Reply-To: <C55EE844.19A83%amir-bozorgzadeh@uiowa.edu>
References: <C55EE844.19A83%amir-bozorgzadeh@uiowa.edu>
Message-ID: <0D8512C8-4B0A-4A06-989E-51119EC1E413@uwsp.edu>

That's stored per machine in the autorun data in inventory.  So when  
it runs on one machine it will revert to whatever you used on that  
machine last.  To update this you can select Update Autorun data on  
JSS or Store info on JSS from casper imaging.

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

On Dec 5, 2008, at 2:16 PM, Bozorgzadeh, Amir J wrote:

> Ok I did this in the past and for the life of me I cannot remember  
> how.
>
> I am trying to create a netboot image. It will then autolaunch the  
> Casper Imaging tool by placing it in my startup items of the netboot  
> image. I got it all worked out up until... How do I set up the  
> Casper Imaging tool to keep the settings so it installs my Base OS  
> and other packages I want added to the base image on my client mac?  
> Every time it launches from the startup it goes back to default  
> settings. Is there documentation on the jamfsoftware website on how  
> to do this? They talk about it briefly on the Support FAQ?s but no  
> links or anything on how to set it up. I am looking for a ?zero  
> touch? type solution.
>
> Hope that all makes sense.
>
> Thanks for any of your help.
> Amir Bozorgzadeh
> Campus Technology Services
> University of Iowa
> 2800 UCC
> Iowa City, Iowa 52242
> 319-335-5480
>
>
>
> <ATT00001.txt>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081205/d86f61ce/attachment.htm 

From miles.leacy at themacadmin.com  Fri Dec  5 12:28:22 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Fri, 5 Dec 2008 15:28:22 -0500
Subject: [Casper] Netboot and casper
In-Reply-To: <C55EE844.19A83%amir-bozorgzadeh@uiowa.edu>
References: <C55EE844.19A83%amir-bozorgzadeh@uiowa.edu>
Message-ID: <ec2e75ff0812051228k5ce236e8y5ff3242d544150e0@mail.gmail.com>

In the past, I've done the following:1. Set up a configuration with the base
OS and the Casper tools.
2. Apply it to a test box & boot it
3. Enable root, set root to autologin
3. Store the JSS credentials in root's keychain
4. Set Casper Imaging as a login item for root.
5. Create a Netboot image from this box.

I would be careful, because if you boot a machine that has autorun data with
this image, it will boot, autologin as root, and then begin imaging.  But it
sounds like that's what you want.

I said I did this in the past.  What I've just started using is the Casper
NetInstall Image Creator from the Resource Kit.  This more or less gets you
to the same place with fewer steps.

-- 
Miles A. Leacy IV
----------
? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com


2008/12/5 Bozorgzadeh, Amir J <amir-bozorgzadeh at uiowa.edu>

>  Ok I did this in the past and for the life of me I cannot remember how.
>
> I am trying to create a netboot image. It will then autolaunch the Casper
> Imaging tool by placing it in my startup items of the netboot image. I got
> it all worked out up until... How do I set up the Casper Imaging tool to
> keep the settings so it installs my Base OS and other packages I want added
> to the base image on my client mac? Every time it launches from the startup
> it goes back to default settings. Is there documentation on the jamfsoftware
> website on how to do this? They talk about it briefly on the Support FAQ's
> but no links or anything on how to set it up. I am looking for a "zero
> touch" type solution.
>
> Hope that all makes sense.
>
> Thanks for any of your help.
>
> ------------------------------
> Amir Bozorgzadeh
> Campus Technology Services
> University of Iowa
> 2800 UCC
> Iowa City, Iowa 52242
> 319-335-5480
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081205/c56267f3/attachment.htm 

From jared.nichols at ll.mit.edu  Mon Dec  8 08:40:48 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Mon, 8 Dec 2008 11:40:48 -0500
Subject: [Casper] Acrobat Pro
In-Reply-To: <C5370168.124E6%Matt.Matsuno@Mattel.com>
Message-ID: <C562B840.17595%jared.nichols@ll.mit.edu>

I'm also wondering about this, though more in a general sense.  The updater is a .app.  Can I deploy that as is into /tmp and then run a script to launch it?

j

On 11/5/08 10:53 , "Matsuno, Matt" <Matt.Matsuno at Mattel.com> wrote:

Hey everyone, quick question: How are you guys running the Acrobat Pro updates? Added the AcroProUpd813_all.dmg through Casper Admin and it's complaining that it's not a Valid Adobe Installer or Adobe Updater...

--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/be28c372/attachment.html 

From miles.leacy at themacadmin.com  Mon Dec  8 09:04:18 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Mon, 8 Dec 2008 12:04:18 -0500
Subject: [Casper] Acrobat Pro
In-Reply-To: <C562B840.17595%jared.nichols@ll.mit.edu>
References: <C5370168.124E6%Matt.Matsuno@Mattel.com>
	<C562B840.17595%jared.nichols@ll.mit.edu>
Message-ID: <ec2e75ff0812080904i2225895fs5d7cd851586b5cad@mail.gmail.com>

That sounds like it should work.  Of course, test, test, test.
Be sure to remove /private/tmp from the exclusion list in Composer before
building your package.


2008/12/8 Nichols, Jared <jared.nichols at ll.mit.edu>

>  I'm also wondering about this, though more in a general sense.  The
> updater is a .app.  Can I deploy that as is into /tmp and then run a script
> to launch it?
>
> j
>
> On 11/5/08 10:53 , "Matsuno, Matt" <Matt.Matsuno at Mattel.com> wrote:
>
> Hey everyone, quick question: How are you guys running the Acrobat Pro
> updates? Added the AcroProUpd813_all.dmg through Casper Admin and it's
> complaining that it's not a Valid Adobe Installer or Adobe Updater...
>
>
> --
> Jared Nichols
> ISD Infrastructure and Operations ? Desktop Engineering
> MIT Lincoln Laboratory
> 244 Wood St.
> Lexington, MA 02420-9108
> (781) 981-5500
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>


-- 
Miles A. Leacy IV
----------
? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/69ebfd06/attachment.html 

From william.smith at merrillcorp.com  Mon Dec  8 09:28:07 2008
From: william.smith at merrillcorp.com (Smith, William)
Date: Mon, 08 Dec 2008 11:28:07 -0600
Subject: [Casper] Acrobat Pro
In-Reply-To: <ec2e75ff0812080904i2225895fs5d7cd851586b5cad@mail.gmail.com>
Message-ID: <C562B547.7E08%william.smith@merrillcorp.com>

The problem I?ve seen with Adobe?s Acrobat 8.x updaters is that they are not
scriptable like those for the other CS3 applications. Those .app updaters
can be called with a ?silent switch but not Acrobat?s. :-(

These Acrobat updaters also require that you select the Acrobat application
to patch and also may ask you to ?repair? the installation, which is
Adobespeak for ?let me put back my Safari and Office plugins and set myself
to default again.? These prompts must be manually dismissed.

Also, JAMF may have a difficult time getting CS4 to work because the ?silent
update for those suites wants to connect to the Internet to download updates
as part of the install process. In our environment our Macs must
authenticate to our proxy (no free love access) and that just hangs the
install.

-- 

bill

William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492


On 12/8/08 11:04 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

> That sounds like it should work.  Of course, test, test, test.
> 
> Be sure to remove /private/tmp from the exclusion list in Composer before
> building your package.
> 
> 
> 2008/12/8 Nichols, Jared <jared.nichols at ll.mit.edu>
>> I'm also wondering about this, though more in a general sense.  The updater
>> is a .app.  Can I deploy that as is into /tmp and then run a script to launch
>> it? 
>> 
>> j
>> 
>> 
>> On 11/5/08 10:53 , "Matsuno, Matt" <Matt.Matsuno at Mattel.com
>> <http://Matt.Matsuno at Mattel.com> > wrote:
>> 
>>> Hey everyone, quick question: How are you guys running the Acrobat Pro
>>> updates? Added the AcroProUpd813_all.dmg through Casper Admin and it's
>>> complaining that it's not a Valid Adobe Installer or Adobe Updater...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/7ed7919f/attachment.htm 

From jared.nichols at ll.mit.edu  Mon Dec  8 09:31:42 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Mon, 8 Dec 2008 12:31:42 -0500
Subject: [Casper] Acrobat Pro
In-Reply-To: <C562B547.7E08%william.smith@merrillcorp.com>
Message-ID: <C562C42E.175A4%jared.nichols@ll.mit.edu>

Is there a best-practice way to run these updates then?  I just tried deploying to /tmp and I don't seem to see it anywhere in there.

Hrm.

j


On 12/8/08 12:28 , "Smith, William" <william.smith at merrillcorp.com> wrote:

The problem I've seen with Adobe's Acrobat 8.x updaters is that they are not scriptable like those for the other CS3 applications. Those .app updaters can be called with a -silent switch but not Acrobat's. :-(

These Acrobat updaters also require that you select the Acrobat application to patch and also may ask you to "repair" the installation, which is Adobespeak for "let me put back my Safari and Office plugins and set myself to default again." These prompts must be manually dismissed.

Also, JAMF may have a difficult time getting CS4 to work because the -silent update for those suites wants to connect to the Internet to download updates as part of the install process. In our environment our Macs must authenticate to our proxy (no free love access) and that just hangs the install.

--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/944f377e/attachment.htm 

From miles.leacy at themacadmin.com  Mon Dec  8 09:50:06 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Mon, 8 Dec 2008 12:50:06 -0500
Subject: [Casper] Acrobat Pro
In-Reply-To: <C562C42E.175A4%jared.nichols@ll.mit.edu>
References: <C562B547.7E08%william.smith@merrillcorp.com>
	<C562C42E.175A4%jared.nichols@ll.mit.edu>
Message-ID: <ec2e75ff0812080950o44b0ce39mb8bdd28f6a50782b@mail.gmail.com>

Did you remove /private/tmp from the exclusion list in Composer preferences
*before* building your package?
----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/8 Nichols, Jared <jared.nichols at ll.mit.edu>

>  Is there a best-practice way to run these updates then?  I just tried
> deploying to /tmp and I don't seem to see it anywhere in there.
>
> Hrm.
>
> j
>
>
> On 12/8/08 12:28 , "Smith, William" <william.smith at merrillcorp.com> wrote:
>
> The problem I've seen with Adobe's Acrobat 8.x updaters is that they are
> not scriptable like those for the other CS3 applications. Those .app
> updaters can be called with a ?silent switch but not Acrobat's. :-(
>
> These Acrobat updaters also require that you select the Acrobat application
> to patch and also may ask you to "repair" the installation, which is
> Adobespeak for "let me put back my Safari and Office plugins and set myself
> to default again." These prompts must be manually dismissed.
>
> Also, JAMF may have a difficult time getting CS4 to work because the
> ?silent update for those suites wants to connect to the Internet to download
> updates as part of the install process. In our environment our Macs must
> authenticate to our proxy (no free love access) and that just hangs the
> install.
>
>
> --
> Jared Nichols
> ISD Infrastructure and Operations ? Desktop Engineering
> MIT Lincoln Laboratory
> 244 Wood St.
> Lexington, MA 02420-9108
> (781) 981-5500
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/ce2ebccd/attachment.html 

From miles.leacy at themacadmin.com  Mon Dec  8 10:47:13 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Mon, 8 Dec 2008 13:47:13 -0500
Subject: [Casper] Acrobat Pro
In-Reply-To: <C562CE4F.175A9%jared.nichols@ll.mit.edu>
References: <ec2e75ff0812080950o44b0ce39mb8bdd28f6a50782b@mail.gmail.com>
	<C562CE4F.175A9%jared.nichols@ll.mit.edu>
Message-ID: <ec2e75ff0812081047l16de2cb7u20744e22695360b2@mail.gmail.com>

Ok, I was under the impression that the reason /tmp couldn't be deployed to
is because of the exclusion list in Composer.  Perhaps I was mistaken or
there is a bug.
What I have done that works is to create a folder in /Library for such
purposes.

I typically name it /Library/NameOfCompany and populate it with any files or
folders that I need to use for deployment or management.

You should be able to deploy the installer to /Library/NameOfCompany/Adobe,
and then call it with a script.  However, I believe someone on this thread
mentioned that this particular update won't take the -silent switch.
 Perhaps some UI scripting can get around this limitation?

My next question is why do you have to deploy this Installer from Adobe?
 Why not take a Composer snapshot, run the update and package the changes
(including undoing any Adobe "repairs" you don't like)?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Mon, Dec 8, 2008 at 1:14 PM, Nichols, Jared <jared.nichols at ll.mit.edu>wrote:

>  My exclusion list is empty
>
> j
>
>
> On 12/8/08 12:50 , "Miles Leacy" <miles.leacy at themacadmin.com> wrote:
>
> Did you remove /private/tmp from the exclusion list in Composer preferences
> *before* building your package?
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
>
>
>
>
> 2008/12/8 Nichols, Jared <jared.nichols at ll.mit.edu>
>
> Is there a best-practice way to run these updates then?  I just tried
> deploying to /tmp and I don't seem to see it anywhere in there.
>
> Hrm.
>
> j
>
>
>
> On 12/8/08 12:28 , "Smith, William" <william.smith at merrillcorp.com <
> http://william.smith at merrillcorp.com> > wrote:
>
> The problem I've seen with Adobe's Acrobat 8.x updaters is that they are
> not scriptable like those for the other CS3 applications. Those .app
> updaters can be called with a ?silent switch but not Acrobat's. :-(
>
> These Acrobat updaters also require that you select the Acrobat application
> to patch and also may ask you to "repair" the installation, which is
> Adobespeak for "let me put back my Safari and Office plugins and set myself
> to default again." These prompts must be manually dismissed.
>
> Also, JAMF may have a difficult time getting CS4 to work because the
> ?silent update for those suites wants to connect to the Internet to download
> updates as part of the install process. In our environment our Macs must
> authenticate to our proxy (no free love access) and that just hangs the
> install.
>
>
> --
> Jared Nichols
> ISD Infrastructure and Operations ? Desktop Engineering
> MIT Lincoln Laboratory
> 244 Wood St.
> Lexington, MA 02420-9108
> (781) 981-5500
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/3b3c0d34/attachment.html 

From william.smith at merrillcorp.com  Mon Dec  8 11:46:51 2008
From: william.smith at merrillcorp.com (Smith, William)
Date: Mon, 08 Dec 2008 13:46:51 -0600
Subject: [Casper] Acrobat Pro
In-Reply-To: <ec2e75ff0812081047l16de2cb7u20744e22695360b2@mail.gmail.com>
Message-ID: <C562D5CB.7E1B%william.smith@merrillcorp.com>

Adobe?s applications have become more and more difficult to re-package.
Acrobat in particular has been a pain because of its self-healing mechanism.
?How do I disable Acrobat self-healing?? has probably been one of the more
discussed questions on this list and others. Standard users can?t ?repair?
Acrobat and so they?re presented with an authentication dialog that is
useless to them. Cancel it and Acrobat quits.

Also, Adobe changed its serialization methods between CS2 and CS3. It moved
from a flat file to a cache file. Anyone needing to install multiple
versions of an application or applications from different versions have to
essentially create a ?common files? package, which can be shared between CS1
and CS2 but not with CS3. That requires its own ?common files? package and
learning a new way to re-package.

Packaging all of this requires hours of installation and then time to take
apart and create individual packages. Sometimes this works fine but
sometimes things are broken, mostly Acrobat. It?s voodoo to get it to work
properly. Then the troubleshooting has to begin. JAMF recognized the pain
Adobe?s installers were causing and actually modified its own software to
help its customers make installation easier.

Even though Adobe hasn?t provided Apple Installer packages it has been
providing scriptability with its own installers. This is what JAMF is using.
You can specify the serial number, disable updates, disable registration and
disable displaying the EULA by modifying just a few files. Learning how to
do this is, IMHO, preferable to the packaging problems we?ve had in the
past.

Of course, the ideal solution is for Adobe to go with what is now standard
and just create Apple packages.

-- 

bill

William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492

On 12/8/08 12:47 PM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

> Ok, I was under the impression that the reason /tmp couldn't be deployed to is
> because of the exclusion list in Composer.  Perhaps I was mistaken or there is
> a bug.
> 
> What I have done that works is to create a folder in /Library for such
> purposes.
> 
> I typically name it /Library/NameOfCompany and populate it with any files or
> folders that I need to use for deployment or management.
> 
> You should be able to deploy the installer to /Library/NameOfCompany/Adobe,
> and then call it with a script.  However, I believe someone on this thread
> mentioned that this particular update won't take the -silent switch.  Perhaps
> some UI scripting can get around this limitation?
> 
> My next question is why do you have to deploy this Installer from Adobe?  Why
> not take a Composer snapshot, run the update and package the changes
> (including undoing any Adobe "repairs" you don't like)?
> 
> On Mon, Dec 8, 2008 at 1:14 PM, Nichols, Jared <jared.nichols at ll.mit.edu>
> wrote:
>> My exclusion list is empty
>> 
>> On 12/8/08 12:50 , "Miles Leacy" <miles.leacy at themacadmin.com
>> <http://miles.leacy at themacadmin.com> > wrote:
>> 
>>> Did you remove /private/tmp from the exclusion list in Composer preferences
>>> *before* building your package?
>>> 
>>> 2008/12/8 Nichols, Jared <jared.nichols at ll.mit.edu
>>> <http://jared.nichols at ll.mit.edu> >
>>>> Is there a best-practice way to run these updates then?  I just tried
>>>> deploying to /tmp and I don't seem to see it anywhere in there.
>>>> 
>>>> Hrm.
>>>> 
>>>> On 12/8/08 12:28 , "Smith, William" <william.smith at merrillcorp.com
>>>> <http://william.smith at merrillcorp.com>
>>>> <http://william.smith at merrillcorp.com> > wrote:
>>>> 
>>>>> The problem I've seen with Adobe's Acrobat 8.x updaters is that they are
>>>>> not scriptable like those for the other CS3 applications. Those .app
>>>>> updaters can be called with a ?silent switch but not Acrobat's. :-(
>>>>> 
>>>>> These Acrobat updaters also require that you select the Acrobat
>>>>> application to patch and also may ask you to "repair" the installation,
>>>>> which is Adobespeak for "let me put back my Safari and Office plugins and
>>>>> set myself to default again." These prompts must be manually dismissed.
>>>>> 
>>>>> Also, JAMF may have a difficult time getting CS4 to work because the
>>>>> ?silent update for those suites wants to connect to the Internet to
>>>>> download updates as part of the install process. In our environment our
>>>>> Macs must authenticate to our proxy (no free love access) and that just
>>>>> hangs the install.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/100c8441/attachment.htm 

From jared.nichols at ll.mit.edu  Mon Dec  8 11:39:44 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Mon, 8 Dec 2008 14:39:44 -0500
Subject: [Casper] Acrobat Pro
In-Reply-To: <ec2e75ff0812081047l16de2cb7u20744e22695360b2@mail.gmail.com>
Message-ID: <C562E230.175B3%jared.nichols@ll.mit.edu>

Hi-

I actually did something similar.  I decided to deploy to /Library/Caches and have the script call it from there.  My weekly system maintenance clears out caches, so that should take care of the installer.

As far as why I'm deploying as is...My main goal is to cut down on our customization.  Where possible, I'd like to use straight packages.  Yes, there are times where it makes sense to re-package it.  It's looking like the pre-CS3 packages are going to be one of those cases.  At any rate, this was for a group of test machines anyway.  I'm new to Casper and haven't quite sorted out what the best practice for each type of installer is yet, so a lot of it is trial by doing so I understand the what/how/whys.  I must say, the support from the lists and Jamf itself I'm very impressed with.  Always quick, always professional.

Thanks

j


On 12/8/08 13:47 , "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

Ok, I was under the impression that the reason /tmp couldn't be deployed to is because of the exclusion list in Composer.  Perhaps I was mistaken or there is a bug.

What I have done that works is to create a folder in /Library for such purposes.

I typically name it /Library/NameOfCompany and populate it with any files or folders that I need to use for deployment or management.

You should be able to deploy the installer to /Library/NameOfCompany/Adobe, and then call it with a script.  However, I believe someone on this thread mentioned that this particular update won't take the -silent switch.  Perhaps some UI scripting can get around this limitation?

My next question is why do you have to deploy this Installer from Adobe?  Why not take a Composer snapshot, run the update and package the changes (including undoing any Adobe "repairs" you don't like)?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




On Mon, Dec 8, 2008 at 1:14 PM, Nichols, Jared <jared.nichols at ll.mit.edu> wrote:
My exclusion list is empty

j



On 12/8/08 12:50 , "Miles Leacy" <miles.leacy at themacadmin.com <http://miles.leacy at themacadmin.com> > wrote:

Did you remove /private/tmp from the exclusion list in Composer preferences *before* building your package?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com <http://miles.leacy at themacadmin.com>
www.themacadmin.com <http://www.themacadmin.com>  <http://www.themacadmin.com>




2008/12/8 Nichols, Jared <jared.nichols at ll.mit.edu <http://jared.nichols at ll.mit.edu> >
Is there a best-practice way to run these updates then?  I just tried deploying to /tmp and I don't seem to see it anywhere in there.

Hrm.

j



On 12/8/08 12:28 , "Smith, William" <william.smith at merrillcorp.com <http://william.smith at merrillcorp.com>  <http://william.smith at merrillcorp.com> > wrote:

The problem I've seen with Adobe's Acrobat 8.x updaters is that they are not scriptable like those for the other CS3 applications. Those .app updaters can be called with a -silent switch but not Acrobat's. :-(

These Acrobat updaters also require that you select the Acrobat application to patch and also may ask you to "repair" the installation, which is Adobespeak for "let me put back my Safari and Office plugins and set myself to default again." These prompts must be manually dismissed.

Also, JAMF may have a difficult time getting CS4 to work because the -silent update for those suites wants to connect to the Internet to download updates as part of the install process. In our environment our Macs must authenticate to our proxy (no free love access) and that just hangs the install.

--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/e6f9bcdf/attachment.html 

From jared.nichols at ll.mit.edu  Mon Dec  8 12:00:36 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Mon, 8 Dec 2008 15:00:36 -0500
Subject: [Casper] Remote Control
Message-ID: <C562E714.175C1%jared.nichols@ll.mit.edu>

Maybe a dumb question...
Is there anyway a client can either be prompted to accept remote desktop or to see that someone is viewing/controlling them?  I thought the Apple binoculars would reflect this but it doesn't appear to...

j
--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/bf9ab783/attachment.html 

From jared.nichols at ll.mit.edu  Mon Dec  8 12:00:36 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Mon, 8 Dec 2008 15:00:36 -0500
Subject: [Casper] Remote Control
Message-ID: <C562E714.175C1%jared.nichols@ll.mit.edu>

Maybe a dumb question...
Is there anyway a client can either be prompted to accept remote desktop or to see that someone is viewing/controlling them?  I thought the Apple binoculars would reflect this but it doesn't appear to...

j
--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/bf9ab783/attachment.htm 

From eric.winkelhake at mundocomww.com  Mon Dec  8 12:13:11 2008
From: eric.winkelhake at mundocomww.com (Eric Winkelhake)
Date: Mon, 8 Dec 2008 14:13:11 -0600
Subject: [Casper] Remote Control
In-Reply-To: <C562E714.175C1%jared.nichols@ll.mit.edu>
Message-ID: <OFE0B01281.216670E4-ON86257519.006F07C9-86257519.006F11BF@lionresources.com>

Eric Winkelhake
MundocomWW
312.220.1669
312.504.5155
eric.winkelhake at mundocomww.com



"Nichols, Jared" <jared.nichols at ll.mit.edu> 
Sent by: casper-bounces at list.jamfsoftware.com
12/08/08 02:08 PM

To
Casper List <casper at list.jamfsoftware.com>
cc

Subject
[Casper] Remote Control






Maybe a dumb question... 
Is there anyway a client can either be prompted to accept remote desktop 
or to see that someone is viewing/controlling them?  I thought the Apple 
binoculars would reflect this but it doesn?t appear to...

j
-- 
Jared Nichols
ISD Infrastructure and Operations ? Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper


------------------------------------------------------------------------
Disclaimer 
The information in this email and any attachments may contain proprietary and confidential information that is intended for the addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, retention or use of the contents of this information is prohibited.  When addressed to our clients or vendors, any information contained in this e-mail or any attachments is subject to the terms and conditions in any governing contract. If you have received this e-mail in error, please immediately contact the sender and delete the e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/4c6ae500/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture 1.png
Type: image/png
Size: 326326 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/4c6ae500/attachment-0001.png 

From miles.leacy at themacadmin.com  Mon Dec  8 12:37:37 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Mon, 8 Dec 2008 15:37:37 -0500
Subject: [Casper] InstaDMG & Casper postmortem
Message-ID: <ec2e75ff0812081237i4b101186y62634edfbc882ae7@mail.gmail.com>

Hi all,

I thought I'd share some thoughts after exploring InstaDMG.  I assume that
those of you who are familiar with both Casper and InstaDMG will probably
agree, the two tools have a certain similarity in approach to the problem of
imaging.  There was something about InstaDMG that caught my attention and
interest, so I decided to investigate.  Here's what I found.

The reason I wanted to explore InstaDMG was that some of the concepts that
Josh Wisenbaker put forth as reasons for creating the project made sense to
me, namely avoiding so called "boot cruft" and "testing cruft".

Boot cruft (and I'm paraphrasing and interpreting here) is the collection of
files, settings and configurations that get created when you boot an OS for
the first time.  The worst of these, in my opinion, are duplicate and
dead-end network settings.

Test cruft would be things like browser histories and other bits, typically
found in the admin and/or generic user account(s) after doing a "burn-in"
test of the image.

The idea of a never-booted base OS image that lacked this "cruft", and from
which to build my configurations in Casper Admin, was very appealing.

So I read up on InstaDMG, watched Mr. Wisenbaker's archived webcast,
downloaded the tool and started experimenting.  What I found was the
following (and these are just my opinions and observations):

InstaDMG is intended for people who are still building monolithic images and
do not use a system management & deployment suite such as Casper.  In "Image
Creation Revolution" (
http://www.afp548.com/article.php?story=ImageCreationRevolution), Mr.
Wisenbaker talks about modularizing your deployments via packages in order
to simplify altering and/or updating your deployments.  If you're using the
Casper Suite, I imagine you're probably already doing that.  In addition,
the InstaDMG implementation (numbered folders, building payload-free
packages to deploy scripts) seems clunky compared to Casper.

Boot cruft and test cruft can be undesirable, but it can also be excised via
scripting.  In fact, nearly anything on a Mac OS X system can be scripted,
and those scripts can be added to Casper and used in Configurations and/or
Policies.  networksetup, systemsetup, defaults, plistbuddy and the standard
BSD tools allow you to alter just about any setting you'd need to via
scripting.  Add Applescript to that and I'd say there's very little you
can't do via some form of scripting.

As for potentially "bad" things appearing in browser histories, the
pragmatic lifelong Brooklynite in me wants to say, "if your techs are
browsing questionable material when they're testing an image, then maybe
they shouldn't be techs and maybe a social problem shouldn't be solved with
technology."  However, the reality is, it could happen, and who wants to
explain to the CIO, School Board, or whomever you ultimately report to that
"Dopey the technician" put naughty content on the iMacs?  Scripting can save
you here too.

I have an even broader, sweeping, foolproof (if it works) idea on
eliminating these unwanted account settings... build your base image, then
enable root, and delete all local accounts other than root.  Create all
local accounts via Casper Imaging at deployment, or via Policy or Casper
Remote once deployed.  If there's no account present, it can't have cruft in
it.  I haven't tried this yet, but I will and I'll let you know if I
discover any reason not to go this route.

Another option I'm considering is creating an Apple Netinstall image of the
OSX Install Disc and using the automator workflows built into System Image
Utility to add your own Casper QuickAdd.pkg  The benefit here is that you
know you have a clean installation, and the contents of a retail install are
known, so you can customize to your heart's content by scripting any changes
to or removal of items and packaging any additions.  You would also need to
suppress the Setup Assistant and script the initial naming of the computer
unless you want to have a local admin account created at first boot.  In
this scenario, I might give all machines the same name and scope a smart
group to that computer name to install all company-wide software and
configurations.  Another option could be autorun data that specifies an
OS-free configuration.

All in all, InstaDMG is an interesting idea.  In fact, InstaDMG reminds me
of a set of scripts I was using before I first purchased Casper.  I was also
reminded why I abandoned homebrew scripts in favor of the Casper Suite.  I
believe that as Casper users, we have a better tool (dare I say best of
breed?), with top-notch customer service, that can achieve the same goals
for us with less work.  Not to mention that imaging is just one piece of the
Casper pie that also comes with Inventory, A policy engine, ongoing
deployment & maintenance and a logged VNC solution.

These are just my thoughts and observations.  Test, test and re-test
anything and everything before using it in production.  Only you know your
own environment and only you can say what is acceptable in that environment.
 If you take any of my ideas into a production environment, I take no
responsibility for anything that might go wrong up to and including loss of
data, termination of employment and the destruction of the known universe.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081208/dc3f0378/attachment.html 

From jeremymatthews at mac.com  Tue Dec  9 07:48:30 2008
From: jeremymatthews at mac.com (Jeremy Matthews)
Date: Tue, 09 Dec 2008 10:48:30 -0500
Subject: [Casper] hidden account is inaccessible?
Message-ID: <3C0A3294-2296-4558-8D7F-978590391E5B@mac.com>

I created a hidden account using casper:
sudo jamf createAccount -username macadmin -realname Mac\ Admin - 
password temppassword -home /Library/IT/macadmin/ -admin -hiddenUser

...the account and its directory appear to be created correctly, but I  
cannot login using that account on either SSH (remotely), Terminal  
(Local), or GUI (local). ARD doesn't work either.

Am I missing something?

-j

From jeremymatthews at mac.com  Tue Dec  9 07:50:38 2008
From: jeremymatthews at mac.com (Jeremy Matthews)
Date: Tue, 09 Dec 2008 10:50:38 -0500
Subject: [Casper] QuickAdd Packages
Message-ID: <379C4806-2BF7-4DBC-B289-CEDB707ECB4D@mac.com>

I created a quickadd package using Recon - no special SSH restrictions  
or anything...which creates a new account.

I can execute policies and such, so it does appear to be working, and  
I can login remotely via SSH, but cannot login to the OS (GUI) or use  
it to manage via ARD.

Is that account accessible by the OS, for login/ARD purposes?

Thanks,
jeremy


From tlarki at kckps.org  Tue Dec  9 08:03:47 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Tue, 09 Dec 2008 10:03:47 -0600
Subject: [Casper] QuickAdd Packages
In-Reply-To: <379C4806-2BF7-4DBC-B289-CEDB707ECB4D@mac.com>
References: <379C4806-2BF7-4DBC-B289-CEDB707ECB4D@mac.com>
Message-ID: <493E4283.7141.0039.0@kckps.org>

I think that account is specifically for ssh purposes.  In terminal on a machine that has quickadd ran on it you can see what users are listed by running this: 

dscl . list /Users 

your user account you use for it should show up.  If the account is listed you can use the finger command to see if they have a home directory and what not.  Are you looking for one account that does it all?  Then I suggest you actually have jamf binary create the account maybe.   

As for ARD admin you will need to enable the user or group (if this is 10.5) under the sharing preference in system preferences.

>>> Jeremy Matthews <jeremymatthews at mac.com> 12/09/08 9:50 AM >>>
I created a quickadd package using Recon - no special SSH restrictions 
or anything...which creates a new account.

I can execute policies and such, so it does appear to be working, and 
I can login remotely via SSH, but cannot login to the OS (GUI) or use 
it to manage via ARD.

Is that account accessible by the OS, for login/ARD purposes?

Thanks,
jeremy

_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081209/c5f05dd7/attachment.htm 

From tlarki at kckps.org  Tue Dec  9 12:16:48 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Tue, 09 Dec 2008 14:16:48 -0600
Subject: [Casper] help and possible feature request, managing local users
Message-ID: <493E7DD0.7141.0039.0@kckps.org>

Well, where to start.... 

My environment is huge.  Over 50 buildings, over 30 servers over 6,000 clients with most of them being Macbooks.  It is a hassle to manage at times.  I am not in charge of everything nor am I management, so it puts me in a gray area at times when managing the client machines.  We have local user accounts that have been created that I want gone, however I am not sure what the names of those user accounts are.  We had a password leak and some users promoted their own accounts to admin, and I want to demote them.  We have a naming convention that starts with their graduation year.  So any user account under /Users that does not start with a number can be wiped, with one exception, the generic local account we created for local log ins just in case the network went down.  That account is called student.  I am trying to script something that will scan /Users and wipe out anything that does not start with a number.  I got some help from a bit more advanced shell scripter than myself and came up with this so far: 

#! /bin/sh 

keep="student" 

cd /Users 
[[ $(pwd) != "/Users" ]] && echo warning cd failed && exit 2 

for a in [^0-9]* ; do # only loop over names that doen't start with a number 
    [[ "$a" == "$keep" ]] && continue # skip that extra local account 
    /usr/bin/dscl . -delete /Users/$a # get rid of it 
echo 'removing user files' 

/bin/rm -rf /Users/$a 

done 

I haven't had a lot of time to test it but it basically kills everything in /Users except those that start with a number.  My next questions are, is there a Casper solution to this, and how can I demote local accounts with Casper from a local admin to a mobile or managed local user? 

Thoughts? 

Thanks for anyone brave enough to read this. 

Tom 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081209/aa72c3b4/attachment.htm 

From tlarki at kckps.org  Tue Dec  9 12:17:03 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Tue, 09 Dec 2008 14:17:03 -0600
Subject: [Casper] help and possible feature request, managing local users
Message-ID: <493E7DDF.7141.0039.0@kckps.org>

Well, where to start.... 

My environment is huge.  Over 50 buildings, over 30 servers over 6,000 clients with most of them being Macbooks.  It is a hassle to manage at times.  I am not in charge of everything nor am I management, so it puts me in a gray area at times when managing the client machines.  We have local user accounts that have been created that I want gone, however I am not sure what the names of those user accounts are.  We had a password leak and some users promoted their own accounts to admin, and I want to demote them.  We have a naming convention that starts with their graduation year.  So any user account under /Users that does not start with a number can be wiped, with one exception, the generic local account we created for local log ins just in case the network went down.  That account is called student.  I am trying to script something that will scan /Users and wipe out anything that does not start with a number.  I got some help from a bit more advanced shell scripter than myself and came up with this so far: 

#! /bin/sh 

keep="student" 

cd /Users 
[[ $(pwd) != "/Users" ]] && echo warning cd failed && exit 2 

for a in [^0-9]* ; do # only loop over names that doen't start with a number 
    [[ "$a" == "$keep" ]] && continue # skip that extra local account 
    /usr/bin/dscl . -delete /Users/$a # get rid of it 
echo 'removing user files' 

/bin/rm -rf /Users/$a 

done 

I haven't had a lot of time to test it but it basically kills everything in /Users except those that start with a number.  My next questions are, is there a Casper solution to this, and how can I demote local accounts with Casper from a local admin to a mobile or managed local user? 

Thoughts? 

Thanks for anyone brave enough to read this. 

Tom 
___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081209/f9a0263a/attachment.html 

From miles.leacy at themacadmin.com  Tue Dec  9 12:42:29 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Tue, 9 Dec 2008 15:42:29 -0500
Subject: [Casper] help and possible feature request, managing local users
In-Reply-To: <493E7DD0.7141.0039.0@kckps.org>
References: <493E7DD0.7141.0039.0@kckps.org>
Message-ID: <ec2e75ff0812091242i36fe7d8ak54db86c84e8938bb@mail.gmail.com>

I don't believe there is a Casper way (other than scripting, adding the
script to the JSS and creating a policy) to do what you describe.  In order
to delete an account using the accounts tab you need to know the short name
of the account.
The script you shared seems like the way to go.  You'll still need to demote
any unauthorized admins.  You can adapt your script to do that.
 I believe the operative bit will be:

dscl . delete /Groups/admin GroupMembership <shortname>

You can loop through /Users, as in your script.  It is possible that someone
may have been smart enough to move their home directory, so I might want to
look into looping through the local directory service instead of the /Users
folder.

Change $keep to your local admin account, and remove the numbered account
exclusion since you want to catch "08jdoe" if it is an admin account.

As far as not being the boss, I think most of us are in or have been in that
situation.  I suggest getting to know the person/people who *are* the
bosses.  Write up sensible policies and get the boss(es) to sign them.  I
mean print them out and have them actually put a pen to paper.  A policy
document signed by the CIO/Dean/Director/Boss holds more weight than you or
I do.

This also gives you a great, socially acceptable way out of confrontational
situations where users demand something out of scope.  With such a signed
policy, you should be held to it as well, since the boss approved it.  Then
when you're asked to violate it, you can simply say that you're not
authorized to grant the request.  Provide them with a copy of the policy
document and tell them that this policy was enacted by "The Boss" (whomever
signed the document).  If that doesn't stop them from trying to get you to
violate the policy, you can say something to the effect of "I understand,
technology should serve the goals of the organization.  If you feel strongly
that an exception or change to the policy is required in this case, I can
schedule a time when we can meet with "The Boss" to discuss it."  I've found
that most of the time, this ends the discussion.


----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/9 Thomas Larkin <tlarki at kckps.org>

>  Well, where to start....
>
>  My environment is huge.  Over 50 buildings, over 30 servers over 6,000
> clients with most of them being Macbooks.  It is a hassle to manage at
> times.  I am not in charge of everything nor am I management, so it puts me
> in a gray area at times when managing the client machines.  We have local
> user accounts that have been created that I want gone, however I am not sure
> what the names of those user accounts are.  We had a password leak and some
> users promoted their own accounts to admin, and I want to demote them.  We
> have a naming convention that starts with their graduation year.  So any
> user account under /Users that does not start with a number can be wiped,
> with one exception, the generic local account we created for local log ins
> just in case the network went down.  That account is called student.  I am
> trying to script something that will scan /Users and wipe out anything that
> does not start with a number.  I got some help from a bit more advanced
> shell scripter than myself and came up with this so far:
>
>  #! /bin/sh
>
>  keep="student"
>
>  cd /Users
>
> [[ $(pwd) != "/Users" ]] && echo warning cd failed && exit 2
>
>  for a in [^0-9]* ; do # only loop over names that doen't start with a
> number
>
>     [[ "$a" == "$keep" ]] && continue # skip that extra local account
>
>     /usr/bin/dscl . -delete /Users/$a # get rid of it
>
> echo 'removing user files'
>
>  /bin/rm -rf /Users/$a
>
>  done
>
>  I haven't had a lot of time to test it but it basically kills everything
> in /Users except those that start with a number.  My next questions are, is
> there a Casper solution to this, and how can I demote local accounts with
> Casper from a local admin to a mobile or managed local user?
>
>  Thoughts?
>
>  Thanks for anyone brave enough to read this.
>
>  Tom
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081209/0a7eaa3a/attachment-0001.html 

From tlarki at kckps.org  Tue Dec  9 12:55:19 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Tue, 09 Dec 2008 14:55:19 -0600
Subject: [Casper] help and possible feature request, managing local	users
In-Reply-To: <ec2e75ff0812091242i36fe7d8ak54db86c84e8938bb@mail.gmail.com>
References: <493E7DD0.7141.0039.0@kckps.org>
	<ec2e75ff0812091242i36fe7d8ak54db86c84e8938bb@mail.gmail.com>
Message-ID: <493E86D7.7141.0039.0@kckps.org>

OK, I was thinking about just changing the group membership back to
staff, but I guess deleting it from the admin group would probably be
the right move, since in OD they are already staff with their directory
UID and GID. 

As for the policy thing, this is our second year in a 1:1 and yes there
are changes, but like many things in our government, there is a process.
 It is getting better, and next year will be even better because I have
learned a lot from my users.  I have learned to never ever trust a
teenager with technology, hahahahahahaha.   

I will do some tinkering, but it would be nice to maybe have some
flexibility with Casper on something like this.  I think that large
educational deployments would love it, and probably most enterprise
business ones.   

As for my local admin accounts, they all live in /private/var so I can
sudo rm -rf /Users/* all day and it wouldn't affect my local admin
accounts.  

>>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/09/08 2:42 PM >>>
I don't believe there is a Casper way (other than scripting, adding the
script to the JSS and creating a policy) to do what you describe.  In
order to delete an account using the accounts tab you need to know the
short name of the account. 


The script you shared seems like the way to go.  You'll still need to
demote any unauthorized admins.  You can adapt your script to do that. 
I believe the operative bit will be:


dscl . delete /Groups/admin GroupMembership <shortname> 



You can loop through /Users, as in your script.  It is possible that
someone may have been smart enough to move their home directory, so I
might want to look into looping through the local directory service
instead of the /Users folder. 



Change $keep to your local admin account, and remove the numbered
account exclusion since you want to catch "08jdoe" if it is an admin
account. 



As far as not being the boss, I think most of us are in or have been in
that situation.  I suggest getting to know the person/people who *are*
the bosses.  Write up sensible policies and get the boss(es) to sign
them.  I mean print them out and have them actually put a pen to paper. 
A policy document signed by the CIO/Dean/Director/Boss holds more weight
than you or I do. 



This also gives you a great, socially acceptable way out of
confrontational situations where users demand something out of scope. 
With such a signed policy, you should be held to it as well, since the
boss approved it.  Then when you're asked to violate it, you can simply
say that you're not authorized to grant the request.  Provide them with
a copy of the policy document and tell them that this policy was enacted
by "The Boss" (whomever signed the document).  If that doesn't stop them
from trying to get you to violate the policy, you can say something to
the effect of "I understand, technology should serve the goals of the
organization.  If you feel strongly that an exception or change to the
policy is required in this case, I can schedule a time when we can meet
with "The Boss" to discuss it."  I've found that most of the time, this
ends the discussion. 





----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com





2008/12/9 Thomas Larkin 
<tlarki at kckps.org> 




Well, where to start.... 


My environment is huge.  Over 50 buildings, over 30 servers over 6,000
clients with most of them being Macbooks.  It is a hassle to manage at
times.  I am not in charge of everything nor am I management, so it puts
me in a gray area at times when managing the client machines.  We have
local user accounts that have been created that I want gone, however I
am not sure what the names of those user accounts are.  We had a
password leak and some users promoted their own accounts to admin, and I
want to demote them.  We have a naming cwith a number can be wiped, with one exception, the generic local
account we created for local log ins just in case the network went down.
 That account is called student.  I am trying to script something that
will scan /Users and wipe out anything that does not start with a
number.  I got some help from a bit more advanced shell scripter than
myself and came up with this so far: 


#! /bin/sh 


keep="student" 


cd /Users 
[[ $(pwd) != "/Users" ]] && echo warning cd failed && exit 2 


for a in [^0-9]* ; do # only loop over names that doen't start with a
number 
    [[ "$a" == "$keep" ]] && continue # skip that extra local account 
    /usr/bin/dscl . -delete /Users/$a # get rid of it 
echo 'removing user files' 


/bin/rm -rf /Users/$a 


done 


I haven't had a lot of time to test it but it basically kills everything
in /Users except those that start with a number.  My next questions are,
is there a Casper solution to this, and how can I demote local accounts
with Casper from a local admin to a mobile or managed local user? 


Thoughts? 


Thanks for anyone brave enough to read this. 


Tom 


_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081209/c284825b/attachment.htm 

From tlarki at kckps.org  Wed Dec 10 12:08:41 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Wed, 10 Dec 2008 14:08:41 -0600
Subject: [Casper] JSS user reporting user as admin dscl says no?
Message-ID: <493FCD69.7141.0039.0@kckps.org>

everyone, 

So a user has a true flag under their account in the JSS for the inventory of that machine, I will just copy/paste an example, sorry if it doesn't format correctly. 

User in the JSS shows this: 
Username 
Real Name 
UID 
Home Directory 
Home Directory Size 
Admin 
File Vault Enabled 
Mia Green 22221 /Users/11miagre 5.28 GB true false 
11miagre Mia Green 22221 /Users/11miagre 5.28 GB false false 
student KCK Student 505 /Local/Users/student N/A false false 

For some reason it shows the user name twice and on the top one it says True False, the First True being the admin flag 

Now, when I ssh into said client machine and do some digging I find this: 

 id 11miagre 
uid=22221(11miagre) gid=20(staff) groups=20(staff),98(_lpadmin),101(com.apple.sharepoint.group.1),104(com.apple.sharepoint.group.2),1042(allstudents),1053(washington_2011) 

GID 98 shows as _lpadmin what the heck is that?  Google says it configures the print system, so I must assume it is a daemon from the OS?   

Anyone else see this stuff?  Also dscl does not list this user under /Groups/admin either 

Thanks 
___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/2ebc87fd/attachment.htm 

From rharter at uwsp.edu  Wed Dec 10 12:37:09 2008
From: rharter at uwsp.edu (Ryan Harter)
Date: Wed, 10 Dec 2008 14:37:09 -0600
Subject: [Casper] JSS user reporting user as admin dscl says no?
In-Reply-To: <493FCD69.7141.0039.0@kckps.org>
References: <493FCD69.7141.0039.0@kckps.org>
Message-ID: <4B52E062-4BF7-43DC-B3EA-53C2338679EB@uwsp.edu>

_lpadmin is the CUPS account that correlates to the lpadmin command  
you find in the terminal.  I can't tell you why this account is  
showing up twice, but since it is a member for the staff group that  
should make it admin.  Our local amdinistrator account is uid=501(adm)  
gid=20(staff) ...

AFAIK the user is not directly a member of the admin group, but staff  
is, so it's like embedded groups.

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

On Dec 10, 2008, at 2:08 PM, Thomas Larkin wrote:

> everyone,
>
> So a user has a true flag under their account in the JSS for the  
> inventory of that machine, I will just copy/paste an example, sorry  
> if it doesn't format correctly.
>
> User in the JSS shows this:
> Username
> Real Name
> UID
> Home Directory
> Home Directory Size
> Admin
> File Vault Enabled
> Mia Green 22221 /Users/11miagre 5.28 GB true false
> 11miagre Mia Green 22221 /Users/11miagre 5.28 GB false false
> student KCK Student 505 /Local/Users/student N/A false false
>
> For some reason it shows the user name twice and on the top one it  
> says True False, the First True being the admin flag
>
> Now, when I ssh into said client machine and do some digging I find  
> this:
>
>  id 11miagre
> uid=22221(11miagre) gid=20(staff) groups=20(staff),98(_lpadmin), 
> 101(com.apple.sharepoint.group.1),104(com.apple.sharepoint.group.2), 
> 1042(allstudents),1053(washington_2011)
>
> GID 98 shows as _lpadmin what the heck is that?  Google says it  
> configures the print system, so I must assume it is a daemon from  
> the OS?
>
> Anyone else see this stuff?  Also dscl does not list this user  
> under /Groups/admin either
>
> Thanks
>
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
>
>
>
>
>
> <ATT00001.txt>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/c8c022d8/attachment.html 

From tlarki at kckps.org  Wed Dec 10 12:57:14 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Wed, 10 Dec 2008 14:57:14 -0600
Subject: [Casper] JSS user reporting user as admin dscl says no?
In-Reply-To: <4B52E062-4BF7-43DC-B3EA-53C2338679EB@uwsp.edu>
References: <493FCD69.7141.0039.0@kckps.org>
	<4B52E062-4BF7-43DC-B3EA-53C2338679EB@uwsp.edu>
Message-ID: <493FD8CA.7141.0039.0@kckps.org>

Ryan 

Thanks for the conformation, that is what I found googling it for lpadmin.  For the double user entry that still baffles me.  It lists my local admin account under the staff group and the admin group 

$ id tlarkin 
uid=1305(tlarkin) gid=20(staff) groups=20(staff),80(admin),101(com.apple.sharepoint.group.1),1031(tis),104(com.apple.sharepoint.group.2) 


I think everyone is under staff, these are directory accounts though not local, and my account is flagged to administer the directory.  I guess I am not quite grasping why it displays that in the JSS inventory. 

thanks


___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351





>>> Ryan Harter <rharter at uwsp.edu> 12/10/08 2:37 PM >>>
_lpadmin is the CUPS account that correlates to the lpadmin command you find in the terminal.  I can't tell you why this account is showing up twice, but since it is a member for the staff group that should make it admin.  Our local amdinistrator account is uid=501(adm) gid=20(staff) ... 



AFAIK the user is not directly a member of the admin group, but staff is, so it's like embedded groups.


Ryan Harter 

UW - Stevens Point 

Workstation Developer 

715.346.2716 


Ryan.Harter at uwsp.edu 



On Dec 10, 2008, at 2:08 PM, Thomas Larkin wrote: 




everyone, 



So a user has a true flag under their account in the JSS for the inventory of that machine, I will just copy/paste an example, sorry if it doesn't format correctly. 



User in the JSS shows this: 

Username 

Real Name 

UID 

Home Directory 

Home Directory Size 

Admin 

File Vault Enabled 

Mia Green 22221 /Users/11miagre 5.28 GB true false 

11miagre Mia Green 22221 /Users/11miagre 5.28 GB false false 

student KCK Student 505 /Local/Users/student N/A false false 



For some reason it shows the user name twice and on the top one it says True False, the First True being the admin flag 



Now, when I ssh into said client machine and do some digging I find this: 



 id 11miagre 

uid=22221(11miagre) gid=20(staff) groups=20(staff),98(_lpadmin),101(com.apple.sharepoint.group.1),104(com.apple.sharepoint.group.2),1042(allstudents),1053(washington_2011) 



GID 98 shows as _lpadmin what the heck is that?  Google says it configures the print system, so I must assume it is a daemon from the OS?   



Anyone else see this stuff?  Also dscl does not list this user under /Groups/admin either 



Thanks 


___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351






<ATT00001.txt> 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/0a7e71df/attachment.htm 

From miles.leacy at themacadmin.com  Wed Dec 10 13:06:26 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Wed, 10 Dec 2008 16:06:26 -0500
Subject: [Casper] JSS user reporting user as admin dscl says no?
In-Reply-To: <4B52E062-4BF7-43DC-B3EA-53C2338679EB@uwsp.edu>
References: <493FCD69.7141.0039.0@kckps.org>
	<4B52E062-4BF7-43DC-B3EA-53C2338679EB@uwsp.edu>
Message-ID: <ec2e75ff0812101306v6496e4bbqc5e0bdea8e850e94@mail.gmail.com>

I don't know if I'm misunderstanding your message, but it sounds like you're
saying that membership in admin (80) is inherited by membership in staff
(20).
I don't believe that's the case.  All accounts are members of staff by
default.  Only admin users are members of admin.  An account can be a member
of staff but not be a member of admin.

The output is showing you the following:
uid=<the account's user ID> gid=<the account's "primary group ID", as seen
in Workgroup Manager, Groups tab> # What follows is a list of all of the
groups that the account in question belongs to, including the "primary
group".  This is why you see "staff" appear twice in the command's output.
 The first instance lets you know what the account's "primary group" is, and
it appears again when listing all groups that the account is a member of.

My apologies if I misunderstood your message.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/10 Ryan Harter <rharter at uwsp.edu>

> _lpadmin is the CUPS account that correlates to the lpadmin command you
> find in the terminal.  I can't tell you why this account is showing up
> twice, but since it is a member for the staff group that should make it
> admin.  Our local amdinistrator account is uid=501(adm) gid=20(staff) ...
> AFAIK the user is not directly a member of the admin group, but staff is,
> so it's like embedded groups.
> *
> Ryan Harter*
> UW - Stevens Point
> Workstation Developer
> 715.346.2716
> Ryan.Harter at uwsp.edu
>
> On Dec 10, 2008, at 2:08 PM, Thomas Larkin wrote:
>
> everyone,
>
> So a user has a true flag under their account in the JSS for the inventory
> of that machine, I will just copy/paste an example, sorry if it doesn't
> format correctly.
>
> User in the JSS shows this:
> Username
> Real Name
> UID
> Home Directory
> Home Directory Size
> Admin
> File Vault Enabled
> Mia Green 22221 /Users/11miagre 5.28 GB true false
> 11miagre Mia Green 22221 /Users/11miagre 5.28 GB false false
> student KCK Student 505 /Local/Users/student N/A false false
>
> For some reason it shows the user name twice and on the top one it says
> True False, the First True being the admin flag
>
> Now, when I ssh into said client machine and do some digging I find this:
>
>  id 11miagre
> uid=22221(11miagre) gid=20(staff)
> groups=20(staff),98(_lpadmin),101(com.apple.sharepoint.group.1),104(com.apple.sharepoint.group.2),1042(allstudents),1053(washington_2011)
>
> GID 98 shows as _lpadmin what the heck is that?  Google says it configures
> the print system, so I must assume it is a daemon from the OS?
>
> Anyone else see this stuff?  Also dscl does not list this user under
> /Groups/admin either
>
> Thanks
>
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
>
>
>
>
>
> <ATT00001.txt>
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/477d75cd/attachment.html 

From tlarki at kckps.org  Wed Dec 10 13:15:07 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Wed, 10 Dec 2008 15:15:07 -0600
Subject: [Casper] JSS user reporting user as admin dscl says no?
In-Reply-To: <ec2e75ff0812101306v6496e4bbqc5e0bdea8e850e94@mail.gmail.com>
References: <493FCD69.7141.0039.0@kckps.org>
	<4B52E062-4BF7-43DC-B3EA-53C2338679EB@uwsp.edu>
	<ec2e75ff0812101306v6496e4bbqc5e0bdea8e850e94@mail.gmail.com>
Message-ID: <493FDCFB.7141.0039.0@kckps.org>

That is what I thought but wasn't 100% on it.  Everyone is part of staff
(20) but this is reading it off the directory LDAP.  So, if a user goes
into System Preferences, and checks the box that says allow this user to
administer this computer on their mobile account, will it add the admin
group, or will it list the user under /Groups/admin on the machine
locally? 

