From paul.austin at wachovia.com Mon Feb 2 07:21:10 2009 From: paul.austin at wachovia.com (Paul Austin) Date: Mon, 2 Feb 2009 10:21:10 -0500 Subject: [Casper] Network Locations Message-ID: Asking this experts. Is there a way to script or package creating Network Locations? I currently have two network locations that I create on our base build; one with Proxy enabled and one without. I am wanting to move the function out of the base build and into a package or a script that can be applied at build time. Thanks in advance. Paul Austin Wachovia Desktop Services 704 427-0903 From tlarki at kckps.org Mon Feb 2 07:52:41 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 02 Feb 2009 09:52:41 -0600 Subject: [Casper] Network Locations In-Reply-To: References: Message-ID: <4986C269.7141.0039.0@kckps.org> Look at using the networksetup binary under /usr/sbin you can script almost any of that stuff out ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Paul Austin 02/02/09 9:21 AM >>> Asking this experts. Is there a way to script or package creating Network Locations? I currently have two network locations that I create on our base build; one with Proxy enabled and one without. I am wanting to move the function out of the base build and into a package or a script that can be applied at build time. Thanks in advance. Paul Austin Wachovia Desktop Services 704 427-0903 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090202/8f0861fd/attachment.htm From jared.nichols at ll.mit.edu Mon Feb 2 07:41:34 2009 From: jared.nichols at ll.mit.edu (Nichols, Jared) Date: Mon, 2 Feb 2009 10:41:34 -0500 Subject: [Casper] Network Locations In-Reply-To: Message-ID: I would think if a networksetup script wouldn't do it alone, system events commanding System Preferences with an applescript could at least create the location and then you could hand off to a shell script to actually populate the location with networksetup. j On 2/2/09 10:21 , "Paul Austin" wrote: Asking this experts. Is there a way to script or package creating Network Locations? I currently have two network locations that I create on our base build; one with Proxy enabled and one without. I am wanting to move the function out of the base build and into a package or a script that can be applied at build time. Thanks in advance. Paul Austin Wachovia Desktop Services 704 427-0903 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -- Jared Nichols ISD Infrastructure and Operations - Desktop Engineering MIT Lincoln Laboratory 244 Wood St. Lexington, MA 02420-9108 (781) 981-5500 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090202/4f4a2fce/attachment.html From chad.brewer at bend.k12.or.us Mon Feb 2 10:21:45 2009 From: chad.brewer at bend.k12.or.us (Chad Brewer) Date: Mon, 02 Feb 2009 10:21:45 -0800 Subject: [Casper] Adding iLife '09 with Casper Admin Message-ID: Has anyone added iLife '09.mpkg to their JSS via Casper Admin? When I do, it fails with a permission problem. Then if I repoen Casper Admin, its there but says its missing the file. So then I copied the file over manually via AFP. Now Casper Admin says it needs to create a Bill of Materials. Even after saying okay, it still gives me that message. I did make sure permissions are correct. Chad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090202/529f7e71/attachment.html From jeremymatthews at mac.com Mon Feb 2 12:07:06 2009 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Mon, 02 Feb 2009 15:07:06 -0500 Subject: [Casper] Network Locations In-Reply-To: References: Message-ID: No simply way to do this...if you look at the plist files they are a little more complex than usual - I had the same question a few months back. networksetup does not cover it.... From jeremymatthews at mac.com Mon Feb 2 12:08:30 2009 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Mon, 02 Feb 2009 15:08:30 -0500 Subject: [Casper] Adding iLife '09 with Casper Admin In-Reply-To: References: Message-ID: We had permissions issues when we opened up the ilife 09 dmg from across the network - then we copied to the local workstation and re- uploaded to casper admin....worked fine after that. Don't forget the iDVD 7.0.3 update and the ilifemediabrowserv2 updates as well... -j From chad.brewer at bend.k12.or.us Mon Feb 2 12:18:10 2009 From: chad.brewer at bend.k12.or.us (Chad Brewer) Date: Mon, 02 Feb 2009 12:18:10 -0800 Subject: [Casper] Adding iLife '09 with Casper Admin In-Reply-To: References: Message-ID: Sounds like you created your own DMG package with composer. I am trying to use Apple's original mpkg file that comes on the DVD. Jeremy Matthews on February 2, 2009 at 12:08 PM -0800 wrote: >We had permissions issues when we opened up the ilife 09 dmg from >across the network - then we copied to the local workstation and re- >uploaded to casper admin....worked fine after that. > >Don't forget the iDVD 7.0.3 update and the ilifemediabrowserv2 updates >as well... > >-j > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090202/6c18d5e6/attachment.htm From jeremymatthews at mac.com Mon Feb 2 12:49:41 2009 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Mon, 02 Feb 2009 15:49:41 -0500 Subject: [Casper] Adding iLife '09 with Casper Admin In-Reply-To: References: Message-ID: <55486571-1650-4C11-9944-E611CF935B16@mac.com> Nope - I used the original Apple mpkg from the DVD. -j On Feb 2, 2009, at 3:18 PM, Chad Brewer wrote: > Sounds like you created your own DMG package with composer. I am > trying to use Apple's original mpkg file that comes on the DVD. > > Jeremy Matthews on February 2, 2009 at > 12:08 PM -0800 wrote: > We had permissions issues when we opened up the ilife 09 dmg from > across the network - then we copied to the local workstation and re- > uploaded to casper admin....worked fine after that. > > Don't forget the iDVD 7.0.3 update and the ilifemediabrowserv2 updates > as well... > > -j > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090202/3cddd2e8/attachment.html From jorge at nyu.edu Tue Feb 3 07:22:39 2009 From: jorge at nyu.edu (jorge a. najera-ordonez) Date: Tue, 3 Feb 2009 10:22:39 -0500 Subject: [Casper] boot camp help Message-ID: <5C94335B-76A4-4172-ADBD-10FF32366F14@nyu.edu> so even though imaging a boot camp partition is no officially supported we decided to take the plunge. we have successfully captured the windows image following the instructions from the resource kit however i cant get it to deploy. casper imaging indicates it completes successfully i am left with just a mac partition. i have tried the jamf script to deploy and i tried thomas larkins script to partition on the fly and then deploy the windows image but i cant get either to work. im sure i am missing out on some relevant details that people may need but any help at this point would be greatly appreciated. thanks jorge a. najera-ordonez From sean.hansell at jwt.com Tue Feb 3 07:35:05 2009 From: sean.hansell at jwt.com (sean.hansell at jwt.com) Date: Tue, 3 Feb 2009 10:35:05 -0500 Subject: [Casper] boot camp help In-Reply-To: <5C94335B-76A4-4172-ADBD-10FF32366F14@nyu.edu> Message-ID: As far as useless information goes, I will mention that I am currently having the same problem. Thanks. "jorge a. najera-ordonez" Sent by: casper-bounces at list.jamfsoftware.com 02/03/09 10:23 AM To casper at list.jamfsoftware.com cc Subject [Casper] boot camp help so even though imaging a boot camp partition is no officially supported we decided to take the plunge. we have successfully captured the windows image following the instructions from the resource kit however i cant get it to deploy. casper imaging indicates it completes successfully i am left with just a mac partition. i have tried the jamf script to deploy and i tried thomas larkins script to partition on the fly and then deploy the windows image but i cant get either to work. im sure i am missing out on some relevant details that people may need but any help at this point would be greatly appreciated. thanks jorge a. najera-ordonez _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper

This transmission is intended solely for the person or organization to whom it is addressed and it may contain privileged and confidential information. If you are not the intended recipient you should not copy, distribute or take any action in reliance on it. If you believe you received this transmission in error please notify the sender.

-------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/84749d36/attachment.htm From NATHANIEL.LINDLEY at spps.org Tue Feb 3 07:53:32 2009 From: NATHANIEL.LINDLEY at spps.org (NATHANIEL.LINDLEY at spps.org) Date: Tue, 3 Feb 2009 09:53:32 -0600 Subject: [Casper] boot camp help In-Reply-To: <5C94335B-76A4-4172-ADBD-10FF32366F14@nyu.edu> Message-ID: Did you install ntfsprogs and gptrefresh on the boot image that you are using? I've forgotten that before. Nathaniel Lindley ++++++++++++++++++ Educational Technology Saint Paul Public Schools Saint Paul, Minnesota nathaniel.lindley at spps.org phone: 651-248-6861 "jorge a. najera-ordonez" Sent by: casper-bounces at list.jamfsoftware.com 02/03/09 09:15 AM To casper at list.jamfsoftware.com cc Subject [Casper] boot camp help so even though imaging a boot camp partition is no officially supported we decided to take the plunge. we have successfully captured the windows image following the instructions from the resource kit however i cant get it to deploy. casper imaging indicates it completes successfully i am left with just a mac partition. i have tried the jamf script to deploy and i tried thomas larkins script to partition on the fly and then deploy the windows image but i cant get either to work. im sure i am missing out on some relevant details that people may need but any help at this point would be greatly appreciated. thanks jorge a. najera-ordonez _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/13152be2/attachment.html From jorge at nyu.edu Tue Feb 3 08:04:49 2009 From: jorge at nyu.edu (=?utf-8?Q? jorge_a._najera-ordo=C3=B1ez ?=) Date: Tue, 3 Feb 2009 11:04:49 -0500 Subject: [Casper] boot camp help In-Reply-To: References: Message-ID: they were installed on what we used to capture the image and i installed gptrefresh into our netboot image but ill have to check about ntfsprogs being in the netboot image jorge On Feb 3, 2009, at 10:53, NATHANIEL.LINDLEY at spps.org wrote: > > Did you install ntfsprogs and gptrefresh on the boot image that you > are using? I've forgotten that before. > > > Nathaniel Lindley > > ++++++++++++++++++ > Educational Technology > Saint Paul Public Schools > Saint Paul, Minnesota > nathaniel.lindley at spps.org > phone: 651-248-6861 > > > "jorge a. najera-ordonez" > Sent by: casper-bounces at list.jamfsoftware.com > 02/03/09 09:15 AM > > To > casper at list.jamfsoftware.com > cc > Subject > [Casper] boot camp help > > > > > > so even though imaging a boot camp partition is no officially > supported we decided to take the plunge. we have successfully captured > the windows image following the instructions from the resource kit > however i cant get it to deploy. casper imaging indicates it completes > successfully i am left with just a mac partition. i have tried the > jamf script to deploy and i tried thomas larkins script to partition > on the fly and then deploy the windows image but i cant get either to > work. im sure i am missing out on some relevant details that people > may need but any help at this point would be greatly appreciated. > thanks > > jorge a. najera-ordonez > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/b3d33198/attachment.htm From tlarki at kckps.org Tue Feb 3 08:40:24 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 03 Feb 2009 10:40:24 -0600 Subject: [Casper] boot camp help In-Reply-To: References: Message-ID: <49881F17.7141.0039.0@kckps.org> You need to have those both installed on your netboot image as well. Did you create the image with the scripts provided? Try mounting your casper share and then running the script. It should run just like when you image it and you can see if there are any errors it puts in terminal, then copy/paste them in an email to the list. It definitely works, I used them to image 6,000 Macbooks over the last summer. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "jorge a. najera-ordo?ez" 02/03/09 10:04 AM >>> they were installed on what we used to capture the image and i installed gptrefresh into our netboot image but ill have to check about ntfsprogs being in the netboot image jorge On Feb 3, 2009, at 10:53, NATHANIEL.LINDLEY at spps.org wrote: Did you install ntfsprogs and gptrefresh on the boot image that you are using? I've forgotten that before. Nathaniel Lindley ++++++++++++++++++ Educational Technology Saint Paul Public Schools Saint Paul, Minnesota nathaniel.lindley at spps.org phone: 651-248-6861 "jorge a. najera-ordonez" Sent by: casper-bounces at list.jamfsoftware.com 02/03/09 09:15 AM To casper at list.jamfsoftware.com cc Subject [Casper] boot camp help so even though imaging a boot camp partition is no officially supported we decided to take the plunge. we have successfully captured the windows image following the instructions from the resource kit however i cant get it to deploy. casper imaging indicates it completes successfully i am left with just a mac partition. i have tried the jamf script to deploy and i tried thomas larkins script to partition on the fly and then deploy the windows image but i cant get either to work. im sure i am missing out on some relevant details that people may need but any help at this point would be greatly appreciated. thanks jorge a. najera-ordonez _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/b3e627c0/attachment.html From sean.hansell at jwt.com Tue Feb 3 09:42:41 2009 From: sean.hansell at jwt.com (sean.hansell at jwt.com) Date: Tue, 3 Feb 2009 12:42:41 -0500 Subject: [Casper] boot camp help In-Reply-To: <49881F17.7141.0039.0@kckps.org> Message-ID: Part of my problem lies in not being able to get ntfsprogs, as the site that is given to download it is not valid. I had substituted this for MacFuse with NTFS-3G, which includes a build of NTFS progs. Could this be causing my problem?

This transmission is intended solely for the person or organization to whom it is addressed and it may contain privileged and confidential information. If you are not the intended recipient you should not copy, distribute or take any action in reliance on it. If you believe you received this transmission in error please notify the sender.

-------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/b75f8c97/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 14361 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/b75f8c97/attachment.jpe From tlarki at kckps.org Tue Feb 3 10:13:48 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 03 Feb 2009 12:13:48 -0600 Subject: [Casper] boot camp help In-Reply-To: References: <49881F17.7141.0039.0@kckps.org> Message-ID: <498834FC.7141.0039.0@kckps.org> I tried to replay to all and attach the two files you need, but it is pending approval. combined they are under 1.9MB so not sure if they are going to let me attach it or not. If it doesn't go through I can post them on my FTP or you can email me directly and I can attach them to you ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> 02/03/09 11:42 AM >>> Part of my problem lies in not being able to get ntfsprogs, as the site that is given to download it is not valid. I had substituted this for MacFuse with NTFS-3G, which includes a build of NTFS progs. Could this be causing my problem? This transmission is intended solely for the person or organization to whom it is addressed and it may contain privileged and confidential information. If you are not the intended recipient you should not copy, distribute or take any action in reliance on it. If you believe you received this transmission in error please notify the sender. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/f4d3a9da/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 14361 bytes Desc: JPEG image Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/f4d3a9da/attachment.jpe From jorge at nyu.edu Tue Feb 3 10:56:56 2009 From: jorge at nyu.edu (jorge a. najera-ordonez) Date: Tue, 3 Feb 2009 13:56:56 -0500 Subject: [Casper] boot camp help In-Reply-To: <49881F17.7141.0039.0@kckps.org> References: <49881F17.7141.0039.0@kckps.org> Message-ID: <7E7A4B29-51EF-4E88-8CEA-0F6BC6AFBA27@nyu.edu> i created the windows image following the jamf instructions in the resource kit. in the instructions it didnt say anything about ntfsprogs on the netboot image but im going to try that now On Feb 3, 2009, at 11:40 AM, Thomas Larkin wrote: > You need to have those both installed on your netboot image as > well. Did you create the image with the scripts provided? > > Try mounting your casper share and then running the script. It > should run just like when you image it and you can see if there are > any errors it puts in terminal, then copy/paste them in an email to > the list. > > It definitely works, I used them to image 6,000 Macbooks over the > last summer. > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > >>> "jorge a. najera-ordo?ez" 02/03/09 10:04 AM >>> > they were installed on what we used to capture the image and i > installed gptrefresh into our netboot image but ill have to check > about ntfsprogs being in the netboot image > > jorge > > On Feb 3, 2009, at 10:53, NATHANIEL.LINDLEY at spps.org wrote: > > >> >> Did you install ntfsprogs and gptrefresh on the boot image that you >> are using? I've forgotten that before. >> >> >> Nathaniel Lindley >> >> ++++++++++++++++++ >> Educational Technology >> Saint Paul Public Schools >> Saint Paul, Minnesota >> nathaniel.lindley at spps.org >> phone: 651-248-6861 >> >> >> "jorge a. najera-ordonez" >> Sent by: casper-bounces at list.jamfsoftware.com >> 02/03/09 09:15 AM >> To >> casper at list.jamfsoftware.com >> cc >> >> Subject >> [Casper] boot camp help >> >> >> >> >> >> >> >> so even though imaging a boot camp partition is no officially >> supported we decided to take the plunge. we have successfully >> captured >> the windows image following the instructions from the resource kit >> however i cant get it to deploy. casper imaging indicates it >> completes >> successfully i am left with just a mac partition. i have tried the >> jamf script to deploy and i tried thomas larkins script to partition >> on the fly and then deploy the windows image but i cant get either to >> work. im sure i am missing out on some relevant details that people >> may need but any help at this point would be greatly appreciated. >> thanks >> >> jorge a. najera-ordonez >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper >> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/d2099d81/attachment.htm From Rich.Dagel at landor.com Tue Feb 3 12:36:05 2009 From: Rich.Dagel at landor.com (Dagel, Rich) Date: Tue, 03 Feb 2009 12:36:05 -0800 Subject: [Casper] Script to open an app after install Message-ID: I am trying to write a script that will open an app once it is installed by a policy. I have to script set to run after but no luck. #!/bin/sh open /Applications/Utilities/MyApp.app Rich Dagel Senior Technology Specialist Landor Associates 1001 Front Street San Francisco, CA 94111 United States 415 365 3933 http://www.landor.com Rich.Dagel at landor.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/7829cb31/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 580 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/7829cb31/attachment.gif From scott-frederick at uiowa.edu Tue Feb 3 12:44:35 2009 From: scott-frederick at uiowa.edu (Frederick, Scott A) Date: Tue, 3 Feb 2009 14:44:35 -0600 Subject: [Casper] Erasing the Hard Drive During Imaging while Netbooted Message-ID: During the Imaging process with Casper, we could not "Erase Macintosh HD", even though we checked the box to do so. The process went extremely fast and no image was copied to the Target drive. Running Disk Utility would not unmount the drive and allow us to repair it. Eventually we had to manually moving the contents of the hard drive (by double clicking on the hard drive, selecting all the folders) to the trash and emptying the trash. Anyone ever run into a scenario like this? Sounded like a damaged disk directory, but the Target computer would reboot and function normally if we did not image it. -------------------------------------------------------------------------------- Scott Frederick Macintosh Systems Administrator for the College of Liberal Arts & Sciences 38 MH The University of Iowa Iowa City, IA 52242 319-335-3010 -------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/a0b8c859/attachment.htm From william.smith at merrillcorp.com Tue Feb 3 12:47:37 2009 From: william.smith at merrillcorp.com (Smith, William) Date: Tue, 03 Feb 2009 14:47:37 -0600 Subject: [Casper] Script to open an app after install In-Reply-To: Message-ID: On 2/3/09 2:36 PM, "Dagel, Rich" wrote: > I am trying to write a script that will open an app once it is installed by a > policy. I have to script set to run after but no luck. > > #!/bin/sh > > open /Applications/Utilities/MyApp.app Is this policy set up to run as self-service or does it get triggered some other way? Policies install under the root account, which means you?re trying to open it for a user who?s not logged in. What's the bigger picture of what you're trying to accomplish by opening an application for a user just after install? -- bill William M. Smith, Technical Analyst MCS IT Merrill Communications, LLC (651) 632-1492 From miles.leacy at themacadmin.com Tue Feb 3 12:49:17 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Tue, 3 Feb 2009 15:49:17 -0500 Subject: [Casper] Script to open an app after install In-Reply-To: References: Message-ID: I haven't tested this, it's just an idea off the top of my head... Given: Policies run as root. An "open" command run as root won't open the item in another user's session (I believe). Try: #!/bin/bash if [ `who | grep -c "$3"` -gt 0 ] ; then su $3 open /Applications/Utilities/MyApp.app else echo "No user is logged in" fi Assuming I have my syntax right (and I'm not at a point in my day where I can test this), this will test to see if $3 is logged in ($3 being the username of the logged-in user as passed by Casper). If $3 is logged in, the script will switch users to $3 from root, then run the open command. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/3 Dagel, Rich > I am trying to write a script that will open an app once it is installed > by a policy. I have to script set to run after but no luck. > > #!/bin/sh > > open /Applications/Utilities/MyApp.app > > > Rich Dagel > Senior Technology Specialist > > Landor Associates > 1001 Front Street > San Francisco, CA 94111 > United States > 415 365 3933 > *http://www.landor.com > **Rich.Dagel at landor.com* > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/c3e2720e/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 580 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/c3e2720e/attachment.gif From rharter at uwsp.edu Tue Feb 3 12:49:31 2009 From: rharter at uwsp.edu (Ryan Harter) Date: Tue, 3 Feb 2009 14:49:31 -0600 Subject: [Casper] Script to open an app after install In-Reply-To: References: Message-ID: <2C81A495-53E6-43CB-84B8-12C4C5758159@uwsp.edu> This is probably not a good idea (if it will even let you) since these scripts are run as root. If you do succeed in opening an app like that it will most likely open in the root context which is a really really really bad idea. One thing you could try is su'ing as the user. #!/bin/bash USER=$3 # From Casper su $USER -c "open /Applications/Utilities/MyApp.app" or su $USER -c "/Applications/Utilities/MyApp.app/Contents/MacOS/MyApp" A lot of times open doesn't like being run from a script unless it is run from the current GUI user. Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu On Feb 3, 2009, at 2:36 PM, Dagel, Rich wrote: > I am trying to write a script that will open an app once it is > installed by a policy. I have to script set to run after but no luck. > > #!/bin/sh > > open /Applications/Utilities/MyApp.app > > > Rich Dagel > Senior Technology Specialist > > Landor Associates > 1001 Front Street > San Francisco, CA 94111 > United States > 415 365 3933 > http://www.landor.com > Rich.Dagel at landor.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/119f645a/attachment.htm From william.smith at merrillcorp.com Tue Feb 3 12:50:21 2009 From: william.smith at merrillcorp.com (Smith, William) Date: Tue, 03 Feb 2009 14:50:21 -0600 Subject: [Casper] Erasing the Hard Drive During Imaging while Netbooted In-Reply-To: Message-ID: On 2/3/09 2:44 PM, "Frederick, Scott A" wrote: > During the Imaging process with Casper, we could not ?Erase Macintosh HD?, > even though we checked the box to do so. The process went extremely fast and > no image was copied to the Target drive. Running Disk Utility would not > unmount the drive and allow us to repair it. Eventually we had to manually > moving the contents of the hard drive (by double clicking on the hard drive, > selecting all the folders) to the trash and emptying the trash. > > Anyone ever run into a scenario like this? Sounded like a damaged disk > directory, but the Target computer would reboot and function normally if we > did not image it. We've had issues with older Mac OSes and newer versions of Casper. For example, we had an older Restore partition that was still at 10.4.4 but we were trying to run Casper Imaging 6.01. That failed until I discovered this was an old OS and updated it to 10.4.10. -- bill William M. Smith, Technical Analyst MCS IT Merrill Communications, LLC (651) 632-1492 From tlarki at kckps.org Tue Feb 3 12:51:53 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 03 Feb 2009 14:51:53 -0600 Subject: [Casper] Erasing the Hard Drive During Imaging while Netbooted In-Reply-To: References: Message-ID: <49885A09.7141.0039.0@kckps.org> Almost sounds like a permissions problem when your network share that the image is stored on. Are you running any preflight scripts? >>> "Frederick, Scott A" 02/03/09 2:44 PM >>> During the Imaging process with Casper, we could not ?Erase Macintosh HD?, even though we checked the box to do so. The process went extremely fast and no image was copied to the Target drive. Running Disk Utility would not unmount the drive and allow us to repair it. Eventually we had to manually moving the contents of the hard drive (by double clicking on the hard drive, selecting all the folders) to the trash and emptying the trash. Anyone ever run into a scenario like this? Sounded like a damaged disk directory, but the Target computer would reboot and function normally if we did not image it. -------------------------------------------------------------------------------- Scott Frederick Macintosh Systems Administrator for the College of Liberal Arts & Sciences 38 MH The University of Iowa Iowa City, IA 52242 319-335-3010 -------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/35e825cf/attachment.html From rharter at uwsp.edu Tue Feb 3 12:54:04 2009 From: rharter at uwsp.edu (Ryan Harter) Date: Tue, 3 Feb 2009 14:54:04 -0600 Subject: [Casper] Erasing the Hard Drive During Imaging while Netbooted In-Reply-To: References: Message-ID: <35F713E6-58AB-4058-B914-2AC9E5555C71@uwsp.edu> I had similar issues because the "Diskless" option was not turned on in Server Admin. Unless you specify Diskless, NetBoot will use the HD for shadow files and the like, and you will be unable to mount it because it is in use. If you force unmount it then the netboot image doesn't work properly. To fix this we just went to Server Admin > NetBoot > Settings > Images and check the Diskless option for the image in question. This solved our issue. Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu On Feb 3, 2009, at 2:50 PM, Smith, William wrote: > On 2/3/09 2:44 PM, "Frederick, Scott A" > wrote: > >> During the Imaging process with Casper, we could not ?Erase >> Macintosh HD?, >> even though we checked the box to do so. The process went extremely >> fast and >> no image was copied to the Target drive. Running Disk Utility would >> not >> unmount the drive and allow us to repair it. Eventually we had to >> manually >> moving the contents of the hard drive (by double clicking on the >> hard drive, >> selecting all the folders) to the trash and emptying the trash. >> >> Anyone ever run into a scenario like this? Sounded like a damaged >> disk >> directory, but the Target computer would reboot and function >> normally if we >> did not image it. > > We've had issues with older Mac OSes and newer versions of Casper. For > example, we had an older Restore partition that was still at 10.4.4 > but we > were trying to run Casper Imaging 6.01. That failed until I > discovered this > was an old OS and updated it to 10.4.10. > > -- > > bill > > William M. Smith, Technical Analyst > MCS IT > Merrill Communications, LLC > (651) 632-1492 > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090203/9bd64587/attachment.htm From Dustin.Dorey at district196.org Wed Feb 4 06:09:11 2009 From: Dustin.Dorey at district196.org (Dorey, Dustin) Date: Wed, 4 Feb 2009 08:09:11 -0600 Subject: [Casper] papercut login hook Message-ID: Hey there folks, One of our High Schools uses Papercut (sp*) for managing printing in his building. In any case he's got a login hook that starts papercut and sets it so that if it's closed it re-opens again. This is all well and good, but as soon as the enforce management framework runs either after imaging, adding the quickadd package, or daily it quits working. We've tried putting a unix command in an ongoing policy to launch what the login hook did but for some reason I think we missed something as it just doesn't work. In any case is anyone using this in their organization alongside Casper? If so some direction would be great. Thanks a lot folks! -Dusty- Dustin Dorey Technology Support Cluster Specialist ISD 196 Apple Valley, Eagan, Rosemount dustin.dorey at district196.org 952|423|7971 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090204/dd37fb28/attachment.htm From aw_aca_bre at nwoca.org Wed Feb 4 06:20:15 2009 From: aw_aca_bre at nwoca.org (Brad Rellinger) Date: Wed, 04 Feb 2009 09:20:15 -0500 Subject: [Casper] papercut login hook In-Reply-To: References: Message-ID: Hello, We just went through this with JAMF. We just setup a login script that runs the following: #!/bin/sh echo "Launching PaperCut..." /Applications/PCClient.app/Contents/Resources/login-hook-start "$3" exit 0 ---------- Brad Rellinger Technology Specialist Anthony Wayne Schools K-12 aw_aca_bre at nwoca.org On Feb 4, 2009, at 9:09 AM, Dorey, Dustin wrote: > Hey there folks, > One of our High Schools uses Papercut (sp*) for managing printing in > his building. In any case he?s got a login hook that starts > papercut and sets it so that if it?s closed it re-opens again. > This is all well and good, but as soon as the enforce management > framework runs either after imaging, adding the quickadd package, or > daily it quits working. We?ve tried putting a unix command in an > ongoing policy to launch what the login hook did but for some reason > I think we missed something as it just doesn?t work. In any case > is anyone using this in their organization alongside Casper? If so > some direction would be great. > Thanks a lot folks! > -Dusty- > > Dustin Dorey > Technology Support Cluster Specialist > ISD 196 Apple Valley, Eagan, Rosemount > dustin.dorey at district196.org > 952|423|7971 > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090204/46f59774/attachment.html From jared.nichols at ll.mit.edu Wed Feb 4 06:34:45 2009 From: jared.nichols at ll.mit.edu (Nichols, Jared) Date: Wed, 4 Feb 2009 09:34:45 -0500 Subject: [Casper] Licensed Software Message-ID: Hi- How do folks handle the advertisement of software that requires a license in Self Service? My organization purchases licenses ?from the middle? and then we charge back user groups for the licensed software. This way we get economies of scale and can keep track of the licenses. I?d like to advertise that the product is available, but not have the actual download available unless they?re in a particular group that has access to the software. How do you do it in your organization and does it work well? Thanks! j --- Jared Nichols ISD Infrastructure and Operations ? Desktop Engineering MIT Lincoln Laboratory 244 Wood St. Lexington, MA 02420-9108 (781) 981-5500 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090204/7e414c26/attachment.html From pbenham at bates.edu Wed Feb 4 06:57:02 2009 From: pbenham at bates.edu (Paul Benham) Date: Wed, 4 Feb 2009 09:57:02 -0500 Subject: [Casper] Thank you Message-ID: <20C48678-FDA6-4548-8477-39B2CB6C818C@bates.edu> Dear list, I just wanted to say thank you to everyone who responded to my request for Casper testimonials a week or so ago, my management was very impressed! As of today I am the proud 'owner' of the Casper suite and look forward to putting it through it's paces in the near future. Thanks once again paul _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Paul Benham Desktop Operations Specialist Bates College 110 Russell Street Lewiston, ME 04240 PH: 207-786-6382 pbenham at bates.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090204/d6cd0090/attachment.htm From miles.leacy at themacadmin.com Wed Feb 4 06:57:11 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Wed, 4 Feb 2009 09:57:11 -0500 Subject: [Casper] Licensed Software In-Reply-To: References: Message-ID: How do you notify your user community of upcoming changes to configurations or policies? Does your organization have an intranet site? I would use your standard communications organ to inform the general user community that something is available. Once they have purchased a license, you can add them to the group to which your self-service policy is scoped. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/4 Nichols, Jared > Hi- > > How do folks handle the advertisement of software that requires a license > in Self Service? My organization purchases licenses "from the middle" and > then we charge back user groups for the licensed software. This way we get > economies of scale and can keep track of the licenses. I'd like to > advertise that the product is available, but not have the actual download > available unless they're in a particular group that has access to the > software. > > How do you do it in your organization and does it work well? > > Thanks! > > j > --- > Jared Nichols > ISD Infrastructure and Operations ? Desktop Engineering > MIT Lincoln Laboratory > 244 Wood St. > Lexington, MA 02420-9108 > (781) 981-5500 > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090204/0e837f89/attachment.html From miles.leacy at themacadmin.com Wed Feb 4 06:59:24 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Wed, 4 Feb 2009 09:59:24 -0500 Subject: [Casper] Thank you In-Reply-To: <20C48678-FDA6-4548-8477-39B2CB6C818C@bates.edu> References: <20C48678-FDA6-4548-8477-39B2CB6C818C@bates.edu> Message-ID: I'm glad it helped. Of course, we've ruined you as a sysadmin. You'll never want to work with more than one Mac again unless you have use of the Casper Suite. :) ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/4 Paul Benham > Dear list, > I just wanted to say thank you to everyone who responded to my request for > Casper testimonials a week or so ago, my management was very impressed!As > of today I am the proud 'owner' of the Casper suite and look forward to > putting it through it's paces in the near future. > > Thanks once again > > paul > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > Paul Benham > Desktop Operations Specialist > Bates College > 110 Russell Street > Lewiston, ME 04240 > PH: 207-786-6382 > pbenham at bates.edu > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090204/53546929/attachment.htm From enrique.silberg at yr.com Wed Feb 4 07:00:59 2009 From: enrique.silberg at yr.com (enrique silberg =?ISO-8859-1?B?lQ==?=) Date: Wed, 04 Feb 2009 10:00:59 -0500 Subject: [Casper] Thank you In-Reply-To: <20C48678-FDA6-4548-8477-39B2CB6C818C@bates.edu> Message-ID: Welcome to the family. -- Enrique ?Ricky? Silberg | IT Director Macintosh Services 285 Madison Avenue, New York, New York 10017 USA T: +1 212 210 3683 Being a Mac user is like being a Navy SEAL: a small, elite group of people with access to the most sophisticated technology in the world, who everyone calls on to get the really tough jobs done quickly and efficiently. From: Paul Benham Date: Wed, 4 Feb 2009 09:57:02 -0500 To: Subject: [Casper] Thank you Dear list, I just wanted to say thank you to everyone who responded to my request for Casper testimonials a week or so ago, my management was very impressed! As of today I am the proud 'owner' of the Casper suite and look forward to putting it through it's paces in the near future. Thanks once again paul _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Paul Benham Desktop Operations Specialist Bates College 110 Russell Street Lewiston, ME 04240 PH: 207-786-6382 pbenham at bates.edu _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090204/7d2e5aad/attachment.html From tlarki at kckps.org Wed Feb 4 07:07:19 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 04 Feb 2009 09:07:19 -0600 Subject: [Casper] Thank you In-Reply-To: References: <20C48678-FDA6-4548-8477-39B2CB6C818C@bates.edu> Message-ID: <49895AC7.7141.0039.0@kckps.org> HAHAHAHA I was saying the same thing to a buddy of mine who is the Mac admin at another school district down the way. We used to both work together managing a small number of Macs (around 300) and we both went on to bigger and better things. I have casper, and over 6,000 Mac clients, and he doesn't have Casper and has around 3,000 (so um if you casper guys want to go sell your product, hint hint) and I told him clearly that I don't think I could ever work with out Casper ever again. It does ruin you as a system admin because from now on you will want it at every job you ever do, period. Glad you got on board. You'll find with Casper that the more you work with it the more you learn. I would say it took me a good 6 months of using the product to fully understand what it did, and even then I am learning new creative methods of using it every day. I am just now venturing into dummy packages to run custom reports based on policy receipts. It is crazy what you can do with some of this stuff. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/04/09 8:59 AM >>> I'm glad it helped. Of course, we've ruined you as a sysadmin. You'll never want to work with more than one Mac again unless you have use of the Casper Suite. :) ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/4 Paul Benham Dear list, I just wanted to say thank you to everyone who responded to my request for Casper testimonials a week or so ago, my management was very impressed! As of today I am the proud 'owner' of the Casper suite and look forward to putting it through it's paces in the near future. Thanks once again paul _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Paul Benham Desktop Operations Specialist Bates College 110 Russell Street Lewiston, ME 04240 PH: 207-786-6382 pbenham at bates.edu _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090204/871de4cf/attachment.htm From swood at integerdallas.com Wed Feb 4 08:03:32 2009 From: swood at integerdallas.com (Steve Wood) Date: Wed, 04 Feb 2009 10:03:32 -0600 Subject: [Casper] Tracking Peripherals and other assets Message-ID: I was hoping to find out how others are tracking peripherals and other IT assets that may not be attached to a computer. For example, KVM switches, network switches, fibre switches, printers, etc, all items that have serial numbers but aren?t necessarily attached to a computer. Are you manually entering the peripheral data into Casper, or are you using some other method of tracking these items (i.e. Excel, FileMaker, etc). Curious what your thoughts are. Thanks. Steve Wood Director of IT swood at integerdallas.com The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201 T 214.758.6813 | F 214.758.6901 | C 940.312.2475 -- The information contained in this email transmission is solely for the addressee(s) named above and is privileged and/or confidential. If the reader of this message is not the intended recipient or the person responsible to deliver it to the intended recipient; he or she is prohibited from reading or disclosing the information contained in this transmission. Any examination, use, dissemination, distribution, or copying of this communication is strictly prohibited. Please contact us immediately by telephone for instructions if you have received this communication in error: (214) 758-6800 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090204/4fdf7b89/attachment.html From tlarki at kckps.org Wed Feb 4 09:41:33 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 04 Feb 2009 11:41:33 -0600 Subject: [Casper] feature request, more in depth documentation Message-ID: <49897EED.7141.0039.0@kckps.org> Hi everyone, I have just recently found out that Casper has it's own set of variables when running a script from the casper client. It seems $3 will loop through all your users for you when used. This is not documented very well. I would like to see maybe some more robust scripting tools and manual pages where we can take advantage of such things with our scripts in the Casper Suite. Just a thought. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090204/ab422e0f/attachment.htm From tlarki at kckps.org Wed Feb 4 13:22:42 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 04 Feb 2009 15:22:42 -0600 Subject: [Casper] Deploy Studio Message-ID: <4989B2C2.7141.0039.0@kckps.org> has anyone looked at this? While I don't see anything it does that Casper Doesn't, it does do one really neat thing. I supports PXE booting. So, you can feasibly have PC clients netboot (or PXE boot as they call it) to it and image Windows or Linux to them. This sounds very interesting for mixed client environments. While, I have not played with it yet, I was curious if anyone on the list has used it with Casper or what not. I mean if I could also use one server technology to image all of our Windows clients, that would be kind of neat. You could then have one Xserve do it all. Casper does have some, unsupported, but working tools to image Windows on a Mac. I have used them and they do work. I have way too much on my plate to even attempt looking at Deploy Studio, however, if anyone else has tinkered with it, what are your thoughts? I was thinking if possible down the road I may run Deploy studio on my Xserves in each building for netboot and imaging the PCs only, and then keep Casper for the Macs. I really like the auto run data and would not want to give that up. http://www.deploystudio.com/Home.html Thoughts? Experiences? Thanks, ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090204/5db12f97/attachment.htm From miles.leacy at themacadmin.com Wed Feb 4 13:50:33 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Wed, 4 Feb 2009 16:50:33 -0500 Subject: [Casper] Deploy Studio In-Reply-To: <4989B2C2.7141.0039.0@kckps.org> References: <4989B2C2.7141.0039.0@kckps.org> Message-ID: I had a cursory look at it a few months ago. My first impression is that it's an immature product/project. I can't download the Architecture document from their site (the link appears to be broken), but if I recall correctly, DeployStudio is attempting to deliver features found in Casper, NetRestore and Radmind. I think it's an admirable effort by the project's creators and contributors, however, I'll be sticking with Casper for several reasons. Before Casper, I used Radmind and a collection of my own homebrewed shell scripts to handle deployment, software distribution, patch management and general system maintenance. Tasks using these technologies are not very duplicatable in junior staff due to the learning curve. That means I have to be around all the time. That's bad. If one of my scripts or Radmind doesn't work as expected, I have to fix it with no support, and I can potentially pull my hair out for days trying to fix it. With Casper, I pay for support and get excellent response times and resolution rates. I know a constructive criticism was recently made on this list about the Casper documentation, but this project's documentation is downright skeletal. It appears that DeployStudio may have some interesting ideas regarding PC deployment, but I don't manage PCs, and if I ever need to manage BootCamp, Parallels or VMWare, I can do that through Casper. If there are any specific compelling features you find in DeployStudio, I'd be interested to hear about them, and perhaps they can be presented to JAMF as feature requests. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/4 Thomas Larkin > has anyone looked at this? While I don't see anything it does that > Casper Doesn't, it does do one really neat thing. I supports PXE booting. > So, you can feasibly have PC clients netboot (or PXE boot as they call it) > to it and image Windows or Linux to them. This sounds very interesting for > mixed client environments. While, I have not played with it yet, I was > curious if anyone on the list has used it with Casper or what not. > > I mean if I could also use one server technology to image all of our > Windows clients, that would be kind of neat. You could then have one Xserve > do it all. Casper does have some, unsupported, but working tools to image > Windows on a Mac. I have used them and they do work. > > I have way too much on my plate to even attempt looking at Deploy Studio, > however, if anyone else has tinkered with it, what are your thoughts? I was > thinking if possible down the road I may run Deploy studio on my Xserves in > each building for netboot and imaging the PCs only, and then keep Casper for > the Macs. I really like the auto run data and would not want to give that > up. > > *http://www.deploystudio.com/Home.html* > > Thoughts? Experiences? > > Thanks, > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090204/b738cd73/attachment.html From cmyers at uclan.ac.uk Wed Feb 4 23:24:35 2009 From: cmyers at uclan.ac.uk (Criss Myers) Date: Thu, 5 Feb 2009 07:24:35 +0000 Subject: [Casper] Deploy Studio In-Reply-To: <4989B2C2.7141.0039.0@kckps.org> References: <4989B2C2.7141.0039.0@kckps.org> Message-ID: Hi Thomas I would be interested in researching this maybe in a week or too. I currently don't deploy windows but it's something we have looked into and preplaned. We create a 20% partion when imaging ready for a windows deployment so that in the future we can deploy windows without having to reimage. But I've not tested the Casper stuff yet. So I will be looking into this and deploystudio for research purposes. Criss On 4 Feb 2009, at 21:22, "Thomas Larkin" wrote: > has anyone looked at this? While I don't see anything it does that > Casper Doesn't, it does do one really neat thing. I supports PXE > booting. So, you can feasibly have PC clients netboot (or PXE boot > as they call it) to it and image Windows or Linux to them. This > sounds very interesting for mixed client environments. While, I > have not played with it yet, I was curious if anyone on the list has > used it with Casper or what not. > > I mean if I could also use one server technology to image all of our > Windows clients, that would be kind of neat. You could then have > one Xserve do it all. Casper does have some, unsupported, but > working tools to image Windows on a Mac. I have used them and they > do work. > > I have way too much on my plate to even attempt looking at Deploy > Studio, however, if anyone else has tinkered with it, what are your > thoughts? I was thinking if possible down the road I may run Deploy > studio on my Xserves in each building for netboot and imaging the > PCs only, and then keep Casper for the Macs. I really like the auto > run data and would not want to give that up. > > http://www.deploystudio.com/Home.html > > Thoughts? Experiences? > > Thanks, > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090205/c11a2db4/attachment.html From dustin.dorey at district196.org Thu Feb 5 05:59:34 2009 From: dustin.dorey at district196.org (Dustin Dorey) Date: Thu, 05 Feb 2009 07:59:34 -0600 Subject: [Casper] Deploy Studio In-Reply-To: <4989B2C2.7141.0039.0@kckps.org> References: <4989B2C2.7141.0039.0@kckps.org> Message-ID: <1233842374.5680.13.camel@do-a-doreynix> Several of the folks in my office including myself are going to an apple "dog and pony show" later today and I know that deploy studio is one of the topics they were going to cover. I will see if anything worth while comes out of it and let you know. From what I gathered though is that it was just an imaging solution. Which would be fine in small Deployments where the need to manage an inventory was not as high. I could see someone managing less than 50 macs using it in conjunction with ARD. but certainly not 5000 macs or any mass deployment that you need to be able to support more than just re-imaging if there is a problem. I personally think that is the beauty of the casper suite, it's more than just imaging. Just my .02 cents though, and I'm not very well versed on Deploy Studio other than whats on their website. -Dusty- -- Dustin Dorey Independent School District 196 Technology Support Cluster Specialist 14445 Diamond Path West Rosemount, MN 55068 952|423|7971 dustin.dorey at district196.org On Wed, 2009-02-04 at 15:22 -0600, Thomas Larkin wrote: > has anyone looked at this? While I don't see anything it does that > Casper Doesn't, it does do one really neat thing. I supports PXE > booting. So, you can feasibly have PC clients netboot (or PXE boot as > they call it) to it and image Windows or Linux to them. This sounds > very interesting for mixed client environments. While, I have not > played with it yet, I was curious if anyone on the list has used it > with Casper or what not. > > > I mean if I could also use one server technology to image all of our > Windows clients, that would be kind of neat. You could then have one > Xserve do it all. Casper does have some, unsupported, but working > tools to image Windows on a Mac. I have used them and they do work. > > > > I have way too much on my plate to even attempt looking at Deploy > Studio, however, if anyone else has tinkered with it, what are your > thoughts? I was thinking if possible down the road I may run Deploy > studio on my Xserves in each building for netboot and imaging the PCs > only, and then keep Casper for the Macs. I really like the auto run > data and would not want to give that up. > > > http://www.deploystudio.com/Home.html > > > Thoughts? Experiences? > > > Thanks, > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper From CMyers at uclan.ac.uk Thu Feb 5 06:47:36 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Thu, 05 Feb 2009 14:47:36 +0000 Subject: [Casper] composer 7 Message-ID: <498AFC08.BB96.0081.0@uclan.ac.uk> Has anyone got a copy of composer 7 yet? Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090205/a5f1900d/attachment.htm From CMyers at uclan.ac.uk Thu Feb 5 07:35:47 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Thu, 05 Feb 2009 15:35:47 +0000 Subject: [Casper] Deploy Studio In-Reply-To: References: <4989B2C2.7141.0039.0@kckps.org> Message-ID: <498B0753.BB96.0081.0@uclan.ac.uk> Hi Miles I think the point Thomas was making was imaging PC clients from a Mac server, ive downloaded the documentation and installed the DS and for the mac side it is a very basic imaging and packing deployment product, but FREE for those that cant afford Casper, not that i can say its a patch on Casper. As your the Casper Trainer you might be able ti tell me if you can use casper from a usb/ external drive without any server/network? As i am only 6months into using capser. DS can support external drives, you can use scripts, install packages and image computers and theres even a database of known approved computers to image as well as a live activity monitor. On the PC side, it installs a vmlinux pxebooter and alters the dhcp settings, atm i dont have a PC to test with, but from the forums allows the PC to pxe boot however it doesn't support all NIC's nor necessarily new or future PC's I would have thought that maybe in the future with EFI that PC's and windows might start going that way making it easier to preboot them. The DS does not make a PC image, its just a pxebooter. You also need DHCP on your mac server as well as cifs or nfs support. Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Wed, Feb 4, 2009 at 9:50 PM, in message , Miles Leacy wrote: I had a cursory look at it a few months ago. My first impression is that it's an immature product/project. I can't download the Architecture document from their site (the link appears to be broken), but if I recall correctly, DeployStudio is attempting to deliver features found in Casper, NetRestore and Radmind. I think it's an admirable effort by the project's creators and contributors, however, I'll be sticking with Casper for several reasons. Before Casper, I used Radmind and a collection of my own homebrewed shell scripts to handle deployment, software distribution, patch management and general system maintenance. Tasks using these technologies are not very duplicatable in junior staff due to the learning curve. That means I have to be around all the time. That's bad. If one of my scripts or Radmind doesn't work as expected, I have to fix it with no support, and I can potentially pull my hair out for days trying to fix it. With Casper, I pay for support and get excellent response times and resolution rates. I know a constructive criticism was recently made on this list about the Casper documentation, but this project's documentation is downright skeletal. It appears that DeployStudio may have some interesting ideas regarding PC deployment, but I don't manage PCs, and if I ever need to manage BootCamp, Parallels or VMWare, I can do that through Casper. If there are any specific compelling features you find in DeployStudio, I'd be interested to hear about them, and perhaps they can be presented to JAMF as feature requests. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/4 Thomas Larkin has anyone looked at this? While I don't see anything it does that Casper Doesn't, it does do one really neat thing. I supports PXE booting. So, you can feasibly have PC clients netboot (or PXE boot as they call it) to it and image Windows or Linux to them. This sounds very interesting for mixed client environments. While, I have not played with it yet, I was curious if anyone on the list has used it with Casper or what not. I mean if I could also use one server technology to image all of our Windows cliXserve do it all. Casper does have some, unsupported, but working tools to image Windows on a Mac. I have used them and they do work. I have way too much on my plate to even attempt looking at Deploy Studio, however, if anyone else has tinkered with it, what are your thoughts? I was thinking if possible down the road I may run Deploy studio on my Xserves in each building for netboot and imaging the PCs only, and then keep Casper for the Macs. I really like the auto run data and would not want to give that up. http://www.deploystudio.com/Home.html Thoughts? Experiences? Thanks, ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090205/01132ed0/attachment.htm From william.smith at merrillcorp.com Thu Feb 5 08:07:21 2009 From: william.smith at merrillcorp.com (Smith, William) Date: Thu, 05 Feb 2009 10:07:21 -0600 Subject: [Casper] composer 7 In-Reply-To: <498AFC08.BB96.0081.0@uclan.ac.uk> Message-ID: On 2/5/09 8:47 AM, "Criss Myers" wrote: > Has anyone got a copy of composer 7 yet? Blaine Mattson announced it in a JAMF email I received on January 21 but I haven't seen information about its release yet. The JAMF website still shows information about the older version of Composer judging by the video and comparing it to the announcement. -- bill William M. Smith, Technical Analyst MCS IT Merrill Communications, LLC (651) 632-1492 From miles.leacy at themacadmin.com Thu Feb 5 08:07:31 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 5 Feb 2009 11:07:31 -0500 Subject: [Casper] Deploy Studio In-Reply-To: <498B0753.BB96.0081.0@uclan.ac.uk> References: <4989B2C2.7141.0039.0@kckps.org> <498B0753.BB96.0081.0@uclan.ac.uk> Message-ID: Thanks for the vote of confidence. While I don't claim the title "Casper Trainer", I'll try to answer your question. I invite anyone from JAMF to correct me if my understanding is flawed. Casper is not intended to image without a JSS. If I had to, I think I could "trick" Casper Imaging into deploying an image without a JSS by pre-caching the necessary packages and scripts onto my external device. I'd have to experiment a bit to see if I am correct, but my gut feeling is that it would be possible though require doing things in an unsupported way. Casper Imaging having the built-in and supported ability to cache configurations and the contents of a distribution point could certainly be useful. I'd recommend that anyone who finds it useful contact JAMF with a feature request. Deploy Studio is free, and it does provide a decent imaging solution for the price. When used from portable drives, it seems a bit better than having a monolithic image deployment. When used in its server model, it seems to be of only slightly greater utility than using Apple NetInstall. The difference being that you would have to build and store a separate NetInstall image for each "configuration" if you went with the pure Apple solution. As far as deploying Windows goes, I'm of the opinion that Casper is the "best of breed" solution for deploying and maintaining Macs. If I ever assumed responsibility for deployment and maintenance of Windows PCs, I'd research the "best of breed" deployment and management utility/suite for Windows. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 5, 2009 at 10:35 AM, Criss Myers wrote: > Hi Miles > > I think the point Thomas was making was imaging PC clients from a Mac > server, ive downloaded the documentation and installed the DS and for the > mac side it is a very basic imaging and packing deployment product, but FREE > for those that cant afford Casper, not that i can say its a patch on Casper. > > As your the Casper Trainer you might be able ti tell me if you can use > casper from a usb/ external drive without any server/network? As i am only > 6months into using capser. > > DS can support external drives, you can use scripts, install packages and > image computers and theres even a database of known approved computers to > image as well as a live activity monitor. > > On the PC side, it installs a vmlinux pxebooter and alters the dhcp > settings, atm i dont have a PC to test with, but from the forums allows the > PC to pxe boot however it doesn't support all NIC's nor necessarily new or > future PC's > > I would have thought that maybe in the future with EFI that PC's and > windows might start going that way making it easier to preboot them. > > The DS does not make a PC image, its just a pxebooter. > > You also need DHCP on your mac server as well as cifs or nfs support. > > Criss > > > Criss Myers > Senior Customer Support Analyst (Mac Services) > Apple Certified Technical Coordinator v10.5 > LIS Business Support Team > Library 301 > University of Central Lancashire > Preston PR1 2HE > Ex 5054 > 01772 895054 > > > >>> On Wed, Feb 4, 2009 at 9:50 PM, in message < > ec2e75ff0902041350k58624731n26266194def6eb4d at mail.gmail.com>, Miles Leacy > wrote: > > I had a cursory look at it a few months ago. > > > My first impression is that it's an immature product/project. > > > I can't download the Architecture document from their site (the link > appears to be broken), but if I recall correctly, DeployStudio is attempting > to deliver features found in Casper, NetRestore and Radmind. > > > I think it's an admirable effort by the project's creators and > contributors, however, I'll be sticking with Casper for several reasons. > > > Before Casper, I used Radmind and a collection of my own homebrewed > shell scripts to handle deployment, software distribution, patch management > and general system maintenance. Tasks using these technologies are not very > duplicatable in junior staff due to the learning curve. That means I have > to be around all the time. That's bad. > > > If one of my scripts or Radmind doesn't work as expected, I have to fix > it with no support, and I can potentially pull my hair out for days trying > to fix it. With Casper, I pay for support and get excellent response times > and resolution rates. > > > I know a constructive criticism was recently made on this list about the > Casper documentation, but this project's documentation is downright > skeletal. > > It appears that DeployStudio may have some interesting ideas regarding > PC deployment, but I don't manage PCs, and if I ever need to manage > BootCamp, Parallels or VMWare, I can do that through Casper. > > > If there are any specific compelling features you find in DeployStudio, > I'd be interested to hear about them, and perhaps they can be presented to > JAMF as feature requests. > > > ---------- > Miles A. Leacy IV > > ? Certified System Administrator 10.4 > ? Certified Technical Coordinator 10.5 > ? Certified Trainer > Certified Casper Administrator > ---------- > voice: 1-347-277-7321 > miles.leacy at themacadmin.com > www.themacadmin.com > > > > > 2009/2/4 Thomas Larkin > > > > > has anyone looked at this? While I don't see anything it does that >> Casper Doesn't, it does do one really neat thing. I supports PXE >> booting. So, you can feasibly have PC clients netboot (or PXE boot as they >> call it) to it and image Windows or Linux to them. This sounds very >> interesting for mixed client environments. While, I have not played with it >> yet, I was curious if anyone on the list has used it with Casper or what >> not. >> >> >> I mean if I could also use one server technology to image all of our >> Windows clients, that would be kind of neat. You could then have one Xserve >> do it all. Casper does have some, unsupported, but working tools to image >> Windows on a Mac. I have used them and they do work. >> >> >> I have way too much on my plate to even attempt looking at Deploy >> Studio, however, if anyone else has tinkered with it, what are your >> thoughts? I was thinking if possible down the road I may run Deploy studio >> on my Xserves in each building for netboot and imaging the PCs only, and >> then keep Casper for the Macs. I really like the auto run data and would >> not want to give that up. >> >> >> *http://www.deploystudio.com/Home.html* >> >> >> Thoughts? Experiences? >> >> >> Thanks, >> >> >> ___________________________ >> Thomas Larkin >> TIS Department >> KCKPS USD500 >> tlarki at kckps.org >> blackberry: 913-449-7589 >> office: 913-627-0351 >> >> >> >> >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090205/d92fcc28/attachment.html From chad.brewer at bend.k12.or.us Thu Feb 5 08:12:37 2009 From: chad.brewer at bend.k12.or.us (Chad Brewer) Date: Thu, 05 Feb 2009 08:12:37 -0800 Subject: [Casper] Deploy Studio In-Reply-To: References: Message-ID: We use Windows Deployment Services (Included in Win Server 2003 SP2 and Win Server 2008) for PXE booting and imaging our Windows machines. I have adapted this method to imaging Windows onto our Macs as well and it is working fairly well. The only downside is having to boot the Macs from a WDS deployment CD since they won't PXE boot. Once booted from the CD, I can deploy my windows image using the Window pre-execution environment just like we do other PC's. Chad Miles Leacy on February 5, 2009 at 8:07 AM -0800 wrote: >Thanks for the vote of confidence. While I don't claim the title "Casper >Trainer", I'll try to answer your question. I invite anyone from JAMF to >correct me if my understanding is flawed. > > >Casper is not intended to image without a JSS. > > >If I had to, I think I could "trick" Casper Imaging into deploying an >image without a JSS by pre-caching the necessary packages and scripts >onto my external device. I'd have to experiment a bit to see if I am >correct, but my gut feeling is that it would be possible though require >doing things in an unsupported way. Casper Imaging having the built-in >and supported ability to cache configurations and the contents of a >distribution point could certainly be useful. I'd recommend that anyone >who finds it useful contact JAMF with a feature request. > > >Deploy Studio is free, and it does provide a decent imaging solution for >the price. When used from portable drives, it seems a bit better than >having a monolithic image deployment. When used in its server model, it >seems to be of only slightly greater utility than using Apple NetInstall. > The difference being that you would have to build and store >a separate NetInstall image for each "configuration" if you went with the >pure Apple solution. > > >As far as deploying Windows goes, I'm of the opinion that Casper is the >"best of breed" solution for deploying and maintaining Macs. If I ever >assumed responsibility for deployment and maintenance of Windows PCs, I'd >research the "best of breed" deployment and management utility/suite for >Windows. > >---------- >Miles A. Leacy IV > > Certified System Administrator 10.4 > Certified Technical Coordinator 10.5 > Certified Trainer >Certified Casper Administrator >---------- >voice: 1-347-277-7321 >[ mailto:miles.leacy at themacadmin.com ]miles.leacy at themacadmin.com >[ http://www.themacadmin.com ]www.themacadmin.com > > > > >On Thu, Feb 5, 2009 at 10:35 AM, Criss Myers <[ mailto:CMyers at uclan.ac.uk >]CMyers at uclan.ac.uk> wrote: > > > > >Hi Miles > > >I think the point Thomas was making was imaging PC clients from a Mac >server, ive downloaded the documentation and installed the DS and for the >mac side it is a very basic imaging and packing deployment product, but >FREE for those that cant afford Casper, not that i can say its a patch on >Casper. > > >As your the Casper Trainer you might be able ti tell me if you can use >casper from a usb/ external drive without any server/network? As i am >only 6months into using capser. > > >DS can support external drives, you can use scripts, install packages and >image computers and theres even a database of known approved computers to >image as well as a live activity monitor. > > >On the PC side, it installs a vmlinux pxebooter and alters the dhcp >settings, atm i dont have a PC to test with, but from the forums allows >the PC to pxe boot however it doesn't support all NIC's nor necessarily >new or future PC's > > >I would have thought that maybe in the future with EFI that PC's and >windows might start going that way making it easier to preboot them. > > >The DS does not make a PC image, its just a pxebooter. > > >You also need DHCP on your mac server as well as cifs or nfs support. > > >Criss > > >Criss Myers >Senior Customer Support Analyst (Mac Services) >Apple Certified Technical Coordinator v10.5 >LIS Business Support Team >Library 301 >University of Central Lancashire >Preston PR1 2HE >Ex 5054 >01772 895054 > > > >>>> On Wed, Feb 4, 2009 at 9:50 PM, in message <[ >mailto:ec2e75ff0902041350k58624731n26266194def6eb4d at mail.gmail.com >]ec2e75ff0902041350k58624731n26266194def6eb4d at mail.gmail.com>, Miles >Leacy <[ mailto:miles.leacy at themacadmin.com ]miles.leacy at themacadmin.com> >wrote: > > > > >I had a cursory look at it a few months ago. > > > > > > >My first impression is that it's an immature product/project. > > > > > > >I can't download the Architecture document from their site (the link >appears to be broken), but if I recall correctly, DeployStudio is >attempting to deliver features found in Casper, NetRestore and Radmind. > > > > > > >I think it's an admirable effort by the project's creators and >contributors, however, I'll be sticking with Casper for several reasons. > > > > > > >Before Casper, I used Radmind and a collection of my own homebrewed shell >scripts to handle deployment, software distribution, patch management and >general system maintenance. Tasks using these technologies are not very >duplicatable in junior staff due to the learning curve. That means I >have to be around all the time. That's bad. > > > > > > >If one of my scripts or Radmind doesn't work as expected, I have to fix >it with no support, and I can potentially pull my hair out for days >trying to fix it. With Casper, I pay for support and get excellent >response times and resolution rates. > > > > > > >I know a constructive criticism was recently made on this list about the >Casper documentation, but this project's documentation is downright >skeletal. > > > > >It appears that DeployStudio may have some interesting ideas regarding PC >deployment, but I don't manage PCs, and if I ever need to manage >BootCamp, Parallels or VMWare, I can do that through Casper. > > > > > > >If there are any specific compelling features you find in DeployStudio, >I'd be interested to hear about them, and perhaps they can be presented >to JAMF as feature requests. > > > >---------- >Miles A. Leacy IV > > Certified System Administrator 10.4 > Certified Technical Coordinator 10.5 > Certified Trainer >Certified Casper Administrator >---------- >voice: 1-347-277-7321 >[ mailto:miles.leacy at themacadmin.com ]miles.leacy at themacadmin.com >[ http://www.themacadmin.com ]www.themacadmin.com > > > > > > > >2009/2/4 Thomas Larkin > > ><[ mailto:tlarki at kckps.org ]tlarki at kckps.org> > > > > > >has anyone looked at this? While I don't see anything it does that >Casper Doesn't, it does do one really neat thing. I supports PXE >booting. So, you can feasibly have PC clients netboot (or PXE boot as >they call it) to it and image Windows or Linux to them. This sounds very >interesting for mixed client environments. While, I have not played with >it yet, I was curious if anyone on the list has used it with Casper or >what not. > > >I mean if I could also use one server technology to image all of our >Windows clients, that would be kind of neat. You could then have one >Xserve do it all. Casper does have some, unsupported, but working tools >to image Windows on a Mac. I have used them and they do work. > > >I have way too much on my plate to even attempt looking at Deploy Studio, >however, if anyone else has tinkered with it, what are your thoughts? I >was thinking if possible down the road I may run Deploy studio on my >Xserves in each building for netboot and imaging the PCs only, and then >keep Casper for the Macs. I really like the auto run data and would not >want to give that up. > > >[ http://www.deploystudio.com/Home.html >]http://www.deploystudio.com/Home.html > > >Thoughts? Experiences? > > >Thanks, > >___________________________ >Thomas Larkin >TIS Department >KCKPS USD500 >[ mailto:tlarki at kckps.org ]tlarki at kckps.org >blackberry: 913-449-7589 >office: 913-627-0351 > > > > > > > > > >_______________________________________________ >Casper mailing list >[ mailto:Casper at list.jamfsoftware.com ]Casper at list.jamfsoftware.com >[ http://list.jamfsoftware.com/mailman/listinfo/casper >]http://list.jamfsoftware.com/mailman/listinfo/casper > > > > > > > > >_______________________________________________ >Casper mailing list >Casper at list.jamfsoftware.com >http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090205/8cb31065/attachment.htm From jared.nichols at ll.mit.edu Thu Feb 5 09:13:12 2009 From: jared.nichols at ll.mit.edu (Nichols, Jared) Date: Thu, 5 Feb 2009 12:13:12 -0500 Subject: [Casper] composer 7 In-Reply-To: Message-ID: Is 7 supposed to have CS4 support? We're in the process of rolling it out right now... Would help a lot. j On 2/5/09 11:07 , "Smith, William" wrote: > On 2/5/09 8:47 AM, "Criss Myers" wrote: > >> Has anyone got a copy of composer 7 yet? > > Blaine Mattson announced it in a JAMF email I received on January 21 but I > haven't seen information about its release yet. > > The JAMF website still shows information about the older version of Composer > judging by the video and > comparing it to the announcement. --- Jared Nichols ISD Infrastructure and Operations ? Desktop Engineering MIT Lincoln Laboratory 244 Wood St. Lexington, MA 02420-9108 (781) 981-5500 From jared.nichols at ll.mit.edu Thu Feb 5 09:13:12 2009 From: jared.nichols at ll.mit.edu (Nichols, Jared) Date: Thu, 5 Feb 2009 12:13:12 -0500 Subject: [Casper] composer 7 In-Reply-To: Message-ID: Is 7 supposed to have CS4 support? We're in the process of rolling it out right now... Would help a lot. j On 2/5/09 11:07 , "Smith, William" wrote: > On 2/5/09 8:47 AM, "Criss Myers" wrote: > >> Has anyone got a copy of composer 7 yet? > > Blaine Mattson announced it in a JAMF email I received on January 21 but I > haven't seen information about its release yet. > > The JAMF website still shows information about the older version of Composer > judging by the video and > comparing it to the announcement. --- Jared Nichols ISD Infrastructure and Operations ? Desktop Engineering MIT Lincoln Laboratory 244 Wood St. Lexington, MA 02420-9108 (781) 981-5500 From Dustin.Dorey at district196.org Thu Feb 5 12:54:41 2009 From: Dustin.Dorey at district196.org (Dorey, Dustin) Date: Thu, 5 Feb 2009 14:54:41 -0600 Subject: [Casper] Deploy Studio In-Reply-To: <4989B2C2.7141.0039.0@kckps.org> References: <4989B2C2.7141.0039.0@kckps.org> Message-ID: Ok so I just got back from that apple event and they demoed Deploy Studio, and I'd like to point out that he compared it to NetRestore but made a point to say it does not replace Casper. In any case for what it is, it is really really nice. A huge improvement on Netrestore and shares a lot of similarities with casper in an imaging way only, you know without the management, package building, remote tools and inventory pieces. Unfortunately they did not talk about pxe booting non-apple hardware or anything that didn't involve building stuff off of anything but apple hardware. He did mention that there is now a Wiki for documentation. So maybe that will grow. Hey JAMF if you're reading this, one thing that was cool was the partitioning was built into the workflow and it supported partitioning for os x, windows, and Linux pre laying down the image. Any way to get preflight disk utility functions built into casper w/o having to script it? -Dusty- Dustin Dorey Technology Support Cluster Specialist ISD 196 Apple Valley, Eagan, Rosemount dustin.dorey at district196.org 952|423|7971 From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of Thomas Larkin Sent: Wednesday, February 04, 2009 3:23 PM To: casper at list.jamfsoftware.com Subject: [Casper] Deploy Studio has anyone looked at this? While I don't see anything it does that Casper Doesn't, it does do one really neat thing. I supports PXE booting. So, you can feasibly have PC clients netboot (or PXE boot as they call it) to it and image Windows or Linux to them. This sounds very interesting for mixed client environments. While, I have not played with it yet, I was curious if anyone on the list has used it with Casper or what not. I mean if I could also use one server technology to image all of our Windows clients, that would be kind of neat. You could then have one Xserve do it all. Casper does have some, unsupported, but working tools to image Windows on a Mac. I have used them and they do work. I have way too much on my plate to even attempt looking at Deploy Studio, however, if anyone else has tinkered with it, what are your thoughts? I was thinking if possible down the road I may run Deploy studio on my Xserves in each building for netboot and imaging the PCs only, and then keep Casper for the Macs. I really like the auto run data and would not want to give that up. http://www.deploystudio.com/Home.html Thoughts? Experiences? Thanks, ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090205/b93a1387/attachment.html From mahughe at kckps.org Thu Feb 5 12:58:15 2009 From: mahughe at kckps.org (Mark Hughes) Date: Thu, 05 Feb 2009 14:58:15 -0600 Subject: [Casper] Installing Printers Via Policy Message-ID: <498AFE87020000A30000B581@gwoes4.kckps.org> Has anyone had success using Casper to deploy printers? When I add a printer in Casper Admin I get this error message "There was and error creating the new object in the JSS" followed by -1 Inserting Printer: java.sql.SQLException:Unknown column 'contents" in 'field list' It show them in Casper Admin. When I go to get a policy to add the printers they're not there.... Any Ideas? Mark Hughes, Apple Technician TIS Department, KCKPS USD500 Cell 913-449-7791 mahughe at kckps.org From NATHANIEL.LINDLEY at spps.org Thu Feb 5 12:55:57 2009 From: NATHANIEL.LINDLEY at spps.org (NATHANIEL.LINDLEY at spps.org) Date: Thu, 5 Feb 2009 14:55:57 -0600 Subject: [Casper] Deploy Studio In-Reply-To: Message-ID: In version 5 of Casper we could image a computer totally offline by syncing the JSS with an external local drive (USB or Firewire). Page 59 in manual. However, it doesn't seem to work with version 6 though. Nathaniel Lindley ++++++++++++++++++ Educational Technology Saint Paul Public Schools Saint Paul, Minnesota nathaniel.lindley at spps.org phone: 651-248-6861 Miles Leacy To Sent by: Criss Myers casper-bounces at li cc st.jamfsoftware.c casper at list.jamfsoftware.com om Subject Re: [Casper] Deploy Studio 02/05/09 09:59 AM Thanks for the vote of confidence. While I don't claim the title "Casper Trainer", I'll try to answer your question. I invite anyone from JAMF to correct me if my understanding is flawed. Casper is not intended to image without a JSS. If I had to, I think I could "trick" Casper Imaging into deploying an image without a JSS by pre-caching the necessary packages and scripts onto my external device. I'd have to experiment a bit to see if I am correct, but my gut feeling is that it would be possible though require doing things in an unsupported way. Casper Imaging having the built-in and supported ability to cache configurations and the contents of a distribution point could certainly be useful. I'd recommend that anyone who finds it useful contact JAMF with a feature request. Deploy Studio is free, and it does provide a decent imaging solution for the price. When used from portable drives, it seems a bit better than having a monolithic image deployment. When used in its server model, it seems to be of only slightly greater utility than using Apple NetInstall. The difference being that you would have to build and store a separate NetInstall image for each "configuration" if you went with the pure Apple solution. As far as deploying Windows goes, I'm of the opinion that Casper is the "best of breed" solution for deploying and maintaining Macs. If I ever assumed responsibility for deployment and maintenance of Windows PCs, I'd research the "best of breed" deployment and management utility/suite for Windows. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 5, 2009 at 10:35 AM, Criss Myers wrote: Hi Miles I think the point Thomas was making was imaging PC clients from a Mac server, ive downloaded the documentation and installed the DS and for the mac side it is a very basic imaging and packing deployment product, but FREE for those that cant afford Casper, not that i can say its a patch on Casper. As your the Casper Trainer you might be able ti tell me if you can use casper from a usb/ external drive without any server/network? As i am only 6months into using capser. DS can support external drives, you can use scripts, install packages and image computers and theres even a database of known approved computers to image as well as a live activity monitor. On the PC side, it installs a vmlinux pxebooter and alters the dhcp settings, atm i dont have a PC to test with, but from the forums allows the PC to pxe boot however it doesn't support all NIC's nor necessarily new or future PC's I would have thought that maybe in the future with EFI that PC's and windows might start going that way making it easier to preboot them. The DS does not make a PC image, its just a pxebooter. You also need DHCP on your mac server as well as cifs or nfs support. Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Wed, Feb 4, 2009 at 9:50 PM, in message < ec2e75ff0902041350k58624731n26266194def6eb4d at mail.gmail.com>, Miles Leacy wrote: I had a cursory look at it a few months ago. My first impression is that it's an immature product/project. I can't download the Architecture document from their site (the link appears to be broken), but if I recall correctly, DeployStudio is attempting to deliver features found in Casper, NetRestore and Radmind. I think it's an admirable effort by the project's creators and contributors, however, I'll be sticking with Casper for several reasons. Before Casper, I used Radmind and a collection of my own homebrewed shell scripts to handle deployment, software distribution, patch management and general system maintenance. Tasks using these technologies are not very duplicatable in junior staff due to the learning curve. That means I have to be around all the time. That's bad. If one of my scripts or Radmind doesn't work as expected, I have to fix it with no support, and I can potentially pull my hair out for days trying to fix it. With Casper, I pay for support and get excellent response times and resolution rates. I know a constructive criticism was recently made on this list about the Casper documentation, but this project's documentation is downright skeletal. It appears that DeployStudio may have some interesting ideas regarding PC deployment, but I don't manage PCs, and if I ever need to manage BootCamp, Parallels or VMWare, I can do that through Casper. If there are any specific compelling features you find in DeployStudio, I'd be interested to hear about them, and perhaps they can be presented to JAMF as feature requests. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/4 Thomas Larkin has anyone looked at this? While I don't see anything it does that Casper Doesn't, it does do one really neat thing. I supports PXE booting. So, you can feasibly have PC clients netboot (or PXE boot as they call it) to it and image Windows or Linux to them. This sounds very interesting for mixed client environments. While, I have not played with it yet, I was curious if anyone on the list has used it with Casper or what not. I mean if I could also use one server technology to image all of our Windows clients, that would be kind of neat. You could then have one Xserve do it all. Casper does have some, unsupported, but working tools to image Windows on a Mac. I have used them and they do work. I have way too much on my plate to even attempt looking at Deploy Studio, however, if anyone else has tinkered with it, what are your thoughts? I was thinking if possible down the road I may run Deploy studio on my Xserves in each building for netboot and imaging the PCs only, and then keep Casper for the Macs. I really like the auto run data and would not want to give that up. http://www.deploystudio.com/Home.html Thoughts? Experiences? Thanks, ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From miles.leacy at themacadmin.com Thu Feb 5 13:09:14 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 5 Feb 2009 16:09:14 -0500 Subject: [Casper] Deploy Studio In-Reply-To: References: <4989B2C2.7141.0039.0@kckps.org> <498B0753.BB96.0081.0@uclan.ac.uk> Message-ID: On Thu, Feb 5, 2009 at 11:07 AM, Miles Leacy wrote: > Casper is not intended to image without a JSS. > > If I had to, I think I could "trick" Casper Imaging into deploying an image > without a JSS > It has been brought to my attention that while it's true that Casper isn't really intended to do imaging without a JSS, there's no need for any trickery or feature requests if you want to image from an external drive using Casper. In fact, I assume it's even supported. Page 59 of the Casper Suite Documentation describes how to "make all of your packages, scripts, printers and configurations available offline for Casper Imaging to utilize" in a section titled "Replicating FireWire or USB Drives". ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 5, 2009 at 11:07 AM, Miles Leacy wrote: > Thanks for the vote of confidence. While I don't claim the title "Casper > Trainer", I'll try to answer your question. I invite anyone from JAMF to > correct me if my understanding is flawed. > Casper is not intended to image without a JSS. > > If I had to, I think I could "trick" Casper Imaging into deploying an image > without a JSS by pre-caching the necessary packages and scripts onto my > external device. I'd have to experiment a bit to see if I am correct, but > my gut feeling is that it would be possible though require doing things in > an unsupported way. Casper Imaging having the built-in and supported > ability to cache configurations and the contents of a distribution point > could certainly be useful. I'd recommend that anyone who finds it useful > contact JAMF with a feature request. > > Deploy Studio is free, and it does provide a decent imaging solution for > the price. When used from portable drives, it seems a bit better than > having a monolithic image deployment. When used in its server model, it > seems to be of only slightly greater utility than using Apple NetInstall. > The difference being that you would have to build and store > a separate NetInstall image for each "configuration" if you went with the > pure Apple solution. > > As far as deploying Windows goes, I'm of the opinion that Casper is the > "best of breed" solution for deploying and maintaining Macs. If I ever > assumed responsibility for deployment and maintenance of Windows PCs, I'd > research the "best of breed" deployment and management utility/suite for > Windows. > > ---------- > Miles A. Leacy IV > > ? Certified System Administrator 10.4 > ? Certified Technical Coordinator 10.5 > ? Certified Trainer > Certified Casper Administrator > ---------- > voice: 1-347-277-7321 > miles.leacy at themacadmin.com > www.themacadmin.com > > > > > On Thu, Feb 5, 2009 at 10:35 AM, Criss Myers wrote: > >> Hi Miles >> >> I think the point Thomas was making was imaging PC clients from a Mac >> server, ive downloaded the documentation and installed the DS and for the >> mac side it is a very basic imaging and packing deployment product, but FREE >> for those that cant afford Casper, not that i can say its a patch on Casper. >> >> As your the Casper Trainer you might be able ti tell me if you can use >> casper from a usb/ external drive without any server/network? As i am only >> 6months into using capser. >> >> DS can support external drives, you can use scripts, install packages >> and image computers and theres even a database of known approved computers >> to image as well as a live activity monitor. >> >> On the PC side, it installs a vmlinux pxebooter and alters the dhcp >> settings, atm i dont have a PC to test with, but from the forums allows the >> PC to pxe boot however it doesn't support all NIC's nor necessarily new or >> future PC's >> >> I would have thought that maybe in the future with EFI that PC's and >> windows might start going that way making it easier to preboot them. >> >> The DS does not make a PC image, its just a pxebooter. >> >> You also need DHCP on your mac server as well as cifs or nfs support. >> >> Criss >> >> >> Criss Myers >> Senior Customer Support Analyst (Mac Services) >> Apple Certified Technical Coordinator v10.5 >> LIS Business Support Team >> Library 301 >> University of Central Lancashire >> Preston PR1 2HE >> Ex 5054 >> 01772 895054 >> >> >> >>> On Wed, Feb 4, 2009 at 9:50 PM, in message < >> ec2e75ff0902041350k58624731n26266194def6eb4d at mail.gmail.com>, Miles Leacy >> wrote: >> >> I had a cursory look at it a few months ago. >> >> >> My first impression is that it's an immature product/project. >> >> >> I can't download the Architecture document from their site (the link >> appears to be broken), but if I recall correctly, DeployStudio is attempting >> to deliver features found in Casper, NetRestore and Radmind. >> >> >> I think it's an admirable effort by the project's creators and >> contributors, however, I'll be sticking with Casper for several reasons. >> >> >> Before Casper, I used Radmind and a collection of my own homebrewed >> shell scripts to handle deployment, software distribution, patch management >> and general system maintenance. Tasks using these technologies are not very >> duplicatable in junior staff due to the learning curve. That means I have >> to be around all the time. That's bad. >> >> >> If one of my scripts or Radmind doesn't work as expected, I have to fix >> it with no support, and I can potentially pull my hair out for days trying >> to fix it. With Casper, I pay for support and get excellent response times >> and resolution rates. >> >> >> I know a constructive criticism was recently made on this list about >> the Casper documentation, but this project's documentation is downright >> skeletal. >> >> It appears that DeployStudio may have some interesting ideas regarding >> PC deployment, but I don't manage PCs, and if I ever need to manage >> BootCamp, Parallels or VMWare, I can do that through Casper. >> >> >> If there are any specific compelling features you find in DeployStudio, >> I'd be interested to hear about them, and perhaps they can be presented to >> JAMF as feature requests. >> >> >> ---------- >> Miles A. Leacy IV >> >> ? Certified System Administrator 10.4 >> ? Certified Technical Coordinator 10.5 >> ? Certified Trainer >> Certified Casper Administrator >> ---------- >> voice: 1-347-277-7321 >> miles.leacy at themacadmin.com >> www.themacadmin.com >> >> >> >> >> 2009/2/4 Thomas Larkin >> >> >> >> >> has anyone looked at this? While I don't see anything it does that >>> Casper Doesn't, it does do one really neat thing. I supports PXE >>> booting. So, you can feasibly have PC clients netboot (or PXE boot as they >>> call it) to it and image Windows or Linux to them. This sounds very >>> interesting for mixed client environments. While, I have not played with it >>> yet, I was curious if anyone on the list has used it with Casper or what >>> not. >>> >>> >>> I mean if I could also use one server technology to image all of our >>> Windows clients, that would be kind of neat. You could then have one Xserve >>> do it all. Casper does have some, unsupported, but working tools to image >>> Windows on a Mac. I have used them and they do work. >>> >>> >>> I have way too much on my plate to even attempt looking at Deploy >>> Studio, however, if anyone else has tinkered with it, what are your >>> thoughts? I was thinking if possible down the road I may run Deploy studio >>> on my Xserves in each building for netboot and imaging the PCs only, and >>> then keep Casper for the Macs. I really like the auto run data and would >>> not want to give that up. >>> >>> >>> *http://www.deploystudio.com/Home.html* >>> >>> >>> Thoughts? Experiences? >>> >>> >>> Thanks, >>> >>> >>> ___________________________ >>> Thomas Larkin >>> TIS Department >>> KCKPS USD500 >>> tlarki at kckps.org >>> blackberry: 913-449-7589 >>> office: 913-627-0351 >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Casper mailing list >>> Casper at list.jamfsoftware.com >>> http://list.jamfsoftware.com/mailman/listinfo/casper >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090205/a679be51/attachment.html From miles.leacy at themacadmin.com Thu Feb 5 13:14:52 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 5 Feb 2009 16:14:52 -0500 Subject: [Casper] Installing Printers Via Policy In-Reply-To: <498AFE87020000A30000B581@gwoes4.kckps.org> References: <498AFE87020000A30000B581@gwoes4.kckps.org> Message-ID: It sounds like you're having some trouble creating the printer in the first place. Even though they appear in Casper Admin, the fact that you received an error when creating the printer tells me that the printer item you see in Casper Admin is not to be trusted. I'd contact JAMF support and get that straightened out first. My guess is that once whatever issue is causing your problematic printer creation is solved, you'll be able to deploy printers successfully. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 5, 2009 at 3:58 PM, Mark Hughes wrote: > Has anyone had success using Casper to deploy printers? > > When I add a printer in Casper Admin I get this error message "There was > and error creating the new object in the JSS" > followed by > > > -1 > Inserting Printer: java.sql.SQLException:Unknown column > 'contents" in 'field list' > > > It show them in Casper Admin. When I go to get a policy to add the > printers they're not there.... > > Any Ideas? > > > > > Mark Hughes, Apple Technician > TIS Department, KCKPS USD500 > Cell 913-449-7791 > mahughe at kckps.org > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090205/347eb3a6/attachment.htm From jared.nichols at ll.mit.edu Thu Feb 5 13:04:59 2009 From: jared.nichols at ll.mit.edu (Nichols, Jared) Date: Thu, 5 Feb 2009 16:04:59 -0500 Subject: [Casper] Root Certificate Message-ID: Hi- I?ve been told by our LDAP admin that in order to get proper authentication with LDAP accounts, I need to install our root certificate into ?your application.? I imagine he means Tomcat, which is what the JSS runs on. I found this article: http://www.jamfsoftware.com/kb/article.php?id=019 Is this the right thing for me to follow? If so, I?m a bit confused by step 9 where it says I need to include the keystorePass containing the password to the keystore. Thanks j --- Jared Nichols ISD Infrastructure and Operations ? Desktop Engineering MIT Lincoln Laboratory 244 Wood St. Lexington, MA 02420-9108 (781) 981-5500 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090205/23f7abde/attachment.html From MAHUGHE at kckps.org Thu Feb 5 13:57:08 2009 From: MAHUGHE at kckps.org (Mark Hughes) Date: Thu, 05 Feb 2009 15:57:08 -0600 Subject: [Casper] Installing Printers Via Policy In-Reply-To: <498B0C54020000A30000B5B8@gwoes4.kckps.org> References: <498B0C53020000A30000B5B5@gwoes4.kckps.org> <498B0C54020000A30000B5B8@gwoes4.kckps.org> Message-ID: <498B0C54020000A30000B5B8@gwoes4.kckps.org> I would agree with you that just the creation of the object failing is the root of the issue. -----Original Message----- From: Miles Leacy To: Hughes, Mark Cc: Sent: 2/5/2009 3:14:52 PM Subject: Re: [Casper] Installing Printers Via Policy It sounds like you're having some trouble creating the printer in the first place. Even though they appear in Casper Admin, the fact that you received an error when creating the printer tells me that the printer item you see in Casper Admin is not to be trusted. I'd contact JAMF support and get that straightened out first. My guess is that once whatever issue is causing your problematic printer creation is solved, you'll be able to deploy printers successfully. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 5, 2009 at 3:58 PM, Mark Hughes wrote: > Has anyone had success using Casper to deploy printers? > > When I add a printer in Casper Admin I get this error message "There was > and error creating the new object in the JSS" > followed by > > > -1 > Inserting Printer: java.sql.SQLException:Unknown column > 'contents" in 'field list' > > > It show them in Casper Admin. When I go to get a policy to add the > printers they're not there.... > > Any Ideas? > > > > > Mark Hughes, Apple Technician > TIS Department, KCKPS USD500 > Cell 913-449-7791 > mahughe at kckps.org > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > From john_wetter at hopkins.k12.mn.us Thu Feb 5 14:05:45 2009 From: john_wetter at hopkins.k12.mn.us (John Wetter) Date: Thu, 5 Feb 2009 16:05:45 -0600 Subject: [Casper] Deploy Studio In-Reply-To: Message-ID: Hi Dustin, An interesting take. When I was listening to the presentation, to me it just sounded like it would be a great version of Casper Imaging utility. Just for the Netboot environment to be able to graphically do all of the workflows we're doing with scripting right now while imaging. I could definitely see this for the imaging of being able to build the job of formatting, installing, patching, etc. I think the one thing lost on a good amount of the audience is that everything Deploy Studio does is one little corner of what Casper does. I can see huge value in it making Casper Imaging easier, but still just a little corner. I heard one person behind me say "Why do we need Casper now?" So, it sounds like there's still some education out there as far as really managing Macintosh computers. I guess it's a case of where EDU is just moving a little slower than everyone else and not wanting to admit that we're enterprise environments. -John On 2/5/09 2:54 PM, "Dorey, Dustin" wrote: Ok so I just got back from that apple event and they demoed Deploy Studio, and I'd like to point out that he compared it to NetRestore but made a point to say it does not replace Casper. In any case for what it is, it is really really nice. A huge improvement on Netrestore and shares a lot of similarities with casper in an imaging way only, you know without the management, package building, remote tools and inventory pieces. Unfortunately they did not talk about pxe booting non-apple hardware or anything that didn't involve building stuff off of anything but apple hardware. He did mention that there is now a Wiki for documentation. So maybe that will grow. Hey JAMF if you're reading this, one thing that was cool was the partitioning was built into the workflow and it supported partitioning for os x, windows, and Linux pre laying down the image. Any way to get preflight disk utility functions built into casper w/o having to script it? -Dusty- Dustin Dorey Technology Support Cluster Specialist ISD 196 Apple Valley, Eagan, Rosemount dustin.dorey at district196.org 952|423|7971 From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of Thomas Larkin Sent: Wednesday, February 04, 2009 3:23 PM To: casper at list.jamfsoftware.com Subject: [Casper] Deploy Studio has anyone looked at this? While I don't see anything it does that Casper Doesn't, it does do one really neat thing. I supports PXE booting. So, you can feasibly have PC clients netboot (or PXE boot as they call it) to it and image Windows or Linux to them. This sounds very interesting for mixed client environments. While, I have not played with it yet, I was curious if anyone on the list has used it with Casper or what not. I mean if I could also use one server technology to image all of our Windows clients, that would be kind of neat. You could then have one Xserve do it all. Casper does have some, unsupported, but working tools to image Windows on a Mac. I have used them and they do work. I have way too much on my plate to even attempt looking at Deploy Studio, however, if anyone else has tinkered with it, what are your thoughts? I was thinking if possible down the road I may run Deploy studio on my Xserves in each building for netboot and imaging the PCs only, and then keep Casper for the Macs. I really like the auto run data and would not want to give that up. http://www.deploystudio.com/Home.html Thoughts? Experiences? Thanks, ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 -- John Wetter Technology Support Administrator Educational Technology, Media & Information Services Hopkins Public Schools 952-988-5373 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090205/bc961653/attachment.html From tlarki at kckps.org Thu Feb 5 14:20:59 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 05 Feb 2009 16:20:59 -0600 Subject: [Casper] Deploy Studio Message-ID: <498B11EA0200003900008B9F@gwoes4.kckps.org> Yup, when I was in the CCA training over this last summer one of the drills we went through was creating a recovery partition using Casper to image a machine locally. It is doable, and casper even hides the restore partition for you, so no command line wizardry has to happen. Unfortunately, at this very moment my brain is escaping on the exact method of how this works. I need to bust out my Casper bible and look it up. It is very possible though I have seen it happen in person ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/05/09 3:12 PM >>> On Thu, Feb 5, 2009 at 11:07 AM, Miles Leacy wrote: > Casper is not intended to image without a JSS. > > If I had to, I think I could "trick" Casper Imaging into deploying an image > without a JSS > It has been brought to my attention that while it's true that Casper isn't really intended to do imaging without a JSS, there's no need for any trickery or feature requests if you want to image from an external drive using Casper. In fact, I assume it's even supported. Page 59 of the Casper Suite Documentation describes how to "make all of your packages, scripts, printers and configurations available offline for Casper Imaging to utilize" in a section titled "Replicating FireWire or USB Drives". ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 5, 2009 at 11:07 AM, Miles Leacy wrote: > Thanks for the vote of confidence. While I don't claim the title "Casper > Trainer", I'll try to answer your question. I invite anyone from JAMF to > correct me if my understanding is flawed. > Casper is not intended to image without a JSS. > > If I had to, I think I could "trick" Casper Imaging into deploying an image > without a JSS by pre-caching the necessary packages and scripts onto my > external device. I'd have to experiment a bit to see if I am correct, but > my gut feeling is that it would be possible though require doing things in > an unsupported way. Casper Imaging having the built-in and supported > ability to cache configurations and the contents of a distribution point > could certainly be useful. I'd recommend that anyone who finds it useful > contact JAMF with a feature request. > > Deploy Studio is free, and it does provide a decent imaging solution for > the price. When used from portable drives, it seems a bit better than > having a monolithic image deployment. When used in its server model, it > seems to be of only slightly greater utility than using Apple NetInstall. > The difference being that you would have to build and store > a separate NetInstall image for each "configuration" if you went with the > pure Apple solution. > > As far as deploying Windows goes, I'm of the opinion that Casper is the > "best of breed" solution for deploying and maintaining Macs. If I ever > assumed responsibility for deployment and maintenance of Windows PCs, I'd > research the "best of breed" deployment and management utility/suite for > Windows. > > ---------- > Miles A. Leacy IV > > ? Certified System Administrator 10.4 > ? Certified Technical Coordinator 10.5 > ? Certified Trainer > Certified Casper Administrator > ---------- > voice: 1-347-277-7321 > miles.leacy at themacadmin.com > www.themacadmin.com > > > > > On Thu, Feb 5, 2009 at 10:35 AM, Criss Myers wrote: > >> Hi Miles >> >> I think the point Thomas was making was imaging PC clients from a Mac >> server, ive downloaded the documentation and installed the DS and for the >> mac side it is a very basic imaging and packing deployment product, but FREE >> for those >> As your the Casper Trainer you might be able ti tell me if you can use >> casper from a usb/ external drive without any server/network? As i am only >> 6months into using capser. >> >> DS can support external drives, you can use scripts, install packages >> and image computers and theres even a database of known approved computers >> to image as well as a live activity monitor. >> >> On the PC side, it installs a vmlinux pxebooter and alters the dhcp >> settings, atm i dont have a PC to test with, but from the forums allows the >> PC to pxe boot however it doesn't support all NIC's nor necessarily new or >> future PC's >> >> I would have thought that maybe in the future with EFI that PC's and >> windows might start going that way making it easier to preboot them. >> >> The DS does not make a PC image, its just a pxebooter. >> >> You also need DHCP on your mac server as well as cifs or nfs support. >> >> Criss >> >> >> Criss Myers >> Senior Customer Support Analyst (Mac Services) >> Apple Certified Technical Coordinator v10.5 >> LIS Business Support Team >> Library 301 >> University of Central Lancashire >> Preston PR1 2HE >> Ex 5054 >> 01772 895054 >> >> >> >>> On Wed, Feb 4, 2009 at 9:50 PM, in message < >> ec2e75ff0902041350k58624731n26266194def6eb4d at mail.gmail.com>, Miles Leacy >> wrote: >> >> I had a cursory look at it a few months ago. >> >> >> My first impression is that it's an immature product/project. >> >> >> I can't download the Architecture document from their site (the link >> appears to be broken), but if I recall correctly, DeployStudio is attempting >> to deliver features found in Casper, NetRestore and Radmind. >> >> >> I think it's an admirable effort by the project's creators and >> contributors, however, I'll be sticking with Casper for several reasons. >> >> >> Before Casper, I used Radmind and a collection of my own homebrewed >> shell scripts to handle deployment, software distribution, patch management >> and general system maintenance. Tasks using these technologies are not very >> duplicatable in junior staff due to the learning curve. That means I have >> to be around all the time. That's bad. >> >> >> If one of my scripts or Radmind doesn't work as expected, I have to fix >> it with no support, and I can potentially pull my hair out for days trying >> to fix it. With Casper, I pay for support and get excellent response times >> and resolution rates. >> >> >> I know a constructive criticism was recently made on this list about >> the Casper documentation, but this project's documentation is downright >> skeletal. >> >> It appears that DeployStudio may have some interesting ideas regarding >> PC deployment, but I don't manage PCs, and if I ever need to manage >> BootCamp, Parallels or VMWare, I can do that through Casper. >> >> >> If there are any specific compelling features you find in DeployStudio, >> I'd be interested to hear about them, and perhaps they can be presented to >> JAMF as feature requests. >> >> >> ---------- >> Miles A. Leacy IV >> >> ? Certified System Administrator 10.4 >> ? Certified Technical Coordinator 10.5 >> ? Certified Trainer >> Certified Casper Administrator >> ---------- >> voice: 1-347-277-7321 >> miles.leacy at themacadmin.com >> www.themacadmin.com >> >> >> >> >> 2009/2/4 Thomas Larkin >> >> >> >> >> has anyone looked at this? While I don't see anything it does that >>> Casper Doesn't, it does do one really neat thing. I supports PXE >>> booting. So, you can feasibly have PC clients netboot (or PXE boot as they >>> call it) to it and image Windows or Linux to them. This sounds very >>> interesting for mixed client environments. While, I have not played with it >>> yet, I was curious if anyone on the list has used it with Casper or what >>> not. >>> >>> >>> I mean if I could also use one server technology to image all of our >>> Windo>>> do it all. Casper does have some, unsupported, but working tools to image >>> Windows on a Mac. I have used them and they do work. >>> >>> >>> I have way too much on my plate to even attempt looking at Deploy >>> Studio, however, if anyone else has tinkered with it, what are your >>> thoughts? I was thinking if possible down the road I may run Deploy studio >>> on my Xserves in each building for netboot and imaging the PCs only, and >>> then keep Casper for the Macs. I really like the auto run data and would >>> not want to give that up. >>> >>> >>> *http://www.deploystudio.com/Home.html* >>> >>> >>> Thoughts? Experiences? >>> >>> >>> Thanks, >>> >>> >>> ___________________________ >>> Thomas Larkin >>> TIS Department >>> KCKPS USD500 >>> tlarki at kckps.org >>> blackberry: 913-449-7589 >>> office: 913-627-0351 >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Casper mailing list >>> Casper at list.jamfsoftware.com >>> http://list.jamfsoftware.com/mailman/listinfo/casper >>> >>> >> > From tlarki at kckps.org Thu Feb 5 14:28:33 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 05 Feb 2009 16:28:33 -0600 Subject: [Casper] Deploy Studio Message-ID: <498B13B00200003900008BA5@gwoes4.kckps.org> The one thing that irks me, is that if the hard drive is renamed from "Macintosh HD" casper can't find it. I too, would like the ability to have a completely zero'd out hard drive and be able to create partitions on the fly, choosing my own file system (HFS+, HFS+J, NTFS, ext3, UFS, ZFS, so on) chopping up the drive in partitions and then laying it down before the imaging process, then even possibly run the bless command as a post image option or lay down a different OS be it Linux or Windows, and lastly possibly even configuring a boot loader or what not. Right now GParted comes to mind since its free, open source, and supports a very large base of file systems. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> John Wetter 02/05/09 4:08 PM >>> Hi Dustin, An interesting take. When I was listening to the presentation, to me it just sounded like it would be a great version of Casper Imaging utility. Just for the Netboot environment to be able to graphically do all of the workflows we're doing with scripting right now while imaging. I could definitely see this for the imaging of being able to build the job of formatting, installing, patching, etc. I think the one thing lost on a good amount of the audience is that everything Deploy Studio does is one little corner of what Casper does. I can see huge value in it making Casper Imaging easier, but still just a little corner. I heard one person behind me say "Why do we need Casper now?" So, it sounds like there's still some education out there as far as really managing Macintosh computers. I guess it's a case of where EDU is just moving a little slower than everyone else and not wanting to admit that we're enterprise environments. -John On 2/5/09 2:54 PM, "Dorey, Dustin" wrote: Ok so I just got back from that apple event and they demoed Deploy Studio, and I'd like to point out that he compared it to NetRestore but made a point to say it does not replace Casper. In any case for what it is, it is really really nice. A huge improvement on Netrestore and shares a lot of similarities with casper in an imaging way only, you know without the management, package building, remote tools and inventory pieces. Unfortunately they did not talk about pxe booting non-apple hardware or anything that didn't involve building stuff off of anything but apple hardware. He did mention that there is now a Wiki for documentation. So maybe that will grow. Hey JAMF if you're reading this, one thing that was cool was the partitioning was built into the workflow and it supported partitioning for os x, windows, and Linux pre laying down the image. Any way to get preflight disk utility functions built into casper w/o having to script it? -Dusty- Dustin Dorey Technology Support Cluster Specialist ISD 196 Apple Valley, Eagan, Rosemount dustin.dorey at district196.org 952|423|7971 From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of Thomas Larkin Sent: Wednesday, February 04, 2009 3:23 PM To: casper at list.jamfsoftware.com Subject: [Casper] Deploy Studio has anyone looked at this? While I don't see anything it does that Casper Doesn't, it does do one really neat thing. I supports PXE booting. So, you can feasibly have PC clients netboot (or PXE boot as they call it) to it and image Windows or Linux to them. This sounds very interesting for mixed client environments. While, I have not played with it yet, I was curious if anyone on the list has used it with Casper or what not. I mean if I could also use one server technology to image all of our Windows clients, that would be kind of neat. You could then have one Xserve do it all. Casper does have some, unsupported, but working tools to image Windows on a Mac. I have used them and they do work. I have way too much on my plate to even attempt looking at Deploy Studio, however, if anyone else has tinkered with it, what are your thoughts? I was thinking if possible down the road I may run Deploy studio on my Xserves in each building for netboot and imaging the PCs only, and then keep Casper for the Macs. I really like the auto run data and would not want to give that up. http://www.deploystudio.com/Home.html Thoughts? Experiences? Thanks, ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 -- John Wetter Technology Support Administrator Educational Technology, Media & Information Services Hopkins Public Schools 952-988-5373 From william.smith at merrillcorp.com Thu Feb 5 14:37:53 2009 From: william.smith at merrillcorp.com (Smith, William) Date: Thu, 05 Feb 2009 16:37:53 -0600 Subject: [Casper] Root Certificate In-Reply-To: Message-ID: On 2/5/09 3:04 PM, "Nichols, Jared" wrote: > I?ve been told by our LDAP admin that in order to get proper authentication > with LDAP accounts, I need to install our root certificate into ?your > application.? I imagine he means Tomcat, which is what the JSS runs on. You don't need a root certificate just to get LDAP authentication working. The root certificate will ensure that you are indeed connecting securely to the server you think you're connecting to. The certificate will keep that annoying "can't verify the identity of the website" message from appearing, however. To enable LDAP for the JSS you'll need to log in and go to the Admin tab --> LDAP Servers area and enter the appropriate connection and search mappings for your LDAP world. Once the JSS has been pointed to a server for external authentication then you'll be able to assign permissions to users from LDAP and those users will be able to log in to the JSS or whatever you decide. -- bill William M. Smith, Technical Analyst MCS IT Merrill Communications, LLC (651) 632-1492 From miles.leacy at themacadmin.com Thu Feb 5 14:40:56 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 5 Feb 2009 17:40:56 -0500 Subject: [Casper] Deploy Studio In-Reply-To: <498B13B00200003900008BA5@gwoes4.kckps.org> References: <498B13B00200003900008BA5@gwoes4.kckps.org> Message-ID: On Thu, Feb 5, 2009 at 5:28 PM, Thomas Larkin wrote: > if the hard drive is renamed from "Macintosh HD" casper can't find it. The name of the target disk isn't important to Casper Imaging, but I believe it does have to exist before you start your imaging process. For example, you can have a target volume of "My Obscurely Named Volume". You can use "before" scripts to repartition your internal disk(s), create RAIDs, etc., but there will have to be a volume called "My Obscurely Named Volume" to begin with in order for Casper Imaging to target it. If JAMF were to change this behavior, however, you'll lose some idiot-proofing. As it stands, you can't target a volume that doesn't exist (unless you flub your "before" scripts and destroy that volume without recreating it). > I too, would like the ability to have a completely zero'd out hard drive > and be able to create partitions on the fly, choosing my own file system > (HFS+, HFS+J, NTFS, ext3, UFS, ZFS, so on) chopping up the drive in > partitions and then laying it down before the imaging process, then even > possibly run the bless command as a post image option or lay down a > different OS be it Linux or Windows, and lastly possibly even configuring a > boot loader or what not. I believe you can do all of this via scripting (you may need 3rd party utilities on your restore partition/utility drive/netboot image if you want to work with filesystems that Apple doesn't support out of the box). GUIs are nice though. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 5, 2009 at 5:28 PM, Thomas Larkin wrote: > The one thing that irks me, is that if the hard drive is renamed from > "Macintosh HD" casper can't find it. I too, would like the ability to have > a completely zero'd out hard drive and be able to create partitions on the > fly, choosing my own file system (HFS+, HFS+J, NTFS, ext3, UFS, ZFS, so on) > chopping up the drive in partitions and then laying it down before the > imaging process, then even possibly run the bless command as a post image > option or lay down a different OS be it Linux or Windows, and lastly > possibly even configuring a boot loader or what not. > > Right now GParted comes to mind since its free, open source, and supports a > very large base of file systems. > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > >>> John Wetter 02/05/09 4:08 PM >>> > Hi Dustin, > > An interesting take. When I was listening to the presentation, to me it > just sounded like it would be a great version of Casper Imaging utility. > Just for the Netboot environment to be able to graphically do all of the > workflows we're doing with scripting right now while imaging. I could > definitely see this for the imaging of being able to build the job of > formatting, installing, patching, etc. > > I think the one thing lost on a good amount of the audience is that > everything Deploy Studio does is one little corner of what Casper does. I > can see huge value in it making Casper Imaging easier, but still just a > little corner. I heard one person behind me say "Why do we need Casper > now?" So, it sounds like there's still some education out there as far as > really managing Macintosh computers. I guess it's a case of where EDU is > just moving a little slower than everyone else and not wanting to admit that > we're enterprise environments. > > -John > > > On 2/5/09 2:54 PM, "Dorey, Dustin" wrote: > > Ok so I just got back from that apple event and they demoed Deploy Studio, > and I'd like to point out that he compared it to NetRestore but made a point > to say it does not replace Casper. > In any case for what it is, it is really really nice. A huge improvement > on Netrestore and shares a lot of similarities with casper in an imaging way > only, you know without the management, package building, remote tools and > inventory pieces. Unfortunately they did not talk about pxe booting > non-apple hardware or anything that didn't involve building stuff off of > anything but apple hardware. He did mention that there is now a Wiki for > documentation. So maybe that will grow. > > Hey JAMF if you're reading this, one thing that was cool was the > partitioning was built into the workflow and it supported partitioning for > os x, windows, and Linux pre laying down the image. Any way to get > preflight disk utility functions built into casper w/o having to script it? > -Dusty- > Dustin Dorey > Technology Support Cluster Specialist > ISD 196 Apple Valley, Eagan, Rosemount > dustin.dorey at district196.org > 952|423|7971 > > > > From: casper-bounces at list.jamfsoftware.com [mailto: > casper-bounces at list.jamfsoftware.com] On Behalf Of Thomas Larkin > Sent: Wednesday, February 04, 2009 3:23 PM > To: casper at list.jamfsoftware.com > Subject: [Casper] Deploy Studio > > has anyone looked at this? While I don't see anything it does that Casper > Doesn't, it does do one really neat thing. I supports PXE booting. So, > you can feasibly have PC clients netboot (or PXE boot as they call it) to it > and image Windows or Linux to them. This sounds very interesting for mixed > client environments. While, I have not played with it yet, I was curious if > anyone on the list has used it with Casper or what not. > > > I mean if I could also use one server technology to image all of our > Windows clients, that would be kind of neat. You could then have one Xserve > do it all. Casper does have some, unsupported, but working tools to image > Windows on a Mac. I have used them and they do work. > > > I have way too much on my plate to even attempt looking at Deploy Studio, > however, if anyone else has tinkered with it, what are your thoughts? I was > thinking if possible down the road I may run Deploy studio on my Xserves in > each building for netboot and imaging the PCs only, and then keep Casper for > the Macs. I really like the auto run data and would not want to give that > up. > > > http://www.deploystudio.com/Home.html < > http://www.deploystudio.com/Home.html> > > > Thoughts? Experiences? > > > Thanks, > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > > -- > John Wetter > Technology Support Administrator > Educational Technology, Media & Information Services > Hopkins Public Schools > 952-988-5373 > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090205/47cd88ab/attachment.htm From tlarki at kckps.org Thu Feb 5 16:50:48 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 05 Feb 2009 18:50:48 -0600 Subject: [Casper] Deploy Studio Message-ID: <498B332A0200003900008BB7@gwoes4.kckps.org> That is strange when I netboot a client and if the drive is called "untitled" it doesn't find the target volume. I will have to tinker with it more tomorrow. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/05/09 4:42 PM >>> On Thu, Feb 5, 2009 at 5:28 PM, Thomas Larkin wrote: > if the hard drive is renamed from "Macintosh HD" casper can't find it. The name of the target disk isn't important to Casper Imaging, but I believe it does have to exist before you start your imaging process. For example, you can have a target volume of "My Obscurely Named Volume". You can use "before" scripts to repartition your internal disk(s), create RAIDs, etc., but there will have to be a volume called "My Obscurely Named Volume" to begin with in order for Casper Imaging to target it. If JAMF were to change this behavior, however, you'll lose some idiot-proofing. As it stands, you can't target a volume that doesn't exist (unless you flub your "before" scripts and destroy that volume without recreating it). > I too, would like the ability to have a completely zero'd out hard drive > and be able to create partitions on the fly, choosing my own file system > (HFS+, HFS+J, NTFS, ext3, UFS, ZFS, so on) chopping up the drive in > partitions and then laying it down before the imaging process, then even > possibly run the bless command as a post image option or lay down a > different OS be it Linux or Windows, and lastly possibly even configuring a > boot loader or what not. I believe you can do all of this via scripting (you may need 3rd party utilities on your restore partition/utility drive/netboot image if you want to work with filesystems that Apple doesn't support out of the box). GUIs are nice though. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 5, 2009 at 5:28 PM, Thomas Larkin wrote: > The one thing that irks me, is that if the hard drive is renamed from > "Macintosh HD" casper can't find it. I too, would like the ability to have > a completely zero'd out hard drive and be able to create partitions on the > fly, choosing my own file system (HFS+, HFS+J, NTFS, ext3, UFS, ZFS, so on) > chopping up the drive in partitions and then laying it down before the > imaging process, then even possibly run the bless command as a post image > option or lay down a different OS be it Linux or Windows, and lastly > possibly even configuring a boot loader or what not. > > Right now GParted comes to mind since its free, open source, and supports a > very large base of file systems. > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > >>> John Wetter 02/05/09 4:08 PM >>> > Hi Dustin, > > An interesting take. When I was listening to the presentation, to me it > just sounded like it would be a great version of Casper Imaging utility. > Just for the Netboot environment to be able to graphically do all of the > workflows we're doing with scripting right now while imaging. I could > definitely see this for the imaging of being able to build the job of > formatting, installing, patching, etc. > > I think the one thing lost on a good amount of the audience is that > everything Deploy Studio does is one little corner of what Casper does. I > can see huge value in it making Casper Imaging easier, but still just a > little corner. I heard one person behind me say "Why do we need Casper > now?" So, it sounds like there's still some education out there as far as > really managing Macintosh computers. > we're enterprise environments. > > -John > > > On 2/5/09 2:54 PM, "Dorey, Dustin" wrote: > > Ok so I just got back from that apple event and they demoed Deploy Studio, > and I'd like to point out that he compared it to NetRestore but made a point > to say it does not replace Casper. > In any case for what it is, it is really really nice. A huge improvement > on Netrestore and shares a lot of similarities with casper in an imaging way > only, you know without the management, package building, remote tools and > inventory pieces. Unfortunately they did not talk about pxe booting > non-apple hardware or anything that didn't involve building stuff off of > anything but apple hardware. He did mention that there is now a Wiki for > documentation. So maybe that will grow. > > Hey JAMF if you're reading this, one thing that was cool was the > partitioning was built into the workflow and it supported partitioning for > os x, windows, and Linux pre laying down the image. Any way to get > preflight disk utility functions built into casper w/o having to script it? > -Dusty- > Dustin Dorey > Technology Support Cluster Specialist > ISD 196 Apple Valley, Eagan, Rosemount > dustin.dorey at district196.org > 952|423|7971 > > > > From: casper-bounces at list.jamfsoftware.com [mailto: > casper-bounces at list.jamfsoftware.com] On Behalf Of Thomas Larkin > Sent: Wednesday, February 04, 2009 3:23 PM > To: casper at list.jamfsoftware.com > Subject: [Casper] Deploy Studio > > has anyone looked at this? While I don't see anything it does that Casper > Doesn't, it does do one really neat thing. I supports PXE booting. So, > you can feasibly have PC clients netboot (or PXE boot as they call it) to it > and image Windows or Linux to them. This sounds very interesting for mixed > client environments. While, I have not played with it yet, I was curious if > anyone on the list has used it with Casper or what not. > > > I mean if I could also use one server technology to image all of our > Windows clients, that would be kind of neat. You could then have one Xserve > do it all. Casper does have some, unsupported, but working tools to image > Windows on a Mac. I have used them and they do work. > > > I have way too much on my plate to even attempt looking at Deploy Studio, > however, if anyone else has tinkered with it, what are your thoughts? I was > thinking if possible down the road I may run Deploy studio on my Xserves in > each building for netboot and imaging the PCs only, and then keep Casper for > the Macs. I really like the auto run data and would not want to give that > up. > > > http://www.deploystudio.com/Home.html < > http://www.deploystudio.com/Home.html> > > > Thoughts? Experiences? > > > Thanks, > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > > -- > John Wetter > Technology Support Administrator > Educational Technology, Media & Information Services > Hopkins Public Schools > 952-988-5373 > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > From CMyers at uclan.ac.uk Fri Feb 6 02:09:45 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Fri, 06 Feb 2009 10:09:45 +0000 Subject: [Casper] Deploy Studio In-Reply-To: <498B332A0200003900008BB7@gwoes4.kckps.org> References: <498B332A0200003900008BB7@gwoes4.kckps.org> Message-ID: <498C0C69.BB96.0081.0@uclan.ac.uk> Same for me which is a problem when a mac thats been repaired and had a new drive put in come back with a different name. On the deploy studio side, i will be writting an article for MacTech on deploy studio so will be doing research into its use, I would say that as a SELF CONTAINED external imaging system it could be very good, My example being : Use Casper as normal but then take the base image and base packages and scripts and create a self contained external USB PEN Drive Deploy Studio setup that can be given to a technician or staff member to image a mac offline. OR create a some kind of diagnostic or repair installer etc, Personally i can see that as being useful, Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Fri, Feb 6, 2009 at 12:50 AM, in message <498B332A0200003900008BB7 at gwoes4.kckps.org>, "Thomas Larkin" wrote: That is strange when I netboot a client and if the drive is called "untitled" it doesn't find the target volume. I will have to tinker with it more tomorrow. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/05/09 4:42 PM >>> On Thu, Feb 5, 2009 at 5:28 PM, Thomas Larkin wrote: > if the hard drive is renamed from "Macintosh HD" casper can't find it. The name of the target disk isn't important to Casper Imaging, but I believe it does have to exist before you start your imaging process. For example, you can have a target volume of "My Obscurely Named Volume". You can use "before" scripts to repartition your internal disk(s), create RAIDs, etc., but there will have to be a volume called "My Obscurely Named Volume" to begin with in order for Casper Imaging to target it. If JAMF were to change this behavior, however, you'll lose some idiot-proofing. As it stands, you can't target a volume that doesn't exist (unless you flub your "before" scripts and destroy that volume without recreating it). > I too, would like the ability to have a completely zero'd out hard drive > and be able to create partitions on the fly, choosing my own file system > (HFS+, HFS+J, NTFS, ext3, UFS, ZFS, so on) chopping up the drive in > partitions and then laying it down before the imaging process, then even > possibly run the bless command as a post image option or lay down a > different OS be it Linux or Windows, and lastly possibly even configuring a > boot loader or what not. I believe you can do all of this via scripting (you may need 3rd party utilities on your restore partition/utility drive/netboot image if you want to work with filesystems that Apple doesn't support out of the box). GUIs are nice though. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 5, 2009 at 5:28 PM, Thomas Larkin wrote: > The one thing that irks me, is that if the hard drive is renamed from > "Macintosh HD" casper can't find it. I too, would like the ability to have > a completely zero'd out hard drive and be able to create partitions on the > fly, choosing my own file system (HFS+, HFS+J, NTFS, ext3, UFS, ZFS, so on) > chopping up the drive in partitions and then laying it down before the > imaging process, then even possibly run the bless command as a post image > option or lay down a different OS be it Linux or Windows, and lastly > possibly even configuring a boot loader or what not. > > Right now GParted comes to mind since its free, open source, and supports a > very large base o f file systems. > > ___________> office: 913-627-0351 > > > > >>> John Wetter 02/05/09 4:08 PM >>> > Hi Dustin, > > An interesting take. When I was listening to the presentation, to me it > just sounded like it would be a great version of Casper Imaging utility. > Just for the Netboot environment to be able to graphically do all of the > workflows we're doing with scripting right now while imaging. I could > definitely see this for the imaging of being able to build the job of > formatting, installing, patching, etc. > > I think the one thing lost on a good amount of the audience is that > everything Deploy Studio does is one little corner of what Casper does. I > can see huge value in it making Casper Imaging easier, but still just a > little corner. I heard one person behind me say "Why do we need Casper > now?" So, it sounds like there's still some education out there as far as > really managing Macintosh computers. > we're enterprise environments. > > -John > > > On 2/5/09 2:54 PM, "Dorey, Dustin" wrote: > > Ok so I just got back from that apple event and they demoed Deploy Studio, > and I'd like to point out that he compared it to NetRestore but made a point > to say it does not replace Casper. > In any case for what it is, it is really really nice. A huge improvement > on Netrestore and shares a lot of similarities with casper in an imaging way > only, you know without the management, package building, remote tools and > inventory pieces. Unfortunately they did not talk about pxe booting > non-apple hardware or anything that didn't involve building stuff off of > anything but apple hardware. He did mention that there is now a Wiki for > documentation. So maybe that will grow. > > Hey JAMF if you're reading this, one thing that was cool was the > partitioning was built into the workflow and it supported partitioning for > os x, windows, and Linux pre laying down the image. Any way to get > preflight disk utility functions built into casper w/o having to script it? > -Dusty- > Dustin Dorey > Technology Support Cluster Specialist > ISD 196 Apple Valley, Eagan, Rosemount > dustin.dorey at district196.org > 952|423|7971 > > > > From: casper-bounces at list.jamfsoftware.com [mailto: > casper-bounces at list.jamfsoftware.com] On Behalf Of Thomas Larkin > Sent: Wednesday, February 04, 2009 3:23 PM > To: casper at list.jamfsoftware.com > Subject: [Casper] Deploy Studio > > has anyone looked at this? While I don't see anything it does that Casper > Doesn't, it does do one really neat thing. I supports PXE booting. So, > you can feasibly have PC clients netboot (or PXE boot as they call it) to it > and image Windows or Linux to them. This sounds very interesting for mixed > client environments. While, I have not played with it yet, I was curious if > anyone on the list has used it with Casper or what not. > > > I mean if I could also use one server technology to image all of our > Windows clients, that would be kind of neat. You could then have one Xserve > do it all. Casper does have some, unsupported, but working tools to image > Windows on a Mac. I have used them and they do work. > > > I have way too much on my plate to even attempt looking at Deploy Studio, > however, if anyone else has tinkered with it, what are your thoughts? I was > thinking if possible down the road I may run Deploy studio on my Xserves in > each building for netboot and imaging the PCs only, and then keep Casper for > the Macs. I really like the auto run data and would not want to give that > up. > > > http://www.deploystudio.com/Home.html < > http://www.deploystudio.com/Home.html> > > > Thoughts? Experiences? > > > Thanks, > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > > -- > John Wetter > Technology Support Administrator > Educational Technology, Media > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090206/c0236275/attachment.htm From CMyers at uclan.ac.uk Fri Feb 6 03:58:38 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Fri, 06 Feb 2009 11:58:38 +0000 Subject: [Casper] failed policys Message-ID: <498C25EE.BB96.0081.0@uclan.ac.uk> Hi Chaps, If a policy fails to execute i can get it to send me an email, however is there anyway of getting it to add the failed computer to a smart group? For example the maintenance script fails on disk verify and id like to create a smart group based on this failed poilcy. Any ideas? Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090206/8722f468/attachment.html From CMyers at uclan.ac.uk Fri Feb 6 04:03:55 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Fri, 06 Feb 2009 12:03:55 +0000 Subject: [Casper] failed to verify disk Message-ID: <498C272B.BB96.0081.0@uclan.ac.uk> HI chaps Another tester for you. How many of you get disk verified failure on your macs when running the maintenance policy? /usr/sbin/jamf is version 6.01 Executing Policy Maintenance... Updating Prebindings... Fixing Permissions... Fixing ByHost files... Flushing System Caches... Flushing User Caches... Verifying Disk mounted at '/' Result of disk verification: Started verify/repair volume (filesystem) on disk disk0s2 Macintosh HD Performing live verification Checking Journaled HFS Plus volume Checking Extents Overflow file Checking Catalog file Checking multi-linked files Checking Catalog hierarchy Checking Extended Attributes file Checking volume bitmap Checking volume information [31mInvalid volume file count[0m hould be 400538 instead of 40 [31mInvalid volume directory count[0m hould be 93517 instead of 9 The volume Macintosh HD needs to be repaired Error detected while verifying/repairing volume disk0s2 Macintosh HD: Filesystem verify or repair failed (-9957) Finished verify/repair volume (filesystem) on disk disk0s2 Macintosh HD Error detected while verifying/repairing volume disk0s2 Macintosh HD: Filesystem verify or repair failed (-9957) i get this error a lot, and mostly on the same machines, as one cannot repair a boot drive i created the following 1, i created a diskless netboot image with no logon possible and a loginwindow background that informs you that it is repairing the disk so do not try to login or reboot the computer as it is automated. 2, i created a first run script that runs disk repair on the main volume, then sets the boot volume to the local drive and reboots the computer 3. I created a policy to set the started disk to the above netboot image and then reboot the mac if no one is logged in, otherwise it will reboot at next startup. How does everyone else solve this isssue? Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090206/59c7f814/attachment.htm From CMyers at uclan.ac.uk Fri Feb 6 04:07:24 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Fri, 06 Feb 2009 12:07:24 +0000 Subject: [Casper] dummy receipts, maybe a question for miles Message-ID: <498C27FC.BB96.0081.0@uclan.ac.uk> Another one, Maybe for Miles, Can you index a dummy receipts, i am guess that because it contains no contents that it cannot be indexed? I have tried to index a dummy receipt, Casper Admin says it has indexed and it then shows up as YES to index and i can then select the allow uninstall, however in the jss web interface both Casper admin and when i create a policy the dummy packages shows up as not being indexed and thus cannot be uninstalled. Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090206/2441c6d1/attachment.html From miles.leacy at themacadmin.com Fri Feb 6 08:51:49 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Fri, 6 Feb 2009 11:51:49 -0500 Subject: [Casper] dummy receipts, maybe a question for miles In-Reply-To: <498C27FC.BB96.0081.0@uclan.ac.uk> References: <498C27FC.BB96.0081.0@uclan.ac.uk> Message-ID: I would imagine you could index the dummy package, however there's nothing in it to index. Perhaps that's giving Casper's index and uninstall systems a fit. You might get around this by creating /Library/DummyPackages/myDummyPackage.txt and rolling it up in your dummy package. This will give Casper something to index, and hopefully avoid the behavior you're seeing with indexing and uninstalling. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/6 Criss Myers > Another one, > > Maybe for Miles, > > Can you index a dummy receipts, i am guess that because it contains no > contents that it cannot be indexed? > > I have tried to index a dummy receipt, Casper Admin says it has indexed > and it then shows up as YES to index and i can then select the allow > uninstall, however in the jss web interface both Casper admin and when i > create a policy the dummy packages shows up as not being indexed and thus > cannot be uninstalled. > > Criss > > Criss Myers > Senior Customer Support Analyst (Mac Services) > Apple Certified Technical Coordinator v10.5 > LIS Business Support Team > Library 301 > University of Central Lancashire > Preston PR1 2HE > Ex 5054 > 01772 895054 > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090206/76dec6a2/attachment.html From miles.leacy at themacadmin.com Fri Feb 6 08:59:47 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Fri, 6 Feb 2009 11:59:47 -0500 Subject: [Casper] failed policys In-Reply-To: <498C25EE.BB96.0081.0@uclan.ac.uk> References: <498C25EE.BB96.0081.0@uclan.ac.uk> Message-ID: I don't think that "failed to run policy" is a smart group criteria. However, if the policy fails, then I imagine you would have one or more packages or other quantifiable items that would be different from the machines on which the policy ran successfully. Perhaps you can scope your smart group to this criteria? If not, let me know what it is you're trying to accomplish and maybe I'll have some more ideas. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/6 Criss Myers > Hi Chaps, > > If a policy fails to execute i can get it to send me an email, however is > there anyway of getting it to add the failed computer to a smart group? > > For example the maintenance script fails on disk verify and id like to > create a smart group based on this failed poilcy. > > Any ideas? > > Criss Myers > Senior Customer Support Analyst (Mac Services) > Apple Certified Technical Coordinator v10.5 > LIS Business Support Team > Library 301 > University of Central Lancashire > Preston PR1 2HE > Ex 5054 > 01772 895054 > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090206/24c1b9ca/attachment.htm From miles.leacy at themacadmin.com Fri Feb 6 09:04:30 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Fri, 6 Feb 2009 12:04:30 -0500 Subject: [Casper] Deploy Studio In-Reply-To: References: Message-ID: What issues are you having? I'd suggest contacting JAMF support. The same info is in the version 6 documentation, so I assume it is supposed to work. To Criss: Have you tried replicating your distribution point to an external drive as per page 59 of the Casper Documentation? I'm sure Deploy Studio is great if you don't have Casper, but if you do, my feeling is that it makes more sense to use your existing tool than to work with an unknown item. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 5, 2009 at 3:55 PM, wrote: > > In version 5 of Casper we could image a computer totally offline by syncing > the JSS with an external local drive (USB or Firewire). Page 59 in manual. > However, it doesn't seem to work with version 6 though. > > > > Nathaniel Lindley > > ++++++++++++++++++ > Educational Technology > Saint Paul Public Schools > Saint Paul, Minnesota > nathaniel.lindley at spps.org > phone: 651-248-6861 > > > > Miles Leacy > acadmin.com> To > Sent by: Criss Myers > casper-bounces at li cc > st.jamfsoftware.c casper at list.jamfsoftware.com > om Subject > Re: [Casper] Deploy Studio > > 02/05/09 09:59 AM > > > > > > > > > Thanks for the vote of confidence. While I don't claim the title "Casper > Trainer", I'll try to answer your question. I invite anyone from JAMF to > correct me if my understanding is flawed. > > Casper is not intended to image without a JSS. > > If I had to, I think I could "trick" Casper Imaging into deploying an image > without a JSS by pre-caching the necessary packages and scripts onto my > external device. I'd have to experiment a bit to see if I am correct, but > my gut feeling is that it would be possible though require doing things in > an unsupported way. Casper Imaging having the built-in and supported > ability to cache configurations and the contents of a distribution point > could certainly be useful. I'd recommend that anyone who finds it useful > contact JAMF with a feature request. > > Deploy Studio is free, and it does provide a decent imaging solution for > the price. When used from portable drives, it seems a bit better than > having a monolithic image deployment. When used in its server model, it > seems to be of only slightly greater utility than using Apple NetInstall. > The difference being that you would have to build and store a separate > NetInstall image for each "configuration" if you went with the pure Apple > solution. > > As far as deploying Windows goes, I'm of the opinion that Casper is the > "best of breed" solution for deploying and maintaining Macs. If I ever > assumed responsibility for deployment and maintenance of Windows PCs, I'd > research the "best of breed" deployment and management utility/suite for > Windows. > > ---------- > Miles A. Leacy IV > > ? Certified System Administrator 10.4 > ? Certified Technical Coordinator 10.5 > ? Certified Trainer > Certified Casper Administrator > ---------- > voice: 1-347-277-7321 > miles.leacy at themacadmin.com > www.themacadmin.com > > > > > On Thu, Feb 5, 2009 at 10:35 AM, Criss Myers wrote: > Hi Miles > > I think the point Thomas was making was imaging PC clients from a Mac > server, ive downloaded the documentation and installed the DS and for the > mac side it is a very basic imaging and packing deployment product, but > FREE for those that cant afford Casper, not that i can say its a patch on > Casper. > > > > As your the Casper Trainer you might be able ti tell me if you can use > casper from a usb/ external drive without any server/network? As i am > only 6months into using capser. > > > > DS can support external drives, you can use scripts, install packages and > image computers and theres even a database of known approved computers to > image as well as a live activity monitor. > > > > On the PC side, it installs a vmlinux pxebooter and alters the dhcp > settings, atm i dont have a PC to test with, but from the forums allows > the PC to pxe boot however it doesn't support all NIC's nor necessarily > new or future PC's > > > > I would have thought that maybe in the future with EFI that PC's and > windows might start going that way making it easier to preboot them. > > > > The DS does not make a PC image, its just a pxebooter. > > > > You also need DHCP on your mac server as well as cifs or nfs support. > > > > Criss > > > Criss Myers > Senior Customer Support Analyst (Mac Services) > Apple Certified Technical Coordinator v10.5 > LIS Business Support Team > Library 301 > University of Central Lancashire > Preston PR1 2HE > Ex 5054 > 01772 895054 > > > > > >>> On Wed, Feb 4, 2009 at 9:50 PM, in message < > ec2e75ff0902041350k58624731n26266194def6eb4d at mail.gmail.com>, Miles Leacy > wrote: > I had a cursory look at it a few months ago. > > My first impression is that it's an immature product/project. > > I can't download the Architecture document from their site (the link > appears to be broken), but if I recall correctly, DeployStudio is > attempting to deliver features found in Casper, NetRestore and Radmind. > > I think it's an admirable effort by the project's creators and > contributors, however, I'll be sticking with Casper for several reasons. > > Before Casper, I used Radmind and a collection of my own homebrewed > shell scripts to handle deployment, software distribution, patch > management and general system maintenance. Tasks using these > technologies are not very duplicatable in junior staff due to the > learning curve. That means I have to be around all the time. That's > bad. > > If one of my scripts or Radmind doesn't work as expected, I have to fix > it with no support, and I can potentially pull my hair out for days > trying to fix it. With Casper, I pay for support and get excellent > response times and resolution rates. > > I know a constructive criticism was recently made on this list about the > Casper documentation, but this project's documentation is downright > skeletal. > > It appears that DeployStudio may have some interesting ideas regarding > PC deployment, but I don't manage PCs, and if I ever need to manage > BootCamp, Parallels or VMWare, I can do that through Casper. > > If there are any specific compelling features you find in DeployStudio, > I'd be interested to hear about them, and perhaps they can be presented > to JAMF as feature requests. > > ---------- > Miles A. Leacy IV > > ? Certified System Administrator 10.4 > ? Certified Technical Coordinator 10.5 > ? Certified Trainer > Certified Casper Administrator > ---------- > voice: 1-347-277-7321 > miles.leacy at themacadmin.com > www.themacadmin.com > > > > > 2009/2/4 Thomas Larkin > > > has anyone looked at this? While I don't see anything it does that > Casper Doesn't, it does do one really neat thing. I supports PXE > booting. So, you can feasibly have PC clients netboot (or PXE boot as > they call it) to it and image Windows or Linux to them. This sounds > very interesting for mixed client environments. While, I have not > played with it yet, I was curious if anyone on the list has used it with > Casper or what not. > > I mean if I could also use one server technology to image all of our > Windows clients, that would be kind of neat. You could then have one > Xserve do it all. Casper does have some, unsupported, but working tools > to image Windows on a Mac. I have used them and they do work. > > I have way too much on my plate to even attempt looking at Deploy > Studio, however, if anyone else has tinkered with it, what are your > thoughts? I was thinking if possible down the road I may run Deploy > studio on my Xserves in each building for netboot and imaging the PCs > only, and then keep Casper for the Macs. I really like the auto run > data and would not want to give that up. > > http://www.deploystudio.com/Home.html > > Thoughts? Experiences? > > Thanks, > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090206/1bb8a038/attachment.html From tlarki at kckps.org Fri Feb 6 09:19:46 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 06 Feb 2009 11:19:46 -0600 Subject: [Casper] dummy receipts, maybe a question for miles In-Reply-To: References: <498C27FC.BB96.0081.0@uclan.ac.uk> Message-ID: <498C1CD2.7141.0039.0@kckps.org> What if you just put a simple script in the package, like #!/bin/bash echo "hello world" exit done I mean that would be harmless, could you index it then? ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/06/09 10:51 AM >>> I would imagine you could index the dummy package, however there's nothing in it to index. Perhaps that's giving Casper's index and uninstall systems a fit. You might get around this by creating /Library/DummyPackages/myDummyPackage.txt and rolling it up in your dummy package. This will give Casper something to index, and hopefully avoid the behavior you're seeing with indexing and uninstalling. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/6 Criss Myers Another one, Maybe for Miles, Can you index a dummy receipts, i am guess that because it contains no contents that it cannot be indexed? I have tried to index a dummy receipt, Casper Admin says it has indexed and it then shows up as YES to index and i can then select the allow uninstall, however in the jss web interface both Casper admin and when i create a policy the dummy packages shows up as not being indexed and thus cannot be uninstalled. Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090206/d9771927/attachment.html From miles.leacy at themacadmin.com Fri Feb 6 09:25:51 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Fri, 6 Feb 2009 12:25:51 -0500 Subject: [Casper] dummy receipts, maybe a question for miles In-Reply-To: <498C1CD2.7141.0039.0@kckps.org> References: <498C27FC.BB96.0081.0@uclan.ac.uk> <498C1CD2.7141.0039.0@kckps.org> Message-ID: I suppose either would work, but I'd have to test to be sure. It's my best guess that the problem is that there's nothing in the package to index. Only testing or a comment from JAMF would verify my assumption. Out of curiosity, why do you need to index dummy packages? All they will install is a receipt. You know what that receipt is called and where it is saved. If you need to get rid of it, why not use rm -R /Library/Receipts/nameOfDummyPackage.pkg ? ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Fri, Feb 6, 2009 at 12:19 PM, Thomas Larkin wrote: > What if you just put a simple script in the package, like > > *#!/bin/bash* > > *echo "hello world"* > > *exit* > > *done* > > I mean that would be harmless, could you index it then? > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > >>> Miles Leacy 02/06/09 10:51 AM >>> > > I would imagine you could index the dummy package, however there's nothing > in it to index. Perhaps that's giving Casper's index and uninstall systems > a fit. > > > You might get around this by creating > /Library/DummyPackages/myDummyPackage.txt and rolling it up in your dummy > package. This will give Casper something to index, and hopefully avoid the > behavior you're seeing with indexing and uninstalling. > > > ---------- > Miles A. Leacy IV > > ? Certified System Administrator 10.4 > ? Certified Technical Coordinator 10.5 > ? Certified Trainer > Certified Casper Administrator > ---------- > voice: 1-347-277-7321 > miles.leacy at themacadmin.com > www.themacadmin.com > > > > > 2009/2/6 Criss Myers > > > > > Another one, >> >> >> Maybe for Miles, >> >> >> Can you index a dummy receipts, i am guess that because it contains no >> contents that it cannot be indexed? >> >> >> I have tried to index a dummy receipt, Casper Admin says it has indexed >> and it then shows up as YES to index and i can then select the allow >> uninstall, however in the jss web interface both Casper admin and when i >> create a policy the dummy packages shows up as not being indexed and thus >> cannot be uninstalled. >> >> >> Criss >> >> >> Criss Myers >> Senior Customer Support Analyst (Mac Services) >> Apple Certified Technical Coordinator v10.5 >> LIS Business Support Team >> Library 301 >> University of Central Lancashire >> Preston PR1 2HE >> Ex 5054 >> 01772 895054 >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090206/9480f989/attachment.htm From tdossey at amazon.com Fri Feb 6 10:28:35 2009 From: tdossey at amazon.com (Dossey, Timothy) Date: Fri, 6 Feb 2009 10:28:35 -0800 Subject: [Casper] Limiting bandwidth consumption from Casper? Message-ID: Hey guys, I've got an issue where updates pushed from Casper are taking all available bandwidth to a remote site. Has anyone dealt with this issue before? I'd imagine the easiest way to deal with it would be to limit the connection speed from the server on the networking side of things, but I figured I'd ask if anyone had come up with something more eloquent. Thanks! Tim Dossey Client Engineering Amazon.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090206/330d9811/attachment.htm From tlarki at kckps.org Mon Feb 9 07:51:07 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 09 Feb 2009 09:51:07 -0600 Subject: [Casper] mass deploying server Message-ID: <498FFC8B.7141.0039.0@kckps.org> I know this has been asked before but I am looking at different methods of installing OS X server at our work. It seems like one of the ways that on paper may work the best is just creating an image of the installer DVD and then using the bless command to have the servers netboot to that image and installing it over ARD admin. Anyone done this? Are you using casper? How do you handle post image configurations and license serial numbers for the OS X Server? thanks ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/9b377eca/attachment.html From miles.leacy at themacadmin.com Mon Feb 9 07:58:42 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Mon, 9 Feb 2009 10:58:42 -0500 Subject: [Casper] mass deploying server In-Reply-To: <498FFC8B.7141.0039.0@kckps.org> References: <498FFC8B.7141.0039.0@kckps.org> Message-ID: I am managing servers via Casper. I have created an OS package/image using Composer after installing Mac OS X Server, but before configuring any services. I change the serial number and network settings via serversetup ( found at /System/Library/ServerSetup/serversetup) and networksetup scripts. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/9 Thomas Larkin > I know this has been asked before but I am looking at different methods > of installing OS X server at our work. It seems like one of the ways that > on paper may work the best is just creating an image of the installer DVD > and then using the bless command to have the servers netboot to that image > and installing it over ARD admin. > > Anyone done this? Are you using casper? How do you handle post image > configurations and license serial numbers for the OS X Server? > > thanks > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/95e8c338/attachment.html From tlarki at kckps.org Mon Feb 9 08:08:18 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 09 Feb 2009 10:08:18 -0600 Subject: [Casper] mass deploying server In-Reply-To: References: <498FFC8B.7141.0039.0@kckps.org> Message-ID: <49900092.7141.0039.0@kckps.org> Do you image them remotely with ARD admin? ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/09/09 9:58 AM >>> I am managing servers via Casper. I have created an OS package/image using Composer after installing Mac OS X Server, but before configuring any services. I change the serial number and network settings via serversetup ( found at /System/Library/ServerSetup/serversetup) and networksetup scripts. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/9 Thomas Larkin I know this has been asked before but I am looking at different methods of installing OS X server at our work. It seems like one of the ways that on paper may work the best is just creating an image of the installer DVD and then using the bless command to have the servers netboot to that image and installing it over ARD admin. Anyone done this? Are you using casper? How do you handle post image configurations and license serial numbers for the OS X Server? thanks ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/5fd22582/attachment.html From Dustin.Dorey at district196.org Mon Feb 9 08:18:01 2009 From: Dustin.Dorey at district196.org (Dorey, Dustin) Date: Mon, 9 Feb 2009 10:18:01 -0600 Subject: [Casper] mass deploying server In-Reply-To: <49900092.7141.0039.0@kckps.org> References: <498FFC8B.7141.0039.0@kckps.org> <49900092.7141.0039.0@kckps.org> Message-ID: If you are using one of the netinstall sets created by the casper netinstall creater from the resource kit I didn?think you could ARD in? We?ve been having issues with that since we were netbooting tons of machines and then kicking them off in batches remotely with ARD during our summer imaging. And with the netinstall set created from the resource kit we haven?t been able to do that. Are we just missing something here? -Dusty- Dustin Dorey Technology Support Cluster Specialist ISD 196 Apple Valley, Eagan, Rosemount dustin.dorey at district196.org 952|423|7971 From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of Thomas Larkin Sent: Monday, February 09, 2009 10:08 AM To: Miles Leacy Cc: casper at list.jamfsoftware.com Subject: Re: [Casper] mass deploying server Do you image them remotely with ARD admin? ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/09/09 9:58 AM >>> I am managing servers via Casper. I have created an OS package/image using Composer after installing Mac OS X Server, but before configuring any services. I change the serial number and network settings via serversetup ( found at /System/Library/ServerSetup/serversetup) and networksetup scripts. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/9 Thomas Larkin I know this has been asked before but I am looking at different methods of installing OS X server at our work. It seems like one of the ways that on paper may work the best is just creating an image of the installer DVD and then using the bless command to have the servers netboot to that image and installing it over ARD admin. Anyone done this? Are you using casper? How do you handle post image configurations and license serial numbers for the OS X Server? thanks ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/7ed6d0de/attachment.htm From tlarki at kckps.org Mon Feb 9 08:31:30 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 09 Feb 2009 10:31:30 -0600 Subject: [Casper] mass deploying server In-Reply-To: References: <498FFC8B.7141.0039.0@kckps.org> <49900092.7141.0039.0@kckps.org> Message-ID: <499005FE.7141.0039.0@kckps.org> That is basically what I want to do. Upon reading on some solutions it was suggested by an Apple SE to just create an image of the Installer DVD with disk utility and then mount it on a server. Then use ARD admin and use the bless command to netboot it to that volume and then I should be able to do installs over ARD admin. I would also like to create a RAID 1 for the OS as well. I can use a script to do that. I am just trying to automate this so I can image all 30 servers in like one day and then configure them in one day as well so I can get working on making the end user experience more pleasant for this next coming school year. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Dorey, Dustin" 02/09/09 10:18 AM >>> If you are using one of the netinstall sets created by the casper netinstall creater from the resource kit I didn?think you could ARD in? We?ve been having issues with that since we were netbooting tons of machines and then kicking them off in batches remotely with ARD during our summer imaging. And with the netinstall set created from the resource kit we haven?t been able to do that. Are we just missing something here? -Dusty- Dustin Dorey Technology Support Cluster Specialist ISD 196 Apple Valley, Eagan, Rosemount dustin.dorey at district196.org 952|423|7971 From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of Thomas Larkin Sent: Monday, February 09, 2009 10:08 AM To: Miles Leacy Cc: casper at list.jamfsoftware.com Subject: Re: [Casper] mass deploying server Do you image them remotely with ARD admin? ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/09/09 9:58 AM >>> I am managing servers via Casper. I have created an OS package/image using Composer after installing Mac OS X Server, but before configuring any services. I change the serial number and network settings via serversetup ( found at /System/Library/ServerSetup/serversetup) and networksetup scripts. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/9 Thomas Larkin I know this has been asked before but I am looking at different methods of installing OS X server at our work. It seems like one of the ways that on paper may work the best is just creating an image of the installer DVD and then using the bless command to have the servers netboot to that image and installing it over ARD admin. Anyone done this? Are you using casper? How do you handle post image configurations and license serial numbers for the OS X Server? thanks ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/dc124c15/attachment.html From eyoung at thayer.org Mon Feb 9 10:25:18 2009 From: eyoung at thayer.org (Eric Young) Date: Mon, 9 Feb 2009 13:25:18 -0500 Subject: [Casper] Stuck print queues Message-ID: anyone figure out a way to clear local print queues en mass? Having an issue where a lab full of machines will all stop printing when one or more stations sends a bad job. These are local queues managed by WGM. Right now, I am hitting every machine individually to clear stuck jobs. It seems to me there should be a way to blast a script or some such, that clears a specific print queue for a whole lab. any clues would be greatly appreciated. -------------------------------------------------------------------------------------------- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. --Bene Gesserit Litany (Frank Herbert) -------------------------------------------------------------------------- Eric Young eyoung at thayer.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/43894929/attachment.htm From Dustin.Dorey at district196.org Mon Feb 9 10:31:21 2009 From: Dustin.Dorey at district196.org (Dorey, Dustin) Date: Mon, 9 Feb 2009 12:31:21 -0600 Subject: [Casper] Stuck print queues In-Reply-To: References: Message-ID: cancel -a - in unix should do it. Put it in a shell script or run it in a policy or whatever. -Dusty- Dustin Dorey Technology Support Cluster Specialist ISD 196 Apple Valley, Eagan, Rosemount dustin.dorey at district196.org 952|423|7971 From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of Eric Young Sent: Monday, February 09, 2009 12:25 PM To: Casper Listserv Subject: [Casper] Stuck print queues anyone figure out a way to clear local print queues en mass? Having an issue where a lab full of machines will all stop printing when one or more stations sends a bad job. These are local queues managed by WGM. Right now, I am hitting every machine individually to clear stuck jobs. It seems to me there should be a way to blast a script or some such, that clears a specific print queue for a whole lab. any clues would be greatly appreciated. ------------------------------------------------------------------------ -------------------- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. --Bene Gesserit Litany (Frank Herbert) ------------------------------------------------------------------------ -- Eric Young eyoung at thayer.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/9dcfa0df/attachment.htm From RobbGibson at OfficeMax.com Mon Feb 9 10:45:07 2009 From: RobbGibson at OfficeMax.com (Gibson, Robb) Date: Mon, 09 Feb 2009 12:45:07 -0600 Subject: [Casper] Maintenance In-Reply-To: Message-ID: Same here on the weekly maintenance. I?ve also created some ongoing policies that are available to the users in the Self Service application. Most of them are simple rm scripts that the end user can launch. * Reset Suitcase X1 ? deletes the Suitcase Server Fonts and Suitcase plist files in the user?s home folder. * Delete InDesign Cache ? deletes the Adobe InDesign folder in the user?s home folder/Library/Caches/ * Delete the Microsoft Office font database - deletes the font database file for either Office 2004 or 2008 in the user?s Microsoft preferences folder. Robb Gibson System Engineer - eMMS, Publishing Systems OfficeMax : 263 Shuman Blvd. : Naperville, IL 60563 (630) 864-5242 On 1/28/09 7:37 AM, "Nichols, Jared" wrote: > Cool. Thus far, I have a weekly maintenance policy that: > ? Fixes permissions > ? Flushes user caches > ? Flushes system caches. > > Currently, there is no forced reboot with this policy. At the moment, we have > a customer group that is determining exactly what they want for a standard > desktop ? this includes Mac and PC, what kind of maintenance windows will be > ok, applications that are centrally supported/distributed etc etc. So, much > of what I need is waiting for them. This will determine things such as > software update frequency/mandatory-ness. > > Question: Does flushing the user cache kill the font cache as well? Does > doing so seem to solve the issue with Office 2008 complaining about corrupt > fonts? > > Thanks > > j > > > On 1/27/09 14:16 , "Smith, William" wrote: > >> We have a shared computer environment, so login/logout is well-practiced >> here. >> >> I clear user caches and Quark jaws font caches at logout and run weekly >> maintenance (repair permissions, clear user/system caches, etc.) with a >> reboot at the end. I also have Symantec Antivirus check daily for updates >> from our internal LiveUpdate server. >> >> Just this little bit and I have little to no user support calls with regard >> to Mac OS, application or font issues. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/b2fa9cbc/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 4528 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/b2fa9cbc/attachment.gif From eyoung at thayer.org Mon Feb 9 11:11:51 2009 From: eyoung at thayer.org (Eric Young) Date: Mon, 9 Feb 2009 14:11:51 -0500 Subject: [Casper] Stuck print queues In-Reply-To: References: Message-ID: <2711B54A-3DEA-47D6-BD1A-C069A6B1EA63@thayer.org> well that works a treat. Course now I have paused queues for the printer :-) ---------------------------------------------------------------------------------------------- Eric Young eyoung at thayer.org 781-664-2286 Work I am among those who think that science has great beauty. A scientist in his laboratory is not only a technician: he is also a child placed before natural phenomena which impress him like a fairy tale. - Marie Curie On Feb 9, 2009, at 1:30 PM, Brenner, John wrote: > You should be able to send a cancel ?a ? shell script via casper. > > > On 2/9/09 12:25 PM, "Eric Young" wrote: > >> anyone figure out a way to clear local print queues en mass? >> >> Having an issue where a lab full of machines will all stop printing >> when one or more stations sends a bad job. These are local queues >> managed by WGM. Right now, I am hitting every machine individually >> to clear stuck jobs. >> >> It seems to me there should be a way to blast a script or some >> such, that clears a specific print queue for a whole lab. >> >> any clues would be greatly appreciated. >> >> >> >> >> >> -------------------------------------------------------------------------------------------- >> I must not fear. Fear is the mind-killer. >> Fear is the little-death that brings total obliteration. >> I will face my fear. I will permit it to pass over me and through me. >> And when it has gone past I will turn the inner eye to see its path. >> Where the fear has gone there will be nothing. >> Only I will remain. >> --Bene Gesserit Litany (Frank Herbert) >> -------------------------------------------------------------------------- >> Eric Young >> eyoung at thayer.org >> >> >> >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > John Brenner | Merrill Corporation | IOG IT | > 651-632-4072 > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/a709a299/attachment.htm From eyoung at thayer.org Mon Feb 9 11:41:41 2009 From: eyoung at thayer.org (Eric Young) Date: Mon, 9 Feb 2009 14:41:41 -0500 Subject: [Casper] Stuck print queues In-Reply-To: <2711B54A-3DEA-47D6-BD1A-C069A6B1EA63@thayer.org> References: <2711B54A-3DEA-47D6-BD1A-C069A6B1EA63@thayer.org> Message-ID: Upon further digging it seems that 10.5 does not have the enable command in its /usr/bin. Odd that part of the tools set would be there (cancel -a -) but not the rest. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A cynic is a man who, when he smells flowers, looks around for a coffin. --H. L. Mencken Eric Young eyoung at thayer.org On Feb 9, 2009, at 2:11 PM, Eric Young wrote: > well that works a treat. Course now I have paused queues for the > printer :-) > > > ---------------------------------------------------------------------------------------------- > Eric Young > eyoung at thayer.org > 781-664-2286 Work > > I am among those who think that science has great beauty. A > scientist in his laboratory is not only a technician: he is also a > child placed before natural phenomena which impress him like a fairy > tale. > - Marie Curie > > > On Feb 9, 2009, at 1:30 PM, Brenner, John wrote: > >> You should be able to send a cancel ?a ? shell script via casper. >> >> >> On 2/9/09 12:25 PM, "Eric Young" wrote: >> >>> anyone figure out a way to clear local print queues en mass? >>> >>> Having an issue where a lab full of machines will all stop >>> printing when one or more stations sends a bad job. These are >>> local queues managed by WGM. Right now, I am hitting every >>> machine individually to clear stuck jobs. >>> >>> It seems to me there should be a way to blast a script or some >>> such, that clears a specific print queue for a whole lab. >>> >>> any clues would be greatly appreciated. >>> >>> >>> >>> >>> >>> -------------------------------------------------------------------------------------------- >>> I must not fear. Fear is the mind-killer. >>> Fear is the little-death that brings total obliteration. >>> I will face my fear. I will permit it to pass over me and through >>> me. >>> And when it has gone past I will turn the inner eye to see its path. >>> Where the fear has gone there will be nothing. >>> Only I will remain. >>> --Bene Gesserit Litany (Frank Herbert) >>> -------------------------------------------------------------------------- >>> Eric Young >>> eyoung at thayer.org >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Casper mailing list >>> Casper at list.jamfsoftware.com >>> http://list.jamfsoftware.com/mailman/listinfo/casper >> John Brenner | Merrill Corporation | IOG IT | >> 651-632-4072 >> >> >> > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/b7ca253e/attachment.html From rharter at uwsp.edu Mon Feb 9 13:02:51 2009 From: rharter at uwsp.edu (Ryan Harter) Date: Mon, 9 Feb 2009 15:02:51 -0600 Subject: [Casper] Stuck print queues In-Reply-To: <2711B54A-3DEA-47D6-BD1A-C069A6B1EA63@thayer.org> References: <2711B54A-3DEA-47D6-BD1A-C069A6B1EA63@thayer.org> Message-ID: Part of the problem is that in Leopard the default job fail procedure is to pause the printer. Now that you need admin privs to unpause the printer, this can be bothersome. I've got a script that runs at login the ensures the correct printer is default, and I added this section to the end to change the default error-policy on all printers to abort job. This has really reduced the calls we get from labs saying the printers are paused. #!/bin/bash printers=`lpstat -a | awk '{print $1}'` for printer in $printers do echo "Changing error policy on $printer" lpadmin -p "$printer" -o printer-error-policy=abort-job done exit Hope it helps. Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu On Feb 9, 2009, at 1:11 PM, Eric Young wrote: > well that works a treat. Course now I have paused queues for the > printer :-) > > > ---------------------------------------------------------------------------------------------- > Eric Young > eyoung at thayer.org > 781-664-2286 Work > > I am among those who think that science has great beauty. A > scientist in his laboratory is not only a technician: he is also a > child placed before natural phenomena which impress him like a fairy > tale. > - Marie Curie > > > On Feb 9, 2009, at 1:30 PM, Brenner, John wrote: > >> You should be able to send a cancel ?a ? shell script via casper. >> >> >> On 2/9/09 12:25 PM, "Eric Young" wrote: >> >>> anyone figure out a way to clear local print queues en mass? >>> >>> Having an issue where a lab full of machines will all stop >>> printing when one or more stations sends a bad job. These are >>> local queues managed by WGM. Right now, I am hitting every >>> machine individually to clear stuck jobs. >>> >>> It seems to me there should be a way to blast a script or some >>> such, that clears a specific print queue for a whole lab. >>> >>> any clues would be greatly appreciated. >>> >>> >>> >>> >>> >>> -------------------------------------------------------------------------------------------- >>> I must not fear. Fear is the mind-killer. >>> Fear is the little-death that brings total obliteration. >>> I will face my fear. I will permit it to pass over me and through >>> me. >>> And when it has gone past I will turn the inner eye to see its path. >>> Where the fear has gone there will be nothing. >>> Only I will remain. >>> --Bene Gesserit Litany (Frank Herbert) >>> -------------------------------------------------------------------------- >>> Eric Young >>> eyoung at thayer.org >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Casper mailing list >>> Casper at list.jamfsoftware.com >>> http://list.jamfsoftware.com/mailman/listinfo/casper >> John Brenner | Merrill Corporation | IOG IT | >> 651-632-4072 >> >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/4b1f3ecd/attachment.html From ron.prue at mynoahs.com Mon Feb 9 19:06:40 2009 From: ron.prue at mynoahs.com (Ron Prue) Date: Mon, 9 Feb 2009 20:06:40 -0700 Subject: [Casper] Menubar Items Message-ID: <43DF98E0-9AF7-4E39-9E60-766EC30D6637@mynoahs.com> Hello, I have deployed an image for 11 iMacs but have had a tough time getting rid of menubar items. They are removed when I am booted from an external drive containing the partition I image, but after that image is deployed to all the iMacs I get Time Machine, Airport and other unwanted menubar items again. I have searched for a script to run after imaging to solve this with no success. Do any of you have a script you use or another solution to remove unwanted menubar items? Thanks in advance. Ron Prue Technical Services Noah Corporation 435.214.2928 ron.prue at mynoahs.