As far as I can tell it doesn't do either.  When I invoke the dscl
command it lists no one under the /Groups/admin on that machine locally.
 When I run the id command on a user it pulls up their info from LDAP,
not the local machine. 

I guess is what I am trying to get to the bottom of is, how do I tell if
a user has checked the box to flag them as an administrator for just
that machine in System Preferences?  Perhaps that is why I am getting
the double entries in the JSS inventory?   

Thoughts? 

Thanks again for reading and helping with this, 

Tom

>>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/10/08 3:06 PM >>>
I don't know if I'm misunderstanding your message, but it sounds like
you're saying that membership in admin (80) is inherited by membership
in staff (20). 


I don't believe that's the case.  All accounts are members of staff by
default.  Only admin users are members of admin.  An account can be a
member of staff but not be a member of admin. 



The output is showing you the following: 

uid=<the account's user ID> gid=<the account's "primary group ID", as
seen in Workgroup Manager, Groups tab> # What follows is a list of all
of the groups that the account in question belongs to, including the
"primary group".  This is why you see "staff" appear twice in the
command's output.  The first instance lets you know what the account's
"primary group" is, and it appears again when listing all groups that
the account is a member of. 



My apologies if I misunderstood your message. 


----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com





2008/12/10 Ryan Harter 
<rharter at uwsp.edu> 




_lpadmin is the CUPS account that correlates to the lpadmin command you
find in the terminal.  I can't tell you why this account is showing up
twice, but since it is a member for the staff group that should make it
admin.  Our local amdinistrator account is uid=501(adm) gid=20(staff)
... 



AFAIK the user is not directly a member of the admin group, but staff
is, so it's like embedded groups.


Ryan Harter 

UW - Stevens Point 

Workstation Developer 

715.346.2716 


Ryan.Harter at uwsp.edu 




On Dec 10, 2008, at 2:08 PM, Thomas Larkin wrote: 





everyone, 



So a user has a true flag under their account in the JSS for the
inventory of that machine, I will just copy/paste an example, sorry if
it doesn't format correctly. 



User in the JSS shows this: 

Username 

Real Name 

UID 

Home Directory 

Home Directory Size 

Admin 

File Vault Enabled 

Mia Green 22221 /Users/11miagre 5.28 GB true false 

11miagre Mia Green 22221 /Users/11miagre 5.28 GB false false 

student KCK Student 505 /Local/Users/student N/A false false 



For some reason it shows the user name twice and on the top one it says
True False, the First True being the admin flag 



Now, when I ssh into said client machine and do some digging I find
this: 



 id 11miagre 

uid=22221(11miagre) gid=20(staff)
groups=20(staff),98(_lpadmin),101(com.apple.sharepoint.group.1),104(com.apple.sharepoint.group.2),1042(allstudents),1053(washington_2011)




GID 98 shows as _lpadmin what the heck is that?  Google says it
configures the print system, so I must assume it is a daemon from the
OS?   



Anyone else see this stuff?  Also dscl does not list this user under
/Groups/admin either 



Thanks 


___________________________
Thomas Larkin
TIS DeCasper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/2e0ece0c/attachment.htm 

From swood at integerdallas.com  Wed Dec 10 13:19:52 2008
From: swood at integerdallas.com (Steve Wood)
Date: Wed, 10 Dec 2008 15:19:52 -0600
Subject: [Casper] Scripting MS Entourage 2008 Configuration
Message-ID: <C5658E98.1966C%swood@integerdallas.com>

We are getting ready to move away from Apple Mail as our mail client and on
to Entourage 2008.  We are making this move to take advantage of Kerio?s
calendar (we are getting away from Meeting Maker).  However, now I need to
configure Entourage for 90 users and migrate any local email folders they
may have.

Does anyone know of an easy way to do this via sripting or any MS tools?


Steve Wood
Director of IT
swood at integerdallas.com

The Integer Group  |  1999 Bryan St.  |  Ste. 1700  |  Dallas, TX 75201
T 214.758.6813  |  F 214.758.6901  |  C 940.312.2475



--
The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential.  If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission.  Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited.  Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/bb6112ed/attachment.html 

From miles.leacy at themacadmin.com  Wed Dec 10 13:30:17 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Wed, 10 Dec 2008 16:30:17 -0500
Subject: [Casper] JSS user reporting user as admin dscl says no?
In-Reply-To: <493FDCFB.7141.0039.0@kckps.org>
References: <493FCD69.7141.0039.0@kckps.org>
	<4B52E062-4BF7-43DC-B3EA-53C2338679EB@uwsp.edu>
	<ec2e75ff0812101306v6496e4bbqc5e0bdea8e850e94@mail.gmail.com>
	<493FDCFB.7141.0039.0@kckps.org>
Message-ID: <ec2e75ff0812101330n7e2eb40fu259ed920911550d5@mail.gmail.com>

Under Leopard (10.5.5), if you have a network account, and check the box in
System Preferences to make it an admin account, the account becomes a member
of the admin group (80) on the local machine.

If you run "dscl . read /Groups/admin" on a the same computer, the shortname
of your network account should appear in the "GroupMembership" line of
dscl's output.

I'm not sure I'm understanding the "double entries" part.  Can you send a
screenshot of the output you're referring to?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Wed, Dec 10, 2008 at 4:15 PM, Thomas Larkin <tlarki at kckps.org> wrote:

>  That is what I thought but wasn't 100% on it.  Everyone is part of staff
> (20) but this is reading it off the directory LDAP.  So, if a user goes into
> System Preferences, and checks the box that says allow this user to
> administer this computer on their mobile account, will it add the admin
> group, or will it list the user under /Groups/admin on the machine locally?
>
>  As far as I can tell it doesn't do either.  When I invoke the dscl
> command it lists no one under the /Groups/admin on that machine locally.
>  When I run the id command on a user it pulls up their info from LDAP, not
> the local machine.
>
>  I guess is what I am trying to get to the bottom of is, how do I tell if
> a user has checked the box to flag them as an administrator for just that
> machine in System Preferences?  Perhaps that is why I am getting the double
> entries in the JSS inventory?
>
>  Thoughts?
>
>  Thanks again for reading and helping with this,
>
>  Tom
>
> >>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/10/08 3:06 PM >>>
>
> I don't know if I'm misunderstanding your message, but it sounds like
> you're saying that membership in admin (80) is inherited by membership in
> staff (20).
>
>
>   I don't believe that's the case.  All accounts are members of staff by
> default.  Only admin users are members of admin.  An account can be a member
> of staff but not be a member of admin.
>
>
>   The output is showing you the following:
>
> uid=<the account's user ID> gid=<the account's "primary group ID", as seen
> in Workgroup Manager, Groups tab> # What follows is a list of all of the
> groups that the account in question belongs to, including the "primary
> group".  This is why you see "staff" appear twice in the command's
> output.  The first instance lets you know what the account's "primary group"
> is, and it appears again when listing all groups that the account is a
> member of.
>
>
>   My apologies if I misunderstood your message.
>
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
>   2008/12/10 Ryan Harter
>
> <rharter at uwsp.edu>
>
>
>   _lpadmin is the CUPS account that correlates to the lpadmin command you
>> find in the terminal.  I can't tell you why this account is showing up
>> twice, but since it is a member for the staff group that should make it
>> admin.  Our local amdinistrator account is uid=501(adm) gid=20(staff) ...
>>
>>
>>   AFAIK the user is not directly a member of the admin group, but staff
>> is, so it's like embedded groups.
>>
>> *
>> Ryan Harter*
>>
>> UW - Stevens Point
>>
>> Workstation Developer
>>
>> 715.346.2716
>>
>>  Ryan.Harter at uwsp.edu
>>
>>
>>
>>   On Dec 10, 2008, at 2:08 PM, Thomas Larkin wrote:
>>
>>
>>
>>   everyone,
>>
>>
>>   So a user has a true flag under their account in the JSS for the
>> inventory of that machine, I will just copy/paste an example, sorry if it
>> doesn't format correctly.
>>
>>
>>   User in the JSS shows this:
>>
>> Username
>>
>> Real Name
>>
>> UID
>>
>> Home Directory
>>
>> Home Directory Size
>>
>> Admin
>>
>> File Vault Enabled
>>
>> Mia Green 22221 /Users/11miagre 5.28 GB true false
>>
>> 11miagre Mia Green 22221 /Users/11miagre 5.28 GB false false
>>
>> student KCK Student 505 /Local/Users/student N/A false false
>>
>>
>>   For some reason it shows the user name twice and on the top one it says
>> True False, the First True being the admin flag
>>
>>
>>   Now, when I ssh into said client machine and do some digging I find
>> this:
>>
>>
>>    id 11miagre
>>
>> uid=22221(11miagre) gid=20(staff)
>> groups=20(staff),98(_lpadmin),101(com.apple.sharepoint.group.1),104(com.apple.sharepoint.group.2),1042(allstudents),1053(washington_2011)
>>
>>
>>   GID 98 shows as _lpadmin what the heck is that?  Google says it
>> configures the print system, so I must assume it is a daemon from the OS?
>>
>>
>>   Anyone else see this stuff?  Also dscl does not list this user under
>> /Groups/admin either
>>
>>
>>   Thanks
>>
>>
>> ___________________________
>> Thomas Larkin
>> TIS Department
>> KCKPS USD500
>> tlarki at kckps.org
>> blackberry:  913-449-7589
>> office:  913-627-0351
>>
>>
>>
>>
>>
>>    <ATT00001.txt>
>>
>>
>>
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/ba3e4b08/attachment.htm 

From miles.leacy at themacadmin.com  Wed Dec 10 13:34:39 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Wed, 10 Dec 2008 16:34:39 -0500
Subject: [Casper] scripting the firewall
Message-ID: <ec2e75ff0812101334m59cb2d42l30f6e92adeadeedc@mail.gmail.com>

Before I exercise my Google-fu, I'm hoping someone can point me at the
correct commands to manage the Mac OS X firewall (on OS X Server, if there's
a difference) via shell script.
Thanks in advance.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/555adfcd/attachment.html 

From mahughe at kckps.org  Wed Dec 10 13:36:02 2008
From: mahughe at kckps.org (Mark Hughes)
Date: Wed, 10 Dec 2008 15:36:02 -0600
Subject: [Casper] JSS user reporting user as admin dscl says no?
Message-ID: <493FE1E3020000A3000087B8@gwoes4.kckps.org>

Mark Hughes, Apple Technician
TIS Department, KCKPS USD500
Cell 913-449-7791
mahughe at kckps.org
>>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/10/08 3:31 PM >>>
Under Leopard (10.5.5), if you have a network account, and check the box
in
System Preferences to make it an admin account, the account becomes a
member
of the admin group (80) on the local machine.

If you run "dscl . read /Groups/admin" on a the same computer, the
shortname
of your network account should appear in the "GroupMembership" line of
dscl's output.

I'm not sure I'm understanding the "double entries" part.  Can you send
a
screenshot of the output you're referring to?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Wed, Dec 10, 2008 at 4:15 PM, Thomas Larkin <tlarki at kckps.org> wrote:

>  That is what I thought but wasn't 100% on it.  Everyone is part of
staff
> (20) but this is reading it off the directory LDAP.  So, if a user
goes into
> System Preferences, and checks the box that says allow this user to
> administer this computer on their mobile account, will it add the
admin
> group, or will it list the user under /Groups/admin on the machine
locally?
>
>  As far as I can tell it doesn't do either.  When I invoke the dscl
> command it lists no one under the /Groups/admin on that machine
locally.
>  When I run the id command on a user it pulls up their info from LDAP,
not
> the local machine.
>
>  I guess is what I am trying to get to the bottom of is, how do I tell
if
> a user has checked the box to flag them as an administrator for just
that
> machine in System Preferences?  Perhaps that is why I am getting the
double
> entries in the JSS inventory?
>
>  Thoughts?
>
>  Thanks again for reading and helping with this,
>
>  Tom
>
> >>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/10/08 3:06 PM >>>
>
> I don't know if I'm misunderstanding your message, but it sounds like
> you're saying that membership in admin (80) is inherited by membership
in
> staff (20).
>
>
>   I don't believe that's the case.  All accounts are members of staff
by
> default.  Only admin users are members of admin.  An account can be a
member
> of staff but not be a member of admin.
>
>
>   The output is showing you the following:
>
> uid=<the account's user ID> gid=<the account's "primary group ID", as
seen
> in Workgroup Manager, Groups tab> # What follows is a list of all of
the
> groups that the account in question belongs to, including the "primary
> group".  This is why you see "staff" appear twice in the command's
> output.  The first instance lets you know what the account's "primary
group"
> is, and it appears again when listing all groups that the account is a
> member of.
>
>
>   My apologies if I misunderstood your message.
>
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
>   2008/12/10 Ryan Harter
>
> <rharter at uwsp.edu>
>
>
>   _lpadmin is the CUPS account that correlates to the lpadmin command
you
>> find in the terminal.  I can't tell you why this account is showing
up
>> twice, but since it is a member for the staff group that should make
it
>> admin.  Our local amdinistrator account is uid=501(adm) gid=20(staff)
...
>>
>>
>>   AFAIK the user is not directly a member of the admin group, but
staff
>> is, so it's like embedded groups.
>>
>> *
>> Ryan Harter*
>>
>> UW - Stevens Point
>>
>> Workstation Developer
>>
>> 715.346.2716
>>
>>  Ryan.Harter at uwsp.edu
>>
>>
>>
>>   On Dec 10, 2008, at 2:08 PM, Thomas Larkin wrote:
>>
>>
>>
>>   everyone,
>>
>>
>>   So a user has a true flag unde>>   User in the JSS shows this:
>>
>> Username
>>
>> Real Name
>>
>> UID
>>
>> Home Directory
>>
>> Home Directory Size
>>
>> Admin
>>
>> File Vault Enabled
>>
>> Mia Green 22221 /Users/11miagre 5.28 GB true false
>>
>> 11miagre Mia Green 22221 /Users/11miagre 5.28 GB false false
>>
>> student KCK Student 505 /Local/Users/student N/A false false
>>
>>
>>   For some reason it shows the user name twice and on the top one it
says
>> True False, the First True being the admin flag
>>
>>
>>   Now, when I ssh into said client machine and do some digging I find
>> this:
>>
>>
>>    id 11miagre
>>
>> uid=22221(11miagre) gid=20(staff)
>>
groups=20(staff),98(_lpadmin),101(com.apple.sharepoint.group.1),104(com.apple.sharepoint.group.2),1042(allstudents),1053(washington_2011)
>>
>>
>>   GID 98 shows as _lpadmin what the heck is that?  Google says it
>> configures the print system, so I must assume it is a daemon from the
OS?
>>
>>
>>   Anyone else see this stuff?  Also dscl does not list this user
under
>> /Groups/admin either
>>
>>
>>   Thanks
>>
>>
>> ___________________________
>> Thomas Larkin
>> TIS Department
>> KCKPS USD500
>> tlarki at kckps.org
>> blackberry:  913-449-7589
>> office:  913-627-0351
>>
>>
>>
>>
>>
>>    <ATT00001.txt>
>>
>>
>>
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>
>>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture 5.png
Type: image/png
Size: 103212 bytes
Desc: Portable Network Graphics Format
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/d9c70be3/attachment-0001.png 

From tlarki at kckps.org  Wed Dec 10 13:39:48 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Wed, 10 Dec 2008 15:39:48 -0600
Subject: [Casper] scripting the firewall
In-Reply-To: <ec2e75ff0812101334m59cb2d42l30f6e92adeadeedc@mail.gmail.com>
References: <ec2e75ff0812101334m59cb2d42l30f6e92adeadeedc@mail.gmail.com>
Message-ID: <493FE2C4.7141.0039.0@kckps.org>

I believe it is just ipfw 

larkin$ ipfw -h 
ipfw syntax summary (but please do read the ipfw(8) manpage): 
ipfw [-acdeftTnNpqS] <command> where <command> is one of: 
add [num] [set N] [prob x] RULE-BODY 
{pipe|queue} N config PIPE-BODY 
[pipe|queue] {zero|delete|show} [N{,N}] 
set [disable N... enable N...] | move [rule] X to Y | swap X Y | show 

RULE-BODY:check-state [LOG] | ACTION [LOG] ADDR [OPTION_LIST] 
ACTION:check-state | allow | count | deny | reject | skipto N | 
{divert|tee} PORT | forward ADDR | pipe N | queue N 
ADDR:[ MAC dst src ether_type ] 
[ from IPADDR [ PORT ] to IPADDR [ PORTLIST ] ] 
IPADDR:[not] { any | me | ip/bits{x,y,z} | IPLIST } 
IPLIST:{ ip | ip/bits | ip:mask }[,IPLIST] 
OPTION_LIST:OPTION [OPTION_LIST] 
OPTION:bridged | {dst-ip|src-ip} ADDR | {dst-port|src-port} LIST | 
estab | frag | {gid|uid} N | icmptypes LIST | in | out | ipid LIST | 
iplen LIST | ipoptions SPEC | ipprecedence | ipsec | iptos SPEC | 
ipttl LIST | ipversion VER | keep-state | layer2 | limit ... | 
mac ... | mac-type LIST | proto LIST | {recv|xmit|via} {IF|IPADDR} | 
setup | {tcpack|tcpseq|tcpwin} NN | tcpflags SPEC | tcpoptions SPEC | 
verrevpath 


>>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/10/08 3:34 PM >>>
Before I exercise my Google-fu, I'm hoping someone can point me at the
correct commands to manage the Mac OS X firewall (on OS X Server, if
there's a difference) via shell script. 


Thanks in advance.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/12d24a3b/attachment.htm 

From miles.leacy at themacadmin.com  Wed Dec 10 13:41:41 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Wed, 10 Dec 2008 16:41:41 -0500
Subject: [Casper] JSS user reporting user as admin dscl says no?
In-Reply-To: <493FE1E3020000A3000087B8@gwoes4.kckps.org>
References: <493FE1E3020000A3000087B8@gwoes4.kckps.org>
Message-ID: <ec2e75ff0812101341i46674f25r44dfcad175aff484@mail.gmail.com>

That is interesting.  I'd contact JAMF support and ask about it.  Let me
know what they say.
My guess is that whatever method is used to gather the local account info
via Recon either has a bug or is running into a bug in the Mac OS.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Wed, Dec 10, 2008 at 4:36 PM, Mark Hughes <mahughe at kckps.org> wrote:

> Mark Hughes, Apple Technician
> TIS Department, KCKPS USD500
> Cell 913-449-7791
> mahughe at kckps.org
> >>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/10/08 3:31 PM >>>
> Under Leopard (10.5.5), if you have a network account, and check the box
> in
> System Preferences to make it an admin account, the account becomes a
> member
> of the admin group (80) on the local machine.
>
> If you run "dscl . read /Groups/admin" on a the same computer, the
> shortname
> of your network account should appear in the "GroupMembership" line of
> dscl's output.
>
> I'm not sure I'm understanding the "double entries" part.  Can you send
> a
> screenshot of the output you're referring to?
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> On Wed, Dec 10, 2008 at 4:15 PM, Thomas Larkin <tlarki at kckps.org> wrote:
>
> >  That is what I thought but wasn't 100% on it.  Everyone is part of
> staff
> > (20) but this is reading it off the directory LDAP.  So, if a user
> goes into
> > System Preferences, and checks the box that says allow this user to
> > administer this computer on their mobile account, will it add the
> admin
> > group, or will it list the user under /Groups/admin on the machine
> locally?
> >
> >  As far as I can tell it doesn't do either.  When I invoke the dscl
> > command it lists no one under the /Groups/admin on that machine
> locally.
> >  When I run the id command on a user it pulls up their info from LDAP,
> not
> > the local machine.
> >
> >  I guess is what I am trying to get to the bottom of is, how do I tell
> if
> > a user has checked the box to flag them as an administrator for just
> that
> > machine in System Preferences?  Perhaps that is why I am getting the
> double
> > entries in the JSS inventory?
> >
> >  Thoughts?
> >
> >  Thanks again for reading and helping with this,
> >
> >  Tom
> >
> > >>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/10/08 3:06 PM >>>
> >
> > I don't know if I'm misunderstanding your message, but it sounds like
> > you're saying that membership in admin (80) is inherited by membership
> in
> > staff (20).
> >
> >
> >   I don't believe that's the case.  All accounts are members of staff
> by
> > default.  Only admin users are members of admin.  An account can be a
> member
> > of staff but not be a member of admin.
> >
> >
> >   The output is showing you the following:
> >
> > uid=<the account's user ID> gid=<the account's "primary group ID", as
> seen
> > in Workgroup Manager, Groups tab> # What follows is a list of all of
> the
> > groups that the account in question belongs to, including the "primary
> > group".  This is why you see "staff" appear twice in the command's
> > output.  The first instance lets you know what the account's "primary
> group"
> > is, and it appears again when listing all groups that the account is a
> > member of.
> >
> >
> >   My apologies if I misunderstood your message.
> >
> >
> > ----------
> > Miles A. Leacy IV
> >
> > ? Certified System Administrator 10.4
> > ? Certified Technical Coordinator 10.5
> > ? Certified Trainer
> > Certified Casper Administrator
> > ----------
> > voice: 1-347-277-7321
> > miles.leacy at themacadmin.com
> > www.themacadmin.com
> >
> >
> >
> >
> >   2008/12/10 Ryan Harter
> >
> > <rharter at uwsp.edu>
> >
> >
> >   _lpadmin is the CUPS account that correlates to the lpadmin command
> you
> >> find in the terminal.  I can't tell you why this account is showing
> up
> >> twice, but since it is a member for the staff group that should make
> it
> >> admin.  Our local amdinistrator account is uid=501(adm) gid=20(staff)
> ...
> >>
> >>
> >>   AFAIK the user is not directly a member of the admin group, but
> staff
> >> is, so it's like embedded groups.
> >>
> >> *
> >> Ryan Harter*
> >>
> >> UW - Stevens Point
> >>
> >> Workstation Developer
> >>
> >> 715.346.2716
> >>
> >>  Ryan.Harter at uwsp.edu
> >>
> >>
> >>
> >>   On Dec 10, 2008, at 2:08 PM, Thomas Larkin wrote:
> >>
> >>
> >>
> >>   everyone,
> >>
> >>
> >>   So a user has a true flag unde>>   User in the JSS shows this:
> >>
> >> Username
> >>
> >> Real Name
> >>
> >> UID
> >>
> >> Home Directory
> >>
> >> Home Directory Size
> >>
> >> Admin
> >>
> >> File Vault Enabled
> >>
> >> Mia Green 22221 /Users/11miagre 5.28 GB true false
> >>
> >> 11miagre Mia Green 22221 /Users/11miagre 5.28 GB false false
> >>
> >> student KCK Student 505 /Local/Users/student N/A false false
> >>
> >>
> >>   For some reason it shows the user name twice and on the top one it
> says
> >> True False, the First True being the admin flag
> >>
> >>
> >>   Now, when I ssh into said client machine and do some digging I find
> >> this:
> >>
> >>
> >>    id 11miagre
> >>
> >> uid=22221(11miagre) gid=20(staff)
> >>
>
> groups=20(staff),98(_lpadmin),101(com.apple.sharepoint.group.1),104(com.apple.sharepoint.group.2),1042(allstudents),1053(washington_2011)
> >>
> >>
> >>   GID 98 shows as _lpadmin what the heck is that?  Google says it
> >> configures the print system, so I must assume it is a daemon from the
> OS?
> >>
> >>
> >>   Anyone else see this stuff?  Also dscl does not list this user
> under
> >> /Groups/admin either
> >>
> >>
> >>   Thanks
> >>
> >>
> >> ___________________________
> >> Thomas Larkin
> >> TIS Department
> >> KCKPS USD500
> >> tlarki at kckps.org
> >> blackberry:  913-449-7589
> >> office:  913-627-0351
> >>
> >>
> >>
> >>
> >>
> >>    <ATT00001.txt>
> >>
> >>
> >>
> >> _______________________________________________
> >> Casper mailing list
> >> Casper at list.jamfsoftware.com
> >> http://list.jamfsoftware.com/mailman/listinfo/casper
> >>
> >>
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/d7f013ce/attachment-0001.html 

From eric.winkelhake at mundocomww.com  Wed Dec 10 13:40:08 2008
From: eric.winkelhake at mundocomww.com (Eric Winkelhake)
Date: Wed, 10 Dec 2008 15:40:08 -0600
Subject: [Casper] scripting the firewall
In-Reply-To: <ec2e75ff0812101334m59cb2d42l30f6e92adeadeedc@mail.gmail.com>
Message-ID: <OF0CB5A46E.51D1247A-ON8625751B.0076FA6B-8625751B.00770724@lionresources.com>

I think it's ipfw

Eric Winkelhake
MundocomWW
312.220.1669
312.504.5155
eric.winkelhake at mundocomww.com



"Miles Leacy" <miles.leacy at themacadmin.com> 
Sent by: casper-bounces at list.jamfsoftware.com
12/10/08 03:34 PM

To
"Casper List" <casper at list.jamfsoftware.com>
cc

Subject
[Casper] scripting the firewall






Before I exercise my Google-fu, I'm hoping someone can point me at the 
correct commands to manage the Mac OS X firewall (on OS X Server, if 
there's a difference) via shell script.

Thanks in advance.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com

_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper


------------------------------------------------------------------------
Disclaimer 
The information in this email and any attachments may contain proprietary and confidential information that is intended for the addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, retention or use of the contents of this information is prohibited.  When addressed to our clients or vendors, any information contained in this e-mail or any attachments is subject to the terms and conditions in any governing contract. If you have received this e-mail in error, please immediately contact the sender and delete the e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081210/5cd5f7e2/attachment.htm 

From jstrauss at loyolahs.edu  Thu Dec 11 09:12:52 2008
From: jstrauss at loyolahs.edu (Jeff Strauss)
Date: Thu, 11 Dec 2008 09:12:52 -0800
Subject: [Casper] Updates
Message-ID: <C5668A14.2D9C%jstrauss@loyolahs.edu>

Hey all,

Do you guys have any procedures for deploying updates to machines? If so, can you shed some light on how you handle updating clients?

Thank you much!

Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121 x265

Please consider the environment before printing this e-mail.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/0b302385/attachment.html 

From ERNSTCS at uwec.edu  Thu Dec 11 09:16:55 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Thu, 11 Dec 2008 11:16:55 -0600
Subject: [Casper] Updates
In-Reply-To: <C5668A14.2D9C%jstrauss@loyolahs.edu>
Message-ID: <C566A727.11BDB%ernstcs@uwec.edu>

What are we updating? Silly question I know...


 *   Apple Software Updates
 *   JAMF Binary Updates
 *   Adobe Updates
 *   Software Package Updates

Craig E


On 12/11/08 11:12 AM, "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:

Hey all,

Do you guys have any procedures for deploying updates to machines? If so, can you shed some light on how you handle updating clients?

Thank you much!

Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121 x265

Please consider the environment before printing this e-mail.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/1295b027/attachment.htm 

From jstrauss at loyolahs.edu  Thu Dec 11 09:17:18 2008
From: jstrauss at loyolahs.edu (Jeff Strauss)
Date: Thu, 11 Dec 2008 09:17:18 -0800
Subject: [Casper] Updates
In-Reply-To: <C5668A14.2D9C%jstrauss@loyolahs.edu>
Message-ID: <C5668B1E.2DA3%jstrauss@loyolahs.edu>

Allow me to clarify:

I mean OS updates, not third-party apps or Casper updates, for which I use Self Service or deploy via policy.

- Jeff


On 12/11/08 9:12 AM, "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:

Hey all,

Do you guys have any procedures for deploying updates to machines? If so, can you shed some light on how you handle updating clients?

Thank you much!

Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121 x265

Please consider the environment before printing this e-mail.



Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121 x265

Please consider the environment before printing this e-mail.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/edcad05f/attachment.html 

From eyoung at thayer.org  Thu Dec 11 09:20:14 2008
From: eyoung at thayer.org (Eric Young)
Date: Thu, 11 Dec 2008 12:20:14 -0500
Subject: [Casper] Updates
In-Reply-To: <C5668B1E.2DA3%jstrauss@loyolahs.edu>
References: <C5668B1E.2DA3%jstrauss@loyolahs.edu>
Message-ID: <91A73DD9-09DD-4A6A-99B7-1B7974BB19D6@thayer.org>

I just use the software update option in a policy set to run monthly.   
It points back to our in house SU server.  I take the added step of  
enabling by subnet to spread the load over a few nights.


Has been working  a charm

----------------------------------------------------------------------------------------------
Eric Young
eyoung at thayer.org
781-664-2286 Work

I am among those who think that science has great beauty. A scientist  
in his laboratory is not only a technician: he is also a child placed  
before natural phenomena which impress him like a fairy tale.
   - Marie Curie


On Dec 11, 2008, at 12:17 PM, Jeff Strauss wrote:

> Allow me to clarify:
>
> I mean OS updates, not third-party apps or Casper updates, for which  
> I use Self Service or deploy via policy.
>
> - Jeff
>
>
> On 12/11/08 9:12 AM, "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:
>
> Hey all,
>
> Do you guys have any procedures for deploying updates to machines?  
> If so, can you shed some light on how you handle updating clients?
>
> Thank you much!
>
> Jeffrey A. Strauss
> Department of Educational Technology
> Systems Administrator
> Loyola High School of Los Angeles
> 1901 Venice Blvd.
> Los Angeles, Ca 90006
> (213) 381-5121 x265
>
> Please consider the environment before printing this e-mail.
>
>
>
> Jeffrey A. Strauss
> Department of Educational Technology
> Systems Administrator
> Loyola High School of Los Angeles
> 1901 Venice Blvd.
> Los Angeles, Ca 90006
> (213) 381-5121 x265
>
> Please consider the environment before printing this e-mail.
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/59ae6345/attachment-0001.html 

From ERNSTCS at uwec.edu  Thu Dec 11 09:20:15 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Thu, 11 Dec 2008 11:20:15 -0600
Subject: [Casper] Updates
In-Reply-To: <C5668B1E.2DA3%jstrauss@loyolahs.edu>
Message-ID: <C566A7EF.11BE1%ernstcs@uwec.edu>

I run an Apple Software Update Server and control the updates I push out. I have them schedule to happen with Policies over the weekend for labs and office non-mobile systems. The mobile systems are a little trickier depending on the scenario.

But I have the software update server specified in the JSS, you can have more than one if you have multiple locations to deal with and then direct clients to the appropriate ASUS with network segments.

I'm sure most of the people do this.

Craig E

On 12/11/08 11:17 AM, "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:

Allow me to clarify:

I mean OS updates, not third-party apps or Casper updates, for which I use Self Service or deploy via policy.

- Jeff


On 12/11/08 9:12 AM, "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:

Hey all,

Do you guys have any procedures for deploying updates to machines? If so, can you shed some light on how you handle updating clients?

Thank you much!

Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121 x265

Please consider the environment before printing this e-mail.



Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121 x265

Please consider the environment before printing this e-mail.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/1d07660e/attachment.htm 

From miles.leacy at themacadmin.com  Thu Dec 11 09:21:59 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Thu, 11 Dec 2008 12:21:59 -0500
Subject: [Casper] Updates
In-Reply-To: <C5668A14.2D9C%jstrauss@loyolahs.edu>
References: <C5668A14.2D9C%jstrauss@loyolahs.edu>
Message-ID: <ec2e75ff0812110921n795f4f3bi7c012a3e2b76b049@mail.gmail.com>

For Apple updates, I run my own Apple Software Update Server (SUS), which is
easy and fairly unobtrusive if you have any Mac OS X Server machines in your
environment and under your control (You can use the same box that runs your
JSS)  I have a Casper Policy that causes each managed machine to run all
available updates from the internal SUS.  You could point the managed
machines to Apple's software update server, but if you do that, you have no
control over which updates get applied and when they get applied.  With your
own SUS, you can test the updates first, then add them to the SUS once
you're sure they won't break anything in your environment.
For 3rd party updates, if they're .pkg files I might add them directly to
the JSS.  Sometimes I do a fresh install of the app in question, patch it to
the current update and make a new package for that app.  You could create a
"new & modified" package in Composer, but that's tricky unless you know
exactly what files the application and it's update modifies.

Remember, test, test, test!

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/11 Jeff Strauss <jstrauss at loyolahs.edu>

>  Hey all,
>
> Do you guys have any procedures for deploying updates to machines? If so,
> can you shed some light on how you handle updating clients?
>
> Thank you much!
>
> *Jeffrey A. Strauss
> *Department of Educational Technology
> *Systems Administrator
> *Loyola High School of Los Angeles
> 1901 Venice Blvd.
> Los Angeles, Ca 90006
> (213) 381-5121 x265
>
> Please consider the environment before printing this e-mail.
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/5ea2c6ed/attachment.html 

From jared.nichols at ll.mit.edu  Thu Dec 11 09:16:55 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Thu, 11 Dec 2008 12:16:55 -0500
Subject: [Casper] Updates
In-Reply-To: <C5668A14.2D9C%jstrauss@loyolahs.edu>
Message-ID: <C566B537.176A1%jared.nichols@ll.mit.edu>

I run our own Software Update Server so I can vette any packages first.  If it's ok, I release it in SUS and let the software update mechanism handle it.  I do force a once monthly mandatory update.  Users can run it optionally on their own or it'll pop up automatically weekly.

j


On 12/11/08 12:12 , "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:

Hey all,

Do you guys have any procedures for deploying updates to machines? If so, can you shed some light on how you handle updating clients?

Thank you much!

Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121 x265

Please consider the environment before printing this e-mail.



--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/0a492f2d/attachment.htm 

From jstrauss at loyolahs.edu  Thu Dec 11 09:27:02 2008
From: jstrauss at loyolahs.edu (Jeff Strauss)
Date: Thu, 11 Dec 2008 09:27:02 -0800
Subject: [Casper] Updates
Message-ID: <C5668D66.2DAD%jstrauss@loyolahs.edu>

Well, seems like everyone's doing it the same way, and the solution works for my environment, so I'll join the team. :)

Thanks for all your input everyone. Really appreciate the help.


Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121 x265

Please consider the environment before printing this e-mail.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/4f96c949/attachment.html 

From miles.leacy at themacadmin.com  Thu Dec 11 09:29:28 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Thu, 11 Dec 2008 12:29:28 -0500
Subject: [Casper] Updates
In-Reply-To: <C566B537.176A1%jared.nichols@ll.mit.edu>
References: <C5668A14.2D9C%jstrauss@loyolahs.edu>
	<C566B537.176A1%jared.nichols@ll.mit.edu>
Message-ID: <ec2e75ff0812110929p3375b36cu371cb05e8a4f02f0@mail.gmail.com>

Do your users run it via self-service?
I have an "updates available" smart group that consists of all machines with
>0 updates available.  A self-service policy scoped to this smart group
allows non-admins to run Apple updates.  As silly as it may seem, this
option can inflate the egos of many users.  You might be surprised how far
the illusion of control gets you with people.

Of course, I have a second policy scoped to the same group that runs over
the weekend for anyone who didn't avail themselves of self-service.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/11 Nichols, Jared <jared.nichols at ll.mit.edu>

>  I run our own Software Update Server so I can vette any packages first.
>  If it's ok, I release it in SUS and let the software update mechanism
> handle it.  I do force a once monthly mandatory update.  Users can run it
> optionally on their own or it'll pop up automatically weekly.
>
> j
>
>
>
> On 12/11/08 12:12 , "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:
>
> Hey all,
>
> Do you guys have any procedures for deploying updates to machines? If so,
> can you shed some light on how you handle updating clients?
>
> Thank you much!
>
> *Jeffrey A. Strauss
> *Department of Educational Technology
> *Systems Administrator
> *Loyola High School of Los Angeles
> 1901 Venice Blvd.
> Los Angeles, Ca 90006
> (213) 381-5121 x265
>
> Please consider the environment before printing this e-mail.
>
>
>
> --
> Jared Nichols
> ISD Infrastructure and Operations ? Desktop Engineering
> MIT Lincoln Laboratory
> 244 Wood St.
> Lexington, MA 02420-9108
> (781) 981-5500
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/1075c066/attachment-0001.htm 

From TLARKI at kckps.org  Thu Dec 11 10:40:27 2008
From: TLARKI at kckps.org (Thomas Larkin)
Date: Thu, 11 Dec 2008 12:40:27 -0600
Subject: [Casper] Updates
In-Reply-To: <49410A3B0200003900006C9D@gwoes4.kckps.org>
References: <49410A3A0200003900006C9A@gwoes4.kckps.org>
	<49410A3B0200003900006C9D@gwoes4.kckps.org>
Message-ID: <49410A3B0200003900006C9D@gwoes4.kckps.org>

I have a self service policy that runs all approved updates off of our
sus. I also download the pkg for quick critical updates and push them
out via a policy. 

I only have one sus and it would be awesome if I could cache those
updates to the casper distribution points. Then I wouldn't have 6000
clients pulling updates off one server.  Then just use that one server
to control it while the casper share points distribute it to their set
vlans. 

 
-----Original Message-----
From: "Miles Leacy" <miles.leacy at themacadmin.com>
Cc: List, Casper <casper at list.jamfsoftware.com>
To: Nichols, Jared <jared.nichols at ll.mit.edu>

Sent: 12/11/2008 11:29:28 AM
Subject: Re: [Casper] Updates

Do your users run it via self-service?
I have an "updates available" smart group that consists of all machines
with
>0 updates available.  A self-service policy scoped to this smart group
allows non-admins to run Apple updates.  As silly as it may seem, this
option can inflate the egos of many users.  You might be surprised how
far
the illusion of control gets you with people.

Of course, I have a second policy scoped to the same group that runs
over
the weekend for anyone who didn't avail themselves of self-service.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/11 Nichols, Jared <jared.nichols at ll.mit.edu>

>  I run our own Software Update Server so I can vette any packages
first.
>  If it's ok, I release it in SUS and let the software update mechanism
> handle it.  I do force a once monthly mandatory update.  Users can run
it
> optionally on their own or it'll pop up automatically weekly.
>
> j
>
>
>
> On 12/11/08 12:12 , "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:
>
> Hey all,
>
> Do you guys have any procedures for deploying updates to machines? If
so,
> can you shed some light on how you handle updating clients?
>
> Thank you much!
>
> *Jeffrey A. Strauss
> *Department of Educational Technology
> *Systems Administrator
> *Loyola High School of Los Angeles
> 1901 Venice Blvd.
> Los Angeles, Ca 90006
> (213) 381-5121 x265
>
> Please consider the environment before printing this e-mail.
>
>
>
> --
> Jared Nichols
> ISD Infrastructure and Operations ? Desktop Engineering
> MIT Lincoln Laboratory
> 244 Wood St.
> Lexington, MA 02420-9108
> (781) 981-5500
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>


From miles.leacy at themacadmin.com  Thu Dec 11 11:29:01 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Thu, 11 Dec 2008 14:29:01 -0500
Subject: [Casper] Updates
In-Reply-To: <49410A3B0200003900006C9D@gwoes4.kckps.org>
References: <49410A3A0200003900006C9A@gwoes4.kckps.org>
	<49410A3B0200003900006C9D@gwoes4.kckps.org>
	<49410A3B0200003900006C9D@gwoes4.kckps.org>
Message-ID: <ec2e75ff0812111129l1d132f88mac5ab3e719f969a6@mail.gmail.com>

Are the distribution points on OS X Servers?  If so, the easiest solution is
to create multiple instances of SUS on different network segments.
I was thinking through an automated way to move packages from an SUS to a
Casper distribution point, and it's relatively easy to get the packages
there.  The hurdle is making them useful to Software Update, or even to
Casper.

I suppose you could forego the SUS and add Apple update pkgs to your JSS and
deploy them that way.  This would bring on additional work as you'd need to
determine the dependencies and compatibility of each update manually and
scope their installation appropriately.  If you use an SUS and Software
Update, Apple does that work for you.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Thu, Dec 11, 2008 at 1:40 PM, Thomas Larkin <TLARKI at kckps.org> wrote:

> I have a self service policy that runs all approved updates off of our
> sus. I also download the pkg for quick critical updates and push them
> out via a policy.
>
> I only have one sus and it would be awesome if I could cache those
> updates to the casper distribution points. Then I wouldn't have 6000
> clients pulling updates off one server.  Then just use that one server
> to control it while the casper share points distribute it to their set
> vlans.
>
>
> -----Original Message-----
> From: "Miles Leacy" <miles.leacy at themacadmin.com>
> Cc: List, Casper <casper at list.jamfsoftware.com>
> To: Nichols, Jared <jared.nichols at ll.mit.edu>
>
> Sent: 12/11/2008 11:29:28 AM
> Subject: Re: [Casper] Updates
>
> Do your users run it via self-service?
> I have an "updates available" smart group that consists of all machines
> with
> >0 updates available.  A self-service policy scoped to this smart group
> allows non-admins to run Apple updates.  As silly as it may seem, this
> option can inflate the egos of many users.  You might be surprised how
> far
> the illusion of control gets you with people.
>
> Of course, I have a second policy scoped to the same group that runs
> over
> the weekend for anyone who didn't avail themselves of self-service.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> 2008/12/11 Nichols, Jared <jared.nichols at ll.mit.edu>
>
> >  I run our own Software Update Server so I can vette any packages
> first.
> >  If it's ok, I release it in SUS and let the software update mechanism
> > handle it.  I do force a once monthly mandatory update.  Users can run
> it
> > optionally on their own or it'll pop up automatically weekly.
> >
> > j
> >
> >
> >
> > On 12/11/08 12:12 , "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:
> >
> > Hey all,
> >
> > Do you guys have any procedures for deploying updates to machines? If
> so,
> > can you shed some light on how you handle updating clients?
> >
> > Thank you much!
> >
> > *Jeffrey A. Strauss
> > *Department of Educational Technology
> > *Systems Administrator
> > *Loyola High School of Los Angeles
> > 1901 Venice Blvd.
> > Los Angeles, Ca 90006
> > (213) 381-5121 x265
> >
> > Please consider the environment before printing this e-mail.
> >
> >
> >
> > --
> > Jared Nichols
> > ISD Infrastructure and Operations ? Desktop Engineering
> > MIT Lincoln Laboratory
> > 244 Wood St.
> > Lexington, MA 02420-9108
> > (781) 981-5500
> >
> > _______________________________________________
> > Casper mailing list
> > Casper at list.jamfsoftware.com
> > http://list.jamfsoftware.com/mailman/listinfo/casper
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/0c32c1f4/attachment.html 

From NATHANIEL.LINDLEY at spps.org  Thu Dec 11 12:02:47 2008
From: NATHANIEL.LINDLEY at spps.org (NATHANIEL.LINDLEY at spps.org)
Date: Thu, 11 Dec 2008 14:02:47 -0600
Subject: [Casper] Updates
In-Reply-To: <ec2e75ff0812111129l1d132f88mac5ab3e719f969a6@mail.gmail.com>
Message-ID: <OF94269F07.AAAD5BEB-ON8625751C.006D2254-8625751C.006EBB17@spps.org>


I have multiple Distribution points that are 10.5 OS X servers that also
run SUS, problem is I can't get the remote servers to pull the updates from
my master SUS.  I've tried some of the suggestions without luck.  Anyone
else doing this ?
-Nathaniel



                                                                           
             "Miles Leacy"                                                 
             <miles.leacy at them                                             
             acadmin.com>                                               To 
             Sent by:                  "Thomas Larkin" <TLARKI at kckps.org>  
             casper-bounces at li                                          cc 
             st.jamfsoftware.c         casper at list.jamfsoftware.com        
             om                                                    Subject 
                                       Re: [Casper] Updates                
                                                                           
             12/11/08 01:22 PM                                             
                                                                           
                                                                           
                                                                           
                                                                           




Are the distribution points on OS X Servers?  If so, the easiest solution
is to create multiple instances of SUS on different network segments.

I was thinking through an automated way to move packages from an SUS to a
Casper distribution point, and it's relatively easy to get the packages
there.  The hurdle is making them useful to Software Update, or even to
Casper.

I suppose you could forego the SUS and add Apple update pkgs to your JSS
and deploy them that way.  This would bring on additional work as you'd
need to determine the dependencies and compatibility of each update
manually and scope their installation appropriately.  If you use an SUS and
Software Update, Apple does that work for you.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Thu, Dec 11, 2008 at 1:40 PM, Thomas Larkin <TLARKI at kckps.org> wrote:
  I have a self service policy that runs all approved updates off of our
  sus. I also download the pkg for quick critical updates and push them
  out via a policy.

  I only have one sus and it would be awesome if I could cache those
  updates to the casper distribution points. Then I wouldn't have 6000
  clients pulling updates off one server.  Then just use that one server
  to control it while the casper share points distribute it to their set
  vlans.


  -----Original Message-----
  From: "Miles Leacy" <miles.leacy at themacadmin.com>
  Cc: List, Casper <casper at list.jamfsoftware.com>
  To: Nichols, Jared <jared.nichols at ll.mit.edu>

  Sent: 12/11/2008 11:29:28 AM
  Subject: Re: [Casper] Updates

  Do your users run it via self-service?
  I have an "updates available" smart group that consists of all machines
  with
  >0 updates available.  A self-service policy scoped to this smart group
  allows non-admins to run Apple updates.  As silly as it may seem, this
  option can inflate the egos of many users.  You might be surprised how
  far
  the illusion of control gets you with people.

  Of course, I have a second policy scoped to the same group that runs
  over
  the weekend for anyone who didn't avail themselves of self-service.

  ----------
  Miles A. Leacy IV

  ? Certified System Administrator 10.4
  ? Certified Technical Coordinator 10.5
  ? Certified Trainer
  Certified Casper Administrator
  ----------
  voice: 1-347-277-7321
  miles.leacy at themacadmin.com
  www.themacadmin.com




  2008/12/11 Nichols, Jared <jared.nichols at ll.mit.edu>

  >  I run our own Software Update Server so I can vette any packages
  first.
  >  If it's ok, I release it in SUS and let the software update mechanism
  > handle it.  I do force a once monthly mandatory update.  Users can run
  it
  > optionally on their own or it'll pop up automatically weekly.
  >
  > j
  >
  >
  >
  > On 12/11/08 12:12 , "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:
  >
  > Hey all,
  >
  > Do you guys have any procedures for deploying updates to machines? If
  so,
  > can you shed some light on how you handle updating clients?
  >
  > Thank you much!
  >
  > *Jeffrey A. Strauss
  > *Department of Educational Technology
  > *Systems Administrator
  > *Loyola High School of Los Angeles
  > 1901 Venice Blvd.
  > Los Angeles, Ca 90006
  > (213) 381-5121 x265
  >
  > Please consider the environment before printing this e-mail.
  >
  >
  >
  > --
  > Jared Nichols
  > ISD Infrastructure and Operations ? Desktop Engineering
  > MIT Lincoln Laboratory
  > 244 Wood St.
  > Lexington, MA 02420-9108
  > (781) 981-5500
  >
  > _______________________________________________
  > Casper mailing list
  > Casper at list.jamfsoftware.com
  > http://list.jamfsoftware.com/mailman/listinfo/casper
  >
  >

_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper



From NATHANIEL.LINDLEY at spps.org  Thu Dec 11 12:05:55 2008
From: NATHANIEL.LINDLEY at spps.org (NATHANIEL.LINDLEY at spps.org)
Date: Thu, 11 Dec 2008 14:05:55 -0600
Subject: [Casper] Casper VNC crashes
Message-ID: <OF6F86CDF5.A9DA9BD6-ON8625751C.006E282B-8625751C.006F04AF@spps.org>

It seems that more and more frequently when I use Casper VNC, it will crash
the Casper Remote program when I disconnect from the remote machine.  This
happens on both 10.4 and 10.5 admin computers using Casper Remote 6.01.  So
the only thing I've found to unlock Casper Remote (Force Quit doesn't work)
is to logout, then log back in to the computer.   I've tried force quitting
process in Activity Monitor, but I can't find the right one.
So now, we connect with Casper Remote/VNC, then enable ARD, then
disconnect, crash, then logout/login, connect with ARD.  Not very
efficient.  I'm I the only one?
-Nathaniel Lindley




From miles.leacy at themacadmin.com  Thu Dec 11 12:15:15 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Thu, 11 Dec 2008 15:15:15 -0500
Subject: [Casper] Updates
In-Reply-To: <OF94269F07.AAAD5BEB-ON8625751C.006D2254-8625751C.006EBB17@spps.org>
References: <ec2e75ff0812111129l1d132f88mac5ab3e719f969a6@mail.gmail.com>
	<OF94269F07.AAAD5BEB-ON8625751C.006D2254-8625751C.006EBB17@spps.org>
Message-ID: <ec2e75ff0812111215p5c8c0379m481c2f4f0ed2837@mail.gmail.com>

I'm just spitballing, but SUS settings ought to be a plist or plists.
 Perhaps you could capture the settings on your "primary" SUS and deploy
them out to your "child" SUSes.
You may need to copy the actual packages from primary to child SUSes.  I'd
probably try rsync first.

With the packages copied to the appropriate place, and the plists updated,
you may get what you need.

Take this with the huge caveat that I haven't tried this.  I'm just
theorizing the possibility.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Thu, Dec 11, 2008 at 3:02 PM, <NATHANIEL.LINDLEY at spps.org> wrote:

>
> I have multiple Distribution points that are 10.5 OS X servers that also
> run SUS, problem is I can't get the remote servers to pull the updates from
> my master SUS.  I've tried some of the suggestions without luck.  Anyone
> else doing this ?
> -Nathaniel
>
>
>
>
>             "Miles Leacy"
>             <miles.leacy at them
>             acadmin.com>                                               To
>             Sent by:                  "Thomas Larkin" <TLARKI at kckps.org>
>             casper-bounces at li                                          cc
>             st.jamfsoftware.c         casper at list.jamfsoftware.com
>             om                                                    Subject
>                                       Re: [Casper] Updates
>
>             12/11/08 01:22 PM
>
>
>
>
>
>
>
>
> Are the distribution points on OS X Servers?  If so, the easiest solution
> is to create multiple instances of SUS on different network segments.
>
> I was thinking through an automated way to move packages from an SUS to a
> Casper distribution point, and it's relatively easy to get the packages
> there.  The hurdle is making them useful to Software Update, or even to
> Casper.
>
> I suppose you could forego the SUS and add Apple update pkgs to your JSS
> and deploy them that way.  This would bring on additional work as you'd
> need to determine the dependencies and compatibility of each update
> manually and scope their installation appropriately.  If you use an SUS and
> Software Update, Apple does that work for you.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> On Thu, Dec 11, 2008 at 1:40 PM, Thomas Larkin <TLARKI at kckps.org> wrote:
>  I have a self service policy that runs all approved updates off of our
>  sus. I also download the pkg for quick critical updates and push them
>  out via a policy.
>
>  I only have one sus and it would be awesome if I could cache those
>  updates to the casper distribution points. Then I wouldn't have 6000
>  clients pulling updates off one server.  Then just use that one server
>  to control it while the casper share points distribute it to their set
>  vlans.
>
>
>  -----Original Message-----
>  From: "Miles Leacy" <miles.leacy at themacadmin.com>
>  Cc: List, Casper <casper at list.jamfsoftware.com>
>  To: Nichols, Jared <jared.nichols at ll.mit.edu>
>
>  Sent: 12/11/2008 11:29:28 AM
>  Subject: Re: [Casper] Updates
>
>  Do your users run it via self-service?
>  I have an "updates available" smart group that consists of all machines
>  with
>  >0 updates available.  A self-service policy scoped to this smart group
>  allows non-admins to run Apple updates.  As silly as it may seem, this
>  option can inflate the egos of many users.  You might be surprised how
>  far
>  the illusion of control gets you with people.
>
>  Of course, I have a second policy scoped to the same group that runs
>  over
>  the weekend for anyone who didn't avail themselves of self-service.
>
>  ----------
>  Miles A. Leacy IV
>
>  ? Certified System Administrator 10.4
>  ? Certified Technical Coordinator 10.5
>  ? Certified Trainer
>  Certified Casper Administrator
>  ----------
>  voice: 1-347-277-7321
>  miles.leacy at themacadmin.com
>  www.themacadmin.com
>
>
>
>
>  2008/12/11 Nichols, Jared <jared.nichols at ll.mit.edu>
>
>  >  I run our own Software Update Server so I can vette any packages
>  first.
>  >  If it's ok, I release it in SUS and let the software update mechanism
>  > handle it.  I do force a once monthly mandatory update.  Users can run
>  it
>  > optionally on their own or it'll pop up automatically weekly.
>  >
>  > j
>  >
>  >
>  >
>  > On 12/11/08 12:12 , "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:
>  >
>  > Hey all,
>  >
>  > Do you guys have any procedures for deploying updates to machines? If
>  so,
>  > can you shed some light on how you handle updating clients?
>  >
>  > Thank you much!
>  >
>  > *Jeffrey A. Strauss
>  > *Department of Educational Technology
>  > *Systems Administrator
>  > *Loyola High School of Los Angeles
>  > 1901 Venice Blvd.
>  > Los Angeles, Ca 90006
>  > (213) 381-5121 x265
>  >
>  > Please consider the environment before printing this e-mail.
>  >
>  >
>  >
>  > --
>  > Jared Nichols
>  > ISD Infrastructure and Operations ? Desktop Engineering
>  > MIT Lincoln Laboratory
>  > 244 Wood St.
>  > Lexington, MA 02420-9108
>  > (781) 981-5500
>  >
>  > _______________________________________________
>  > Casper mailing list
>  > Casper at list.jamfsoftware.com
>  > http://list.jamfsoftware.com/mailman/listinfo/casper
>  >
>  >
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/64ab660a/attachment-0001.html 

From tlarki at kckps.org  Thu Dec 11 12:17:21 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Thu, 11 Dec 2008 14:17:21 -0600
Subject: [Casper] Updates
In-Reply-To: <ec2e75ff0812111129l1d132f88mac5ab3e719f969a6@mail.gmail.com>
References: <49410A3A0200003900006C9A@gwoes4.kckps.org>
	<49410A3B0200003900006C9D@gwoes4.kckps.org>
	<49410A3B0200003900006C9D@gwoes4.kckps.org>
	<ec2e75ff0812111129l1d132f88mac5ab3e719f969a6@mail.gmail.com>
Message-ID: <494120F1.7141.0039.0@kckps.org>

Yes our SUS is an Xserve that is dedicated to SUS and file sharing, and
I want it to download and cache out all approved updates to distribution
points, since our distribution points run off of RAIDs on building level
Xserves.  That way they could sync the updates over night, and during
operating hours machines would not go over the WAN for updates, they
could pull them off the casper distribution point. 

Does that make sense?

>>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/11/08 1:29 PM >>>
Are the distribution points on OS X Servers?  If so, the easiest
solution is to create multiple instances of SUS on different network
segments. 


I was thinking through an automated way to move packages from an SUS to
a Casper distribution point, and it's relatively easy to get the
packages there.  The hurdle is making them useful to Software Update, or
even to Casper. 



I suppose you could forego the SUS and add Apple update pkgs to your JSS
and deploy them that way.  This would bring on additional work as you'd
need to determine the dependencies and compatibility of each update
manually and scope their installation appropriately.  If you use an SUS
and Software Update, Apple does that work for you. 


----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com





On Thu, Dec 11, 2008 at 1:40 PM, Thomas Larkin 
<TLARKI at kckps.org> 

wrote:


I have a self service policy that runs all approved updates off of our
sus. I also download the pkg for quick critical updates and push them
out via a policy.

I only have one sus and it would be awesome if I could cache those
updates to the casper distribution points. Then I wouldn't have 6000
clients pulling updates off one server.  Then just use that one server
to control it while the casper share points distribute it to their set
vlans.




-----Original Message-----
From: "Miles Leacy" <miles.leacy at themacadmin.com>
Cc: List, Casper <casper at list.jamfsoftware.com>
To: Nichols, Jared <jared.nichols at ll.mit.edu>

Sent: 12/11/2008 11:29:28 AM
Subject: Re: [Casper] Updates

Do your users run it via self-service?
I have an "updates available" smart group that consists of all machines
with
>0 updates available.  A self-service policy scoped to this smart group
allows non-admins to run Apple updates.  As silly as it may seem, this
option can inflate the egos of many users.  You might be surprised how
far
the illusion of control gets you with people.

Of course, I have a second policy scoped to the same group that runs
over
the weekend for anyone who didn't avail themselves of self-service.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com





2008/12/11 Nichols, Jared <jared.nichols at ll.mit.edu>

>  I run our own Software Update Server so I can vette any packages
first.
>  If it's ok, I release it in SUS and let the software update mechanism
> handle it.  I do force a once monthly mandatory update.  Users can run
it
> optionally on their own or it'll pop up automatically weekly.
>
> j
>
>
>

> On 12/11/08 12:12 , "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:
>
> Hey all,
>
> Do you guys have any procedures for deploying updates to machines? If
so,
> can you shed some light on how you handle updating clients?
>
> Thank you much!
>
> *Jeffrey A. Strauss
> *Department of Educational Technology
> *Systems Administrator
> *Loyola High School of Los Angeles
> 1901 Venice Blvd.
> Los Angeles, Ca 90006
> (213) 381-5121 x265
>
> Please consider the environment before printing this e-mail.
>
>
>

> --


> Jared Nichols
> ISD Infrastructure and Operations ? Desktop Engineering
> MIT L> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/0a573a60/attachment.htm 

From Jason.Weber at district196.org  Thu Dec 11 12:18:50 2008
From: Jason.Weber at district196.org (Weber, Jason)
Date: Thu, 11 Dec 2008 14:18:50 -0600
Subject: [Casper] Casper VNC crashes
In-Reply-To: <OF6F86CDF5.A9DA9BD6-ON8625751C.006E282B-8625751C.006F04AF@spps.org>
References: <OF6F86CDF5.A9DA9BD6-ON8625751C.006E282B-8625751C.006F04AF@spps.org>
Message-ID: <DFFCE7044F8AFF41AB2262F92C7821620879F85B@do-mail03.district196.org>

I haven't had this happen much, but it has happened since the upgrade to
6.0x.


Jason Weber
Technology Support Cluster Specialist
Independent School District 196




-----Original Message-----
From: casper-bounces at list.jamfsoftware.com
[mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of
NATHANIEL.LINDLEY at spps.org
Sent: Thursday, December 11, 2008 2:06 PM
To: Casper Listserv
Subject: [Casper] Casper VNC crashes

It seems that more and more frequently when I use Casper VNC, it will
crash
the Casper Remote program when I disconnect from the remote machine.
This
happens on both 10.4 and 10.5 admin computers using Casper Remote 6.01.
So
the only thing I've found to unlock Casper Remote (Force Quit doesn't
work)
is to logout, then log back in to the computer.   I've tried force
quitting
process in Activity Monitor, but I can't find the right one.
So now, we connect with Casper Remote/VNC, then enable ARD, then
disconnect, crash, then logout/login, connect with ARD.  Not very
efficient.  I'm I the only one?
-Nathaniel Lindley



_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper

From tlarki at kckps.org  Thu Dec 11 12:19:06 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Thu, 11 Dec 2008 14:19:06 -0600
Subject: [Casper] Casper VNC crashes
In-Reply-To: <OF6F86CDF5.A9DA9BD6-ON8625751C.006E282B-8625751C.006F04AF@spps.org>
References: <OF6F86CDF5.A9DA9BD6-ON8625751C.006E282B-8625751C.006F04AF@spps.org>
Message-ID: <4941215A.7141.0039.0@kckps.org>

I  have had Casper Remote crash on me as well using the VNC connection.  I use ARD admin, though I would love to give certain users "view only" casper remote options.

>>> <NATHANIEL.LINDLEY at spps.org> 12/11/08 2:05 PM >>>
It seems that more and more frequently when I use Casper VNC, it will crash
the Casper Remote program when I disconnect from the remote machine.  This
happens on both 10.4 and 10.5 admin computers using Casper Remote 6.01.  So
the only thing I've found to unlock Casper Remote (Force Quit doesn't work)
is to logout, then log back in to the computer.   I've tried force quitting
process in Activity Monitor, but I can't find the right one.
So now, we connect with Casper Remote/VNC, then enable ARD, then
disconnect, crash, then logout/login, connect with ARD.  Not very
efficient.  I'm I the only one?
-Nathaniel Lindley



_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/7545acdd/attachment.html 

From miles.leacy at themacadmin.com  Thu Dec 11 12:19:35 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Thu, 11 Dec 2008 15:19:35 -0500
Subject: [Casper] Casper VNC crashes
In-Reply-To: <OF6F86CDF5.A9DA9BD6-ON8625751C.006E282B-8625751C.006F04AF@spps.org>
References: <OF6F86CDF5.A9DA9BD6-ON8625751C.006E282B-8625751C.006F04AF@spps.org>
Message-ID: <ec2e75ff0812111219j23785629g3c13176004449d1e@mail.gmail.com>

I haven't experienced this, but I have experienced Recon crashes when logged
in as a network user.
I can't speak to the trouble you're having, but if you want to simplify your
workaround, you could use the kickstart command via ssh or Casper script.
 See:
http://support.apple.com/kb/HT2370

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Thu, Dec 11, 2008 at 3:05 PM, <NATHANIEL.LINDLEY at spps.org> wrote:

> It seems that more and more frequently when I use Casper VNC, it will crash
> the Casper Remote program when I disconnect from the remote machine.  This
> happens on both 10.4 and 10.5 admin computers using Casper Remote 6.01.  So
> the only thing I've found to unlock Casper Remote (Force Quit doesn't work)
> is to logout, then log back in to the computer.   I've tried force quitting
> process in Activity Monitor, but I can't find the right one.
> So now, we connect with Casper Remote/VNC, then enable ARD, then
> disconnect, crash, then logout/login, connect with ARD.  Not very
> efficient.  I'm I the only one?
> -Nathaniel Lindley
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/f5738ee2/attachment.htm 

From jared.nichols at ll.mit.edu  Thu Dec 11 12:20:16 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Thu, 11 Dec 2008 15:20:16 -0500
Subject: [Casper] Updates
In-Reply-To: <494120F1.7141.0039.0@kckps.org>
Message-ID: <C566E030.176D5%jared.nichols@ll.mit.edu>

Just spitballing here...

On your distribution SUS', could you have SUS on, but disable auto download and auto enable options?  Then, use rsync to mirror the /usr/share/httpd/swupd (I think that's it) folder from the "master" to the "distribution" ?

J


On 12/11/08 15:17 , "Thomas Larkin" <tlarki at kckps.org> wrote:



 Yes our SUS is an Xserve that is dedicated to SUS and file sharing, and I want it to download and cache out all approved updates to distribution points, since our distribution points run off of RAIDs on building level Xserves.  That way they could sync the updates over night, and during operating hours machines would not go over the WAN for updates, they could pull them off the casper distribution point.



 Does that make sense?

>>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/11/08 1:29 PM >>>
Are the distribution points on OS X Servers?  If so, the easiest solution is to create multiple instances of SUS on different network segments.









 I was thinking through an automated way to move packages from an SUS to a Casper distribution point, and it's relatively easy to get the packages there.  The hurdle is making them useful to Software Update, or even to Casper.










 I suppose you could forego the SUS and add Apple update pkgs to your JSS and deploy them that way.  This would bring on additional work as you'd need to determine the dependencies and compatibility of each update manually and scope their installation appropriately.  If you use an SUS and Software Update, Apple does that work for you.





 ----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>








 On Thu, Dec 11, 2008 at 1:40 PM, Thomas Larkin



 <TLARKI at kckps.org>



 wrote:




 I have a self service policy that runs all approved updates off of our
sus. I also download the pkg for quick critical updates and push them
out via a policy.

I only have one sus and it would be awesome if I could cache those
updates to the casper distribution points. Then I wouldn't have 6000
clients pulling updates off one server.  Then just use that one server
to control it while the casper share points distribute it to their set
vlans.










 -----Original Message-----
From: "Miles Leacy" <miles.leacy at themacadmin.com>
Cc: List, Casper <casper at list.jamfsoftware.com>
To: Nichols, Jared <jared.nichols at ll.mit.edu>

Sent: 12/11/2008 11:29:28 AM
Subject: Re: [Casper] Updates

Do your users run it via self-service?
I have an "updates available" smart group that consists of all machines
with
>0 updates available.  A self-service policy scoped to this smart group
allows non-admins to run Apple updates.  As silly as it may seem, this
option can inflate the egos of many users.  You might be surprised how
far
the illusion of control gets you with people.

Of course, I have a second policy scoped to the same group that runs
over
the weekend for anyone who didn't avail themselves of self-service.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>










 2008/12/11 Nichols, Jared <jared.nichols at ll.mit.edu>

>  I run our own Software Update Server so I can vette any packages
first.
>  If it's ok, I release it in SUS and let the software update mechanism
> handle it.  I do force a once monthly mandatory update.  Users can run
it
> optionally on their own or it'll pop up automatically weekly.
>
> j
>
>
>





 > On 12/11/08 12:12 , "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:
>
> Hey all,
>
> Do you guys have any procedures for deploying updates to machines? If
so,
> can you shed some light on how you handle updating clients?
>
> Thank you much!
>
> *Jeffrey A. Strauss
> *Department of Educational Technology
> *Systems Administrator
> *Loyola High School of Los Angeles
> 1901 Venice Blvd.
> Los Angeles, Ca 90006
> (213) 381-5121 x265
>
> Please consider the environment before printing this e-mail.
>
>
>




 > --








 > Jared Nichols
> ISD Infrastructure and Operations - Desktop Engineering
> MIT Lincoln Laboratory
> 244 Wood St.
> Lexington, MA 02420-9108
> (781) 981-5500
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>













--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/d8087926/attachment.html 

From miles.leacy at themacadmin.com  Thu Dec 11 12:36:26 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Thu, 11 Dec 2008 15:36:26 -0500
Subject: [Casper] Updates
In-Reply-To: <494120F1.7141.0039.0@kckps.org>
References: <49410A3A0200003900006C9A@gwoes4.kckps.org>
	<49410A3B0200003900006C9D@gwoes4.kckps.org>
	<ec2e75ff0812111129l1d132f88mac5ab3e719f969a6@mail.gmail.com>
	<494120F1.7141.0039.0@kckps.org>
Message-ID: <ec2e75ff0812111236i11f0d9bfle0ad75562a9779ee@mail.gmail.com>

To pull your Apple updates from the Casper distribution point, you'd need to
add them to the JSS, which brings in the manual work of scoping the updates
appropriately.
The Apple Software Update service stores its info in /usr/share/swupd/html/
replicating the contents of this directory from one server to another
*might* get you identical Software Update Servers, but I don't know if it
would work.

What I hypothesize could work and might be worth testing is the following:

1. Update your primary SUS
2. Export the SUS service settings from Server Admin on the primary SUS
3. Import the SUS service settings gathered above to your child SUS
4. See if importing these settings causes your child SUS to update its SUS
data
5. If the answer to step 4 is no, try rsync-ing your /usr/share/swupd/html/
folder from primary SUS to child SUS.

Manually updating an SUS is something I consider a best practice.  You'll
want to see what's available, download the package to a test box and vet the
update, then enable it on the SUS.  What this hopes to achieve is to keep
you from having to repeat that process on every SUS in your enterprise.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Thu, Dec 11, 2008 at 3:17 PM, Thomas Larkin <tlarki at kckps.org> wrote:

>  Yes our SUS is an Xserve that is dedicated to SUS and file sharing, and I
> want it to download and cache out all approved updates to distribution
> points, since our distribution points run off of RAIDs on building level
> Xserves.  That way they could sync the updates over night, and during
> operating hours machines would not go over the WAN for updates, they could
> pull them off the casper distribution point.
>
>  Does that make sense?
>
> >>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/11/08 1:29 PM >>>
>
> Are the distribution points on OS X Servers?  If so, the easiest solution
> is to create multiple instances of SUS on different network segments.
>
>
>   I was thinking through an automated way to move packages from an SUS to
> a Casper distribution point, and it's relatively easy to get the packages
> there.  The hurdle is making them useful to Software Update, or even to
> Casper.
>
>
>   I suppose you could forego the SUS and add Apple update pkgs to your JSS
> and deploy them that way.  This would bring on additional work as you'd need
> to determine the dependencies and compatibility of each update manually and
> scope their installation appropriately.  If you use an SUS and Software
> Update, Apple does that work for you.
>
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
>   On Thu, Dec 11, 2008 at 1:40 PM, Thomas Larkin
>
> <TLARKI at kckps.org>
>
> wrote:
>
>>  I have a self service policy that runs all approved updates off of our
>> sus. I also download the pkg for quick critical updates and push them
>> out via a policy.
>>
>> I only have one sus and it would be awesome if I could cache those
>> updates to the casper distribution points. Then I wouldn't have 6000
>> clients pulling updates off one server.  Then just use that one server
>> to control it while the casper share points distribute it to their set
>> vlans.
>>
>>
>>
>> -----Original Message-----
>> From: "Miles Leacy" <miles.leacy at themacadmin.com>
>> Cc: List, Casper <casper at list.jamfsoftware.com>
>> To: Nichols, Jared <jared.nichols at ll.mit.edu>
>>
>> Sent: 12/11/2008 11:29:28 AM
>> Subject: Re: [Casper] Updates
>>
>> Do your users run it via self-service?
>> I have an "updates available" smart group that consists of all machines
>> with
>> >0 updates available.  A self-service policy scoped to this smart group
>> allows non-admins to run Apple updates.  As silly as it may seem, this
>> option can inflate the egos of many users.  You might be surprised how
>> far
>> the illusion of control gets you with people.
>>
>> Of course, I have a second policy scoped to the same group that runs
>> over
>> the weekend for anyone who didn't avail themselves of self-service.
>>
>> ----------
>> Miles A. Leacy IV
>>
>> ? Certified System Administrator 10.4
>> ? Certified Technical Coordinator 10.5
>> ? Certified Trainer
>> Certified Casper Administrator
>> ----------
>> voice: 1-347-277-7321
>> miles.leacy at themacadmin.com
>> www.themacadmin.com
>>
>>
>>
>>
>>    2008/12/11 Nichols, Jared <jared.nichols at ll.mit.edu>
>>
>> >  I run our own Software Update Server so I can vette any packages
>> first.
>> >  If it's ok, I release it in SUS and let the software update mechanism
>> > handle it.  I do force a once monthly mandatory update.  Users can run
>> it
>> > optionally on their own or it'll pop up automatically weekly.
>> >
>> > j
>> >
>> >
>> >
>>
>> > On 12/11/08 12:12 , "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:
>> >
>> > Hey all,
>> >
>> > Do you guys have any procedures for deploying updates to machines? If
>> so,
>> > can you shed some light on how you handle updating clients?
>> >
>> > Thank you much!
>> >
>> > *Jeffrey A. Strauss
>> > *Department of Educational Technology
>> > *Systems Administrator
>> > *Loyola High School of Los Angeles
>> > 1901 Venice Blvd.
>> > Los Angeles, Ca 90006
>> > (213) 381-5121 x265
>> >
>> > Please consider the environment before printing this e-mail.
>> >
>> >
>> >
>>
>> > --
>>
>>   > Jared Nichols
>> > ISD Infrastructure and Operations ? Desktop Engineering
>> > MIT Lincoln Laboratory
>> > 244 Wood St.
>> > Lexington, MA 02420-9108
>> > (781) 981-5500
>> >
>> > _______________________________________________
>> > Casper mailing list
>> > Casper at list.jamfsoftware.com
>> > http://list.jamfsoftware.com/mailman/listinfo/casper
>> >
>> >
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/363bd5d7/attachment.htm 

From ERNSTCS at uwec.edu  Thu Dec 11 12:38:57 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Thu, 11 Dec 2008 14:38:57 -0600
Subject: [Casper] Casper VNC crashes
In-Reply-To: <OF6F86CDF5.A9DA9BD6-ON8625751C.006E282B-8625751C.006F04AF@spps.org>
Message-ID: <C566D681.11C31%ernstcs@uwec.edu>

Nathaniel,

You are not a lone my brother...and I think JAMF is well aware of this. Don't know what plans they have, if any, at this point though.

Craig E



On 12/11/08 2:05 PM, "Nathaniel Lindley" <NATHANIEL.LINDLEY at spps.org> wrote:

It seems that more and more frequently when I use Casper VNC, it will crash
the Casper Remote program when I disconnect from the remote machine.  This
happens on both 10.4 and 10.5 admin computers using Casper Remote 6.01.  So
the only thing I've found to unlock Casper Remote (Force Quit doesn't work)
is to logout, then log back in to the computer.   I've tried force quitting
process in Activity Monitor, but I can't find the right one.
So now, we connect with Casper Remote/VNC, then enable ARD, then
disconnect, crash, then logout/login, connect with ARD.  Not very
efficient.  I'm I the only one?
-Nathaniel Lindley



_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/b8f3e96b/attachment.html 

From zach at jamfsoftware.com  Thu Dec 11 13:06:01 2008
From: zach at jamfsoftware.com (Zach Halmstad)
Date: Thu, 11 Dec 2008 13:06:01 -0800
Subject: [Casper] Casper VNC crashes
In-Reply-To: <C566D681.11C31%ernstcs@uwec.edu>
References: <OF6F86CDF5.A9DA9BD6-ON8625751C.006E282B-8625751C.006F04AF@spps.org>,
	<C566D681.11C31%ernstcs@uwec.edu>
Message-ID: <37C99298C4854047BB5A8C934D9C93FD780D760738@EXVMBX015-1.exch015.msoutlookonline.net>

Hello everyone-

We are aware of the issue and it has been resolved in our latest builds. We've done 3 intensive days of QA last week on just the VNC functionality, and have not seen Casper Remote crash at all.

regards,
zach






________________________________________
From: casper-bounces at list.jamfsoftware.com [casper-bounces at list.jamfsoftware.com] On Behalf Of Ernst, Craig S. [ERNSTCS at uwec.edu]
Sent: Thursday, December 11, 2008 2:38 PM
To: Casper List
Subject: Re: [Casper] Casper VNC crashes

Nathaniel,

You are not a lone my brother...and I think JAMF is well aware of this. Don?t know what plans they have, if any, at this point though.

Craig E



On 12/11/08 2:05 PM, "Nathaniel Lindley" <NATHANIEL.LINDLEY at spps.org> wrote:

It seems that more and more frequently when I use Casper VNC, it will crash
the Casper Remote program when I disconnect from the remote machine.  This
happens on both 10.4 and 10.5 admin computers using Casper Remote 6.01.  So
the only thing I've found to unlock Casper Remote (Force Quit doesn't work)
is to logout, then log back in to the computer.   I've tried force quitting
process in Activity Monitor, but I can't find the right one.
So now, we connect with Casper Remote/VNC, then enable ARD, then
disconnect, crash, then logout/login, connect with ARD.  Not very
efficient.  I'm I the only one?
-Nathaniel Lindley



_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper


From NATHANIEL.LINDLEY at spps.org  Thu Dec 11 13:17:51 2008
From: NATHANIEL.LINDLEY at spps.org (NATHANIEL.LINDLEY at spps.org)
Date: Thu, 11 Dec 2008 15:17:51 -0600
Subject: [Casper] Casper VNC crashes
In-Reply-To: <37C99298C4854047BB5A8C934D9C93FD780D760738@EXVMBX015-1.exch015.msoutlookonline.net>
Message-ID: <OFE74BEA83.4F41AAB0-ON8625751C.0074F3CE-8625751C.00759A9C@spps.org>

And there was much rejoicing.  :)




Zach Halmstad <zach at jamfsoftware.com> 
Sent by: casper-bounces at list.jamfsoftware.com
12/11/2008 02:59 PM

To
"Ernst, Craig S." <ERNSTCS at uwec.edu>, Casper List 
<casper at list.jamfsoftware.com>
cc

Subject
Re: [Casper] Casper VNC crashes






Hello everyone-

We are aware of the issue and it has been resolved in our latest builds. 
We've done 3 intensive days of QA last week on just the VNC functionality, 
and have not seen Casper Remote crash at all.

regards,
zach






________________________________________
From: casper-bounces at list.jamfsoftware.com 
[casper-bounces at list.jamfsoftware.com] On Behalf Of Ernst, Craig S. 
[ERNSTCS at uwec.edu]
Sent: Thursday, December 11, 2008 2:38 PM
To: Casper List
Subject: Re: [Casper] Casper VNC crashes

Nathaniel,

You are not a lone my brother...and I think JAMF is well aware of this. 
Don?t know what plans they have, if any, at this point though.

Craig E



On 12/11/08 2:05 PM, "Nathaniel Lindley" <NATHANIEL.LINDLEY at spps.org> 
wrote:

It seems that more and more frequently when I use Casper VNC, it will 
crash
the Casper Remote program when I disconnect from the remote machine.  This
happens on both 10.4 and 10.5 admin computers using Casper Remote 6.01. So
the only thing I've found to unlock Casper Remote (Force Quit doesn't 
work)
is to logout, then log back in to the computer.   I've tried force 
quitting
process in Activity Monitor, but I can't find the right one.
So now, we connect with Casper Remote/VNC, then enable ARD, then
disconnect, crash, then logout/login, connect with ARD.  Not very
efficient.  I'm I the only one?
-Nathaniel Lindley



_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper

_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/13b30342/attachment.htm 

From miles.leacy at themacadmin.com  Thu Dec 11 14:14:09 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Thu, 11 Dec 2008 17:14:09 -0500
Subject: [Casper] MS Office 2008 configuration
Message-ID: <ec2e75ff0812111414o1c56f8c6p32741d1f97badc19@mail.gmail.com>

I'm curious to see what customizations folks are using for their Office 2008
deployments.
I have the following script that runs on any machine with Office 2008
installed, at login, once per user:

#!/bin/bash

# scr_app_office2008FileFormats.bash
#
# Set Office 2008 apps to save in .doc, .xls. .ppt rather than docx, etc.
#
# Written by Miles A. Leacy IV
# Last modified 20080612

# Word
defaults write com.microsoft.Word 2008\\Default\ Save\\Default\ Format
-string Doc97

# Excel
defaults write com.microsoft.Excel 2008\\Default\ Save\\Default\ Format -int
57

# Powerpoint
defaults write com.microsoft.Powerpoint 2008\\Default\ Save\\Default\
Save\\Default\ Format -string Microsoft\ PowerPoint\ 98\ Presentation

exit 0

### end script

This avoids any file incompatibilities with Office 2004 or Windows Office
<2007 users.

What modifications are you using?  Does anyone run into the "do fonts" issue
that was present in Office 2004?  If so, how do you stop it?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/b7da0a2f/attachment.html 

From miles.leacy at themacadmin.com  Thu Dec 11 14:53:45 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Thu, 11 Dec 2008 17:53:45 -0500
Subject: [Casper] Updates
In-Reply-To: <ec2e75ff0812111236i11f0d9bfle0ad75562a9779ee@mail.gmail.com>
References: <49410A3A0200003900006C9A@gwoes4.kckps.org>
	<49410A3B0200003900006C9D@gwoes4.kckps.org>
	<ec2e75ff0812111129l1d132f88mac5ab3e719f969a6@mail.gmail.com>
	<494120F1.7141.0039.0@kckps.org>
	<ec2e75ff0812111236i11f0d9bfle0ad75562a9779ee@mail.gmail.com>
Message-ID: <ec2e75ff0812111453u4cfa0ca1h63f30087a1c70690@mail.gmail.com>

Apple did the work for us.
10.5 Software Update Servers can "cascade".  To set this up, you'll need to
change /etc/swupd/swupd.plist on your "child" SUSes.

/usr/libexec/PlistBuddy -c "Set :metaIndexURL
http://yourprimarysus.yourcompany.com:8088/catalogs.sucatalog
 /etc/swupd/swupd.plist

This will cause your "child" SUS to mirror what's on your primary SUS.

I'm trying to learn new tricks with PlistBuddy instead of sticking with
defaults.  If my syntax is off, let me know. "metaIndexURL" is a root level
key in /etc/swupd/swupd.plist.  It's value must be the string "
http://yourprimarysus.yourcompany.com:8088/catalogs.sucatalog" for cascading
to work.

Of course, you replace "yourprimarysus.yourcompany.com" with the fqdn of
your primary SUS.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Thu, Dec 11, 2008 at 3:36 PM, Miles Leacy <miles.leacy at themacadmin.com>wrote:

> To pull your Apple updates from the Casper distribution point, you'd need
> to add them to the JSS, which brings in the manual work of scoping the
> updates appropriately.
> The Apple Software Update service stores its info in /usr/share/swupd/html/
> replicating the contents of this directory from one server to another
> *might* get you identical Software Update Servers, but I don't know if it
> would work.
>
> What I hypothesize could work and might be worth testing is the following:
>
> 1. Update your primary SUS
> 2. Export the SUS service settings from Server Admin on the primary SUS
> 3. Import the SUS service settings gathered above to your child SUS
> 4. See if importing these settings causes your child SUS to update its SUS
> data
> 5. If the answer to step 4 is no, try rsync-ing your /usr/share/swupd/html/
> folder from primary SUS to child SUS.
>
> Manually updating an SUS is something I consider a best practice.  You'll
> want to see what's available, download the package to a test box and vet the
> update, then enable it on the SUS.  What this hopes to achieve is to keep
> you from having to repeat that process on every SUS in your enterprise.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> On Thu, Dec 11, 2008 at 3:17 PM, Thomas Larkin <tlarki at kckps.org> wrote:
>
>>  Yes our SUS is an Xserve that is dedicated to SUS and file sharing, and
>> I want it to download and cache out all approved updates to distribution
>> points, since our distribution points run off of RAIDs on building level
>> Xserves.  That way they could sync the updates over night, and during
>> operating hours machines would not go over the WAN for updates, they could
>> pull them off the casper distribution point.
>>
>>  Does that make sense?
>>
>> >>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/11/08 1:29 PM >>>
>>
>> Are the distribution points on OS X Servers?  If so, the easiest solution
>> is to create multiple instances of SUS on different network segments.
>>
>>
>>   I was thinking through an automated way to move packages from an SUS to
>> a Casper distribution point, and it's relatively easy to get the packages
>> there.  The hurdle is making them useful to Software Update, or even to
>> Casper.
>>
>>
>>   I suppose you could forego the SUS and add Apple update pkgs to your
>> JSS and deploy them that way.  This would bring on additional work as you'd
>> need to determine the dependencies and compatibility of each update manually
>> and scope their installation appropriately.  If you use an SUS and Software
>> Update, Apple does that work for you.
>>
>>
>> ----------
>> Miles A. Leacy IV
>>
>> ? Certified System Administrator 10.4
>> ? Certified Technical Coordinator 10.5
>> ? Certified Trainer
>> Certified Casper Administrator
>> ----------
>> voice: 1-347-277-7321
>> miles.leacy at themacadmin.com
>> www.themacadmin.com
>>
>>
>>
>>
>>   On Thu, Dec 11, 2008 at 1:40 PM, Thomas Larkin
>>
>> <TLARKI at kckps.org>
>>
>> wrote:
>>
>>>  I have a self service policy that runs all approved updates off of our
>>> sus. I also download the pkg for quick critical updates and push them
>>> out via a policy.
>>>
>>> I only have one sus and it would be awesome if I could cache those
>>> updates to the casper distribution points. Then I wouldn't have 6000
>>> clients pulling updates off one server.  Then just use that one server
>>> to control it while the casper share points distribute it to their set
>>> vlans.
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: "Miles Leacy" <miles.leacy at themacadmin.com>
>>> Cc: List, Casper <casper at list.jamfsoftware.com>
>>> To: Nichols, Jared <jared.nichols at ll.mit.edu>
>>>
>>> Sent: 12/11/2008 11:29:28 AM
>>> Subject: Re: [Casper] Updates
>>>
>>> Do your users run it via self-service?
>>> I have an "updates available" smart group that consists of all machines
>>> with
>>> >0 updates available.  A self-service policy scoped to this smart group
>>> allows non-admins to run Apple updates.  As silly as it may seem, this
>>> option can inflate the egos of many users.  You might be surprised how
>>> far
>>> the illusion of control gets you with people.
>>>
>>> Of course, I have a second policy scoped to the same group that runs
>>> over
>>> the weekend for anyone who didn't avail themselves of self-service.
>>>
>>> ----------
>>> Miles A. Leacy IV
>>>
>>> ? Certified System Administrator 10.4
>>> ? Certified Technical Coordinator 10.5
>>> ? Certified Trainer
>>> Certified Casper Administrator
>>> ----------
>>> voice: 1-347-277-7321
>>> miles.leacy at themacadmin.com
>>> www.themacadmin.com
>>>
>>>
>>>
>>>
>>>    2008/12/11 Nichols, Jared <jared.nichols at ll.mit.edu>
>>>
>>> >  I run our own Software Update Server so I can vette any packages
>>> first.
>>> >  If it's ok, I release it in SUS and let the software update mechanism
>>> > handle it.  I do force a once monthly mandatory update.  Users can run
>>> it
>>> > optionally on their own or it'll pop up automatically weekly.
>>> >
>>> > j
>>> >
>>> >
>>> >
>>>
>>> > On 12/11/08 12:12 , "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:
>>> >
>>> > Hey all,
>>> >
>>> > Do you guys have any procedures for deploying updates to machines? If
>>> so,
>>> > can you shed some light on how you handle updating clients?
>>> >
>>> > Thank you much!
>>> >
>>> > *Jeffrey A. Strauss
>>> > *Department of Educational Technology
>>> > *Systems Administrator
>>> > *Loyola High School of Los Angeles
>>> > 1901 Venice Blvd.
>>> > Los Angeles, Ca 90006
>>> > (213) 381-5121 x265
>>> >
>>> > Please consider the environment before printing this e-mail.
>>> >
>>> >
>>> >
>>>
>>> > --
>>>
>>>   > Jared Nichols
>>> > ISD Infrastructure and Operations ? Desktop Engineering
>>> > MIT Lincoln Laboratory
>>> > 244 Wood St.
>>> > Lexington, MA 02420-9108
>>> > (781) 981-5500
>>> >
>>> > _______________________________________________
>>> > Casper mailing list
>>> > Casper at list.jamfsoftware.com
>>> > http://list.jamfsoftware.com/mailman/listinfo/casper
>>> >
>>> >
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081211/420840ed/attachment-0001.html 

From miles.leacy at themacadmin.com  Fri Dec 12 07:10:27 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Fri, 12 Dec 2008 10:10:27 -0500
Subject: [Casper] MS Office 2008 configuration
In-Reply-To: <4058FCBF8DBA6646855ABFA27F869E51F7DB5C120A@EXCHANGE.hopkins.hopkinsschools.org>
References: <ec2e75ff0812111414o1c56f8c6p32741d1f97badc19@mail.gmail.com>
	<4058FCBF8DBA6646855ABFA27F869E51F7DB5C120A@EXCHANGE.hopkins.hopkinsschools.org>
Message-ID: <ec2e75ff0812120710j16ebc5d2h652c51bcca715ded@mail.gmail.com>

Perhaps you could have a script sequester the existing database, then
install 2008, then have an Applescript or Automator action walk the client
through importing their old database?
In the organizations I've worked with lately, user data is the user's
responsibility.  By providing such a tool, you could assist the user without
actually taking responsibility for the data.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Fri, Dec 12, 2008 at 9:51 AM, John Wetter
<john_wetter at hopkins.k12.mn.us>wrote:

>  We're basically doing the same thing.  We also have an install script
> that is removing the applications and directories.  Before that though we
> have a completely manual step of rebuilding the database.  The number of
> issues we've had trying to do straight updates is just too big.  I'd love to
> just blow away the database, but because Address Groups, Tasks, and Notes
> aren't synced to Exchange, that isn't an option...
>
> -John
>
> --
> John Wetter
> Technology Support Administrator
> Technology & Information Services
> Hopkins Public Schools
> 952-988-5373
> john_wetter at hopkins.k12.mn.us
>   ------------------------------
> *From:* casper-bounces at list.jamfsoftware.com [
> casper-bounces at list.jamfsoftware.com] On Behalf Of Miles Leacy [
> miles.leacy at themacadmin.com]
> *Sent:* Thursday, December 11, 2008 4:14 PM
> *To:* Casper Listserv
> *Subject:* [Casper] MS Office 2008 configuration
>
>  I'm curious to see what customizations folks are using for their Office
> 2008 deployments.
>  I have the following script that runs on any machine with Office 2008
> installed, at login, once per user:
>
>  #!/bin/bash
>
>  # scr_app_office2008FileFormats.bash
> #
> # Set Office 2008 apps to save in .doc, .xls. .ppt rather than docx, etc.
> #
> # Written by Miles A. Leacy IV
> # Last modified 20080612
>
>  # Word
> defaults write com.microsoft.Word 2008\\Default\ Save\\Default\ Format
> -string Doc97
>
>  # Excel
> defaults write com.microsoft.Excel 2008\\Default\ Save\\Default\ Format
> -int 57
>
>  # Powerpoint
> defaults write com.microsoft.Powerpoint 2008\\Default\ Save\\Default\
> Save\\Default\ Format -string Microsoft\ PowerPoint\ 98\ Presentation
>
>  exit 0
>
>  ### end script
>
>  This avoids any file incompatibilities with Office 2004 or Windows Office
> <2007 users.
>
>  What modifications are you using?  Does anyone run into the "do fonts"
> issue that was present in Office 2004?  If so, how do you stop it?
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/54d47504/attachment.html 

From william.smith at merrillcorp.com  Fri Dec 12 07:39:12 2008
From: william.smith at merrillcorp.com (Smith, William)
Date: Fri, 12 Dec 2008 09:39:12 -0600
Subject: [Casper] MS Office 2008 configuration
In-Reply-To: <ec2e75ff0812111414o1c56f8c6p32741d1f97badc19@mail.gmail.com>
Message-ID: <C567E1C0.7F74%william.smith@merrillcorp.com>

On 12/11/08 4:14 PM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

> I'm curious to see what customizations folks are using for their Office 2008
> deployments.
> 
> [snip]
> 
> What modifications are you using?  Does anyone run into the "do fonts" issue
> that was present in Office 2004?  If so, how do you stop it?

I have to admit that we need to plan for our Office 2008 migration
ourselves. We still have a dependency on VBA but I?m pretty sure that could
be redone with AppleScript.

What?s the ?do fonts? issue you?re referring to? I prefer to install a full
application package and then use post-install scripts to customize for each
of our group?s needs. Microsoft did a great thing by putting all their fonts
into /Library/Fonts/Microsoft for Office 2008. That makes manipulating their
font install very painless.

I?ll be visiting with the MacBU folks at Macworld in January and hope to get
some insight from their Entourage developers for automating the upgrade
process. They should know the right hooks. If I learn anything then I?ll be
sure to spread the wealth.

-- 

bill

William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/fe67f349/attachment.htm 

From HPOSTMAN at capousd.org  Fri Dec 12 07:59:41 2008
From: HPOSTMAN at capousd.org (Postman, Hillary)
Date: Fri, 12 Dec 2008 07:59:41 -0800
Subject: [Casper] MS Office 2008 configuration
In-Reply-To: <C567E1C0.7F74%william.smith@merrillcorp.com>
Message-ID: <C567CA6D.135E5%HPOSTMAN@capousd.org>

Office 2008 doesn?t come with Do Fonts; but it?s still very slow upon
startup without a lot of RAM.

Hillary

Hillary Postman
Technology Support Specialist III
Capistrano Unified School District
33122 Valle Rd.
San Juan Capistrano, CA
(949) 234-5530 






On 12/12/08 7:39 AM, "Smith, William" <william.smith at merrillcorp.com> wrote:

> On 12/11/08 4:14 PM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:
> 
>> I'm curious to see what customizations folks are using for their Office 2008
>> deployments.
>> 
>> [snip]
>> 
>> What modifications are you using?  Does anyone run into the "do fonts" issue
>> that was present in Office 2004?  If so, how do you stop it?
> 
> I have to admit that we need to plan for our Office 2008 migration ourselves.
> We still have a dependency on VBA but I?m pretty sure that could be redone
> with AppleScript.
> 
> What?s the ?do fonts? issue you?re referring to? I prefer to install a full
> application package and then use post-install scripts to customize for each of
> our group?s needs. Microsoft did a great thing by putting all their fonts into
> /Library/Fonts/Microsoft for Office 2008. That makes manipulating their font
> install very painless.
> 
> I?ll be visiting with the MacBU folks at Macworld in January and hope to get
> some insight from their Entourage developers for automating the upgrade
> process. They should know the right hooks. If I learn anything then I?ll be
> sure to spread the wealth.



This communication and any documents, files, or previous e-mail 
messages attached to it constitute an electronic communication within 
the scope of the Electronic Communication Privacy Act, 18 USCA 2510.  
This communication may contain non-public, confidential, or legally 
privileged information intended for the sole use of the designated 
recipient(s).  The unlawful interception, use or disclosure of such 
information is strictly prohibited under 18 USCA 2511 and any 
applicable laws.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/966cc3b8/attachment.htm 

From miles.leacy at themacadmin.com  Fri Dec 12 08:15:52 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Fri, 12 Dec 2008 11:15:52 -0500
Subject: [Casper] MS Office 2008 configuration
In-Reply-To: <C567E1C0.7F74%william.smith@merrillcorp.com>
References: <ec2e75ff0812111414o1c56f8c6p32741d1f97badc19@mail.gmail.com>
	<C567E1C0.7F74%william.smith@merrillcorp.com>
Message-ID: <ec2e75ff0812120815l31b10ee6q84547e9dd2e522fc@mail.gmail.com>

"Do Fonts" was software that would scan your fonts when launching an Office
2004 application.  If any of the Microsoft-installed fonts were missing, Do
Fonts would replace them.  It's akin to an Acrobat-self repair, and just as
much of a problem if you're trying to manage fonts.
There were several ways to disable it, all of which (at least the ones I
knew about) were inelegant, dirty hacks.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/12 Smith, William <william.smith at merrillcorp.com>

>  On 12/11/08 4:14 PM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:
>
> I'm curious to see what customizations folks are using for their Office
> 2008 deployments.
>
> [snip]
>
> What modifications are you using?  Does anyone run into the "do fonts"
> issue that was present in Office 2004?  If so, how do you stop it?
>
>
> I have to admit that we need to plan for our Office 2008 migration
> ourselves. We still have a dependency on VBA but I'm pretty sure that could
> be redone with AppleScript.
>
> What's the "do fonts" issue you're referring to? I prefer to install a full
> application package and then use post-install scripts to customize for each
> of our group's needs. Microsoft did a great thing by putting all their fonts
> into /Library/Fonts/Microsoft for Office 2008. That makes manipulating their
> font install very painless.
>
> I'll be visiting with the MacBU folks at Macworld in January and hope to
> get some insight from their Entourage developers for automating the upgrade
> process. They should know the right hooks. If I learn anything then I'll be
> sure to spread the wealth.
>
> --
>
> bill
>
> William M. Smith, Technical Analyst
> MCS IT
> Merrill Communications, LLC
> (651) 632-1492
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/ec369fe8/attachment-0001.html 

From HPOSTMAN at capousd.org  Fri Dec 12 08:25:54 2008
From: HPOSTMAN at capousd.org (Postman, Hillary)
Date: Fri, 12 Dec 2008 08:25:54 -0800
Subject: [Casper] MS Office 2008 configuration
In-Reply-To: <ec2e75ff0812120815l31b10ee6q84547e9dd2e522fc@mail.gmail.com>
Message-ID: <C567D092.135FA%HPOSTMAN@capousd.org>

We just removed the Do Fonts folder on our images, or manually tossed it if
need be. We never had any blowback from just simply removing it on a few
thousand computers.


On 12/12/08 8:15 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

> "Do Fonts" was software that would scan your fonts when launching an Office
> 2004 application.  If any of the Microsoft-installed fonts were missing, Do
> Fonts would replace them.  It's akin to an Acrobat-self repair, and just as
> much of a problem if you're trying to manage fonts.
> 
> There were several ways to disable it, all of which (at least the ones I knew
> about) were inelegant, dirty hacks.
> 
> ----------
> Miles A. Leacy IV
> 
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
> 
> 
> 
> 
> 2008/12/12 Smith, William <william.smith at merrillcorp.com>
>> On 12/11/08 4:14 PM, "Miles Leacy" <miles.leacy at themacadmin.com
>> <http://miles.leacy at themacadmin.com> > wrote:
>> 
>>> I'm curious to see what customizations folks are using for their Office 2008
>>> deployments.
>>> 
>>> [snip]
>>> 
>>> 
>>> What modifications are you using?  Does anyone run into the "do fonts" issue
>>> that was present in Office 2004?  If so, how do you stop it?
>> 
>> I have to admit that we need to plan for our Office 2008 migration ourselves.
>> We still have a dependency on VBA but I'm pretty sure that could be redone
>> with AppleScript.
>> 
>> What's the "do fonts" issue you're referring to? I prefer to install a full
>> application package and then use post-install scripts to customize for each
>> of our group's needs. Microsoft did a great thing by putting all their fonts
>> into /Library/Fonts/Microsoft for Office 2008. That makes manipulating their
>> font install very painless.
>> 
>> I'll be visiting with the MacBU folks at Macworld in January and hope to get
>> some insight from their Entourage developers for automating the upgrade
>> process. They should know the right hooks. If I learn anything then I'll be
>> sure to spread the wealth.



This communication and any documents, files, or previous e-mail 
messages attached to it constitute an electronic communication within 
the scope of the Electronic Communication Privacy Act, 18 USCA 2510.  
This communication may contain non-public, confidential, or legally 
privileged information intended for the sole use of the designated 
recipient(s).  The unlawful interception, use or disclosure of such 
information is strictly prohibited under 18 USCA 2511 and any 
applicable laws.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/9d1910d6/attachment.htm 

From tlarki at kckps.org  Fri Dec 12 08:26:15 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Fri, 12 Dec 2008 10:26:15 -0600
Subject: [Casper] resource kit, enabling ARD users
Message-ID: <49423C47.7141.0039.0@kckps.org>

So, I have the task of creating a specific user account just for ARD access, and I was writing my own script for it.  Then I take a peek in the Jamf Resource Kit and they have a script as well, which is pretty much the same thing as my script but with minor differences.  My script was not as chatty, no echos.   

I already have a kick start script which enables ARD for admin users only and it works great and we deploy it via Casper Policy, now I want to change that to a list of specified users (which there is a command for in the kick start binary) to the two local admin accounts and the one non admin account we set up just for ARD viewing.  The script in the resource kit allows for one specified user and when I try to add a list of users, I get all kinds of syntax errors. 

has anyone added a specific list of users?  I have created a hidden account which is non admin but I want it to have ARD rights in the remote management pane of system preferences. 

Thoughts? 
___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/6d45ee92/attachment.html 

From miles.leacy at themacadmin.com  Fri Dec 12 08:33:54 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Fri, 12 Dec 2008 11:33:54 -0500
Subject: [Casper] resource kit, enabling ARD users
In-Reply-To: <49423C47.7141.0039.0@kckps.org>
References: <49423C47.7141.0039.0@kckps.org>
Message-ID: <ec2e75ff0812120833q21c5eeccwbb524439ba8ec22f@mail.gmail.com>

From sudo
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart
-h

- Give admin and bob all access.
  kickstart -configure -access -on -privs -all -users admin,bob

So, it looks like comma separated shortnames after the -users switch is what
you need.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/12 Thomas Larkin <tlarki at kckps.org>

>  So, I have the task of creating a specific user account just for ARD
> access, and I was writing my own script for it.  Then I take a peek in the
> Jamf Resource Kit and they have a script as well, which is pretty much the
> same thing as my script but with minor differences.  My script was not as
> chatty, no echos.
>
>  I already have a kick start script which enables ARD for admin users only
> and it works great and we deploy it via Casper Policy, now I want to change
> that to a list of specified users (which there is a command for in the kick
> start binary) to the two local admin accounts and the one non admin account
> we set up just for ARD viewing.  The script in the resource kit allows for
> one specified user and when I try to add a list of users, I get all kinds of
> syntax errors.
>
>  has anyone added a specific list of users?  I have created a hidden
> account which is non admin but I want it to have ARD rights in the remote
> management pane of system preferences.
>
>  Thoughts?
>
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
>
>
>
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/370326f5/attachment.htm 

From john_wetter at hopkins.k12.mn.us  Fri Dec 12 08:35:54 2008
From: john_wetter at hopkins.k12.mn.us (John Wetter)
Date: Fri, 12 Dec 2008 10:35:54 -0600
Subject: [Casper] MS Office 2008 configuration
In-Reply-To: <C567E1C0.7F74%william.smith@merrillcorp.com>
Message-ID: <C567EF0A.7933%john_wetter@hopkins.k12.mn.us>

Here's what we're do:

Do rebuild of Entourage Db.

Run this script:

(Please keep comments intact if you use)

#!/bin/bash

#HOPKINS ISD 270 MS Office 2008 Migration Script
#Andy Hakala created and last revised 11/12/2008
#John Wetter revised 11/21/2008
#
# ****READ THIS FIRST****
#Here are a few quick notes about using this script. First, the JAMF agent (casper) must be installed for any of this to work because that agent is called
#several times in this script. Also, it is important that the following steps are followed...1.Cache the Office 2008 package. 2.Contact the end user and let
#them know that this will be happening. (The script will kill all office processes without allowing for a "Save" of current work) 3. Run the script
#(sudo ./Office2008_upgrage.sh) 5. Launch Entourage 2008 and upgragde the Identity. If there are errors the db will have to be repaired and reimported.


#Kill all running microsoft processes

kill -9 `ps -ax | grep "Microsoft Word" | cut -d' ' -f1`
kill -9 `ps -ax | grep "Microsoft Excel" | cut -d' ' -f1`
kill -9 `ps -ax | grep "Microsoft PowerPoint" | cut -d' ' -f1`
kill -9 `ps -ax | grep "Microsoft Entourage" | cut -d' ' -f1`

sleep 2

#remove all MSO 2004 Dock Icons
jamf modifyDock -id 5 -remove -leaverunning
jamf modifyDock -id 3 -remove -leaverunning
jamf modifyDock -id 2 -remove -leaverunning
jamf modifyDock -id 4 -remove

#remove all MSO 2004 apps
rm -r /Applications/Microsoft\ Office\ 2004/
rm -r /Applications/Microsoft\ AutoUpdate.app
rm -r /Applications/Open\ XML\ Converter.app
rm -r /Library/Application\ Support/Microsoft/

sleep 2

#install MS Office 2008
#jamf installAllCached
jamf install -package MS_OfficeV12.1.4_NOUD.dmg -path /Library/Application\ Support/JAMF/Waiting\ Room -fut -feu -showProgress

#add MSO 2008 Dock items
jamf modifyDock -id 35 -beginning
jamf modifyDock -id 36 -beginning
jamf modifyDock -id 37 -beginning
jamf modifyDock -id 38 -beginning

---------------------------

After the install, import the Db, then run the script to change the save format.  We did this in the original packages, but Office seems to change this on it's firstrun again which is quite annoying.

-John


On 12/12/08 9:39 AM, "Smith, William" <william.smith at merrillcorp.com> wrote:

On 12/11/08 4:14 PM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

I'm curious to see what customizations folks are using for their Office 2008 deployments.

[snip]

What modifications are you using?  Does anyone run into the "do fonts" issue that was present in Office 2004?  If so, how do you stop it?

I have to admit that we need to plan for our Office 2008 migration ourselves. We still have a dependency on VBA but I'm pretty sure that could be redone with AppleScript.

What's the "do fonts" issue you're referring to? I prefer to install a full application package and then use post-install scripts to customize for each of our group's needs. Microsoft did a great thing by putting all their fonts into /Library/Fonts/Microsoft for Office 2008. That makes manipulating their font install very painless.

I'll be visiting with the MacBU folks at Macworld in January and hope to get some insight from their Entourage developers for automating the upgrade process. They should know the right hooks. If I learn anything then I'll be sure to spread the wealth.

--
John Wetter
Technology Support Administrator
Technology & Information Services
Hopkins Public Schools
952-988-5373
john_wetter at hopkins.k12.mn.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/a43149e0/attachment-0001.html 

From miles.leacy at themacadmin.com  Fri Dec 12 08:40:00 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Fri, 12 Dec 2008 11:40:00 -0500
Subject: [Casper] MS Office 2008 configuration
In-Reply-To: <C567D092.135FA%HPOSTMAN@capousd.org>
References: <ec2e75ff0812120815l31b10ee6q84547e9dd2e522fc@mail.gmail.com>
	<C567D092.135FA%HPOSTMAN@capousd.org>
Message-ID: <ec2e75ff0812120840p459804efk1008ecd089e45969@mail.gmail.com>

Well, I guess that'll do it.  :)
I recall using a hack to the office apps that would keep them from calling
do fonts.  But MS got smart in 2008 apparently.

Another issue I recall for 2004 was for the PDF component that Acrobat
insisted on inserting into Office apps and which resulted in an annoying
1-button toolbar appearing and throwing off the Office app's UI.  Is this
still happening for the current Acrobat & Office versions?  If you removed
that item, Acrobat would self-repair it.  My solution was to leave it in
place and change its permissions to 000 so that it couldn't be launched.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/12 Postman, Hillary <HPOSTMAN at capousd.org>

>  We just removed the Do Fonts folder on our images, or manually tossed it
> if need be. We never had any blowback from just simply removing it on a few
> thousand computers.
>
>
> On 12/12/08 8:15 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:
>
> "Do Fonts" was software that would scan your fonts when launching an Office
> 2004 application.  If any of the Microsoft-installed fonts were missing, Do
> Fonts would replace them.  It's akin to an Acrobat-self repair, and just as
> much of a problem if you're trying to manage fonts.
>
> There were several ways to disable it, all of which (at least the ones I
> knew about) were inelegant, dirty hacks.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
>
>
>
>
> 2008/12/12 Smith, William <william.smith at merrillcorp.com>
>
> On 12/11/08 4:14 PM, "Miles Leacy" <miles.leacy at themacadmin.com <
> http://miles.leacy at themacadmin.com> > wrote:
>
> I'm curious to see what customizations folks are using for their Office
> 2008 deployments.
>
> [snip]
>
>
> What modifications are you using?  Does anyone run into the "do fonts"
> issue that was present in Office 2004?  If so, how do you stop it?
>
>
> I have to admit that we need to plan for our Office 2008 migration
> ourselves. We still have a dependency on VBA but I'm pretty sure that could
> be redone with AppleScript.
>
> What's the "do fonts" issue you're referring to? I prefer to install a full
> application package and then use post-install scripts to customize for each
> of our group's needs. Microsoft did a great thing by putting all their fonts
> into /Library/Fonts/Microsoft for Office 2008. That makes manipulating their
> font install very painless.
>
> I'll be visiting with the MacBU folks at Macworld in January and hope to
> get some insight from their Entourage developers for automating the upgrade
> process. They should know the right hooks. If I learn anything then I'll be
> sure to spread the wealth.
>
> ------------------------------
> This communication and any documents, files, or previous e-mail
> messages attached to it constitute an electronic communication within
> the scope of the Electronic Communication Privacy Act, 18 USCA 2510.
> This communication may contain non-public, confidential, or legally
> privileged information intended for the sole use of the designated
> recipient(s). The unlawful interception, use or disclosure of such
> information is strictly prohibited under 18 USCA 2511 and any
> applicable laws.
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/171579cc/attachment.html 

From sean.hansell at jwt.com  Fri Dec 12 08:52:11 2008
From: sean.hansell at jwt.com (sean.hansell at jwt.com)
Date: Fri, 12 Dec 2008 11:52:11 -0500
Subject: [Casper] Running out of HD space on Distribution Points
Message-ID: <OF1A8D2520.35A50558-ON8525751D.005BEE31-8525751D.005CAA27@jwt.com;
	namail2.na.corp.jwt.com>

Hey guys, I'm having a bit of a critical issue.