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/7918fa11/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: Noahs Logo.png Type: image/png Size: 11936 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090209/7918fa11/attachment.png From CMyers at uclan.ac.uk Tue Feb 10 03:53:42 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Tue, 10 Feb 2009 11:53:42 +0000 Subject: [Casper] HTTP and the JSS Message-ID: <49916AC6.BB96.0081.0@uclan.ac.uk> Hi, I dont use HTTP for my distribution points so in the JSS web i have it turned off for my distribution points, however everytime i load the jss setup utility and login to the server it turns on the http, Does anyone else get this and how do i stop it happening? The http messes up my pkg packages as it tries to use http for pkg packages which thus doesnt work. Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/b251ecb3/attachment.htm From dustin.dorey at district196.org Tue Feb 10 05:48:07 2009 From: dustin.dorey at district196.org (Dustin Dorey) Date: Tue, 10 Feb 2009 07:48:07 -0600 Subject: [Casper] HTTP and the JSS In-Reply-To: <49916AC6.BB96.0081.0@uclan.ac.uk> References: <49916AC6.BB96.0081.0@uclan.ac.uk> Message-ID: <1234273687.5695.1.camel@do-a-doreynix> We've got that too, I've spoken with JAMF about it already so it's a known issue. You kind of just get used to it for now I guess. I just know that when I launch the JSS setup util that I'm going to have to go in and turn off http for that distribution point. I'm sure they'll fix that in the future though as it's annoying. -Dusty- -- Dustin Dorey Independent School District 196 Technology Support Cluster Specialist 14445 Diamond Path West Rosemount, MN 55068 952|423|7971 dustin.dorey at district196.org From eyoung at thayer.org Tue Feb 10 05:54:54 2009 From: eyoung at thayer.org (Eric Young) Date: Tue, 10 Feb 2009 08:54:54 -0500 Subject: [Casper] Stuck print queues In-Reply-To: References: <2711B54A-3DEA-47D6-BD1A-C069A6B1EA63@thayer.org> Message-ID: <54C5C593-AFB0-4AAB-8B23-914CF03E6BF7@thayer.org> hmm. The script errors out with command not found.... These are local print queues that were setup via WGM. ... not sure if lpadmin is applicable. echo Changing error policy on Color_next_to_me_IPP: command not found ------------------------------------------------ I'm living so far beyond my income that we may almost be said to be living apart. - ee cummings Eric Young eyoung at thayer.org On Feb 9, 2009, at 4:02 PM, Ryan Harter wrote: > Part of the problem is that in Leopard the default job fail > procedure is to pause the printer. Now that you need admin privs to > unpause the printer, this can be bothersome. > > I've got a script that runs at login the ensures the correct printer > is default, and I added this section to the end to change the > default error-policy on all printers to abort job. This has really > reduced the calls we get from labs saying the printers are paused. > > #!/bin/bash > > printers=`lpstat -a | awk '{print $1}'` > for printer in $printers > do > echo "Changing error policy on $printer" > lpadmin -p "$printer" -o printer-error-policy=abort-job > done > > exit > > Hope it helps. > > Ryan Harter > UW - Stevens Point > Workstation Developer > 715.346.2716 > Ryan.Harter at uwsp.edu > > On Feb 9, 2009, at 1:11 PM, Eric Young wrote: > >> well that works a treat. Course now I have paused queues for the >> printer :-) >> >> >> ---------------------------------------------------------------------------------------------- >> Eric Young >> eyoung at thayer.org >> 781-664-2286 Work >> >> I am among those who think that science has great beauty. A >> scientist in his laboratory is not only a technician: he is also a >> child placed before natural phenomena which impress him like a >> fairy tale. >> - Marie Curie >> >> >> On Feb 9, 2009, at 1:30 PM, Brenner, John wrote: >> >>> You should be able to send a cancel ?a ? shell script via casper. >>> >>> >>> On 2/9/09 12:25 PM, "Eric Young" wrote: >>> >>>> anyone figure out a way to clear local print queues en mass? >>>> >>>> Having an issue where a lab full of machines will all stop >>>> printing when one or more stations sends a bad job. These are >>>> local queues managed by WGM. Right now, I am hitting every >>>> machine individually to clear stuck jobs. >>>> >>>> It seems to me there should be a way to blast a script or some >>>> such, that clears a specific print queue for a whole lab. >>>> >>>> any clues would be greatly appreciated. >>>> >>>> >>>> >>>> >>>> >>>> -------------------------------------------------------------------------------------------- >>>> I must not fear. Fear is the mind-killer. >>>> Fear is the little-death that brings total obliteration. >>>> I will face my fear. I will permit it to pass over me and through >>>> me. >>>> And when it has gone past I will turn the inner eye to see its >>>> path. >>>> Where the fear has gone there will be nothing. >>>> Only I will remain. >>>> --Bene Gesserit Litany (Frank Herbert) >>>> -------------------------------------------------------------------------- >>>> Eric Young >>>> eyoung at thayer.org >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Casper mailing list >>>> Casper at list.jamfsoftware.com >>>> http://list.jamfsoftware.com/mailman/listinfo/casper >>> John Brenner | Merrill Corporation | IOG IT | >>> 651-632-4072 >>> >>> >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/b1b5ab33/attachment.html From tlarki at kckps.org Tue Feb 10 06:21:21 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 10 Feb 2009 08:21:21 -0600 Subject: [Casper] Menubar Items In-Reply-To: <43DF98E0-9AF7-4E39-9E60-766EC30D6637@mynoahs.com> References: <43DF98E0-9AF7-4E39-9E60-766EC30D6637@mynoahs.com> Message-ID: <49913901.7141.0039.0@kckps.org> Ron I went through the same thing last year. What I do is create a nested group of all my groups that I need to manage the menu bar for in WGM. Then, select your nested group and select preferences. Once the preferences pane opens, you need to click on the details tab. Add the following application by hitting the plus sign, /System/Library/CoreServices/Managedclient/.app. Once you add that you can manage the menu items. For example I got rid of TimeMachine on every mac in our network because i did not want to support it. So, I used this method. You should create a new key, and say always, then choose your menu item of choice you wish to manage, choose boolean for the type and choose false for the value. Linked is what it should look like once you add in the proper settings. http://i120.photobucket.com/albums/o189/tlarkin80/Picture1-3.png Then MCX will push this out to every machine on your network and you can then manage menu items. I already put in a request to Apple to actually just make a menu items menu in WGM instead of doing it this way. I also submitted this as a hint on OS X Hints website found here: http://www.macosxhints.com/article.php?story=20080801104313882 ( http://www.macosxhints.com/article.php?story=20080801104313882 ) This should do what you want. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Ron Prue 02/09/09 9:06 PM >>> Hello, I have deployed an image for 11 iMacs but have had a tough time getting rid of menubar items. They are removed when I am booted from an external drive containing the partition I image, but after that image is deployed to all the iMacs I get Time Machine, Airport and other unwanted menubar items again. I have searched for a script to run after imaging to solve this with no success. Do any of you have a script you use or another solution to remove unwanted menubar items? Thanks in advance. Ron Prue Technical Services Noah Corporation 435.214.2928 ron.prue at mynoahs.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/1125761a/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 11936 bytes Desc: Portable Network Graphics Format Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/1125761a/attachment.png From CMyers at uclan.ac.uk Tue Feb 10 06:30:15 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Tue, 10 Feb 2009 14:30:15 +0000 Subject: [Casper] Menubar Items In-Reply-To: <49913901.7141.0039.0@kckps.org> References: <43DF98E0-9AF7-4E39-9E60-766EC30D6637@mynoahs.com> <49913901.7141.0039.0@kckps.org> Message-ID: <49918F77.BB96.0081.0@uclan.ac.uk> Hi Thomas I just emailed him a copy of my mcx file to edit as he pleased and then suggested he put it in /Library/Managed Preferences/ in case he didnt have WGM, would that work? Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Tue, Feb 10, 2009 at 2:21 PM, in message <49913901.7141.0039.0 at kckps.org>, "Thomas Larkin" wrote: Ron I went through the same thing last year. What I do is create a nested group of all my groups that I need to manage the menu bar for in WGM. Then, select your nested group and select preferences. Once the preferences pane opens, you need to click on the details tab. Add the following application by hitting the plus sign, /System/Library/CoreServices/Managedclient/.app. Once you add that you can manage the menu items. For example I got rid of TimeMachine on every mac in our network because i did not want to support it. So, I used this method. You should create a new key, and say always, then choose your menu item of choice you wish to manage, choose boolean for the type and choose false for the value. Linked is what it should look like once you add in the proper settings. http://i120.photobucket.com/albums/o189/tlarkin80/Picture1-3.png Then MCX will push this out to every machine on your network and you can then manage menu items. I already put in a request to Apple to actually just make a menu items menu in WGM instead of doing it this way. I also submitted this as a hint on OS X Hints website found here: http://www.macosxhints.com/article.php?story=20080801104313882 ( http://www.macosxhints.com/article.php?story=20080801104313882 ) This should do what you want. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Ron Prue 02/09/09 9:06 PM >>> Hello, I have deployed an image for 11 iMacs but have had a tough time getting rid of menubar items. They are removed when I am booted from an external drive containing the partition I image, but after that image is deployed to all the iMacs I get Time Machine, Airport and other unwanted menubar items again. I have searched for a script to run after imaging to solve this with no success. Do any of you have a script you use or another solution to remove unwanted menubar items? Thanks in advance. Ron Prue Technical Services Noah Corporation 435.214.2928 ron.prue at mynoahs.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/f1f1287a/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 11936 bytes Desc: Portable Network Graphics Format Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/f1f1287a/attachment.png From rharter at uwsp.edu Tue Feb 10 07:09:51 2009 From: rharter at uwsp.edu (Ryan Harter) Date: Tue, 10 Feb 2009 09:09:51 -0600 Subject: [Casper] Menubar Items In-Reply-To: <49918F77.BB96.0081.0@uclan.ac.uk> References: <43DF98E0-9AF7-4E39-9E60-766EC30D6637@mynoahs.com> <49913901.7141.0039.0@kckps.org> <49918F77.BB96.0081.0@uclan.ac.uk> Message-ID: Incase you don't have WGM, here is a script I use to make Time Machine go the way of the dodo. #!/bin/sh # killTimeMachine.sh # # # Created by Harter, Ryan on 11/12/08. # Copyright 2008 UWSP. All rights reserved. # Disable Time Machine /usr/bin/defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool YES /usr/bin/defaults write /Library/Preferences/com.apple.TimeMachine AutoBackup -bool NO # Stop putting it in the dock /usr/libexec/PlistBuddy -c "Delete :add-app:0:path" /Library/ Preferences/com.apple.dockfixup.plist # Get it out of the menu /bin/mv "/System/Library/CoreServices/Menu Extras/TimeMachine.menu" "/ System/Library/CoreServices/Menu Extras/TimeMachine.menu.bac" The menu portion should be similar for any other menu items you want to remove. I think this was inspired by something in the Resource Kit, but can't quite remember. Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu On Feb 10, 2009, at 8:30 AM, Criss Myers wrote: > Hi Thomas > > I just emailed him a copy of my mcx file to edit as he pleased and > then suggested he put it in /Library/Managed Preferences/ > > in case he didnt have WGM, > > would that work? > > Criss > > > Criss Myers > Senior Customer Support Analyst (Mac Services) > Apple Certified Technical Coordinator v10.5 > LIS Business Support Team > Library 301 > University of Central Lancashire > Preston PR1 2HE > Ex 5054 > 01772 895054 > > >>> On Tue, Feb 10, 2009 at 2:21 PM, in message <49913901.7141.0039.0 at kckps.org > >, "Thomas Larkin" wrote: > Ron > > I went through the same thing last year. What I do is create a > nested group of all my groups that I need to manage the menu bar for > in WGM. Then, select your nested group and select preferences. > Once the preferences pane opens, you need to click on the details > tab. Add the following application by hitting the plus sign, / > System/Library/CoreServices/Managedclient/.app. Once you add that > you can manage the menu items. For example I got rid of TimeMachine > on every mac in our network because i did not want to support it. > So, I used this method. You should create a new key, and say > always, then choose your menu item of choice you wish to manage, > choose boolean for the type and choose false for the value. Linked > is what it should look like once you add in the proper settings. > > http://i120.photobucket.com/albums/o189/tlarkin80/Picture1-3.png > > Then MCX will push this out to every machine on your network and you > can then manage menu items. I already put in a request to Apple to > actually just make a menu items menu in WGM instead of doing it this > way. > > I also submitted this as a hint on OS X Hints website found here: > > http://www.macosxhints.com/article.php?story=20080801104313882 > > This should do what you want. > > > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > >>> Ron Prue 02/09/09 9:06 PM >>> > Hello, > > I have deployed an image for 11 iMacs but have had a tough time > getting rid of menubar items. They are removed when I am booted > from an external drive containing the partition I image, but after > that image is deployed to all the iMacs I get Time Machine, Airport > and other unwanted menubar items again. > > I have searched for a script to run after imaging to solve this with > no success. Do any of you have a script you use or another solution > to remove unwanted menubar items? > > Thanks in advance. > > Ron Prue > Technical Services > Noah Corporation > 435.214.2928 > ron.prue at mynoahs.com > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/ade5bcc1/attachment.htm From rharter at uwsp.edu Tue Feb 10 07:18:08 2009 From: rharter at uwsp.edu (Ryan Harter) Date: Tue, 10 Feb 2009 09:18:08 -0600 Subject: [Casper] Menubar Items In-Reply-To: References: <43DF98E0-9AF7-4E39-9E60-766EC30D6637@mynoahs.com> <49913901.7141.0039.0@kckps.org> <49918F77.BB96.0081.0@uclan.ac.uk> Message-ID: <58CBDA58-3413-40A0-8912-D4F72776B391@uwsp.edu> I should add that PlistBuddy was not always included in OS X, you may need to run "/usr/bin/locate PlistBuddy | sed 2,10000d" and then use the one you find. If it wasn't included then it was generally found in package receipts. Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu On Feb 10, 2009, at 9:09 AM, Ryan Harter wrote: > Incase you don't have WGM, here is a script I use to make Time > Machine go the way of the dodo. > > #!/bin/sh > > # killTimeMachine.sh > # > # > # Created by Harter, Ryan on 11/12/08. > # Copyright 2008 UWSP. All rights reserved. > > # Disable Time Machine > /usr/bin/defaults write /Library/Preferences/com.apple.TimeMachine > DoNotOfferNewDisksForBackup -bool YES > /usr/bin/defaults write /Library/Preferences/com.apple.TimeMachine > AutoBackup -bool NO > > # Stop putting it in the dock > /usr/libexec/PlistBuddy -c "Delete :add-app:0:path" /Library/ > Preferences/com.apple.dockfixup.plist > > # Get it out of the menu > /bin/mv "/System/Library/CoreServices/Menu Extras/TimeMachine.menu" > "/System/Library/CoreServices/Menu Extras/TimeMachine.menu.bac" > > > The menu portion should be similar for any other menu items you want > to remove. I think this was inspired by something in the Resource > Kit, but can't quite remember. > > Ryan Harter > UW - Stevens Point > Workstation Developer > 715.346.2716 > Ryan.Harter at uwsp.edu > > On Feb 10, 2009, at 8:30 AM, Criss Myers wrote: > >> Hi Thomas >> >> I just emailed him a copy of my mcx file to edit as he pleased and >> then suggested he put it in /Library/Managed Preferences/ >> >> in case he didnt have WGM, >> >> would that work? >> >> Criss >> >> >> Criss Myers >> Senior Customer Support Analyst (Mac Services) >> Apple Certified Technical Coordinator v10.5 >> LIS Business Support Team >> Library 301 >> University of Central Lancashire >> Preston PR1 2HE >> Ex 5054 >> 01772 895054 >> >> >>> On Tue, Feb 10, 2009 at 2:21 PM, in message <49913901.7141.0039.0 at kckps.org >> >, "Thomas Larkin" wrote: >> Ron >> >> I went through the same thing last year. What I do is create a >> nested group of all my groups that I need to manage the menu bar >> for in WGM. Then, select your nested group and select >> preferences. Once the preferences pane opens, you need to click on >> the details tab. Add the following application by hitting the plus >> sign, /System/Library/CoreServices/Managedclient/.app. Once you >> add that you can manage the menu items. For example I got rid of >> TimeMachine on every mac in our network because i did not want to >> support it. So, I used this method. You should create a new key, >> and say always, then choose your menu item of choice you wish to >> manage, choose boolean for the type and choose false for the >> value. Linked is what it should look like once you add in the >> proper settings. >> >> http://i120.photobucket.com/albums/o189/tlarkin80/Picture1-3.png >> >> Then MCX will push this out to every machine on your network and >> you can then manage menu items. I already put in a request to >> Apple to actually just make a menu items menu in WGM instead of >> doing it this way. >> >> I also submitted this as a hint on OS X Hints website found here: >> >> http://www.macosxhints.com/article.php?story=20080801104313882 >> >> This should do what you want. >> >> >> >> >> ___________________________ >> Thomas Larkin >> TIS Department >> KCKPS USD500 >> tlarki at kckps.org >> blackberry: 913-449-7589 >> office: 913-627-0351 >> >> >> >> >> >> >>> Ron Prue 02/09/09 9:06 PM >>> >> Hello, >> >> I have deployed an image for 11 iMacs but have had a tough time >> getting rid of menubar items. They are removed when I am booted >> from an external drive containing the partition I image, but after >> that image is deployed to all the iMacs I get Time Machine, Airport >> and other unwanted menubar items again. >> >> I have searched for a script to run after imaging to solve this >> with no success. Do any of you have a script you use or another >> solution to remove unwanted menubar items? >> >> Thanks in advance. >> >> Ron Prue >> Technical Services >> Noah Corporation >> 435.214.2928 >> ron.prue at mynoahs.com >> >> >> >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/26e77fd0/attachment.html From mfennelly at mitty.com Tue Feb 10 07:53:54 2009 From: mfennelly at mitty.com (Maura Fennelly) Date: Tue, 10 Feb 2009 07:53:54 -0800 Subject: [Casper] Menubar Items In-Reply-To: <43DF98E0-9AF7-4E39-9E60-766EC30D6637@mynoahs.com> References: <43DF98E0-9AF7-4E39-9E60-766EC30D6637@mynoahs.com> Message-ID: The menu bar items are all stored in ~/Library/Preferences/ com.apple.systemuiserver.plist. You do have to use PlistBuddy to script them, because they are nested one level below the top. But PlistBuddy is included in 10.5 (/usr/ libexec/PlistBuddy) On Feb 9, 2009, at 7:06 PM, Ron Prue wrote: > Hello, > > I have deployed an image for 11 iMacs but have had a tough time > getting rid of menubar items. They are removed when I am booted > from an external drive containing the partition I image, but after > that image is deployed to all the iMacs I get Time Machine, Airport > and other unwanted menubar items again. > > I have searched for a script to run after imaging to solve this with > no success. Do any of you have a script you use or another solution > to remove unwanted menubar items? > > Thanks in advance. > > Ron Prue > Technical Services > Noah Corporation > 435.214.2928 > ron.prue at mynoahs.com > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/0eb1b961/attachment.html From Cyrus.Vahhaji at bestbuy.com Tue Feb 10 08:44:42 2009 From: Cyrus.Vahhaji at bestbuy.com (Cyrus Vahhaji) Date: Tue, 10 Feb 2009 10:44:42 -0600 Subject: [Casper] Disaster Recovery Message-ID: I?m looking into implementing Disaster Recovery and wanted to see how users on this list go about doing this for JSS. Currently have two servers dedicated for JSS use. One is the production server running JSS and repository for all data/packages. The other is in stand by in case case primary goes down. What I like to learn is how quickly you can recover if your primary goes down and how you go about backing up/sync to your 2ndry server if any. Thanx in advance Cyrus -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/699256b0/attachment.htm From dustin.dorey at district196.org Tue Feb 10 08:54:30 2009 From: dustin.dorey at district196.org (Dustin Dorey) Date: Tue, 10 Feb 2009 10:54:30 -0600 Subject: [Casper] Disaster Recovery In-Reply-To: References: Message-ID: <1234284870.5694.5.camel@do-a-doreynix> How about using Lingon to setup an rsync job to copy over a bootable drive periodically to a free drive. That way your down time is pretty much the time it takes you to reboot. information can be found here for lingon to schedule the job for you http://www.tuppis.com/lingon/ And here on concepts for rsyncing from our fav Bombich http://www.bombich.com/mactips/image.html -Dusty- On Tue, 2009-02-10 at 10:44 -0600, Cyrus Vahhaji wrote: > I?m looking into implementing Disaster Recovery and wanted to see how > users on this list go about doing this for JSS. Currently have two > servers dedicated for JSS use. One is the production server running > JSS and repository for all data/packages. The other is in stand by in > case case primary goes down. What I like to learn is how quickly you > can recover if your primary goes down and how you go about backing > up/sync to your 2ndry server if any. > > Thanx in advance > Cyrus > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -- Dustin Dorey Independent School District 196 Technology Support Cluster Specialist 14445 Diamond Path West Rosemount, MN 55068 952|423|7971 dustin.dorey at district196.org From miles.leacy at themacadmin.com Tue Feb 10 08:56:54 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Tue, 10 Feb 2009 11:56:54 -0500 Subject: [Casper] Disaster Recovery In-Reply-To: References: Message-ID: I'd say your DR machine ought to serve as a secondary repository that is regularly synched. You should be running regular backups of your JSS, scheduled through JSS Setup Utility and then backed up via whatever backup system you have in place. When disaster strikes, you can run the JSS Setup utility on the DR machine, and import your last backup. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/10 Cyrus Vahhaji > I'm looking into implementing Disaster Recovery and wanted to see how > users on this list go about doing this for JSS. Currently have two servers > dedicated for JSS use. One is the production server running JSS and > repository for all data/packages. The other is in stand by in case case > primary goes down. What I like to learn is how quickly you can recover if > your primary goes down and how you go about backing up/sync to your 2ndry > server if any. > > Thanx in advance > Cyrus > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/8c5f31b9/attachment.htm From ERNSTCS at uwec.edu Tue Feb 10 08:59:23 2009 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Tue, 10 Feb 2009 10:59:23 -0600 Subject: [Casper] Disaster Recovery In-Reply-To: Message-ID: I have our second Mac server setup as a secondary distribution point that gets synchronized automatically each night. I actually have a folder in the same CasperShare folder for the database backups to save to as well so they too get replicated to the other server. In theory, if my primary server bit the dust I should be able to run the JSS Setup Util against the second server, get it installed, then install the most recent nightly JSS Backup already saved up to the server, update the DNS pointer and it's done. Might need to fiddle with user accounts and permissions for the file share as well. Shouldn't take more than 10 minutes though. Someone let me know if my logic is off here. I know I brought up this discussion before as well. Craig E On 2/10/09 10:44 AM, "Cyrus Vahhaji" wrote: I'm looking into implementing Disaster Recovery and wanted to see how users on this list go about doing this for JSS. Currently have two servers dedicated for JSS use. One is the production server running JSS and repository for all data/packages. The other is in stand by in case case primary goes down. What I like to learn is how quickly you can recover if your primary goes down and how you go about backing up/sync to your 2ndry server if any. Thanx in advance Cyrus -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/d5dfc026/attachment.html From miles.leacy at themacadmin.com Tue Feb 10 09:06:01 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Tue, 10 Feb 2009 12:06:01 -0500 Subject: [Casper] Disaster Recovery In-Reply-To: References: Message-ID: Craig's setup sounds great. If you use LDAP (OD, AD or other) accounts in your JSS, you can avoid any account issues. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/10 Ernst, Craig S. > I have our second Mac server setup as a secondary distribution point that > gets synchronized automatically each night. I actually have a folder in the > same CasperShare folder for the database backups to save to as well so they > too get replicated to the other server. > > In theory, if my primary server bit the dust I should be able to run the > JSS Setup Util against the second server, get it installed, then install the > most recent nightly JSS Backup already saved up to the server, update the > DNS pointer and it's done. Might need to fiddle with user accounts and > permissions for the file share as well. Shouldn't take more than 10 minutes > though. > > Someone let me know if my logic is off here. I know I brought up this > discussion before as well. > > Craig E > > > > On 2/10/09 10:44 AM, "Cyrus Vahhaji" wrote: > > I'm looking into implementing Disaster Recovery and wanted to see how users > on this list go about doing this for JSS. Currently have two servers > dedicated for JSS use. One is the production server running JSS and > repository for all data/packages. The other is in stand by in case case > primary goes down. What I like to learn is how quickly you can recover if > your primary goes down and how you go about backing up/sync to your 2ndry > server if any. > > Thanx in advance > Cyrus > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/b30c8ff1/attachment.htm From tlarki at kckps.org Tue Feb 10 09:06:04 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 10 Feb 2009 11:06:04 -0600 Subject: [Casper] Menubar Items In-Reply-To: References: <43DF98E0-9AF7-4E39-9E60-766EC30D6637@mynoahs.com> Message-ID: <49915F9C.7141.0039.0@kckps.org> I will just add, if you aren't using OS X Server and MCX to manage your clients you may want to seriously consider doing so. It will save you so much time and effort and if you miss something in your image you can always fix it with nested group preferences. It is worth every penny of what it costs to set it up. Now, I will get off my soap box and go back to work Thanks ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Maura Fennelly 02/10/09 9:53 AM >>> The menu bar items are all stored in ~/Library/Preferences/com.apple.systemuiserver.plist. You do have to use PlistBuddy to script them, because they are nested one level below the top. But PlistBuddy is included in 10.5 (/usr/libexec/PlistBuddy) On Feb 9, 2009, at 7:06 PM, Ron Prue wrote: Hello, I have deployed an image for 11 iMacs but have had a tough time getting rid of menubar items. They are removed when I am booted from an external drive containing the partition I image, but after that image is deployed to all the iMacs I get Time Machine, Airport and other unwanted menubar items again. I have searched for a script to run after imaging to solve this with no success. Do any of you have a script you use or another solution to remove unwanted menubar items? Thanks in advance. Ron Prue Technical Services Noah Corporation 435.214.2928 ron.prue at mynoahs.com _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/b9fd9af3/attachment.html From tlarki at kckps.org Tue Feb 10 09:09:12 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 10 Feb 2009 11:09:12 -0600 Subject: [Casper] Disaster Recovery In-Reply-To: References: Message-ID: <49916058.7141.0039.0@kckps.org> I have an ODM back up, that is sync'd and is set to a replica. In the case of failure I would demote the ODM to a stand alone via server admin, and promote the replica to the Master server. It is a server that just sits there and does nothing besides sync LDAP. For my casper servers, I would just load the JSS on one of my xserve distribution points and then create a policy that edits the /etc/jamf.conf and points it to the new JSS master while the other one is being worked on. >>> Miles Leacy 02/10/09 10:56 AM >>> I'd say your DR machine ought to serve as a secondary repository that is regularly synched. You should be running regular backups of your JSS, scheduled through JSS Setup Utility and then backed up via whatever backup system you have in place. When disaster strikes, you can run the JSS Setup utility on the DR machine, and import your last backup. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/10 Cyrus Vahhaji I'm looking into implementing Disaster Recovery and wanted to see how users on this list go about doing this for JSS. Currently have two servers dedicated for JSS use. One is the production server running JSS and repository for all data/packages. The other is in stand by in case case primary goes down. What I like to learn is how quickly you can recover if your primary goes down and how you go about backing up/sync to your 2ndry server if any. Thanx in advance Cyrus _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/7388cad8/attachment.htm From eric.winkelhake at mundocomww.com Tue Feb 10 09:41:42 2009 From: eric.winkelhake at mundocomww.com (Eric Winkelhake) Date: Tue, 10 Feb 2009 11:41:42 -0600 Subject: [Casper] local drive imaging Message-ID: is anyone imaging machines with a local drive?? i've tried syncing a few times to an external fw drive and can't seem to get casper remote to recognize the data correctly. casper admin seems just fine but casper remote sees most of the packages as unknown and most of the image configs as only having a few packages. anyone seen this issue? i'm using v6.01 by the way. eric winkelhake mundocomww office 312 220 1669 cell 312 504 5155 ------------------------------------------------------------------------ Disclaimer The information in this email and any attachments may contain proprietary and confidential information that is intended for the addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, retention or use of the contents of this information is prohibited. When addressed to our clients or vendors, any information contained in this e-mail or any attachments is subject to the terms and conditions in any governing contract. If you have received this e-mail in error, please immediately contact the sender and delete the e-mail. ------------------------------------------------------------------------ Mundocom UK Limited, Registered in England and Wales. Registration Number 2882166. Registered Office: Warwick Building, Kensington Village, Avonmore Road, London W14 8HQ. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/e44fc46a/attachment.htm From rharter at uwsp.edu Tue Feb 10 09:48:16 2009 From: rharter at uwsp.edu (Ryan Harter) Date: Tue, 10 Feb 2009 11:48:16 -0600 Subject: [Casper] Disaster Recovery In-Reply-To: <49916058.7141.0039.0@kckps.org> References: <49916058.7141.0039.0@kckps.org> Message-ID: <56188AAA-B2D6-422F-975E-8E8467639477@uwsp.edu> I've got a similar setup to Craig, but I have 3 DPs (one xserve and two g5 powermacs running client) that i've setup a cron job to copy the nightly backups to. In case of failure we just run Setup Util on the secondary server and import the latest nightly and then we still have 3 distro points while we fix the other server. Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu On Feb 10, 2009, at 11:09 AM, Thomas Larkin wrote: > I have an ODM back up, that is sync'd and is set to a replica. In > the case of failure I would demote the ODM to a stand alone via > server admin, and promote the replica to the Master server. It is a > server that just sits there and does nothing besides sync LDAP. > > For my casper servers, I would just load the JSS on one of my xserve > distribution points and then create a policy that edits the /etc/ > jamf.conf and points it to the new JSS master while the other one is > being worked on. > > >>> Miles Leacy 02/10/09 10:56 AM >>> > I'd say your DR machine ought to serve as a secondary repository > that is regularly synched. You should be running regular backups of > your JSS, scheduled through JSS Setup Utility and then backed up via > whatever backup system you have in place. > > When disaster strikes, you can run the JSS Setup utility on the DR > machine, and import your last backup. > > ---------- > Miles A. Leacy IV > > ? Certified System Administrator 10.4 > ? Certified Technical Coordinator 10.5 > ? Certified Trainer > Certified Casper Administrator > ---------- > voice: 1-347-277-7321 > miles.leacy at themacadmin.com > www.themacadmin.com > > > > > 2009/2/10 Cyrus Vahhaji > > > I'm looking into implementing Disaster Recovery and wanted to see > how users on this list go about doing this for JSS. Currently have > two servers dedicated for JSS use. One is the production server > running JSS and repository for all data/packages. The other is in > stand by in case case primary goes down. What I like to learn is how > quickly you can recover if your primary goes down and how you go > about backing up/sync to your 2ndry server if any. > > Thanx in advance > Cyrus > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/a56d4a51/attachment.html From william.smith at merrillcorp.com Tue Feb 10 10:56:11 2009 From: william.smith at merrillcorp.com (Smith, William) Date: Tue, 10 Feb 2009 12:56:11 -0600 Subject: [Casper] Disaster Recovery In-Reply-To: <56188AAA-B2D6-422F-975E-8E8467639477@uwsp.edu> Message-ID: So far, I've heard a lot about recovering from server failures but nothing really yet about Disaster Recovery, which assumes a natural or man-made disaster to infrastructure. Copying/replicating/moving information from one server to another locally is ideal for when servers fail but what about when tornados or terrorists strike and destroy the entire site? True Disaster Recovery needs to include methods for securely moving and maintaining data offsite and having hardware available (renting if necessary) to set up the server(s) again. It also needs to include the business's tolerance for downtime. For some this could be a week and for others this could be just a few hours. For Casper Suite this means you not only have to back up the JSS but also your repository, which in our case is several GB. This is especially tricky to do if you don't have a second site in your organization. However, if you do then copying/replicating/moving to a second site that can assume the core responsibilities of the first site would be ideal. Single site companies may benefit from having a service in the cloud for storing encrypted data. This isn't ideal but it would be the easiest to automate. A firewire hard drive that is synced daily and taken home by a company IT admin might do just as well depending on the distance between work and home. -- bill William M. Smith, Technical Analyst MCS IT Merrill Communications, LLC (651) 632-1492 On 2/10/09 11:48 AM, "Ryan Harter" wrote: > I've got a similar setup to Craig, but I have 3 DPs (one xserve and two g5 > powermacs running client) that i've setup a cron job to copy the nightly > backups to. In case of failure we just run Setup Util on the secondary server > and import the latest nightly and then we still have 3 distro points while we > fix the other server. > > On Feb 10, 2009, at 11:09 AM, Thomas Larkin wrote: > >> I have an ODM back up, that is sync'd and is set to a replica. In the case >> of failure I would demote the ODM to a stand alone via server admin, and >> promote the replica to the Master server. It is a server that just sits >> there and does nothing besides sync LDAP. >> >> For my casper servers, I would just load the JSS on one of my xserve >> distribution points and then create a policy that edits the /etc/jamf.conf >> and points it to the new JSS master while the other one is being worked on. >> >>>>> Miles Leacy 02/10/09 10:56 AM >>> >> I'd say your DR machine ought to serve as a secondary repository that is >> regularly synched. You should be running regular backups of your JSS, >> scheduled through JSS Setup Utility and then backed up via whatever backup >> system you have in place. >> >> When disaster strikes, you can run the JSS Setup utility on the DR machine, >> and import your last backup. >> >> >> 2009/2/10 Cyrus Vahhaji >> >> >>> I'm looking into implementing Disaster Recovery and wanted to see how users >>> on this list go about doing this for JSS. Currently have two servers >>> dedicated for JSS use. One is the production server running JSS and >>> repository for all data/packages. The other is in stand by in case case >>> primary goes down. What I like to learn is how quickly you can recover if >>> your primary goes down and how you go about backing up/sync to your 2ndry >>> server if any. From miles.leacy at themacadmin.com Tue Feb 10 11:11:57 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Tue, 10 Feb 2009 14:11:57 -0500 Subject: [Casper] Disaster Recovery In-Reply-To: References: <56188AAA-B2D6-422F-975E-8E8467639477@uwsp.edu> Message-ID: When I discuss DR, I am assuming that any "DR box" exists at a secondary location. Having a DR site, or a general DR plan is a big issue, especially for for smaller, single-site organizations. Moving backups to an off-site location is part of any worthwhile backup strategy, and I generally assume this is being done. There are services that will handle this for you, or in the case of a small organization, having an employee take backup media home with them could be a workable solution. Getting a co-located server or servers can provide a DR site without the expense of maintaining a second facility. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Tue, Feb 10, 2009 at 1:56 PM, Smith, William < william.smith at merrillcorp.com> wrote: > So far, I've heard a lot about recovering from server failures but nothing > really yet about Disaster Recovery, which assumes a natural or man-made > disaster to infrastructure. > > Copying/replicating/moving information from one server to another locally > is > ideal for when servers fail but what about when tornados or terrorists > strike and destroy the entire site? > > True Disaster Recovery needs to include methods for securely moving and > maintaining data offsite and having hardware available (renting if > necessary) to set up the server(s) again. It also needs to include the > business's tolerance for downtime. For some this could be a week and for > others this could be just a few hours. For Casper Suite this means you not > only have to back up the JSS but also your repository, which in our case is > several GB. > > This is especially tricky to do if you don't have a second site in your > organization. However, if you do then copying/replicating/moving to a > second > site that can assume the core responsibilities of the first site would be > ideal. > > Single site companies may benefit from having a service in the cloud for > storing encrypted data. This isn't ideal but it would be the easiest to > automate. A firewire hard drive that is synced daily and taken home by a > company IT admin might do just as well depending on the distance between > work and home. > > -- > > bill > > William M. Smith, Technical Analyst > MCS IT > Merrill Communications, LLC > (651) 632-1492 > > > On 2/10/09 11:48 AM, "Ryan Harter" wrote: > > > I've got a similar setup to Craig, but I have 3 DPs (one xserve and two > g5 > > powermacs running client) that i've setup a cron job to copy the nightly > > backups to. In case of failure we just run Setup Util on the secondary > server > > and import the latest nightly and then we still have 3 distro points > while we > > fix the other server. > > > > On Feb 10, 2009, at 11:09 AM, Thomas Larkin wrote: > > > >> I have an ODM back up, that is sync'd and is set to a replica. In the > case > >> of failure I would demote the ODM to a stand alone via server admin, and > >> promote the replica to the Master server. It is a server that just sits > >> there and does nothing besides sync LDAP. > >> > >> For my casper servers, I would just load the JSS on one of my xserve > >> distribution points and then create a policy that edits the > /etc/jamf.conf > >> and points it to the new JSS master while the other one is being worked > on. > >> > >>>>> Miles Leacy 02/10/09 10:56 AM >>> > >> I'd say your DR machine ought to serve as a secondary repository that is > >> regularly synched. You should be running regular backups of your JSS, > >> scheduled through JSS Setup Utility and then backed up via whatever > backup > >> system you have in place. > >> > >> When disaster strikes, you can run the JSS Setup utility on the DR > machine, > >> and import your last backup. > >> > >> > >> 2009/2/10 Cyrus Vahhaji > >> > >> > >>> I'm looking into implementing Disaster Recovery and wanted to see how > users > >>> on this list go about doing this for JSS. Currently have two servers > >>> dedicated for JSS use. One is the production server running JSS and > >>> repository for all data/packages. The other is in stand by in case case > >>> primary goes down. What I like to learn is how quickly you can recover > if > >>> your primary goes down and how you go about backing up/sync to your > 2ndry > >>> server if any. > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/2844b6f1/attachment.html From ERNSTCS at uwec.edu Tue Feb 10 11:31:06 2009 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Tue, 10 Feb 2009 13:31:06 -0600 Subject: [Casper] Disaster Recovery In-Reply-To: Message-ID: You are very right in that it really does mean something that is off-site. Right now we don't really have that for anything we have on our campus that I'm aware, although we know we need to do that. We are starting to partner with one of our neighbor universities. Playing the odds game right now, the two servers are in two different buildings on-campus. The likelyhood is not there that something will happen, but I imagine if both these locations are gone I'll have more important things to worry about... So, I do agree with you, and it could be as simple as another system sitting at another institution doing nightly or weekly syncs. Craig E On 2/10/09 12:56 PM, "Smith, William" wrote: So far, I've heard a lot about recovering from server failures but nothing really yet about Disaster Recovery, which assumes a natural or man-made disaster to infrastructure. Copying/replicating/moving information from one server to another locally is ideal for when servers fail but what about when tornados or terrorists strike and destroy the entire site? True Disaster Recovery needs to include methods for securely moving and maintaining data offsite and having hardware available (renting if necessary) to set up the server(s) again. It also needs to include the business's tolerance for downtime. For some this could be a week and for others this could be just a few hours. For Casper Suite this means you not only have to back up the JSS but also your repository, which in our case is several GB. This is especially tricky to do if you don't have a second site in your organization. However, if you do then copying/replicating/moving to a second site that can assume the core responsibilities of the first site would be ideal. Single site companies may benefit from having a service in the cloud for storing encrypted data. This isn't ideal but it would be the easiest to automate. A firewire hard drive that is synced daily and taken home by a company IT admin might do just as well depending on the distance between work and home. -- bill William M. Smith, Technical Analyst MCS IT Merrill Communications, LLC (651) 632-1492 On 2/10/09 11:48 AM, "Ryan Harter" wrote: > I've got a similar setup to Craig, but I have 3 DPs (one xserve and two g5 > powermacs running client) that i've setup a cron job to copy the nightly > backups to. In case of failure we just run Setup Util on the secondary server > and import the latest nightly and then we still have 3 distro points while we > fix the other server. > > On Feb 10, 2009, at 11:09 AM, Thomas Larkin wrote: > >> I have an ODM back up, that is sync'd and is set to a replica. In the case >> of failure I would demote the ODM to a stand alone via server admin, and >> promote the replica to the Master server. It is a server that just sits >> there and does nothing besides sync LDAP. >> >> For my casper servers, I would just load the JSS on one of my xserve >> distribution points and then create a policy that edits the /etc/jamf.conf >> and points it to the new JSS master while the other one is being worked on. >> >>>>> Miles Leacy 02/10/09 10:56 AM >>> >> I'd say your DR machine ought to serve as a secondary repository that is >> regularly synched. You should be running regular backups of your JSS, >> scheduled through JSS Setup Utility and then backed up via whatever backup >> system you have in place. >> >> When disaster strikes, you can run the JSS Setup utility on the DR machine, >> and import your last backup. >> >> >> 2009/2/10 Cyrus Vahhaji >> >> >>> I'm looking into implementing Disaster Recovery and wanted to see how users >>> on this list go about doing this for JSS. Currently have two servers >>> dedicated for JSS use. One is the production server running JSS and >>> repository for all data/packages. The other is in stand by in case case >>> primary goes down. What I like to learn is how quickly you can recover if >>> your primary goes down and how you go about backing up/sync to your 2ndry >>> server if any. _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090210/fb388bab/attachment.html From CMyers at uclan.ac.uk Wed Feb 11 01:49:25 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Wed, 11 Feb 2009 09:49:25 +0000 Subject: [Casper] CasperVNC Message-ID: <49929F25.BB96.0081.0@uclan.ac.uk> Hi All, I'm having problems with Casper VNC, i can observe or control a computer using Casper VNC. however when i close the window and Casper remote says it is Stopping the VNC server on the client, Casper remote halts, it gets the spinning ball and never gets anywhere, if i force quit it it closes but stays open in the dock and i can no longer launch Casper remote without a reboot, Any ideas? Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/aa724851/attachment.htm From ERNSTCS at uwec.edu Wed Feb 11 05:28:16 2009 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Wed, 11 Feb 2009 07:28:16 -0600 Subject: [Casper] CasperVNC In-Reply-To: <49929F25.BB96.0081.0@uclan.ac.uk> Message-ID: Kind of a known issue that JAMF is aware of. Not much you can do about it at the moment, but what you've already done. You may not have to go as far as a reboot, a logoff may also clear it out if I recall. Craig E On 2/11/09 3:49 AM, "Criss Myers" wrote: Hi All, I'm having problems with Casper VNC, i can observe or control a computer using Casper VNC. however when i close the window and Casper remote says it is Stopping the VNC server on the client, Casper remote halts, it gets the spinning ball and never gets anywhere, if i force quit it it closes but stays open in the dock and i can no longer launch Casper remote without a reboot, Any ideas? Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/a6221902/attachment.html From rharter at uwsp.edu Wed Feb 11 09:34:13 2009 From: rharter at uwsp.edu (Ryan Harter) Date: Wed, 11 Feb 2009 11:34:13 -0600 Subject: [Casper] CasperVNC In-Reply-To: References: Message-ID: If you're on Leopard you could always use the built in screen sharing app at /System/Library/CoreServices/Screen Sharing. I've always preferred this because I can just set my base image to allow ARD for the admin account and Screen Sharing has, IMHO, superior compression, scaling, and variable resolution quality, all making it a little faster. CasperVNC has always seemed kind of weird to me since, AFAIK, it doesn't actually use the vnc server that is actually built into every mac, but instead starts up it's own (maybe tightvnc, I don't remember) and this actually puts two vnc servers running on the client. Given the intended functionality, CasperVNC could be considered more secure, since it only starts up the server when you want to connect. While I haven't seen this lock up issue, I have noticed that CasperVNC doesn't seem to shut down the remote server when finished leaving two vnc servers running on each machine, seems a bit redundant. Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu On Feb 11, 2009, at 7:28 AM, Ernst, Craig S. wrote: > Kind of a known issue that JAMF is aware of. Not much you can do > about it at the moment, but what you?ve already done. You may not > have to go as far as a reboot, a logoff may also clear it out if I > recall. > > Craig E > > On 2/11/09 3:49 AM, "Criss Myers" wrote: > > > > Hi All, > > > > I'm having problems with Casper VNC, i can observe or control a > computer using Casper VNC. however when i close the window and > Casper remote says it is Stopping the VNC server on the client, > Casper remote halts, it gets the spinning ball and never gets > anywhere, if i force quit it it closes but stays open in the dock > and i can no longer launch Casper remote without a reboot, > > > > Any ideas? > > > > Criss > > Criss Myers > > Senior Customer Support Analyst (Mac Services) > > Apple Certified Technical Coordinator v10.5 > > LIS Business Support Team > > Library 301 > > University of Central Lancashire > > Preston PR1 2HE > > Ex 5054 > > 01772 895054 > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/c8bdf07e/attachment.html From ron.prue at mynoahs.com Wed Feb 11 10:03:16 2009 From: ron.prue at mynoahs.com (Ron Prue) Date: Wed, 11 Feb 2009 11:03:16 -0700 Subject: [Casper] Menubar Items In-Reply-To: <49915F9C.7141.0039.0@kckps.org> References: <43DF98E0-9AF7-4E39-9E60-766EC30D6637@mynoahs.com> <49915F9C.7141.0039.0@kckps.org> Message-ID: <097B638D-A356-4070-A940-6592D4D677E2@mynoahs.com> Sorry for the slow reply. I was distracted with another project for a bit. I am using Leopard Server and WGM, but not currently to manage mobile accounts or computers. It handles file serving, mail, ftp and VPN. The machines I want to maintain are at another facility 60 miles away. They are public machines that I am trying to lock down and I image them occasionally but can't seem to repress the menu items. They are already managed by JSS and I would really like to try and accomplish this task using a policy/script if possible. If not, I can look into getting them managed by my server. BRW, thanks for the replies. You guys are great. Ron Prue Technical Services Noah Corporation 435.214.2928 ron.prue at mynoahs.com On Feb 10, 2009, at 10:06 AM, Thomas Larkin wrote: > I will just add, if you aren't using OS X Server and MCX to manage > your clients you may want to seriously consider doing so. It will > save you so much time and effort and if you miss something in your > image you can always fix it with nested group preferences. It is > worth every penny of what it costs to set it up. > > Now, I will get off my soap box and go back to work > > Thanks > > > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > >>> Maura Fennelly 02/10/09 9:53 AM >>> > The menu bar items are all stored in ~/Library/Preferences/ > com.apple.systemuiserver.plist. > > You do have to use PlistBuddy to script them, because they are > nested one level below the top. But PlistBuddy is included in 10.5 (/ > usr/libexec/PlistBuddy) > > > On Feb 9, 2009, at 7:06 PM, Ron Prue wrote: > >> Hello, >> >> I have deployed an image for 11 iMacs but have had a tough time >> getting rid of menubar items. They are removed when I am booted >> from an external drive containing the partition I image, but after >> that image is deployed to all the iMacs I get Time Machine, Airport >> and other unwanted menubar items again. >> >> I have searched for a script to run after imaging to solve this >> with no success. Do any of you have a script you use or another >> solution to remove unwanted menubar items? >> >> Thanks in advance. >> >> Ron Prue >> Technical Services >> Noah Corporation >> 435.214.2928 >> ron.prue at mynoahs.com >> >> >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/8b6a43cb/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: Noahs Logo.png Type: image/png Size: 11936 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/8b6a43cb/attachment.png From rharter at uwsp.edu Wed Feb 11 10:09:01 2009 From: rharter at uwsp.edu (Ryan Harter) Date: Wed, 11 Feb 2009 12:09:01 -0600 Subject: [Casper] Menubar Items In-Reply-To: <097B638D-A356-4070-A940-6592D4D677E2@mynoahs.com> References: <43DF98E0-9AF7-4E39-9E60-766EC30D6637@mynoahs.com> <49915F9C.7141.0039.0@kckps.org> <097B638D-A356-4070-A940-6592D4D677E2@mynoahs.com> Message-ID: <382E6017-003F-4D12-9784-D1E85EBE704B@uwsp.edu> I sent off that script that I use, Maura also pointed out the plist that they are stored in. Did any of that work for you? Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu On Feb 11, 2009, at 12:03 PM, Ron Prue wrote: > Sorry for the slow reply. I was distracted with another project for > a bit. > > I am using Leopard Server and WGM, but not currently to manage > mobile accounts or computers. It handles file serving, mail, ftp > and VPN. > > The machines I want to maintain are at another facility 60 miles > away. They are public machines that I am trying to lock down and I > image them occasionally but can't seem to repress the menu items. > They are already managed by JSS and I would really like to try and > accomplish this task using a policy/script if possible. If not, I > can look into getting them managed by my server. > > BRW, thanks for the replies. You guys are great. > > > Ron Prue > Technical Services > Noah Corporation > 435.214.2928 > ron.prue at mynoahs.com > > > > > On Feb 10, 2009, at 10:06 AM, Thomas Larkin wrote: > >> I will just add, if you aren't using OS X Server and MCX to manage >> your clients you may want to seriously consider doing so. It will >> save you so much time and effort and if you miss something in your >> image you can always fix it with nested group preferences. It is >> worth every penny of what it costs to set it up. >> >> Now, I will get off my soap box and go back to work >> >> Thanks >> >> >> >> >> ___________________________ >> Thomas Larkin >> TIS Department >> KCKPS USD500 >> tlarki at kckps.org >> blackberry: 913-449-7589 >> office: 913-627-0351 >> >> >> >> >> >> >>> Maura Fennelly 02/10/09 9:53 AM >>> >> The menu bar items are all stored in ~/Library/Preferences/ >> com.apple.systemuiserver.plist. >> >> You do have to use PlistBuddy to script them, because they are >> nested one level below the top. But PlistBuddy is included in 10.5 >> (/usr/libexec/PlistBuddy) >> >> >> On Feb 9, 2009, at 7:06 PM, Ron Prue wrote: >> >>> Hello, >>> >>> I have deployed an image for 11 iMacs but have had a tough time >>> getting rid of menubar items. They are removed when I am booted >>> from an external drive containing the partition I image, but after >>> that image is deployed to all the iMacs I get Time Machine, >>> Airport and other unwanted menubar items again. >>> >>> I have searched for a script to run after imaging to solve this >>> with no success. Do any of you have a script you use or another >>> solution to remove unwanted menubar items? >>> >>> Thanks in advance. >>> >>> Ron Prue >>> Technical Services >>> Noah Corporation >>> 435.214.2928 >>> ron.prue at mynoahs.com >>> >>> >>> >>> >>> _______________________________________________ >>> Casper mailing list >>> Casper at list.jamfsoftware.com >>> http://list.jamfsoftware.com/mailman/listinfo/casper >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/fd99c013/attachment.html From sean.hansell at jwt.com Wed Feb 11 10:21:39 2009 From: sean.hansell at jwt.com (sean.hansell at jwt.com) Date: Wed, 11 Feb 2009 13:21:39 -0500 Subject: [Casper] Firmware Updates Message-ID: I wanna have smart groups for Macs that need EFI or SMC firmware updates. I know Casper tracks both of these numbers (Boot ROM version and SMC Version) but only SMC is searchable in smart groups. This may be a pending feature request, but has anyone else tried to do this, by this means or any other? Thanks.