My Master Share clocks in at about 85GB. In addition to the normal stuff 
in there I also have keep 14 days worth of database backups.

I have about 12 remote Distribution points. I use remote sync on all of 
them. It runs every night after I do a DB Backup, this way the sync 
carries the latest backup to all the remote distribution points.

My problem is that I noticed that casper remote sync is not cleaning up 
after itself after it does a sync. It is not moving deleted packages into 
the deleted packages folder, but recopying the ones from the Master share 
that I've deleted since the backup, leaving two copies of the same package 
on the repository. Its also not deleting old database backups from the 
remote distribution points either, so when I last checked my smallest 
repository which has a 160GB Hard Drive in it, it was completely full.

How can I make this work?



</PRE><p><span style="font-size:9.5pt;line-height:115%;font-family: Arial">This transmission is intended solely for the person or organization to whom it is addressed and it may contain privileged and confidential information. If you are not the intended recipient you should not copy, distribute or take any action in reliance on it. If you believe you received this transmission in error please notify the sender.</span></p>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/d1c1d9c9/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 14361 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/d1c1d9c9/attachment-0001.jpe 

From NATHANIEL.LINDLEY at spps.org  Fri Dec 12 09:05:19 2008
From: NATHANIEL.LINDLEY at spps.org (NATHANIEL.LINDLEY at spps.org)
Date: Fri, 12 Dec 2008 11:05:19 -0600
Subject: [Casper] Running out of HD space on Distribution Points
In-Reply-To: <OF1A8D2520.35A50558-ON8525751D.005BEE31-8525751D.005CAA27@jwt.com;
	namail2.na.corp.jwt.com>
Message-ID: <OF6DEE971A.28682A2E-ON8625751D.005CE7FA-8625751D.005E7C2B@spps.org>


I've noticed that too, the Automatic Sync  with the JSS utility copies
EVERYTHING in the master "CasperShare" folder to the remote distribution
points.  However, all that needs to be on remote distribution points is
/Packages and /Scripts.  So  all the Deleted Packages get rsynced out, too.
Other problem I noticed is that when I replace a file in an /Extras folder
"Mac_WinXP.ntfs" for example, it doesn't replace on the remote dist. points
because the file name is the same, even though the size and modification
date is different.  So I delete it on the master one day, wait a day or
two, then put the new one back which is then rsynced out.

Feature Request:   Can we select which folders get synced or not?   I'd
like some distribution points to get the /Packages and /Scripts  and some
distribution points to get /Packages, /Scripts and /Extras.  And can we
tell it to look at size and/or date in addition to filename?     I did get
help from JAMF support on modifying the plist at each dist. point, but that
is a pain and gets reset when you change the scheduled sync time.
This added auto-sync feature has been great for me with many distribution
points, just needs a little more to be awesome.

Thanks,


Nathaniel Lindley

++++++++++++++++++
Educational Technology
Saint Paul Public Schools
Saint Paul, Minnesota
nathaniel.lindley at spps.org
phone:  651-248-6861


                                                                           
             sean.hansell at jwt.                                             
             com                                                           
             Sent by:                                                   To 
             casper-bounces at li         support at jamfsoftware.com,           
             st.jamfsoftware.c         casper at list.jamfsoftware.com        
             om                                                         cc 
                                                                           
                                                                   Subject 
             12/12/08 10:45 AM         [Casper] Running out of HD space on 
                                       Distribution Points                 
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           





Hey guys, I'm having a bit of a critical issue.

My Master Share clocks in at about 85GB. In addition to the normal stuff in
there I also have keep 14 days worth of database backups.

I have about 12 remote Distribution points. I use remote sync on all of
them. It runs every night after I do a DB Backup, this way the sync carries
the latest backup to all the remote distribution points.

My problem is that I noticed that casper remote sync is not cleaning up
after itself after it does a sync. It is not moving deleted packages into
the deleted packages folder, but recopying the ones from the Master share
that I've deleted since the backup, leaving two copies of the same package
on the repository. Its also not deleting old database backups from the
remote distribution points either, so when I last checked my smallest
repository which has a 160GB Hard Drive in it, it was completely full.

How can I make this work?

(Embedded image moved to file: pic28570.jpg)


This transmission is intended solely for the person or organization to whom
it is addressed and it may contain privileged and confidential information.
If you are not the intended recipient you should not copy, distribute or
take any action in reliance on it. If you believe you received this
transmission in error please notify the sender.
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper




-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic28570.jpg
Type: image/jpeg
Size: 14361 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/31bca769/attachment.jpg 

From william.smith at merrillcorp.com  Fri Dec 12 10:03:10 2008
From: william.smith at merrillcorp.com (Smith, William)
Date: Fri, 12 Dec 2008 12:03:10 -0600
Subject: [Casper] MS Office 2008 configuration
In-Reply-To: <ec2e75ff0812120815l31b10ee6q84547e9dd2e522fc@mail.gmail.com>
Message-ID: <C568037E.7F8B%william.smith@merrillcorp.com>

On 12/12/08 10:15 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

> "Do Fonts" was software that would scan your fonts when launching an Office
> 2004 application.  If any of the Microsoft-installed fonts were missing, Do
> Fonts would replace them.  It's akin to an Acrobat-self repair, and just as
> much of a problem if you're trying to manage fonts.
> 
> There were several ways to disable it, all of which (at least the ones I knew
> about) were inelegant, dirty hacks.
>> 
Strange. I?ve never heard of a self-repair option in Office 2004 but then
again we just removed the fonts from their drag-n-drop folder prior to
pushing it to machines. Never had a problem other than PowerPoint wanting
some of its fonts; it would crash otherwise.

I?m unaware of any self-repair in Office 2008 and I doubt it exists. MacBU?s
thinking about fonts was changed when they rethought their install strategy.
They finally agreed that not just anyone should be able to install Office on
a machine and now require an admin to do so. A Standard user couldn?t repair
fonts now.

-- 

bill

William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/c17bb718/attachment.html 

From ERNSTCS at uwec.edu  Fri Dec 12 10:06:33 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Fri, 12 Dec 2008 12:06:33 -0600
Subject: [Casper] Running out of HD space on Distribution Points
In-Reply-To: <OF6DEE971A.28682A2E-ON8625751D.005CE7FA-8625751D.005E7C2B@spps.org>
Message-ID: <C5680449.11CFF%ernstcs@uwec.edu>

Hello,

I like the idea of expanding the functionality, but at the same time...if you don't want it copied, don't put it in there.

By default I thought rsync used mod and size, again according to the site for it:

"Rsync finds files that need to be transferred using a "quick check" algorithm (by default) that looks for files that have changed in size or in last-modified time"

That would concern me if your ntfs file isn't getting updated.

If it's not comparing by mod and date...I'm wondering why not. I started to sync to my second server recently, but just now have time to look into doing more. Like putting my backups in the CasperShare directory so it automatically goes to the other server in the event of a hardware failure and I need to setup the new server fast. Lazy way of not setting up my own task.

It should also be easy to set it to delete what's no longer on the master if that isn't being set, to help clean things up:

     --delete-delay          find deletions during, delete after
     --delete-after          receiver deletes after transfer, not before

I believe those are the options in the current release. I would have looked more into what is actually being set by the JSS util but don't have time right now.

As for the comment about copying over Deleted Packages...true it doesn't need to, but Empty the trash if you are truly deleting something. I actually keep a separate subfolder of packages I want completely removed from being visible to the JSS, Package Archive. It requires me to do it manually, but that's fine by me. I know I've asked for that feature at one point. As always...different strokes for different folks. =)

Craig E


On 12/12/08 11:05 AM, "Nathaniel Lindley" <NATHANIEL.LINDLEY at spps.org> wrote:



I've noticed that too, the Automatic Sync  with the JSS utility copies
EVERYTHING in the master "CasperShare" folder to the remote distribution
points.  However, all that needs to be on remote distribution points is
/Packages and /Scripts.  So  all the Deleted Packages get rsynced out, too.
Other problem I noticed is that when I replace a file in an /Extras folder
"Mac_WinXP.ntfs" for example, it doesn't replace on the remote dist. points
because the file name is the same, even though the size and modification
date is different.  So I delete it on the master one day, wait a day or
two, then put the new one back which is then rsynced out.

Feature Request:   Can we select which folders get synced or not?   I'd
like some distribution points to get the /Packages and /Scripts  and some
distribution points to get /Packages, /Scripts and /Extras.  And can we
tell it to look at size and/or date in addition to filename?     I did get
help from JAMF support on modifying the plist at each dist. point, but that
is a pain and gets reset when you change the scheduled sync time.
This added auto-sync feature has been great for me with many distribution
points, just needs a little more to be awesome.

Thanks,


Nathaniel Lindley

++++++++++++++++++
Educational Technology
Saint Paul Public Schools
Saint Paul, Minnesota
nathaniel.lindley at spps.org
phone:  651-248-6861



             sean.hansell at jwt.
             com
             Sent by:                                                   To
             casper-bounces at li         support at jamfsoftware.com,
             st.jamfsoftware.c         casper at list.jamfsoftware.com
             om                                                         cc

                                                                   Subject
             12/12/08 10:45 AM         [Casper] Running out of HD space on
                                       Distribution Points











Hey guys, I'm having a bit of a critical issue.

My Master Share clocks in at about 85GB. In addition to the normal stuff in
there I also have keep 14 days worth of database backups.

I have about 12 remote Distribution points. I use remote sync on all of
them. It runs every night after I do a DB Backup, this way the sync carries
the latest backup to all the remote distribution points.

My problem is that I noticed that casper remote sync is not cleaning up
after itself after it does a sync. It is not moving deleted packages into
the deleted packages folder, but recopying the ones from the Master share
that I've deleted since the backup, leaving two copies of the same package
on the repository. Its also not deleting old database backups from the
remote distribution points either, so when I last checked my smallest
repository which has a 160GB Hard Drive in it, it was completely full.

How can I make this work?

(Embedded image moved to file: pic28570.jpg)


This transmission is intended solely for the person or organization to whom
it is addressed and it may contain privileged and confidential information.
If you are not the intended recipient you should not copy, distribute or
take any action in reliance on it. If you believe you received this
transmission in error please notify the sender.
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/1d01ae99/attachment.htm 

From sean.hansell at jwt.com  Fri Dec 12 10:19:31 2008
From: sean.hansell at jwt.com (sean.hansell at jwt.com)
Date: Fri, 12 Dec 2008 13:19:31 -0500
Subject: [Casper] Running out of HD space on Distribution Points
In-Reply-To: <C5680449.11CFF%ernstcs@uwec.edu>
Message-ID: <OF789095AC.F60B6A44-ON8525751D.00646E5D-8525751D.0064A8D6@jwt.com;
	namail2.na.corp.jwt.com>

Thing is, I *DO* want the deleted packages copied, and I do want 
everything in Casper Data copied, but when I clean things up on the Master 
Server (e.g. Emptying the deleted packages folder), those deletions don't 
carry over to the remote distribution points, and worse, those deleted 
packages are *STILL* in the main packages folder on the Distribution 
Points.






"Ernst, Craig S." <ERNSTCS at uwec.edu> 
Sent by: casper-bounces at list.jamfsoftware.com
12/12/08 01:08 PM

To
Casper List <casper at list.jamfsoftware.com>
cc

Subject
Re: [Casper] Running out of HD space on Distribution Points






Hello,

I like the idea of expanding the functionality, but at the same time...if 
you don?t want it copied, don?t put it in there.

By default I thought rsync used mod and size, again according to the site 
for it:

?Rsync finds files that need to be transferred using a "quick check" 
algorithm (by default) that looks for files that have changed in size or 
in last-modified time?

That would concern me if your ntfs file isn?t getting updated.

If it?s not comparing by mod and date...I?m wondering why not. I started 
to sync to my second server recently, but just now have time to look into 
doing more. Like putting my backups in the CasperShare directory so it 
automatically goes to the other server in the event of a hardware failure 
and I need to setup the new server fast. Lazy way of not setting up my own 
task.

It should also be easy to set it to delete what?s no longer on the master 
if that isn?t being set, to help clean things up:

     --delete-delay          find deletions during, delete after
     --delete-after          receiver deletes after transfer, not before

I believe those are the options in the current release. I would have 
looked more into what is actually being set by the JSS util but don?t have 
time right now.

As for the comment about copying over Deleted Packages...true it doesn?t 
need to, but Empty the trash if you are truly deleting something. I 
actually keep a separate subfolder of packages I want completely removed 
from being visible to the JSS, Package Archive. It requires me to do it 
manually, but that?s fine by me. I know I?ve asked for that feature at one 
point. As always...different strokes for different folks. =)

Craig E


On 12/12/08 11:05 AM, "Nathaniel Lindley" <NATHANIEL.LINDLEY at spps.org> 
wrote:



I've noticed that too, the Automatic Sync  with the JSS utility copies
EVERYTHING in the master "CasperShare" folder to the remote distribution
points.  However, all that needs to be on remote distribution points is
/Packages and /Scripts.  So  all the Deleted Packages get rsynced out, 
too.
Other problem I noticed is that when I replace a file in an /Extras folder
"Mac_WinXP.ntfs" for example, it doesn't replace on the remote dist. 
points
because the file name is the same, even though the size and modification
date is different.  So I delete it on the master one day, wait a day or
two, then put the new one back which is then rsynced out.

Feature Request:   Can we select which folders get synced or not?   I'd
like some distribution points to get the /Packages and /Scripts  and some
distribution points to get /Packages, /Scripts and /Extras.  And can we
tell it to look at size and/or date in addition to filename?     I did get
help from JAMF support on modifying the plist at each dist. point, but 
that
is a pain and gets reset when you change the scheduled sync time.
This added auto-sync feature has been great for me with many distribution
points, just needs a little more to be awesome.

Thanks,


Nathaniel Lindley

++++++++++++++++++
Educational Technology
Saint Paul Public Schools
Saint Paul, Minnesota
nathaniel.lindley at spps.org
phone:  651-248-6861


 
             sean.hansell at jwt. 
             com 
             Sent by:                                                   To
             casper-bounces at li         support at jamfsoftware.com, 
             st.jamfsoftware.c         casper at list.jamfsoftware.com 
             om                                                         cc
 
                                                                   Subject
             12/12/08 10:45 AM         [Casper] Running out of HD space on
                                       Distribution Points 
 
 
 
 
 
 





Hey guys, I'm having a bit of a critical issue.

My Master Share clocks in at about 85GB. In addition to the normal stuff 
in
there I also have keep 14 days worth of database backups.

I have about 12 remote Distribution points. I use remote sync on all of
them. It runs every night after I do a DB Backup, this way the sync 
carries
the latest backup to all the remote distribution points.

My problem is that I noticed that casper remote sync is not cleaning up
after itself after it does a sync. It is not moving deleted packages into
the deleted packages folder, but recopying the ones from the Master share
that I've deleted since the backup, leaving two copies of the same package
on the repository. Its also not deleting old database backups from the
remote distribution points either, so when I last checked my smallest
repository which has a 160GB Hard Drive in it, it was completely full.

How can I make this work?

(Embedded image moved to file: pic28570.jpg)


This transmission is intended solely for the person or organization to 
whom
it is addressed and it may contain privileged and confidential 
information.
If you are not the intended recipient you should not copy, distribute or
take any action in reliance on it. If you believe you received this
transmission in error please notify the sender.
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper




_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper



</PRE><p><span style="font-size:9.5pt;line-height:115%;font-family: Arial">This transmission is intended solely for the person or organization to whom it is addressed and it may contain privileged and confidential information. If you are not the intended recipient you should not copy, distribute or take any action in reliance on it. If you believe you received this transmission in error please notify the sender.</span></p>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/218c6965/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 14361 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/218c6965/attachment-0001.jpe 

From miles.leacy at themacadmin.com  Fri Dec 12 10:24:05 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Fri, 12 Dec 2008 13:24:05 -0500
Subject: [Casper] Running out of HD space on Distribution Points
In-Reply-To: <351052824727941675@unknownmsgid>
References: <C5680449.11CFF%ernstcs@uwec.edu> <351052824727941675@unknownmsgid>
Message-ID: <ec2e75ff0812121024u1a709172xd853358b41e3e9bf@mail.gmail.com>

Perhaps having the ability to manually or automatically re-sync after
emptying the trash would be a good feature request to solve this?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/12 <sean.hansell at jwt.com>

>
> Thing is, I *DO* want the deleted packages copied, and I do want everything
> in Casper Data copied, but when I clean things up on the Master Server (e.g.
> Emptying the deleted packages folder), those deletions don't carry over to
> the remote distribution points, and worse, those deleted packages are
> *STILL* in the main packages folder on the Distribution Points.
>
>
>
>
>
>  *"Ernst, Craig S." <ERNSTCS at uwec.edu>*
> Sent by: casper-bounces at list.jamfsoftware.com
>
> 12/12/08 01:08 PM
>   To
> Casper List <casper at list.jamfsoftware.com>  cc
>   Subject
> Re: [Casper] Running out of HD space on Distribution Points
>
>
>
>
> Hello,
>
> I like the idea of expanding the functionality, but at the same time...if
> you don't want it copied, don't put it in there.
>
> By default I thought rsync used mod and size, again according to the site
> for it:
>
> "Rsync finds files that need to be transferred using a "quick check"
> algorithm (by default) that looks for files that have changed in size or in
> last-modified time"
>
> That would concern me if your ntfs file isn't getting updated.
>
> If it's not comparing by mod and date...I'm wondering why not. I started to
> sync to my second server recently, but just now have time to look into doing
> more. Like putting my backups in the CasperShare directory so it
> automatically goes to the other server in the event of a hardware failure
> and I need to setup the new server fast. Lazy way of not setting up my own
> task.
>
> It should also be easy to set it to delete what's no longer on the master
> if that isn't being set, to help clean things up:
>
>     --delete-delay          find deletions during, delete after
>     --delete-after          receiver deletes after transfer, not before
>
> I believe those are the options in the current release. I would have looked
> more into what is actually being set by the JSS util but don't have time
> right now.
>
> As for the comment about copying over Deleted Packages...true it doesn't
> need to, but Empty the trash if you are truly deleting something. I actually
> keep a separate subfolder of packages I want completely removed from being
> visible to the JSS, Package Archive. It requires me to do it manually, but
> that's fine by me. I know I've asked for that feature at one point. As
> always...different strokes for different folks. =)
>
> Craig E
>
>
> On 12/12/08 11:05 AM, "Nathaniel Lindley" <*NATHANIEL.LINDLEY at spps.org*<http://NATHANIEL.LINDLEY at spps.org>>
> wrote:
>
>
>
> I've noticed that too, the Automatic Sync  with the JSS utility copies
> EVERYTHING in the master "CasperShare" folder to the remote distribution
> points.  However, all that needs to be on remote distribution points is
> /Packages and /Scripts.  So  all the Deleted Packages get rsynced out, too.
> Other problem I noticed is that when I replace a file in an /Extras folder
> "Mac_WinXP.ntfs" for example, it doesn't replace on the remote dist. points
> because the file name is the same, even though the size and modification
> date is different.  So I delete it on the master one day, wait a day or
> two, then put the new one back which is then rsynced out.
>
> Feature Request:   Can we select which folders get synced or not?   I'd
> like some distribution points to get the /Packages and /Scripts  and some
> distribution points to get /Packages, /Scripts and /Extras.  And can we
> tell it to look at size and/or date in addition to filename?     I did get
> help from JAMF support on modifying the plist at each dist. point, but that
> is a pain and gets reset when you change the scheduled sync time.
> This added auto-sync feature has been great for me with many distribution
> points, just needs a little more to be awesome.
>
> Thanks,
>
>
> Nathaniel Lindley
>
> ++++++++++++++++++
> Educational Technology
> Saint Paul Public Schools
> Saint Paul, Minnesota*
> **nathaniel.lindley at spps.org* <http://nathaniel.lindley at spps.org>
> phone:  651-248-6861
>
>
>
>             sean.hansell at jwt.
>             com
>             Sent by:                                                   To
>             casper-bounces at li         *support at jamfsoftware.com*<http://support at jamfsoftware.com>,
>
>             st.jamfsoftware.c         *casper at list.jamfsoftware.com*<http://casper at list.jamfsoftware.com>
>             om                                                         cc
>
>                                                                   Subject
>             12/12/08 10:45 AM         [Casper] Running out of HD space on
>                                       Distribution Points
>
>
>
>
>
>
>
>
>
>
>
> Hey guys, I'm having a bit of a critical issue.
>
> My Master Share clocks in at about 85GB. In addition to the normal stuff in
> there I also have keep 14 days worth of database backups.
>
> I have about 12 remote Distribution points. I use remote sync on all of
> them. It runs every night after I do a DB Backup, this way the sync carries
> the latest backup to all the remote distribution points.
>
> My problem is that I noticed that casper remote sync is not cleaning up
> after itself after it does a sync. It is not moving deleted packages into
> the deleted packages folder, but recopying the ones from the Master share
> that I've deleted since the backup, leaving two copies of the same package
> on the repository. Its also not deleting old database backups from the
> remote distribution points either, so when I last checked my smallest
> repository which has a 160GB Hard Drive in it, it was completely full.
>
> How can I make this work?
>
> (Embedded image moved to file: pic28570.jpg)
>
>
> This transmission is intended solely for the person or organization to whom
> it is addressed and it may contain privileged and confidential information.
> If you are not the intended recipient you should not copy, distribute or
> take any action in reliance on it. If you believe you received this
> transmission in error please notify the sender.
> _______________________________________________
> Casper mailing list*
> **Casper at list.jamfsoftware.com* <http://Casper at list.jamfsoftware.com>*
> **http://list.jamfsoftware.com/mailman/listinfo/casper*<http://list.jamfsoftware.com/mailman/listinfo/casper>
>
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
> This transmission is intended solely for the person or organization to whom
> it is addressed and it may contain privileged and confidential information.
> If you are not the intended recipient you should not copy, distribute or
> take any action in reliance on it. If you believe you received this
> transmission in error please notify the sender.
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/0d88baca/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 14361 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/0d88baca/attachment-0001.jpe 

From tlarki at kckps.org  Fri Dec 12 10:29:13 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Fri, 12 Dec 2008 12:29:13 -0600
Subject: [Casper] Running out of HD space on Distribution Points
In-Reply-To: <OF789095AC.F60B6A44-ON8525751D.00646E5D-8525751D.0064A8D6@jwt.com;
	namail2.na.corp.jwt.com>
References: <C5680449.11CFF%ernstcs@uwec.edu>
	<OF789095AC.F60B6A44-ON8525751D.00646E5D-8525751D.0064A8D6@jwt.com;
	namail2.na.corp.jwt.com>
Message-ID: <49425919.7141.0039.0@kckps.org>

I would also like the feature to modify a script on the Master server
with say Casper Admin, and then have it sync a new copy of that script
down and over write the previous ones.   That would be a small time
saver. 

I would also like a sync list, where you can check packages you want to
sync out to all shares and then anything else you can manually sync
later on.  For example at some of our smaller deployments at the middle
schools they still use PPC macs, and they are the only buidlings that do
so, and they are the only casper share points that would ever need PPC
packages.  I only want PPC packages to sync to those buildings and no
where else. 

A set of rules for package synchronizing would be a very nice feature. 
I'd vote for it, if this were a democracy.

>>> <sean.hansell at jwt.com> 12/12/08 12:19 PM >>>

Thing is, I *DO* want the deleted packages copied, and I do want
everything in Casper Data copied, but when I clean things up on the
Master Server (e.g. Emptying the deleted packages folder), those
deletions don't carry over to the remote distribution points, and worse,
those deleted packages are *STILL* in the main packages folder on the
Distribution Points.







"Ernst, Craig S." <ERNSTCS at uwec.edu> 
Sent by: casper-bounces at list.jamfsoftware.com 
12/12/08 01:08 PM 

To 

Casper List <casper at list.jamfsoftware.com> 

cc 


Subject 

Re: [Casper] Running out of HD space on Distribution Points 











Hello,

I like the idea of expanding the functionality, but at the same
time...if you don?t want it copied, don?t put it in there.

By default I thought rsync used mod and size, again according to the
site for it:

?Rsync finds files that need to be transferred using a "quick check"
algorithm (by default) that looks for files that have changed in size or
in last-modified time?

That would concern me if your ntfs file isn?t getting updated.

If it?s not comparing by mod and date...I?m wondering why not. I started
to sync to my second server recently, but just now have time to look
into doing more. Like putting my backups in the CasperShare directory so
it automatically goes to the other server in the event of a hardware
failure and I need to setup the new server fast. Lazy way of not setting
up my own task.

It should also be easy to set it to delete what?s no longer on the
master if that isn?t being set, to help clean things up:

    --delete-delay          find deletions during, delete after
    --delete-after          receiver deletes after transfer, not before

I believe those are the options in the current release. I would have
looked more into what is actually being set by the JSS util but don?t
have time right now.

As for the comment about copying over Deleted Packages...true it doesn?t
need to, but Empty the trash if you are truly deleting something. I
actually keep a separate subfolder of packages I want completely removed
from being visible to the JSS, Package Archive. It requires me to do it
manually, but that?s fine by me. I know I?ve asked for that feature at
one point. As always...different strokes for different folks. =)

Craig E


On 12/12/08 11:05 AM, "Nathaniel Lindley" <NATHANIEL.LINDLEY at spps.org>
wrote:



I've noticed that too, the Automatic Sync  with the JSS utility copies
EVERYTHING in the master "CasperShare" folder to the remote distribution
points.  However, all that needs to be on remote distribution points is
/Packages and /Scripts.  So  all the Deleted Packages get rsynced out,
too.
Other problem I noticed is that when I replace a file in an /Extras
folder
"Mac_WinXP.ntfs" for example, it doesn't replace on the remote dist.
points
because the file name is the same, even though the size and modification
date is different.  So I delete it on the master one day, wait a day or
two, then put the new one back which is then rsynced out.

Feature Request:   Can we select which folders get synced or not?   I'd
like some distribution points to get the tell it to look at size and/or date in addition to filename?     I did
get
help from JAMF support on modifying the plist at each dist. point, but
that
is a pain and gets reset when you change the scheduled sync time.
This added auto-sync feature has been great for me with many
distribution
points, just needs a little more to be awesome.

Thanks,


Nathaniel Lindley

++++++++++++++++++
Educational Technology
Saint Paul Public Schools
Saint Paul, Minnesota
nathaniel.lindley at spps.org
phone:  651-248-6861


                                                                        

            sean.hansell at jwt.                                           

            com                                                         

            Sent by:                                                  
To
            casper-bounces at li         support at jamfsoftware.com,         

            st.jamfsoftware.c         casper at list.jamfsoftware.com     
            om                                                        
cc
                                                                        

                                                                 
Subject
            12/12/08 10:45 AM         [Casper] Running out of HD space
on
                                      Distribution Points               

                                                                        

                                                                        

                                                                        

                                                                        

                                                                        

                                                                        






Hey guys, I'm having a bit of a critical issue.

My Master Share clocks in at about 85GB. In addition to the normal stuff
in
there I also have keep 14 days worth of database backups.

I have about 12 remote Distribution points. I use remote sync on all of
them. It runs every night after I do a DB Backup, this way the sync
carries
the latest backup to all the remote distribution points.

My problem is that I noticed that casper remote sync is not cleaning up
after itself after it does a sync. It is not moving deleted packages
into
the deleted packages folder, but recopying the ones from the Master
share
that I've deleted since the backup, leaving two copies of the same
package
on the repository. Its also not deleting old database backups from the
remote distribution points either, so when I last checked my smallest
repository which has a 160GB Hard Drive in it, it was completely full.

How can I make this work?

(Embedded image moved to file: pic28570.jpg)


This transmission is intended solely for the person or organization to
whom
it is addressed and it may contain privileged and confidential
information.
If you are not the intended recipient you should not copy, distribute or
take any action in reliance on it. If you believe you received this
transmission in error please notify the sender.
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper




_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper




This transmission is intended solely for the person or organization to
whom it is addressed and it may contain privileged and confidential
information. If you are not the intended recipient you should not copy,
distribute or take any action in reliance on it. If you believe you
received this transmission in error please notify the sender. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/b74692a9/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 14361 bytes
Desc: JPEG image
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/b74692a9/attachment-0001.jpe 

From ERNSTCS at uwec.edu  Fri Dec 12 10:32:30 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Fri, 12 Dec 2008 12:32:30 -0600
Subject: [Casper] Running out of HD space on Distribution Points
In-Reply-To: <ec2e75ff0812121024u1a709172xd853358b41e3e9bf@mail.gmail.com>
Message-ID: <C5680A5E.11D0B%ernstcs@uwec.edu>

So let me recap what I was stating and other things:


 *   You can manually resync in Casper Admin anytime you want
 *   I wouldn't want it to happen automatically while in Casper Admin
 *   Sean, I know that you DO want what is in Deleted Packages
 *   Nathaniel wanted Deleted Packages ignored, but my comment about not wanting something copied and don't have it in the CasperShare directory was directed at him
 *   Sean, I think something is broken with Rsync that needs to be addressed to clean up so the items you deleted are no longer in the regular packages folder. My guess is that the none of the delete options are implemented, but again I haven't verified that.
 *   I think something is broken with Rsync which is causing Nathaniels ntfs file to not get updated. Again, perhaps a flag isn't right, but again I haven't verified what JAMF is doing.
 *   To add to Tom's email, unless Rsync is being configured differently for some reason, the default settings SHOULD overwrite the old files.
 *   Also to Tom's email, Rysnc is NOT a product of JAMF's and the ability to hand pick which files come and go may be difficult to implement, handy...most certainly.

Craig E


On 12/12/08 12:24 PM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

Perhaps having the ability to manually or automatically re-sync after emptying the trash would be a good feature request to solve this?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




2008/12/12  <sean.hansell at jwt.com>

Thing is, I *DO* want the deleted packages copied, and I do want everything in Casper Data copied, but when I clean things up on the Master Server (e.g. Emptying the deleted packages folder), those deletions don't carry over to the remote distribution points, and worse, those deleted packages are *STILL* in the main packages folder on the Distribution Points.

[cid:3311929950_24310]




"Ernst, Craig S." <ERNSTCS at uwec.edu>
Sent by: casper-bounces at list.jamfsoftware.com 12/12/08 01:08 PM

To

Casper List <casper at list.jamfsoftware.com>

cc
Subject

Re: [Casper] Running out of HD space on Distribution Points




Hello,

I like the idea of expanding the functionality, but at the same time...if you don't want it copied, don't put it in there.

By default I thought rsync used mod and size, again according to the site for it:

"Rsync finds files that need to be transferred using a "quick check" algorithm (by default) that looks for files that have changed in size or in last-modified time"

That would concern me if your ntfs file isn't getting updated.

If it's not comparing by mod and date...I'm wondering why not. I started to sync to my second server recently, but just now have time to look into doing more. Like putting my backups in the CasperShare directory so it automatically goes to the other server in the event of a hardware failure and I need to setup the new server fast. Lazy way of not setting up my own task.

It should also be easy to set it to delete what's no longer on the master if that isn't being set, to help clean things up:

     --delete-delay          find deletions during, delete after
     --delete-after          receiver deletes after transfer, not before

I believe those are the options in the current release. I would have looked more into what is actually being set by the JSS util but don't have time right now.

As for the comment about copying over Deleted Packages...true it doesn't need to, but Empty the trash if you are truly deleting something. I actually keep a separate subfolder of packages I want completely removed from being visible to the JSS, Package Archive. It requires me to do it manually, but that's fine by me. I know I've asked for that feature at one point. As always...different strokes for different folks. =)

Craig E


On 12/12/08 11:05 AM, "Nathaniel Lindley" <NATHANIEL.LINDLEY at spps.org <http://NATHANIEL.LINDLEY at spps.org> > wrote:



I've noticed that too, the Automatic Sync  with the JSS utility copies
EVERYTHING in the master "CasperShare" folder to the remote distribution
points.  However, all that needs to be on remote distribution points is
/Packages and /Scripts.  So  all the Deleted Packages get rsynced out, too.
Other problem I noticed is that when I replace a file in an /Extras folder
"Mac_WinXP.ntfs" for example, it doesn't replace on the remote dist. points
because the file name is the same, even though the size and modification
date is different.  So I delete it on the master one day, wait a day or
two, then put the new one back which is then rsynced out.

Feature Request:   Can we select which folders get synced or not?   I'd
like some distribution points to get the /Packages and /Scripts  and some
distribution points to get /Packages, /Scripts and /Extras.  And can we
tell it to look at size and/or date in addition to filename?    I did get
help from JAMF support on modifying the plist at each dist. point, but that
is a pain and gets reset when you change the scheduled sync time.
This added auto-sync feature has been great for me with many distribution
points, just needs a little more to be awesome.

Thanks,


Nathaniel Lindley

++++++++++++++++++
Educational Technology
Saint Paul Public Schools
Saint Paul, Minnesota
nathaniel.lindley at spps.org <http://nathaniel.lindley at spps.org>
phone:  651-248-6861



             sean.hansell at jwt.
             com
             Sent by:                                                To
             casper-bounces at li        support at jamfsoftware.com <http://support at jamfsoftware.com> ,
             st.jamfsoftware.c        casper at list.jamfsoftware.com <http://casper at list.jamfsoftware.com>
             om                                                      cc

                                                                Subject
             12/12/08 10:45 AM        [Casper] Running out of HD space on
                                      Distribution Points











Hey guys, I'm having a bit of a critical issue.

My Master Share clocks in at about 85GB. In addition to the normal stuff in
there I also have keep 14 days worth of database backups.

I have about 12 remote Distribution points. I use remote sync on all of
them. It runs every night after I do a DB Backup, this way the sync carries
the latest backup to all the remote distribution points.

My problem is that I noticed that casper remote sync is not cleaning up
after itself after it does a sync. It is not moving deleted packages into
the deleted packages folder, but recopying the ones from the Master share
that I've deleted since the backup, leaving two copies of the same package
on the repository. Its also not deleting old database backups from the
remote distribution points either, so when I last checked my smallest
repository which has a 160GB Hard Drive in it, it was completely full.

How can I make this work?

(Embedded image moved to file: pic28570.jpg)


This transmission is intended solely for the person or organization to whom
it is addressed and it may contain privileged and confidential information.
If you are not the intended recipient you should not copy, distribute or
take any action in reliance on it. If you believe you received this
transmission in error please notify the sender.
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com <http://Casper at list.jamfsoftware.com>
http://list.jamfsoftware.com/mailman/listinfo/casper <http://list.jamfsoftware.com/mailman/listinfo/casper>




_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper
<http://list.jamfsoftware.com/mailman/listinfo/casper>

This transmission is intended solely for the person or organization to whom it is addressed and it may contain privileged and confidential information. If you are not the intended recipient you should not copy, distribute or take any action in reliance on it. If you believe you received this transmission in error please notify the sender.

_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/af3d192a/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.jpg
Type: image/jpeg
Size: 14361 bytes
Desc: image.jpg
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/af3d192a/attachment-0001.jpg 

From hbonath at computersitecolumbus.com  Fri Dec 12 12:33:49 2008
From: hbonath at computersitecolumbus.com (Henry Bonath)
Date: Fri, 12 Dec 2008 15:33:49 -0500
Subject: [Casper] Adobe Photoshop Elements
Message-ID: <C56834DD.925B%hbonath@computersitecolumbus.com>

We are attempting to deploy a lab with Adobe Photoshop Elements 6.
I originally started to try to create a package as an Adobe Installer in Casper Admin, however it never recognized the Elements installer as a valid CS3 installer. (Which it is, it uses the Adober installer.app and the Payloads folder, etc.)

So we created a diff package and deployed that way semi-successfully. There were errors with licensing.

My question is, has anyone else done this before, I could easily be doing something wrong.
Thanks in advance.
-Henry
________________________________

[http://www.computersitecolumbus.com/images/CSC_Logo.jpg]
Henry Bonath
Network Engineer
Computer Site Columbus
6155-N Huntley Road
Columbus, OH 43229
computersitecolumbus.com
Tel: 614.786.7100
Cell: 614.738.0822
Fax: 614.786.7310

Your I.T. Department


________________________________
15:34:26 Fri 12 Dec 2008


This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081212/3dd63d9e/attachment.html 

From william.smith at merrillcorp.com  Fri Dec 12 12:53:47 2008
From: william.smith at merrillcorp.com (Smith, William)
Date: Fri, 12 Dec 2008 14:53:47 -0600
Subject: [Casper] Adobe Photoshop Elements
In-Reply-To: <C56834DD.925B%hbonath@computersitecolumbus.com>
Message-ID: <C5682B7B.7FA5%william.smith@merrillcorp.com>

On 12/12/08 2:33 PM, "Henry Bonath" <hbonath at computersitecolumbus.com>
wrote:

> We are attempting to deploy a lab with Adobe Photoshop Elements 6.
> I originally started to try to create a package as an Adobe Installer in
> Casper Admin, however it never recognized the Elements installer as a valid
> CS3 installer. (Which it is, it uses the Adober installer.app and the Payloads
> folder, etc.)
> 
> So we created a diff package and deployed that way semi-successfully. There
> were errors with licensing.
> 
> My question is, has anyone else done this before, I could easily be doing
> something wrong.

Are you sure Photoshop Elements for Mac OS X can be scripted? I don?t see it
listed on this page, which includes silent install instructions for Creative
Suite and other Adobe products.

<http://kb.adobe.com/selfservice/viewContent.do?externalId=kb405451>

If it?s not scriptable then I don?t think Casper can install it other than
pushing a pre-configured package.

-- 

bill

William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492


From tlarki at kckps.org  Mon Dec 15 11:25:53 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Mon, 15 Dec 2008 13:25:53 -0600
Subject: [Casper] after image, first time run scripts
Message-ID: <49465AE1.7141.0039.0@kckps.org>

Hello everyone, 

I am looking for a way to automate a few things after a machine gets imaged.  By default in our image both the Airport and the NIC are turned off.  They are turned off because we use certain software packages that will register MAC address upon first launch.  So, I would like to create a script that just runs once when the local admin logs in to a machine for the first time.  I was looking at the scripts that run after imaging, but there is no log to see if they work, and I want to do a few things after imaging is done. 

1)  power on airport and ethernet 

2)  bind client to specified replica 

3)  run recon 

Thoughts on this process?  I want the script to run once and then never run again, perhaps even delete itself and only run after the imaging process. 
___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081215/25fc48c3/attachment.htm 

From miles.leacy at themacadmin.com  Mon Dec 15 12:06:49 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Mon, 15 Dec 2008 15:06:49 -0500
Subject: [Casper] after image, first time run scripts
In-Reply-To: <49465AE1.7141.0039.0@kckps.org>
References: <49465AE1.7141.0039.0@kckps.org>
Message-ID: <ec2e75ff0812151206s7d6f403aka3757ac62c463822@mail.gmail.com>

To make a script run once as you describe, I'd run the script via a policy,
once per computer, at login.  Is it a requirement for it to run at login? If
not, I'd run it at reboot. If you don't have "Create Login/Logout Hooks"
checked in Management Preferences on your JSS, you should be able to set the
script up as a login script for your admin account.  If you want it to
delete itself you could include the line "rm /path/to/this/script.bash" in
your script.  If you run it as a policy, there's no need for self-delete.

The networksetup command will allow you to turn your ethernet interfaces and
Airport card on and off.

Recon:
I suggest the jamf binary.  Type `jamf help recon` in Terminal.  There are
several switches and parameters depending on exactly what you want.  Then
again, with a policy, you could simply check the box in the Advanced tab.

If you want logs, you can include "echo `ifconfig -a`" to the "Run Command"
field in the Advanced tab of your policy (or, more simply `networksetup
-listallnetworkservices`).

Is this MAC-registering software running locally on the client machines?
 MAC addresses generally don't change, and if you're going to run the
software on these boxes, they're eventually going to register the MAC
address.  Perhaps I don't understand what are you trying to accomplish or
avoid.  Can you elaborate?  In your workflows, when do you expect a local
admin to log on?  After imaging, but before deployment?

It should go without saying that with both airport and ethernet disabled,
the only way you'll be able to interact with this machine, until the script
runs, is at the console.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/15 Thomas Larkin <tlarki at kckps.org>

>  Hello everyone,
>
>  I am looking for a way to automate a few things after a machine gets
> imaged.  By default in our image both the Airport and the NIC are turned
> off.  They are turned off because we use certain software packages that will
> register MAC address upon first launch.  So, I would like to create a script
> that just runs once when the local admin logs in to a machine for the first
> time.  I was looking at the scripts that run after imaging, but there is no
> log to see if they work, and I want to do a few things after imaging is
> done.
>
>  1)  power on airport and ethernet
>
>  2)  bind client to specified replica
>
>  3)  run recon
>
>  Thoughts on this process?  I want the script to run once and then never
> run again, perhaps even delete itself and only run after the imaging
> process.
>
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
>
>
>
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081215/135276f9/attachment.html 

From jeremymatthews at mac.com  Mon Dec 15 12:08:09 2008
From: jeremymatthews at mac.com (Jeremy Matthews)
Date: Mon, 15 Dec 2008 15:08:09 -0500
Subject: [Casper] after image, first time run scripts
In-Reply-To: <mailman.7.1229371211.21766.casper@list.jamfsoftware.com>
References: <mailman.7.1229371211.21766.casper@list.jamfsoftware.com>
Message-ID: <E8B6044A-2ECB-48BA-BDD1-8F2DC4C60930@mac.com>

We actually do this in a few spots.

We have several packages and scripts that run after a machine is  
booted for the first time via LaunchDaemon (some after someone first  
logs in) - this does a number of things, including:

1) Renaming the system volume so our scripts actually work!
2) installing casper and creating a casper-only service account
3) creating a new hidden admin account (and removing the temporary one)
4) installing computrace
5) creating a loginhook for all users
6) naming the machine
7) setting ARD access
8) Installing certs and binding to our OD Server via SSL
9) Cleaning up caches
10) Fixing permissions
....etc

....then the script securely deletes each item, including the  
LaunchDaemon, while securely deleting itself last.
Works great!

-jeremy

From miles.leacy at themacadmin.com  Mon Dec 15 12:17:47 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Mon, 15 Dec 2008 15:17:47 -0500
Subject: [Casper] after image, first time run scripts
In-Reply-To: <E8B6044A-2ECB-48BA-BDD1-8F2DC4C60930@mac.com>
References: <mailman.7.1229371211.21766.casper@list.jamfsoftware.com>
	<E8B6044A-2ECB-48BA-BDD1-8F2DC4C60930@mac.com>
Message-ID: <ec2e75ff0812151217r6e158bf4j8f970ef156776db2@mail.gmail.com>

Are you seeing any benefits to using a launchd task as opposed to "at
reboot" scripts in your configuration and/or creating Casper policies?

I ask because I'm wondering if your method is driven by function or
preference.  As I look at your list, I think I can accomplish each item via
Casper directly or via a Casper-delivered script.  Did you encounter any
situations that made launchd more desirable?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Mon, Dec 15, 2008 at 3:08 PM, Jeremy Matthews <jeremymatthews at mac.com>wrote:

> We actually do this in a few spots.
>
> We have several packages and scripts that run after a machine is
> booted for the first time via LaunchDaemon (some after someone first
> logs in) - this does a number of things, including:
>
> 1) Renaming the system volume so our scripts actually work!
> 2) installing casper and creating a casper-only service account
> 3) creating a new hidden admin account (and removing the temporary one)
> 4) installing computrace
> 5) creating a loginhook for all users
> 6) naming the machine
> 7) setting ARD access
> 8) Installing certs and binding to our OD Server via SSL
> 9) Cleaning up caches
> 10) Fixing permissions
> ....etc
>
> ....then the script securely deletes each item, including the
> LaunchDaemon, while securely deleting itself last.
> Works great!
>
> -jeremy
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081215/f28f1e7e/attachment.html 

From ERNSTCS at uwec.edu  Mon Dec 15 12:20:53 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Mon, 15 Dec 2008 14:20:53 -0600
Subject: [Casper] after image, first time run scripts
In-Reply-To: <49465AE1.7141.0039.0@kckps.org>
Message-ID: <C56C1845.11E4B%ernstcs@uwec.edu>

I'm not being helpful today, but I HAD to make a comment...

Some of you people really do some CRAZY things!

I'll echo along with Miles though on the launchd preference, and wonder why not using at reboot options for scripts with Casper?

Craig E
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081215/f0cb8735/attachment.htm 

From tlarki at kckps.org  Mon Dec 15 12:21:49 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Mon, 15 Dec 2008 14:21:49 -0600
Subject: [Casper] after image, first time run scripts
In-Reply-To: <E8B6044A-2ECB-48BA-BDD1-8F2DC4C60930@mac.com>
References: <mailman.7.1229371211.21766.casper@list.jamfsoftware.com>
	<E8B6044A-2ECB-48BA-BDD1-8F2DC4C60930@mac.com>
Message-ID: <494667FD.7141.0039.0@kckps.org>

That is pretty much exactly what I want to do.   I am familiar with all the commands since I already have scripts that do all of this.  However, I am looking for a script that only runs for the local admin account and only runs at first log in.  We image behind routers at times and these routers run NAT so it doesn't always hit the JSS since I don't have FQDN set up and all the forwarding, etc on each router.  We also run CompuTrace which is MAC address sensitive which is why I have the NIC and Airport turned off in the master image.   

I found really when mass imaging machines block copying performs faster than package based deployment and I never image one to 4 machines at a time.  I always image over 10 at a time if I can, if not more than that even.  So, I like to block copy and have all the basics in the main image.   

So when someone from my department images a machine they just log in as local admin once, it runs all it needs to do, then it shuts down the machine.  So they can log in and walk away and when they come back they can toss it in a laptop cart. 

Overall, not a huge deal but it wold definitely make our lives like 1 or 2 percent easier. 

thanks,

>>> Jeremy Matthews <jeremymatthews at mac.com> 12/15/08 2:08 PM >>>
We actually do this in a few spots.

We have several packages and scripts that run after a machine is 
booted for the first time via LaunchDaemon (some after someone first 
logs in) - this does a number of things, including:

1) Renaming the system volume so our scripts actually work!
2) installing casper and creating a casper-only service account
3) creating a new hidden admin account (and removing the temporary one)
4) installing computrace
5) creating a loginhook for all users
6) naming the machine
7) setting ARD access
8) Installing certs and binding to our OD Server via SSL
9) Cleaning up caches
10) Fixing permissions
....etc

....then the script securely deletes each item, including the 
LaunchDaemon, while securely deleting itself last.
Works great!

-jeremy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081215/0f5a8e4f/attachment.html 

From jeremymatthews at mac.com  Mon Dec 15 12:25:11 2008
From: jeremymatthews at mac.com (Jeremy Matthews)
Date: Mon, 15 Dec 2008 15:25:11 -0500
Subject: [Casper] after image, first time run scripts
In-Reply-To: <ec2e75ff0812151217r6e158bf4j8f970ef156776db2@mail.gmail.com>
References: <mailman.7.1229371211.21766.casper@list.jamfsoftware.com>
	<E8B6044A-2ECB-48BA-BDD1-8F2DC4C60930@mac.com>
	<ec2e75ff0812151217r6e158bf4j8f970ef156776db2@mail.gmail.com>
Message-ID: <2D69CD65-2B53-4295-8BD0-DB7C1188FDD4@mac.com>

Well, I suppose a few reasons...

Firstly, some clients wanted these items to be done at first boot. At  
first boot these machines did not already have casper installed.  
Catch-22 there. Hard to run a Casper policy without casper being  
installed. Some wanted "fresh" machines at boot, with nothing but the  
core OS. Next step install X, then Y, then Z, etc.

Additionally, some clients in larger implementations have casper in  
some places, but not others. In other cases, there were other network  
issues or Technical/Administrative concerns. I can't go into this too  
much, but you can probably guess as to why.

Other than that, we wanted to be able to deploy using native  
technologies for some companies. Though Casper is definitely a  
preferable option, it does give our clients the ability to deploy a  
single package that includes all of this tech, will run at first boot  
(or next boot, depending on if you're already booted!), and does not  
require Casper to intervene, poll, make decisions, etc.

So, altogether now...

1) Use whatever distribution tech you want
2) Little (or no) reliance on networks or other services
3) Native methodology (Casper not required - some places use Casper,  
some don't, some mix and match)

-jeremy

On Dec 15, 2008, at 3:17 PM, Miles Leacy wrote:

> Are you seeing any benefits to using a launchd task as opposed to  
> "at reboot" scripts in your configuration and/or creating Casper  
> policies?
>
> I ask because I'm wondering if your method is driven by function or  
> preference.  As I look at your list, I think I can accomplish each  
> item via Casper directly or via a Casper-delivered script.  Did you  
> encounter any situations that made launchd more desirable?
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> On Mon, Dec 15, 2008 at 3:08 PM, Jeremy Matthews <jeremymatthews at mac.com 
> > wrote:
> We actually do this in a few spots.
>
> We have several packages and scripts that run after a machine is
> booted for the first time via LaunchDaemon (some after someone first
> logs in) - this does a number of things, including:
>
> 1) Renaming the system volume so our scripts actually work!
> 2) installing casper and creating a casper-only service account
> 3) creating a new hidden admin account (and removing the temporary  
> one)
> 4) installing computrace
> 5) creating a loginhook for all users
> 6) naming the machine
> 7) setting ARD access
> 8) Installing certs and binding to our OD Server via SSL
> 9) Cleaning up caches
> 10) Fixing permissions
> ....etc
>
> ....then the script securely deletes each item, including the
> LaunchDaemon, while securely deleting itself last.
> Works great!
>
> -jeremy
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081215/9b37abc1/attachment.htm 

From tlarki at kckps.org  Mon Dec 15 12:32:07 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Mon, 15 Dec 2008 14:32:07 -0600
Subject: [Casper] after image, first time run scripts
In-Reply-To: <C56C1845.11E4B%ernstcs@uwec.edu>
References: <49465AE1.7141.0039.0@kckps.org> <C56C1845.11E4B%ernstcs@uwec.edu>
Message-ID: <49466A66.7141.0039.0@kckps.org>

Well, my main reason is everything is set up via FQDN and sometimes I
image on separate VLANs behind routers behind NAT so I can use higher
speed giga switches, and I don't have everything set up in the router
for it to work via FQDN. 

I know I can do it by IP but I have set bind policies to run at reboot
and they don't always run.  Would like to store a small little script
locally that as a log in item, when the hidden local admin logs in for
the very first time it runs, executes, then never again runs. 

I also use non standard OS X permissions and want it to make sure every
package under /Applications has the following 

owner:  root 
group:  admin 
rwx set to 775 

/Applications/Utilities is 

owner :  root 
group:  admin 
rwx set to 770 

I toss everything I don't want people to have access to into
/Applications/Utilities.  I currently have a policy that is set to on
going and it does work, but it spams my database with updates all the
time.  I want this to be ongoing in case any one besides me builds
packages and deploys them, because I know some people won't fix
permissions on the package itself. 

I am just exploring other ideas to keep it on the machine locally so the
JSS doesn't have to interact with it and it could be on a part of the
network that is not active and still get updated with the proper
settings.


___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351





>>> "Ernst, Craig S." <ERNSTCS at uwec.edu> 12/15/08 2:20 PM >>>

I?m not being helpful today, but I HAD to make a comment...

Some of you people really do some CRAZY things!

I?ll echo along with Miles though on the launchd preference, and wonder
why not using at reboot options for scripts with Casper?

Craig E 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081215/c91ab7a4/attachment.html 

From jeremymatthews at mac.com  Mon Dec 15 12:32:48 2008
From: jeremymatthews at mac.com (Jeremy Matthews)
Date: Mon, 15 Dec 2008 15:32:48 -0500
Subject: [Casper] after image, first time run scripts
In-Reply-To: <494667FD.7141.0039.0@kckps.org>
References: <mailman.7.1229371211.21766.casper@list.jamfsoftware.com>
	<E8B6044A-2ECB-48BA-BDD1-8F2DC4C60930@mac.com>
	<494667FD.7141.0039.0@kckps.org>
Message-ID: <5DDC7926-7CFD-4AE8-ACC9-175661791128@mac.com>

Well,

I suppose running a script only once is not a problem, since you can  
have it issue a command to securely delete itself after complete.

You can create a user-specific launchd item, so you're covered there  
as well. Since I haven't tried to do using this method I suppose if  
you wanted to run something only at first login, you could create a  
loginhook which executes said scripts, and then create a logouthook  
which deletes the loginhook and the logout hook.

Would that work?

-j

On Dec 15, 2008, at 3:21 PM, Thomas Larkin wrote:

> That is pretty much exactly what I want to do.   I am familiar with  
> all the commands since I already have scripts that do all of this.   
> However, I am looking for a script that only runs for the local  
> admin account and only runs at first log in.  We image behind  
> routers at times and these routers run NAT so it doesn't always hit  
> the JSS since I don't have FQDN set up and all the forwarding, etc  
> on each router.  We also run CompuTrace which is MAC address  
> sensitive which is why I have the NIC and Airport turned off in the  
> master image.
>
> I found really when mass imaging machines block copying performs  
> faster than package based deployment and I never image one to 4  
> machines at a time.  I always image over 10 at a time if I can, if  
> not more than that even.  So, I like to block copy and have all the  
> basics in the main image.
>
> So when someone from my department images a machine they just log in  
> as local admin once, it runs all it needs to do, then it shuts down  
> the machine.  So they can log in and walk away and when they come  
> back they can toss it in a laptop cart.
>
> Overall, not a huge deal but it wold definitely make our lives like  
> 1 or 2 percent easier.
>
> thanks,
>
> >>> Jeremy Matthews <jeremymatthews at mac.com> 12/15/08 2:08 PM >>>
> We actually do this in a few spots.
>
> We have several packages and scripts that run after a machine is
> booted for the first time via LaunchDaemon (some after someone first
> logs in) - this does a number of things, including:
>
> 1) Renaming the system volume so our scripts actually work!
> 2) installing casper and creating a casper-only service account
> 3) creating a new hidden admin account (and removing the temporary  
> one)
> 4) installing computrace
> 5) creating a loginhook for all users
> 6) naming the machine
> 7) setting ARD access
> 8) Installing certs and binding to our OD Server via SSL
> 9) Cleaning up caches
> 10) Fixing permissions
> ....etc
>
> ....then the script securely deletes each item, including the
> LaunchDaemon, while securely deleting itself last.
> Works great!
>
> -jeremy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081215/35f5393f/attachment.htm 

From ryan.harter at uwsp.edu  Mon Dec 15 14:31:17 2008
From: ryan.harter at uwsp.edu (Ryan Harter)
Date: Mon, 15 Dec 2008 16:31:17 -0600
Subject: [Casper] after image, first time run scripts
In-Reply-To: <5DDC7926-7CFD-4AE8-ACC9-175661791128@mac.com>
References: <mailman.7.1229371211.21766.casper@list.jamfsoftware.com>
	<E8B6044A-2ECB-48BA-BDD1-8F2DC4C60930@mac.com>
	<494667FD.7141.0039.0@kckps.org>
	<5DDC7926-7CFD-4AE8-ACC9-175661791128@mac.com>
Message-ID: <4AAB6942-8A52-4A19-9E24-3379A3EB19C5@uwsp.edu>

Not to hijack the thread, but I just have a quick question about some  
of what you guys are talking about.

I do a lot of scripting and I'm not sure what you mean by "securely"  
delete.  Is there something you run besides 'rm' to delete your files?


Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

On Dec 15, 2008, at 2:32 PM, Jeremy Matthews wrote:

> Well,
>
> I suppose running a script only once is not a problem, since you can  
> have it issue a command to securely delete itself after complete.
>
> You can create a user-specific launchd item, so you're covered there  
> as well. Since I haven't tried to do using this method I suppose if  
> you wanted to run something only at first login, you could create a  
> loginhook which executes said scripts, and then create a logouthook  
> which deletes the loginhook and the logout hook.
>
> Would that work?
>
> -j
>
> On Dec 15, 2008, at 3:21 PM, Thomas Larkin wrote:
>
>> That is pretty much exactly what I want to do.   I am familiar with  
>> all the commands since I already have scripts that do all of this.   
>> However, I am looking for a script that only runs for the local  
>> admin account and only runs at first log in.  We image behind  
>> routers at times and these routers run NAT so it doesn't always hit  
>> the JSS since I don't have FQDN set up and all the forwarding, etc  
>> on each router.  We also run CompuTrace which is MAC address  
>> sensitive which is why I have the NIC and Airport turned off in the  
>> master image.
>>
>> I found really when mass imaging machines block copying performs  
>> faster than package based deployment and I never image one to 4  
>> machines at a time.  I always image over 10 at a time if I can, if  
>> not more than that even.  So, I like to block copy and have all the  
>> basics in the main image.
>>
>> So when someone from my department images a machine they just log  
>> in as local admin once, it runs all it needs to do, then it shuts  
>> down the machine.  So they can log in and walk away and when they  
>> come back they can toss it in a laptop cart.
>>
>> Overall, not a huge deal but it wold definitely make our lives like  
>> 1 or 2 percent easier.
>>
>> thanks,
>>
>> >>> Jeremy Matthews <jeremymatthews at mac.com> 12/15/08 2:08 PM >>>
>> We actually do this in a few spots.
>>
>> We have several packages and scripts that run after a machine is
>> booted for the first time via LaunchDaemon (some after someone first
>> logs in) - this does a number of things, including:
>>
>> 1) Renaming the system volume so our scripts actually work!
>> 2) installing casper and creating a casper-only service account
>> 3) creating a new hidden admin account (and removing the temporary  
>> one)
>> 4) installing computrace
>> 5) creating a loginhook for all users
>> 6) naming the machine
>> 7) setting ARD access
>> 8) Installing certs and binding to our OD Server via SSL
>> 9) Cleaning up caches
>> 10) Fixing permissions
>> ....etc
>>
>> ....then the script securely deletes each item, including the
>> LaunchDaemon, while securely deleting itself last.
>> Works great!
>>
>> -jeremy
>
> <ATT00001.txt>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081215/c5b4c08c/attachment.html 

From miles.leacy at themacadmin.com  Mon Dec 15 14:46:54 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Mon, 15 Dec 2008 17:46:54 -0500
Subject: [Casper] after image, first time run scripts
In-Reply-To: <4AAB6942-8A52-4A19-9E24-3379A3EB19C5@uwsp.edu>
References: <mailman.7.1229371211.21766.casper@list.jamfsoftware.com>
	<E8B6044A-2ECB-48BA-BDD1-8F2DC4C60930@mac.com>
	<494667FD.7141.0039.0@kckps.org>
	<5DDC7926-7CFD-4AE8-ACC9-175661791128@mac.com>
	<4AAB6942-8A52-4A19-9E24-3379A3EB19C5@uwsp.edu>
Message-ID: <ec2e75ff0812151446q6177e755s4848bf7ea8bf40ef@mail.gmail.com>

`srm` instead of `rm`
man page says it all.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/15 Ryan Harter <ryan.harter at uwsp.edu>

> Not to hijack the thread, but I just have a quick question about some of
> what you guys are talking about.
> I do a lot of scripting and I'm not sure what you mean by "securely"
> delete.  Is there something you run besides 'rm' to delete your files?
>
>
> *Ryan Harter*
> UW - Stevens Point
> Workstation Developer
> 715.346.2716
> Ryan.Harter at uwsp.edu
>
> On Dec 15, 2008, at 2:32 PM, Jeremy Matthews wrote:
>
> Well,
> I suppose running a script only once is not a problem, since you can have
> it issue a command to securely delete itself after complete.
>
> You can create a user-specific launchd item, so you're covered there as
> well. Since I haven't tried to do using this method I suppose if you wanted
> to run something only at first login, you could create a loginhook which
> executes said scripts, and then create a logouthook which deletes the
> loginhook and the logout hook.
>
> Would that work?
>
> -j
>
> On Dec 15, 2008, at 3:21 PM, Thomas Larkin wrote:
>
> That is pretty much exactly what I want to do.   I am familiar with all the
> commands since I already have scripts that do all of this.  However, I am
> looking for a script that only runs for the local admin account and only
> runs at first log in.  We image behind routers at times and these routers
> run NAT so it doesn't always hit the JSS since I don't have FQDN set up and
> all the forwarding, etc on each router.  We also run CompuTrace which is MAC
> address sensitive which is why I have the NIC and Airport turned off in the
> master image.
>
> I found really when mass imaging machines block copying performs faster
> than package based deployment and I never image one to 4 machines at a time.
>  I always image over 10 at a time if I can, if not more than that even.  So,
> I like to block copy and have all the basics in the main image.
>
> So when someone from my department images a machine they just log in as
> local admin once, it runs all it needs to do, then it shuts down the
> machine.  So they can log in and walk away and when they come back they can
> toss it in a laptop cart.
>
> Overall, not a huge deal but it wold definitely make our lives like 1 or 2
> percent easier.
>
> thanks,
>
> >>> Jeremy Matthews <jeremymatthews at mac.com> 12/15/08 2:08 PM >>>
> We actually do this in a few spots.
>
> We have several packages and scripts that run after a machine is
> booted for the first time via LaunchDaemon (some after someone first
> logs in) - this does a number of things, including:
>
> 1) Renaming the system volume so our scripts actually work!
> 2) installing casper and creating a casper-only service account
> 3) creating a new hidden admin account (and removing the temporary one)
> 4) installing computrace
> 5) creating a loginhook for all users
> 6) naming the machine
> 7) setting ARD access
> 8) Installing certs and binding to our OD Server via SSL
> 9) Cleaning up caches
> 10) Fixing permissions
> ....etc
>
> ....then the script securely deletes each item, including the
> LaunchDaemon, while securely deleting itself last.
> Works great!
>
> -jeremy
>
>
> <ATT00001.txt>
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081215/9d377592/attachment.html 

From tlarki at kckps.org  Tue Dec 16 07:02:22 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Tue, 16 Dec 2008 09:02:22 -0600
Subject: [Casper] what happens when a logic board is replaced
Message-ID: <49476E9E.7141.0039.0@kckps.org>

does it just update the MAC address of the built in ethernet in Inventory?  Does it create a new entry? 

What exactly happens?  Anyone know for sure? 
___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/95d360b8/attachment.html 

From swood at integerdallas.com  Tue Dec 16 07:41:53 2008
From: swood at integerdallas.com (Steve Wood)
Date: Tue, 16 Dec 2008 09:41:53 -0600
Subject: [Casper] what happens when a logic board is replaced
In-Reply-To: <49476E9E.7141.0039.0@kckps.org>
Message-ID: <C56D2861.197B6%swood@integerdallas.com>

I just did an MLB replacement on an MBP, and oddly enough the old MAC addr
is showing up in Casper.  Strange.  I even re-ran Recon to make sure I was
getting up to date information.


Steve Wood
Director of IT
swood at integerdallas.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475





From: Thomas Larkin <tlarki at kckps.org>
Date: Tue, 16 Dec 2008 09:02:22 -0600
To: <casper at list.jamfsoftware.com>
Subject: [Casper] what happens when a logic board is replaced

   

 does it just update the MAC address of the built in ethernet in Inventory?
Does it create a new entry?

       

 What exactly happens?  Anyone know for sure?
 
___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351







_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper



--
The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential.  If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission.  Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited.  Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/bc7604cf/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 3707 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/bc7604cf/attachment.jpe 

From miles.leacy at themacadmin.com  Tue Dec 16 07:47:35 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Tue, 16 Dec 2008 10:47:35 -0500
Subject: [Casper] what happens when a logic board is replaced
In-Reply-To: <49476E9E.7141.0039.0@kckps.org>
References: <49476E9E.7141.0039.0@kckps.org>
Message-ID: <ec2e75ff0812160747q7642ac01r6b9235086d075604@mail.gmail.com>

If I recall correctly, the JSS database stores more MAC addresses than
display in the interface.  Perhaps the new MLB's address(es) are being added
to the empty fields?  I assume the repair facility reset the new MLB's
serial number to match your original SN?
This is just a guess based on half-remembered info.  Perhaps a call to
support for a definitive answer?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/16 Thomas Larkin <tlarki at kckps.org>

>  does it just update the MAC address of the built in ethernet in
> Inventory?  Does it create a new entry?
>
>  What exactly happens?  Anyone know for sure?
>
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
>
>
>
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/b45b5c0e/attachment.htm 

From william.smith at merrillcorp.com  Tue Dec 16 08:02:43 2008
From: william.smith at merrillcorp.com (Smith, William)
Date: Tue, 16 Dec 2008 10:02:43 -0600
Subject: [Casper] what happens when a logic board is replaced
In-Reply-To: <49476E9E.7141.0039.0@kckps.org>
Message-ID: <C56D2D43.8026%william.smith@merrillcorp.com>

On 12/16/08 9:02 AM, "Thomas Larkin" <tlarki at kckps.org> wrote:

>  does it just update the MAC address of the built in ethernet in Inventory?
> Does it create a new entry?

When we've had repairs that require replacing the motherboard and the MAC
address has changed then the JSS has treated those machines as having
duplicate computer names. Once we updated the JSS records for the machines
with the new MACs then all is well.

-- 

bill

William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492


From ERNSTCS at uwec.edu  Tue Dec 16 08:08:38 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Tue, 16 Dec 2008 10:08:38 -0600
Subject: [Casper] what happens when a logic board is replaced
In-Reply-To: <ec2e75ff0812160747q7642ac01r6b9235086d075604@mail.gmail.com>
Message-ID: <C56D2EA6.11EC1%ernstcs@uwec.edu>

I just had my MBP board replaced. It still is recognized as the same unit computer in the JSS. However, my serial number now equals "System Serial#".

My wired NIC (en0) is a different Mac address, but my Airport (en1) is the same. If none of the MAC addresses matched up for some reason then the JSS is likely to treat it as a whole new system.

I think I recall that the JSS does store more than the two visible MAC addresses for this particular scenario.

Craig E

On 12/16/08 9:47 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

If I recall correctly, the JSS database stores more MAC addresses than display in the interface.  Perhaps the new MLB's address(es) are being added to the empty fields?  I assume the repair facility reset the new MLB's serial number to match your original SN?

This is just a guess based on half-remembered info.  Perhaps a call to support for a definitive answer?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




2008/12/16 Thomas Larkin <tlarki at kckps.org>



 does it just update the MAC address of the built in ethernet in Inventory?  Does it create a new entry?



 What exactly happens?  Anyone know for sure?

___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351






_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/6350fa51/attachment.htm 

From HPOSTMAN at capousd.org  Tue Dec 16 08:11:28 2008
From: HPOSTMAN at capousd.org (Postman, Hillary)
Date: Tue, 16 Dec 2008 08:11:28 -0800
Subject: [Casper] what happens when a logic board is replaced
In-Reply-To: <C56D2EA6.11EC1%ernstcs@uwec.edu>
Message-ID: <C56D1330.1373D%HPOSTMAN@capousd.org>

Apple has a tool you can download called System Board Serializer or
something like that.... You can set your new serial# with it on new/replaced
boards.


On 12/16/08 8:08 AM, "Ernst, Craig S." <ERNSTCS at uwec.edu> wrote:

> I just had my MBP board replaced. It still is recognized as the same unit
> computer in the JSS. However, my serial number now equals ?System Serial#?.
> 
> My wired NIC (en0) is a different Mac address, but my Airport (en1) is the
> same. If none of the MAC addresses matched up for some reason then the JSS is
> likely to treat it as a whole new system.
> 
> I think I recall that the JSS does store more than the two visible MAC
> addresses for this particular scenario.
> 
> Craig E
> 
> On 12/16/08 9:47 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:
> 
>> If I recall correctly, the JSS database stores more MAC addresses than
>> display in the interface.  Perhaps the new MLB's address(es) are being added
>> to the empty fields?  I assume the repair facility reset the new MLB's serial
>> number to match your original SN?
>> 
>> This is just a guess based on half-remembered info.  Perhaps a call to
>> support for a definitive answer?
>> 
>> ----------
>> Miles A. Leacy IV
>> 
>> ? Certified System Administrator 10.4
>> ? Certified Technical Coordinator 10.5
>> ? Certified Trainer
>> Certified Casper Administrator
>> ----------
>> voice: 1-347-277-7321
>> miles.leacy at themacadmin.com
>> www.themacadmin.com <http://www.themacadmin.com>
>> 
>> 
>> 
>> 
>> 2008/12/16 Thomas Larkin <tlarki at kckps.org>
>>>      
>>>  
>>> 
>>>  does it just update the MAC address of the built in ethernet in Inventory?
>>> Does it create a new entry?
>>> 
>>>        
>>> 
>>>  What exactly happens?  Anyone know for sure?
>>>  
>>> ___________________________
>>> Thomas Larkin
>>> TIS Department
>>> KCKPS USD500
>>> tlarki at kckps.org
>>> blackberry:  913-449-7589
>>> office:  913-627-0351
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Casper mailing list
>>> Casper at list.jamfsoftware.com
>>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>> 
>> 
>> 
> 
> 
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper



This communication and any documents, files, or previous e-mail 
messages attached to it constitute an electronic communication within 
the scope of the Electronic Communication Privacy Act, 18 USCA 2510.  
This communication may contain non-public, confidential, or legally 
privileged information intended for the sole use of the designated 
recipient(s).  The unlawful interception, use or disclosure of such 
information is strictly prohibited under 18 USCA 2511 and any 
applicable laws.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/69536c94/attachment.html 

From ERNSTCS at uwec.edu  Tue Dec 16 08:18:46 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Tue, 16 Dec 2008 10:18:46 -0600
Subject: [Casper] what happens when a logic board is replaced
In-Reply-To: <C56D1330.1373D%HPOSTMAN@capousd.org>
Message-ID: <C56D3106.11EC9%ernstcs@uwec.edu>

This is true, but I'm not sure everyone has access to download that tool from Apple I believe. I'm more annoyed the service company didn't just DO IT. =) They should, if you have this issue and wanted to go back and make them.

Craig E

On 12/16/08 10:11 AM, "Postman, Hillary" <HPOSTMAN at capousd.org> wrote:

Apple has a tool you can download called System Board Serializer or something like that.... You can set your new serial# with it on new/replaced boards.


On 12/16/08 8:08 AM, "Ernst, Craig S." <ERNSTCS at uwec.edu> wrote:

I just had my MBP board replaced. It still is recognized as the same unit computer in the JSS. However, my serial number now equals "System Serial#".

My wired NIC (en0) is a different Mac address, but my Airport (en1) is the same. If none of the MAC addresses matched up for some reason then the JSS is likely to treat it as a whole new system.

I think I recall that the JSS does store more than the two visible MAC addresses for this particular scenario.

Craig E

On 12/16/08 9:47 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

If I recall correctly, the JSS database stores more MAC addresses than display in the interface.  Perhaps the new MLB's address(es) are being added to the empty fields?  I assume the repair facility reset the new MLB's serial number to match your original SN?

This is just a guess based on half-remembered info.  Perhaps a call to support for a definitive answer?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




2008/12/16 Thomas Larkin <tlarki at kckps.org>



 does it just update the MAC address of the built in ethernet in Inventory?  Does it create a new entry?



 What exactly happens?  Anyone know for sure?

___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351






_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper




________________________________
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper
________________________________
This communication and any documents, files, or previous e-mail
messages attached to it constitute an electronic communication within
the scope of the Electronic Communication Privacy Act, 18 USCA 2510.
This communication may contain non-public, confidential, or legally
privileged information intended for the sole use of the designated
recipient(s).  The unlawful interception, use or disclosure of such
information is strictly prohibited under 18 USCA 2511 and any
applicable laws.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/9af5df23/attachment.htm 

From swood at integerdallas.com  Tue Dec 16 08:24:57 2008
From: swood at integerdallas.com (Steve Wood)
Date: Tue, 16 Dec 2008 10:24:57 -0600
Subject: [Casper] what happens when a logic board is replaced
In-Reply-To: <ec2e75ff0812160747q7642ac01r6b9235086d075604@mail.gmail.com>
Message-ID: <C56D3279.197CC%swood@integerdallas.com>

I did the replacement myself and made sure I serialized the board properly,
so that isn?t an issue as it does match what was it was previously.  I?ll
have to check the DB to see if there are more MAC addresses hiding out
somewhere.


Steve Wood
Director of IT
swood at integerdallas.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475





From: Miles Leacy <miles.leacy at themacadmin.com>
Date: Tue, 16 Dec 2008 10:47:35 -0500
To: Thomas Larkin <tlarki at kckps.org>
Cc: <casper at list.jamfsoftware.com>
Subject: Re: [Casper] what happens when a logic board is replaced

If I recall correctly, the JSS database stores more MAC addresses than
display in the interface.  Perhaps the new MLB's address(es) are being added
to the empty fields?  I assume the repair facility reset the new MLB's
serial number to match your original SN?

This is just a guess based on half-remembered info.  Perhaps a call to
support for a definitive answer?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




2008/12/16 Thomas Larkin <tlarki at kckps.org>
>      
>  
> 
>  does it just update the MAC address of the built in ethernet in Inventory?
> Does it create a new entry?
> 
>        
> 
>  What exactly happens?  Anyone know for sure?
>  
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
> 



_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper



--
The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential.  If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission.  Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited.  Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/ae67572f/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 3707 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/ae67572f/attachment.jpe 

From miles.leacy at themacadmin.com  Tue Dec 16 08:30:12 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Tue, 16 Dec 2008 11:30:12 -0500
Subject: [Casper] what happens when a logic board is replaced
In-Reply-To: <C56D3106.11EC9%ernstcs@uwec.edu>
References: <C56D1330.1373D%HPOSTMAN@capousd.org>
	<C56D3106.11EC9%ernstcs@uwec.edu>
Message-ID: <ec2e75ff0812160830s295ac92fkec58a0cde1614684@mail.gmail.com>

Unless things have changed since I was a service tech, distributing and/or
using the board serializer outside of an Apple Authorized Service Center
violates several Apple agreements (that's not a judgement, just
information)  The service technician should reset the SN when a logic board
is replaced.
I imagine that in cases, where the MLB was replaced, but the airport card
was not, the JSS has a known MAC to identify the machine with.  If the MLB
and airport are replaced, my guess is that the JSS would treat it as a new
machine.  I believe bluetooth also has a MAC address, but in most Macs
today, BT is part of the same hardware module as airport, so if airport is
replaced, so is BT.

Again, this is all guesswork until someone asks JAMF.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/16 Ernst, Craig S. <ERNSTCS at uwec.edu>

>  This is true, but I'm not sure everyone has access to download that tool
> from Apple I believe. I'm more annoyed the service company didn't just DO
> IT. =) They should, if you have this issue and wanted to go back and make
> them.
>
> Craig E
>
>
> On 12/16/08 10:11 AM, "Postman, Hillary" <HPOSTMAN at capousd.org> wrote:
>
> Apple has a tool you can download called System Board Serializer or
> something like that.... You can set your new serial# with it on new/replaced
> boards.
>
>
> On 12/16/08 8:08 AM, "Ernst, Craig S." <ERNSTCS at uwec.edu> wrote:
>
> I just had my MBP board replaced. It still is recognized as the same unit
> computer in the JSS. However, my serial number now equals "System Serial#".
>
> My wired NIC (en0) is a different Mac address, but my Airport (en1) is the
> same. If none of the MAC addresses matched up for some reason then the JSS
> is likely to treat it as a whole new system.
>
> I think I recall that the JSS does store more than the two visible MAC
> addresses for this particular scenario.
>
> Craig E
>
> On 12/16/08 9:47 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:
>
> If I recall correctly, the JSS database stores more MAC addresses than
> display in the interface.  Perhaps the new MLB's address(es) are being added
> to the empty fields?  I assume the repair facility reset the new MLB's
> serial number to match your original SN?
>
> This is just a guess based on half-remembered info.  Perhaps a call to
> support for a definitive answer?
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
>
>
>
>
> 2008/12/16 Thomas Larkin <tlarki at kckps.org>
>
>
>
>
>  does it just update the MAC address of the built in ethernet in
> Inventory?  Does it create a new entry?
>
>
>
>  What exactly happens?  Anyone know for sure?
>
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
>
>
>
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
>
>
> ------------------------------
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
> ------------------------------
> This communication and any documents, files, or previous e-mail
> messages attached to it constitute an electronic communication within
> the scope of the Electronic Communication Privacy Act, 18 USCA 2510.
> This communication may contain non-public, confidential, or legally
> privileged information intended for the sole use of the designated
> recipient(s).  The unlawful interception, use or disclosure of such
> information is strictly prohibited under 18 USCA 2511 and any
> applicable laws.
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/7e88ceca/attachment.htm 

From tlarki at kckps.org  Tue Dec 16 09:06:52 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Tue, 16 Dec 2008 11:06:52 -0600
Subject: [Casper] what happens when a logic board is replaced
In-Reply-To: <ec2e75ff0812160830s295ac92fkec58a0cde1614684@mail.gmail.com>
References: <C56D1330.1373D%HPOSTMAN@capousd.org>
	<C56D3106.11EC9%ernstcs@uwec.edu>
	<ec2e75ff0812160830s295ac92fkec58a0cde1614684@mail.gmail.com>
Message-ID: <49478BCC.7141.0039.0@kckps.org>

You can have self maintainer status and get full access to GSX.  I keep
my OS and hardware certs up to date every year so I can do in house
repairs, get warranty reimbursements and of course have full access to
GSX and all of it's tools, like the serial number tool, ASD diagnostics,
etc etc. 

The reason I ask is that we have some machines that have not checked in
our network for a while and we are wondering where they are at.  We do
out source all of our hardware repairs of anything major to a third
party.  There are 5 of us total, and we manage 6,542 Macs now.  No way
any of us have the time to do component level repair on Mac laptops
unless it is like popping a key back on or swapping out RAM. 

I was wondering if a machine came back from repair with new logic board
if it treated it like a new machine.  I do see machines with the same
name in our database as well, and it is represented by the computername
with a (2) at the end of it.

>>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/16/08 10:30 AM >>>
Unless things have changed since I was a service tech, distributing
and/or using the board serializer outside of an Apple Authorized Service
Center violates several Apple agreements (that's not a judgement, just
information)  The service technician should reset the SN when a logic
board is replaced. 


I imagine that in cases, where the MLB was replaced, but the airport
card was not, the JSS has a known MAC to identify the machine with.  If
the MLB and airport are replaced, my guess is that the JSS would treat
it as a new machine.  I believe bluetooth also has a MAC address, but in
most Macs today, BT is part of the same hardware module as airport, so
if airport is replaced, so is BT. 



Again, this is all guesswork until someone asks JAMF. 

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com





2008/12/16 Ernst, Craig S. 
<ERNSTCS at uwec.edu> 




This is true, but I'm not sure everyone has access to download that tool
from Apple I believe. I'm more annoyed the service company didn't just
DO IT. =) They should, if you have this issue and wanted to go back and
make them.

Craig E 




On 12/16/08 10:11 AM, "Postman, Hillary" <HPOSTMAN at capousd.org> wrote:



Apple has a tool you can download called System Board Serializer or
something like that.... You can set your new serial# with it on
new/replaced boards.


On 12/16/08 8:08 AM, "Ernst, Craig S." <ERNSTCS at uwec.edu> wrote:


I just had my MBP board replaced. It still is recognized as the same
unit computer in the JSS. However, my serial number now equals "System
Serial#".

My wired NIC (en0) is a different Mac address, but my Airport (en1) is
the same. If none of the MAC addresses matched up for some reason then
the JSS is likely to treat it as a whole new system.

I think I recall that the JSS does store more than the two visible MAC
addresses for this particular scenario.

Craig E

On 12/16/08 9:47 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:


If I recall correctly, the JSS database stores more MAC addresses than
display in the interface.  Perhaps the new MLB's address(es) are being
added to the empty fields?  I assume the repair facility reset the new
MLB's serial number to match your original SN?

This is just a guess based on half-remembered info.  Perhaps a call to
support for a definitive answer?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




2008/12/16 Thomas Larkin <tlarki at kckps.org>

    
 

  

does it just update the MAC address of the built in ethernet in
Inventory?  Does it create a new entry? 

KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351






_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper







_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper

This communication and any documents, files, or previous e-mail
messages attached to it constitute an electronic communication within
the scope of the Electronic Communication Privacy Act, 18 USCA 2510.  
This communication may contain non-public, confidential, or legally
privileged information intended for the sole use of the designated
recipient(s).  The unlawful interception, use or disclosure of such
information is strictly prohibited under 18 USCA 2511 and any
applicable laws.



_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/c1b8388c/attachment.html 

From Rich.Dagel at landor.com  Tue Dec 16 12:06:27 2008
From: Rich.Dagel at landor.com (Dagel, Rich)
Date: Tue, 16 Dec 2008 12:06:27 -0800
Subject: [Casper] 10.5.6 Server and Casper
Message-ID: <C56D4A43.23D9C%Rich.Dagel@landor.com>

Anyone installed the update yet on their jss server?  Wondering if there are
any issues with the update and the jss.

Rich

Rich Dagel
Senior Technology Specialist

Landor Associates
1001 Front Street
San Francisco, CA 94111
United States
415 365 3933
http://www.landor.com
Rich.Dagel at landor.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/2d7e4d00/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 580 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/2d7e4d00/attachment.gif 

From ERNSTCS at uwec.edu  Tue Dec 16 12:11:49 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Tue, 16 Dec 2008 14:11:49 -0600
Subject: [Casper] 10.5.6 Server and Casper
In-Reply-To: <C56D4A43.23D9C%Rich.Dagel@landor.com>
Message-ID: <C56D67A5.11F01%ernstcs@uwec.edu>

I can let you know next week...not doing any updates until Finals week is over. I realize that's not helpful, and I'm sure someone will be doing that before I get back to you. Are you anticipating problems?

Craig


On 12/16/08 2:06 PM, "Dagel, Rich" <Rich.Dagel at landor.com> wrote:

Anyone installed the update yet on their jss server?  Wondering if there are any issues with the update and the jss.

Rich

Rich Dagel
Senior Technology Specialist
[cid:3312281509_13089]
Landor Associates
1001 Front Street
San Francisco, CA 94111
United States
415 365 3933
http://www.landor.com
Rich.Dagel at landor.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/62108493/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.gif
Type: image/gif
Size: 580 bytes
Desc: image.gif
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/62108493/attachment.gif 

From swood at integerdallas.com  Tue Dec 16 12:43:28 2008
From: swood at integerdallas.com (Steve Wood)
Date: Tue, 16 Dec 2008 14:43:28 -0600
Subject: [Casper] 10.5.6 Server and Casper
In-Reply-To: <C56D67A5.11F01%ernstcs@uwec.edu>
Message-ID: <C56D6F10.1982B%swood@integerdallas.com>

I?ve actually been running 10.5.6 on my JSS since Thanksgiving weekend.  I
know, putting a beta on a production server is not a good idea.
Fortunately, we are such a small shop that the thought of re-installing the
server wasn?t that bad of an idea.  And besides, I was having issues at
10.5.5 with the server becoming unresponsive every few days.

I?ve had no problems with JSS since the upgrade, and I?ll be upgrading to
the final release later today or tomorrow.


Steve Wood
Director of IT
swood at integerdallas.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475




From: "Ernst, Craig S." <ERNSTCS at uwec.edu>
Date: Tue, 16 Dec 2008 14:11:49 -0600
To: Casper List <casper at list.jamfsoftware.com>
Subject: Re: [Casper] 10.5.6 Server and Casper

I can let you know next week...not doing any updates until Finals week is
over. I realize that?s not helpful, and I?m sure someone will be doing that
before I get back to you. Are you anticipating problems?

Craig


On 12/16/08 2:06 PM, "Dagel, Rich" <Rich.Dagel at landor.com> wrote:

> Anyone installed the update yet on their jss server?  Wondering if there are
> any issues with the update and the jss.
> 
> Rich
> 
> Rich Dagel
> Senior Technology Specialist
> 
> Landor Associates
> 1001 Front Street
> San Francisco, CA 94111
> United States
> 415 365 3933
> http://www.landor.com
> Rich.Dagel at landor.com
> 


_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper



--
The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential.  If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission.  Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited.  Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/fb4697b7/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 580 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/fb4697b7/attachment.gif 

From tlarki at kckps.org  Tue Dec 16 13:00:03 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Tue, 16 Dec 2008 15:00:03 -0600
Subject: [Casper] 10.5.6 Server and Casper
In-Reply-To: <C56D67A5.11F01%ernstcs@uwec.edu>
References: <C56D4A43.23D9C%Rich.Dagel@landor.com>
	<C56D67A5.11F01%ernstcs@uwec.edu>
Message-ID: <4947C273.7141.0039.0@kckps.org>

10.5 has been nothing but problems here, and since I finally started to
stablize everything in 10.5.5 I am staying there until I can do a
complete wipe and rebuild of OD, LDAP, and reimport all users and groups
fresh.  So, not until June when school is out.

>>> "Ernst, Craig S." <ERNSTCS at uwec.edu> 12/16/08 2:11 PM >>>

I can let you know next week...not doing any updates until Finals week
is over. I realize that?s not helpful, and I?m sure someone will be
doing that before I get back to you. Are you anticipating problems?

Craig


On 12/16/08 2:06 PM, "Dagel, Rich" <Rich.Dagel at landor.com> wrote:


Anyone installed the update yet on their jss server?  Wondering if there
are any issues with the update and the jss.

Rich


Rich Dagel
Senior Technology Specialist

Landor Associates
1001 Front Street
San Francisco, CA 94111
United States
415 365 3933
http://www.landor.com

Rich.Dagel at landor.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/d3481ff7/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 580 bytes
Desc: CompuServe GIF graphic
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/d3481ff7/attachment.gif 

From jstrauss at loyolahs.edu  Tue Dec 16 13:09:26 2008
From: jstrauss at loyolahs.edu (Jeff Strauss)
Date: Tue, 16 Dec 2008 13:09:26 -0800
Subject: [Casper] 10.5.6 Server and Casper
In-Reply-To: <4947C273.7141.0039.0@kckps.org>
Message-ID: <C56D5907.2EB0%jstrauss@loyolahs.edu>

Ugh that sounds like a good idea, but screwed up print management is killing me over here. I think I'm gonna start fresh during the holiday break.


On 12/16/08 1:00 PM, "Thomas Larkin" <tlarki at kckps.org> wrote:



 10.5 has been nothing but problems here, and since I finally started to stablize everything in 10.5.5 I am staying there until I can do a complete wipe and rebuild of OD, LDAP, and reimport all users and groups fresh.  So, not until June when school is out.

>>> "Ernst, Craig S." <ERNSTCS at uwec.edu> 12/16/08 2:11 PM >>>




 I can let you know next week...not doing any updates until Finals week is over. I realize that's not helpful, and I'm sure someone will be doing that before I get back to you. Are you anticipating problems?

Craig


On 12/16/08 2:06 PM, "Dagel, Rich" <Rich.Dagel at landor.com> wrote:







 Anyone installed the update yet on their jss server?  Wondering if there are any issues with the update and the jss.

Rich






 Rich Dagel
Senior Technology Specialist
[cid:3312277767_1128478]
Landor Associates
1001 Front Street
San Francisco, CA 94111
United States
415 365 3933
http://www.landor.com <http://www.landor.com>





 Rich.Dagel at landor.com <Rich.Dagel at landor.com>











Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121 x265

Please consider the environment before printing this e-mail.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/5fb6b2bf/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.gif
Type: image/gif
Size: 580 bytes
Desc: image.gif
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081216/5fb6b2bf/attachment.gif 

From CMyers at uclan.ac.uk  Wed Dec 17 01:12:40 2008
From: CMyers at uclan.ac.uk (Criss  Myers)
Date: Wed, 17 Dec 2008 09:12:40 +0000
Subject: [Casper] inventory section of the JSS
Message-ID: <4948C288.BB96.0081.0@uclan.ac.uk>

Hi Guys 

Im running the latest version of Casper and the JSS and 10.5.5 Server 

Has anyone had any problems with the Inventory Recon section? 

My recon data is incorrect, it reports that computers do not have 10.5.5 when they clearly do, as well the receipts section states that i do not have the latest safari update installed on any mac, yet the receipt is clearly in the list on the computers. This means that i cannot create accurate smart groups based on system version or installed software. 

I have tried to make a policy that runs the inventory option under Advanced , "Update Inventory", but its only runs on 14 out of 242 macs, i created a second policy and that again did not run, but if i edit the policy and change the settings to say "run command LS" then it runs no problem, so its only the update inventory that doesnt run. 

Has anyone else had this problem? 

Criss 
Criss Myers
Senior Customer Support Analyst (Mac Services)
Apple Certified Technical Coordinator v10.5
LIS Business Support Team
Library 301
University of Central Lancashire
Preston PR1 2HE
Ex 5054
01772 895054


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081217/d08e39cb/attachment.htm 

From jared.nichols at ll.mit.edu  Wed Dec 17 10:55:08 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Wed, 17 Dec 2008 13:55:08 -0500
Subject: [Casper] Office 2008 12.1.5 Update
Message-ID: <C56EB53D.17835%jared.nichols@ll.mit.edu>

Has anyone tried deploying the .mpkg for the 12.1.5 update?  Does it work as is?

Thanks

j
--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081217/f46f530b/attachment.htm 

From william.smith at merrillcorp.com  Wed Dec 17 13:14:33 2008
From: william.smith at merrillcorp.com (Smith, William)
Date: Wed, 17 Dec 2008 15:14:33 -0600
Subject: [Casper] Office 2008 12.1.5 Update
In-Reply-To: <C56EB53D.17835%jared.nichols@ll.mit.edu>
Message-ID: <C56EC7D9.8090%william.smith@merrillcorp.com>

On 12/17/08 12:55 PM, "Nichols, Jared" <jared.nichols at ll.mit.edu> wrote:

> Has anyone tried deploying the .mpkg for the 12.1.5 update?  Does it work as
> is?

I?ve deployed it to about five machines that are all running 10.4.x. No
problems for us so far.

Several folks in the Microsoft Entourage newsgroup are reporting problems
with Entourage not saving account passwords to the Keychain after the
install. No one is sure why yet but a couple of us think it may be specific
to users updating from a certain point level. If this happens then the
workaround is to remove Office, re-install Office and then apply the 12.1.0
and 12.1.5 updates. Some folks may have received later Office 2008 DVDs that
are already patched to 12.1.0 and will only need to apply the 12.1.5 update.

This is a mini-combo update that will update 12.1.0 through 12.1.4
installations. 

-- 

bill

William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492


From cmyers at uclan.ac.uk  Wed Dec 17 14:48:31 2008
From: cmyers at uclan.ac.uk (Criss Myers)
Date: Wed, 17 Dec 2008 22:48:31 +0000
Subject: [Casper] Office 2008 12.1.5 Update
In-Reply-To: <C56EB53D.17835%jared.nichols@ll.mit.edu>
References: <C56EB53D.17835%jared.nichols@ll.mit.edu>
Message-ID: <2A2C4252-3F4E-421C-9EAB-77BE4947747C@uclan.ac.uk>

Yes I've deployed and it worked d
Fine

On 17 Dec 2008, at 18:55, "Nichols, Jared" <jared.nichols at ll.mit.edu>  
wrote:

> Has anyone tried deploying the .mpkg for the 12.1.5 update?  Does it  
> work as is?
>
> Thanks
>
> j
> -- 
> Jared Nichols
> ISD Infrastructure and Operations ? Desktop Engineering
> MIT Lincoln Laboratory
> 244 Wood St.
> Lexington, MA 02420-9108
> (781) 981-5500
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081217/eba22858/attachment.html 

From john_wetter at hopkins.k12.mn.us  Wed Dec 17 23:20:02 2008
From: john_wetter at hopkins.k12.mn.us (John Wetter)
Date: Thu, 18 Dec 2008 01:20:02 -0600
Subject: [Casper] Office 2008 12.1.5 Update
In-Reply-To: <2A2C4252-3F4E-421C-9EAB-77BE4947747C@uclan.ac.uk>
References: <C56EB53D.17835%jared.nichols@ll.mit.edu>,
	<2A2C4252-3F4E-421C-9EAB-77BE4947747C@uclan.ac.uk>
Message-ID: <4058FCBF8DBA6646855ABFA27F869E51FF0A670B97@EXCHANGE.hopkins.hopkinsschools.org>

Everyone that says you've deployed it, did you deploy it using Casper?  We've had an issue where if we tried deploying any of the office 2008 updates using Casper, we get this error: "A version of the software required to install this update was not found on this volume."

Are you guys trying Casper on 12.1.5 and it is no longer doing this?  At least through 12.1.4 we've tried everything here: http://www.entourage.mvps.org/error/not_found.html and haven't been able to get Casper to deploy updates.

I had hoped that with Office 2008 I could stop doing the "uninstall/reinstall the whole thing" just to deploy a simple update now that the updaters were mpkg's.

-John

--
John Wetter
Technology Support Administrator
Technology & Information Services
Hopkins Public Schools
952-988-5373
john_wetter at hopkins.k12.mn.us
________________________________
From: casper-bounces at list.jamfsoftware.com [casper-bounces at list.jamfsoftware.com] On Behalf Of Criss Myers [cmyers at uclan.ac.uk]
Sent: Wednesday, December 17, 2008 4:48 PM
To: Nichols, Jared
Cc: Casper List
Subject: Re: [Casper] Office 2008 12.1.5 Update

Yes I've deployed and it worked d
Fine

On 17 Dec 2008, at 18:55, "Nichols, Jared" <jared.nichols at ll.mit.edu<mailto:jared.nichols at ll.mit.edu>> wrote:

Has anyone tried deploying the .mpkg for the 12.1.5 update?  Does it work as is?

Thanks

j
--
Jared Nichols
ISD Infrastructure and Operations ? Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com<mailto:Casper at list.jamfsoftware.com>
http://list.jamfsoftware.com/mailman/listinfo/casper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/3fcf75be/attachment.htm 

From CMyers at uclan.ac.uk  Thu Dec 18 00:14:19 2008
From: CMyers at uclan.ac.uk (Criss  Myers)
Date: Thu, 18 Dec 2008 08:14:19 +0000
Subject: [Casper] Office 2008 12.1.5 Update
In-Reply-To: <4058FCBF8DBA6646855ABFA27F869E51FF0A670B97@EXCHANGE.hopkins.hopkinsschools.org>
References: <C56EB53D.17835%jared.nichols@ll.mit.edu>,
	<2A2C4252-3F4E-421C-9EAB-77BE4947747C@uclan.ac.uk>
	<4058FCBF8DBA6646855ABFA27F869E51FF0A670B97@EXCHANGE.hopkins.hopkinsschools.org>
Message-ID: <494A065A.BB96.0081.0@uclan.ac.uk>

Hi John, 

Yes i use capser 6 and os x 10.5.5, i got that error and what i meant
was a permissions issue or the contents of the mpkg, what you need to do
is propergate the permissions on the casper share, then it worked fine, 

Criss


Criss Myers
Senior Customer Support Analyst (Mac Services)
Apple Certified Technical Coordinator v10.5
LIS Business Support Team
Library 301
University of Central Lancashire
Preston PR1 2HE
Ex 5054
01772 895054

>>> On Thu, Dec 18, 2008 at  7:20 AM, in message
<4058FCBF8DBA6646855ABFA27F869E51FF0A670B97 at EXCHANGE.hopkins.hopkinsschools.org>,
John Wetter <john_wetter at hopkins.k12.mn.us> wrote:

Everyone that says you've deployed it, did you deploy it using Casper? 
We've had an issue where if we tried deploying any of the office 2008
updates using Casper, we get this error: " 

A version of the software required to install this update was not found
on this volume." 


  

Are you guys trying Casper on 12.1.5 and it is no longer doing this?  At
least through 12.1.4 we've tried everything here:
http://www.entourage.mvps.org/error/not_found.html and haven't been able
to get Casper to deploy updates. 


  

I had hoped that with Office 2008 I could stop doing the
"uninstall/reinstall the whole thing" just to deploy a simple update now
that the updaters were mpkg's. 


  

-John 


--
John Wetter
Technology Support Administrator
Technology & Information Services
Hopkins Public Schools
952-988-5373
john_wetter at hopkins.k12.mn.us 

From: casper-bounces at list.jamfsoftware.com
[casper-bounces at list.jamfsoftware.com] On Behalf Of Criss Myers
[cmyers at uclan.ac.uk]
Sent: Wednesday, December 17, 2008 4:48 PM
To: Nichols, Jared
Cc: Casper List
Subject: Re: [Casper] Office 2008 12.1.5 Update



Yes I've deployed and it worked d 

Fine

On 17 Dec 2008, at 18:55, "Nichols, Jared" <jared.nichols at ll.mit.edu>
wrote:




Has anyone tried deploying the .mpkg for the 12.1.5 update?  Does it
work as is?

Thanks

j
--
Jared Nichols
ISD Infrastructure and Operations * Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500


_______________________________________________ 



Casper mailing list 



Casper at list.jamfsoftware.com 



http://list.jamfsoftware.com/mailman/listinfo/casper 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/2b73f35d/attachment.htm 

From martin-van-diemen at g-star.com  Thu Dec 18 01:24:01 2008
From: martin-van-diemen at g-star.com (Martin van Diemen)
Date: Thu, 18 Dec 2008 10:24:01 +0100
Subject: [Casper] Allow Non-Admin Users to Add Printers in Leopard
Message-ID: <C56FD541.89FA%martin-van-diemen@g-star.com>

Hi,

I want users to be able to add printers without filling in the administrators password.

I did some research and found out that I just need to remove the following lines from the /etc/cups/cupsd.conf:

<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer$
    AuthType Default
    Require user @AUTHKEY(system.print.admin) @admin @lpadmin
    Order deny,allow
</Limit>

Source: http://mattson.edgemereroadrunners.com/?p=291

Does anyone know I can remove these lines with a bash script? I don't want to replace the file by making use of a package.

Thanks in advance!

Kind Regards,

Martin van Diemen

t +31(0) 205677744
__________________

G-Star International B.V.
www.g-star.com

From miles.leacy at themacadmin.com  Thu Dec 18 04:46:47 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Thu, 18 Dec 2008 07:46:47 -0500
Subject: [Casper] Allow Non-Admin Users to Add Printers in Leopard
In-Reply-To: <C56FD541.89FA%martin-van-diemen@g-star.com>
References: <C56FD541.89FA%martin-van-diemen@g-star.com>
Message-ID: <ec2e75ff0812180446h5d13a15co3f3edcc10345886d@mail.gmail.com>

Rather than follow the instructions at the given link, and deleting these
lines, I would add another group to these limit statements.  You could use
"staff" or if you need to keep certain people from messing with printers,
you could create a new group for this purpose.
I wouldn't delete the statements because that's a sledgehammer approach to
the problem.  Instead of giving out a key to the proverbial gate, deletion
tears the gate from its hinges and allows anyone and everyone in.

You can find & replace text using sed.  I'm not great with sed, but I did
develop a script through trial & error to perform this task on another
config file.  I'll pass it on when I get to the office today.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Thu, Dec 18, 2008 at 4:24 AM, Martin van Diemen <
martin-van-diemen at g-star.com> wrote:

> Hi,
>
> I want users to be able to add printers without filling in the
> administrators password.
>
> I did some research and found out that I just need to remove the following
> lines from the /etc/cups/cupsd.conf:
>
> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
> CUPS-Delete-Class CUPS-Set-Default>
>    AuthType Default
>    Require user @SYSTEM
>    Order deny,allow
> </Limit>
> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
> Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
> Deactivate-Printer Activate-Printer Restart-Printer$
>    AuthType Default
>    Require user @AUTHKEY(system.print.admin) @admin @lpadmin
>    Order deny,allow
> </Limit>
>
> Source: http://mattson.edgemereroadrunners.com/?p=291
>
> Does anyone know I can remove these lines with a bash script? I don't want
> to replace the file by making use of a package.
>
> Thanks in advance!
>
> Kind Regards,
>
> Martin van Diemen
>
> t +31(0) 205677744
> __________________
>
> G-Star International B.V.
> www.g-star.com
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/74031568/attachment.html 

From eyoung at thayer.org  Thu Dec 18 05:43:37 2008
From: eyoung at thayer.org (Eric Young)
Date: Thu, 18 Dec 2008 08:43:37 -0500
Subject: [Casper] Office 2008 12.1.5 Update
In-Reply-To: <4058FCBF8DBA6646855ABFA27F869E51FF0A670B97@EXCHANGE.hopkins.hopkinsschools.org>
References: <C56EB53D.17835%jared.nichols@ll.mit.edu>,
	<2A2C4252-3F4E-421C-9EAB-77BE4947747C@uclan.ac.uk>
	<4058FCBF8DBA6646855ABFA27F869E51FF0A670B97@EXCHANGE.hopkins.hopkinsschools.org>
Message-ID: <6078C85B-A15D-4D31-B6C8-BFCB0FDB10EE@thayer.org>

I've not tried deploying via the .pkg (or .mpkg) I use the tried and  
true composer route.  it has worked well for 3 Office updates now.



______-------------------__________---------------_______---------- 
________
Puritanism: The haunting fear that someone, somewhere, may be happy.
   - HL Mencken

Eric Young
eyoung at thayer.org



On Dec 18, 2008, at 2:20 AM, John Wetter wrote:

> Everyone that says you've deployed it, did you deploy it using  
> Casper?  We've had an issue where if we tried deploying any of the  
> office 2008 updates using Casper, we get this error: "A version of  
> the software required to install this update was not found on this  
> volume."
>
> Are you guys trying Casper on 12.1.5 and it is no longer doing  
> this?  At least through 12.1.4 we've tried everything here: http://www.entourage.mvps.org/error/not_found.html 
>  and haven't been able to get Casper to deploy updates.
>
> I had hoped that with Office 2008 I could stop doing the "uninstall/ 
> reinstall the whole thing" just to deploy a simple update now that  
> the updaters were mpkg's.
>
> -John
>
> -- 
> John Wetter
> Technology Support Administrator
> Technology & Information Services
> Hopkins Public Schools
> 952-988-5373
> john_wetter at hopkins.k12.mn.us
> From: casper-bounces at list.jamfsoftware.com [casper-bounces at list.jamfsoftware.com 
> ] On Behalf Of Criss Myers [cmyers at uclan.ac.uk]
> Sent: Wednesday, December 17, 2008 4:48 PM
> To: Nichols, Jared
> Cc: Casper List
> Subject: Re: [Casper] Office 2008 12.1.5 Update
>
> Yes I've deployed and it worked d
> Fine
>
> On 17 Dec 2008, at 18:55, "Nichols, Jared"  
> <jared.nichols at ll.mit.edu> wrote:
>
>> Has anyone tried deploying the .mpkg for the 12.1.5 update?  Does  
>> it work as is?
>>
>> Thanks
>>
>> j
>> -- 
>> Jared Nichols
>> ISD Infrastructure and Operations ? Desktop Engineering
>> MIT Lincoln Laboratory
>> 244 Wood St.
>> Lexington, MA 02420-9108
>> (781) 981-5500
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/ff71eb85/attachment.htm 

From william.smith at merrillcorp.com  Thu Dec 18 05:49:27 2008
From: william.smith at merrillcorp.com (Smith, William)
Date: Thu, 18 Dec 2008 07:49:27 -0600
Subject: [Casper] Office 2008 12.1.5 Update
In-Reply-To: <4058FCBF8DBA6646855ABFA27F869E51FF0A670B97@EXCHANGE.hopkins.hopkinsschools.org>
Message-ID: <C56FB107.1F907%william.smith@merrillcorp.com>

On Thursday 12/18/08 1:20 AM, "John Wetter" <john_wetter at hopkins.k12.mn.us>
wrote:

> Everyone that says you've deployed it, did you deploy it using Casper?  We've
> had an issue where if we tried deploying any of the office 2008 updates using
> Casper, we get this error: "A version of the software required to install this
> update was not found on this volume."

Yes, using Casper. I've heard many reports of the error you mention but have
never seen it myself.

-- 

bill

William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492


From miles.leacy at themacadmin.com  Thu Dec 18 08:02:30 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Thu, 18 Dec 2008 11:02:30 -0500
Subject: [Casper] Allow Non-Admin Users to Add Printers in Leopard
In-Reply-To: <ec2e75ff0812180446h5d13a15co3f3edcc10345886d@mail.gmail.com>
References: <C56FD541.89FA%martin-van-diemen@g-star.com>
	<ec2e75ff0812180446h5d13a15co3f3edcc10345886d@mail.gmail.com>
Message-ID: <ec2e75ff0812180802h76d3181dob173552f33b53fea@mail.gmail.com>

Here are the relevant lines from the script I mentioned:
# find the line containing "KEYSTRING" and replace that line with
"REPLACEMENT LINE"
# and write the resulting modified file to a second file (file.tmp)

/usr/bin/sed -e "s/^KEYSTRING *=.*/REPLACEMENT LINE/" /path/to/original/file
>/path/to/original/file.tmp

# move file.tmp to file

mv /path/to/original/file.tmp /path/to/original/file

I hope this helps.

Of course, if anyone can suggest a simpler find & replace method, I'm all
ears.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Thu, Dec 18, 2008 at 7:46 AM, Miles Leacy <miles.leacy at themacadmin.com>wrote:

> Rather than follow the instructions at the given link, and deleting these
> lines, I would add another group to these limit statements.  You could use
> "staff" or if you need to keep certain people from messing with printers,
> you could create a new group for this purpose.
> I wouldn't delete the statements because that's a sledgehammer approach to
> the problem.  Instead of giving out a key to the proverbial gate, deletion
> tears the gate from its hinges and allows anyone and everyone in.
>
> You can find & replace text using sed.  I'm not great with sed, but I did
> develop a script through trial & error to perform this task on another
> config file.  I'll pass it on when I get to the office today.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
>
> On Thu, Dec 18, 2008 at 4:24 AM, Martin van Diemen <
> martin-van-diemen at g-star.com> wrote:
>
>> Hi,
>>
>> I want users to be able to add printers without filling in the
>> administrators password.
>>
>> I did some research and found out that I just need to remove the following
>> lines from the /etc/cups/cupsd.conf:
>>
>> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
>> CUPS-Delete-Class CUPS-Set-Default>
>>    AuthType Default
>>    Require user @SYSTEM
>>    Order deny,allow
>> </Limit>
>> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
>> Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
>> Deactivate-Printer Activate-Printer Restart-Printer$
>>    AuthType Default
>>    Require user @AUTHKEY(system.print.admin) @admin @lpadmin
>>    Order deny,allow
>> </Limit>
>>
>> Source: http://mattson.edgemereroadrunners.com/?p=291
>>
>> Does anyone know I can remove these lines with a bash script? I don't want
>> to replace the file by making use of a package.
>>
>> Thanks in advance!
>>
>> Kind Regards,
>>
>> Martin van Diemen
>>
>> t +31(0) 205677744
>> __________________
>>
>> G-Star International B.V.
>> www.g-star.com
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/a75a69a0/attachment.htm 

From martin-van-diemen at g-star.com  Thu Dec 18 08:07:43 2008
From: martin-van-diemen at g-star.com (Martin van Diemen)
Date: Thu, 18 Dec 2008 17:07:43 +0100
Subject: [Casper] Allow Non-Admin Users to Add Printers in Leopard
In-Reply-To: <ec2e75ff0812180802h76d3181dob173552f33b53fea@mail.gmail.com>
Message-ID: <C57033DF.8A23%martin-van-diemen@g-star.com>

I'll give that a try.

Thank you!

Kind Regards,

Martin van Diemen

t +31(0) 205677744
__________________

G-Star International B.V.
www.g-star.com


________________________________
From: Miles Leacy <miles.leacy at themacadmin.com>
Date: Thu, 18 Dec 2008 17:02:30 +0100
To: Martin van Diemen <martin-van-diemen at g-star.com>
Cc: Casper List <casper at list.jamfsoftware.com>
Subject: Re: [Casper] Allow Non-Admin Users to Add Printers in Leopard

Here are the relevant lines from the script I mentioned:

# find the line containing "KEYSTRING" and replace that line with "REPLACEMENT LINE"
# and write the resulting modified file to a second file (file.tmp)

/usr/bin/sed -e "s/^KEYSTRING *=.*/REPLACEMENT LINE/" /path/to/original/file >/path/to/original/file.tmp

# move file.tmp to file

mv /path/to/original/file.tmp /path/to/original/file

I hope this helps.

Of course, if anyone can suggest a simpler find & replace method, I'm all ears.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




On Thu, Dec 18, 2008 at 7:46 AM, Miles Leacy <miles.leacy at themacadmin.com> wrote:
Rather than follow the instructions at the given link, and deleting these lines, I would add another group to these limit statements.  You could use "staff" or if you need to keep certain people from messing with printers, you could create a new group for this purpose.

I wouldn't delete the statements because that's a sledgehammer approach to the problem.  Instead of giving out a key to the proverbial gate, deletion tears the gate from its hinges and allows anyone and everyone in.

You can find & replace text using sed.  I'm not great with sed, but I did develop a script through trial & error to perform this task on another config file.  I'll pass it on when I get to the office today.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>





On Thu, Dec 18, 2008 at 4:24 AM, Martin van Diemen <martin-van-diemen at g-star.com> wrote:
Hi,

I want users to be able to add printers without filling in the administrators password.

I did some research and found out that I just need to remove the following lines from the /etc/cups/cupsd.conf:

<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer$
    AuthType Default
    Require user @AUTHKEY(system.print.admin) @admin @lpadmin
    Order deny,allow
</Limit>

Source: http://mattson.edgemereroadrunners.com/?p=291

Does anyone know I can remove these lines with a bash script? I don't want to replace the file by making use of a package.

Thanks in advance!

Kind Regards,

Martin van Diemen

t +31(0) 205677744
__________________

G-Star International B.V.
www.g-star.com <http://www.g-star.com>
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper




From RobbGibson at OfficeMax.com  Thu Dec 18 08:10:21 2008
From: RobbGibson at OfficeMax.com (Gibson, Robb)
Date: Thu, 18 Dec 2008 10:10:21 -0600
Subject: [Casper] Remote Control
In-Reply-To: <C562E714.175C1%jared.nichols@ll.mit.edu>
Message-ID: <C56FD20D.8A9D%RobbGibson@OfficeMax.com>

I think this is the correct settings, but give it a test.

In Sys Prefs> Sharing, click on Remote Management
Click Computer Settings...
Check ?Show Remote Management status in menu bar? on
Check ?Anyone may request permission to control screen? on

If you have a local administrator account, highlight the name in the ?Allow
access for? list and click options.
Uncheck the buttons for ?Observe?, ?Control? and ?Show when being observed?.

On the ARD side, you should now be prompted with a dialogue box when select
a Mac and try to observe or control, asking if you want to ask for
permission.

On the target Mac, they will receive a dialogue box with the option to Share
Screen or cancel.

Hope this helps!


Robb Gibson
System Engineer - eMMS, Publishing Systems
OfficeMax  :  263 Shuman Blvd.  :  Naperville, IL 60563
(630) 864-5242




On 12/8/08 2:00 PM, "Nichols, Jared" <jared.nichols at ll.mit.edu> wrote:

> Maybe a dumb question...
> Is there anyway a client can either be prompted to accept remote desktop or to
> see that someone is viewing/controlling them?  I thought the Apple binoculars
> would reflect this but it doesn?t appear to...
> 
> j

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/fa34798a/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 4528 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/fa34798a/attachment.gif 

From RobbGibson at OfficeMax.com  Thu Dec 18 08:16:18 2008
From: RobbGibson at OfficeMax.com (Gibson, Robb)
Date: Thu, 18 Dec 2008 10:16:18 -0600
Subject: [Casper] Allow Non-Admin Users to Add Printers in Leopard
In-Reply-To: <ec2e75ff0812180446h5d13a15co3f3edcc10345886d@mail.gmail.com>
Message-ID: <C56FD372.8AA0%RobbGibson@OfficeMax.com>

Hi Martin... When we first moved to Leopard (which was at 10.5.2 at the
time), we added ?Require valid-user? to the following:

<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
CUPS-Delete-Class CUPS-Set-Default>
>> AuthType Default
>> Require user @SYSTEM
>> Require valid-user
>> Order deny,allow

That would at least enable end users to add and remove printers either
through an application or in the CUPS admin page. However, since we upgraded
to 10.5.5 a month ago, we found that process no longer works and ended up
removing the two lines you mentioned. I had brought this up to one of our
Apple reps and they replied to system updates would likely reset the CUPS
config file each time you run an incremental update.

I would agree with Miles that blowing away the CUPS statements probably
isn?t the most delicate solution, but I haven?t been able to find a better
one. I wouldn?t say our Mac deployment is huge (100 corporate Macs and
another 100 spread out in retail land), but I?m not going to run around to
add and delete printers because Apple changed that option to admin only.


Robb Gibson
System Engineer - eMMS, Publishing Systems
OfficeMax  :  263 Shuman Blvd.  :  Naperville, IL 60563
(630) 864-5242




On 12/18/08 6:46 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

> Rather than follow the instructions at the given link, and deleting these
> lines, I would add another group to these limit statements.  You could use
> "staff" or if you need to keep certain people from messing with printers, you
> could create a new group for this purpose.
> 
> I wouldn't delete the statements because that's a sledgehammer approach to the
> problem.  Instead of giving out a key to the proverbial gate, deletion tears
> the gate from its hinges and allows anyone and everyone in.
> 
> You can find & replace text using sed.  I'm not great with sed, but I did
> develop a script through trial & error to perform this task on another config
> file.  I'll pass it on when I get to the office today.
> 
> ----------
> Miles A. Leacy IV
> 
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
> 
> 
> 
> 
> On Thu, Dec 18, 2008 at 4:24 AM, Martin van Diemen
> <martin-van-diemen at g-star.com> wrote:
>> Hi,
>> 
>> I want users to be able to add printers without filling in the administrators
>> password.
>> 
>> I did some research and found out that I just need to remove the following
>> lines from the /etc/cups/cupsd.conf:
>> 
>> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
>> CUPS-Delete-Class CUPS-Set-Default>
>>     AuthType Default
>>     Require user @SYSTEM
>>     Order deny,allow
>> </Limit>
>> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
>> Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
>> Deactivate-Printer Activate-Printer Restart-Printer$
>>     AuthType Default
>>     Require user @AUTHKEY(system.print.admin) @admin @lpadmin
>>     Order deny,allow
>> </Limit>
>> 
>> Source: http://mattson.edgemereroadrunners.com/?p=291
>> 
>> Does anyone know I can remove these lines with a bash script? I don't want to
>> replace the file by making use of a package.
>> 
>> Thanks in advance!
>> 
>> Kind Regards,
>> 
>> Martin van Diemen
>> 
>> t +31(0) 205677744
>> __________________
>> 
>> G-Star International B.V.
>> www.g-star.com <http://www.g-star.com>
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
> 
> 
> 
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/e5e5ec6d/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 4528 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/e5e5ec6d/attachment.gif 

From miles.leacy at themacadmin.com  Thu Dec 18 08:21:10 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Thu, 18 Dec 2008 11:21:10 -0500
Subject: [Casper] Allow Non-Admin Users to Add Printers in Leopard
In-Reply-To: <C56FD372.8AA0%RobbGibson@OfficeMax.com>
References: <ec2e75ff0812180446h5d13a15co3f3edcc10345886d@mail.gmail.com>
	<C56FD372.8AA0%RobbGibson@OfficeMax.com>
Message-ID: <ec2e75ff0812180821k17fa2dcay7691b1ea63235b15@mail.gmail.com>

If you want to avoid the "sledgehammer approach" and want to stay ahead of
OS updates, you could run your /etc/cups/cupsd.conf modification script as
an "after" script in the same policy you use to run software update.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Thu, Dec 18, 2008 at 11:16 AM, Gibson, Robb <RobbGibson at officemax.com>wrote:

>  Hi Martin... When we first moved to Leopard (which was at 10.5.2 at the
> time), we added "Require valid-user" to the following:
>
> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
> CUPS-Delete-Class CUPS-Set-Default>
>
> AuthType Default
> Require user @SYSTEM
> Require valid-user
> Order deny,allow
>
>
> That would at least enable end users to add and remove printers either
> through an application or in the CUPS admin page. However, since we upgraded
> to 10.5.5 a month ago, we found that process no longer works and ended up
> removing the two lines you mentioned. I had brought this up to one of our
> Apple reps and they replied to system updates would likely reset the CUPS
> config file each time you run an incremental update.
>
> I would agree with Miles that blowing away the CUPS statements probably
> isn't the most delicate solution, but I haven't been able to find a better
> one. I wouldn't say our Mac deployment is huge (100 corporate Macs and
> another 100 spread out in retail land), but I'm not going to run around to
> add and delete printers because Apple changed that option to admin only.
>
>
> *Robb Gibson
> *System Engineer - eMMS, Publishing Systems
> OfficeMax  :  263 Shuman Blvd.  :  Naperville, IL 60563
> (630) 864-5242
>
>
>
>
> On 12/18/08 6:46 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:
>
> Rather than follow the instructions at the given link, and deleting these
> lines, I would add another group to these limit statements.  You could use
> "staff" or if you need to keep certain people from messing with printers,
> you could create a new group for this purpose.
>
> I wouldn't delete the statements because that's a sledgehammer approach to
> the problem.  Instead of giving out a key to the proverbial gate, deletion
> tears the gate from its hinges and allows anyone and everyone in.
>
> You can find & replace text using sed.  I'm not great with sed, but I did
> develop a script through trial & error to perform this task on another
> config file.  I'll pass it on when I get to the office today.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
>
>
>
>
> On Thu, Dec 18, 2008 at 4:24 AM, Martin van Diemen <
> martin-van-diemen at g-star.com> wrote:
>
> Hi,
>
> I want users to be able to add printers without filling in the
> administrators password.
>
> I did some research and found out that I just need to remove the following
> lines from the /etc/cups/cupsd.conf:
>
> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
> CUPS-Delete-Class CUPS-Set-Default>
>     AuthType Default
>     Require user @SYSTEM
>     Order deny,allow
> </Limit>
> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
> Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
> Deactivate-Printer Activate-Printer Restart-Printer$
>     AuthType Default
>     Require user @AUTHKEY(system.print.admin) @admin @lpadmin
>     Order deny,allow
> </Limit>
>
> Source: http://mattson.edgemereroadrunners.com/?p=291
>
> Does anyone know I can remove these lines with a bash script? I don't want
> to replace the file by making use of a package.
>
> Thanks in advance!
>
> Kind Regards,
>
> Martin van Diemen
>
> t +31(0) 205677744
> __________________
>
> G-Star International B.V.
> www.g-star.com <http://www.g-star.com>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
>
> ------------------------------
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/645dfa0e/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 4528 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/645dfa0e/attachment.gif 

From jared.nichols at ll.mit.edu  Thu Dec 18 09:02:50 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Thu, 18 Dec 2008 12:02:50 -0500
Subject: [Casper] Remote Control
In-Reply-To: <C56FD20D.8A9D%RobbGibson@OfficeMax.com>
Message-ID: <C56FEC6A.178B8%jared.nichols@ll.mit.edu>

Hi-

This is what I've done, however I'm not using ARD.  I'm just using the Casper Remote Control stuff.  Is there any way to add the Casper account (I call mine netadmin) to the users allowed to remote?  It's just basically VNC, right?

Thanks

j


On 12/18/08 11:10 , "Gibson, Robb" <RobbGibson at officemax.com> wrote:

I think this is the correct settings, but give it a test.

In Sys Prefs> Sharing, click on Remote Management
Click Computer Settings...
Check "Show Remote Management status in menu bar" on
Check "Anyone may request permission to control screen" on

If you have a local administrator account, highlight the name in the "Allow access for" list and click options.
Uncheck the buttons for "Observe", "Control" and "Show when being observed".

On the ARD side, you should now be prompted with a dialogue box when select a Mac and try to observe or control, asking if you want to ask for permission.

On the target Mac, they will receive a dialogue box with the option to Share Screen or cancel.

Hope this helps!

[cid:3312446570_7537735]
Robb Gibson
System Engineer - eMMS, Publishing Systems
OfficeMax  :  263 Shuman Blvd.  :  Naperville, IL 60563
(630) 864-5242




On 12/8/08 2:00 PM, "Nichols, Jared" <jared.nichols at ll.mit.edu> wrote:

Maybe a dumb question...
Is there anyway a client can either be prompted to accept remote desktop or to see that someone is viewing/controlling them?  I thought the Apple binoculars would reflect this but it doesn't appear to...

j


--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/a11bb267/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.gif
Type: image/gif
Size: 4528 bytes
Desc: image.gif
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/a11bb267/attachment.gif 

From rharter at uwsp.edu  Thu Dec 18 09:10:21 2008
From: rharter at uwsp.edu (Ryan Harter)
Date: Thu, 18 Dec 2008 11:10:21 -0600
Subject: [Casper] Allow Non-Admin Users to Add Printers in Leopard
In-Reply-To: <ec2e75ff0812180821k17fa2dcay7691b1ea63235b15@mail.gmail.com>
References: <ec2e75ff0812180446h5d13a15co3f3edcc10345886d@mail.gmail.com>
	<C56FD372.8AA0%RobbGibson@OfficeMax.com>
	<ec2e75ff0812180821k17fa2dcay7691b1ea63235b15@mail.gmail.com>
Message-ID: <C03D43A4-8138-4E0D-BCAC-95CBFFFC7CEE@uwsp.edu>

I'm sure you all know this, but I think it should be mentioned that  
the change to requiring admin privs to add printers was made to close  
a fairly serious security hole in the OS.  Installing a printer can  
install code as part of the print handler that gets run as root.   
Therefore, a malicious user could create a "printer" and install it  
and when they print to it it will run whatever code they have in the  
"printer" as root.  I'm sure your imagination can figure out what  
could happen next.

Though this is a threat, I have never actually seen it done in the  
real world, however I have demonstrated it while I was doing some  
heavy work with the printing system last year, and it isn't as  
difficult as you might think.

I would suggest an alternative to this, Casper's Self Service.  Since  
local printers will be added automatically when they are detected  
(usually) you should only need to worry about network printers, and  
Self Service can do this without opening security holes in the OS.

With that being said, one thing that I have had a problem with is that  
the default error policy for printers is to pause the printer and  
since only an admin can unpause a printer, that has been a real  
treat.  I run a script to change this policy by running lpadmin like  
this:

printers=`lpstat -a | awk '{print $1}'`
for printer in $printers
do
	log "Changing error policy on $printer"
	lpadmin -p "$printer" -o printer-error-policy=abort-job
done

This will just abort the job instead of pausing the printer and  
affecting all users.

Another option is to just modify the permissions, without getting rid  
of them completely.  Forgive me if this is elementary, but I think  
it's good to have a good understanding of what things do before  
deleting lines in config files.

Where you have the <Limit ... stuff the Require key allows you to:

list users with privileges by username
list groups prepended by @ (eg @admin @lpadmin)
have the security agent prompt to privs (eg @AUTHKEY(system.print.admin)

If you just take out the @AUTHKEY bit and add @staff to the list (or  
any other group) you should then be able to do the functions listed in  
<limit ... </Limit>.  This will allow you to still have some sort of  
permission scheme though, instead of leaving it wide open.

As far as updates overwriting this, I would have to support Miles  
approach.

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

On Dec 18, 2008, at 10:21 AM, Miles Leacy wrote:

> If you want to avoid the "sledgehammer approach" and want to stay  
> ahead of OS updates, you could run your /etc/cups/cupsd.conf  
> modification script as an "after" script in the same policy you use  
> to run software update.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> On Thu, Dec 18, 2008 at 11:16 AM, Gibson, Robb <RobbGibson at officemax.com 
> > wrote:
> Hi Martin... When we first moved to Leopard (which was at 10.5.2 at  
> the time), we added "Require valid-user" to the following:
>
> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify- 
> Class CUPS-Delete-Class CUPS-Set-Default>
> AuthType Default
> Require user @SYSTEM
> Require valid-user
> Order deny,allow
>
> That would at least enable end users to add and remove printers  
> either through an application or in the CUPS admin page. However,  
> since we upgraded to 10.5.5 a month ago, we found that process no  
> longer works and ended up removing the two lines you mentioned. I  
> had brought this up to one of our Apple reps and they replied to  
> system updates would likely reset the CUPS config file each time you  
> run an incremental update.
>
> I would agree with Miles that blowing away the CUPS statements  
> probably isn't the most delicate solution, but I haven't been able  
> to find a better one. I wouldn't say our Mac deployment is huge (100  
> corporate Macs and another 100 spread out in retail land), but I'm  
> not going to run around to add and delete printers because Apple  
> changed that option to admin only.
>
> <image.gif>
> Robb Gibson
> System Engineer - eMMS, Publishing Systems
> OfficeMax  :  263 Shuman Blvd.  :  Naperville, IL 60563
> (630) 864-5242
>
>
>
>
> On 12/18/08 6:46 AM, "Miles Leacy" <miles.leacy at themacadmin.com>  
> wrote:
>
> Rather than follow the instructions at the given link, and deleting  
> these lines, I would add another group to these limit statements.   
> You could use "staff" or if you need to keep certain people from  
> messing with printers, you could create a new group for this purpose.
>
> I wouldn't delete the statements because that's a sledgehammer  
> approach to the problem.  Instead of giving out a key to the  
> proverbial gate, deletion tears the gate from its hinges and allows  
> anyone and everyone in.
>
> You can find & replace text using sed.  I'm not great with sed, but  
> I did develop a script through trial & error to perform this task on  
> another config file.  I'll pass it on when I get to the office today.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
>
>
>
>
> On Thu, Dec 18, 2008 at 4:24 AM, Martin van Diemen <martin-van-diemen at g-star.com 
> > wrote:
> Hi,
>
> I want users to be able to add printers without filling in the  
> administrators password.
>
> I did some research and found out that I just need to remove the  
> following lines from the /etc/cups/cupsd.conf:
>
> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify- 
> Class CUPS-Delete-Class CUPS-Set-Default>
>     AuthType Default
>     Require user @SYSTEM
>     Order deny,allow
> </Limit>
> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer  
> Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs  
> Deactivate-Printer Activate-Printer Restart-Printer$
>     AuthType Default
>     Require user @AUTHKEY(system.print.admin) @admin @lpadmin
>     Order deny,allow
> </Limit>
>
> Source: http://mattson.edgemereroadrunners.com/?p=291
>
> Does anyone know I can remove these lines with a bash script? I  
> don't want to replace the file by making use of a package.
>
> Thanks in advance!
>
> Kind Regards,
>
> Martin van Diemen
>
> t +31(0) 205677744
> __________________
>
> G-Star International B.V.
> www.g-star.com <http://www.g-star.com>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
> <ATT00001.txt>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/a42c6bef/attachment.htm 

From miles.leacy at themacadmin.com  Thu Dec 18 09:29:56 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Thu, 18 Dec 2008 12:29:56 -0500
Subject: [Casper] Allow Non-Admin Users to Add Printers in Leopard
In-Reply-To: <C03D43A4-8138-4E0D-BCAC-95CBFFFC7CEE@uwsp.edu>
References: <ec2e75ff0812180446h5d13a15co3f3edcc10345886d@mail.gmail.com>
	<C56FD372.8AA0%RobbGibson@OfficeMax.com>
	<ec2e75ff0812180821k17fa2dcay7691b1ea63235b15@mail.gmail.com>
	<C03D43A4-8138-4E0D-BCAC-95CBFFFC7CEE@uwsp.edu>
Message-ID: <ec2e75ff0812180929i2eb00e0na4b87ad15d54da2a@mail.gmail.com>

Good points, Ryan.
I would suggest self-service for printers at all times unless you have been
directed by your superiors to give clients the ability to add their own.  In
that case, I'd be sure to inform your superiors (in documented form) of why
this should not be done and exactly what the risk is.  This way, if the hole
is ever exploited, you can prove your due diligence.

One exception might be for mobile users, though it might be better (from a
security standpoint) if your organization issues portable printers to mobile
users.  This way you know what printer they'll use, and you can package the
software and deploy it for them as part of a configuration.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Thu, Dec 18, 2008 at 12:10 PM, Ryan Harter <rharter at uwsp.edu> wrote:

> I'm sure you all know this, but I think it should be mentioned that the
> change to requiring admin privs to add printers was made to close a fairly
> serious security hole in the OS.  Installing a printer can install code as
> part of the print handler that gets run as root.  Therefore, a malicious
> user could create a "printer" and install it and when they print to it it
> will run whatever code they have in the "printer" as root.  I'm sure your
> imagination can figure out what could happen next.
>
> Though this is a threat, I have never actually seen it done in the real
> world, however I have demonstrated it while I was doing some heavy work with
> the printing system last year, and it isn't as difficult as you might think.
>
> I would suggest an alternative to this, Casper's Self Service.  Since local
> printers will be added automatically when they are detected (usually) you
> should only need to worry about network printers, and Self Service can do
> this without opening security holes in the OS.
>
> With that being said, one thing that I have had a problem with is that the
> default error policy for printers is to pause the printer and since only an
> admin can unpause a printer, that has been a real treat.  I run a script to
> change this policy by running lpadmin like this:
>
> printers=`lpstat -a | awk '{print $1}'`
> for printer in $printers
> do
> log "Changing error policy on $printer"
> lpadmin -p "$printer" -o printer-error-policy=abort-job
> done
>
> This will just abort the job instead of pausing the printer and affecting
> all users.
>
> Another option is to just modify the permissions, without getting rid of
> them completely.  Forgive me if this is elementary, but I think it's good to
> have a good understanding of what things do before deleting lines in config
> files.
>
> Where you have the <Limit ... stuff the Require key allows you to:
>
> list users with privileges by username
> list groups prepended by @ (eg @admin @lpadmin)
> have the security agent prompt to privs (eg @AUTHKEY(system.print.admin)
>
> If you just take out the @AUTHKEY bit and add @staff to the list (or any
> other group) you should then be able to do the functions listed in <limit
> ... </Limit>.  This will allow you to still have some sort of permission
> scheme though, instead of leaving it wide open.
>
> As far as updates overwriting this, I would have to support Miles approach.
> *
> Ryan Harter*
> UW - Stevens Point
> Workstation Developer
> 715.346.2716
> Ryan.Harter at uwsp.edu
>
> On Dec 18, 2008, at 10:21 AM, Miles Leacy wrote:
>
> If you want to avoid the "sledgehammer approach" and want to stay ahead of
> OS updates, you could run your /etc/cups/cupsd.conf modification script as
> an "after" script in the same policy you use to run software update.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> On Thu, Dec 18, 2008 at 11:16 AM, Gibson, Robb <RobbGibson at officemax.com>wrote:
>
>>  Hi Martin... When we first moved to Leopard (which was at 10.5.2 at the
>> time), we added "Require valid-user" to the following:
>>
>> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
>> CUPS-Delete-Class CUPS-Set-Default>
>>
>> AuthType Default
>> Require user @SYSTEM
>> Require valid-user
>> Order deny,allow
>>
>>
>> That would at least enable end users to add and remove printers either
>> through an application or in the CUPS admin page. However, since we upgraded
>> to 10.5.5 a month ago, we found that process no longer works and ended up
>> removing the two lines you mentioned. I had brought this up to one of our
>> Apple reps and they replied to system updates would likely reset the CUPS
>> config file each time you run an incremental update.
>>
>> I would agree with Miles that blowing away the CUPS statements probably
>> isn't the most delicate solution, but I haven't been able to find a better
>> one. I wouldn't say our Mac deployment is huge (100 corporate Macs and
>> another 100 spread out in retail land), but I'm not going to run around to
>> add and delete printers because Apple changed that option to admin only.
>>
>> <image.gif>
>> *Robb Gibson
>> *System Engineer - eMMS, Publishing Systems
>> OfficeMax  :  263 Shuman Blvd.  :  Naperville, IL 60563
>> (630) 864-5242
>>
>>
>>
>>
>> On 12/18/08 6:46 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:
>>
>> Rather than follow the instructions at the given link, and deleting these
>> lines, I would add another group to these limit statements.  You could use
>> "staff" or if you need to keep certain people from messing with printers,
>> you could create a new group for this purpose.
>>
>> I wouldn't delete the statements because that's a sledgehammer approach to
>> the problem.  Instead of giving out a key to the proverbial gate, deletion
>> tears the gate from its hinges and allows anyone and everyone in.
>>
>> You can find & replace text using sed.  I'm not great with sed, but I did
>> develop a script through trial & error to perform this task on another
>> config file.  I'll pass it on when I get to the office today.
>>
>> ----------
>> Miles A. Leacy IV
>>
>> ? Certified System Administrator 10.4
>> ? Certified Technical Coordinator 10.5
>> ? Certified Trainer
>> Certified Casper Administrator
>> ----------
>> voice: 1-347-277-7321
>> miles.leacy at themacadmin.com
>> www.themacadmin.com <http://www.themacadmin.com>
>>
>>
>>
>>
>> On Thu, Dec 18, 2008 at 4:24 AM, Martin van Diemen <
>> martin-van-diemen at g-star.com> wrote:
>>
>> Hi,
>>
>> I want users to be able to add printers without filling in the
>> administrators password.
>>
>> I did some research and found out that I just need to remove the following
>> lines from the /etc/cups/cupsd.conf:
>>
>> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
>> CUPS-Delete-Class CUPS-Set-Default>
>>     AuthType Default
>>     Require user @SYSTEM
>>     Order deny,allow
>> </Limit>
>> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
>> Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
>> Deactivate-Printer Activate-Printer Restart-Printer$
>>     AuthType Default
>>     Require user @AUTHKEY(system.print.admin) @admin @lpadmin
>>     Order deny,allow
>> </Limit>
>>
>> Source: http://mattson.edgemereroadrunners.com/?p=291
>>
>> Does anyone know I can remove these lines with a bash script? I don't want
>> to replace the file by making use of a package.
>>
>> Thanks in advance!
>>
>> Kind Regards,
>>
>> Martin van Diemen
>>
>> t +31(0) 205677744
>> __________________
>>
>> G-Star International B.V.
>> www.g-star.com <http://www.g-star.com>
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>
>>
>>
>> ------------------------------
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>
>>
> <ATT00001.txt>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/ad0f7c1a/attachment.html 

From Greg.Lopez at wunderman.com  Thu Dec 18 20:27:49 2008
From: Greg.Lopez at wunderman.com (Lopez, Gregory)
Date: Thu, 18 Dec 2008 23:27:49 -0500
Subject: [Casper] Favorite Servers
Message-ID: <9403336DD03BAD418CD554A85AA263F41C3D01@NYC285EX02.na.corp.yr.com>

Greetings everyone.  Casper newb here.

I would like to create a package for my mac users that contains 8-10 standard SMB network shares.  The idea being a new user would have all necessary network shares saved in Connect to Network > Favorite Servers when they come on board.  Or if they delete a share the package could be pushed out to the user through Casper Remote.

I tried to set this up through Composer and was able to build a package. But the package I built didn't list any of the shares I had saved in Connect to Network > Favorite Servers.  

So I'm wondering if this can be done and if so how?

Thanks,

Gregory Lopez
Sr. Mac/Network Analyst
Wunderman - Seattle

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/c6609c8a/attachment.htm 

From jared.nichols at ll.mit.edu  Fri Dec 19 05:18:01 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Fri, 19 Dec 2008 08:18:01 -0500
Subject: [Casper] Favorite Servers
In-Reply-To: <9403336DD03BAD418CD554A85AA263F41C3D01@NYC285EX02.na.corp.yr.com>
Message-ID: <C5710939.178F3%jared.nichols@ll.mit.edu>

That should be easy to set up... All of those "favorites" for servers are just location files.  You'll find them in the user folder/favorites.  You should be able to wrap that up and distribute.  The only issue I can see you running into is needing to distribute into the user folder, but ticking off the Fill Existing Users and Fill User Template boxes on the package should solve that...

j


On 12/18/08 23:27 , "Lopez, Gregory" <Greg.Lopez at wunderman.com> wrote:

Greetings everyone.  Casper newb here.

I would like to create a package for my mac users that contains 8-10 standard SMB network shares.  The idea being a new user would have all necessary network shares saved in Connect to Network > Favorite Servers when they come on board.  Or if they delete a share the package could be pushed out to the user through Casper Remote.

I tried to set this up through Composer and was able to build a package. But the package I built didn't list any of the shares I had saved in Connect to Network > Favorite Servers.

So I'm wondering if this can be done and if so how?

Thanks,

Gregory Lopez
Sr. Mac/Network Analyst
Wunderman - Seattle



--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081219/cee4311b/attachment.htm 

From jared.nichols at ll.mit.edu  Fri Dec 19 05:18:01 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Fri, 19 Dec 2008 08:18:01 -0500
Subject: [Casper] Favorite Servers
In-Reply-To: <9403336DD03BAD418CD554A85AA263F41C3D01@NYC285EX02.na.corp.yr.com>
Message-ID: <C5710939.178F3%jared.nichols@ll.mit.edu>

That should be easy to set up... All of those "favorites" for servers are just location files.  You'll find them in the user folder/favorites.  You should be able to wrap that up and distribute.  The only issue I can see you running into is needing to distribute into the user folder, but ticking off the Fill Existing Users and Fill User Template boxes on the package should solve that...

j


On 12/18/08 23:27 , "Lopez, Gregory" <Greg.Lopez at wunderman.com> wrote:

Greetings everyone.  Casper newb here.

I would like to create a package for my mac users that contains 8-10 standard SMB network shares.  The idea being a new user would have all necessary network shares saved in Connect to Network > Favorite Servers when they come on board.  Or if they delete a share the package could be pushed out to the user through Casper Remote.

I tried to set this up through Composer and was able to build a package. But the package I built didn't list any of the shares I had saved in Connect to Network > Favorite Servers.

So I'm wondering if this can be done and if so how?

Thanks,

Gregory Lopez
Sr. Mac/Network Analyst
Wunderman - Seattle



--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081219/cee4311b/attachment.html 

From miles.leacy at themacadmin.com  Fri Dec 19 05:43:18 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Fri, 19 Dec 2008 08:43:18 -0500
Subject: [Casper] Favorite Servers
In-Reply-To: <C5710939.178F3%jared.nichols@ll.mit.edu>
References: <9403336DD03BAD418CD554A85AA263F41C3D01@NYC285EX02.na.corp.yr.com>
	<C5710939.178F3%jared.nichols@ll.mit.edu>
Message-ID: <ec2e75ff0812190543o323c0102g16e602bdbbf1aaa0@mail.gmail.com>

No surprise here... I recommend scripting it.
If you deploy a plist file, you force every setting in your plist and
effectively delete any other setting already stored in that plist.

If you use `defaults` or `plistbuddy` to modify

/Users/$3/Library/Preferences/com.apple.recentitems.plist

then you can selectively modify the values you want to manage without
interfering with any other values in that plist.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/19 Nichols, Jared <jared.nichols at ll.mit.edu>

>  That should be easy to set up... All of those "favorites" for servers are
> just location files.  You'll find them in the user folder/favorites.  You
> should be able to wrap that up and distribute.  The only issue I can see you
> running into is needing to distribute into the user folder, but ticking off
> the Fill Existing Users and Fill User Template boxes on the package should
> solve that...
>
> j
>
>
>
> On 12/18/08 23:27 , "Lopez, Gregory" <Greg.Lopez at wunderman.com> wrote:
>
> Greetings everyone.  Casper newb here.
>
> I would like to create a package for my mac users that contains 8-10
> standard SMB network shares.  The idea being a new user would have all
> necessary network shares saved in Connect to Network > Favorite Servers when
> they come on board.  Or if they delete a share the package could be pushed
> out to the user through Casper Remote.
>
> I tried to set this up through Composer and was able to build a package.
> But the package I built didn't list any of the shares I had saved in Connect
> to Network > Favorite Servers.
>
> So I'm wondering if this can be done and if so how?
>
> Thanks,
>
> Gregory Lopez
> Sr. Mac/Network Analyst
> Wunderman - Seattle
>
>
>
> --
> Jared Nichols
> ISD Infrastructure and Operations ? Desktop Engineering
> MIT Lincoln Laboratory
> 244 Wood St.
> Lexington, MA 02420-9108
> (781) 981-5500
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081219/0fc55618/attachment.htm 

From jared.nichols at ll.mit.edu  Fri Dec 19 06:00:51 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Fri, 19 Dec 2008 09:00:51 -0500
Subject: [Casper] Favorite Servers
In-Reply-To: <ec2e75ff0812190543o323c0102g16e602bdbbf1aaa0@mail.gmail.com>
Message-ID: <C5711343.178FB%jared.nichols@ll.mit.edu>

Isn't that just going to modify the "recent items" list in the apple menu?  It sounded like he wanted to put the favorites in Go -> connect to server

j

On 12/19/08 08:43 , "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

No surprise here... I recommend scripting it.

If you deploy a plist file, you force every setting in your plist and effectively delete any other setting already stored in that plist.

If you use `defaults` or `plistbuddy` to modify

/Users/$3/Library/Preferences/com.apple.recentitems.plist

then you can selectively modify the values you want to manage without interfering with any other values in that plist.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




2008/12/19 Nichols, Jared <jared.nichols at ll.mit.edu>
That should be easy to set up... All of those "favorites" for servers are just location files.  You'll find them in the user folder/favorites.  You should be able to wrap that up and distribute.  The only issue I can see you running into is needing to distribute into the user folder, but ticking off the Fill Existing Users and Fill User Template boxes on the package should solve that...

j



On 12/18/08 23:27 , "Lopez, Gregory" <Greg.Lopez at wunderman.com <http://Greg.Lopez at wunderman.com> > wrote:

Greetings everyone.  Casper newb here.

I would like to create a package for my mac users that contains 8-10 standard SMB network shares.  The idea being a new user would have all necessary network shares saved in Connect to Network > Favorite Servers when they come on board.  Or if they delete a share the package could be pushed out to the user through Casper Remote.

I tried to set this up through Composer and was able to build a package. But the package I built didn't list any of the shares I had saved in Connect to Network > Favorite Servers.

So I'm wondering if this can be done and if so how?

Thanks,

Gregory Lopez
Sr. Mac/Network Analyst
Wunderman - Seattle



--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081219/7ba5e1ea/attachment.htm 

From jared.nichols at ll.mit.edu  Fri Dec 19 06:00:51 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Fri, 19 Dec 2008 09:00:51 -0500
Subject: [Casper] Favorite Servers
In-Reply-To: <ec2e75ff0812190543o323c0102g16e602bdbbf1aaa0@mail.gmail.com>
Message-ID: <C5711343.178FB%jared.nichols@ll.mit.edu>

Isn't that just going to modify the "recent items" list in the apple menu?  It sounded like he wanted to put the favorites in Go -> connect to server

j

On 12/19/08 08:43 , "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

No surprise here... I recommend scripting it.

If you deploy a plist file, you force every setting in your plist and effectively delete any other setting already stored in that plist.

If you use `defaults` or `plistbuddy` to modify

/Users/$3/Library/Preferences/com.apple.recentitems.plist

then you can selectively modify the values you want to manage without interfering with any other values in that plist.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




2008/12/19 Nichols, Jared <jared.nichols at ll.mit.edu>
That should be easy to set up... All of those "favorites" for servers are just location files.  You'll find them in the user folder/favorites.  You should be able to wrap that up and distribute.  The only issue I can see you running into is needing to distribute into the user folder, but ticking off the Fill Existing Users and Fill User Template boxes on the package should solve that...

j



On 12/18/08 23:27 , "Lopez, Gregory" <Greg.Lopez at wunderman.com <http://Greg.Lopez at wunderman.com> > wrote:

Greetings everyone.  Casper newb here.

I would like to create a package for my mac users that contains 8-10 standard SMB network shares.  The idea being a new user would have all necessary network shares saved in Connect to Network > Favorite Servers when they come on board.  Or if they delete a share the package could be pushed out to the user through Casper Remote.

I tried to set this up through Composer and was able to build a package. But the package I built didn't list any of the shares I had saved in Connect to Network > Favorite Servers.

So I'm wondering if this can be done and if so how?

Thanks,

Gregory Lopez
Sr. Mac/Network Analyst
Wunderman - Seattle



--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081219/7ba5e1ea/attachment.html 

From miles.leacy at themacadmin.com  Fri Dec 19 09:33:02 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Fri, 19 Dec 2008 12:33:02 -0500
Subject: [Casper] disk identifiers
Message-ID: <ec2e75ff0812190933n60694764l9a15a1dd88c60515@mail.gmail.com>

Hey all,
I know that disk identifiers (disk0, disk1, etc) are assigned in the order
in which the disks were attached.  For example, if you boot a Mac with a
single internal drive, that drive will be disk0.  Once booted, you can
insert an optical disk, and the optical disk will be called disk1.  If you
later plug in a USB disk, the USB disk will be disk2.

I'm trying to find out the order in which disk identifiers are assigned at
boot time.

For example, if you have an Xserve with three internal hard disks, an
optical disk inserted, and a USB drive attached, can you count on the
internal disks having the disk0, disk1, and disk2 identifiers?  What
identifiers would the optical and USB disks get?

I'm guessing there's an order of precedence by bus, but is this documented
somewhere?  I've been flipping through Mac OS X Internals by Amit Singh and
haven't found the answer yet.  most of the comments I've found by googling
assume that disk identifier assignment is a form of voodoo.  This is a
computer, not a witches' brew, so there has to be a set of rules that govern
disk identifier assignment, and I'm hoping someone on the list knows what
those rules are.

I ask because I want to implement some diskutil scripts, but I need to know
whether my assumption that SATA (or at least internal hard) disks always get
the lowest disk identifiers at boot is true.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081219/0c153a12/attachment.htm 

From sjhinding at isd194.k12.mn.us  Fri Dec 19 12:01:29 2008
From: sjhinding at isd194.k12.mn.us (Sandy J. Hinding)
Date: Fri, 19 Dec 2008 14:01:29 -0600
Subject: [Casper] out of officeCasper Digest, Vol 24, Issue 36
Message-ID: <fc.011eddef0583d4c13b9aca00eaee6490.583d4c3@isd194.k12.mn.us>

I will be out of the office until MONDAY, JANUARY 5th, 2009
Please contact the HelpDesk at 952-232-2053 for immediate assistance.
Sandy Hinding

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081219/3e20b171/attachment.htm 

From tlarki at kckps.org  Fri Dec 19 12:34:01 2008
From: tlarki at kckps.org (Thomas Larkin)
Date: Fri, 19 Dec 2008 14:34:01 -0600
Subject: [Casper] disk identifiers
In-Reply-To: <ec2e75ff0812190933n60694764l9a15a1dd88c60515@mail.gmail.com>
References: <ec2e75ff0812190933n60694764l9a15a1dd88c60515@mail.gmail.com>
Message-ID: <494BB0D9.7141.0039.0@kckps.org>

I would assume it reads it from EFI (firmware) and then by bus for
internals and externals just get the next available when plugged in. 
You could always try looping your scripts 

like 

for i in /usr/sbin/diskutil list 

if $i = something 
then do something 
else exit 
fi 

to give a really rough example...


___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351





>>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/19/08 11:33 AM >>>
Hey all, 


I know that disk identifiers (disk0, disk1, etc) are assigned in the
order in which the disks were attached.  For example, if you boot a Mac
with a single internal drive, that drive will be disk0.  Once booted,
you can insert an optical disk, and the optical disk will be called
disk1.  If you later plug in a USB disk, the USB disk will be disk2. 



I'm trying to find out the order in which disk identifiers are assigned
at boot time. 



For example, if you have an Xserve with three internal hard disks, an
optical disk inserted, and a USB drive attached, can you count on the
internal disks having the disk0, disk1, and disk2 identifiers?  What
identifiers would the optical and USB disks get? 



I'm guessing there's an order of precedence by bus, but is this
documented somewhere?  I've been flipping through Mac OS X Internals by
Amit Singh and haven't found the answer yet.  most of the comments I've
found by googling assume that disk identifier assignment is a form of
voodoo.  This is a computer, not a witches' brew, so there has to be a
set of rules that govern disk identifier assignment, and I'm hoping
someone on the list knows what those rules are. 



I ask because I want to implement some diskutil scripts, but I need to
know whether my assumption that SATA (or at least internal hard) disks
always get the lowest disk identifiers at boot is true. 


----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081219/1a8c5b29/attachment.html 

From miles.leacy at themacadmin.com  Fri Dec 19 12:39:11 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Fri, 19 Dec 2008 15:39:11 -0500
Subject: [Casper] Favorite Servers
In-Reply-To: <C5711343.178FB%jared.nichols@ll.mit.edu>
References: <ec2e75ff0812190543o323c0102g16e602bdbbf1aaa0@mail.gmail.com>
	<C5711343.178FB%jared.nichols@ll.mit.edu>
Message-ID: <ec2e75ff0812191239x7b817fcfo22b8a2170784fb8a@mail.gmail.com>

I believe that's correct.
However the server items at ~/Library/Favorites/ are also plists, though
they lack the ".plist" extension.  Below is an example file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "
http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>URL</key>
<string>http://webdav.domain.ext</string>
</dict>
</plist>

You should be able to create these files with plistbuddy.  If you use $4 in
place of your string, you can have one script that can create any favorite
server.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Fri, Dec 19, 2008 at 9:00 AM, Nichols, Jared <jared.nichols at ll.mit.edu>wrote:

>  Isn't that just going to modify the "recent items" list in the apple
> menu?  It sounded like he wanted to put the favorites in Go -> connect to
> server
>
> j
>
> On 12/19/08 08:43 , "Miles Leacy" <miles.leacy at themacadmin.com> wrote:
>
> No surprise here... I recommend scripting it.
>
> If you deploy a plist file, you force every setting in your plist and
> effectively delete any other setting already stored in that plist.
>
> If you use `defaults` or `plistbuddy` to modify
>
> /Users/$3/Library/Preferences/com.apple.recentitems.plist
>
> then you can selectively modify the values you want to manage without
> interfering with any other values in that plist.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
>
>
>
>
> 2008/12/19 Nichols, Jared <jared.nichols at ll.mit.edu>
>
> That should be easy to set up... All of those "favorites" for servers are
> just location files.  You'll find them in the user folder/favorites.  You
> should be able to wrap that up and distribute.  The only issue I can see you
> running into is needing to distribute into the user folder, but ticking off
> the Fill Existing Users and Fill User Template boxes on the package should
> solve that...
>
> j
>
>
>
> On 12/18/08 23:27 , "Lopez, Gregory" <Greg.Lopez at wunderman.com <
> http://Greg.Lopez at wunderman.com> > wrote:
>
> Greetings everyone.  Casper newb here.
>
> I would like to create a package for my mac users that contains 8-10
> standard SMB network shares.  The idea being a new user would have all
> necessary network shares saved in Connect to Network > Favorite Servers when
> they come on board.  Or if they delete a share the package could be pushed
> out to the user through Casper Remote.
>
> I tried to set this up through Composer and was able to build a package.
> But the package I built didn't list any of the shares I had saved in Connect
> to Network > Favorite Servers.
>
> So I'm wondering if this can be done and if so how?
>
> Thanks,
>
> Gregory Lopez
> Sr. Mac/Network Analyst
> Wunderman - Seattle
>
>
>
> --
> Jared Nichols
> ISD Infrastructure and Operations ? Desktop Engineering
> MIT Lincoln Laboratory
> 244 Wood St.
> Lexington, MA 02420-9108
> (781) 981-5500
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081219/abe14425/attachment.htm 

From miles.leacy at themacadmin.com  Fri Dec 19 13:26:20 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Fri, 19 Dec 2008 16:26:20 -0500
Subject: [Casper] disk identifiers
In-Reply-To: <494BB0D9.7141.0039.0@kckps.org>
References: <ec2e75ff0812190933n60694764l9a15a1dd88c60515@mail.gmail.com>
	<494BB0D9.7141.0039.0@kckps.org>
Message-ID: <ec2e75ff0812191326t46804064x46bc82aa873bc22a@mail.gmail.com>

Ok, here's the scenario...
All Xserves are purchased with three 80GB SATA drives.  I want to have
zero-touch server deployment.  The boot drive is to be a RAID 1 called
"Server HD".

In order to make this happen, I plan to:
1. Set up a prestage
2. Boot from a USB flash drive containing a restore image that runs Casper
Imaging automatically.
3. Deploy a configuration with a "before" script that uses diskutil to
create a RAID 1 from two of the three internal drives.

The script uses the command:
diskutil createRAID mirror Server\ HD JHFS+ disk0 disk1

In order for this to work, I need to know that I can count on the USB drive
never being assigned the disk identifiers "disk0" or "disk1".  Or at least
know what the rules governing disk identifier assignment are so I can adjust
the script accordingly.  I know what drives will be attached at first boot,
so once I know those rules, I can have a reliable script.

In case you're saying to yourself "He said there are three drives.  What's
he doing with the third one?", I'm keeping that as a hot spare to rebuild
the mirror in case one of the other disks fail.

I'm considering how to automate that too.  The basic logic so far is:
1. On every15, a policy runs a script that checks for a degraded mirror.
2. If a degraded mirror is found, the script issues a custom trigger which
runs a policy that deploys an empty receipt that is the criteria for
membership in a "Failed Mirror" smart group.  The same policy includes a
"diskutil repairMirror" script that checks itself for success.  If
successful, a third policy is triggered by custom trigger.
3. The third policy deploys an empty receipt which is criteria for
membership in a "Repaired Mirror" smart group.
4. Notification is sent on joining either of the two smart groups above.

This way, I don't get woken up at 2AM for a degraded mirror.  I get an email
the next day and I have the bad drive replaced, which becomes the new hot
spare.  None of this has been tested yet,  I've just sketched the logic on a
legal pad so far.

One other hitch I've found in the zero-touch scenario is getting the
machines to boot from USB rather than the factory-installed OS.  I suppose I
could have my reseller erase the internal drives before shipping.  I don't
have a better idea on that.  Even using netboot requires attaching a
keyboard and holding the "N" key.  With blank hard drives and a bootable USB
key, you're truly zero-touch (other than having part of the rackmount
procedure be "insert USB drive").  I'll leave the USB drives attached as
restore & diagnostics boot drives.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Fri, Dec 19, 2008 at 3:34 PM, Thomas Larkin <tlarki at kckps.org> wrote:

>  I would assume it reads it from EFI (firmware) and then by bus for
> internals and externals just get the next available when plugged in.  You
> could always try looping your scripts
>
>  like
>
>  for i in /usr/sbin/diskutil list
>
>  if $i = something
>
> then do something
>
> else exit
>
> fi
>
>  to give a really rough example...
>
>
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
>
>
>
>
>
> >>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/19/08 11:33 AM >>>
> Hey all,
>
>
>   I know that disk identifiers (disk0, disk1, etc) are assigned in the
> order in which the disks were attached.  For example, if you boot a Mac with
> a single internal drive, that drive will be disk0.  Once booted, you can
> insert an optical disk, and the optical disk will be called disk1.  If you
> later plug in a USB disk, the USB disk will be disk2.
>
>
>   I'm trying to find out the order in which disk identifiers
> are assigned at boot time.
>
>
>   For example, if you have an Xserve with three internal hard disks, an
> optical disk inserted, and a USB drive attached, can you count on the
> internal disks having the disk0, disk1, and disk2 identifiers?  What
> identifiers would the optical and USB disks get?
>
>
>   I'm guessing there's an order of precedence by bus, but is this
> documented somewhere?  I've been flipping through Mac OS X Internals by Amit
> Singh and haven't found the answer yet.  most of the comments I've found by
> googling assume that disk identifier assignment is a form of voodoo.  This
> is a computer, not a witches' brew, so there has to be a set of rules that
> govern disk identifier assignment, and I'm hoping someone on the list knows
> what those rules are.
>
>
>   I ask because I want to implement some diskutil scripts, but I need to
> know whether my assumption that SATA (or at least internal hard) disks
> always get the lowest disk identifiers at boot is true.
>
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081219/d2917c41/attachment.htm 

From swood at integerdallas.com  Fri Dec 19 14:21:14 2008
From: swood at integerdallas.com (Steve Wood)
Date: Fri, 19 Dec 2008 16:21:14 -0600
Subject: [Casper] disk identifiers
In-Reply-To: <ec2e75ff0812191326t46804064x46bc82aa873bc22a@mail.gmail.com>
Message-ID: <C5717A7A.19967%swood@integerdallas.com>

Wow, that?s a pretty cool idea there.  I wish I had thought of it.  Of
course, I have 4 servers to worry about and they are all 10 feet from my
office.

I?m not sure if you need to be a Self Servicing account, or a service
provider (i.e. GSX access) to see this URL, but this is how you can set the
drive on an Xserve G5:

http://support.apple.com/kb/TA26930?locale=en_US

And, I wasn?t able to find the same thing for Intel, but I did find this
link in a TUAW article (
http://www.tuaw.com/2008/11/24/apple-xserve-field-guide/):

http://help.apple.com/server/guide/desktop.html

Cool thing is, that guide is also available on the iPhone (look at the TUAW
article for info).

Using the guide, go to Startup then Other Methods and it explains how to set
the startup method.  You could use this to tell the server to ignore the
normal boot up procedures.

I also found this article on AFP548 about setting up headless:

http://www.afp548.com/articles/system/headlessg5.html


Steve Wood
Director of IT
swood at integerdallas.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475




From: Miles Leacy <miles.leacy at themacadmin.com>
Date: Fri, 19 Dec 2008 16:26:20 -0500
To: Thomas Larkin <tlarki at kckps.org>
Cc: "casper at list.jamfsoftware.com" <casper at list.jamfsoftware.com>
Subject: Re: [Casper] disk identifiers

Ok, here's the scenario...

All Xserves are purchased with three 80GB SATA drives.  I want to have
zero-touch server deployment.  The boot drive is to be a RAID 1 called
"Server HD".

In order to make this happen, I plan to:
1. Set up a prestage
2. Boot from a USB flash drive containing a restore image that runs Casper
Imaging automatically.
3. Deploy a configuration with a "before" script that uses diskutil to
create a RAID 1 from two of the three internal drives.

The script uses the command:
diskutil createRAID mirror Server\ HD JHFS+ disk0 disk1

In order for this to work, I need to know that I can count on the USB drive
never being assigned the disk identifiers "disk0" or "disk1".  Or at least
know what the rules governing disk identifier assignment are so I can adjust
the script accordingly.  I know what drives will be attached at first boot,
so once I know those rules, I can have a reliable script.

In case you're saying to yourself "He said there are three drives.  What's
he doing with the third one?", I'm keeping that as a hot spare to rebuild
the mirror in case one of the other disks fail.

I'm considering how to automate that too.  The basic logic so far is:
1. On every15, a policy runs a script that checks for a degraded mirror.
2. If a degraded mirror is found, the script issues a custom trigger which
runs a policy that deploys an empty receipt that is the criteria for
membership in a "Failed Mirror" smart group.  The same policy includes a
"diskutil repairMirror" script that checks itself for success.  If
successful, a third policy is triggered by custom trigger.
3. The third policy deploys an empty receipt which is criteria for
membership in a "Repaired Mirror" smart group.
4. Notification is sent on joining either of the two smart groups above.

This way, I don't get woken up at 2AM for a degraded mirror.  I get an email
the next day and I have the bad drive replaced, which becomes the new hot
spare.  None of this has been tested yet,  I've just sketched the logic on a
legal pad so far.

One other hitch I've found in the zero-touch scenario is getting the
machines to boot from USB rather than the factory-installed OS.  I suppose I
could have my reseller erase the internal drives before shipping.  I don't
have a better idea on that.  Even using netboot requires attaching a
keyboard and holding the "N" key.  With blank hard drives and a bootable USB
key, you're truly zero-touch (other than having part of the rackmount
procedure be "insert USB drive").  I'll leave the USB drives attached as
restore & diagnostics boot drives.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




On Fri, Dec 19, 2008 at 3:34 PM, Thomas Larkin <tlarki at kckps.org> wrote:
>      
>  
> 
>  I would assume it reads it from EFI (firmware) and then by bus for internals
> and externals just get the next available when plugged in.  You could always
> try looping your scripts
> 
>        
> 
>  like    
> 
>        
> 
>  for i in /usr/sbin/diskutil list
> 
>        
> 
>  if $i = something
>  
> 
>  then do something
>  
> 
>  else exit    
>  
> 
>  fi    
> 
>        
> 
>  to give a really rough example...
> 
> 
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
> 
> 
> 
> 
> 
>>>> >>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/19/08 11:33 AM >>>
> Hey all,    
> 
>  
>  
> 
>  
>  
>  
>  
>  
> 
>  I know that disk identifiers (disk0, disk1, etc) are assigned in the order in
> which the disks were attached.  For example, if you boot a Mac with a single
> internal drive, that drive will be disk0.  Once booted, you can insert an
> optical disk, and the optical disk will be called disk1.  If you later plug in
> a USB disk, the USB disk will be disk2.
>  
>  
>  
> 
>  
>  
>  
>  
>  
> 
>  I'm trying to find out the order in which disk identifiers are assigned at
> boot time.      
>  
>  
>  
> 
>  
>  
>  
>  
>  
> 
>  For example, if you have an Xserve with three internal hard disks, an optical
> disk inserted, and a USB drive attached, can you count on the internal disks
> having the disk0, disk1, and disk2 identifiers?  What identifiers would the
> optical and USB disks get?
>  
>  
>  
> 
>  
>  
>  
>  
>  
> 
>  I'm guessing there's an order of precedence by bus, but is this documented
> somewhere?  I've been flipping through Mac OS X Internals by Amit Singh and
> haven't found the answer yet.  most of the comments I've found by googling
> assume that disk identifier assignment is a form of voodoo.  This is a
> computer, not a witches' brew, so there has to be a set of rules that govern
> disk identifier assignment, and I'm hoping someone on the list knows what
> those rules are. 
>  
>  
>  
> 
>  
>  
>  
>  
>  
> 
>  I ask because I want to implement some diskutil scripts, but I need to know
> whether my assumption that SATA (or at least internal hard) disks always get
> the lowest disk identifiers at boot is true.
>  
>  
>  
> 
>  
>  ----------
> Miles A. Leacy IV
> 
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
> 
> 
>  
>  
>  



_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper



--
The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential.  If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission.  Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited.  Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081219/af87bd01/attachment.html 

From miles.leacy at themacadmin.com  Fri Dec 19 14:37:40 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Fri, 19 Dec 2008 17:37:40 -0500
Subject: [Casper] disk identifiers
In-Reply-To: <C5717A7A.19967%swood@integerdallas.com>
References: <ec2e75ff0812191326t46804064x46bc82aa873bc22a@mail.gmail.com>
	<C5717A7A.19967%swood@integerdallas.com>
Message-ID: <ec2e75ff0812191437r4aaf563fn5383bcf9c6bbaa50@mail.gmail.com>

Thanks for the links!  These will be most helpful.
I never would have thought of these things myself except that I'm currently
in charge of Mac servers for one of the world's biggest media companies.  We
deploy Xserves like some small to mid-size companies deploy desktop Macs,
and I want to go into the data centers as infrequently as possible.

I've been booting various Macs from various devices with various other
devices attached today, and this completely un-scientific test has told me
that I have yet to see "disk0" be assigned to anything other than an
internal hard drive.  I am going to operate under the assumption that disks
0, 1 & 2 will be the internal HDDs for now, though I hate being
uncertain.  Computers
do exactly what you tell them to do, so you should be certain of what you
tell them.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Fri, Dec 19, 2008 at 5:21 PM, Steve Wood <swood at integerdallas.com> wrote:

>  Wow, that's a pretty cool idea there.  I wish I had thought of it.  Of
> course, I have 4 servers to worry about and they are all 10 feet from my
> office.
>
> I'm not sure if you need to be a Self Servicing account, or a service
> provider (i.e. GSX access) to see this URL, but this is how you can set the
> drive on an Xserve G5:
>
> http://support.apple.com/kb/TA26930?locale=en_US
>
> And, I wasn't able to find the same thing for Intel, but I did find this
> link in a TUAW article (
> http://www.tuaw.com/2008/11/24/apple-xserve-field-guide/):
>
> http://help.apple.com/server/guide/desktop.html
>
> Cool thing is, that guide is also available on the iPhone (look at the TUAW
> article for info).
>
> Using the guide, go to Startup then Other Methods and it explains how to
> set the startup method.  You could use this to tell the server to ignore the
> normal boot up procedures.
>
> I also found this article on AFP548 about setting up headless:
>
> http://www.afp548.com/articles/system/headlessg5.html
>
> *
> Steve Wood
> Director of IT
> *swood at integerdallas.com
>
> The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
> T 214.758.6813 | F 214.758.6901 | C 940.312.2475
>
>
>
> ------------------------------
> *From: *Miles Leacy <miles.leacy at themacadmin.com>
> *Date: *Fri, 19 Dec 2008 16:26:20 -0500
> *To: *Thomas Larkin <tlarki at kckps.org>
> *Cc: *"casper at list.jamfsoftware.com" <casper at list.jamfsoftware.com>
> *Subject: *Re: [Casper] disk identifiers
>
> Ok, here's the scenario...
>
> All Xserves are purchased with three 80GB SATA drives.  I want to have
> zero-touch server deployment.  The boot drive is to be a RAID 1 called
> "Server HD".
>
> In order to make this happen, I plan to:
> 1. Set up a prestage
> 2. Boot from a USB flash drive containing a restore image that runs Casper
> Imaging automatically.
> 3. Deploy a configuration with a "before" script that uses diskutil to
> create a RAID 1 from two of the three internal drives.
>
> The script uses the command:
> diskutil createRAID mirror Server\ HD JHFS+ disk0 disk1
>
> In order for this to work, I need to know that I can count on the USB drive
> never being assigned the disk identifiers "disk0" or "disk1".  Or at least
> know what the rules governing disk identifier assignment are so I can adjust
> the script accordingly.  I know what drives will be attached at first boot,
> so once I know those rules, I can have a reliable script.
>
> In case you're saying to yourself "He said there are three drives.  What's
> he doing with the third one?", I'm keeping that as a hot spare to rebuild
> the mirror in case one of the other disks fail.
>
> I'm considering how to automate that too.  The basic logic so far is:
> 1. On every15, a policy runs a script that checks for a degraded mirror.
> 2. If a degraded mirror is found, the script issues a custom trigger which
> runs a policy that deploys an empty receipt that is the criteria for
> membership in a "Failed Mirror" smart group.  The same policy includes a
> "diskutil repairMirror" script that checks itself for success.  If
> successful, a third policy is triggered by custom trigger.
> 3. The third policy deploys an empty receipt which is criteria for
> membership in a "Repaired Mirror" smart group.
> 4. Notification is sent on joining either of the two smart groups above.
>
> This way, I don't get woken up at 2AM for a degraded mirror.  I get an
> email the next day and I have the bad drive replaced, which becomes the new
> hot spare.  None of this has been tested yet,  I've just sketched the logic
> on a legal pad so far.
>
> One other hitch I've found in the zero-touch scenario is getting the
> machines to boot from USB rather than the factory-installed OS.  I suppose I
> could have my reseller erase the internal drives before shipping.  I don't
> have a better idea on that.  Even using netboot requires attaching a
> keyboard and holding the "N" key.  With blank hard drives and a bootable USB
> key, you're truly zero-touch (other than having part of the rackmount
> procedure be "insert USB drive").  I'll leave the USB drives attached as
> restore & diagnostics boot drives.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
>
>
>
>
> On Fri, Dec 19, 2008 at 3:34 PM, Thomas Larkin <tlarki at kckps.org> wrote:
>
>
>
>
>  I would assume it reads it from EFI (firmware) and then by bus for
> internals and externals just get the next available when plugged in.  You
> could always try looping your scripts
>
>
>
>  like
>
>
>
>  for i in /usr/sbin/diskutil list
>
>
>
>  if $i = something
>
>
>  then do something
>
>
>  else exit
>
>
>  fi
>
>
>
>  to give a really rough example...
>
>
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
>
>
>
>
>
> >>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/19/08 11:33 AM >>>
> Hey all,
>
>
>
>
>
>
>
>
>
>
>  I know that disk identifiers (disk0, disk1, etc) are assigned in the order
> in which the disks were attached.  For example, if you boot a Mac with a
> single internal drive, that drive will be disk0.  Once booted, you can
> insert an optical disk, and the optical disk will be called disk1.  If you
> later plug in a USB disk, the USB disk will be disk2.
>
>
>
>
>
>
>
>
>
>
>  I'm trying to find out the order in which disk identifiers are assigned at
> boot time.
>
>
>
>
>
>
>
>
>
>
>  For example, if you have an Xserve with three internal hard disks, an
> optical disk inserted, and a USB drive attached, can you count on the
> internal disks having the disk0, disk1, and disk2 identifiers?  What
> identifiers would the optical and USB disks get?
>
>
>
>
>
>
>
>
>
>
>  I'm guessing there's an order of precedence by bus, but is this documented
> somewhere?  I've been flipping through Mac OS X Internals by Amit Singh and
> haven't found the answer yet.  most of the comments I've found by googling
> assume that disk identifier assignment is a form of voodoo.  This is a
> computer, not a witches' brew, so there has to be a set of rules that govern
> disk identifier assignment, and I'm hoping someone on the list knows what
> those rules are.
>
>
>
>
>
>
>
>
>
>
>  I ask because I want to implement some diskutil scripts, but I need to
> know whether my assumption that SATA (or at least internal hard) disks
> always get the lowest disk identifiers at boot is true.
>
>
>
>
>
>  ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
>
>
>
>
>
>
>
>
> ------------------------------
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
> ------------------------------
> --
>
> The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential.  If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission.  Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited.  Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081219/721eb166/attachment.htm 

From sjhinding at isd194.k12.mn.us  Sat Dec 20 12:00:22 2008
From: sjhinding at isd194.k12.mn.us (Sandy J. Hinding)
Date: Sat, 20 Dec 2008 14:00:22 -0600
Subject: [Casper] out of officeCasper Digest, Vol 24, Issue 37
Message-ID: <fc.011eddef0584033b3b9aca009a84850b.584033d@isd194.k12.mn.us>

I will be out of the office until MONDAY, JANUARY 5th, 2009
Please contact the HelpDesk at 952-232-2053 for immediate assistance.
Sandy Hinding

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081220/6321a7e7/attachment.htm 

From sjhinding at isd194.k12.mn.us  Sun Dec 21 12:00:14 2008
From: sjhinding at isd194.k12.mn.us (Sandy J. Hinding)
Date: Sun, 21 Dec 2008 14:00:14 -0600
Subject: [Casper] out of officeCasper Digest, Vol 24, Issue 38
Message-ID: <fc.011eddef058416333b9aca002abfed89.5841635@isd194.k12.mn.us>

I will be out of the office until MONDAY, JANUARY 5th, 2009
Please contact the HelpDesk at 952-232-2053 for immediate assistance.
Sandy Hinding

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081221/26374ef9/attachment.html 

From bernstein.kevin at gene.com  Sun Dec 21 16:02:14 2008
From: bernstein.kevin at gene.com (Kevin Bernstein)
Date: Sun, 21 Dec 2008 16:02:14 -0800
Subject: [Casper] Contract Mac packagers
Message-ID: <810F6274B0219742807C80C0FB028A9F122A051A@bb-ex02.bb.gene.com>

Hi Folks-

Wondered if anyone knew of a individual or company who could help with overflow mac packaging. We have an initiative to convert our existing vendor installers (of various formats) to .pkgs with some requiring tweaking (basic shell scripting). 


Thanks!

Kevin

From jared.nichols at ll.mit.edu  Mon Dec 22 06:28:45 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Mon, 22 Dec 2008 09:28:45 -0500
Subject: [Casper] Smart Groups
Message-ID: <C5750E4D.17945%jared.nichols@ll.mit.edu>

Is there any way to make a smart group based on file path?  (e.g. Does not have folder /Applications/Microsoft Office 2008/)

Thanks

j
--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081222/f8581ba2/attachment.html 

From miles.leacy at themacadmin.com  Mon Dec 22 06:46:23 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Mon, 22 Dec 2008 09:46:23 -0500
Subject: [Casper] Smart Groups
In-Reply-To: <C5750E4D.17945%jared.nichols@ll.mit.edu>
References: <C5750E4D.17945%jared.nichols@ll.mit.edu>
Message-ID: <ec2e75ff0812220646h7ddd46b4ka98ad5de2a7ee6f5@mail.gmail.com>

Not that I'm aware of, but you can scope to "does not have" application X.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/22 Nichols, Jared <jared.nichols at ll.mit.edu>

>  Is there any way to make a smart group based on file path?  (e.g. Does
> not have folder /Applications/Microsoft Office 2008/)
>
> Thanks
>
> j
> --
> Jared Nichols
> ISD Infrastructure and Operations ? Desktop Engineering
> MIT Lincoln Laboratory
> 244 Wood St.
> Lexington, MA 02420-9108
> (781) 981-5500
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081222/234937cc/attachment.htm 

From ERNSTCS at uwec.edu  Mon Dec 22 06:51:47 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Mon, 22 Dec 2008 08:51:47 -0600
Subject: [Casper] Smart Groups
In-Reply-To: <ec2e75ff0812220646h7ddd46b4ka98ad5de2a7ee6f5@mail.gmail.com>
Message-ID: <C57505A3.120ED%ernstcs@uwec.edu>

Miles is correct in that there is no mechanism for just a folder that I'm aware of either.

This is one of those situations where a little more detail on what you are trying to do in the larger scope of things besides find a folder may be helpful for us to provide assistance.

Craig


On 12/22/08 8:46 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

Not that I'm aware of, but you can scope to "does not have" application X.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




2008/12/22 Nichols, Jared <jared.nichols at ll.mit.edu>
Is there any way to make a smart group based on file path?  (e.g. Does not have folder /Applications/Microsoft Office 2008/)

Thanks

j
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081222/ec0fea31/attachment.html 

From jared.nichols at ll.mit.edu  Mon Dec 22 06:48:16 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Mon, 22 Dec 2008 09:48:16 -0500
Subject: [Casper] Smart Groups
In-Reply-To: <ec2e75ff0812220646h7ddd46b4ka98ad5de2a7ee6f5@mail.gmail.com>
Message-ID: <C57512E0.1794B%jared.nichols@ll.mit.edu>

Yeah-

It's just that with Office in particular, then you have to throw in a version because the applications are both called "Microsoft Word" for instance.  The main version number being on the folder name helps...  Oh well.

j


On 12/22/08 09:46 , "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

Not that I'm aware of, but you can scope to "does not have" application X.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




2008/12/22 Nichols, Jared <jared.nichols at ll.mit.edu>
Is there any way to make a smart group based on file path?  (e.g. Does not have folder /Applications/Microsoft Office 2008/)

Thanks

j

--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081222/7b6587f5/attachment.htm 

From miles.leacy at themacadmin.com  Mon Dec 22 08:56:58 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Mon, 22 Dec 2008 11:56:58 -0500
Subject: [Casper] Disk identifier order at boot
In-Reply-To: <ACB1B552-D259-45F8-9EB0-606AC0CA61CE@digitalpeaks.com>
References: <ec2e75ff0812190901n2301b285w1ff335324e167411@mail.gmail.com>
	<ACB1B552-D259-45F8-9EB0-606AC0CA61CE@digitalpeaks.com>
Message-ID: <ec2e75ff0812220856x56c86fd2nc0cf415e7b5ff2be@mail.gmail.com>

Do you know in what order Open Firmware and EFI scan the buses to build the
device tree?

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Mon, Dec 22, 2008 at 11:53 AM, Patrick Gallagher <
patrick at digitalpeaks.com> wrote:

> Hi, Miles.
> On Dec 19, 2008, at 10:01 AM, Miles Leacy IV wrote:
>
> Hi All,
> I'm stumped by the following question...
>
> In what order are disks assigned disk identifiers at boot time?
>
> I know that disk identifiers are assigned in the order in which the disks
> are attached to the system.  If you had an iMac with an internal SATA and
> booted from that SATA, it would be disk0.  If you then inserted an optical
> disc, the optical would be disk1.  Finally, if you attached a firewire
> drive, that drive would be disk2.
>
> The question is, what happens at boot if you have three internal SATA
> disks, an optical disk inserted (ATA) and a USB drive attached?
>
> I assume there is an order in which the buses are scanned for disks, and
> therefore an order to disk identifier assignment.  Does anyone know what
> that order is?
>
>
> AFAIK, this is hardware dependent.  Nearly as I've been able to tell, the
> order is determined by the order set in the device tree built by the
> firmware.
>
> PG
>
>
> Thanks,
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
> --
>
> Patrick Gallagher
>
> Digital Peaks Corporation
>
> 303-284-4972
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081222/6bb6235b/attachment.html 

From sjhinding at isd194.k12.mn.us  Mon Dec 22 12:00:14 2008
From: sjhinding at isd194.k12.mn.us (Sandy J. Hinding)
Date: Mon, 22 Dec 2008 14:00:14 -0600
Subject: [Casper] out of officeCasper Digest, Vol 24, Issue 39
Message-ID: <fc.011eddef058443603b9aca00556824f5.5844362@isd194.k12.mn.us>

I will be out of the office until MONDAY, JANUARY 5th, 2009
Please contact the HelpDesk at 952-232-2053 for immediate assistance.
Sandy Hinding

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081222/195fcc90/attachment.htm 

From miles.leacy at themacadmin.com  Mon Dec 22 13:49:38 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Mon, 22 Dec 2008 16:49:38 -0500
Subject: [Casper] Script to turn off IPv6
Message-ID: <ec2e75ff0812221349i62bc1fb5v886ba3409e2b87eb@mail.gmail.com>

I didn't see this one in the resource kit, and it took me some tinkering to
get it just right.  I hope some of you get some use out of this script (I'm
attaching a zipped file just in case your mail reader, or any mail servers
between you and I, mangle the text below).
This script can be part of a configuration (make sure it's run "at reboot"),
a policy for already-deployed systems, or run ad-hoc out of Casper Remote.

#!/bin/bash

##### HEADER BEGINS #####
# scr_sys_turnOffIPv6.bash
#
# Created 20081222 by Miles A. Leacy IV
# miles.leacy at themacadmin.com
# Modified 20081222 by Miles A. Leacy IV
# Copyright 2008 Miles A. Leacy IV
#
# This script may be copied and distributed freely as long as this header
remains intact.
#
# This script is provided "as is".  The author offers no warranty or
guarantee of any kind.
# Use of this script is at your own risk.  The author takes no
responsibility for loss of use,
# loss of data, loss of job, loss of socks, the onset of armageddon, or any
other negative effects.
#
# Test thoroughly in a lab environment before use on production systems.
# When you think it's ok, test again.  When you're certain it's ok, test
twice more.
#
# This script turns off IPv6 on all network interfaces present.
# Run as an "at reboot" script when imaging with Casper.
#
##### HEADER ENDS #####

# first, change $IFS environment variable to allow a "for" statement to
capture an entire line.
SAVEIFS=$IFS
IFS=$(echo -en "\n\b")

# get list of network services on system

for i in $( networksetup -listallnetworkservices )
  do

# skip descriptive line in networksetup output

descriptive=`echo $i|awk {'print $1'}`
if [ "$descriptive" != "An" ];then

# if there is no asterix before the service name, turn IPv6 off via
networksetup
has_asterix=`echo $i|grep ^*`

if [ $? -ne 0 ];then

networksetup -setv6off $i; echo "IPv6 disabled on" $i

else

# if there is an asterix before the service name, strip the asterix, then
run networksetup
# using the asterix-free service name

disabled_service=`echo $has_asterix|awk -F* {'print $2'}`
networksetup -setv6off $disabled_service; echo "IPv6 disabled on"
$disabled_service

fi
fi

done

echo "IPv6 has been turned off for all network services."

# restore $IFS
IFS=$SAVEIFS

exit 0

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081222/b346e219/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: scr_sys_turnOffIPv6.bash.zip
Type: application/zip
Size: 1497 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081222/b346e219/attachment.zip 

From ERNSTCS at uwec.edu  Mon Dec 22 13:54:48 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Mon, 22 Dec 2008 15:54:48 -0600
Subject: [Casper] Script to turn off IPv6
In-Reply-To: <ec2e75ff0812221349i62bc1fb5v886ba3409e2b87eb@mail.gmail.com>
Message-ID: <C57568C8.12124%ernstcs@uwec.edu>

I will! Thanks Miles! Just had a request from the network guys to turn it off just last week.

Craig E

On 12/22/08 3:49 PM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

I didn't see this one in the resource kit, and it took me some tinkering to get it just right.  I hope some of you get some use out of this script (I'm attaching a zipped file just in case your mail reader, or any mail servers between you and I, mangle the text below).

This script can be part of a configuration (make sure it's run "at reboot"), a policy for already-deployed systems, or run ad-hoc out of Casper Remote.

#!/bin/bash

##### HEADER BEGINS #####
# scr_sys_turnOffIPv6.bash
#
# Created 20081222 by Miles A. Leacy IV
# miles.leacy at themacadmin.com
# Modified 20081222 by Miles A. Leacy IV
# Copyright 2008 Miles A. Leacy IV
#
# This script may be copied and distributed freely as long as this header remains intact.
#
# This script is provided "as is".  The author offers no warranty or guarantee of any kind.
# Use of this script is at your own risk.  The author takes no responsibility for loss of use,
# loss of data, loss of job, loss of socks, the onset of armageddon, or any other negative effects.
#
# Test thoroughly in a lab environment before use on production systems.
# When you think it's ok, test again.  When you're certain it's ok, test twice more.
#
# This script turns off IPv6 on all network interfaces present.
# Run as an "at reboot" script when imaging with Casper.
#
##### HEADER ENDS #####

# first, change $IFS environment variable to allow a "for" statement to capture an entire line.
SAVEIFS=$IFS
IFS=$(echo -en "\n\b")

# get list of network services on system

for i in $( networksetup -listallnetworkservices )
  do

# skip descriptive line in networksetup output

descriptive=`echo $i|awk {'print $1'}`
if [ "$descriptive" != "An" ];then

# if there is no asterix before the service name, turn IPv6 off via networksetup
has_asterix=`echo $i|grep ^*`

if [ $? -ne 0 ];then

networksetup -setv6off $i; echo "IPv6 disabled on" $i

else

# if there is an asterix before the service name, strip the asterix, then run networksetup
# using the asterix-free service name

disabled_service=`echo $has_asterix|awk -F* {'print $2'}`
networksetup -setv6off $disabled_service; echo "IPv6 disabled on" $disabled_service

fi
fi

done

echo "IPv6 has been turned off for all network services."

# restore $IFS
IFS=$SAVEIFS

exit 0

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081222/9dd4b9a0/attachment.html 

From miles.leacy at themacadmin.com  Mon Dec 22 14:05:52 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Mon, 22 Dec 2008 17:05:52 -0500
Subject: [Casper] Script to turn off IPv6
In-Reply-To: <C57568C8.12124%ernstcs@uwec.edu>
References: <ec2e75ff0812221349i62bc1fb5v886ba3409e2b87eb@mail.gmail.com>
	<C57568C8.12124%ernstcs@uwec.edu>
Message-ID: <ec2e75ff0812221405j58d4421dk1768c6ac957251c2@mail.gmail.com>

No problem.  One more note... I've only tested this script on Leopard.  I
believe it should work on Tiger as well.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/22 Ernst, Craig S. <ERNSTCS at uwec.edu>

>  I will! Thanks Miles! Just had a request from the network guys to turn it
> off just last week.
>
> Craig E
>
>
> On 12/22/08 3:49 PM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:
>
> I didn't see this one in the resource kit, and it took me some tinkering to
> get it just right.  I hope some of you get some use out of this script (I'm
> attaching a zipped file just in case your mail reader, or any mail servers
> between you and I, mangle the text below).
>
> This script can be part of a configuration (make sure it's run "at
> reboot"), a policy for already-deployed systems, or run ad-hoc out of Casper
> Remote.
>
> #!/bin/bash
>
> ##### HEADER BEGINS #####
> # scr_sys_turnOffIPv6.bash
> #
> # Created 20081222 by Miles A. Leacy IV
> # miles.leacy at themacadmin.com
> # Modified 20081222 by Miles A. Leacy IV
> # Copyright 2008 Miles A. Leacy IV
> #
> # This script may be copied and distributed freely as long as this header
> remains intact.
> #
> # This script is provided "as is".  The author offers no warranty or
> guarantee of any kind.
> # Use of this script is at your own risk.  The author takes no
> responsibility for loss of use,
> # loss of data, loss of job, loss of socks, the onset of armageddon, or any
> other negative effects.
> #
> # Test thoroughly in a lab environment before use on production systems.
> # When you think it's ok, test again.  When you're certain it's ok, test
> twice more.
> #
> # This script turns off IPv6 on all network interfaces present.
> # Run as an "at reboot" script when imaging with Casper.
> #
> ##### HEADER ENDS #####
>
> # first, change $IFS environment variable to allow a "for" statement to
> capture an entire line.
> SAVEIFS=$IFS
> IFS=$(echo -en "\n\b")
>
> # get list of network services on system
>
> for i in $( networksetup -listallnetworkservices )
>   do
>
> # skip descriptive line in networksetup output
>
> descriptive=`echo $i|awk {'print $1'}`
> if [ "$descriptive" != "An" ];then
>
> # if there is no asterix before the service name, turn IPv6 off via
> networksetup
> has_asterix=`echo $i|grep ^*`
>
> if [ $? -ne 0 ];then
>
> networksetup -setv6off $i; echo "IPv6 disabled on" $i
>
> else
>
> # if there is an asterix before the service name, strip the asterix, then
> run networksetup
> # using the asterix-free service name
>
> disabled_service=`echo $has_asterix|awk -F* {'print $2'}`
> networksetup -setv6off $disabled_service; echo "IPv6 disabled on"
> $disabled_service
>
> fi
> fi
>
> done
>
> echo "IPv6 has been turned off for all network services."
>
> # restore $IFS
> IFS=$SAVEIFS
>
> exit 0
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
>
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081222/9dbd7f3e/attachment.html 

From Justin.G.Crowe at nasa.gov  Mon Dec 22 15:32:04 2008
From: Justin.G.Crowe at nasa.gov (Justin Crowe)
Date: Mon, 22 Dec 2008 15:32:04 -0800
Subject: [Casper] Latest Version of Casper
Message-ID: <9280834E-26C2-47F7-B57F-7632EC9118EC@nasa.gov>

I was just wondering what the latest version of the Casper Suite was.   
We are currently running version 6.0.

It seems to be hard to find out what the latest version is on the  
internet.

Justin


From miles.leacy at themacadmin.com  Mon Dec 22 15:36:11 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Mon, 22 Dec 2008 18:36:11 -0500
Subject: [Casper] Latest Version of Casper
In-Reply-To: <9280834E-26C2-47F7-B57F-7632EC9118EC@nasa.gov>
References: <9280834E-26C2-47F7-B57F-7632EC9118EC@nasa.gov>
Message-ID: <ec2e75ff0812221536m651bbcbfq8c42c19ae085369c@mail.gmail.com>

6.01 is current, I believe.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Mon, Dec 22, 2008 at 6:32 PM, Justin Crowe <Justin.G.Crowe at nasa.gov>wrote:

> I was just wondering what the latest version of the Casper Suite was.
> We are currently running version 6.0.
>
> It seems to be hard to find out what the latest version is on the
> internet.
>
> Justin
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081222/49752269/attachment.htm 

From sean.hansell at jwt.com  Tue Dec 23 07:31:54 2008
From: sean.hansell at jwt.com (sean.hansell at jwt.com)
Date: Tue, 23 Dec 2008 10:31:54 -0500
Subject: [Casper] Latest Version of Casper
In-Reply-To: <ec2e75ff0812221536m651bbcbfq8c42c19ae085369c@mail.gmail.com>
Message-ID: <OF0707248C.6D166FA1-ON85257528.00552CB5-85257528.00555124@jwt.com;
	namail2.na.corp.jwt.com>

But while we're on the subject, it doesn't actually say anywhere publicly 
convenient what the current version is.

Is this something that could be added to the website, oh highlords of 
JAMFin software?






"Miles Leacy" <miles.leacy at themacadmin.com> 
Sent by: casper-bounces at list.jamfsoftware.com
12/22/08 06:36 PM

To
"Justin Crowe" <Justin.G.Crowe at nasa.gov>
cc
Casper List <casper at list.jamfsoftware.com>
Subject
Re: [Casper] Latest Version of Casper






6.01 is current, I believe.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Mon, Dec 22, 2008 at 6:32 PM, Justin Crowe <Justin.G.Crowe at nasa.gov> 
wrote:
I was just wondering what the latest version of the Casper Suite was.
We are currently running version 6.0.

It seems to be hard to find out what the latest version is on the
internet.

Justin

_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper


</PRE><p><span style="font-size:9.5pt;line-height:115%;font-family: Arial">This transmission is intended solely for the person or organization to whom it is addressed and it may contain privileged and confidential information. If you are not the intended recipient you should not copy, distribute or take any action in reliance on it. If you believe you received this transmission in error please notify the sender.</span></p>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081223/10bf36b2/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 14361 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081223/10bf36b2/attachment.jpe 

From sean.hansell at jwt.com  Tue Dec 23 07:54:10 2008
From: sean.hansell at jwt.com (sean.hansell at jwt.com)
Date: Tue, 23 Dec 2008 10:54:10 -0500
Subject: [Casper] Major problems creating Base image.
Message-ID: <OF0B7989A4.2067D80D-ON85257528.0056DC10-85257528.00575AF8@jwt.com;
	namail2.na.corp.jwt.com>

For the first time ever, I'm having major problems building my base image. 
The New Unibody MacBook5,1 and MacBookPro5,1 are giving me nothing but 
trouble.

Before these, my imaing process would consist of building my BaseOS image 
on the latest model MacBookPro. Up until recently this has been on a 
MacBookPro4,1, the last all-aluminum model. These images worked on every 
Mac that preceded them, including all PowerPC machines capable of running 
Leopard.

But my latest two images, built on a MacBookPro5,1 have cause nothing but 
problems. It's causing a random sleep issue on a MacBook5,1, and crazy 
errors on a MacBookPro3,1, and I haven't even begun to test it on PowerPC 
machines yet.

The only major thing I see different and plainly obvious between the two 
builds is the energy-saver prefPane is different, the one for the 
Unibody's with the coil-bulb icon and all the others with the lightbulb 
icon, even when updated to 10.5.6.

Is anyone else having similar issues with new Base images?



</PRE><p><span style="font-size:9.5pt;line-height:115%;font-family: Arial">This transmission is intended solely for the person or organization to whom it is addressed and it may contain privileged and confidential information. If you are not the intended recipient you should not copy, distribute or take any action in reliance on it. If you believe you received this transmission in error please notify the sender.</span></p>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081223/bdc87f2a/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 14361 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081223/bdc87f2a/attachment.jpe 

From mcorippo at lblp.com  Tue Dec 23 09:00:02 2008
From: mcorippo at lblp.com (mcorippo)
Date: Tue, 23 Dec 2008 09:00:02 -0800
Subject: [Casper] Major problems creating Base image.
In-Reply-To: <OF0B7989A4.2067D80D-ON85257528.0056DC10-85257528.00575AF8@jwt.com;
	namail2.na.corp.jwt.com>
References: <OF0B7989A4.2067D80D-ON85257528.0056DC10-85257528.00575AF8@jwt.com;
	namail2.na.corp.jwt.com>
Message-ID: <fc.006ad22901c83beb3b9aca00588a66eb.1c83c0c@lblp.com>

Thanks for asking the question.  Getting ready to start the same project, and was wondering if
anybody had tried it yet, and how it was going.  Have been wondering if this would be an issue.....
   Hope to dive in, and have something to report in the next few days.

Matt Corippo
Lindamood-Bell Learning Processes
I.T. Dept.



sean.hansell at jwt.com on December 23, 2008 at 7:54 AM -0800 wrote:
>
>For the first time ever, I'm having major problems building my base image. The New Unibody
>MacBook5,1 and MacBookPro5,1 are giving me nothing but trouble. 
>
>Before these, my imaing process would consist of building my BaseOS image on the latest model
>MacBookPro. Up until recently this has been on a MacBookPro4,1, the last all-aluminum model. These
>images worked on every Mac that preceded them, including all PowerPC machines capable of running
>Leopard. 
>
>But my latest two images, built on a MacBookPro5,1 have cause nothing but problems. It's causing a
>random sleep issue on a MacBook5,1, and crazy errors on a MacBookPro3,1, and I haven't even begun
>to test it on PowerPC machines yet. 
>
>The only major thing I see different and plainly obvious between the two builds is the
>energy-saver prefPane is different, the one for the Unibody's with the coil-bulb icon and all the
>others with the lightbulb icon, even when updated to 10.5.6. 
>
>Is anyone else having similar issues with new Base images?
> 
>[Image]
> 
>
>
>
>
>This transmission is intended solely for the person or organization to whom it is addressed and it
>may contain privileged and confidential information. If you are not the intended recipient you
>should not copy, distribute or take any action in reliance on it. If you believe you received this
>transmission in error please notify the sender.
>
>_______________________________________________
>Casper mailing list
>Casper at list.jamfsoftware.com
>http://list.jamfsoftware.com/mailman/listinfo/casper


-------------- next part --------------
A non-text attachment was scrubbed...
Name: -_2_1EFB78041EFB4DD400575AF485257528-.jpg
Type: image/jpeg
Size: 14361 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081223/9f6d0dfa/attachment.jpg 

From ERNSTCS at uwec.edu  Tue Dec 23 09:56:02 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Tue, 23 Dec 2008 11:56:02 -0600
Subject: [Casper] Major problems creating Base image.
In-Reply-To: <7a6906a7-6752-473c-9d25-f08aa7a35993@list.jamfsoftware.com>
References: <7a6906a7-6752-473c-9d25-f08aa7a35993@list.jamfsoftware.com>
Message-ID: <337F3930-45C5-481D-A0BE-901E2AFCAF09@uwec.edu>

I just started to build mine this week, and noticed the same differences for energy save, including the icon. Haven't run it long enough on other hardware. Will keep you posted.

Craig Ernst
UW-Eau Claire
(715) 836-3639

Sent from my iPhone

On Dec 23, 2008, at 9:54 AM, "sean.hansell at jwt.com<mailto:sean.hansell at jwt.com>" <sean.hansell at jwt.com<mailto:sean.hansell at jwt.com>> wrote:


For the first time ever, I'm having major problems building my base image. The New Unibody MacBook5,1 and MacBookPro5,1 are giving me nothing but trouble.

Before these, my imaing process would consist of building my BaseOS image on the latest model MacBookPro. Up until recently this has been on a MacBookPro4,1, the last all-aluminum model. These images worked on every Mac that preceded them, including all PowerPC machines capable of running Leopard.

But my latest two images, built on a MacBookPro5,1 have cause nothing but problems. It's causing a random sleep issue on a MacBook5,1, and crazy errors on a MacBookPro3,1, and I haven't even begun to test it on PowerPC machines yet.

The only major thing I see different and plainly obvious between the two builds is the energy-saver prefPane is different, the one for the Unibody's with the coil-bulb icon and all the others with the lightbulb icon, even when updated to 10.5.6.

Is anyone else having similar issues with new Base images?

<ATT00001.jpg>

This transmission is intended solely for the person or organization to whom it is addressed and it may contain privileged and confidential information. If you are not the intended recipient you should not copy, distribute or take any action in reliance on it. If you believe you received this transmission in error please notify the sender.

_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com<mailto:Casper at list.jamfsoftware.com>
http://list.jamfsoftware.com/mailman/listinfo/casper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081223/b12eb36b/attachment.html 

From Cyrus.Vahhaji at bestbuy.com  Tue Dec 23 14:25:27 2008
From: Cyrus.Vahhaji at bestbuy.com (Cyrus Vahhaji)
Date: Tue, 23 Dec 2008 16:25:27 -0600
Subject: [Casper] Major problems creating Base image.
In-Reply-To: <337F3930-45C5-481D-A0BE-901E2AFCAF09@uwec.edu>
Message-ID: <C576C177.1DC90%Cyrus.Vahhaji@bestbuy.com>

Curious what you are using for media. Can I assume you are using installer
that came with the new hardware? If so, have tried using retail version to
see if it makes a difference? Just a thought.



From: "Ernst, Craig S." <ERNSTCS at uwec.edu>
Date: Tue, 23 Dec 2008 11:56:02 -0600
To: "sean.hansell at jwt.com" <sean.hansell at jwt.com>
Cc: "casper at list.jamfsoftware.com" <casper at list.jamfsoftware.com>
Subject: Re: [Casper] Major problems creating Base image.

I just started to build mine this week, and noticed the same differences for
energy save, including the icon. Haven't run it long enough on other
hardware. Will keep you posted.

Craig Ernst
UW-Eau Claire
(715) 836-3639

Sent from my iPhone

On Dec 23, 2008, at 9:54 AM, "sean.hansell at jwt.com" <sean.hansell at jwt.com>
wrote:

> 
> For the first time ever, I'm having major problems building my base image. The
> New Unibody MacBook5,1 and MacBookPro5,1 are giving me nothing but trouble.
> 
> Before these, my imaing process would consist of building my BaseOS image on
> the latest model MacBookPro. Up until recently this has been on a
> MacBookPro4,1, the last all-aluminum model. These images worked on every Mac
> that preceded them, including all PowerPC machines capable of running Leopard.
> 
> But my latest two images, built on a MacBookPro5,1 have cause nothing but
> problems. It's causing a random sleep issue on a MacBook5,1, and crazy errors
> on a MacBookPro3,1, and I haven't even begun to test it on PowerPC machines
> yet. 
> 
> The only major thing I see different and plainly obvious between the two
> builds is the energy-saver prefPane is different, the one for the Unibody's
> with the coil-bulb icon and all the others with the lightbulb icon, even when
> updated to 10.5.6.
> 
> Is anyone else having similar issues with new Base images?
> 
> <ATT00001.jpg>
> 
> This transmission is intended solely for the person or organization to whom it
> is addressed and it may contain privileged and confidential information. If
> you are not the intended recipient you should not copy, distribute or take any
> action in reliance on it. If you believe you received this transmission in
> error please notify the sender.
> 
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
> 
> 
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081223/43ea1a0c/attachment.html 

From brad-gunnells at uiowa.edu  Tue Dec 23 14:46:42 2008
From: brad-gunnells at uiowa.edu (Brad Gunnells)
Date: Tue, 23 Dec 2008 16:46:42 -0600
Subject: [Casper] folder deletion and shutdown
In-Reply-To: <ec2e75ff0812051228k5ce236e8y5ff3242d544150e0@mail.gmail.com>
References: <C55EE844.19A83%amir-bozorgzadeh@uiowa.edu>
	<ec2e75ff0812051228k5ce236e8y5ff3242d544150e0@mail.gmail.com>
Message-ID: <E142E870-2BDE-4D96-978B-6D27B8B3836B@uiowa.edu>

I want to pass a couple questions to the group to see if others have  
had success with either of these items.

First has to do with folder deletion. We currently deploy an image  
through NetBoot/NetRestore that has all of our common applications.  
This was set up before we began using Casper. I have an updated  
application that installs into a different folder. Is there a way in  
my policy that deploys this new application to send a UNIX command  
such as "rm -R /Applications/Old Application" before installing the  
new one? Or does that need to be built into a script that deploys  
first and then is followed by the new installation?

The second question relates to energy conservation. We've been  
charged with an initiative to help reduce power consumption.  
Currently we use Workgroup Manager (again this was setup prior to  
Casper) to manage many of the preferences. You can set power on and  
power off times that appear to work. Does anyone do something similar  
through a Casper policy? Also I'm wondering if it would be a good  
idea in that policy to have the cron utilities run at either shutdown  
or startup to make sure those tasks are dealt with. How do your  
organizations handle this?

Thanks for any suggestions as I dive deeper into Casper.......

Brad


---------------------------------------------------------------------
Brad Gunnells
University of Iowa
Information Technology Services
Campus Technology Services/Learning Spaces Technology
Iowa City IA 52242
(319)335-5524   FAX (319)335-5505
mailto:brad-gunnells at uiowa.edu
---------------------------------------------------------------------


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081223/44649c5a/attachment.htm 

From miles.leacy at themacadmin.com  Tue Dec 23 15:03:20 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Tue, 23 Dec 2008 18:03:20 -0500
Subject: [Casper] folder deletion and shutdown
In-Reply-To: <E142E870-2BDE-4D96-978B-6D27B8B3836B@uiowa.edu>
References: <C55EE844.19A83%amir-bozorgzadeh@uiowa.edu>
	<ec2e75ff0812051228k5ce236e8y5ff3242d544150e0@mail.gmail.com>
	<E142E870-2BDE-4D96-978B-6D27B8B3836B@uiowa.edu>
Message-ID: <ec2e75ff0812231503n6d94cfabs53da822b6fe19e3a@mail.gmail.com>

First question: Use the "Run Command" field in the "advanced" tab of a
policy or Casper Remote.  I'd suggest writing a script to uninstall your app
and storing the script in the JSS for use in policies & such.
Second question: Type "man pmset" in Terminal.  The pmset command should
allow you to do anything you like with power management.

I've got lots of scripts I use now and have used in the past for managing
systems.  Casper can work hand in hand with Open Directory MCX management,
or you can manage the same settings via scripts that are deployed via
policies.  Of course, if you want to get fancy, you can manage MCX on the
local directory using dscl.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/23 Brad Gunnells <brad-gunnells at uiowa.edu>

> I want to pass a couple questions to the group to see if others have had
> success with either of these items.
> First has to do with folder deletion. We currently deploy an image through
> NetBoot/NetRestore that has all of our common applications. This was set up
> before we began using Casper. I have an updated application that installs
> into a different folder. Is there a way in my policy that deploys this new
> application to send a UNIX command such as "rm -R /Applications/Old
> Application" before installing the new one? Or does that need to be built
> into a script that deploys first and then is followed by the new
> installation?
>
> The second question relates to energy conservation. We've been charged with
> an initiative to help reduce power consumption. Currently we use Workgroup
> Manager (again this was setup prior to Casper) to manage many of the
> preferences. You can set power on and power off times that appear to work.
> Does anyone do something similar through a Casper policy? Also I'm wondering
> if it would be a good idea in that policy to have the cron utilities run at
> either shutdown or startup to make sure those tasks are dealt with. How do
> your organizations handle this?
>
> Thanks for any suggestions as I dive deeper into Casper.......
>
> Brad
>
>
>  ---------------------------------------------------------------------
>
> Brad Gunnells
>
> University of Iowa
>
> Information Technology Services
>
> Campus Technology Services/Learning Spaces Technology
>
> Iowa City IA 52242
>
> (319)335-5524   FAX (319)335-5505
>
> mailto:brad-gunnells at uiowa.edu <brad-gunnells at uiowa.edu>
>
> ---------------------------------------------------------------------
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081223/a52633b7/attachment.html 

From Cyrus.Vahhaji at bestbuy.com  Wed Dec 24 08:50:24 2008
From: Cyrus.Vahhaji at bestbuy.com (Cyrus Vahhaji)
Date: Wed, 24 Dec 2008 10:50:24 -0600
Subject: [Casper] folder deletion and shutdown
In-Reply-To: <ec2e75ff0812231503n6d94cfabs53da822b6fe19e3a@mail.gmail.com>
Message-ID: <C577C470.1DCBB%Cyrus.Vahhaji@bestbuy.com>

Miles,

Do you know at what point ?Run Command? runs? Before or After?



From: Miles Leacy <miles.leacy at themacadmin.com>
Date: Tue, 23 Dec 2008 18:03:20 -0500
To: Brad Gunnells <brad-gunnells at uiowa.edu>
Cc: <casper at list.jamfsoftware.com>
Subject: Re: [Casper] folder deletion and shutdown

First question: Use the "Run Command" field in the "advanced" tab of a
policy or Casper Remote.  I'd suggest writing a script to uninstall your app
and storing the script in the JSS for use in policies & such.

Second question: Type "man pmset" in Terminal.  The pmset command should
allow you to do anything you like with power management.

I've got lots of scripts I use now and have used in the past for managing
systems.  Casper can work hand in hand with Open Directory MCX management,
or you can manage the same settings via scripts that are deployed via
policies.  Of course, if you want to get fancy, you can manage MCX on the
local directory using dscl.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com <http://www.themacadmin.com>




2008/12/23 Brad Gunnells <brad-gunnells at uiowa.edu>
> I want to pass a couple questions to the group to see if others have had
> success with either of these items.
> 
> First has to do with folder deletion. We currently deploy an image through
> NetBoot/NetRestore that has all of our common applications. This was set up
> before we began using Casper. I have an updated application that installs into
> a different folder. Is there a way in my policy that deploys this new
> application to send a UNIX command such as "rm -R /Applications/Old
> Application" before installing the new one? Or does that need to be built into
> a script that deploys first and then is followed by the new installation?
> 
> The second question relates to energy conservation. We've been charged with an
> initiative to help reduce power consumption. Currently we use Workgroup
> Manager (again this was setup prior to Casper) to manage many of the
> preferences. You can set power on and power off times that appear to work.
> Does anyone do something similar through a Casper policy? Also I'm wondering
> if it would be a good idea in that policy to have the cron utilities run at
> either shutdown or startup to make sure those tasks are dealt with. How do
> your organizations handle this?
> 
> Thanks for any suggestions as I dive deeper into Casper.......
> 
> Brad
> 
> 
>  
> 
> ---------------------------------------------------------------------
> 
> Brad Gunnells 
> 
> University of Iowa
> 
> Information Technology Services
> 
> Campus Technology Services/Learning Spaces Technology
> 
> Iowa City IA 52242
> 
> (319)335-5524   FAX (319)335-5505
> 
> mailto:brad-gunnells at uiowa.edu
> 
> ---------------------------------------------------------------------
> 
>  
> 
> 
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
> 
> 
> 
> 
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081224/2a8c412f/attachment.html 

From miles.leacy at themacadmin.com  Wed Dec 24 09:13:44 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Wed, 24 Dec 2008 12:13:44 -0500
Subject: [Casper] folder deletion and shutdown
In-Reply-To: <C577C470.1DCBB%Cyrus.Vahhaji@bestbuy.com>
References: <ec2e75ff0812231503n6d94cfabs53da822b6fe19e3a@mail.gmail.com>
	<C577C470.1DCBB%Cyrus.Vahhaji@bestbuy.com>
Message-ID: <ec2e75ff0812240913w2126d9des97b4aee1a4eaedca@mail.gmail.com>

I believe "Run Command" is the last action performed in a policy, but you
may want to check with JAMF support to confirm.

Any output from the command is written to the policy log or remote log, so
it can be very useful for collecting information.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Wed, Dec 24, 2008 at 11:50 AM, Cyrus Vahhaji
<Cyrus.Vahhaji at bestbuy.com>wrote:

>  Miles,
>
> Do you know at what point "Run Command" runs? Before or After?
>
>
> ------------------------------
> *From: *Miles Leacy <miles.leacy at themacadmin.com>
> *Date: *Tue, 23 Dec 2008 18:03:20 -0500
> *To: *Brad Gunnells <brad-gunnells at uiowa.edu>
> *Cc: *<casper at list.jamfsoftware.com>
> *Subject: *Re: [Casper] folder deletion and shutdown
>
> First question: Use the "Run Command" field in the "advanced" tab of a
> policy or Casper Remote.  I'd suggest writing a script to uninstall your app
> and storing the script in the JSS for use in policies & such.
>
> Second question: Type "man pmset" in Terminal.  The pmset command should
> allow you to do anything you like with power management.
>
> I've got lots of scripts I use now and have used in the past for managing
> systems.  Casper can work hand in hand with Open Directory MCX management,
> or you can manage the same settings via scripts that are deployed via
> policies.  Of course, if you want to get fancy, you can manage MCX on the
> local directory using dscl.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com><http://www.themacadmin.com>
>
>
>
>
> 2008/12/23 Brad Gunnells <brad-gunnells at uiowa.edu>
>
> I want to pass a couple questions to the group to see if others have had
> success with either of these items.
>
> First has to do with folder deletion. We currently deploy an image through
> NetBoot/NetRestore that has all of our common applications. This was set up
> before we began using Casper. I have an updated application that installs
> into a different folder. Is there a way in my policy that deploys this new
> application to send a UNIX command such as "rm -R /Applications/Old
> Application" before installing the new one? Or does that need to be built
> into a script that deploys first and then is followed by the new
> installation?
>
> The second question relates to energy conservation. We've been charged with
> an initiative to help reduce power consumption. Currently we use Workgroup
> Manager (again this was setup prior to Casper) to manage many of the
> preferences. You can set power on and power off times that appear to work.
> Does anyone do something similar through a Casper policy? Also I'm wondering
> if it would be a good idea in that policy to have the cron utilities run at
> either shutdown or startup to make sure those tasks are dealt with. How do
> your organizations handle this?
>
> Thanks for any suggestions as I dive deeper into Casper.......
>
> Brad
>
>
>
>
> ---------------------------------------------------------------------
>
> Brad Gunnells
>
> University of Iowa
>
> Information Technology Services
>
> Campus Technology Services/Learning Spaces Technology
>
> Iowa City IA 52242
>
> (319)335-5524  FAX (319)335-5505
>
> mailto:brad-gunnells at uiowa.edu <brad-gunnells at uiowa.edu>
>
> ---------------------------------------------------------------------
>
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
>
> ------------------------------
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081224/0e536f79/attachment.htm 

From ERNSTCS at uwec.edu  Wed Dec 24 10:33:35 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Wed, 24 Dec 2008 12:33:35 -0600
Subject: [Casper] folder deletion and shutdown
In-Reply-To: <ec2e75ff0812240913w2126d9des97b4aee1a4eaedca@mail.gmail.com>
References: <ec2e75ff0812231503n6d94cfabs53da822b6fe19e3a@mail.gmail.com>
	<C577C470.1DCBB%Cyrus.Vahhaji@bestbuy.com>
	<ec2e75ff0812240913w2126d9des97b4aee1a4eaedca@mail.gmail.com>
Message-ID: <C6A8E5A7-84C2-4214-A91A-F2A06D2A7EC9@uwec.edu>

That is correct it runs last. I wish I could insert various commands through out a policy at the points I wanted. Build the policy step by step using a pop-up interface similar to building smart groups. Delete files command here, uninstall packs here, install packs here, run commands here, run advanced options here, run another command here, and reboot.

Craig Ernst
UW-Eau Claire
(715) 836-3639

Sent from my iPhone

On Dec 24, 2008, at 11:13 AM, "Miles Leacy" <miles.leacy at themacadmin.com<mailto:miles.leacy at themacadmin.com>> wrote:

I believe "Run Command" is the last action performed in a policy, but you may want to check with JAMF support to confirm.

Any output from the command is written to the policy log or remote log, so it can be very useful for collecting information.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
<mailto:miles.leacy at themacadmin.com>miles.leacy at themacadmin.com<mailto:miles.leacy at themacadmin.com>
<http://www.themacadmin.com>www.themacadmin.com<http://www.themacadmin.com>




On Wed, Dec 24, 2008 at 11:50 AM, Cyrus Vahhaji <<mailto:Cyrus.Vahhaji at bestbuy.com>Cyrus.Vahhaji at bestbuy.com<mailto:Cyrus.Vahhaji at bestbuy.com>> wrote:
Miles,

Do you know at what point "Run Command" runs? Before or After?


________________________________
From: Miles Leacy <<mailto:miles.leacy at themacadmin.com>miles.leacy at themacadmin.com<mailto:miles.leacy at themacadmin.com>>
Date: Tue, 23 Dec 2008 18:03:20 -0500
To: Brad Gunnells <<mailto:brad-gunnells at uiowa.edu>brad-gunnells at uiowa.edu<mailto:brad-gunnells at uiowa.edu>>
Cc: <<mailto:casper at list.jamfsoftware.com>casper at list.jamfsoftware.com<mailto:casper at list.jamfsoftware.com>>
Subject: Re: [Casper] folder deletion and shutdown


First question: Use the "Run Command" field in the "advanced" tab of a policy or Casper Remote.  I'd suggest writing a script to uninstall your app and storing the script in the JSS for use in policies & such.

Second question: Type "man pmset" in Terminal.  The pmset command should allow you to do anything you like with power management.

I've got lots of scripts I use now and have used in the past for managing systems.  Casper can work hand in hand with Open Directory MCX management, or you can manage the same settings via scripts that are deployed via policies.  Of course, if you want to get fancy, you can manage MCX on the local directory using dscl.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
<mailto:miles.leacy at themacadmin.com>miles.leacy at themacadmin.com<mailto:miles.leacy at themacadmin.com>
<http://www.themacadmin.com>www.themacadmin.com<http://www.themacadmin.com> <<http://www.themacadmin.com>http://www.themacadmin.com>




2008/12/23 Brad Gunnells <<mailto:brad-gunnells at uiowa.edu>brad-gunnells at uiowa.edu<mailto:brad-gunnells at uiowa.edu>>
I want to pass a couple questions to the group to see if others have had success with either of these items.

First has to do with folder deletion. We currently deploy an image through NetBoot/NetRestore that has all of our common applications. This was set up before we began using Casper. I have an updated application that installs into a different folder. Is there a way in my policy that deploys this new application to send a UNIX command such as "rm -R /Applications/Old Application" before installing the new one? Or does that need to be built into a script that deploys first and then is followed by the new installation?

The second question relates to energy conservation. We've been charged with an initiative to help reduce power consumption. Currently we use Workgroup Manager (again this was setup prior to Casper) to manage many of the preferences. You can set power on and power off times that appear to work. Does anyone do something similar through a Casper policy? Also I'm wondering if it would be a good idea in that policy to have the cron utilities run at either shutdown or startup to make sure those tasks are dealt with. How do your organizations handle this?

Thanks for any suggestions as I dive deeper into Casper.......

Brad




---------------------------------------------------------------------

Brad Gunnells

University of Iowa

Information Technology Services

Campus Technology Services/Learning Spaces Technology

Iowa City IA 52242

(319)335-5524  FAX (319)335-5505

<mailto:brad-gunnells at uiowa.edu>mailto:brad-gunnells at uiowa.edu

---------------------------------------------------------------------




_______________________________________________
Casper mailing list
<mailto:Casper at list.jamfsoftware.com>Casper at list.jamfsoftware.com<mailto:Casper at list.jamfsoftware.com>
<http://list.jamfsoftware.com/mailman/listinfo/casper>http://list.jamfsoftware.com/mailman/listinfo/casper



________________________________
_______________________________________________
Casper mailing list
<mailto:Casper at list.jamfsoftware.com>Casper at list.jamfsoftware.com<mailto:Casper at list.jamfsoftware.com>
<http://list.jamfsoftware.com/mailman/listinfo/casper>http://list.jamfsoftware.com/mailman/listinfo/casper

_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com<mailto:Casper at list.jamfsoftware.com>
http://list.jamfsoftware.com/mailman/listinfo/casper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081224/c8408d00/attachment.html 

From jstrauss at loyolahs.edu  Wed Dec 24 19:09:45 2008
From: jstrauss at loyolahs.edu (Jeff Strauss)
Date: Wed, 24 Dec 2008 19:09:45 -0800
Subject: [Casper] Major Casper problem
Message-ID: <3635F10A-F671-492E-952A-0B6F1E1E8693@loyolahs.edu>

Just kidding! Happy holidays everyone!

- Jeff

Sent from my iPhone 3G

From miles.leacy at themacadmin.com  Fri Dec 26 08:26:38 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Fri, 26 Dec 2008 11:26:38 -0500
Subject: [Casper] folder deletion and shutdown
In-Reply-To: <C6A8E5A7-84C2-4214-A91A-F2A06D2A7EC9@uwec.edu>
References: <ec2e75ff0812231503n6d94cfabs53da822b6fe19e3a@mail.gmail.com>
	<C577C470.1DCBB%Cyrus.Vahhaji@bestbuy.com>
	<ec2e75ff0812240913w2126d9des97b4aee1a4eaedca@mail.gmail.com>
	<C6A8E5A7-84C2-4214-A91A-F2A06D2A7EC9@uwec.edu>
Message-ID: <ec2e75ff0812260826h58258bfqf4dab42241af85e@mail.gmail.com>

A feature request I thought of in this vein is script priorities.
I tend to be very modular in my scripting for easy interchangeability.  This
means my scripts usually accomplish a single, simple task, such as "turn off
IPv6", rather than "fully configure all network settings".

I've run into situations where script priorities would be useful in making
sure that the prerequisites are met before running script "X".

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Wed, Dec 24, 2008 at 1:33 PM, Ernst, Craig S. <ERNSTCS at uwec.edu> wrote:

> That is correct it runs last. I wish I could insert various commands
> through out a policy at the points I wanted. Build the policy step by step
> using a pop-up interface similar to building smart groups. Delete files
> command here, uninstall packs here, install packs here, run commands here,
> run advanced options here, run another command here, and reboot.
>
> Craig ErnstUW-Eau Claire
> (715) 836-3639
>
> Sent from my iPhone
>
> On Dec 24, 2008, at 11:13 AM, "Miles Leacy" <miles.leacy at themacadmin.com>
> wrote:
>
> I believe "Run Command" is the last action performed in a policy, but you
> may want to check with JAMF support to confirm.
>
> Any output from the command is written to the policy log or remote log, so
> it can be very useful for collecting information.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
>  <miles.leacy at themacadmin.com>miles.leacy at themacadmin.com
> <http://www.themacadmin.com>www.themacadmin.com
>
>
>
>
> On Wed, Dec 24, 2008 at 11:50 AM, Cyrus Vahhaji <<Cyrus.Vahhaji at bestbuy.com>
> Cyrus.Vahhaji at bestbuy.com> wrote:
>
>>  Miles,
>>
>> Do you know at what point "Run Command" runs? Before or After?
>>
>>
>> ------------------------------
>> *From: *Miles Leacy < <miles.leacy at themacadmin.com>
>> miles.leacy at themacadmin.com>
>> *Date: *Tue, 23 Dec 2008 18:03:20 -0500
>> *To: *Brad Gunnells < <brad-gunnells at uiowa.edu>brad-gunnells at uiowa.edu>
>> *Cc: *< <casper at list.jamfsoftware.com>casper at list.jamfsoftware.com>
>> *Subject: *Re: [Casper] folder deletion and shutdown
>>
>> First question: Use the "Run Command" field in the "advanced" tab of a
>> policy or Casper Remote.  I'd suggest writing a script to uninstall your app
>> and storing the script in the JSS for use in policies & such.
>>
>> Second question: Type "man pmset" in Terminal.  The pmset command should
>> allow you to do anything you like with power management.
>>
>> I've got lots of scripts I use now and have used in the past for managing
>> systems.  Casper can work hand in hand with Open Directory MCX management,
>> or you can manage the same settings via scripts that are deployed via
>> policies.  Of course, if you want to get fancy, you can manage MCX on the
>> local directory using dscl.
>>
>> ----------
>> Miles A. Leacy IV
>>
>> ? Certified System Administrator 10.4
>> ? Certified Technical Coordinator 10.5
>> ? Certified Trainer
>> Certified Casper Administrator
>> ----------
>> voice: 1-347-277-7321
>>  <miles.leacy at themacadmin.com>miles.leacy at themacadmin.com
>>  <http://www.themacadmin.com>www.themacadmin.com <<http://www.themacadmin.com>
>> http://www.themacadmin.com>
>>
>>
>>
>>
>> 2008/12/23 Brad Gunnells < <brad-gunnells at uiowa.edu>
>> brad-gunnells at uiowa.edu>
>>
>> I want to pass a couple questions to the group to see if others have had
>> success with either of these items.
>>
>> First has to do with folder deletion. We currently deploy an image through
>> NetBoot/NetRestore that has all of our common applications. This was set up
>> before we began using Casper. I have an updated application that installs
>> into a different folder. Is there a way in my policy that deploys this new
>> application to send a UNIX command such as "rm -R /Applications/Old
>> Application" before installing the new one? Or does that need to be built
>> into a script that deploys first and then is followed by the new
>> installation?
>>
>> The second question relates to energy conservation. We've been charged
>> with an initiative to help reduce power consumption. Currently we use
>> Workgroup Manager (again this was setup prior to Casper) to manage many of
>> the preferences. You can set power on and power off times that appear to
>> work. Does anyone do something similar through a Casper policy? Also I'm
>> wondering if it would be a good idea in that policy to have the cron
>> utilities run at either shutdown or startup to make sure those tasks are
>> dealt with. How do your organizations handle this?
>>
>> Thanks for any suggestions as I dive deeper into Casper.......
>>
>> Brad
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>>
>> Brad Gunnells
>>
>> University of Iowa
>>
>> Information Technology Services
>>
>> Campus Technology Services/Learning Spaces Technology
>>
>> Iowa City IA 52242
>>
>> (319)335-5524  FAX (319)335-5505
>>
>>  <brad-gunnells at uiowa.edu>mailto:brad-gunnells at uiowa.edu<brad-gunnells at uiowa.edu>
>>
>> ---------------------------------------------------------------------
>>
>>
>>
>>
>> _______________________________________________
>> Casper mailing list
>>  <Casper at list.jamfsoftware.com>Casper at list.jamfsoftware.com
>>  <http://list.jamfsoftware.com/mailman/listinfo/casper>
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>
>>
>>
>> ------------------------------
>> _______________________________________________
>> Casper mailing list
>>  <Casper at list.jamfsoftware.com>Casper at list.jamfsoftware.com
>>  <http://list.jamfsoftware.com/mailman/listinfo/casper>
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081226/d435c328/attachment.html 

From ERNSTCS at uwec.edu  Fri Dec 26 08:47:47 2008
From: ERNSTCS at uwec.edu (Ernst, Craig S.)
Date: Fri, 26 Dec 2008 10:47:47 -0600
Subject: [Casper] folder deletion and shutdown
In-Reply-To: <ec2e75ff0812260826h58258bfqf4dab42241af85e@mail.gmail.com>
References: <ec2e75ff0812231503n6d94cfabs53da822b6fe19e3a@mail.gmail.com>
	<C577C470.1DCBB%Cyrus.Vahhaji@bestbuy.com>
	<ec2e75ff0812240913w2126d9des97b4aee1a4eaedca@mail.gmail.com>
	<C6A8E5A7-84C2-4214-A91A-F2A06D2A7EC9@uwec.edu>
	<ec2e75ff0812260826h58258bfqf4dab42241af85e@mail.gmail.com>
Message-ID: <042EF11D-A9D1-464A-8166-C61A74817D27@uwec.edu>

I very much agree!

Craig Ernst
UW-Eau Claire
(715) 836-3639

Sent from my iPhone

On Dec 26, 2008, at 10:26 AM, "Miles Leacy" <miles.leacy at themacadmin.com<mailto:miles.leacy at themacadmin.com>> wrote:

A feature request I thought of in this vein is script priorities.

I tend to be very modular in my scripting for easy interchangeability.  This means my scripts usually accomplish a single, simple task, such as "turn off IPv6", rather than "fully configure all network settings".

I've run into situations where script priorities would be useful in making sure that the prerequisites are met before running script "X".

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
<mailto:miles.leacy at themacadmin.com>miles.leacy at themacadmin.com<mailto:miles.leacy at themacadmin.com>
<http://www.themacadmin.com>www.themacadmin.com<http://www.themacadmin.com>




On Wed, Dec 24, 2008 at 1:33 PM, Ernst, Craig S. <<mailto:ERNSTCS at uwec.edu>ERNSTCS at uwec.edu<mailto:ERNSTCS at uwec.edu>> wrote:
That is correct it runs last. I wish I could insert various commands through out a policy at the points I wanted. Build the policy step by step using a pop-up interface similar to building smart groups. Delete files command here, uninstall packs here, install packs here, run commands here, run advanced options here, run another command here, and reboot.

Craig Ernst
UW-Eau Claire
(715) 836-3639

Sent from my iPhone

On Dec 24, 2008, at 11:13 AM, "Miles Leacy" <<mailto:miles.leacy at themacadmin.com>miles.leacy at themacadmin.com<mailto:miles.leacy at themacadmin.com>> wrote:

I believe "Run Command" is the last action performed in a policy, but you may want to check with JAMF support to confirm.

Any output from the command is written to the policy log or remote log, so it can be very useful for collecting information.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
<mailto:miles.leacy at themacadmin.com><mailto:miles.leacy at themacadmin.com>miles.leacy at themacadmin.com<mailto:miles.leacy at themacadmin.com>
<http://www.themacadmin.com><http://www.themacadmin.com>www.themacadmin.com<http://www.themacadmin.com>




On Wed, Dec 24, 2008 at 11:50 AM, Cyrus Vahhaji <<mailto:Cyrus.Vahhaji at bestbuy.com><mailto:Cyrus.Vahhaji at bestbuy.com>Cyrus.Vahhaji at bestbuy.com<mailto:Cyrus.Vahhaji at bestbuy.com>> wrote:
Miles,

Do you know at what point "Run Command" runs? Before or After?


________________________________
From: Miles Leacy <<mailto:miles.leacy at themacadmin.com><mailto:miles.leacy at themacadmin.com>miles.leacy at themacadmin.com<mailto:miles.leacy at themacadmin.com>>
Date: Tue, 23 Dec 2008 18:03:20 -0500
To: Brad Gunnells <<mailto:brad-gunnells at uiowa.edu><mailto:brad-gunnells at uiowa.edu>brad-gunnells at uiowa.edu<mailto:brad-gunnells at uiowa.edu>>
Cc: <<mailto:casper at list.jamfsoftware.com><mailto:casper at list.jamfsoftware.com>casper at list.jamfsoftware.com<mailto:casper at list.jamfsoftware.com>>
Subject: Re: [Casper] folder deletion and shutdown


First question: Use the "Run Command" field in the "advanced" tab of a policy or Casper Remote.  I'd suggest writing a script to uninstall your app and storing the script in the JSS for use in policies & such.

Second question: Type "man pmset" in Terminal.  The pmset command should allow you to do anything you like with power management.

I've got lots of scripts I use now and have used in the past for managing systems.  Casper can work hand in hand with Open Directory MCX management, or you can manage the same settings via scripts that are deployed via policies.  Of course, if you want to get fancy, you can manage MCX on the local directory using dscl.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
<mailto:miles.leacy at themacadmin.com><mailto:miles.leacy at themacadmin.com>miles.leacy at themacadmin.com<mailto:miles.leacy at themacadmin.com>
<http://www.themacadmin.com><http://www.themacadmin.com>www.themacadmin.com<http://www.themacadmin.com> <<http://www.themacadmin.com><http://www.themacadmin.com>http://www.themacadmin.com>




2008/12/23 Brad Gunnells <<mailto:brad-gunnells at uiowa.edu><mailto:brad-gunnells at uiowa.edu>brad-gunnells at uiowa.edu<mailto:brad-gunnells at uiowa.edu>>
I want to pass a couple questions to the group to see if others have had success with either of these items.

First has to do with folder deletion. We currently deploy an image through NetBoot/NetRestore that has all of our common applications. This was set up before we began using Casper. I have an updated application that installs into a different folder. Is there a way in my policy that deploys this new application to send a UNIX command such as "rm -R /Applications/Old Application" before installing the new one? Or does that need to be built into a script that deploys first and then is followed by the new installation?

The second question relates to energy conservation. We've been charged with an initiative to help reduce power consumption. Currently we use Workgroup Manager (again this was setup prior to Casper) to manage many of the preferences. You can set power on and power off times that appear to work. Does anyone do something similar through a Casper policy? Also I'm wondering if it would be a good idea in that policy to have the cron utilities run at either shutdown or startup to make sure those tasks are dealt with. How do your organizations handle this?

Thanks for any suggestions as I dive deeper into Casper.......

Brad




---------------------------------------------------------------------

Brad Gunnells

University of Iowa

Information Technology Services

Campus Technology Services/Learning Spaces Technology

Iowa City IA 52242

(319)335-5524  FAX (319)335-5505

<mailto:brad-gunnells at uiowa.edu><mailto:brad-gunnells at uiowa.edu>mailto:brad-gunnells at uiowa.edu

---------------------------------------------------------------------




_______________________________________________
Casper mailing list
<mailto:Casper at list.jamfsoftware.com><mailto:Casper at list.jamfsoftware.com>Casper at list.jamfsoftware.com<mailto:Casper at list.jamfsoftware.com>
<http://list.jamfsoftware.com/mailman/listinfo/casper><http://list.jamfsoftware.com/mailman/listinfo/casper>http://list.jamfsoftware.com/mailman/listinfo/casper



________________________________
_______________________________________________
Casper mailing list
<mailto:Casper at list.jamfsoftware.com><mailto:Casper at list.jamfsoftware.com>Casper at list.jamfsoftware.com<mailto:Casper at list.jamfsoftware.com>
<http://list.jamfsoftware.com/mailman/listinfo/casper><http://list.jamfsoftware.com/mailman/listinfo/casper>http://list.jamfsoftware.com/mailman/listinfo/casper

_______________________________________________
Casper mailing list
<mailto:Casper at list.jamfsoftware.com>Casper at list.jamfsoftware.com<mailto:Casper at list.jamfsoftware.com>
<http://list.jamfsoftware.com/mailman/listinfo/casper>http://list.jamfsoftware.com/mailman/listinfo/casper

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081226/bcc6dca6/attachment.htm 

From jared.nichols at ll.mit.edu  Mon Dec 29 05:19:10 2008
From: jared.nichols at ll.mit.edu (Nichols, Jared)
Date: Mon, 29 Dec 2008 08:19:10 -0500
Subject: [Casper] Major Casper problem
In-Reply-To: <3635F10A-F671-492E-952A-0B6F1E1E8693@loyolahs.edu>
Message-ID: <C57E387E.17A32%jared.nichols@ll.mit.edu>

Unsubscribe

:)

j


On 12/24/08 22:09 , "Jeff Strauss" <jstrauss at loyolahs.edu> wrote:

Just kidding! Happy holidays everyone!

- Jeff

Sent from my iPhone 3G
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com
http://list.jamfsoftware.com/mailman/listinfo/casper


--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081229/02c44a54/attachment.html 

From mahughe at kckps.org  Tue Dec 30 06:51:52 2008
From: mahughe at kckps.org (Mark Hughes)
Date: Tue, 30 Dec 2008 08:51:52 -0600
Subject: [Casper] Netbooting Across Subnets
Message-ID: <4959E128020000A300009303@gwoes4.kckps.org>

I have a new lab that has been setup w/ Intel iMacs straight out of the box and I'm wanting to 
use an existing image that we run on our laptops minus XP.  In testing I know this works fine.  The issue I'm
having is these machines are on a .12 subnet and the netboot server is on a .79 subnet and I think I remember Tom
mentioning that netboot doesn't like going across subnets.  Can anyone confirm that and have any suggestions that might help with this?

Thanks in advance....


Mark Hughes, Apple Technician
TIS Department, KCKPS USD500
Cell 913-449-7791
mahughe at kckps.org

From rharter at uwsp.edu  Tue Dec 30 07:18:26 2008
From: rharter at uwsp.edu (Ryan Harter)
Date: Tue, 30 Dec 2008 09:18:26 -0600
Subject: [Casper] Netbooting Across Subnets
In-Reply-To: <4959E128020000A300009303@gwoes4.kckps.org>
References: <4959E128020000A300009303@gwoes4.kckps.org>
Message-ID: <83B1D7E7-ACFC-4CC9-BEB2-5DB13C7F9919@uwsp.edu>

In our environment we have to set up UDP helpers on the router in  
order for NetBoot to work across subnets.  Mike Bombich has a good  
white paper on this on his website at http://www.bombich.com/mactips/nbas.html 
.

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

On Dec 30, 2008, at 8:51 AM, Mark Hughes wrote:

> I have a new lab that has been setup w/ Intel iMacs straight out of  
> the box and I'm wanting to
> use an existing image that we run on our laptops minus XP.  In  
> testing I know this works fine.  The issue I'm
> having is these machines are on a .12 subnet and the netboot server  
> is on a .79 subnet and I think I remember Tom
> mentioning that netboot doesn't like going across subnets.  Can  
> anyone confirm that and have any suggestions that might help with  
> this?
>
> Thanks in advance....
>
>
> Mark Hughes, Apple Technician
> TIS Department, KCKPS USD500
> Cell 913-449-7791
> mahughe at kckps.org
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081230/66c849ee/attachment.html 

From miles.leacy at themacadmin.com  Tue Dec 30 07:38:46 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Tue, 30 Dec 2008 10:38:46 -0500
Subject: [Casper] Netbooting Across Subnets
In-Reply-To: <83B1D7E7-ACFC-4CC9-BEB2-5DB13C7F9919@uwsp.edu>
References: <4959E128020000A300009303@gwoes4.kckps.org>
	<83B1D7E7-ACFC-4CC9-BEB2-5DB13C7F9919@uwsp.edu>
Message-ID: <ec2e75ff0812300738p10793e7el72f156c82b8cbae2@mail.gmail.com>

If you know the fqdn or IP address of the netboot server then you can
netboot from any subnet using the bless command.
From the bless man page:
NETBOOT MODE
     NetBoot Mode has the following options:
     --netboot                Instead of setting the active boot selection
to a disk-based volume, set the system to NetBoot.
     --server protocol://[interface@]server
                              A URL specification of how to boot the system.
Currently, the only protocol supported is BSDP
                              ("bsdp"), Apple's Boot Service Discovery
Protocol. The interface is optional, and the server is the
                              IPv4 address of the server in dotted-quad
notation. If there is not a specific server you'd like to
                              use, pass "255.255.255.255" to have the
firmware broadcast for the first available server. Examples
                              of this notation would be "bsdp://
255.255.255.255" and "bsdp://en1 at 17.203.12.203".
     --nextonly               Same as for Folder Mode.
     --options                Same as for Folder Mode.
     --quiet                  Do not print any output
     --verbose                Print verbose output

The following command will netboot to the default image on the netboot
server at IP address 10.0.0.2.

sudo bless --netboot --server bdsp://10.0.0.2

Of course, you'll also have to issue the reboot command.

I have had some difficulty with Power PC machines, but so far this works as
described with Intel systems.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




2008/12/30 Ryan Harter <rharter at uwsp.edu>

> In our environment we have to set up UDP helpers on the router in order for
> NetBoot to work across subnets.  Mike Bombich has a good white paper on this
> on his website at http://www.bombich.com/mactips/nbas.html.
> *
> Ryan Harter*
> UW - Stevens Point
> Workstation Developer
> 715.346.2716
> Ryan.Harter at uwsp.edu
>
> On Dec 30, 2008, at 8:51 AM, Mark Hughes wrote:
>
> I have a new lab that has been setup w/ Intel iMacs straight out of the box
> and I'm wanting to
> use an existing image that we run on our laptops minus XP.  In testing I
> know this works fine.  The issue I'm
> having is these machines are on a .12 subnet and the netboot server is on a
> .79 subnet and I think I remember Tom
> mentioning that netboot doesn't like going across subnets.  Can anyone
> confirm that and have any suggestions that might help with this?
>
> Thanks in advance....
>
>
> Mark Hughes, Apple Technician
> TIS Department, KCKPS USD500
> Cell 913-449-7791
> mahughe at kckps.org
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081230/9ccb2aad/attachment.html 

From rharter at uwsp.edu  Tue Dec 30 07:42:14 2008
From: rharter at uwsp.edu (Ryan Harter)
Date: Tue, 30 Dec 2008 09:42:14 -0600
Subject: [Casper] Netbooting Across Subnets
In-Reply-To: <ec2e75ff0812300738p10793e7el72f156c82b8cbae2@mail.gmail.com>
References: <4959E128020000A300009303@gwoes4.kckps.org>
	<83B1D7E7-ACFC-4CC9-BEB2-5DB13C7F9919@uwsp.edu>
	<ec2e75ff0812300738p10793e7el72f156c82b8cbae2@mail.gmail.com>
Message-ID: <F4D3F262-8900-47FB-9E9B-F7C339400A37@uwsp.edu>

I have also seen this and it's been hit or miss with our Intel  
machines.  It's hard to compare though with so many different networks  
setups.

The problem I have had with this is that we have more than one netboot  
image on our server, the default is just for imaging, but we also have  
a "Maintenance" image that has all of our diagnostic tools, and a  
bunch of other useful stuff, making it easy to do on site diagnostics  
and partitioning, etc.  With the bless command you don't have the  
option of choosing your image.  It is however great for booting to the  
default image.

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

On Dec 30, 2008, at 9:38 AM, Miles Leacy wrote:

> If you know the fqdn or IP address of the netboot server then you  
> can netboot from any subnet using the bless command.
>
> From the bless man page:
> NETBOOT MODE
>      NetBoot Mode has the following options:
>      --netboot                Instead of setting the active boot  
> selection to a disk-based volume, set the system to NetBoot.
>      --server protocol://[interface@]server
>                               A URL specification of how to boot the  
> system. Currently, the only protocol supported is BSDP
>                               ("bsdp"), Apple's Boot Service  
> Discovery Protocol. The interface is optional, and the server is the
>                               IPv4 address of the server in dotted- 
> quad notation. If there is not a specific server you'd like to
>                               use, pass "255.255.255.255" to have  
> the firmware broadcast for the first available server. Examples
>                               of this notation would be "bsdp:// 
> 255.255.255.255" and "bsdp://en1 at 17.203.12.203".
>      --nextonly               Same as for Folder Mode.
>      --options                Same as for Folder Mode.
>      --quiet                  Do not print any output
>      --verbose                Print verbose output
>
> The following command will netboot to the default image on the  
> netboot server at IP address 10.0.0.2.
>
> sudo bless --netboot --server bdsp://10.0.0.2
>
> Of course, you'll also have to issue the reboot command.
>
> I have had some difficulty with Power PC machines, but so far this  
> works as described with Intel systems.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> 2008/12/30 Ryan Harter <rharter at uwsp.edu>
> In our environment we have to set up UDP helpers on the router in  
> order for NetBoot to work across subnets.  Mike Bombich has a good  
> white paper on this on his website at http://www.bombich.com/mactips/nbas.html 
> .
>
> Ryan Harter
> UW - Stevens Point
> Workstation Developer
> 715.346.2716
> Ryan.Harter at uwsp.edu
>
> On Dec 30, 2008, at 8:51 AM, Mark Hughes wrote:
>
>> I have a new lab that has been setup w/ Intel iMacs straight out of  
>> the box and I'm wanting to
>> use an existing image that we run on our laptops minus XP.  In  
>> testing I know this works fine.  The issue I'm
>> having is these machines are on a .12 subnet and the netboot server  
>> is on a .79 subnet and I think I remember Tom
>> mentioning that netboot doesn't like going across subnets.  Can  
>> anyone confirm that and have any suggestions that might help with  
>> this?
>>
>> Thanks in advance....
>>
>>
>> Mark Hughes, Apple Technician
>> TIS Department, KCKPS USD500
>> Cell 913-449-7791
>> mahughe at kckps.org
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
> <ATT00001.txt>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081230/da168361/attachment.htm 

From miles.leacy at themacadmin.com  Tue Dec 30 08:09:10 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Tue, 30 Dec 2008 11:09:10 -0500
Subject: [Casper] Netbooting Across Subnets
In-Reply-To: <F4D3F262-8900-47FB-9E9B-F7C339400A37@uwsp.edu>
References: <4959E128020000A300009303@gwoes4.kckps.org>
	<83B1D7E7-ACFC-4CC9-BEB2-5DB13C7F9919@uwsp.edu>
	<ec2e75ff0812300738p10793e7el72f156c82b8cbae2@mail.gmail.com>
	<F4D3F262-8900-47FB-9E9B-F7C339400A37@uwsp.edu>
Message-ID: <ec2e75ff0812300809k25c1a857y774d5fc4bdcaea02@mail.gmail.com>

You can create a separate "NetBoot server" entry in the JSS for each NetBoot
image.
Give them descriptive display names such as "Diagnostic on Main NetBoot",
"Imaging on Main NetBoot" etc.  Specify the image info when setting up your
NetBoot server record.

Go to your JSS, Management Tab, NetBoot Servers and add or edit a NetBoot
server.  See page 329 in the Casper documentation for detailed instructions.

If you want to boot an individual machine from a particular NetBoot server
and image on the fly, use Casper Remote, Reboot tab.  Set the "Reboot To:"
drop-down to "NetBoot".  Then click the Override Defaults button in the
toolbar.  In the sheet that drops down, select the NetBoot server and image
you have previously configured in the "NetBoot Server" drop-down and click
"OK".  Make sure your other Reboot options are as they should be for your
situation (reboot immediately, give user 5 minutes, etc.), then run the
Casper Remote task.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Tue, Dec 30, 2008 at 10:42 AM, Ryan Harter <rharter at uwsp.edu> wrote:

> I have also seen this and it's been hit or miss with our Intel machines.
>  It's hard to compare though with so many different networks setups.
> The problem I have had with this is that we have more than one netboot
> image on our server, the default is just for imaging, but we also have a
> "Maintenance" image that has all of our diagnostic tools, and a bunch of
> other useful stuff, making it easy to do on site diagnostics and
> partitioning, etc.  With the bless command you don't have the option of
> choosing your image.  It is however great for booting to the default image.
> *
> Ryan Harter*
> UW - Stevens Point
> Workstation Developer
> 715.346.2716
> Ryan.Harter at uwsp.edu
>
> On Dec 30, 2008, at 9:38 AM, Miles Leacy wrote:
>
> If you know the fqdn or IP address of the netboot server then you can
> netboot from any subnet using the bless command.
> From the bless man page:
> NETBOOT MODE
>      NetBoot Mode has the following options:
>      --netboot                Instead of setting the active boot selection
> to a disk-based volume, set the system to NetBoot.
>      --server protocol://[interface@]server
>                               A URL specification of how to boot the
> system. Currently, the only protocol supported is BSDP
>                               ("bsdp"), Apple's Boot Service Discovery
> Protocol. The interface is optional, and the server is the
>                               IPv4 address of the server in dotted-quad
> notation. If there is not a specific server you'd like to
>                               use, pass "255.255.255.255" to have the
> firmware broadcast for the first available server. Examples
>                               of this notation would be "bsdp://
> 255.255.255.255" and "bsdp://en1 at 17.203.12.203".
>      --nextonly               Same as for Folder Mode.
>      --options                Same as for Folder Mode.
>      --quiet                  Do not print any output
>      --verbose                Print verbose output
>
> The following command will netboot to the default image on the netboot
> server at IP address 10.0.0.2.
>
> sudo bless --netboot --server bdsp://10.0.0.2
>
> Of course, you'll also have to issue the reboot command.
>
> I have had some difficulty with Power PC machines, but so far this works as
> described with Intel systems.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> 2008/12/30 Ryan Harter <rharter at uwsp.edu>
>
>> In our environment we have to set up UDP helpers on the router in order
>> for NetBoot to work across subnets.  Mike Bombich has a good white paper on
>> this on his website at http://www.bombich.com/mactips/nbas.html.
>>  *
>> Ryan Harter*
>> UW - Stevens Point
>> Workstation Developer
>> 715.346.2716
>> Ryan.Harter at uwsp.edu
>>
>> On Dec 30, 2008, at 8:51 AM, Mark Hughes wrote:
>>
>> I have a new lab that has been setup w/ Intel iMacs straight out of the
>> box and I'm wanting to
>> use an existing image that we run on our laptops minus XP.  In testing I
>> know this works fine.  The issue I'm
>> having is these machines are on a .12 subnet and the netboot server is on
>> a .79 subnet and I think I remember Tom
>> mentioning that netboot doesn't like going across subnets.  Can anyone
>> confirm that and have any suggestions that might help with this?
>>
>> Thanks in advance....
>>
>>
>> Mark Hughes, Apple Technician
>> TIS Department, KCKPS USD500
>> Cell 913-449-7791
>> mahughe at kckps.org
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>
>>
>>
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>
>>
> <ATT00001.txt>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081230/f2a39946/attachment.html 

From miles.leacy at themacadmin.com  Tue Dec 30 08:39:01 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Tue, 30 Dec 2008 11:39:01 -0500
Subject: [Casper] disk identifiers
In-Reply-To: <ec2e75ff0812191437r4aaf563fn5383bcf9c6bbaa50@mail.gmail.com>
References: <ec2e75ff0812191326t46804064x46bc82aa873bc22a@mail.gmail.com>
	<C5717A7A.19967%swood@integerdallas.com>
	<ec2e75ff0812191437r4aaf563fn5383bcf9c6bbaa50@mail.gmail.com>
Message-ID: <ec2e75ff0812300839h5d012fd2jef1dff4b27c70913@mail.gmail.com>

I've tapped many resources, and it seems that Apple simply doesn't make the
"boot-time bus scan order" (for lack of a better term) available to the
public.  So, not to be thwarted, I've come up with the following script.  It
checks each disk sequentially, starting with disk0, to see if it is an
internal disk.  When two internal disks are found, it creates a mirror from
those disks.
#!/bin/sh
#
##### HEADER BEGINS #####
# scr_sys_createServerMirror.sh
#
# Created 20081230 by Miles A. Leacy IV
# miles.leacy at themacadmin.com
# Modified 20081230 by Miles A. Leacy IV
# Copyright 2008 Miles A. Leacy IV
#
# This script may be copied and distributed freely as long as this header
remains intact.
#
# This script is provided "as is".  The author offers no warranty or
guarantee of any kind.
# Use of this script is at your own risk.  The author takes no
responsibility for loss of use,
# loss of data, loss of job, loss of socks, the onset of armageddon, or any
other negative effects.
#
# Test thoroughly in a lab environment before use on production systems.
# When you think it's ok, test again.  When you're certain it's ok, test
twice more.
#
# This script creates a mirrored RAID volume from the first two internal
disks found.
# It is intended for use on Xserves with two or more identical internal
disks.
# Run as a "before" script when imaging with Casper.
#
##### HEADER ENDS #####

i=0
diskcount=0

while [ $diskcount -lt 3 ]; do
if [ `diskutil info disk$diskcount | grep Internal | grep -c Yes` -gt 0 ]
;then
if [ $i -eq 0 ] ; then
 raiddisk1=disk$diskcount
fi
 if [ $i -eq 1 ] ; then
raiddisk2=disk$diskcount
fi
 let i++
fi
let diskcount++
done

diskutil createRAID mirror Server\ HD JHFS+ $raiddisk1 $raiddisk2






----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Fri, Dec 19, 2008 at 5:37 PM, Miles Leacy <miles.leacy at themacadmin.com>wrote:

> Thanks for the links!  These will be most helpful.
> I never would have thought of these things myself except that I'm currently
> in charge of Mac servers for one of the world's biggest media companies.  We
> deploy Xserves like some small to mid-size companies deploy desktop Macs,
> and I want to go into the data centers as infrequently as possible.
>
> I've been booting various Macs from various devices with various other
> devices attached today, and this completely un-scientific test has told me
> that I have yet to see "disk0" be assigned to anything other than an
> internal hard drive.  I am going to operate under the assumption that disks
> 0, 1 & 2 will be the internal HDDs for now, though I hate being uncertain.  Computers
> do exactly what you tell them to do, so you should be certain of what you
> tell them.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> On Fri, Dec 19, 2008 at 5:21 PM, Steve Wood <swood at integerdallas.com>wrote:
>
>>  Wow, that's a pretty cool idea there.  I wish I had thought of it.  Of
>> course, I have 4 servers to worry about and they are all 10 feet from my
>> office.
>>
>> I'm not sure if you need to be a Self Servicing account, or a service
>> provider (i.e. GSX access) to see this URL, but this is how you can set the
>> drive on an Xserve G5:
>>
>> http://support.apple.com/kb/TA26930?locale=en_US
>>
>> And, I wasn't able to find the same thing for Intel, but I did find this
>> link in a TUAW article (
>> http://www.tuaw.com/2008/11/24/apple-xserve-field-guide/):
>>
>> http://help.apple.com/server/guide/desktop.html
>>
>> Cool thing is, that guide is also available on the iPhone (look at the
>> TUAW article for info).
>>
>> Using the guide, go to Startup then Other Methods and it explains how to
>> set the startup method.  You could use this to tell the server to ignore the
>> normal boot up procedures.
>>
>> I also found this article on AFP548 about setting up headless:
>>
>> http://www.afp548.com/articles/system/headlessg5.html
>>
>> *
>> Steve Wood
>> Director of IT
>> *swood at integerdallas.com
>>
>> The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
>> T 214.758.6813 | F 214.758.6901 | C 940.312.2475
>>
>>
>>
>> ------------------------------
>> *From: *Miles Leacy <miles.leacy at themacadmin.com>
>> *Date: *Fri, 19 Dec 2008 16:26:20 -0500
>> *To: *Thomas Larkin <tlarki at kckps.org>
>> *Cc: *"casper at list.jamfsoftware.com" <casper at list.jamfsoftware.com>
>> *Subject: *Re: [Casper] disk identifiers
>>
>> Ok, here's the scenario...
>>
>> All Xserves are purchased with three 80GB SATA drives.  I want to have
>> zero-touch server deployment.  The boot drive is to be a RAID 1 called
>> "Server HD".
>>
>> In order to make this happen, I plan to:
>> 1. Set up a prestage
>> 2. Boot from a USB flash drive containing a restore image that runs Casper
>> Imaging automatically.
>> 3. Deploy a configuration with a "before" script that uses diskutil to
>> create a RAID 1 from two of the three internal drives.
>>
>> The script uses the command:
>> diskutil createRAID mirror Server\ HD JHFS+ disk0 disk1
>>
>> In order for this to work, I need to know that I can count on the USB
>> drive never being assigned the disk identifiers "disk0" or "disk1".  Or at
>> least know what the rules governing disk identifier assignment are so I can
>> adjust the script accordingly.  I know what drives will be attached at first
>> boot, so once I know those rules, I can have a reliable script.
>>
>> In case you're saying to yourself "He said there are three drives.  What's
>> he doing with the third one?", I'm keeping that as a hot spare to rebuild
>> the mirror in case one of the other disks fail.
>>
>> I'm considering how to automate that too.  The basic logic so far is:
>> 1. On every15, a policy runs a script that checks for a degraded mirror.
>> 2. If a degraded mirror is found, the script issues a custom trigger which
>> runs a policy that deploys an empty receipt that is the criteria for
>> membership in a "Failed Mirror" smart group.  The same policy includes a
>> "diskutil repairMirror" script that checks itself for success.  If
>> successful, a third policy is triggered by custom trigger.
>> 3. The third policy deploys an empty receipt which is criteria for
>> membership in a "Repaired Mirror" smart group.
>> 4. Notification is sent on joining either of the two smart groups above.
>>
>> This way, I don't get woken up at 2AM for a degraded mirror.  I get an
>> email the next day and I have the bad drive replaced, which becomes the new
>> hot spare.  None of this has been tested yet,  I've just sketched the logic
>> on a legal pad so far.
>>
>> One other hitch I've found in the zero-touch scenario is getting the
>> machines to boot from USB rather than the factory-installed OS.  I suppose I
>> could have my reseller erase the internal drives before shipping.  I don't
>> have a better idea on that.  Even using netboot requires attaching a
>> keyboard and holding the "N" key.  With blank hard drives and a bootable USB
>> key, you're truly zero-touch (other than having part of the rackmount
>> procedure be "insert USB drive").  I'll leave the USB drives attached as
>> restore & diagnostics boot drives.
>>
>> ----------
>> Miles A. Leacy IV
>>
>> ? Certified System Administrator 10.4
>> ? Certified Technical Coordinator 10.5
>> ? Certified Trainer
>> Certified Casper Administrator
>> ----------
>> voice: 1-347-277-7321
>> miles.leacy at themacadmin.com
>> www.themacadmin.com <http://www.themacadmin.com>
>>
>>
>>
>>
>> On Fri, Dec 19, 2008 at 3:34 PM, Thomas Larkin <tlarki at kckps.org> wrote:
>>
>>
>>
>>
>>  I would assume it reads it from EFI (firmware) and then by bus for
>> internals and externals just get the next available when plugged in.  You
>> could always try looping your scripts
>>
>>
>>
>>  like
>>
>>
>>
>>  for i in /usr/sbin/diskutil list
>>
>>
>>
>>  if $i = something
>>
>>
>>  then do something
>>
>>
>>  else exit
>>
>>
>>  fi
>>
>>
>>
>>  to give a really rough example...
>>
>>
>> ___________________________
>> Thomas Larkin
>> TIS Department
>> KCKPS USD500
>> tlarki at kckps.org
>> blackberry:  913-449-7589
>> office:  913-627-0351
>>
>>
>>
>>
>>
>> >>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/19/08 11:33 AM >>>
>> Hey all,
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>  I know that disk identifiers (disk0, disk1, etc) are assigned in the
>> order in which the disks were attached.  For example, if you boot a Mac with
>> a single internal drive, that drive will be disk0.  Once booted, you can
>> insert an optical disk, and the optical disk will be called disk1.  If you
>> later plug in a USB disk, the USB disk will be disk2.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>  I'm trying to find out the order in which disk identifiers are assigned
>> at boot time.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>  For example, if you have an Xserve with three internal hard disks, an
>> optical disk inserted, and a USB drive attached, can you count on the
>> internal disks having the disk0, disk1, and disk2 identifiers?  What
>> identifiers would the optical and USB disks get?
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>  I'm guessing there's an order of precedence by bus, but is this
>> documented somewhere?  I've been flipping through Mac OS X Internals by Amit
>> Singh and haven't found the answer yet.  most of the comments I've found by
>> googling assume that disk identifier assignment is a form of voodoo.  This
>> is a computer, not a witches' brew, so there has to be a set of rules that
>> govern disk identifier assignment, and I'm hoping someone on the list knows
>> what those rules are.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>  I ask because I want to implement some diskutil scripts, but I need to
>> know whether my assumption that SATA (or at least internal hard) disks
>> always get the lowest disk identifiers at boot is true.
>>
>>
>>
>>
>>
>>  ----------
>> Miles A. Leacy IV
>>
>> ? Certified System Administrator 10.4
>> ? Certified Technical Coordinator 10.5
>> ? Certified Trainer
>> Certified Casper Administrator
>> ----------
>> voice: 1-347-277-7321
>> miles.leacy at themacadmin.com
>> www.themacadmin.com <http://www.themacadmin.com>
>>
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>
>>
>> ------------------------------
>> --
>>
>> The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential.  If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission.  Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited.  Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081230/e70271ee/attachment.htm 

From jeremymatthews at mac.com  Tue Dec 30 09:42:28 2008
From: jeremymatthews at mac.com (Jeremy Matthews)
Date: Tue, 30 Dec 2008 12:42:28 -0500
Subject: [Casper] InstaDMG
Message-ID: <2830AD22-90C4-4555-9F6F-2D9E8C74CC85@mac.com>

Anyone have issues incorporating QuickAdd packages into something like  
InstaDMG or System Image Utility?
For some reason it is the only package that does not install  
properly...and no detailed logs can tell why.

Thanks,
jeremy

From miles.leacy at themacadmin.com  Tue Dec 30 09:52:45 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Tue, 30 Dec 2008 12:52:45 -0500
Subject: [Casper] InstaDMG
In-Reply-To: <2830AD22-90C4-4555-9F6F-2D9E8C74CC85@mac.com>
References: <2830AD22-90C4-4555-9F6F-2D9E8C74CC85@mac.com>
Message-ID: <ec2e75ff0812300952y11de1717v19edd3ace2786a71@mail.gmail.com>

I abandoned InstaDMG for several reasons, this being one of them.  If you'd
care to see my findings and opinions, see
http://mailman.intermedia.net/pipermail/casper/2008-December/001482.html
An InstaDMG image is by it's nature a premature system.  Several things
occur at first boot that make a system mature.  Once those things have
occurred, such as initial naming of the computer, for example, it's a simple
matter to change them to fit your needs.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Tue, Dec 30, 2008 at 12:42 PM, Jeremy Matthews <jeremymatthews at mac.com>wrote:

> Anyone have issues incorporating QuickAdd packages into something like
> InstaDMG or System Image Utility?
> For some reason it is the only package that does not install
> properly...and no detailed logs can tell why.
>
> Thanks,
> jeremy
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081230/cc4da634/attachment.html 

From jeremymatthews at mac.com  Tue Dec 30 10:27:31 2008
From: jeremymatthews at mac.com (Jeremy Matthews)
Date: Tue, 30 Dec 2008 13:27:31 -0500
Subject: [Casper] InstaDMG
In-Reply-To: <ec2e75ff0812300952y11de1717v19edd3ace2786a71@mail.gmail.com>
References: <2830AD22-90C4-4555-9F6F-2D9E8C74CC85@mac.com>
	<ec2e75ff0812300952y11de1717v19edd3ace2786a71@mail.gmail.com>
Message-ID: <0828ECA2-327F-43A7-A108-76B2CC39828C@mac.com>

Interesting - we actually use all 3 tools in different cases.

Typically, we create a "base" image using InstaDMG, then use System  
Image Utility (or Casper's netboot creation tool).

In all of them we create scripts - so we can run regardless of  
environment.

I've already scripted a workaround to install Casper at boot, but all  
3 solutions seem to cut down our imaging and deployment time, and  
streamlining production while keeping a fairly clean log of what is  
going on - which I think is what we ultimately want.

Thanks for the feedback - useful stuff.

Thanks,
jeremy

On Dec 30, 2008, at 12:52 PM, Miles Leacy wrote:

> I abandoned InstaDMG for several reasons, this being one of them.   
> If you'd care to see my findings and opinions, see http://mailman.intermedia.net/pipermail/casper/2008-December/001482.html
>
> An InstaDMG image is by it's nature a premature system.  Several  
> things occur at first boot that make a system mature.  Once those  
> things have occurred, such as initial naming of the computer, for  
> example, it's a simple matter to change them to fit your needs.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> On Tue, Dec 30, 2008 at 12:42 PM, Jeremy Matthews <jeremymatthews at mac.com 
> > wrote:
> Anyone have issues incorporating QuickAdd packages into something like
> InstaDMG or System Image Utility?
> For some reason it is the only package that does not install
> properly...and no detailed logs can tell why.
>
> Thanks,
> jeremy
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081230/d6f7d912/attachment.html 

From jeremymatthews at mac.com  Tue Dec 30 11:28:35 2008
From: jeremymatthews at mac.com (Jeremy Matthews)
Date: Tue, 30 Dec 2008 14:28:35 -0500
Subject: [Casper] flat packages
Message-ID: <79AD4296-94FD-45DD-A4AA-84EE50DC908A@mac.com>

Anyone else out there using 10.5-only, flat packages, and finding  
issues for package installation, via self-service or policy via Casper?

Thanks,
j

From mahughe at kckps.org  Tue Dec 30 14:40:40 2008
From: mahughe at kckps.org (Mark Hughes)
Date: Tue, 30 Dec 2008 16:40:40 -0600
Subject: [Casper] Netbooting Across Subnets
Message-ID: <495A4F08020000A30000937F@gwoes4.kckps.org>

thanks for all of the input on this...HNY!

Mark Hughes, Apple Technician
TIS Department, KCKPS USD500
Cell 913-449-7791
mahughe at kckps.org
>>> "Miles Leacy" <miles.leacy at themacadmin.com> 12/30/08 10:28 AM >>>
You can create a separate "NetBoot server" entry in the JSS for each
NetBoot
image.
Give them descriptive display names such as "Diagnostic on Main
NetBoot",
"Imaging on Main NetBoot" etc.  Specify the image info when setting up
your
NetBoot server record.

Go to your JSS, Management Tab, NetBoot Servers and add or edit a
NetBoot
server.  See page 329 in the Casper documentation for detailed
instructions.

If you want to boot an individual machine from a particular NetBoot
server
and image on the fly, use Casper Remote, Reboot tab.  Set the "Reboot
To:"
drop-down to "NetBoot".  Then click the Override Defaults button in the
toolbar.  In the sheet that drops down, select the NetBoot server and
image
you have previously configured in the "NetBoot Server" drop-down and
click
"OK".  Make sure your other Reboot options are as they should be for
your
situation (reboot immediately, give user 5 minutes, etc.), then run the
Casper Remote task.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Tue, Dec 30, 2008 at 10:42 AM, Ryan Harter <rharter at uwsp.edu> wrote:

> I have also seen this and it's been hit or miss with our Intel
machines.
>  It's hard to compare though with so many different networks setups.
> The problem I have had with this is that we have more than one netboot
> image on our server, the default is just for imaging, but we also have
a
> "Maintenance" image that has all of our diagnostic tools, and a bunch
of
> other useful stuff, making it easy to do on site diagnostics and
> partitioning, etc.  With the bless command you don't have the option
of
> choosing your image.  It is however great for booting to the default
image.
> *
> Ryan Harter*
> UW - Stevens Point
> Workstation Developer
> 715.346.2716
> Ryan.Harter at uwsp.edu
>
> On Dec 30, 2008, at 9:38 AM, Miles Leacy wrote:
>
> If you know the fqdn or IP address of the netboot server then you can
> netboot from any subnet using the bless command.
> From the bless man page:
> NETBOOT MODE
>      NetBoot Mode has the following options:
>      --netboot                Instead of setting the active boot
selection
> to a disk-based volume, set the system to NetBoot.
>      --server protocol://[interface@]server
>                               A URL specification of how to boot the
> system. Currently, the only protocol supported is BSDP
>                               ("bsdp"), Apple's Boot Service Discovery
> Protocol. The interface is optional, and the server is the
>                               IPv4 address of the server in
dotted-quad
> notation. If there is not a specific server you'd like to
>                               use, pass "255.255.255.255" to have the
> firmware broadcast for the first available server. Examples
>                               of this notation would be "bsdp://
> 255.255.255.255" and "bsdp://en1 at 17.203.12.203".
>      --nextonly               Same as for Folder Mode.
>      --options                Same as for Folder Mode.
>      --quiet                  Do not print any output
>      --verbose                Print verbose output
>
> The following command will netboot to the default image on the netboot
> server at IP address 10.0.0.2.
>
> sudo bless --netboot --server bdsp://10.0.0.2
>
> Of course, you'll also have to issue the reboot command.
>
> I have had some difficulty with Power PC machines, but so far this
works as
> described with Intel systems.
>
> ----------
> Miles A. Leacy IV
>
> ? Certified System Administrator 10.4
> ? Certified Technical Coordinator 10.5
> ? Certified Trainer
> Certified Caspe>
> 2008/12/30 Ryan Harter <rharter at uwsp.edu>
>
>> In our environment we have to set up UDP helpers on the router in
order
>> for NetBoot to work across subnets.  Mike Bombich has a good white
paper on
>> this on his website at http://www.bombich.com/mactips/nbas.html.
>>  *
>> Ryan Harter*
>> UW - Stevens Point
>> Workstation Developer
>> 715.346.2716
>> Ryan.Harter at uwsp.edu
>>
>> On Dec 30, 2008, at 8:51 AM, Mark Hughes wrote:
>>
>> I have a new lab that has been setup w/ Intel iMacs straight out of
the
>> box and I'm wanting to
>> use an existing image that we run on our laptops minus XP.  In
testing I
>> know this works fine.  The issue I'm
>> having is these machines are on a .12 subnet and the netboot server
is on
>> a .79 subnet and I think I remember Tom
>> mentioning that netboot doesn't like going across subnets.  Can
anyone
>> confirm that and have any suggestions that might help with this?
>>
>> Thanks in advance....
>>
>>
>> Mark Hughes, Apple Technician
>> TIS Department, KCKPS USD500
>> Cell 913-449-7791
>> mahughe at kckps.org
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>
>>
>>
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>>
>>
> <ATT00001.txt>
>
>
>


From martin-van-diemen at g-star.com  Wed Dec 31 01:58:23 2008
From: martin-van-diemen at g-star.com (Martin van Diemen)
Date: Wed, 31 Dec 2008 10:58:23 +0100
Subject: [Casper] Delete com.adobe.mediabrowser.plist
In-Reply-To: <C580FF77.5727%martin-van-diemen@g-star.com>
Message-ID: <C58100CF.572B%martin-van-diemen@g-star.com>

Hi,

I want to delete the com.adobe.mediabrowser.plist (~/Library/Preferences/) for the user that's currently logging in. I tried to do this with a policy:
Search for file by path: ~/Library/Preferences/com.adobe.mediabrowser.plist and Delete if found.

This doesn't work because it can't find the file (cause it's using the casper account?).
Is this possible with a variable e.g. /Users/$1/Library/Preferences/com.adobe.mediabrowser.plist? $1 doesn't work.

If I use a script which variable tells me the login name of the user?

Thanks in advance.

Kind Regards,

Martin van Diemen

t +31(0) 205677744
__________________

G-Star International B.V.
www.g-star.com

From miles.leacy at themacadmin.com  Wed Dec 31 05:57:34 2008
From: miles.leacy at themacadmin.com (Miles Leacy)
Date: Wed, 31 Dec 2008 08:57:34 -0500
Subject: [Casper] Delete com.adobe.mediabrowser.plist
In-Reply-To: <C58100CF.572B%martin-van-diemen@g-star.com>
References: <C580FF77.5727%martin-van-diemen@g-star.com>
	<C58100CF.572B%martin-van-diemen@g-star.com>
Message-ID: <ec2e75ff0812310557m6229d761t5be2f8ebd02becae@mail.gmail.com>

username is $3
$1 is the mount point of the target drive
$2 is the computer name

$4 through $11 are configurable.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Wed, Dec 31, 2008 at 4:58 AM, Martin van Diemen <
martin-van-diemen at g-star.com> wrote:

> Hi,
>
> I want to delete the com.adobe.mediabrowser.plist (~/Library/Preferences/)
> for the user that's currently logging in. I tried to do this with a policy:
> Search for file by path: ~/Library/Preferences/com.adobe.mediabrowser.plist
> and Delete if found.
>
> This doesn't work because it can't find the file (cause it's using the
> casper account?).
> Is this possible with a variable e.g.
> /Users/$1/Library/Preferences/com.adobe.mediabrowser.plist? $1 doesn't work.
>
> If I use a script which variable tells me the login name of the user?
>
> Thanks in advance.
>
> Kind Regards,
>
> Martin van Diemen
>
> t +31(0) 205677744
> __________________
>
> G-Star International B.V.
> www.g-star.com
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081231/3d2468b9/attachment.html 

From RIVERAR at email.chop.edu  Wed Dec 31 12:00:54 2008
From: RIVERAR at email.chop.edu (Raymond Rivera)
Date: Wed, 31 Dec 2008 15:00:54 -0500
Subject: [Casper] Casper Digest, Vol 24, Issue 46
Message-ID: <s95b892f.016@email.chop.edu>

I will respond to your email if necessary when I return Monday 5,
2009.