This transmission is intended solely for the person or organization to whom it is addressed and it may contain privileged and confidential information. If you are not the intended recipient you should not copy, distribute or take any action in reliance on it. If you believe you received this transmission in error please notify the sender.

-------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/c2c5eee8/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 14361 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/c2c5eee8/attachment.jpe From miles.leacy at themacadmin.com Wed Feb 11 10:31:24 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Wed, 11 Feb 2009 13:31:24 -0500 Subject: [Casper] Firmware Updates In-Reply-To: <-2713085339142750349@unknownmsgid> References: <-2713085339142750349@unknownmsgid> Message-ID: My first thought was scoping to "available SWUs" under "receipts". Unfortunately, this criteria doesn't have a "like" option. Perhaps this is a feature request? With this feature, we could scope the smart group to "available SWUs like "firmware"". It would be a little more involved, but you could scope the group to "does not have" receipts for all available firmware updates. Unfortunately, this will require manual maintenance every time a new firmware update comes out. Dummy receipts could work... grep the output of "softwareupdate -l" for "firmware", "SMC", etc. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/11 > > I wanna have smart groups for Macs that need EFI or SMC firmware updates. I > know Casper tracks both of these numbers (Boot ROM version and SMC Version) > but only SMC is searchable in smart groups. > > This may be a pending feature request, but has anyone else tried to do > this, by this means or any other? > > Thanks. > > > This transmission is intended solely for the person or organization to > whom it is addressed and it may contain privileged and confidential > information. If you are not the intended recipient you should not copy, > distribute or take any action in reliance on it. If you believe you received > this transmission in error please notify the sender. > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/e85c14f4/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 14361 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/e85c14f4/attachment.jpe From ron.prue at mynoahs.com Wed Feb 11 11:19:55 2009 From: ron.prue at mynoahs.com (Ron Prue) Date: Wed, 11 Feb 2009 12:19:55 -0700 Subject: [Casper] Menubar Items In-Reply-To: <382E6017-003F-4D12-9784-D1E85EBE704B@uwsp.edu> References: <43DF98E0-9AF7-4E39-9E60-766EC30D6637@mynoahs.com> <49915F9C.7141.0039.0@kckps.org> <097B638D-A356-4070-A940-6592D4D677E2@mynoahs.com> <382E6017-003F-4D12-9784-D1E85EBE704B@uwsp.edu> Message-ID: Yes, sorry Ryan, I did get it and am will try implementing it after a test bed trial. Thanks! Ron Prue Technical Services Noah Corporation 435.214.2928 ron.prue at mynoahs.com On Feb 11, 2009, at 11:09 AM, Ryan Harter wrote: > I sent off that script that I use, Maura also pointed out the plist > that they are stored in. Did any of that work for you? > > Ryan Harter > UW - Stevens Point > Workstation Developer > 715.346.2716 > Ryan.Harter at uwsp.edu > > On Feb 11, 2009, at 12:03 PM, Ron Prue wrote: > >> Sorry for the slow reply. I was distracted with another project >> for a bit. >> >> I am using Leopard Server and WGM, but not currently to manage >> mobile accounts or computers. It handles file serving, mail, ftp >> and VPN. >> >> The machines I want to maintain are at another facility 60 miles >> away. They are public machines that I am trying to lock down and I >> image them occasionally but can't seem to repress the menu items. >> They are already managed by JSS and I would really like to try and >> accomplish this task using a policy/script if possible. If not, I >> can look into getting them managed by my server. >> >> BRW, thanks for the replies. You guys are great. >> >> >> Ron Prue >> Technical Services >> Noah Corporation >> 435.214.2928 >> ron.prue at mynoahs.com >> >> >> >> >> On Feb 10, 2009, at 10:06 AM, Thomas Larkin wrote: >> >>> I will just add, if you aren't using OS X Server and MCX to manage >>> your clients you may want to seriously consider doing so. It will >>> save you so much time and effort and if you miss something in your >>> image you can always fix it with nested group preferences. It is >>> worth every penny of what it costs to set it up. >>> >>> Now, I will get off my soap box and go back to work >>> >>> Thanks >>> >>> >>> >>> >>> ___________________________ >>> Thomas Larkin >>> TIS Department >>> KCKPS USD500 >>> tlarki at kckps.org >>> blackberry: 913-449-7589 >>> office: 913-627-0351 >>> >>> >>> >>> >>> >>> >>> Maura Fennelly 02/10/09 9:53 AM >>> >>> The menu bar items are all stored in ~/Library/Preferences/ >>> com.apple.systemuiserver.plist. >>> >>> You do have to use PlistBuddy to script them, because they are >>> nested one level below the top. But PlistBuddy is included in 10.5 >>> (/usr/libexec/PlistBuddy) >>> >>> >>> On Feb 9, 2009, at 7:06 PM, Ron Prue wrote: >>> >>>> Hello, >>>> >>>> I have deployed an image for 11 iMacs but have had a tough time >>>> getting rid of menubar items. They are removed when I am booted >>>> from an external drive containing the partition I image, but >>>> after that image is deployed to all the iMacs I get Time Machine, >>>> Airport and other unwanted menubar items again. >>>> >>>> I have searched for a script to run after imaging to solve this >>>> with no success. Do any of you have a script you use or another >>>> solution to remove unwanted menubar items? >>>> >>>> Thanks in advance. >>>> >>>> Ron Prue >>>> Technical Services >>>> Noah Corporation >>>> 435.214.2928 >>>> ron.prue at mynoahs.com >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Casper mailing list >>>> Casper at list.jamfsoftware.com >>>> http://list.jamfsoftware.com/mailman/listinfo/casper >>> >>> >>> _______________________________________________ >>> Casper mailing list >>> Casper at list.jamfsoftware.com >>> http://list.jamfsoftware.com/mailman/listinfo/casper >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/e14f49c6/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Noahs Logo.png Type: image/png Size: 11936 bytes Desc: not available Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/e14f49c6/attachment.png From jeremymatthews at mac.com Wed Feb 11 11:46:34 2009 From: jeremymatthews at mac.com (Jeremy Matthews) Date: Wed, 11 Feb 2009 14:46:34 -0500 Subject: [Casper] user defaults Message-ID: <1ED4E26B-8E06-4F7F-8B5B-56EA3C7CE51C@mac.com> If you have a .plist file that is treed-out...multiple levels, what is the syntax for modifying a value on a sub-level? Lets say that it is structured as so: Root - Dictionary 1 - Dictionary 2 - Array 1 - Item 1 - Item 2 defaults write somepreffile -dict "Dictionary 1" -array "Array 1" "Item 1" value ? Thanks, j From rharter at uwsp.edu Wed Feb 11 12:18:57 2009 From: rharter at uwsp.edu (Ryan Harter) Date: Wed, 11 Feb 2009 14:18:57 -0600 Subject: [Casper] user defaults In-Reply-To: <1ED4E26B-8E06-4F7F-8B5B-56EA3C7CE51C@mac.com> References: <1ED4E26B-8E06-4F7F-8B5B-56EA3C7CE51C@mac.com> Message-ID: I'm not sure you'll be able to even do that with defaults. The defaults man page says: "BUGS Defaults can be structured in very complex ways, making it difficult for the user to enter them with this command." That is a perfect candidate for PlistBuddy, another plist modifier that works from the command line. In OS X Leopard PlistBuddy is included (/usr/libexec), but in previous versions you would have to find in in a package receipt or something. There is a bit of documentation about this on the web. In our Tiger base image, I copy PlistBuddy to /usr/bin so that I know it will always be in the path; now that we are using Leopard this is unnecessary. Ryan Harter UW - Stevens Point Workstation Developer 715.346.2716 Ryan.Harter at uwsp.edu On Feb 11, 2009, at 1:46 PM, Jeremy Matthews wrote: > If you have a .plist file that is treed-out...multiple levels, what is > the syntax for modifying a value on a sub-level? > > Lets say that it is structured as so: > > Root > - Dictionary 1 > - Dictionary 2 > - Array 1 > - Item 1 > - Item 2 > > defaults write somepreffile -dict "Dictionary 1" -array "Array 1" > "Item 1" value > ? > > Thanks, > j > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090211/f96cea00/attachment.htm From tlarki at kckps.org Wed Feb 11 18:06:17 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 11 Feb 2009 20:06:17 -0600 Subject: [Casper] Menubar Items Message-ID: <49932FB902000039000090DE@gwoes4.kckps.org> While stumbling around in the dscl command line today doing something unrelated to this subject I noticed that there is a whole MCX subset of commands. I would maybe look into that to see about scripting out certain things. It looks like it can do local management as well. If you type dscl, then once in interactive mode type -mcxhelp you will get a very long laundry list of items. I actually had no idea that 10.5 version of dscl had that.....guess you learn something new every day huh? Also, it seems that there is an option to import MCX from a server. So maybe there is no longer a need for log in/out to force an update to MCX, you can maybe now do it via script or command from casper policies! ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Ron Prue 02/11/09 3:28 PM >>> Sorry for the slow reply. I was distracted with another project for a bit. I am using Leopard Server and WGM, but not currently to manage mobile accounts or computers. It handles file serving, mail, ftp and VPN. The machines I want to maintain are at another facility 60 miles away. They are public machines that I am trying to lock down and I image them occasionally but can't seem to repress the menu items. They are already managed by JSS and I would really like to try and accomplish this task using a policy/script if possible. If not, I can look into getting them managed by my server. BRW, thanks for the replies. You guys are great. Ron Prue Technical Services Noah Corporation 435.214.2928 ron.prue at mynoahs.com On Feb 10, 2009, at 10:06 AM, Thomas Larkin wrote: > I will just add, if you aren't using OS X Server and MCX to manage > your clients you may want to seriously consider doing so. It will > save you so much time and effort and if you miss something in your > image you can always fix it with nested group preferences. It is > worth every penny of what it costs to set it up. > > Now, I will get off my soap box and go back to work > > Thanks > > > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > >>> Maura Fennelly 02/10/09 9:53 AM >>> > The menu bar items are all stored in ~/Library/Preferences/ > com.apple.systemuiserver.plist. > > You do have to use PlistBuddy to script them, because they are > nested one level below the top. But PlistBuddy is included in 10.5 (/ > usr/libexec/PlistBuddy) > > > On Feb 9, 2009, at 7:06 PM, Ron Prue wrote: > >> Hello, >> >> I have deployed an image for 11 iMacs but have had a tough time >> getting rid of menubar items. They are removed when I am booted >> from an external drive containing the partition I image, but after >> that image is deployed to all the iMacs I get Time Machine, Airport >> and other unwanted menubar items again. >> >> I have searched for a script to run after imaging to solve this >> with no success. Do any of you have a script you use or another >> solution to remove unwanted menubar items? >> >> Thanks in advance. >> >> Ron Prue >> Technical Services >> Noah Corporation >> 435.214.2928 >> ron.prue at mynoahs.com >> >> >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper From CMyers at uclan.ac.uk Wed Feb 11 23:58:35 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Thu, 12 Feb 2009 07:58:35 +0000 Subject: [Casper] Menubar Items In-Reply-To: <49932FB902000039000090DE@gwoes4.kckps.org> References: <49932FB902000039000090DE@gwoes4.kckps.org> Message-ID: <4993D6AB.BB96.0081.0@uclan.ac.uk> is that not the same as the WGM preferences you can set whilst in the local node, think i emailed you that earlier? The same things you can do with WGM for a ldap account you can do for the local node Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Thu, Feb 12, 2009 at 2:06 AM, in message <49932FB902000039000090DE at gwoes4.kckps.org>, "Thomas Larkin" wrote: While stumbling around in the dscl command line today doing something unrelated to this subject I noticed that there is a whole MCX subset of commands. I would maybe look into that to see about scripting out certain things. It looks like it can do local management as well. If you type dscl, then once in interactive mode type -mcxhelp you will get a very long laundry list of items. I actually had no idea that 10.5 version of dscl had that.....guess you learn something new every day huh? Also, it seems that there is an option to import MCX from a server. So maybe there is no longer a need for log in/out to force an update to MCX, you can maybe now do it via script or command from casper policies! ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Ron Prue 02/11/09 3:28 PM >>> Sorry for the slow reply. I was distracted with another project for a bit. I am using Leopard Server and WGM, but not currently to manage mobile accounts or computers. It handles file serving, mail, ftp and VPN. The machines I want to maintain are at another facility 60 miles away. They are public machines that I am trying to lock down and I image them occasionally but can't seem to repress the menu items. They are already managed by JSS and I would really like to try and accomplish this task using a policy/script if possible. If not, I can look into getting them managed by my server. BRW, thanks for the replies. You guys are great. Ron Prue Technical Services Noah Corporation 435.214.2928 ron.prue at mynoahs.com On Feb 10, 2009, at 10:06 AM, Thomas Larkin wrote: > I will just add, if you aren't using OS X Server and MCX to manage > your clients you may want to seriously consider doing so. It will > save you so much time and effort and if you miss something in your > image you can always fix it with nested group preferences. It is > worth every penny of what it costs to set it up. > > Now, I will get off my soap box and go back to work > > Thanks > > > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > >>> Maura Fennelly 02/10/09 9:53 AM >>> > The menu bar items are all stored in ~/Library/Preferences/ > com.apple.systemuiserver.plist. > > You do have to use PlistBuddy to script them, because they are > nested one level below the top. But PlistBuddy is included in 10.5 (/ > usr/libexec/PlistBuddy) > > > On Feb 9, 2009, at 7:06 PM, Ron Prue wrote: > >> Hello, >> >> I have deployed an image for 11 iMacs but have had a tough time >> getting rid of menubar items. They are removed when I am booted >> from an external drive containing the partition I image, but after >> that image is deployed to all the iMacs I get Time Machine, Airport >> and other unwanted menubar items again. >> >> I have searched for a script to run after imaging to solve this >> with no success. Do any of you have a script you use or another >> solution to remove unwanted menubar items? >> >> Thanks in advance. >> >> Ron Prue >> Technical Services >> Noah Corporation >> 435.214.2928 >> ron.prue at mynoahs.com >> >> >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/9fe43b31/attachment.htm From CMyers at uclan.ac.uk Thu Feb 12 00:33:01 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Thu, 12 Feb 2009 08:33:01 +0000 Subject: [Casper] imaging Macs Message-ID: <4993DEBD.BB96.0081.0@uclan.ac.uk> Hi All, what I recon Casper could do with is a EFI Pre-Boot Environment Application, then there would be no need to boot from a network or from an external drive, An EFI Casper Imaging Application could allow you to image the mac from the EFI. And as EFI is OS independent and manufacture independent it would allow you to install on to any machine. As the base image is a block level copy then it wouldnt matter if it was os x or windows. Any one know how to write an EFI Pre-Boot Application? Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/0b975ab7/attachment.html From miles.leacy at themacadmin.com Thu Feb 12 04:53:00 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 12 Feb 2009 07:53:00 -0500 Subject: [Casper] Menubar Items In-Reply-To: <4993D6AB.BB96.0081.0@uclan.ac.uk> References: <49932FB902000039000090DE@gwoes4.kckps.org> <4993D6AB.BB96.0081.0@uclan.ac.uk> Message-ID: I've been managing MCX for a while via dscl, and if I recall correctly, there were features in Casper 7 demoed at Macworld which will put a nicer interface on it. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/12 Criss Myers > is that not the same as the WGM preferences you can set whilst in the > local node, think i emailed you that earlier? > > The same things you can do with WGM for a ldap account you can do for the > local node > > Criss > > > Criss Myers > Senior Customer Support Analyst (Mac Services) > Apple Certified Technical Coordinator v10.5 > LIS Business Support Team > Library 301 > University of Central Lancashire > Preston PR1 2HE > Ex 5054 > 01772 895054 > > >>> On Thu, Feb 12, 2009 at 2:06 AM, in message < > 49932FB902000039000090DE at gwoes4.kckps.org>, "Thomas Larkin" < > tlarki at kckps.org> wrote: > > While stumbling around in the dscl command line today doing something > unrelated to this subject I noticed that there is a whole MCX subset of > commands. > > I would maybe look into that to see about scripting out certain things. It > looks like it can do local management as well. If you type dscl, then once > in interactive mode type -mcxhelp you will get a very long laundry list of > items. > > I actually had no idea that 10.5 version of dscl had that.....guess you > learn something new every day huh? > > Also, it seems that there is an option to import MCX from a server. So > maybe there is no longer a need for log in/out to force an update to MCX, > you can maybe now do it via script or command from casper policies! > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > >>> Ron Prue 02/11/09 3:28 PM >>> > Sorry for the slow reply. I was distracted with another project for a > bit. > > I am using Leopard Server and WGM, but not currently to manage mobile > accounts or computers. It handles file serving, mail, ftp and VPN. > > The machines I want to maintain are at another facility 60 miles > away. They are public machines that I am trying to lock down and I > image them occasionally but can't seem to repress the menu items. > They are already managed by JSS and I would really like to try and > accomplish this task using a policy/script if possible. If not, I can > look into getting them managed by my server. > > BRW, thanks for the replies. You guys are great. > > > Ron Prue > Technical Services > Noah Corporation > 435.214.2928 > ron.prue at mynoahs.com > > > > > On Feb 10, 2009, at 10:06 AM, Thomas Larkin wrote: > > > I will just add, if you aren't using OS X Server and MCX to manage > > your clients you may want to seriously consider doing so. It will > > save you so much time and effort and if you miss something in your > > image you can always fix it with nested group preferences. It is > > worth every penny of what it costs to set it up. > > > > Now, I will get off my soap box and go back to work > > > > Thanks > > > > > > > > > > ___________________________ > > Thomas Larkin > > TIS Department > > KCKPS USD500 > > tlarki at kckps.org > > blackberry: 913-449-7589 > > office: 913-627-0351 > > > > > > > > > > > > >>> Maura Fennelly 02/10/09 9:53 AM >>> > > The menu bar items are all stored in ~/Library/Preferences/ > > com.apple.systemuiserver.plist. > > > > You do have to use PlistBuddy to script them, because they are > > nested one level below the top. But PlistBuddy is included in 10.5 (/ > > usr/libexec/PlistBuddy) > > > > > > On Feb 9, 2009, at 7:06 PM, Ron Prue wrote: > > > >> Hello, > >> > >> I have deployed an image for 11 iMacs but have had a tough time > >> getting rid of menubar items. They are removed when I am booted > >> from an external drive containing the partition I image, but after > >> that image is deployed to all the iMacs I get Time Machine, Airport > >> and other unwanted menubar items again. > >> > >> I have searched for a script to run after imaging to solve this > >> with no success. Do any of you have a script you use or another > >> solution to remove unwanted menubar items? > >> > >> Thanks in advance. > >> > >> Ron Prue > >> Technical Services > >> Noah Corporation > >> 435.214.2928 > >> ron.prue at mynoahs.com > >> > >> > >> > >> > >> _______________________________________________ > >> Casper mailing list > >> Casper at list.jamfsoftware.com > >> http://list.jamfsoftware.com/mailman/listinfo/casper > > > > > > _______________________________________________ > > Casper mailing list > > Casper at list.jamfsoftware.com > > http://list.jamfsoftware.com/mailman/listinfo/casper > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/e8e45f1a/attachment.htm From tlarki at kckps.org Thu Feb 12 06:53:50 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 12 Feb 2009 08:53:50 -0600 Subject: [Casper] Menubar Items In-Reply-To: <4993D6AB.BB96.0081.0@uclan.ac.uk> References: <49932FB902000039000090DE@gwoes4.kckps.org> <4993D6AB.BB96.0081.0@uclan.ac.uk> Message-ID: <4993E39E.7141.0039.0@kckps.org> Criss Well, if you are referring to exporting and importing MCX settings, then yes that is from what it looks like, totally possible. I have just never tried to apply MCX to a machine that wasn't bound to an Apple server. I wonder how well it works with mismatched OS versions and all other factors as well. I am also curious how often it updates. If I push out a MCX update via the dscl command, does it update instantly, or does it still require a log in/out for the full update? Well, I will definitely be playing with this towards summer time as we like to keep a highly managed local account on every machine just in case the network goes down or they don't have a mobile account yet, or for whatever the reason may be we like to keep a local account so the machine can always be used. We like to keep that local account very highly managed so users are more inclined to use their actual account. Have you played with configuring the MCX file by dscl? What were your experiences? Thanks ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Criss Myers" 02/12/09 1:58 AM >>> is that not the same as the WGM preferences you can set whilst in the local node, think i emailed you that earlier? The same things you can do with WGM for a ldap account you can do for the local node Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Thu, Feb 12, 2009 at 2:06 AM, in message <49932FB902000039000090DE at gwoes4.kckps.org>, "Thomas Larkin" wrote: While stumbling around in the dscl command line today doing something unrelated to this subject I noticed that there is a whole MCX subset of commands. I would maybe look into that to see about scripting out certain things. It looks like it can do local management as well. If you type dscl, then once in interactive mode type -mcxhelp you will get a very long laundry list of items. I actually had no idea that 10.5 version of dscl had that.....guess you learn something new every day huh? Also, it seems that there is an option to import MCX from a server. So maybe there is no longer a need for log in/out to force an update to MCX, you can maybe now do it via script or command from casper policies! ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Ron Prue 02/11/09 3:28 PM >>> Sorry for the slow reply. I was distracted with another project for a bit. I am using Leopard Server and WGM, but not currently to manage mobile accounts or computers. It handles file serving, mail, ftp and VPN. The machines I want to maintain are at another facility 60 miles away. They are public machines that I am trying to lock down and I image them occasionally but can't seem to repress the menu items. They are already managed by JSS and I would really like to try and accomplish this task using a policy/script if possible. If not, I can look into getting them managed by my server. BRW, thanks for the replies. You guys are great. Ron Prue Technical Services Noah Corporation 435.214.2928 ron.prue at mynoahs.com On Feb 10, 2009, at 10:06 AM, Thomas Larkin wrote: > I will just add, if you aren't using OS X Server and MCX to manage > your clients you may want to seriously consider doing so. It will > save you so much time and effort and if you miss something in your > image you can always fix it with nested group preferences. It is > worth every penny of what it costs to set it up. > > Now, I will get off my soap box and go back to work > > Thanks > > > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > >>> Maura Fennelly 02/10/09 9:53 AM >>> > The menu bar items are all stored in ~/Library/Preferences/ > com.apple.systemuiserver.plist. > > You do have to use PlistBuddy to script them, because they are > nested one level below the top. But PlistBuddy is included in 10.5 (/ > usr/libexec/PlistBuddy) > > > On Feb 9, 2009, at 7:06 PM, Ron Prue wrote: > >> Hello, >> >> I have deployed an image for 11 iMacs but have had a tough time >> getting rid of menubar items. They are removed when I am booted >> from an external drive containing the partition I image, but after >> that image is deployed to all the iMacs I get Time Machine, Airport >> and other unwanted menubar items again. >> >> I have searched for a script to run after imaging to solve this >> with no success. Do any of you have a script you use or another >> solution to remove unwanted menubar items? >> >> Thanks in advance. >> >> Ron Prue >> Technical Services >> Noah Corporation >> 435.214.2928 >> ron.prue at mynoahs.com >> >> >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/9c16684f/attachment.htm From clinton.blackmore at westwind.ab.ca Thu Feb 12 07:06:46 2009 From: clinton.blackmore at westwind.ab.ca (Clinton Blackmore) Date: Thu, 12 Feb 2009 08:06:46 -0700 Subject: [Casper] Timing logins and applicaion startup Message-ID: Greetings. At my site, we are experiencing a maddening issue wherein 1) sometimes (network/mobile) users are unable to log in (or, they log in but can't access their home folder, or, logging in is really slow), and 2) Office 2008 applications crash. Both issues are alleviated temporarily when we reboot our open directory master [the Office crash only started happening after we used WGM to redirect the user's cache folder from the network to the local computer to reduce the ridiculous startup times], despite the fact that our client machines are all bound to replicas. In order to understand the extent of the problem and to see if any changes we apply alleviate it (and believe me, I would sooner just fix the problem if I could!), I would like to know if it is possible to deploy a script that will time how long it takes for a user to log in, and another one to time how long it takes for certain applications to start (or see if they crash when a user tries to start them.) Does anyone know how I might do this? Thank you, Clinton Blackmore This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. From miles.leacy at themacadmin.com Thu Feb 12 07:07:01 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 12 Feb 2009 10:07:01 -0500 Subject: [Casper] Menubar Items In-Reply-To: <4993E39E.7141.0039.0@kckps.org> References: <49932FB902000039000090DE@gwoes4.kckps.org> <4993D6AB.BB96.0081.0@uclan.ac.uk> <4993E39E.7141.0039.0@kckps.org> Message-ID: I got into MCX via dscl after reading Nigel Kersten's article on AFP548. Rather than do a whole lot of typing and proofreading on the subject, I'll just link to his article: http://www.afp548.com/article.php?story=using-mcx-in-the-dslocal-domain&query=mcx It's pretty cool stuff. What I do is limit my scripts to setting a single preference, then I can apply those scripts singly or in groups via Casper policies. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/12 Thomas Larkin > Criss > > Well, if you are referring to exporting and importing MCX settings, then > yes that is from what it looks like, totally possible. I have just never > tried to apply MCX to a machine that wasn't bound to an Apple server. I > wonder how well it works with mismatched OS versions and all other factors > as well. I am also curious how often it updates. If I push out a MCX > update via the dscl command, does it update instantly, or does it still > require a log in/out for the full update? > > Well, I will definitely be playing with this towards summer time as we > like to keep a highly managed local account on every machine just in case > the network goes down or they don't have a mobile account yet, or for > whatever the reason may be we like to keep a local account so the machine > can always be used. We like to keep that local account very highly managed > so users are more inclined to use their actual account. > > Have you played with configuring the MCX file by dscl? What were your > experiences? > > Thanks > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > >>> "Criss Myers" 02/12/09 1:58 AM >>> > > is that not the same as the WGM preferences you can set whilst in the > local node, think i emailed you that earlier? > > > The same things you can do with WGM for a ldap account you can do for the > local node > > > Criss > > > Criss Myers > Senior Customer Support Analyst (Mac Services) > Apple Certified Technical Coordinator v10.5 > LIS Business Support Team > Library 301 > University of Central Lancashire > Preston PR1 2HE > Ex 5054 > 01772 895054 > > >>> On Thu, Feb 12, 2009 at 2:06 AM, in message < > 49932FB902000039000090DE at gwoes4.kckps.org>, "Thomas Larkin" < > tlarki at kckps.org> wrote: > > While stumbling around in the dscl command line today doing something > unrelated to this subject I noticed that there is a whole MCX subset of > commands. > > I would maybe look into that to see about scripting out certain things. It > looks like it can do local management as well. If you type dscl, then once > in interactive mode type -mcxhelp you will get a very long laundry list of > items. > > I actually had no idea that 10.5 version of dscl had that.....guess you > learn something new every day huh? > > Also, it seems that there is an option to import MCX from a server. So > maybe there is no longer a need for log in/out to force an update to MCX, > you can maybe now do it via script or command from casper policies! > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > >>> Ron Prue 02/11/09 3:28 PM >>> > Sorry for the slow reply. I was distracted with another project for a > bit. > > I am using Leopard Server and WGM, but not currently to manage mobile > accounts or computers. It handles file serving, mail, ftp and VPN. > > The machines I want to maintain are at another facility 60 miles > away. They are public machines that I am trying to lock down and I > image them occasionally but can't seem to repress the menu items. > They are already managed by JSS and I would really like to try and > accomplish this task using a policy/script if possible. If not, I can > look into getting them managed by my server. > > BRW, thanks for the replies. You guys are great. > > > Ron Prue > Technical Services > Noah Corporation > 435.214.2928 > ron.prue at mynoahs.com > > > > > On Feb 10, 2009, at 10:06 AM, Thomas Larkin wrote: > > > I will just add, if you aren't using OS X Server and MCX to manage > > your clients you may want to seriously consider doing so. It will > > save you so much time and effort and if you miss something in your > > image you can always fix it with nested group preferences. It is > > worth every penny of what it costs to set it up. > > > > Now, I will get off my soap box and go back to work > > > > Thanks > > > > > > > > > > ___________________________ > > Thomas Larkin > > TIS Department > > KCKPS USD500 > > tlarki at kckps.org > > blackberry: 913-449-7589 > > office: 913-627-0351 > > > > > > > > > > > > >>> Maura Fennelly 02/10/09 9:53 AM >>> > > The menu bar items are all stored in ~/Library/Preferences/ > > com.apple.systemuiserver.plist. > > > > You do have to use PlistBuddy to script them, because they are > > nested one level below the top. But PlistBuddy is included in 10.5 (/ > > usr/libexec/PlistBuddy) > > > > > > On Feb 9, 2009, at 7:06 PM, Ron Prue wrote: > > > >> Hello, > >> > >> I have deployed an image for 11 iMacs but have had a tough time > >> getting rid of menubar items. They are removed when I am booted > >> from an external drive containing the partition I image, but after > >> that image is deployed to all the iMacs I get Time Machine, Airport > >> and other unwanted menubar items again. > >> > >> I have searched for a script to run after imaging to solve this > >> with no success. Do any of you have a script you use or another > >> solution to remove unwanted menubar items? > >> > >> Thanks in advance. > >> > >> Ron Prue > >> Technical Services > >> Noah Corporation > >> 435.214.2928 > >> ron.prue at mynoahs.com > >> > >> > >> > >> > >> _______________________________________________ > >> Casper mailing list > >> Casper at list.jamfsoftware.com > >> http://list.jamfsoftware.com/mailman/listinfo/casper > > > > > > _______________________________________________ > > Casper mailing list > > Casper at list.jamfsoftware.com > > http://list.jamfsoftware.com/mailman/listinfo/casper > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/e8a3dd73/attachment.html From CMyers at uclan.ac.uk Thu Feb 12 07:09:59 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Thu, 12 Feb 2009 15:09:59 +0000 Subject: [Casper] Timing logins and applicaion startup In-Reply-To: References: Message-ID: <49943BC7.BB96.0081.0@uclan.ac.uk> as for office, it seems to rely on the local cache, as i had the crashing office problem with redirected cache folders, once i stopped that procedure office works fine criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Thu, Feb 12, 2009 at 3:06 PM, in message , Clinton Blackmore wrote: Greetings. At my site, we are experiencing a maddening issue wherein 1) sometimes (network/mobile) users are unable to log in (or, they log in but can't access their home folder, or, logging in is really slow), and 2) Office 2008 applications crash. Both issues are alleviated temporarily when we reboot our open directory master [the Office crash only started happening after we used WGM to redirect the user's cache folder from the network to the local computer to reduce the ridiculous startup times], despite the fact that our client machines are all bound to replicas. In order to understand the extent of the problem and to see if any changes we apply alleviate it (and believe me, I would sooner just fix the problem if I could!), I would like to know if it is possible to deploy a script that will time how long it takes for a user to log in, and another one to time how long it takes for certain applications to start (or see if they crash when a user tries to start them.) Does anyone know how I might do this? Thank you, Clinton Blackmore This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/ab891f51/attachment.htm From tlarki at kckps.org Thu Feb 12 07:13:21 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 12 Feb 2009 09:13:21 -0600 Subject: [Casper] Timing logins and applicaion startup In-Reply-To: References: Message-ID: <4993E831.7141.0039.0@kckps.org> Are you by chance running 10.5.3 or 10.5.4? There were known bugs that caused all sorts of sync and log in issues and I saw them myself. Where it would take literally, 2 minutes just to log in with a network account. Also, how many clients are bound to your Directory Servers? >>> Clinton Blackmore 02/12/09 9:06 AM >>> Greetings. At my site, we are experiencing a maddening issue wherein 1) sometimes (network/mobile) users are unable to log in (or, they log in but can't access their home folder, or, logging in is really slow), and 2) Office 2008 applications crash. Both issues are alleviated temporarily when we reboot our open directory master [the Office crash only started happening after we used WGM to redirect the user's cache folder from the network to the local computer to reduce the ridiculous startup times], despite the fact that our client machines are all bound to replicas. In order to understand the extent of the problem and to see if any changes we apply alleviate it (and believe me, I would sooner just fix the problem if I could!), I would like to know if it is possible to deploy a script that will time how long it takes for a user to log in, and another one to time how long it takes for certain applications to start (or see if they crash when a user tries to start them.) Does anyone know how I might do this? Thank you, Clinton Blackmore This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/905789c2/attachment.htm From clinton.blackmore at westwind.ab.ca Thu Feb 12 07:56:46 2009 From: clinton.blackmore at westwind.ab.ca (Clinton Blackmore) Date: Thu, 12 Feb 2009 08:56:46 -0700 Subject: [Casper] Timing logins and applicaion startup In-Reply-To: <4993E831.7141.0039.0@kckps.org> References: <4993E831.7141.0039.0@kckps.org> Message-ID: <085AC430-2CFB-4ECD-A369-01C49C0DF816@westwind.ab.ca> On 12-Feb-09, at 8:13 AM, Thomas Larkin wrote: > Are you by chance running 10.5.3 or 10.5.4? There were known bugs > that caused all sorts of sync and log in issues and I saw them > myself. Where it would take literally, 2 minutes just to log in > with a network account. > > Also, how many clients are bound to your Directory Servers? Most of our clients are running 10.5.4. A handful go back as far as 10.5.2, and some are up-to-date. [This is not counting our older machines that are running Tiger, but they aren't a concern right now.] Most of our 12 directory replicas are running 10.5.5, although the master is running 10.5.6. For number of clients, I ran: dscl /LDAPv3/[IP of ODM] list Computers | wc -l dscl /LDAPv3/[IP of ODM] list Users | wc -l We currently have 1085 computers in our directory, and 4463 users. We had a similar login-failure issue three of four months ago, and, after trolling through the logs availed us nothing, we instated a new open directory master. [One of my co-workers did it; I think he imaged a server, made it a replica, and then promoted it and made all the other replicas use it as the master.] Things worked great after we did that, until the day that I tried to give a user lesser directory administration privileges, at which point slapd on the master went off the rails and the CPU usage was at 100% for hours at a time. I revoked the privileges, but we have been having problems since then. [Further, we don't recall exactly, but out first master may have started acting up when we gave a user sub-diradmin privileges.] I can not fathom why this would cause the issue, but it is our best suspicion. Another symptom is sometimes a machine will show that network users are available, but they can not authenticate. On such a machine, dscl sees the LDAP server and the Users directory, but listing said directory brings up zero results. Rebooting or rebinding to the directory often fixes this. So far as we can tell, there is no pattern involving which users or machines will have problems. Just yesterday I saw a user take over 5 minutes to log in to a 2008 iMac connected via a 100 MB/s (or maybe even gigabit) network, while 2/3s of his class logged in without a problem [except for Word crashing for some of them]. While I am on the topic, can anyone recommend tools for merging or correlating log files? Cheers, Clinton Blackmore This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/8e4ab135/attachment.html From eyoung at thayer.org Thu Feb 12 08:04:56 2009 From: eyoung at thayer.org (Eric Young) Date: Thu, 12 Feb 2009 11:04:56 -0500 Subject: [Casper] Timing logins and applicaion startup In-Reply-To: References: Message-ID: <9C968915-BC31-4371-868E-E762129DCBDC@thayer.org> Some office 2008 best practices I gleaned while getting it to run here with our user population. Here's our setup: about 400 users. 10.5 client and server. All OD network users (laptops are mobile sync'd users). Xserve raid storage. WGM for server-side caching and we use WGM for our application white list. the ToDo list: kill server side spotlight indexing for the users homes at the root of the directory your user's home are located put the following file (i just did a touch): .metadata_never_index This came from Apple. seems the feature is not working as expected under 10.5 server. This will fix the looooong login times, and seriously reduced the server processor load. make sure a ".TemporaryItems" folder exists. and is 777. This will fix the save issues and errors from MS apps about temp items and the renaming of files to .tmp files. This is also from Apple care of MS. It seems the save calls look for that directory first, they are supposed to be able to look elsewhere for the temp directory but it does not seem to work right for networked users. For WGM application filtering. Make sure to never use the application lists for office. always use the folders option and be sure to add the items in the application support folder. this will stop the crashes from MS Office setup, MS update, and other random launch crashes. If you get auto-recover issues for a particular user you will have to define a location in that user's Word prefs. Seems that some, not all, installs of office go funny when trying to save to the user's home for auto-recovery. it sees the home as "removable media" and refuses to save. Setting a location seem to fix it... at least the errors go away.. I am not convinced auto-recovery works correctly once that bug occurs though. all in all the roll out of 2008 was a nightmare.. many weeks of work went into the simple list above.. I am happy to share to hopefully avoid that for others :-) -------------------------------------------------------------------------------------------- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. --Bene Gesserit Litany (Frank Herbert) -------------------------------------------------------------------------- Eric Young eyoung at thayer.org On Feb 12, 2009, at 10:06 AM, Clinton Blackmore wrote: > Greetings. > > At my site, we are experiencing a maddening issue wherein 1) sometimes > (network/mobile) users are unable to log in (or, they log in but can't > access their home folder, or, logging in is really slow), and 2) > Office 2008 applications crash. Both issues are alleviated > temporarily when we reboot our open directory master [the Office crash > only started happening after we used WGM to redirect the user's cache > folder from the network to the local computer to reduce the ridiculous > startup times], despite the fact that our client machines are all > bound to replicas. > > In order to understand the extent of the problem and to see if any > changes we apply alleviate it (and believe me, I would sooner just fix > the problem if I could!), I would like to know if it is possible to > deploy a script that will time how long it takes for a user to log in, > and another one to time how long it takes for certain applications to > start (or see if they crash when a user tries to start them.) Does > anyone know how I might do this? > > Thank you, > Clinton Blackmore > > > This email has been scanned by Barracuda Network's Anti-Virus and > Spam Firewall. > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/797a35e6/attachment.htm From tlarki at kckps.org Thu Feb 12 08:11:52 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 12 Feb 2009 10:11:52 -0600 Subject: [Casper] Timing logins and applicaion startup In-Reply-To: <085AC430-2CFB-4ECD-A369-01C49C0DF816@westwind.ab.ca> References: <4993E831.7141.0039.0@kckps.org> <085AC430-2CFB-4ECD-A369-01C49C0DF816@westwind.ab.ca> Message-ID: <4993F5E8.7141.0039.0@kckps.org> Are there any errors with the log ins? Like if you ssh into a client and watch it's system log while a user tries to log in, does it produce any errors? If all your servers are 10.5.5 you should be in good shape. I did notice vast amounts of improvements when we ditched 10.5.3 and 10.5.4 on our servers. 10.5.4 was a pile of dung if you ask me. Also, make sure you are using the correct version of server tools, as this can also cause issues if you are using mismatched versions. I would suggest you watch a client log in and see what happens by ssh into it and watching the systemlog while it tires to log in. Also, have there been any changes to your servers and I assume that at one point in time this was all working great? When we had our similar problems I got an Apple engineer involved and they pretty much told me that OD Masters and Replicas are kind of built around the idea of having no more than 1,000 simultaneous connections at once. Also, if you do folder syncing you may want to look at your AFP data throughput charts in Server Admin and see if they fall way below for any reason, then also check out your servers CPU usage history as well. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Clinton Blackmore 02/12/09 9:56 AM >>> On 12-Feb-09, at 8:13 AM, Thomas Larkin wrote: Are you by chance running 10.5.3 or 10.5.4? There were known bugs that caused all sorts of sync and log in issues and I saw them myself. Where it would take literally, 2 minutes just to log in with a network account. Also, how many clients are bound to your Directory Servers? Most of our clients are running 10.5.4. A handful go back as far as 10.5.2, and some are up-to-date. [This is not counting our older machines that are running Tiger, but they aren't a concern right now.] Most of our 12 directory replicas are running 10.5.5, although the master is running 10.5.6. For number of clients, I ran: dscl /LDAPv3/[IP of ODM] list Computers | wc -l dscl /LDAPv3/[IP of ODM] list Users | wc -l We currently have 1085 computers in our directory, and 4463 users. We had a similar login-failure issue three of four months ago, and, after trolling through the logs availed us nothing, we instated a new open directory master. [One of my co-workers did it; I think he imaged a server, made it a replica, and then promoted it and made all the other replicas use it as the master.] Things worked great after we did that, until the day that I tried to give a user lesser directory administration privileges, at which point slapd on the master went off the rails and the CPU usage was at 100% for hours at a time. I revoked the privileges, but we have been having problems since then. [Further, we don't recall exactly, but out first master may have started acting up when we gave a user sub-diradmin privileges.] I can not fathom why this would cause the issue, but it is our best suspicion. Another symptom is sometimes a machine will show that network users are available, but they can not authenticate. On such a machine, dscl sees the LDAP server and the Users directory, but listing said directory brings up zero results. Rebooting or rebinding to the directory often fixes this. So far as we can tell, there is no pattern involving which users or machines will have problems. Just yesterday I saw a user take over 5 minutes to log in to a 2008 iMac connected via a 100 MB/s (or maybe even gigabit) network, while 2/3s of his class logged in without a problem [except for Word crashing for some of them]. While I am on the topic, can anyone recommend tools for merging or correlating log files? Cheers, Clinton Blackmore -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/577d2048/attachment.htm From clinton.blackmore at westwind.ab.ca Thu Feb 12 08:56:31 2009 From: clinton.blackmore at westwind.ab.ca (Clinton Blackmore) Date: Thu, 12 Feb 2009 09:56:31 -0700 Subject: [Casper] Timing logins and applicaion startup In-Reply-To: <9C968915-BC31-4371-868E-E762129DCBDC@thayer.org> References: <9C968915-BC31-4371-868E-E762129DCBDC@thayer.org> Message-ID: <592BA9DE-E5E2-4DC7-8855-CA0F63DB92F7@westwind.ab.ca> Thank you, I've been needing a to-do list. I've got a few questions to be sure I understand correctly. On 12-Feb-09, at 9:04 AM, Eric Young wrote: > Some office 2008 best practices I gleaned while getting it to run > here with our user population. > > Here's our setup: about 400 users. 10.5 client and server. All OD > network users (laptops are mobile sync'd users). Xserve raid > storage. WGM for server-side caching and we use WGM for our > application white list. What server-side caching are you doing? Did you do the cache-folder redirection on the clients (as in http://www.afp548.com/article.php?story=MCXRedirector )? > > the ToDo list: > > kill server side spotlight indexing for the users homes at the root > of the directory your user's home are located put the following file > (i just did a touch): .metadata_never_index This came from Apple. > seems the feature is not working as expected under 10.5 server. > This will fix the looooong login times, and seriously reduced the > server processor load. To disable spotlight indexing on the sharepoint, I connect to the server using Server Admin, find the sharepoint, and ensure the "Enable Spotlight searching" (and the magnifying glass icon) are turned off (not displayed). I take it that helps but does not completely solve the problem. The .metadata_never_index file needs to go at the root of the sharepoint (and each and every sharepoint that I don't want indexed), yes? I suppose that .metadata_never_index at the root of the drive doesn't cut it. > make sure a ".TemporaryItems" folder exists. and is 777. This will > fix the save issues and errors from MS apps about temp items and the > renaming of files to .tmp files. This is also from Apple care of > MS. It seems the save calls look for that directory first, they are > supposed to be able to look elsewhere for the temp directory but it > does not seem to work right for networked users. I saw that Office created these folders, but not with the proper permissions. It seemed to be working, although I remember that on occasion users have had problems re-saving a file, so I'd better fix that. > For WGM application filtering. Make sure to never use the > application lists for office. always use the folders option and be > sure to add the items in the application support folder. this will > stop the crashes from MS Office setup, MS update, and other random > launch crashes. Does this only apply if you are whitelisting applications? > If you get auto-recover issues for a particular user you will have > to define a location in that user's Word prefs. Seems that some, > not all, installs of office go funny when trying to save to the > user's home for auto-recovery. it sees the home as "removable > media" and refuses to save. Setting a location seem to fix it... at > least the errors go away.. I am not convinced auto-recovery works > correctly once that bug occurs though. I don't believe our issues (right now) are related to auto-recovery. Users will be told that the there is a problem with the Office database (and if you try to run the repair tool, it will tell you there is no database), or sometimes they will be told "normal.dotx is in use by 'another user'. Would you like to make a copy of it?" The other message we sometimes see is "The home folder for user is not located in the usual place or cannot be accessed. The home or Users folder may have been moved or deleted. If the home folder is located on the network, the server may be unavailable temporarily. If you continue to have problems, see your system administrator." which indicates to me that the user authenticated but could not mount the file share (while users all around had no problem.) There isn't any chance that they can mount their home folder but not access the normal.dotx file, is there? [Where does that file live, anyways?] > > all in all the roll out of 2008 was a nightmare.. many weeks of work > went into the simple list above.. I am happy to share to hopefully > avoid that for others :-) I appreciate that. One of the teachers was extolling the virtues of Google Docs, and I would be quite happy not to deal with Office again! Cheers, Clinton Blackmore This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/4e129940/attachment.htm From eyoung at thayer.org Thu Feb 12 09:50:56 2009 From: eyoung at thayer.org (Eric Young) Date: Thu, 12 Feb 2009 12:50:56 -0500 Subject: [Casper] Timing logins and applicaion startup In-Reply-To: <592BA9DE-E5E2-4DC7-8855-CA0F63DB92F7@westwind.ab.ca> References: <9C968915-BC31-4371-868E-E762129DCBDC@thayer.org> <592BA9DE-E5E2-4DC7-8855-CA0F63DB92F7@westwind.ab.ca> Message-ID: <9ACA1884-C738-402E-812F-5EE71EA0A04C@thayer.org> replies in line. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A cynic is a man who, when he smells flowers, looks around for a coffin. --H. L. Mencken Eric Young eyoung at thayer.org On Feb 12, 2009, at 11:56 AM, Clinton Blackmore wrote: > Thank you, I've been needing a to-do list. I've got a few questions > to be sure I understand correctly. > > On 12-Feb-09, at 9:04 AM, Eric Young wrote: > >> Some office 2008 best practices I gleaned while getting it to run >> here with our user population. >> >> Here's our setup: about 400 users. 10.5 client and server. All OD >> network users (laptops are mobile sync'd users). Xserve raid >> storage. WGM for server-side caching and we use WGM for our >> application white list. > > What server-side caching are you doing? Did you do the cache-folder > redirection on the clients (as in http://www.afp548.com/article.php?story=MCXRedirector > )? -- Yes. >> >> the ToDo list: >> >> kill server side spotlight indexing for the users homes at the root >> of the directory your user's home are located put the following >> file (i just did a touch): .metadata_never_index This came from >> Apple. seems the feature is not working as expected under 10.5 >> server. This will fix the looooong login times, and seriously >> reduced the server processor load. > > To disable spotlight indexing on the sharepoint, I connect to the > server using Server Admin, find the sharepoint, and ensure the > "Enable Spotlight searching" (and the magnifying glass icon) are > turned off (not displayed). I take it that helps but does not > completely solve the problem. The .metadata_never_index file needs > to go at the root of the sharepoint (and each and every sharepoint > that I don't want indexed), yes? I suppose > that .metadata_never_index at the root of the drive doesn't cut it. -- the file needs to go at the root of the directory where your user's home dorectories are stored. for example on my faculty volume I have: /Volumes/FACHOMEDIR/FACULTYHOME/.metadata_never_index. just the one file at the root doe sit for the whole directory. > >> make sure a ".TemporaryItems" folder exists. and is 777. This will >> fix the save issues and errors from MS apps about temp items and >> the renaming of files to .tmp files. This is also from Apple care >> of MS. It seems the save calls look for that directory first, they >> are supposed to be able to look elsewhere for the temp directory >> but it does not seem to work right for networked users. > I saw that Office created these folders, but not with the proper > permissions. It seemed to be working, although I remember that on > occasion users have had problems re-saving a file, so I'd better fix > that. -- Ugh. I should have been WAY more specific. the .TemporaryItems folder needs to be at the root of the directory just like the metadata file is. > >> For WGM application filtering. Make sure to never use the >> application lists for office. always use the folders option and be >> sure to add the items in the application support folder. this will >> stop the crashes from MS Office setup, MS update, and other random >> launch crashes. > > Does this only apply if you are whitelisting applications? -- Yes... I think we are saying the same thing but we might have a semantics issue.... We use an inclusive apps list. if its not on the list it will not run. > >> If you get auto-recover issues for a particular user you will have >> to define a location in that user's Word prefs. Seems that some, >> not all, installs of office go funny when trying to save to the >> user's home for auto-recovery. it sees the home as "removable >> media" and refuses to save. Setting a location seem to fix it... >> at least the errors go away.. I am not convinced auto-recovery >> works correctly once that bug occurs though. > > I don't believe our issues (right now) are related to auto- > recovery. Users will be told that the there is a problem with the > Office database (and if you try to run the repair tool, it will tell > you there is no database), or sometimes they will be told > "normal.dotx is in use by 'another user'. Would you like to make a > copy of it?" > > The other message we sometimes see is > > "The home folder for user is not located in the usual place or > cannot be accessed. > > The home or Users folder may have been moved or deleted. If the home > folder is located on the network, the server may be unavailable > temporarily. If you continue to have problems, see your system > administrator." > > which indicates to me that the user authenticated but could not > mount the file share (while users all around had no problem.) There > isn't any chance that they can mount their home folder but not > access the normal.dotx file, is there? [Where does that file live, > anyways?] --this sounds like it might be fixed with the .TemporaryItems directory and/or be issues with Office components missing from the WGM approved app list. >> >> all in all the roll out of 2008 was a nightmare.. many weeks of >> work went into the simple list above.. I am happy to share to >> hopefully avoid that for others :-) > > I appreciate that. One of the teachers was extolling the virtues of > Google Docs, and I would be quite happy not to deal with Office again! > > Cheers, > Clinton Blackmore > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/3efbbba3/attachment.html From Alan.Ramos at mccann.com Thu Feb 12 10:02:54 2009 From: Alan.Ramos at mccann.com (Ramos, Alan (NYC-ME)) Date: Thu, 12 Feb 2009 13:02:54 -0500 Subject: [Casper] Setting default user items Message-ID: I have a task that appears to be answered by Composer (or it should be) where I need to set the default web browser and home page for the end users at our location. I configure my local admin account as I want it then launch Composer. There is a tab for user environment elements and I click on that. I select the internet config option which should have the settings I'm trying to influence and the package is created without error. Now I send the package to a test computer and launch a web browser to check the settings. Nothing has been transferred. How do I edit elements of a user's web settings without wiping out everything? I have considered using an Applescript or other type of script but the library for changing those items are slim. Any help would be great. This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much. (A) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/9779bfc8/attachment.html From miles.leacy at themacadmin.com Thu Feb 12 10:08:05 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 12 Feb 2009 13:08:05 -0500 Subject: [Casper] Setting default user items In-Reply-To: References: Message-ID: You can edit the HomePage key in ~/Library/Preferences/com.apple.Safari.plist using defaults or PlistBuddy. You can also use Open Directory (via Workgroup Manager) or dscl to set this preference via MCX. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/12 Ramos, Alan (NYC-ME) > I have a task that appears to be answered by Composer (or it should be) > where I need to set the default web browser and home page for the end users > at our location. I configure my local admin account as I want it then > launch Composer. There is a tab for user environment elements and I click > on that. I select the internet config option which should have the settings > I'm trying to influence and the package is created without error. > > Now I send the package to a test computer and launch a web browser to check > the settings. Nothing has been transferred. How do I edit elements of a > user's web settings without wiping out everything? I have considered using > an Applescript or other type of script but the library for changing those > items are slim. Any help would be great. > > This message contains information which may be confidential and privileged. > Unless you are the intended recipient (or authorized to receive this message > for the intended recipient), you may not use, copy, disseminate or disclose to > anyone the message or any information contained in the message. If you have > received the message in error, please advise the sender by reply e-mail, and > delete the message. Thank you very much. > (A) > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/2f11f049/attachment.html From ERNSTCS at uwec.edu Thu Feb 12 10:10:57 2009 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Thu, 12 Feb 2009 12:10:57 -0600 Subject: [Casper] Setting default user items In-Reply-To: Message-ID: Are these settings needing to be set for users that already have a local profile, or for new users logging on to a system the first time? And to be clear you want to set the default browser they use AND their home page? Which browser do you want to be the default? Do you use a JSS to image your systems using configurations? Craig E On 2/12/09 12:02 PM, "Ramos, Alan (NYC-ME)" wrote: I have a task that appears to be answered by Composer (or it should be) where I need to set the default web browser and home page for the end users at our location. I configure my local admin account as I want it then launch Composer. There is a tab for user environment elements and I click on that. I select the internet config option which should have the settings I'm trying to influence and the package is created without error. Now I send the package to a test computer and launch a web browser to check the settings. Nothing has been transferred. How do I edit elements of a user's web settings without wiping out everything? I have considered using an Applescript or other type of script but the library for changing those items are slim. Any help would be great. This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much. (A) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/668acb0f/attachment.html From Alan.Ramos at mccann.com Thu Feb 12 10:21:44 2009 From: Alan.Ramos at mccann.com (Ramos, Alan (NYC-ME)) Date: Thu, 12 Feb 2009 13:21:44 -0500 Subject: [Casper] Setting default user items In-Reply-To: Message-ID: The end users already have local accounts and they have their homepages set according to their personal tastes etc.. We need to launch a new internal website and switch end user settings for both homepage and default browser to Safari (or anything else for that matter) without wiping out their current other settings like default download location, autofill, tabs etc.. Of course moving forward we can alter the new user template to include the changes we want- catching the other 450+ users up to speed is the tricky part. AlanR On 2/12/09 1:10 PM, "Ernst, Craig S." wrote: Are these settings needing to be set for users that already have a local profile, or for new users logging on to a system the first time? And to be clear you want to set the default browser they use AND their home page? Which browser do you want to be the default? Do you use a JSS to image your systems using configurations? Craig E On 2/12/09 12:02 PM, "Ramos, Alan (NYC-ME)" wrote: I have a task that appears to be answered by Composer (or it should be) where I need to set the default web browser and home page for the end users at our location. I configure my local admin account as I want it then launch Composer. There is a tab for user environment elements and I click on that. I select the internet config option which should have the settings I'm trying to influence and the package is created without error. Now I send the package to a test computer and launch a web browser to check the settings. Nothing has been transferred. How do I edit elements of a user's web settings without wiping out everything? I have considered using an Applescript or other type of script but the library for changing those items are slim. Any help would be great. This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much. (A) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/96f6beb7/attachment.htm From miles.leacy at themacadmin.com Thu Feb 12 10:24:27 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 12 Feb 2009 13:24:27 -0500 Subject: [Casper] Setting default user items In-Reply-To: References: Message-ID: The proverbial "little bird" told me that there's a fifth way to set your home page... Type "jamf help setHomePage" on a Casper-managed machine. You can fill the user template and existing users with this command. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/12 Ernst, Craig S. > Are these settings needing to be set for users that already have a local > profile, or for new users logging on to a system the first time? And to be > clear you want to set the default browser they use AND their home page? > Which browser do you want to be the default? > > Do you use a JSS to image your systems using configurations? > > Craig E > > > > On 2/12/09 12:02 PM, "Ramos, Alan (NYC-ME)" wrote: > > I have a task that appears to be answered by Composer (or it should be) > where I need to set the default web browser and home page for the end users > at our location. I configure my local admin account as I want it then > launch Composer. There is a tab for user environment elements and I click > on that. I select the internet config option which should have the settings > I'm trying to influence and the package is created without error. > > Now I send the package to a test computer and launch a web browser to check > the settings. Nothing has been transferred. How do I edit elements of a > user's web settings without wiping out everything? I have considered using > an Applescript or other type of script but the library for changing those > items are slim. Any help would be great. > > > This message contains information which may be confidential and privileged. > Unless you are the intended recipient (or authorized to receive this > message > for the intended recipient), you may not use, copy, disseminate or disclose > to > anyone the message or any information contained in the message. If you > have > received the message in error, please advise the sender by reply e-mail, > and > delete the message. Thank you very much. > (A) > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/7f5a013e/attachment.html From tlarki at kckps.org Thu Feb 12 10:31:41 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 12 Feb 2009 12:31:41 -0600 Subject: [Casper] Setting default user items In-Reply-To: References: Message-ID: <499416AD.7141.0039.0@kckps.org> That won't work for firefox will it? I think firefox has it's own set of self contained preferences that have to be configured in firefox. You could probably use an apple script to set it though. >>> Miles Leacy 02/12/09 12:24 PM >>> The proverbial "little bird" told me that there's a fifth way to set your home page... Type " jamf help setHomePage" on a Casper-managed machine. You can fill the user template and existing users with this command. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/12 Ernst, Craig S. Are these settings needing to be set for users that already have a local profile, or for new users logging on to a system the first time? And to be clear you want to set the default browser they use AND their home page? Which browser do you want to be the default? Do you use a JSS to image your systems using configurations? Craig E On 2/12/09 12:02 PM, "Ramos, Alan (NYC-ME)" wrote: I have a task that appears to be answered by Composer (or it should be) where I need to set the default web browser and home page for the end users at our location. I configure my local admin account as I want it then launch Composer. There is a tab for user environment elements and I click on that. I select the internet config option which should have the settings I'm trying to influence and the package is created without error. Now I send the package to a test computer and launch a web browser to check the settings. Nothing has been transferred. How do I edit elements of a user's web settings without wiping out everything? I have considered using an Applescript or other type of script but the library for changing those items are slim. Any help would be great. This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much. (A) _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/538c4046/attachment.html From ERNSTCS at uwec.edu Thu Feb 12 10:33:04 2009 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Thu, 12 Feb 2009 12:33:04 -0600 Subject: [Casper] Setting default user items In-Reply-To: <499416AD.7141.0039.0@kckps.org> Message-ID: That's why he also wants to force the default browser to Safari. =) On 2/12/09 12:31 PM, "Thomas Larkin" wrote: That won't work for firefox will it? I think firefox has it's own set of self contained preferences that have to be configured in firefox. You could probably use an apple script to set it though. >>> Miles Leacy 02/12/09 12:24 PM >>> The proverbial "little bird" told me that there's a fifth way to set your home page... Type " jamf help setHomePage" on a Casper-managed machine. You can fill the user template and existing users with this command. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/12 Ernst, Craig S. Are these settings needing to be set for users that already have a local profile, or for new users logging on to a system the first time? And to be clear you want to set the default browser they use AND their home page? Which browser do you want to be the default? Do you use a JSS to image your systems using configurations? Craig E On 2/12/09 12:02 PM, "Ramos, Alan (NYC-ME)" > wrote: I have a task that appears to be answered by Composer (or it should be) where I need to set the default web browser and home page for the end users at our location. I configure my local admin account as I want it then launch Composer. There is a tab for user environment elements and I click on that. I select the internet config option which should have the settings I'm trying to influence and the package is created without error. Now I send the package to a test computer and launch a web browser to check the settings. Nothing has been transferred. How do I edit elements of a user's web settings without wiping out everything? I have considered using an Applescript or other type of script but the library for changing those items are slim. Any help would be great. This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much. (A) _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/947727c5/attachment.htm From enrique.silberg at yr.com Thu Feb 12 10:35:19 2009 From: enrique.silberg at yr.com (enrique silberg =?ISO-8859-1?B?lQ==?=) Date: Thu, 12 Feb 2009 13:35:19 -0500 Subject: [Casper] Setting default user items In-Reply-To: <499416AD.7141.0039.0@kckps.org> Message-ID: This is what I have set jamf setHomePage -feu -fet -homepage https://yahoo.com// -- Enrique ?Ricky? Silberg | IT Director Macintosh Services 285 Madison Avenue, New York, New York 10017 USA T: +1 212 210 3683 From: Thomas Larkin Date: Thu, 12 Feb 2009 13:31:41 -0500 To: Miles Leacy , "Craig S. Ernst" Cc: "Alan (NYC-ME) Ramos" , Casper List Subject: Re: [Casper] Setting default user items That won't work for firefox will it? I think firefox has it's own set of self contained preferences that have to be configured in firefox. You could probably use an apple script to set it though. >>> Miles Leacy 02/12/09 12:24 PM >>> The proverbial "little bird" told me that there's a fifth way to set your home page... Type " jamf help setHomePage" on a Casper-managed machine. ?You can fill the user template and existing users with this command. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/12 Ernst, Craig S. > > > > > Are these settings needing to be set for users that already have a local > profile, or for new users logging on to a system the first time? And to be > clear you want to set the default browser they use AND their home page? Which > browser do you want to be the default? > > Do you use a JSS to image your systems using configurations? > > Craig E > > > > > > > > > > > On 2/12/09 12:02 PM, "Ramos, Alan (NYC-ME)" > wrote: > > > > > > > > > > > >> >> >> >> I have a task that appears to be answered by Composer (or it should be) >> where I need to set the default web browser and home page for the end users >> at our location. ?I configure my local admin account as I want it then launch >> Composer. ?There is a tab for user environment elements and I click on that. >> ?I select the internet config option which should have the settings I'm >> trying to influence and the package is created without error. >> >> Now I send the package to a test computer and launch a web browser to check >> the settings. ?Nothing has been transferred. ?How do I edit elements of a >> user's web settings without wiping out everything? ?I have considered using >> an Applescript or other type of script but the library for changing those >> items are slim. ?Any help would be great. >> >> >> >> >> >> >> >> This message contains information which may be confidential and privileged. >> Unless you are the intended recipient (or authorized to receive this message >> for the intended recipient), you may not use, copy, disseminate or disclose >> to >> anyone the message or any information contained in the message. ?If you have >> received the message in error, please advise the sender by reply e-mail, and >> delete the message. ?Thank you very much. >> (A) >> >> >> >> > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > > _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/132d23c5/attachment.html From miles.leacy at themacadmin.com Thu Feb 12 10:37:24 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 12 Feb 2009 13:37:24 -0500 Subject: [Casper] Setting default user items In-Reply-To: References: <499416AD.7141.0039.0@kckps.org> Message-ID: Given that the command has switches to specifically exclude setting the preference for Firefox and other browsers, I assume it sets the preference in all browsers by default (or at least all of the ones mentioned in the help). ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 12, 2009 at 1:35 PM, enrique silberg ? wrote: > This is what I have set > > jamf setHomePage -feu -fet -homepage https://yahoo.com// > -- > *Enrique "Ricky" Silberg *|* *IT Director Macintosh Services > 285 Madison Avenue, New York, New York 10017 USA > T: +1 212 210 3683 > > > > ------------------------------ > *From: *Thomas Larkin > *Date: *Thu, 12 Feb 2009 13:31:41 -0500 > *To: *Miles Leacy , "Craig S. Ernst" < > ERNSTCS at uwec.edu> > *Cc: *"Alan (NYC-ME) Ramos" , Casper List < > casper at list.jamfsoftware.com> > *Subject: *Re: [Casper] Setting default user items > > > > That won't work for firefox will it? I think firefox has it's own set of > self contained preferences that have to be configured in firefox. You could > probably use an apple script to set it though. > > >>> Miles Leacy 02/12/09 12:24 PM >>> > The proverbial "little bird" told me that there's a fifth way to set your > home page... > > > > > > > > > > Type " > > > > jamf help setHomePage" on a Casper-managed machine. You can fill the user > template and existing users with this command. > > > > > > ---------- > Miles A. Leacy IV > > ? Certified System Administrator 10.4 > ? Certified Technical Coordinator 10.5 > ? Certified Trainer > Certified Casper Administrator > ---------- > voice: 1-347-277-7321 > miles.leacy at themacadmin.com > www.themacadmin.com > > > > > > > > > 2009/2/12 Ernst, Craig S. > > > > > > > > > > > > > > > > Are these settings needing to be set for users that already have a local > profile, or for new users logging on to a system the first time? And to be > clear you want to set the default browser they use AND their home page? > Which browser do you want to be the default? > > Do you use a JSS to image your systems using configurations? > > Craig E > > > > > > > > > > > On 2/12/09 12:02 PM, "Ramos, Alan (NYC-ME)" http://Alan.Ramos at mccann.com> > wrote: > > > > > > > > > > > > > > > > I have a task that appears to be answered by Composer (or it should be) > where I need to set the default web browser and home page for the end users > at our location. I configure my local admin account as I want it then > launch Composer. There is a tab for user environment elements and I click > on that. I select the internet config option which should have the settings > I'm trying to influence and the package is created without error. > > Now I send the package to a test computer and launch a web browser to check > the settings. Nothing has been transferred. How do I edit elements of a > user's web settings without wiping out everything? I have considered using > an Applescript or other type of script but the library for changing those > items are slim. Any help would be great. > > > > > > > > This message contains information which may be confidential and > privileged. > Unless you are the intended recipient (or authorized to receive this > message > for the intended recipient), you may not use, copy, disseminate or disclose > to > anyone the message or any information contained in the message. If you > have > received the message in error, please advise the sender by reply e-mail, > and > delete the message. Thank you very much. > (A) > > > > > > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > > > > > > > > > > > ------------------------------ > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/c716beed/attachment.htm From Alan.Ramos at mccann.com Thu Feb 12 10:52:48 2009 From: Alan.Ramos at mccann.com (Ramos, Alan (NYC-ME)) Date: Thu, 12 Feb 2009 13:52:48 -0500 Subject: [Casper] Setting default user items In-Reply-To: Message-ID: Alright, Using the hints you all have provided I created a mini script with a single string of code. jamf setHomePage -feu -fet -ffmstone -mozmstone -homepage http://fooisfoo.com/ And sent that to my test computer. As specified in the help I am covering Firefox with -ffmstone and mozilla with -mozmstone in the string. The added argument to change the user template will make the changes for any new accounts created. Checking the settings of the test computer reveals the homepage change was successful! Now I need to affect the browser default but I don't see that option- Applescript is not a very 'silent' way to make such changes but I'm not shy about using it. On 2/12/09 1:37 PM, "Miles Leacy" wrote: Given that the command has switches to specifically exclude setting the preference for Firefox and other browsers, I assume it sets the preference in all browsers by default (or at least all of the ones mentioned in the help). ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 12, 2009 at 1:35 PM, enrique silberg * wrote: This is what I have set jamf setHomePage -feu -fet -homepage https://yahoo.com// This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much. (A) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/69ba40db/attachment.htm From tlarki at kckps.org Thu Feb 12 11:05:01 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 12 Feb 2009 13:05:01 -0600 Subject: [Casper] Setting default user items In-Reply-To: References: Message-ID: <49941E7D.7141.0039.0@kckps.org> For those of you that want to package and deploy firefox in a managed manner, I highly suggest a firefox add on called Public Fox. Then create start up items to not allow users to delete their firefox pref files from the ~/Library/Application\ Support/ directory. Or you can script the install to hide that folder after it is created by either putting a dot in front of the folder name or using the chflags command. Public Fox locks down the firefox preferences with a password so that end users can't change it. If they delete their app support folder and relaunch the app I think it goes back to default settings. I have packaged that with composer and a few scripts in the past and it has worked all right. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Ramos, Alan (NYC-ME)" 02/12/09 12:52 PM >>> Alright, Using the hints you all have provided I created a mini script with a single string of code. jamf setHomePage ?feu ?fet ?ffmstone ?mozmstone ?homepage http://fooisfoo.com/ And sent that to my test computer. As specified in the help I am covering Firefox with ?ffmstone and mozilla with ?mozmstone in the string. The added argument to change the user template will make the changes for any new accounts created. Checking the settings of the test computer reveals the homepage change was successful! Now I need to affect the browser default but I don?t see that option- Applescript is not a very ?silent? way to make such changes but I?m not shy about using it. On 2/12/09 1:37 PM, "Miles Leacy" wrote: Given that the command has switches to specifically exclude setting the preference for Firefox and other browsers, I assume it sets the preference in all browsers by default (or at least all of the ones mentioned in the help). ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 12, 2009 at 1:35 PM, enrique silberg ? wrote: This is what I have set jamf setHomePage -feu -fet -homepage https://yahoo.com// This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much. (A) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/ac7fa5ac/attachment.html From enrique.silberg at yr.com Thu Feb 12 11:07:00 2009 From: enrique.silberg at yr.com (enrique silberg =?ISO-8859-1?B?lQ==?=) Date: Thu, 12 Feb 2009 14:07:00 -0500 Subject: [Casper] Setting default user items In-Reply-To: Message-ID: Currently I run this as a policy and it does it to all user accounts on the computer see ?Setting homepage for?below. We switch homepages on occasion in addition we have several different company brandings. jamf setHomePage -feu -fet -homepage https://website.com// When run this is what log returns Running command jamf setHomePage -feu -fet -homepage https://website.com com// (as root)... Result of jamf setHomePage -feu -fet -homepage https://website.com//: Setting homepage for Maria... Updating com.apple.internetconfigpriv.plist... Updating com.apple.Safari.plist... Updating com.apple.internetconfig.plist... Updating /Users//Maria/Library/Application Support/Firefox/Profiles/kwec0s9o.default/prefs.js... Setting homepage for mac... Updating com.apple.internetconfigpriv.plist... Updating com.apple.Safari.plist... Updating com.apple.internetconfig.plist... Updating /Users//mac/Library/Application Support/Firefox/Profiles/pfsn24qv.default/prefs.js... Setting homepage for silberge... Updating com.apple.internetconfigpriv.plist... Updating com.apple.Safari.plist... Updating com.apple.internetconfig.plist... Setting homepage for test... Updating com.apple.internetconfigpriv.plist... Updating com.apple.Safari.plist... Updating com.apple.internetconfig.plist... Updating receipts... Finished. -- Enrique ?Ricky? Silberg | IT Director Macintosh Services 285 Madison Avenue, New York, New York 10017 USA T: +1 212 210 3683 From: Miles Leacy Date: Thu, 12 Feb 2009 13:37:24 -0500 To: "Silberg, Enrique" Cc: Thomas Larkin , "Craig S. Ernst" , "Alan (NYC-ME) Ramos" , Casper List Subject: Re: [Casper] Setting default user items Given that the command has switches to specifically exclude setting the preference for Firefox and other browsers, I assume it sets the preference in all browsers by default (or at least all of the ones mentioned in the help). ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Thu, Feb 12, 2009 at 1:35 PM, enrique silberg ? wrote: > This is what I have set > > jamf setHomePage -feu -fet -homepage https://yahoo.com// > -- > Enrique "Ricky" Silberg | IT Director Macintosh Services > 285 Madison Avenue, New York, New York 10017 USA > T: +1 212 210 3683 > > > > > From: Thomas Larkin > > Date: Thu, 12 Feb 2009 13:31:41 -0500 > To: Miles Leacy >, "Craig S. Ernst" > > Cc: "Alan (NYC-ME) Ramos" >, Casper List > > Subject: Re: [Casper] Setting default user items > > > > That won't work for firefox will it? I think firefox has it's own set of > self contained preferences that have to be configured in firefox. You could > probably use an apple script to set it though. > >>>> >>> Miles Leacy >>> > 02/12/09 12:24 PM >>> > The proverbial "little bird" told me that there's a fifth way to set your home > page... > > > > > > > > > > Type " > > > > jamf help setHomePage" on a Casper-managed machine. You can fill the user > template and existing users with this command. > > > > > > ---------- > Miles A. Leacy IV > > ? Certified System Administrator 10.4 > ? Certified Technical Coordinator 10.5 > ? Certified Trainer > Certified Casper Administrator > ---------- > voice: 1-347-277-7321 > miles.leacy at themacadmin.com > www.themacadmin.com > > > > > > > > > 2009/2/12 Ernst, Craig S. > > > > > > > > > > > >> >> >> >> >> Are these settings needing to be set for users that already have a local >> profile, or for new users logging on to a system the first time? And to be >> clear you want to set the default browser they use AND their home page? Which >> browser do you want to be the default? >> >> Do you use a JSS to image your systems using configurations? >> >> Craig E >> >> >> >> >> >> >> >> >> >> >> On 2/12/09 12:02 PM, "Ramos, Alan (NYC-ME)" > > wrote: >> >> >> >> >> >> >> >> >> >> >> >>> >>> >>> >>> I have a task that appears to be answered by Composer (or it should be) >>> where I need to set the default web browser and home page for the end users >>> at our location. I configure my local admin account as I want it then >>> launch Composer. There is a tab for user environment elements and I click >>> on that. I select the internet config option which should have the settings >>> I'm trying to influence and the package is created without error. >>> >>> Now I send the package to a test computer and launch a web browser to check >>> the settings. Nothing has been transferred. How do I edit elements of a >>> user's web settings without wiping out everything? I have considered using >>> an Applescript or other type of script but the library for changing those >>> items are slim. Any help would be great. >>> >>> >>> >>> >>> >>> >>> >>> This message contains information which may be confidential and privileged. >>> Unless you are the intended recipient (or authorized to receive this message >>> for the intended recipient), you may not use, copy, disseminate or disclose >>> to >>> anyone the message or any information contained in the message. If you have >>> received the message in error, please advise the sender by reply e-mail, and >>> delete the message. Thank you very much. >>> (A) >>> >>> >>> >>> >> >> >> >> >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper >> >> >> > > > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/2a957cfb/attachment.htm From miles.leacy at themacadmin.com Thu Feb 12 11:10:16 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 12 Feb 2009 14:10:16 -0500 Subject: [Casper] Setting default user items In-Reply-To: References: Message-ID: com.apple.LaunchServices.plist contains the default browser settings. It references the browser by it's bundle identifier. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/12 Ramos, Alan (NYC-ME) > Alright, Using the hints you all have provided I created a mini script > with a single string of code. > > jamf setHomePage ?feu ?fet ?ffmstone ?mozmstone ?homepage > http://fooisfoo.com/ > > And sent that to my test computer. As specified in the help I am covering > Firefox with ?ffmstone and mozilla with ?mozmstone in the string. The added > argument to change the user template will make the changes for any new > accounts created. > > Checking the settings of the test computer reveals the homepage change was > successful! > > Now I need to affect the browser default but I don't see that option- > Applescript is not a very 'silent' way to make such changes but I'm not shy > about using it. > > > On 2/12/09 1:37 PM, "Miles Leacy" wrote: > > Given that the command has switches to specifically exclude setting the > preference for Firefox and other browsers, I assume it sets the preference > in all browsers by default (or at least all of the ones mentioned in the > help). > > ---------- > Miles A. Leacy IV > > ? Certified System Administrator 10.4 > ? Certified Technical Coordinator 10.5 > ? Certified Trainer > Certified Casper Administrator > ---------- > voice: 1-347-277-7321 > miles.leacy at themacadmin.com > www.themacadmin.com > > > > > On Thu, Feb 12, 2009 at 1:35 PM, enrique silberg ? > wrote: > > This is what I have set > > jamf setHomePage -feu -fet -homepage https://yahoo.com// > > This message contains information which may be confidential and privileged. > Unless you are the intended recipient (or authorized to receive this message > for the intended recipient), you may not use, copy, disseminate or disclose to > anyone the message or any information contained in the message. If you have > received the message in error, please advise the sender by reply e-mail, and > delete the message. Thank you very much. > (A) > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/a382196d/attachment-0001.html From chad.brewer at bend.k12.or.us Thu Feb 12 14:02:28 2009 From: chad.brewer at bend.k12.or.us (Chad Brewer) Date: Thu, 12 Feb 2009 14:02:28 -0800 Subject: [Casper] Finding computers managed by a certain account Message-ID: We have some computers in our JSS that got Recon'ed by a specific LDAP user who is no longer here. Is there anyway to identify all computers that are not managed by a certain account? When I search inventory I only have the option to see if the computer is managed or unmanaged. I know there's the option to change a certain SSH account to a new one, but that requires the password of the old account. Chad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/9e9fe9f5/attachment.html From chad.brewer at bend.k12.or.us Thu Feb 12 14:09:51 2009 From: chad.brewer at bend.k12.or.us (Chad Brewer) Date: Thu, 12 Feb 2009 14:09:51 -0800 Subject: [Casper] Finding computers managed by a certain account In-Reply-To: References: Message-ID: I know where to find it on an individual computer record, but I want to be able to search based on this. Chad enrique silberg ? on February 12, 2009 at 2:07 PM -0800 wrote: >Look in General Information >Managed: Managed by mac >Managed: Managed by paul >-- >Enrique ?Ricky? Silberg | IT Director Macintosh Services >285 Madison Avenue, New York, New York 10017 USA >T: +1 212 210 3683 > > > > > >#######################################################################From: >Chad Brewer <[ >fcp://@fc.bend.k12.or.us,%2318810066/Mailbox/chad.brewer at bend.k12.or.us >]chad.brewer at bend.k12.or.us> >Date: Thu, 12 Feb 2009 17:02:28 -0500 >To: <[ >fcp://@fc.bend.k12.or.us,%2318810066/Mailbox/casper at list.jamfsoftware.com >]casper at list.jamfsoftware.com> >Subject: [Casper] Finding computers managed by a certain account > >We have some computers in our JSS that got Recon'ed by a specific LDAP >user who is no longer here. Is there anyway to identify all computers >that are not managed by a certain account? When I search inventory I >only have the option to see if the computer is managed or unmanaged. > >I know there's the option to change a certain SSH account to a new one, >but that requires the password of the old account. > >Chad > > > >#######################################################################_______________________________________________ >Casper mailing list >[ >fcp://@fc.bend.k12.or.us,%2318810066/Mailbox/Casper at list.jamfsoftware.com >]Casper at list.jamfsoftware.com >[ http://list.jamfsoftware.com/mailman/listinfo/casper >]http://list.jamfsoftware.com/mailman/listinfo/casper > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/ddef4f6a/attachment.html From tlarki at kckps.org Thu Feb 12 14:17:22 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 12 Feb 2009 16:17:22 -0600 Subject: [Casper] Finding computers managed by a certain account In-Reply-To: References: Message-ID: <49944B91.7141.0039.0@kckps.org> Seems to be the hot topic of the week but maybe a dummy package would be ideal for this. Deploy a dummy package (a blank package) then create another one that runs a script. If the script shows false or true on whatever value you want it to look up, then have it trigger the dummy package. Then you can create a smart group off of the receipts of that dummy package and apply a new policy to change whatever you want it to do. Set your dummy package to a custom trigger and have your script policy trigger it if it shows its managed by so and so and then you can build your smart group off of those receipts for that dummy package. ?xml version="1.0" encoding="ISO-8859-1"?> ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Chad Brewer" 02/12/09 4:09 PM >>> I know where to find it on an individual computer record, but I want to be able to search based on this. > Chad > enrique silberg ? on February 12, 2009 at 2:07 PM -0800 wrote: Look in General Information Managed: Managed by mac Managed: Managed by paul -- Enrique ?Ricky? Silberg | IT Director Macintosh Services 285 Madison Avenue, New York, New York 10017 USA T: +1 212 210 3683 > > >> From: Chad Brewer < chad.brewer at bend.k12.or.us > Date: Thu, 12 Feb 2009 17:02:28 -0500 To: < casper at list.jamfsoftware.com > Subject: [Casper] Finding computers managed by a certain account > We have some computers in our JSS that got Recon'ed by a specific LDAP user who is no longer here. Is there anyway to identify all computers that are not managed by a certain account? When I search inventory I only have the option to see if the computer is managed or unmanaged. > I know there's the option to change a certain SSH account to a new one, but that requires the password of the old account. > Chad > >> _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/4be2a2aa/attachment.htm From clinton.blackmore at westwind.ab.ca Thu Feb 12 16:37:50 2009 From: clinton.blackmore at westwind.ab.ca (Clinton Blackmore) Date: Thu, 12 Feb 2009 17:37:50 -0700 Subject: [Casper] Timing logins and applicaion startup In-Reply-To: <4993F5E8.7141.0039.0@kckps.org> References: <4993E831.7141.0039.0@kckps.org> <085AC430-2CFB-4ECD-A369-01C49C0DF816@westwind.ab.ca> <4993F5E8.7141.0039.0@kckps.org> Message-ID: Replies inline: On 12-Feb-09, at 9:11 AM, Thomas Larkin wrote: > Are there any errors with the log ins? Like if you ssh into a > client and watch it's system log while a user tries to log in, does > it produce any errors? If all your servers are 10.5.5 you should be > in good shape. I did notice vast amounts of improvements when we > ditched 10.5.3 and 10.5.4 on our servers. 10.5.4 was a pile of dung > if you ask me. Also, make sure you are using the correct version of > server tools, as this can also cause issues if you are using > mismatched versions. > > I would suggest you watch a client log in and see what happens by > ssh into it and watching the systemlog while it tires to log in. > Sigh. No users experienced this problem when I was nearby today, so I was unable to do that. I did look through the log files on a unit that exhibited problems, and have a long section at the end of this where I have annotated a log. Incidentally, I found that colorizing the log made it less mind-numbing to trawl through. A perl script called loco http://www.zjuul.net/~jules/loco/ , when used like "./loco CJHS-iMacLab-22/system.log | less -R" worked nicely. [I wonder if TextWrangler's syntax highlighting could be (ab)used to do this.] I'm now using the 10.5.6 server admin tools -- does that cause problems with previous versions of the OS (are are problems more likely when using outdated tools?) > Also, have there been any changes to your servers and I assume that > at one point in time this was all working great? > I don't believe so. Indeed, we seldom even touch our servers to upgrade them. > When we had our similar problems I got an Apple engineer involved > and they pretty much told me that OD Masters and Replicas are kind > of built around the idea of having no more than 1,000 simultaneous > connections at once. Huh. Well, this is the first year we've used replicas -- previously ever site had its own master and was a universe unto itself. > > Also, if you do folder syncing you may want to look at your AFP data > throughput charts in Server Admin and see if they fall way below for > any reason, then also check out your servers CPU usage history as > well. > The CPU graph on the server at a school called CJHS -- where, in particular, I was having problems -- is at a constant 75% -- which is about 10 times what I would expect. [I wish I had proper monitoring in place and could go back further than seven days. It was hovering at a constant 60% almost a week ago, and then jumped up to 75% and remained there.] Running top on the machine, I see that AFP has gone off the deep end -- using 599.9% of the available CPU time. Time to reboot that box. [Only one of our other servers was misbehaving in the same way.] I had turned on all the AFP logging features on that machine, and now, when they could be useful, the access log starts at Jan 29 and ends on Feb 5th. It was too verbose, so I have turned off many of the logging features. Seeing the AFP problem, I've changed my mind about putting up long traces from the current log. This does rather explain why rebooting the open directory master didn't help this particular student much. I am suspecting that this instance of the user (repeatedly) being unable to log in is attributable to the AFP service on the school's server being too busy. The log has lines like: Feb 11 13:52:31 CJHS-iMacLab-22 com.apple.loginwindow[1964]: Checking for policies triggered by "login" for user "Nels288"... Feb 11 13:52:31 CJHS-iMacLab-22 com.apple.loginwindow[1964]: Gathering Policy Information from https://192.168.65.185:8443/... Feb 11 13:52:31 CJHS-iMacLab-22 com.apple.loginwindow[1964]: The disk you specified could not be found. Feb 11 13:52:31 CJHS-iMacLab-22 loginwindow[1964]: USER_PROCESS: 1964 console Feb 11 13:52:33 CJHS-iMacLab-22 loginwindow[1964]: Couldn't create temp file /Network/Servers/cjhs.wwsd.net/Volumes/DataHD/CJHSstudents/ CJHS_Grade_07/[full name redacted]/Library/Keychains/ ~hQVDheOBTW3E955I: Unknown error: 118 Feb 11 13:52:33 CJHS-iMacLab-22 loginwindow[1964]: ERROR | -[Login1 setupEnvironment] | Unable to unlock the keychain, SecKeychainLogin returned 100118 Feb 11 13:52:33 CJHS-iMacLab-22 com.apple.launchd[1] (com.apple.UserEventAgent-LoginWindow[1970]): Exited: Terminated Feb 11 13:52:33 CJHS-iMacLab-22 com.apple.launchd[2026] (0x103c30.zombie[1972]): Failed to add kevent for PID 1972. Will unload at MIG return Feb 11 13:52:36 CJHS-iMacLab-22 SecurityAgent[1974]: NSExceptionHandler has recorded the following exception: \nNSUncaughtSystemExceptionException -- Uncaught system exception: signal 11\nStack trace: 0x3721e 0x9183309b 0xffffffff 0x61466 0x6e84d 0x6491d 0x62067 0x907ba95e 0x92e0cb45 0x92e0ccf8 0x962ebda4 0x962ebbbd 0x962eba31 0x91ca6505 0x91ca5db8 0x91c9edf3 0x10fc7 0x202a 0x1 Feb 11 13:52:37 CJHS-iMacLab-22 ReportCrash[2192]: Formulating crash report for process SecurityAgent[1974] Feb 11 13:52:38 CJHS-iMacLab-22 ReportCrash[2192]: Saved crashreport to /Library/Logs/CrashReporter/SecurityAgent_2009-02-11-135236_CJHS- iMacLab-22.crash using uid: 0 gid: 0, euid: 0 egid: 0 Feb 11 13:52:42 CJHS-iMacLab-22 ARDAgent [2162]: ********ARDAgent Launched******** Feb 11 13:52:42 CJHS-iMacLab-22 blued[46]: [_setUserPreference] syncs returns false Feb 11 13:52:43 CJHS-iMacLab-22 ARDAgent [2162]: ********ARDAgent Ready******** Feb 11 13:52:43 CJHS-iMacLab-22 blued[46]: [_setUserPreference] syncs returns false and lots and lots of lines like: Feb 11 13:53:38 CJHS-iMacLab-22 /System/Library/CoreServices/ SystemUIServer.app/Contents/MacOS/SystemUIServer[4176]: FolderManager: Failed looking up user domain root; url='file://localhost/Network/Servers/cjhs.wwsd.net/Volumes/DataHD/CJHSstudents/CJHS_Grade_07/ [full name redacted]/' path=/Network/Servers/cjhs.wwsd.net/Volumes/ DataHD/CJHSstudents/CJHS_Grade_07/[full name redacted]/ err=-120 uid=7100 euid=7100 Thanks for your time. I will see if I am able to get a proper trace of what is going on, especially if I can attribute it to something other than AFP. Cheers, Clinton Blackmore This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090212/ce48a117/attachment.htm From tlarki at kckps.org Fri Feb 13 06:58:49 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 13 Feb 2009 08:58:49 -0600 Subject: [Casper] Timing logins and applicaion startup In-Reply-To: References: <4993E831.7141.0039.0@kckps.org> <085AC430-2CFB-4ECD-A369-01C49C0DF816@westwind.ab.ca> <4993F5E8.7141.0039.0@kckps.org> Message-ID: <49953649.7141.0039.0@kckps.org> Replies in bold... ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Clinton Blackmore 02/12/09 6:37 PM >>> Replies inline: On 12-Feb-09, at 9:11 AM, Thomas Larkin wrote: Sigh. No users experienced this problem when I was nearby today, so I was unable to do that. I did look through the log files on a unit that exhibited problems, and have a long section at the end of this where I have annotated a log. Incidentally, I found that colorizing the log made it less mind-numbing to trawl through. A perl script called loco http://www.zjuul.net/~jules/loco/ ( http://www.zjuul.net/~jules/loco/ ) , when used like "./loco CJHS-iMacLab-22/system.log | less -R" worked nicely. [I wonder if TextWrangler's syntax highlighting could be (ab)used to do this.] I'm now using the 10.5.6 server admin tools -- does that cause problems with previous versions of the OS (are are problems more likely when using outdated tools?) Yes, using the wrong server tools versions can cause issues, especially with Work Group Manager, it can cause BSD database corruption, which will hose your LDAP. Ever see a new user generate a negative UID number? I don't believe so. Indeed, we seldom even touch our servers to upgrade them. Huh. Well, this is the first year we've used replicas -- previously ever site had its own master and was a universe unto itself. We had a small problem. In the master image the client is bound to the ODM. I then have casper policies that change bindings via a shell script. Well, for some reason they weren't running and all 6,000 clients were bound to the ODM and they proceeded to bend over my Xserve and throw it to it's knees. Everything ran slow. That is remedied now, the casper policy is running and all client machines get bound to the ODR in their building. The CPU graph on the server at a school called CJHS -- where, in particular, I was having problems -- is at a constant 75% -- which is about 10 times what I would expect. [I wish I had proper monitoring in place and could go back further than seven days. It was hovering at a constant 60% almost a week ago, and then jumped up to 75% and remained there.] Running top on the machine, I see that AFP has gone off the deep end -- using 599.9% of the available CPU time. Time to reboot that box. [Only one of our other servers was misbehaving in the same way.] I had turned on all the AFP logging features on that machine, and now, when they could be useful, the access log starts at Jan 29 and ends on Feb 5th. It was too verbose, so I have turned off many of the logging features. how many connections are you seeing on AFP? I assume that all home folders are on AFP? Do you do portable home directories? Seeing the AFP problem, I've changed my mind about putting up long traces from the current log. This does rather explain why rebooting the open directory master didn't help this particular student much. I am suspecting that this instance of the user (repeatedly) being unable to log in is attributable to the AFP service on the school's server being too busy. The log has lines like: Feb 11 13:52:31 CJHS-iMacLab-22 com.apple.loginwindow[1964]: Checking for policies triggered by "login" for user "Nels288"... Feb 11 13:52:31 CJHS-iMacLab-22 com.apple.loginwindow[1964]: Gathering Policy Information from https://192.168.65.185:8443/... Feb 11 13:52:31 CJHS-iMacLab-22 com.apple.loginwindow[1964]: The disk you specified could not be found. Feb 11 13:52:31 CJHS-iMacLab-22 loginwindow[1964]: USER_PROCESS: 1964 console Feb 11 13:52:33 CJHS-iMacLab-22 loginwindow[1964]: Couldn't create temp file /Network/Servers/cjhs.wwsd.net/Volumes/DataHD/CJHSstudents/CJHS_Grade_07/[full name redacted]/Library/Keychains/~hQVDheOBTW3E955I: Unknown error: 118 Feb 11 13:52:33 CJHS-iMacLab-22 loginwindow[1964]: ERROR | -[Login1 setupEnvironment] | Unable to unlock the keychain, SecKeychainLogin returned 100118 Feb 11 13:52:33 CJHS-iMacLab-22 com.apple.launchd[1] (com.apple.UserEventAgent-LoginWindow[1970]): Exited: Terminated Feb 11 13:52:33 CJHS-iMacLab-22 com.apple.launchd[2026] (0x103c30.zombie[1972]): Failed to add kevent for PID 1972. Will unload at MIG return Feb 11 13:52:36 CJHS-iMacLab-22 SecurityAgent[1974]: NSExceptionHandler has recorded the following exception:\nNSUncaughtSystemExceptionException -- Uncaught system exception: signal 11\nStack trace: 0x3721e 0x9183309b 0xffffffff 0x61466 0x6e84d 0x6491d 0x62067 0x907ba95e 0x92e0cb45 0x92e0ccf8 0x962ebda4 0x962ebbbd 0x962eba31 0x91ca6505 0x91ca5db8 0x91c9edf3 0x10fc7 0x202a 0x1 Feb 11 13:52:37 CJHS-iMacLab-22 ReportCrash[2192]: Formulating crash report for process SecurityAgent[1974] Feb 11 13:52:38 CJHS-iMacLab-22 ReportCrash[2192]: Saved crashreport to /Library/Logs/CrashReporter/SecurityAgent_2009-02-11-135236_CJHS-iMacLab-22.crash using uid: 0 gid: 0, euid: 0 egid: 0 Feb 11 13:52:42 CJHS-iMacLab-22 ARDAgent [2162]: ********ARDAgent Launched******** Feb 11 13:52:42 CJHS-iMacLab-22 blued[46]: [_setUserPreference] syncs returns false Feb 11 13:52:43 CJHS-iMacLab-22 ARDAgent [2162]: ********ARDAgent Ready******** Feb 11 13:52:43 CJHS-iMacLab-22 blued[46]: [_setUserPreference] syncs returns false and lots and lots of lines like: Feb 11 13:53:38 CJHS-iMacLab-22 /System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer[4176]: FolderManager: Failed looking up user domain root; url='file://localhost/Network/Servers/cjhs.wwsd.net/Volumes/DataHD/CJHSstudents/CJHS_Grade_07/[full name redacted]/' path=/Network/Servers/cjhs.wwsd.net/Volumes/DataHD/CJHSstudents/CJHS_Grade_07/[full name redacted]/ err=-120 uid=7100 euid=7100 Thanks for your time. I will see if I am able to get a proper trace of what is going on, especially if I can attribute it to something other than AFP. Cheers, Clinton Blackmore That last line where it can't look up the home folder path, kind of makes me think, DNS issue. Is your DNS fully resolved both forwards and backwards? In OS X Server the changeip command is actually what is used to check this, and of course set this. I have had my share of small DNS issues and they will always come back to bite your leg off. So, make sure you get your DNS in order. So, you can ssh into your server and run this command xs106-a:~ root# changeip -checkhostname Primary address = 10.160.3.30 Current HostName = xs106-a.kckps.org DNS HostName = xs106-a.kckps.org The names match. There is nothing to change. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090213/756025a1/attachment.htm From tlarki at kckps.org Fri Feb 13 08:19:18 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 13 Feb 2009 10:19:18 -0600 Subject: [Casper] Running inventory reports by partition schema In-Reply-To: References: <4982E947.7141.0039.0@kckps.org> <4982F2A8.7141.0039.0@kckps.org> Message-ID: <49954926.7141.0039.0@kckps.org> Ok advanced casper users....OK, well I mean Miles... I have written the following script I want to run to install a dummy pkg to make a smart group on machines that have windows or not. So, here is my script, but I am not quite piecing it all together. I think I am missing a few small steps #!/bin/bash #determine if there is an NTFS volume on a mac, and run casper policy accordingly. fs=/bin/df -T ntfs for a in /bin/df -T ntfs ; do if [[ $a != $fs ]] && continue /usr/sbin/jamf install else echo "NTFS partition found? fi done exit So I should just create a blank package and call it, Winders XP or whatever. Then put it in Casper Admin and sync the shares. Then set the trigger to custom. Then I should make that script another policy and have it execute say, every hour once a day or whatever. Then apply it to all my user machines. The machines that have windows will be ignored and the ones that do have it will get that dummy package installed. Then I can create a smart group off the receipts.... This is my first time using a dummy package like this, so any pointers would be greatly appreciated. I also just wrote that script 5 minutes ago and only had 1 cup of coffee and am still learning how to properly code loops in shell scripts, so if my syntax is off, well I could use pointers there as well. Thanks, ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 01/30/09 12:35 PM >>> A dummy package is just an empty package. Name it something appropriate and recognizable such as "windowsMachines.pkg". Create a policy with a custom trigger to install this package. Create a second policy that runs on all of your machines which runs the script that I half-wrote in my last message. That script issues the custom trigger for the policy to install the dummy package if it finds an NTFS volume. What you end up with is each machine that has an NTFS volume also has a receipt for windowsMachines.pkg. You then create a smart group whose criteria is machines with the windowsMachines.pkg receipt. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Fri, Jan 30, 2009 at 1:29 PM, Thomas Larkin wrote: will this dummy package log only machines that have windows then in the policy logs? How exactly does this work? >>> Miles Leacy 01/30/09 12:07 PM >>> Dummy package. Loop through your /Volumes with: haswindows=`diskutil info $volume | grep -c NTFS` if [ $haswindows -ne 0 ] ; then issue the custom trigger to install the dummy package. Scope your smart group to the existence of the dummy package. You may want to double check that "NTFS" is what you want to grep for. I don't have any NTFS volumes to test this with. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/1/30 Thomas Larkin We now have a need to figure out how many machines have windows on them or not. I would like to run a report with Casper that will go through inventory and if a Mac doesn't have a NTFS partition on it with Windows I want it on one list, and if it does I want it on another list so we can tell what machines dual boot and which ones don't. Any ideas? ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blachttp://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090213/4998857d/attachment.htm From tlarki at kckps.org Fri Feb 13 08:42:53 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 13 Feb 2009 10:42:53 -0600 Subject: [Casper] Running inventory reports by partition schema In-Reply-To: <49954926.7141.0039.0@kckps.org> References: <4982E947.7141.0039.0@kckps.org> <4982F2A8.7141.0039.0@kckps.org> <49954926.7141.0039.0@kckps.org> Message-ID: <49954EAC.7141.0039.0@kckps.org> Actually, I already see a flaw in my script, it is always going to work because if the NTFS is not present they will always not equal each other.... maybe if I did it by volume name? All the windows volumes have the same name. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Thomas Larkin" 02/13/09 10:19 AM >>> Ok advanced casper users....OK, well I mean Miles... I have written the following script I want to run to install a dummy pkg to make a smart group on machines that have windows or not. So, here is my script, but I am not quite piecing it all together. I think I am missing a few small steps #!/bin/bash #determine if there is an NTFS volume on a mac, and run casper policy accordingly. fs=/bin/df -T ntfs for a in /bin/df -T ntfs ; do if [[ $a != $fs ]] && continue /usr/sbin/jamf install else echo "NTFS partition found? fi done exit So I should just create a blank package and call it, Winders XP or whatever. Then put it in Casper Admin and sync the shares. Then set the trigger to custom. Then I should make that script another policy and have it execute say, every hour once a day or whatever. Then apply it to all my user machines. The machines that have windows will be ignored and the ones that do have it will get that dummy package installed. Then I can create a smart group off the receipts.... This is my first time using a dummy package like this, so any pointers would be greatly appreciated. I also just wrote that script 5 minutes ago and only had 1 cup of coffee and am still learning how to properly code loops in shell scripts, so if my syntax is off, well I could use pointers there as well. Thanks, ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 01/30/09 12:35 PM >>> A dummy package is just an empty package. Name it something appropriate and recognizable such as "windowsMachines.pkg". Create a policy with a custom trigger to install this package. Create a second policy that runs on all of your machines which runs the script that I half-wrote in my last message. That script issues the custom trigger for the policy to install the dummy package if it finds an NTFS volume. What you end up with is each machine that has an NTFS volume also has a receipt for windowsMachines.pkg. You then create a smart group whose criteria is machines with the windowsMachines.pkg receipt. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Fri, Jan 30, 2009 at 1:29 PM, Thomas Larkin wrote: will this dummy package log only machines that have windows then in the policy logs? How exactly does this work? >>> Miles Leacy 01/30/09 12:07 PM >>> Dummy package. Loop through your /Volumes with: haswindows=`diskutil info $volume | grep -c NTFS` if [ $haswindows -ne 0 ] ; then issue the custom trigger to install the dummy package. Scope your smart group to the existence of the dummy package. You may want to double check that "NTFS" is what you want to grep for. I don't have any NTFS volumes to test this with. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/1/30 Thomas Larkin inventory and if a Mac doesn't have a NTFS partition on it with Windows I want it on one list, and if it does I want it on another list so we can tell what machines dual boot and which ones don't. Any ideas? ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090213/496a3dda/attachment.html From miles.leacy at themacadmin.com Fri Feb 13 08:49:41 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Fri, 13 Feb 2009 11:49:41 -0500 Subject: [Casper] Running inventory reports by partition schema In-Reply-To: <49954926.7141.0039.0@kckps.org> References: <4982E947.7141.0039.0@kckps.org> <4982F2A8.7141.0039.0@kckps.org> <49954926.7141.0039.0@kckps.org> Message-ID: Here's what I'd do and why... #!/bin/bash # Find ntfs partitions. If you have no ntfs partitions, `df -T ntfs` will return nothing. # If there are ntfs partitions, you'll get output that looks like: # /dev/disk0s4 32358320 73712 32284608 1% /Volumes/DevDisk hasntfspart=`df -T ntfs | grep -c /` # $hasntfspart now = 0 if there are no ntfs partitions, and >0 if there are any. # Install a dummy package if an ntfs partition is found. # I always install my dummy packages via policies, using custom triggers. # Create your dummy package, and a custom-triggered policy to install it. # In this example, I use flagForWindows as my custom trigger. # The name of the package is unimportant for the purposes of this script. if [ $hasntfspart -ne 0 ] then jamf policy -trigger flagForWindows else echo "no ntfs partition found" fi # The jamf binary contacts the JSS and runs any policies that have a trigger of # "flagForWindows" if the value of $hasntfspart is >0. # That's it. # If you want to be elegant about your coding, you can throw an `exit` in at the end. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Fri, Feb 13, 2009 at 11:19 AM, Thomas Larkin wrote: > Ok advanced casper users....OK, well I mean Miles... > > > > I have written the following script I want to run to install a dummy pkg to > make a smart group on machines that have windows or not. So, here is my > script, but I am not quite piecing it all together. I think I am missing a > few small steps > > > > *#!/bin/bash* > > * * > > *#determine if there is an NTFS volume on a mac, and run casper policy > accordingly.* > > * * > > *fs=/bin/df -T ntfs* > > * * > > *for a in /bin/df -T ntfs ; do* > > * * > > * if [[ $a != $fs ]] && continue* > > * * > > * /usr/sbin/jamf install * > > * * > > * else * > > * * > > * echo "NTFS partition found"* > > * * > > *fi* > > * * > > *done* > > * * > > *exit* > > > > So I should just create a blank package and call it, Winders XP or > whatever. Then put it in Casper Admin and sync the shares. Then set the > trigger to custom. Then I should make that script another policy and have > it execute say, every hour once a day or whatever. Then apply it to all my > user machines. The machines that have windows will be ignored and the ones > that do have it will get that dummy package installed. Then I can create a > smart group off the receipts.... > > > > This is my first time using a dummy package like this, so any pointers > would be greatly appreciated. I also just wrote that script 5 minutes ago > and only had 1 cup of coffee and am still learning how to properly code > loops in shell scripts, so if my syntax is off, well I could use pointers > there as well. > > > > Thanks, > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > >>> Miles Leacy 01/30/09 12:35 PM >>> > > A dummy package is just an empty package. Name it something appropriate > and recognizable such as "windowsMachines.pkg". > > > Create a policy with a custom trigger to install this package. > > > Create a second policy that runs on all of your machines which runs the > script that I half-wrote in my last message. That script issues the custom > trigger for the policy to install the dummy package if it finds an NTFS > volume. > > > What you end up with is each machine that has an NTFS volume also has a > receipt for windowsMachines.pkg. You then create a smart group whose > criteria is machines with the windowsMachines.pkg receipt. > > > ---------- > Miles A. Leacy IV > > ? Certified System Administrator 10.4 > ? Certified Technical Coordinator 10.5 > ? Certified Trainer > Certified Casper Administrator > ---------- > voice: 1-347-277-7321 > miles.leacy at themacadmin.com > www.themacadmin.com > > > > > On Fri, Jan 30, 2009 at 1:29 PM, Thomas Larkin > > > > wrote: > >> will this dummy package log only machines that have windows then in the >> policy logs? How exactly does this work? >> >> >>> Miles Leacy 01/30/09 12:07 PM >>> >> >> >> Dummy package. Loop through your /Volumes with: >> >> >> >> haswindows=`diskutil info $volume | grep -c NTFS` >> >> >> if [ $haswindows -ne 0 ] ; then >> >> >> issue the custom trigger to install the dummy package. Scope your >> smart group to the existence of the dummy package. >> >> >> You may want to double check that "NTFS" is what you want to grep >> for. I don't have any NTFS volumes to test this with. >> >> ---------- >> Miles A. Leacy IV >> >> ? Certified System Administrator 10.4 >> ? Certified Technical Coordinator 10.5 >> ? Certified Trainer >> Certified Casper Administrator >> ---------- >> voice: 1-347-277-7321 >> miles.leacy at themacadmin.com >> www.themacadmin.com >> >> >> >> >> 2009/1/30 Thomas Larkin >> >> >> >> >> We now have a need to figure out how many machines have windows on them >>> or not. I would like to run a report with Casper that will go through >>> inventory and if a Mac doesn't have a NTFS partition on it with Windows I >>> want it on one list, and if it does I want it on another list so we can tell >>> what machines dual boot and which ones don't. >>> >>> >>> Any ideas? >>> >>> >>> ___________________________ >>> Thomas Larkin >>> TIS Department >>> KCKPS USD500 >>> tlarki at kckps.org >>> blackberry: 913-449-7589 >>> office: 913-627-0351 >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Casper mailing list >>> Casper at list.jamfsoftware.com >>> http://list.jamfsoftware.com/mailman/listinfo/casper >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090213/45374b0c/attachment.html From tlarki at kckps.org Fri Feb 13 08:49:52 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 13 Feb 2009 10:49:52 -0600 Subject: [Casper] Running inventory reports by partition schema In-Reply-To: <49954EAC.7141.0039.0@kckps.org> References: <4982E947.7141.0039.0@kckps.org> <4982F2A8.7141.0039.0@kckps.org> <49954926.7141.0039.0@kckps.org> <49954EAC.7141.0039.0@kckps.org> Message-ID: <49955050.7141.0039.0@kckps.org> Sorry to spam the list so if I did something more on the lines like this #bin/bash win=".Local Disk" for i in /bin/ls -a /Volumes | grep .Local do if [[ $i != $win ]] && continue /usr/sbin/jamf install dummy.pkg else echo "NTFS volume found' fi done exit ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Thomas Larkin 02/13/09 10:42 AM >>> Actually, I already see a flaw in my script, it is always going to work because if the NTFS is not present they will always not equal each other.... maybe if I did it by volume name? All the windows volumes have the same name. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Thomas Larkin" 02/13/09 10:19 AM >>> Ok advanced casper users....OK, well I mean Miles... I have written the following script I want to run to install a dummy pkg to make a smart group on machines that have windows or not. So, here is my script, but I am not quite piecing it all together. I think I am missing a few small steps #!/bin/bash #determine if there is an NTFS volume on a mac, and run casper policy accordingly. fs=/bin/df -T ntfs for a in /bin/df -T ntfs ; do if [[ $a != $fs ]] && continue /usr/sbin/jamf install else echo "NTFS partition found? fi done exit So I should just create a blank package and call it, Winders XP or whatever. Then put it in Casper Admin and sync the shares. Then set the trigger to custom. Then I should make that script another policy and have it execute say, every hour once a day or whatever. Then apply it to all my user machines. The machines that have windows will be ignored and the ones that do have it will get that dummy package installed. Then I can create a smart group off the receipts.... This is my first time using a dummy package like this, so any pointers would be greatly appreciated. I also just wrote that script 5 minutes ago and only had 1 cup of coffee and am still learning how to properly code loops in shell scripts, so if my syntax is off, well I could use pointers there as well. Thanks, ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 01/30/09 12:35 PM >>> A dummy package is just an empty package. Name it something appropriate and recognizable such as "windowsMachines.pkg". Create a policy with a custom trigger to install this package. Create a second policy that runs on all of your machines which runs the script that I half-wrote in my last message. That script issues the custom trigger for the policy to install the dummy package if it finds an NTFS volume. What you end up with is each machine that has an NTFS volume also has a receipt for windowsMachines.pkg. You then create a smart group whose criteria is machines with the windowsMachines.pkg receipt. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Fri, Jan 30, 2009 at 1:29 PM, Thomas Larkin wrote: will this dummy package log only machines that have windows then in the policy logs? How exactly does this work? >>> Miles Leacy 01/30/09 12:07 PM >>> Dummy package. Loop through your /Volumes with: haswindows=`diskutil info $volume | grep -c NTFS` if [ $haswindows -ne 0 ] ; then issue the custom trigger to install the dummy package. Scope your Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/1/30 Thomas Larkin We now have a need to figure out how many machines have windows on them or not. I would like to run a report with Casper that will go through inventory and if a Mac doesn't have a NTFS partition on it with Windows I want it on one list, and if it does I want it on another list so we can tell what machines dual boot and which ones don't. Any ideas? ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090213/f18159c8/attachment.html From tlarki at kckps.org Fri Feb 13 09:05:38 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 13 Feb 2009 11:05:38 -0600 Subject: [Casper] Running inventory reports by partition schema In-Reply-To: References: <4982E947.7141.0039.0@kckps.org> <4982F2A8.7141.0039.0@kckps.org> <49954926.7141.0039.0@kckps.org> Message-ID: <49955401.7141.0039.0@kckps.org> Awesome Miles, thanks, you rock One more quick question. Since I don't ever trigger custom packages, I just name the policy whatever, then use the trigger option with the policy name behind it? Thanks again for your help ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/13/09 10:49 AM >>> Here's what I'd do and why... #!/bin/bash # Find ntfs partitions. If you have no ntfs partitions, `df -T ntfs` will return nothing. # If there are ntfs partitions, you'll get output that looks like: # /dev/disk0s4 32358320 73712 32284608 1% /Volumes/DevDisk hasntfspart=`df -T ntfs | grep -c /` # $hasntfspart now = 0 if there are no ntfs partitions, and >0 if there are any. # Install a dummy package if an ntfs partition is found. # I always install my dummy packages via policies, using custom triggers. # Create your dummy package, and a custom-triggered policy to install it. # In this example, I use flagForWindows as my custom trigger. # The name of the package is unimportant for the purposes of this script. if [ $hasntfspart -ne 0 ] then jamf policy -trigger flagForWindows else echo "no ntfs partition found" fi # The jamf binary contacts the JSS and runs any policies that have a trigger of # "flagForWindows" if the value of $hasntfspart is >0. # That's it. # If you want to be elegant about your coding, you can throw an `exit` in at the end. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Fri, Feb 13, 2009 at 11:19 AM, Thomas Larkin wrote: Ok advanced casper users....OK, well I mean Miles... I have written the following script I want to run to install a dummy pkg to make a smart group on machines that have windows or not. So, here is my script, but I am not quite piecing it all together. I think I am missing a few small steps #!/bin/bash #determine if there is an NTFS volume on a mac, and run casper policy accordingly. fs=/bin/df -T ntfs for a in /bin/df -T ntfs ; do if [[ $a != $fs ]] && continue /usr/sbin/jamf install else echo "NTFS partition found" fi done exit So I should just create a blank package and call it, Winders XP or whatever. Then put it in Casper Admin and sync the shares. Then set the trigger to custom. Then I should make that script another policy and have it execute say, every hour once a day or whatever. Then apply it to all my user machines. The machines that have windows will be ignored and the ones that do have it will get that dummy package installed. Then I can create a smart group off the receipts.... This is my first time using a dummy package like this, so any pointers would be greatly appreciated. I also just wrote that script 5 minutes ago and only had 1 cup of coffee and am still learning how to properly code loops in shell scripts, so if my syntax is off, well I could use pointers there as well. Thanks, ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 01/30/09 12:35 PM >>> A dummy package is just an empty package. Name it something appropriate and recognizable such as "windowsMachines.pkg". Create a policy with a custom trigger to install this package. Create a second policy that runs on all of your machines which runs the script that I half-wrote in my last message. That script issues the custom trigger for the poreceipt for windowsMachines.pkg. You then create a smart group whose criteria is machines with the windowsMachines.pkg receipt. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Fri, Jan 30, 2009 at 1:29 PM, Thomas Larkin wrote: will this dummy package log only machines that have windows then in the policy logs? How exactly does this work? >>> Miles Leacy 01/30/09 12:07 PM >>> Dummy package. Loop through your /Volumes with: haswindows=`diskutil info $volume | grep -c NTFS` if [ $haswindows -ne 0 ] ; then issue the custom trigger to install the dummy package. Scope your smart group to the existence of the dummy package. You may want to double check that "NTFS" is what you want to grep for. I don't have any NTFS volumes to test this with. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/1/30 Thomas Larkin We now have a need to figure out how many machines have windows on them or not. I would like to run a report with Casper that will go through inventory and if a Mac doesn't have a NTFS partition on it with Windows I want it on one list, and if it does I want it on another list so we can tell what machines dual boot and which ones don't. Any ideas? ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090213/ba8a9258/attachment.html From clinton.blackmore at westwind.ab.ca Fri Feb 13 09:14:59 2009 From: clinton.blackmore at westwind.ab.ca (Clinton Blackmore) Date: Fri, 13 Feb 2009 10:14:59 -0700 Subject: [Casper] Timing logins and applicaion startup In-Reply-To: <49953649.7141.0039.0@kckps.org> References: <4993E831.7141.0039.0@kckps.org> <085AC430-2CFB-4ECD-A369-01C49C0DF816@westwind.ab.ca> <4993F5E8.7141.0039.0@kckps.org> <49953649.7141.0039.0@kckps.org> Message-ID: <4EFEAD0A-25A7-44AB-B083-67F044D5FA04@westwind.ab.ca> Thanks for the help! Replies in teal. On 13-Feb-09, at 7:58 AM, Thomas Larkin wrote: > Replies in bold... > > Replies inline: > > I'm now using the 10.5.6 server admin tools -- does that cause > problems with previous versions of the OS (are are problems more > likely when using outdated tools?) > > Yes, using the wrong server tools versions can cause issues, > especially with Work Group Manager, it can cause BSD database > corruption, which will hose your LDAP. Ever see a new user generate > a negative UID number? Gee! I would not have expected that. Is it possible to tell if the BSD database is corrupt or not? If it is corrupt, is there a way to recover? (Googling shows me http://sdb.open-xchange.com/node/29 , and I imagine something similar might work. Oh, hey, http://www.barbariangroup.com/posts/1668-fixing_b0rked_open_directory_ldap_databases has steps similar to what we took when the first master failed.) If the master's LDAP DB is corrupt, would I expect all the replicas to have the same corruption? Would fixing the master cause the fix to replicate? >> > Huh. Well, this is the first year we've used replicas -- previously > ever site had its own master and was a universe unto itself. >> >> We had a small problem. In the master image the client is bound to >> the ODM. I then have casper policies that change bindings via a >> shell script. Well, for some reason they weren't running and all >> 6,000 clients were bound to the ODM and they proceeded to bend over >> my Xserve and throw it to it's knees. Everything ran slow. That >> is remedied now, the casper policy is running and all client >> machines get bound to the ODR in their building. Ouch! > > The CPU graph on the server at a school called CJHS -- where, in > particular, I was having problems -- is at a constant 75% -- which > is about 10 times what I would expect. [I wish I had proper > monitoring in place and could go back further than seven days. It > was hovering at a constant 60% almost a week ago, and then jumped up > to 75% and remained there.] Running top on the machine, I see that > AFP has gone off the deep end -- using 599.9% of the available CPU > time. Time to reboot that box. [Only one of our other servers was > misbehaving in the same way.] I had turned on all the AFP logging > features on that machine, and now, when they could be useful, the > access log starts at Jan 29 and ends on Feb 5th. It was too > verbose, so I have turned off many of the logging features. > > how many connections are you seeing on AFP? I assume that all home > folders are on AFP? Do you do portable home directories? Looking at the graphs, there are peaks and plateaus. The last plateau (before I rebooted) was at ~70 connections. The last peak was double that. 70 connections is largely accounted for by our two desktop labs, which use network home folders. Our two laptop labs are using portable home directories, and may explain the peak. > ... > [The log file has] lots and lots of lines like: > > Feb 11 13:53:38 CJHS-iMacLab-22 /System/Library/CoreServices/ > SystemUIServer.app/Contents/MacOS/SystemUIServer[4176]: > FolderManager: Failed looking up user domain root; url='file://localhost/Network/Servers/cjhs.wwsd.net/Volumes/DataHD/CJHSstudents/CJHS_Grade_07/ > [full name redacted]/' path=/Network/Servers/cjhs.wwsd.net/Volumes/ > DataHD/CJHSstudents/CJHS_Grade_07/[full name redacted]/ err=-120 > uid=7100 euid=7100 > > Thanks for your time. I will see if I am able to get a proper trace > of what is going on, especially if I can attribute it to something > other than AFP. > > Cheers, > Clinton Blackmore > > > That last line where it can't look up the home folder path, kind of > makes me think, DNS issue. Is your DNS fully resolved both forwards > and backwards? In OS X Server the changeip command is actually what > is used to check this, and of course set this. I have had my share > of small DNS issues and they will always come back to bite your leg > off. So, make sure you get your DNS in order. So, you can ssh into > your server and run this command > > xs106-a:~ root# changeip -checkhostname > > Primary address = 10.160.3.30 > > Current HostName = xs106-a.kckps.org > DNS HostName = xs106-a.kckps.org > > The names match. There is nothing to change. > The results came back as expected ("the names match. There is nothing to change") on our master, former master, and all but two of the replicas. Those two came back with "The DNS hostname is not available, please repair DNS and re-run this tool." I'll look into that, but problems have been occurring at sites where this is not an issue. Just trolling through the logs. On the CJHS school server, the Password Service Error Log shows this line this quite frequently: Feb 13 2009 07:40:22 DoSyncWithServerChangeList: "Parent" has a transaction ID beyond the current value, resetting to 0. Feb 13 2009 08:00:44 DoSyncWithServerChangeList: "Parent" has a transaction ID beyond the current value, resetting to 0. Feb 13 2009 08:10:17 DoSyncWithServerChangeList: "Parent" has a transaction ID beyond the current value, resetting to 0. Feb 13 2009 08:20:55 DoSyncWithServerChangeList: "Parent" has a transaction ID beyond the current value, resetting to 0. Feb 13 2009 08:30:28 DoSyncWithServerChangeList: "Parent" has a transaction ID beyond the current value, resetting to 0. Feb 13 2009 09:00:30 DoSyncWithServerChangeList: "Parent" has a transaction ID beyond the current value, resetting to 0. On our ODM, I see some lines like this in the Directory Services Error Log: 2009-02-06 14:20:44 MST - T[0xB05A6000] - dsDoReleaseContinueData - PID 0 error -14071 while checking if reference <16777292> is a node 2009-02-11 06:01:37 MST - T[0xB0699000] - dsDoReleaseContinueData - PID 0 error -14071 while checking if reference <16777276> is a node The Kerberos Administration Log shows lots of entries like: Feb 13 09:56:03 odm.wwsd.net kadmin.local[6683](info): No dictionary file specified, continuing without one. Feb 13 09:56:03 odm.wwsd.net kadmin.local[6683](info): No dictionary file specified, continuing without one. Well, I'm going to continue to look at the logs and see if I see anything more. Cheers, Clinton This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090213/71f3982d/attachment.htm From miles.leacy at themacadmin.com Fri Feb 13 09:18:37 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Fri, 13 Feb 2009 12:18:37 -0500 Subject: [Casper] Running inventory reports by partition schema In-Reply-To: <49955401.7141.0039.0@kckps.org> References: <4982E947.7141.0039.0@kckps.org> <4982F2A8.7141.0039.0@kckps.org> <49954926.7141.0039.0@kckps.org> <49955401.7141.0039.0@kckps.org> Message-ID: No problem. The name of the policy isn't important; the trigger is. In the execution options section of the policy's general tab, choose "other (Manually specify the run at action in this field) -->" from the "triggered by" drop down menu. In the text field next to that menu, type your custom trigger ("flagForWindows" in my example). The command below will run your policy, and any other policies for which you choose to specify "flagForWindows" as a custom trigger. jamf policy -trigger flagForWindows This command also works with the standard triggers, i.e.: jamf policy -trigger every15 jamf policy -trigger login jamf policy -trigger startup etc... ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Fri, Feb 13, 2009 at 12:05 PM, Thomas Larkin wrote: > Awesome Miles, thanks, you rock > > One more quick question. Since I don't ever trigger custom packages, I > just name the policy whatever, then use the trigger option with the policy > name behind it? > > Thanks again for your help > > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > >>> Miles Leacy 02/13/09 10:49 AM >>> > > Here's what I'd do and why... > > > #!/bin/bash > > > # Find ntfs partitions. If you have no ntfs partitions, `df -T ntfs` > will return nothing. > > # If there are ntfs partitions, you'll get output that looks like: > > # /dev/disk0s4 32358320 73712 32284608 1% /Volumes/DevDisk > > > hasntfspart=`df -T ntfs | grep -c /` > > > # $hasntfspart now = 0 if there are no ntfs partitions, and >0 if there > are any. > > > # Install a dummy package if an ntfs partition is found. > > # I always install my dummy packages via policies, using custom triggers. > > # Create your dummy package, and a custom-triggered policy to install it. > > # In this example, I use flagForWindows as my custom trigger. > > # The name of the package is unimportant for the purposes of this script. > > > if [ $hasntfspart -ne 0 ] > > then jamf policy -trigger flagForWindows > > else echo "no ntfs partition found" > > fi > > > # The jamf binary contacts the JSS and runs any policies that have a > trigger of > > # "flagForWindows" if the value of $hasntfspart is >0. > > # That's it. > > # If you want to be elegant about your coding, you can throw an `exit` in > at the end. > > > ---------- > Miles A. Leacy IV > > ? Certified System Administrator 10.4 > ? Certified Technical Coordinator 10.5 > ? Certified Trainer > Certified Casper Administrator > ---------- > voice: 1-347-277-7321 > miles.leacy at themacadmin.com > www.themacadmin.com > > > > > On Fri, Feb 13, 2009 at 11:19 AM, Thomas Larkin > > > > wrote: > >> Ok advanced casper users....OK, well I mean Miles... >> >> >> >> I have written the following script I want to run to install a dummy pkg >> to make a smart group on machines that have windows or not. So, here is my >> script, but I am not quite piecing it all together. I think I am missing a >> few small steps >> >> >> >> *#!/bin/bash* >> >> * * >> >> *#determine if there is an NTFS volume on a mac, and run casper policy >> accordingly.* >> >> * * >> >> *fs=/bin/df -T ntfs* >> >> * * >> >> *for a in /bin/df -T ntfs ; do* >> >> * * >> >> * if [[ $a != $fs ]] && continue* >> >> * * >> >> * /usr/sbin/jamf install * >> >> * * >> >> * else * >> >> * * >> >> * echo "NTFS partition found"* >> >> * * >> >> *fi* >> >> * * >> >> *done* >> >> * * >> >> *exit* >> >> >> >> So I should just create a blank package and call it, Winders XP or >> whatever. Then put it in Casper Admin and sync the shares. Then set the >> trigger to custom. Then I should make that script another policy and have >> it execute say, every hour once a day or whatever. Then apply it to all my >> user machines. The machines that have windows will be ignored and the ones >> that do have it will get that dummy package installed. Then I can create a >> smart group off the receipts.... >> >> >> >> This is my first time using a dummy package like this, so any pointers >> would be greatly appreciated. I also just wrote that script 5 minutes ago >> and only had 1 cup of coffee and am still learning how to properly code >> loops in shell scripts, so if my syntax is off, well I could use pointers >> there as well. >> >> >> >> Thanks, >> >> >> >> ___________________________ >> Thomas Larkin >> TIS Department >> KCKPS USD500 >> tlarki at kckps.org >> blackberry: 913-449-7589 >> office: 913-627-0351 >> >> >> >> >> >> >>> Miles Leacy 01/30/09 12:35 PM >>> >> >> >> A dummy package is just an empty package. Name it something appropriate >> and recognizable such as "windowsMachines.pkg". >> >> >> >> Create a policy with a custom trigger to install this package. >> >> >> Create a second policy that runs on all of your machines which runs the >> script that I half-wrote in my last message. That script issues the custom >> trigger for the policy to install the dummy package if it finds an NTFS >> volume. >> >> >> What you end up with is each machine that has an NTFS volume also has a >> receipt for windowsMachines.pkg. You then create a smart group whose >> criteria is machines with the windowsMachines.pkg receipt. >> >> >> ---------- >> Miles A. Leacy IV >> >> ? Certified System Administrator 10.4 >> ? Certified Technical Coordinator 10.5 >> ? Certified Trainer >> Certified Casper Administrator >> ---------- >> voice: 1-347-277-7321 >> miles.leacy at themacadmin.com >> www.themacadmin.com >> >> >> >> >> On Fri, Jan 30, 2009 at 1:29 PM, Thomas Larkin >> >> >> >> wrote: >> >>> will this dummy package log only machines that have windows then in the >>> policy logs? How exactly does this work? >>> >>> >>> Miles Leacy 01/30/09 12:07 PM >>> >>> >>> >>> >>> Dummy package. Loop through your /Volumes with: >>> >>> >>> >>> >>> haswindows=`diskutil info $volume | grep -c NTFS` >>> >>> >>> if [ $haswindows -ne 0 ] ; then >>> >>> >>> issue the custom trigger to install the dummy package. Scope your >>> smart group to the existence of the dummy package. >>> >>> >>> You may want to double check that "NTFS" is what you want to grep >>> for. I don't have any NTFS volumes to test this with. >>> >>> ---------- >>> Miles A. Leacy IV >>> >>> ? Certified System Administrator 10.4 >>> ? Certified Technical Coordinator 10.5 >>> ? Certified Trainer >>> Certified Casper Administrator >>> ---------- >>> voice: 1-347-277-7321 >>> miles.leacy at themacadmin.com >>> www.themacadmin.com >>> >>> >>> >>> >>> 2009/1/30 Thomas Larkin >>> >>> >>> >>> >>> We now have a need to figure out how many machines have windows on >>>> them or not. I would like to run a report with Casper that will go through >>>> inventory and if a Mac doesn't have a NTFS partition on it with Windows I >>>> want it on one list, and if it does I want it on another list so we can tell >>>> what machines dual boot and which ones don't. >>>> >>>> >>>> Any ideas? >>>> >>>> >>>> ___________________________ >>>> Thomas Larkin >>>> TIS Department >>>> KCKPS USD500 >>>> tlarki at kckps.org >>>> blackberry: 913-449-7589 >>>> office: 913-627-0351 >>>> >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Casper mailing list >>>> Casper at list.jamfsoftware.com >>>> http://list.jamfsoftware.com/mailman/listinfo/casper >>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090213/63e33fe4/attachment.html From tlarki at kckps.org Fri Feb 13 09:44:38 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 13 Feb 2009 11:44:38 -0600 Subject: [Casper] Timing logins and applicaion startup In-Reply-To: <4EFEAD0A-25A7-44AB-B083-67F044D5FA04@westwind.ab.ca> References: <4993E831.7141.0039.0@kckps.org> <085AC430-2CFB-4ECD-A369-01C49C0DF816@westwind.ab.ca> <4993F5E8.7141.0039.0@kckps.org> <49953649.7141.0039.0@kckps.org> <4EFEAD0A-25A7-44AB-B083-67F044D5FA04@westwind.ab.ca> Message-ID: <49955D26.7141.0039.0@kckps.org> My email is ghetto here so I don't have a lot of options so I will just answer in sections needed items from previous emails. I don't get any fancy colored text options..... Yes, WGM can cause all sorts of issues if you aren't using the proper version. This came straight to me from an Apple engineer and from official Apple server books (the ACSA books). Also, if you are seeing LDAP and BSD database corruption you should first dsexport your users and groups to plain text immediately. This will preserve their account information and UIDs, but not their passwords. You may at worse case scenario, have to rebuild LDAP from scratch. It sounds horrid I know, because I had to do it once, but I did it in one day (one 13 hour work day). All you have to do is demote everything to stand alone. Then wipe out the LDAP from your ODM (demoting it first) reimport everything, then go back and promote all your stand alones to replicas so they get a fresh sync of LDAP. 10.5.4 client and server were a head ache here, we bumped everything up to 10.5.5 and a lot of our problems disappeared. If your replicas are returning DNS errors and if you map home directories by FQDN, that can too cause problems. We have a legacy DNS that some of the older PCs use, and a server or two picked up our old DNS and it screwed lots of things up, so now our DNS database points all Mac servers to the proper DNS and specifically omits them from the other DNS. In the ACSA books Apple says they do not recommend netbooting more than 50 clients for imaging purposes. Imaging is done over AFP, and I have examples of how flaky AFP is. I took screen shots of AFP throughput when we were imaging this summer. If we did not kick off the file transfer at the same time on all clients, AFP would flake out trying to load balance the connections. Data throughput would half itself. As for your specific problem, I would try to figure out what accounts have problems, watch the logs as they log in and see what specific errors you get. FYI, when I had the LDAP corruption I was getting PasswordService failures on my replicas as well, and Kerberos wasn't working properly either. It is hard to tell what your exact problem is. As a first step I would try to first demote your replicas to stand alone configuration, then promote them back to replicas. This will force down a fresh copy of your LDAP to them. Good luck! ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090213/623a1924/attachment.html From tlarki at kckps.org Fri Feb 13 14:34:32 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 13 Feb 2009 16:34:32 -0600 Subject: [Casper] Running inventory reports by partition schema In-Reply-To: References: <4982E947.7141.0039.0@kckps.org> <4982F2A8.7141.0039.0@kckps.org> <49954926.7141.0039.0@kckps.org> <49955401.7141.0039.0@kckps.org> Message-ID: <4995A118.7141.0039.0@kckps.org> Thanks for your help it works as I have tested it out manually on my Macbook pro, which doesn't dual boot. So, when we come back to school on Tuesday and everyone is hitting the network I should get a full report of how many machines do not have windows. Dummy packages are very neat idea. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/13/09 11:18 AM >>> No problem. The name of the policy isn't important; the trigger is. In the execution options section of the policy's general tab, choose "other (Manually specify the run at action in this field) -->" from the "triggered by" drop down menu. In the text field next to that menu, type your custom trigger ("flagForWindows" in my example). The command below will run your policy, and any other policies for which you choose to specify "flagForWindows" as a custom trigger. jamf policy -trigger flagForWindows This command also works with the standard triggers, i.e.: jamf policy -trigger every15 jamf policy -trigger login jamf policy -trigger startup etc... ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Fri, Feb 13, 2009 at 12:05 PM, Thomas Larkin wrote: Awesome Miles, thanks, you rock One more quick question. Since I don't ever trigger custom packages, I just name the policy whatever, then use the trigger option with the policy name behind it? Thanks again for your help ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/13/09 10:49 AM >>> Here's what I'd do and why... #!/bin/bash # Find ntfs partitions. If you have no ntfs partitions, `df -T ntfs` will return nothing. # If there are ntfs partitions, you'll get output that looks like: # /dev/disk0s4 32358320 73712 32284608 1% /Volumes/DevDisk hasntfspart=`df -T ntfs | grep -c /` # $hasntfspart now = 0 if there are no ntfs partitions, and >0 if there are any. # Install a dummy package if an ntfs partition is found. # I always install my dummy packages via policies, using custom triggers. # Create your dummy package, and a custom-triggered policy to install it. # In this example, I use flagForWindows as my custom trigger. # The name of the package is unimportant for the purposes of this script. if [ $hasntfspart -ne 0 ] then jamf policy -trigger flagForWindows else echo "no ntfs partition found" fi # The jamf binary contacts the JSS and runs any policies that have a trigger of # "flagForWindows" if the value of $hasntfspart is >0. # That's it. # If you want to be elegant about your coding, you can throw an `exit` in at the end. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Fri, Feb 13, 2009 at 11:19 AM, Thomas Larkin wrote: Ok advanced casper users....OK, well I mean Miles... I have written the following script I want to run to install a dummy pkg to make a smart group on machines that have windows or not. So, here is my script, but I am not quite piecing it all together. I think I am missing a few small steps #!/bin/bash #determine if there is an NTFS volume on a mac, and run casper policy accordingly. fs=/bin/df -T ntfs for a in /bin/df -T ntfs ; do So I should just create a blank package and call it, Winders XP or whatever. Then put it in Casper Admin and sync the shares. Then set the trigger to custom. Then I should make that script another policy and have it execute say, every hour once a day or whatever. Then apply it to all my user machines. The machines that have windows will be ignored and the ones that do have it will get that dummy package installed. Then I can create a smart group off the receipts.... This is my first time using a dummy package like this, so any pointers would be greatly appreciated. I also just wrote that script 5 minutes ago and only had 1 cup of coffee and am still learning how to properly code loops in shell scripts, so if my syntax is off, well I could use pointers there as well. Thanks, ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 01/30/09 12:35 PM >>> A dummy package is just an empty package. Name it something appropriate and recognizable such as "windowsMachines.pkg". Create a policy with a custom trigger to install this package. Create a second policy that runs on all of your machines which runs the script that I half-wrote in my last message. That script issues the custom trigger for the policy to install the dummy package if it finds an NTFS volume. What you end up with is each machine that has an NTFS volume also has a receipt for windowsMachines.pkg. You then create a smart group whose criteria is machines with the windowsMachines.pkg receipt. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com On Fri, Jan 30, 2009 at 1:29 PM, Thomas Larkin wrote: will this dummy package log only machines that have windows then in the policy logs? How exactly does this work? >>> Miles Leacy 01/30/09 12:07 PM >>> Dummy package. Loop through your /Volumes with: haswindows=`diskutil info $volume | grep -c NTFS` if [ $haswindows -ne 0 ] ; then issue the custom trigger to install the dummy package. Scope your smart group to the existence of the dummy package. You may want to double check that "NTFS" is what you want to grep for. I don't have any NTFS volumes to test this with. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/1/30 Thomas Larkin We now have a need to figure out how many machines have windows on them or not. I would like to run a report with Casper that will go through inventory and if a Mac doesn't have a NTFS partition on it with Windows I want it on one list, and if it does I want it on another list so we can tell what machines dual boot and which ones don't. Any ideas? ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090213/8cff9c0a/attachment.htm From jstrauss at loyolahs.edu Sat Feb 14 00:24:54 2009 From: jstrauss at loyolahs.edu (Jeff Strauss) Date: Sat, 14 Feb 2009 00:24:54 -0800 Subject: [Casper] Prohibit copying from /Applications Message-ID: Hi y'all, I've been racking my brain for the past couple days on this one. At my site we issue each student a 4 gig flash drive, and a problem I'm having is that students are copying apps out of the /Application folder (and other folders) and onto their drives. Any way to prevent this? I know one solution is to disallow external drive mounting, but unfortunately that's not an option. Is there a symlink solution to this? Thanks, and have a great weekend and Valentine's Day! Jeffrey A. Strauss Department of Educational Technology Systems Administrator Loyola High School of Los Angeles 1901 Venice Blvd. Los Angeles, Ca 90006 (213) 381-5121 x265 Please consider the environment before printing this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090214/c566e5b7/attachment.html From miles.leacy at themacadmin.com Sat Feb 14 05:13:53 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Sat, 14 Feb 2009 08:13:53 -0500 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: References: Message-ID: Using MCX, you can prohibit running apps from certain locations, but if a client has read rights, they can copy the app files. What are you trying to accomplish? If you want to prevent piracy, I don't believe that's your organization's responsibility (of course, I'm not an IP lawyer, so take that with an appropriate grain of salt). ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/14 Jeff Strauss > Hi y'all, > > I've been racking my brain for the past couple days on this one. At my site > we issue each student a 4 gig flash drive, and a problem I'm having is that > students are copying apps out of the /Application folder (and other folders) > and onto their drives. Any way to prevent this? I know one solution is to > disallow external drive mounting, but unfortunately that's not an option. Is > there a symlink solution to this? > > Thanks, and have a great weekend and Valentine's Day! > > > *Jeffrey A. Strauss > *Department of Educational Technology > *Systems Administrator > *Loyola High School of Los Angeles > 1901 Venice Blvd. > Los Angeles, Ca 90006 > (213) 381-5121 x265 > > Please consider the environment before printing this e-mail. > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090214/1c58cedb/attachment.html From jstrauss at loyolahs.edu Sat Feb 14 08:53:47 2009 From: jstrauss at loyolahs.edu (Jeff Strauss) Date: Sat, 14 Feb 2009 08:53:47 -0800 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: References: Message-ID: <02649D61-F4BD-461D-8192-30F9BAB6EFC7@loyolahs.edu> No, not trying to prevent piracy, just wondering. I already asked this question and got the same answer, but then symlinks came to mind and I thought I'd take a shot in the dark. Sent from my iPhone On Feb 14, 2009, at 5:18 AM, "Miles Leacy" > wrote: Using MCX, you can prohibit running apps from certain locations, but if a client has read rights, they can copy the app files. What are you trying to accomplish? If you want to prevent piracy, I don't believe that's your organization's responsibility (of course, I'm not an IP lawyer, so take that with an appropriate grain of salt). ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/14 Jeff Strauss <jstrauss at loyolahs.edu> Hi y'all, I've been racking my brain for the past couple days on this one. At my site we issue each student a 4 gig flash drive, and a problem I'm having is that students are copying apps out of the /Application folder (and other folders) and onto their drives. Any way to prevent this? I know one solution is to disallow external drive mounting, but unfortunately that's not an option. Is there a symlink solution to this? Thanks, and have a great weekend and Valentine's Day! Jeffrey A. Strauss Department of Educational Technology Systems Administrator Loyola High School of Los Angeles 1901 Venice Blvd. Los Angeles, Ca 90006 (213) 381-5121 x265 Please consider the environment before printing this e-mail. _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090214/cbc38886/attachment.htm From tlarki at kckps.org Sat Feb 14 12:50:47 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Sat, 14 Feb 2009 14:50:47 -0600 Subject: [Casper] Prohibit copying from /Applications Message-ID: <4996D7A50200003900009371@gwoes4.kckps.org> The only thing I can think of, and this would be a far out stretch, is you make a launchd item that monitors /Applications. Anyone trying to copy anything from that directory to any other directory gets stopped and deleted. I am not sure how you would script it, but you can make launchd watch /Applications and the second anything is copied you can trigger a script. Do note that what we previously discussed with MCX can limit users from running any kind of application outside of /Applications. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Jeff Strauss 02/14/09 10:57 AM >>> No, not trying to prevent piracy, just wondering. I already asked this question and got the same answer, but then symlinks came to mind and I thought I'd take a shot in the dark. Sent from my iPhone On Feb 14, 2009, at 5:18 AM, "Miles Leacy" > wrote: Using MCX, you can prohibit running apps from certain locations, but if a client has read rights, they can copy the app files. What are you trying to accomplish? If you want to prevent piracy, I don't believe that's your organization's responsibility (of course, I'm not an IP lawyer, so take that with an appropriate grain of salt). ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/14 Jeff Strauss <jstrauss at loyolahs.edu> Hi y'all, I've been racking my brain for the past couple days on this one. At my site we issue each student a 4 gig flash drive, and a problem I'm having is that students are copying apps out of the /Application folder (and other folders) and onto their drives. Any way to prevent this? I know one solution is to disallow external drive mounting, but unfortunately that's not an option. Is there a symlink solution to this? Thanks, and have a great weekend and Valentine's Day! Jeffrey A. Strauss Department of Educational Technology Systems Administrator Loyola High School of Los Angeles 1901 Venice Blvd. Los Angeles, Ca 90006 (213) 381-5121 x265 Please consider the environment before printing this e-mail. _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From jstrauss at loyolahs.edu Sat Feb 14 13:28:57 2009 From: jstrauss at loyolahs.edu (Jeff Strauss) Date: Sat, 14 Feb 2009 13:28:57 -0800 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: <4996D7A50200003900009371@gwoes4.kckps.org> Message-ID: Tom, Yes, true, and I've been limiting application launches from anywhere outside of /Applications. To be completely honest, one of my two ideas (well, the only idea beside the symlink one) was creating a launchd item that did just that. I didn't know how feasible that was, though, so I didn't mention it. Now that I have some intellectual support on that idea, I'm gonna start testing it. This is a big deal at our site, since the school doesn't wanna eat the $30K it just spent buying every kid a flash drive. (Against two admins' judgement, btw, mine included.) Good weekend to all. On 2/14/09 12:50 PM, "Thomas Larkin" wrote: The only thing I can think of, and this would be a far out stretch, is you make a launchd item that monitors /Applications. Anyone trying to copy anything from that directory to any other directory gets stopped and deleted. I am not sure how you would script it, but you can make launchd watch /Applications and the second anything is copied you can trigger a script. Do note that what we previously discussed with MCX can limit users from running any kind of application outside of /Applications. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Jeff Strauss 02/14/09 10:57 AM >>> No, not trying to prevent piracy, just wondering. I already asked this question and got the same answer, but then symlinks came to mind and I thought I'd take a shot in the dark. Sent from my iPhone On Feb 14, 2009, at 5:18 AM, "Miles Leacy" > wrote: Using MCX, you can prohibit running apps from certain locations, but if a client has read rights, they can copy the app files. What are you trying to accomplish? If you want to prevent piracy, I don't believe that's your organization's responsibility (of course, I'm not an IP lawyer, so take that with an appropriate grain of salt). ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/14 Jeff Strauss <jstrauss at loyolahs.edu> Hi y'all, I've been racking my brain for the past couple days on this one. At my site we issue each student a 4 gig flash drive, and a problem I'm having is that students are copying apps out of the /Application folder (and other folders) and onto their drives. Any way to prevent this? I know one solution is to disallow external drive mounting, but unfortunately that's not an option. Is there a symlink solution to this? Thanks, and have a great weekend and Valentine's Day! Jeffrey A. Strauss Department of Educational Technology Systems Administrator Loyola High School of Los Angeles 1901 Venice Blvd. Los Angeles, Ca 90006 (213) 381-5121 x265 Please consider the environment before printing this e-mail. _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper Jeffrey A. Strauss Department of Educational Technology Systems Administrator Loyola High School of Los Angeles 1901 Venice Blvd. Los Angeles, Ca 90006 (213) 381-5121 x265 Please consider the environment before printing this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090214/e34e7062/attachment.html From clinton.blackmore at westwind.ab.ca Sat Feb 14 14:12:41 2009 From: clinton.blackmore at westwind.ab.ca (clinton.blackmore) Date: Sat, 14 Feb 2009 15:12:41 -0700 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: References: Message-ID: Darn. Here I'd always hoped that some funky set of ACLs could prevent the problem. We have a problem where students move applications onto their desktops when trying to put it on their Dock (and then we get complains that the app is not installed, or that users (inexplicably) can not log into network accounts with a .app on the desktop.) If you are serious about writing a launchd item, and especially if your running all Leopard, there is a python application called crankd that can install hooks into system events (like filesystem activity, network transitions, and such) and call your code when it happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ is a place to start looking. I think it might be easier to work with than launchd. If you do come up with something, I'd appreciate it if you'd share. Cheers, Clinton Blackmore From jstrauss at loyolahs.edu Sat Feb 14 14:16:00 2009 From: jstrauss at loyolahs.edu (Jeff Strauss) Date: Sat, 14 Feb 2009 14:16:00 -0800 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: References: Message-ID: <887A58DD-A8DD-42A4-AA2E-53FDCF0AE293@loyolahs.edu> Thanks for that. I'm going to start work on it after the weekend. Expect email asking for help :) Sent from my iPhone On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" wrote: > Darn. Here I'd always hoped that some funky set of ACLs could > prevent the problem. We have a problem where students move > applications onto their desktops when trying to put it on their Dock > (and then we get complains that the app is not installed, or that > users (inexplicably) can not log into network accounts with a .app > on the desktop.) > > If you are serious about writing a launchd item, and especially if > your running all Leopard, there is a python application called > crankd that can install hooks into system events (like filesystem > activity, network transitions, and such) and call your code when it > happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ > is a place to start looking. I think it might be easier to work > with than launchd. > > If you do come up with something, I'd appreciate it if you'd share. > > Cheers, > Clinton Blackmore > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper From tlarki at kckps.org Sun Feb 15 11:07:46 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Sun, 15 Feb 2009 13:07:46 -0600 Subject: [Casper] Prohibit copying from /Applications Message-ID: <499813A20200003900009387@gwoes4.kckps.org> I have search and destroy scripts that search out and delete certain file systems, by file extension. I suppose you could modify my scripts to search the path of the user's desktop and have it remove anything with .app as the extension. If they don't have write access to /Applications they can't trash them. You could also use Unix permissions to make their desktop read only, so they would be forced to save things in their ~/Documents but I can see that causing issues perhaps. Like Safari for example, by default wants to download files to the user's desktop. We have had this problem as well, and I could never come up with a working feasible solution that wouldn't confuse or cause issues with end users using their laptops. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Jeff Strauss 02/14/09 4:19 PM >>> Thanks for that. I'm going to start work on it after the weekend. Expect email asking for help :) Sent from my iPhone On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" wrote: > Darn. Here I'd always hoped that some funky set of ACLs could > prevent the problem. We have a problem where students move > applications onto their desktops when trying to put it on their Dock > (and then we get complains that the app is not installed, or that > users (inexplicably) can not log into network accounts with a .app > on the desktop.) > > If you are serious about writing a launchd item, and especially if > your running all Leopard, there is a python application called > crankd that can install hooks into system events (like filesystem > activity, network transitions, and such) and call your code when it > happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ > is a place to start looking. I think it might be easier to work > with than launchd. > > If you do come up with something, I'd appreciate it if you'd share. > > Cheers, > Clinton Blackmore > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper From jstrauss at loyolahs.edu Sun Feb 15 11:30:07 2009 From: jstrauss at loyolahs.edu (Jeff Strauss) Date: Sun, 15 Feb 2009 11:30:07 -0800 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: <499813A20200003900009387@gwoes4.kckps.org> References: <499813A20200003900009387@gwoes4.kckps.org> Message-ID: But don't your scripts run at intervals?What if a user copies an app to his flash drive and unmounts it before your script ran? Sent from my iPhone On Feb 15, 2009, at 11:13 AM, "Thomas Larkin" wrote: > I have search and destroy scripts that search out and delete certain > file systems, by file extension. I suppose you could modify my > scripts to search the path of the user's desktop and have it remove > anything with .app as the extension. If they don't have write > access to /Applications they can't trash them. You could also use > Unix permissions to make their desktop read only, so they would be > forced to save things in their ~/Documents but I can see that > causing issues perhaps. Like Safari for example, by default wants > to download files to the user's desktop. > > We have had this problem as well, and I could never come up with a > working feasible solution that wouldn't confuse or cause issues with > end users using their laptops. > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > >>>> Jeff Strauss 02/14/09 4:19 PM >>> > Thanks for that. I'm going to start work on it after the weekend. > Expect email asking for help :) > > Sent from my iPhone > > On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" > wrote: > >> Darn. Here I'd always hoped that some funky set of ACLs could >> prevent the problem. We have a problem where students move >> applications onto their desktops when trying to put it on their Dock >> (and then we get complains that the app is not installed, or that >> users (inexplicably) can not log into network accounts with a .app >> on the desktop.) >> >> If you are serious about writing a launchd item, and especially if >> your running all Leopard, there is a python application called >> crankd that can install hooks into system events (like filesystem >> activity, network transitions, and such) and call your code when it >> happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ >> is a place to start looking. I think it might be easier to work >> with than launchd. >> >> If you do come up with something, I'd appreciate it if you'd share. >> >> Cheers, >> Clinton Blackmore >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > From tlarki at kckps.org Sun Feb 15 13:12:14 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Sun, 15 Feb 2009 15:12:14 -0600 Subject: [Casper] Prohibit copying from /Applications Message-ID: <499830CE0200003900009394@gwoes4.kckps.org> That is where launchd would kick in. It monitors the folder and then when whatever action is taking place it then executes what you tell it to do so. You could have it check every 30 seconds, or however you set it up in ARD. Once it is triggered the script can run, but yes it will take time to run and if it takes too long and the user ejects their usb thumb drive then it will become moot. I just think it seems like a lot of hassle for very little pay off. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Jeff Strauss 02/15/09 1:32 PM >>> But don't your scripts run at intervals?What if a user copies an app to his flash drive and unmounts it before your script ran? Sent from my iPhone On Feb 15, 2009, at 11:13 AM, "Thomas Larkin" wrote: > I have search and destroy scripts that search out and delete certain > file systems, by file extension. I suppose you could modify my > scripts to search the path of the user's desktop and have it remove > anything with .app as the extension. If they don't have write > access to /Applications they can't trash them. You could also use > Unix permissions to make their desktop read only, so they would be > forced to save things in their ~/Documents but I can see that > causing issues perhaps. Like Safari for example, by default wants > to download files to the user's desktop. > > We have had this problem as well, and I could never come up with a > working feasible solution that wouldn't confuse or cause issues with > end users using their laptops. > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > >>>> Jeff Strauss 02/14/09 4:19 PM >>> > Thanks for that. I'm going to start work on it after the weekend. > Expect email asking for help :) > > Sent from my iPhone > > On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" > wrote: > >> Darn. Here I'd always hoped that some funky set of ACLs could >> prevent the problem. We have a problem where students move >> applications onto their desktops when trying to put it on their Dock >> (and then we get complains that the app is not installed, or that >> users (inexplicably) can not log into network accounts with a .app >> on the desktop.) >> >> If you are serious about writing a launchd item, and especially if >> your running all Leopard, there is a python application called >> crankd that can install hooks into system events (like filesystem >> activity, network transitions, and such) and call your code when it >> happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ >> is a place to start looking. I think it might be easier to work >> with than launchd. >> >> If you do come up with something, I'd appreciate it if you'd share. >> >> Cheers, >> Clinton Blackmore >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > From CMyers at uclan.ac.uk Sun Feb 15 23:57:08 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Mon, 16 Feb 2009 07:57:08 +0000 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: <499830CE0200003900009394@gwoes4.kckps.org> References: <499830CE0200003900009394@gwoes4.kckps.org> Message-ID: <49991C54.BB96.0081.0@uclan.ac.uk> Hi All, what you need is KeyServer, i use a KeyServer to monitor and control licenses and if you KEY and application then it cannot be run without a connection to the keyserver so if an application is copied to a pen drive and taken else where it will never run. Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Sun, Feb 15, 2009 at 9:12 PM, in message <499830CE0200003900009394 at gwoes4.kckps.org>, "Thomas Larkin" wrote: That is where launchd would kick in. It monitors the folder and then when whatever action is taking place it then executes what you tell it to do so. You could have it check every 30 seconds, or however you set it up in ARD. Once it is triggered the script can run, but yes it will take time to run and if it takes too long and the user ejects their usb thumb drive then it will become moot. I just think it seems like a lot of hassle for very little pay off. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Jeff Strauss 02/15/09 1:32 PM >>> But don't your scripts run at intervals?What if a user copies an app to his flash drive and unmounts it before your script ran? Sent from my iPhone On Feb 15, 2009, at 11:13 AM, "Thomas Larkin" wrote: > I have search and destroy scripts that search out and delete certain > file systems, by file extension. I suppose you could modify my > scripts to search the path of the user's desktop and have it remove > anything with .app as the extension. If they don't have write > access to /Applications they can't trash them. You could also use > Unix permissions to make their desktop read only, so they would be > forced to save things in their ~/Documents but I can see that > causing issues perhaps. Like Safari for example, by default wants > to download files to the user's desktop. > > We have had this problem as well, and I could never come up with a > working feasible solution that wouldn't confuse or cause issues with > end users using their laptops. > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > >>>> Jeff Strauss 02/14/09 4:19 PM >>> > Thanks for that. I'm going to start work on it after the weekend. > Expect email asking for help :) > > Sent from my iPhone > > On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" > wrote: > >> Darn. Here I'd always hoped that some funky set of ACLs could >> prevent the problem. We have a problem where students move >> applications onto their desktops when trying to put it on their Dock >> (and then we get complains that the app is not installed, or that >> users (inexplicably) can not log into network accounts with a .app >> on the desktop.) >> >> If you are serious about writing a launchd item, and especially if >> your running all Leopard, there is a python application called >> crankd that can install hooks into system events (like filesystem >> activity, network transitions, and such) and call your code when it >> happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ >> is a place to start looking. I think it might be easier to work >> with than launchd. >> >> If you do come up with something, I'd appreciate it if you'd share. >> >> Cheers, >> Clinton Blackmore >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090216/17f32aa1/attachment.htm From tlarki at kckps.org Tue Feb 17 12:06:30 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Tue, 17 Feb 2009 14:06:30 -0600 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: <49991C54.BB96.0081.0@uclan.ac.uk> References: <499830CE0200003900009394@gwoes4.kckps.org> <49991C54.BB96.0081.0@uclan.ac.uk> Message-ID: <499AC466.7141.0039.0@kckps.org> Do you have to be connected to this key server for it to work? Like if I go off campus with my laptop are all my 'keyed' applications no longer going to run? Thanks ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Criss Myers" 02/16/09 1:57 AM >>> Hi All, what you need is KeyServer, i use a KeyServer to monitor and control licenses and if you KEY and application then it cannot be run without a connection to the keyserver so if an application is copied to a pen drive and taken else where it will never run. Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Sun, Feb 15, 2009 at 9:12 PM, in message <499830CE0200003900009394 at gwoes4.kckps.org>, "Thomas Larkin" wrote: That is where launchd would kick in. It monitors the folder and then when whatever action is taking place it then executes what you tell it to do so. You could have it check every 30 seconds, or however you set it up in ARD. Once it is triggered the script can run, but yes it will take time to run and if it takes too long and the user ejects their usb thumb drive then it will become moot. I just think it seems like a lot of hassle for very little pay off. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Jeff Strauss 02/15/09 1:32 PM >>> But don't your scripts run at intervals?What if a user copies an app to his flash drive and unmounts it before your script ran? Sent from my iPhone On Feb 15, 2009, at 11:13 AM, "Thomas Larkin" wrote: > I have search and destroy scripts that search out and delete certain > file systems, by file extension. I suppose you could modify my > scripts to search the path of the user's desktop and have it remove > anything with .app as the extension. If they don't have write > access to /Applications they can't trash them. You could also use > Unix permissions to make their desktop read only, so they would be > forced to save things in their ~/Documents but I can see that > causing issues perhaps. Like Safari for example, by default wants > to download files to the user's desktop. > > We have had this problem as well, and I could never come up with a > working feasible solution that wouldn't confuse or cause issues with > end users using their laptops. > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > >>>> Jeff Strauss 02/14/09 4:19 PM >>> > Thanks for that. I'm going to start work on it after the weekend. > Expect email asking for help :) > > Sent from my iPhone > > On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" > wrote: > >> Darn. Here I'd always hoped that some funky set of ACLs could >> prevent the problem. We have a problem where students move >> applications onto their desktops when trying to put it on their Dock >> (and then we get complains that the app is not installed, or that >> users (inexplicably) can not log into network accounts with a .app >> on the desktop.) >> >> If you are serious about writing a launchd item, and especially if >> your running all Leopard, there is a python application called >> crankd that can install hooks into system events (like filesystem >> activity, network transitions, and such) and call your code when it >> happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ >> is a place to start looking. I think it might be easier to work >> with than launchd. >> >> If you do come up with something, I'd appreciate it if you'd share. >> >> Cheers, >> Clinton Blackmore >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090217/d76a4c9a/attachment.html From ERNSTCS at uwec.edu Tue Feb 17 14:24:08 2009 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Tue, 17 Feb 2009 16:24:08 -0600 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: <499AC466.7141.0039.0@kckps.org> References: <499830CE0200003900009394@gwoes4.kckps.org> <49991C54.BB96.0081.0@uclan.ac.uk> <499AC466.7141.0039.0@kckps.org> Message-ID: <38080239-C1FA-455E-9ED9-84417562A4BE@uwec.edu> If you have "keyed" applications they work when you can talk to the keyserver. Options for when the keyserver is not available are to allow the app to run and just meter the usage and report update when it can talk again, or to deny the app to run. You also have the option to allow the user to "check-out" a license or seat before leaving the network of which you can predefine how long that check out lasts. Keyserver client runs as service. I think that is all the options, but there may be more options. I'm not our keyserver guru, but we use it here. Craig Ernst UW-Eau Claire (715) 836-3639 Sent from my iPhone On Feb 17, 2009, at 2:06 PM, "Thomas Larkin" > wrote: Do you have to be connected to this key server for it to work? Like if I go off campus with my laptop are all my 'keyed' applications no longer going to run? Thanks ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Criss Myers" > 02/16/09 1:57 AM >>> Hi All, what you need is KeyServer, i use a KeyServer to monitor and control licenses and if you KEY and application then it cannot be run without a connection to the keyserver so if an application is copied to a pen drive and taken else where it will never run. Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Sun, Feb 15, 2009 at 9:12 PM, in message <499830CE0200003900009394 at gwoes4.kckps.org>, "Thomas Larkin" > wrote: That is where launchd would kick in. It monitors the folder and then when whatever action is taking place it then executes what you tell it to do so. You could have it check every 30 seconds, or however you set it up in ARD. Once it is triggered the script can run, but yes it will take time to run and if it takes too long and the user ejects their usb thumb drive then it will become moot. I just think it seems like a lot of hassle for very little pay off. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Jeff Strauss 02/15/09 1:32 PM >>> But don't your scripts run at intervals?What if a user copies an app to his flash drive and unmounts it before your script ran? Sent from my iPhone On Feb 15, 2009, at 11:13 AM, "Thomas Larkin" wrote: > I have search and destroy scripts that search out and delete certain > file systems, by file extension. I suppose you could modify my > scripts to search the path of the user's desktop and have it remove > anything with .app as the extension. If they don't have write > access to /Applications they can't trash them. You could also use > Unix permissions to make their desktop read only, so they would be > forced to save things in their ~/Documents but I can see that > causing issues perhaps. Like Safari for example, by default wants > to download files to the user's desktop. > > We have had this problem as well, and I could never come up with a > working feasible solution that wouldn't confuse or cause issues with > end users using their laptops. > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > >>>> Jeff Strauss 02/14/09 4:19 PM >>> > Thanks for that. I'm going to start work on it after the weekend. > Expect email asking for help :) > > Sent from my iPhone > > On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" > wrote: > >> Darn. Here I'd always hoped that some funky set of ACLs could >> prevent the problem. We have a problem where students move >> applications onto their desktops when trying to put it on their Dock >> (and then we get complains that the app is not installed, or that >> users (inexplicably) can not log into network accounts with a .app >> on the desktop.) >> >> If you are serious about writing a launchd item, and especially if >> your running all Leopard, there is a python application called >> crankd that can install hooks into system events (like filesystem >> activity, network transitions, and such) and call your code when it >> happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ >> is a place to start looking. I think it might be easier to work >> with than launchd. >> >> If you do come up with something, I'd appreciate it if you'd share. >> >> Cheers, >> Clinton Blackmore >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090217/aebdc348/attachment.html From CMyers at uclan.ac.uk Wed Feb 18 00:04:59 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Wed, 18 Feb 2009 08:04:59 +0000 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: <38080239-C1FA-455E-9ED9-84417562A4BE@uwec.edu> References: <499830CE0200003900009394@gwoes4.kckps.org> <49991C54.BB96.0081.0@uclan.ac.uk> <499AC466.7141.0039.0@kckps.org> <38080239-C1FA-455E-9ED9-84417562A4BE@uwec.edu> Message-ID: <499BC12B.BB96.0081.0@uclan.ac.uk> Yes that pretty much it, you can join the keyserver to your directory system and grant access based on groups, computers, locations etc or even give priority at set times of the day. I dont use any of these functions i just use it to monitor software usage, but if youneed to control the use of apps its very good Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Tue, Feb 17, 2009 at 10:24 PM, in message <38080239-C1FA-455E-9ED9-84417562A4BE at uwec.edu>, "Ernst, Craig S." wrote: If you have "keyed" applications they work when you can talk to the keyserver. Options for when the keyserver is not available are to allow the app to run and just meter the usage and report update when it can talk again, or to deny the app to run. You also have the option to allow the user to "check-out" a license or seat before leaving the network of which you can predefine how long that check out lasts. Keyserver client runs as service. I think that is all the options, but there may be more options. I'm not our keyserver guru, but we use it here. Craig Ernst UW-Eau Claire (715) 836-3639 Sent from my iPhone On Feb 17, 2009, at 2:06 PM, "Thomas Larkin" wrote: Do you have to be connected to this key server for it to work? Like if I go off campus with my laptop are all my 'keyed' applications no longer going to run? Thanks ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Criss Myers" 02/16/09 1:57 AM >>> Hi All, what you need is KeyServer, i use a KeyServer to monitor and control licenses and if you KEY and application then it cannot be run without a connection to the keyserver so if an application is copied to a pen drive and taken else where it will never run. Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Sun, Feb 15, 2009 at 9:12 PM, in message <499830CE0200003900009394 at gwoes4.kckps.org>, "Thomas Larkin" wrote: That is where launchd would kick in. It monitors the folder and then when whatever action is taking place it then executes what you tell it to do so. You could have it check every 30 seconds, or however you set it up in ARD. Once it is triggered the script can run, but yes it will take time to run and if it takes too long and the user ejects their usb thumb drive then it will become moot. I just think it seems like a lot of hassle for very little pay off. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Jeff Strauss 02/15/09 1:32 PM >>> But don't your scripts run at intervals?What if a user copies an app to his flash drive and unmounts it before your script ran? Sent from my iPhone On Feb 15, 2009, at 11:13 AM, "Thomas Larkin" wrote: > I have search and destroy scripts that search out and delete certain > file systems, by file extension. I suppose you could modify my > scripts to search the path of the user's desktop and have it remove > anything with .app as the extension. If they don't have write > access to /Applications they can't trash them. You could also use > Unix permissions to make their desktop read only, so they would be > forced to save things in their ~/Documents but I can see that > causing issues perhaps. Like Safari for example, by default wants > to download files to the user's desktop. > > We have had this problem as well, and I could never come up with a > working feasible solution that wouldn't confuse or cause issues with > end users using their laptops. > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > >>>> Jeff Strauss 02/14/09 4:19 PM >>> > Thanks for that. I'm going to start work on it after the weekend. > Expect email asking for help :) > > Sent from my iPhone > > On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" > wrote: > >> Darn. Here I'd always hoped that some funky set of ACLs could >> prevent the problem. We have a problem where students move >> applications onto their desktops when trying to put it on their Dock >> (and then we get complains that the app is not installed, or that >> users (inexplicably) can not log into network accounts with a .app >> on the desktop.) >> >> If you are serious about writing a launchd item, and especially if >> your running all Leopard, there is a python application called >> crankd that can install hooks into system events (like filesystem >> activity, network transitions, and such) and call your code when it >> happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ >> is a place to start looking. I think it might be easier to work >> with than launchd. >> >> If you do come up with something, I'd appreciate it if you'd share. >> >> Cheers, >> Clinton Blackmore >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/ec466cc4/attachment.htm From tlarki at kckps.org Wed Feb 18 07:09:48 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 18 Feb 2009 09:09:48 -0600 Subject: [Casper] deploying ARD Admin Message-ID: <499BD05C.7141.0039.0@kckps.org> We have had our fair share of problems with ARD admin. I have written a script that completely removes all components of ARD admin. I also find a nice little app that will copy all your saved files and preferences of ARD admin. So you can set up ARD admin exactly how you want to, then use this little app to capture your scanners, custom saved scripts, send unix commands, smart lists, etc. So you can create a nice deployment package and a reinstall package via Casper Here goes the app to create the back ups, and it is 100% free http://jenniferandjon.com/software/index.php?main_page=document_product_info&cPath=65&products_id=185 ( http://jenniferandjon.com/software/index.php?main_page=document_product_info&cPath=65&products_id=185 ) It is called seize ARD, dumps all your preferences into a plist file you can copy to multiple machines. Here goes the uninstaller script I wrote: http://tlarkin.com/tech/uninstalling-ard-admin So, if you are like us, or many others who I have talked to and your ARD crashes and gets the pinwheel of death. Here is a nice way to back up everything you need, and a script that wipes it out. Furthermore you can drop the ARD installer pkg file into casper admin and deploy it that way as well. We have some Mac Minis out in remote locations that run ARD admin. With all of these tools combined, along with Casper we can now back up how we want ARD admin to be configured, completely wipe it out, reinstall it, and lastly import back in all of our preferred settings. FYI ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/787f720a/attachment.htm From clinton.blackmore at westwind.ab.ca Wed Feb 18 09:28:52 2009 From: clinton.blackmore at westwind.ab.ca (Clinton Blackmore) Date: Wed, 18 Feb 2009 10:28:52 -0700 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: <887A58DD-A8DD-42A4-AA2E-53FDCF0AE293@loyolahs.edu> References: <887A58DD-A8DD-42A4-AA2E-53FDCF0AE293@loyolahs.edu> Message-ID: <8C684671-5115-4B87-8DA7-D099AE1BB26A@westwind.ab.ca> I started seeing if I could figure out how to do this with crankd (which, while it has potential, is still in its infancy and not well documented), and, after getting something together that didn't work, I posted to the pymacadmin site. The thread is here: http://groups.google.com/group/pymacadmin/browse_thread/thread/2c077fcd1ed7361f The last response I got is very worthwhile, so I am sharing it here: On Feb 17, 2009, at 9:54 PM, Clinton Blackmore wrote: > We have some problems when users copy a .app folder to their desktop > when trying to put it on their dock; specifically, this prevents > network users from logging in. Also, I'm aware of another system > administrator who wants to prevents students from copying .apps to > their USB drives. Trying to catch this by watching filesystem events is the wrong approach, you will always be chasing after things. The better approach, at least for users who aren't going to resort to the command line, is to prevent the Finder from copying the apps. There is an easy trick to this: put a folder inside the .app bundles (next to "Contents") that starts with "A" and don't give users read or execute permissions on that folder (I would go with root:wheel:0000). When the Finder enumerates the files it is going to copy it will run into that and stop. This is easy to circumvent by either copying things by opening the .app bundle, or by working on the command line, but it does put up a big enough barrier that most users won't be able to cross it. -- Karl Kuehn lark... at softhome.net On 14-Feb-09, at 3:16 PM, Jeff Strauss wrote: > Thanks for that. I'm going to start work on it after the weekend. > Expect email asking for help :) > > Sent from my iPhone > > On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" > wrote: > >> Darn. Here I'd always hoped that some funky set of ACLs could >> prevent the problem. We have a problem where students move >> applications onto their desktops when trying to put it on their Dock >> (and then we get complains that the app is not installed, or that >> users (inexplicably) can not log into network accounts with a .app >> on the desktop.) >> >> If you are serious about writing a launchd item, and especially if >> your running all Leopard, there is a python application called >> crankd that can install hooks into system events (like filesystem >> activity, network transitions, and such) and call your code when it >> happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ >> is a place to start looking. I think it might be easier to work >> with than launchd. >> >> If you do come up with something, I'd appreciate it if you'd share. >> >> Cheers, >> Clinton Blackmore >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. From jstrauss at loyolahs.edu Wed Feb 18 09:33:36 2009 From: jstrauss at loyolahs.edu (Jeff Strauss) Date: Wed, 18 Feb 2009 09:33:36 -0800 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: <8C684671-5115-4B87-8DA7-D099AE1BB26A@westwind.ab.ca> Message-ID: Funny you should post that. The same user posted the same solution to my question on the MacNN forums yesterday. I'm testing it out today. On 2/18/09 9:28 AM, "Clinton Blackmore" wrote: I started seeing if I could figure out how to do this with crankd (which, while it has potential, is still in its infancy and not well documented), and, after getting something together that didn't work, I posted to the pymacadmin site. The thread is here: http://groups.google.com/group/pymacadmin/browse_thread/thread/2c077fcd1ed7361f The last response I got is very worthwhile, so I am sharing it here: On Feb 17, 2009, at 9:54 PM, Clinton Blackmore wrote: > We have some problems when users copy a .app folder to their desktop > when trying to put it on their dock; specifically, this prevents > network users from logging in. Also, I'm aware of another system > administrator who wants to prevents students from copying .apps to > their USB drives. Trying to catch this by watching filesystem events is the wrong approach, you will always be chasing after things. The better approach, at least for users who aren't going to resort to the command line, is to prevent the Finder from copying the apps. There is an easy trick to this: put a folder inside the .app bundles (next to "Contents") that starts with "A" and don't give users read or execute permissions on that folder (I would go with root:wheel:0000). When the Finder enumerates the files it is going to copy it will run into that and stop. This is easy to circumvent by either copying things by opening the .app bundle, or by working on the command line, but it does put up a big enough barrier that most users won't be able to cross it. -- Karl Kuehn lark... at softhome.net On 14-Feb-09, at 3:16 PM, Jeff Strauss wrote: > Thanks for that. I'm going to start work on it after the weekend. > Expect email asking for help :) > > Sent from my iPhone > > On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" > wrote: > >> Darn. Here I'd always hoped that some funky set of ACLs could >> prevent the problem. We have a problem where students move >> applications onto their desktops when trying to put it on their Dock >> (and then we get complains that the app is not installed, or that >> users (inexplicably) can not log into network accounts with a .app >> on the desktop.) >> >> If you are serious about writing a launchd item, and especially if >> your running all Leopard, there is a python application called >> crankd that can install hooks into system events (like filesystem >> activity, network transitions, and such) and call your code when it >> happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ >> is a place to start looking. I think it might be easier to work >> with than launchd. >> >> If you do come up with something, I'd appreciate it if you'd share. >> >> Cheers, >> Clinton Blackmore >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. Jeffrey A. Strauss Department of Educational Technology Systems Administrator Loyola High School of Los Angeles 1901 Venice Blvd. Los Angeles, Ca 90006 (213) 381-5121 x265 Please consider the environment before printing this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/6be741e7/attachment.htm From clinton.blackmore at westwind.ab.ca Wed Feb 18 09:57:50 2009 From: clinton.blackmore at westwind.ab.ca (Clinton Blackmore) Date: Wed, 18 Feb 2009 10:57:50 -0700 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: References: Message-ID: > Funny you should post that. The same user posted the same solution > to my question on the MacNN forums yesterday. I?m testing it out > today. Fascinating. Please let us know how well it works. (Did you write a script that can be deployed by Casper to do it?) The author who suggested the technique just added that: > Trying to catch this by watching filesystem events is the > wrong > approach, you will always be chasing after things. The better > approach, at least for users who aren't going to resort to the command > line, is to prevent the Finder from copying the apps. There is an easy > trick to this: put a folder inside the .app bundles (next to > "Contents") that starts with "A" and don't give users read or execute > permissions on that folder (I would go with root:wheel:0000). When the > Finder enumerates the files it is going to copy it will run into that > and stop. I did forget to mention that there is one dark side to doing this: it breaks application signing. Apple has only started to use this, so unless you are using MCX to restrict what applications a user can use this will have no effect at the moment (this needs to be reviewed when 10.6 comes out). You can still work with it, you just have to make sure that the application signing happens with your modification in place. For a lab image this should be very doable. -- Karl Kuehn On 18-Feb-09, at 10:33 AM, Jeff Strauss wrote: > Funny you should post that. The same user posted the same solution > to my question on the MacNN forums yesterday. I?m testing it out > today. > > > On 2/18/09 9:28 AM, "Clinton Blackmore" > wrote: > > I started seeing if I could figure out how to do this with crankd > (which, while it has potential, is still in its infancy and not well > documented), and, after getting something together that didn't work, I > posted to the pymacadmin site. The thread is here: http://groups.google.com/group/pymacadmin/browse_thread/thread/2c077fcd1ed7361f > > The last response I got is very worthwhile, so I am sharing it here: > > > On Feb 17, 2009, at 9:54 PM, Clinton Blackmore wrote: > > > We have some problems when users copy a .app folder to their > desktop > > when trying to put it on their dock; specifically, this prevents > > network users from logging in. Also, I'm aware of another system > > administrator who wants to prevents students from copying .apps to > > their USB drives. > > Trying to catch this by watching filesystem events is the > wrong > approach, you will always be chasing after things. The better > approach, at least for users who aren't going to resort to the command > line, is to prevent the Finder from copying the apps. There is an easy > trick to this: put a folder inside the .app bundles (next to > "Contents") that starts with "A" and don't give users read or execute > permissions on that folder (I would go with root:wheel:0000). When the > Finder enumerates the files it is going to copy it will run into that > and stop. > > This is easy to circumvent by either copying things by > opening > the .app bundle, or by working on the command line, but it does put up > a big enough barrier that most users won't be able to cross it. > > -- > Karl Kuehn > lark... at softhome.net > > > On 14-Feb-09, at 3:16 PM, Jeff Strauss wrote: > > > Thanks for that. I'm going to start work on it after the weekend. > > Expect email asking for help :) > > > > Sent from my iPhone > > > > On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" >> wrote: > > > >> Darn. Here I'd always hoped that some funky set of ACLs could > >> prevent the problem. We have a problem where students move > >> applications onto their desktops when trying to put it on their > Dock > >> (and then we get complains that the app is not installed, or that > >> users (inexplicably) can not log into network accounts with a .app > >> on the desktop.) > >> > >> If you are serious about writing a launchd item, and especially if > >> your running all Leopard, there is a python application called > >> crankd that can install hooks into system events (like filesystem > >> activity, network transitions, and such) and call your code when it > >> happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ > >> is a place to start looking. I think it might be easier to work > >> with than launchd. > >> > >> If you do come up with something, I'd appreciate it if you'd share. > >> > >> Cheers, > >> Clinton Blackmore > >> > >> > >> _______________________________________________ > >> Casper mailing list > >> Casper at list.jamfsoftware.com > >> http://list.jamfsoftware.com/mailman/listinfo/casper > > > This email has been scanned by Barracuda Network's Anti-Virus and > Spam Firewall. > > > Jeffrey A. Strauss > Department of Educational Technology > Systems Administrator > Loyola High School of Los Angeles > 1901 Venice Blvd. > Los Angeles, Ca 90006 > (213) 381-5121 x265 > > Please consider the environment before printing this e-mail. > This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/eb0ffcde/attachment.htm From jstrauss at loyolahs.edu Wed Feb 18 10:03:21 2009 From: jstrauss at loyolahs.edu (Jeff Strauss) Date: Wed, 18 Feb 2009 10:03:21 -0800 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: Message-ID: No, what I'm doing now is just adding a folder inside the Office 2008 app folder. I am using MCX to restrict apps, so I'll see how it goes. On 2/18/09 9:57 AM, "Clinton Blackmore" wrote: Funny you should post that. The same user posted the same solution to my question on the MacNN forums yesterday. I'm testing it out today. Fascinating. Please let us know how well it works. (Did you write a script that can be deployed by Casper to do it?) The author who suggested the technique just added that: Trying to catch this by watching filesystem events is the wrong approach, you will always be chasing after things. The better approach, at least for users who aren't going to resort to the command line, is to prevent the Finder from copying the apps. There is an easy trick to this: put a folder inside the .app bundles (next to "Contents") that starts with "A" and don't give users read or execute permissions on that folder (I would go with root:wheel:0000). When the Finder enumerates the files it is going to copy it will run into that and stop. I did forget to mention that there is one dark side to doing this: it breaks application signing. Apple has only started to use this, so unless you are using MCX to restrict what applications a user can use this will have no effect at the moment (this needs to be reviewed when 10.6 comes out). You can still work with it, you just have to make sure that the application signing happens with your modification in place. For a lab image this should be very doable. -- Karl Kuehn On 18-Feb-09, at 10:33 AM, Jeff Strauss wrote: Funny you should post that. The same user posted the same solution to my question on the MacNN forums yesterday. I'm testing it out today. On 2/18/09 9:28 AM, "Clinton Blackmore" wrote: I started seeing if I could figure out how to do this with crankd (which, while it has potential, is still in its infancy and not well documented), and, after getting something together that didn't work, I posted to the pymacadmin site. The thread is here: http://groups.google.com/group/pymacadmin/browse_thread/thread/2c077fcd1ed7361f The last response I got is very worthwhile, so I am sharing it here: On Feb 17, 2009, at 9:54 PM, Clinton Blackmore wrote: > We have some problems when users copy a .app folder to their desktop > when trying to put it on their dock; specifically, this prevents > network users from logging in. Also, I'm aware of another system > administrator who wants to prevents students from copying .apps to > their USB drives. Trying to catch this by watching filesystem events is the wrong approach, you will always be chasing after things. The better approach, at least for users who aren't going to resort to the command line, is to prevent the Finder from copying the apps. There is an easy trick to this: put a folder inside the .app bundles (next to "Contents") that starts with "A" and don't give users read or execute permissions on that folder (I would go with root:wheel:0000). When the Finder enumerates the files it is going to copy it will run into that and stop. This is easy to circumvent by either copying things by opening the .app bundle, or by working on the command line, but it does put up a big enough barrier that most users won't be able to cross it. -- Karl Kuehn lark... at softhome.net On 14-Feb-09, at 3:16 PM, Jeff Strauss wrote: > Thanks for that. I'm going to start work on it after the weekend. > Expect email asking for help :) > > Sent from my iPhone > > On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" > wrote: > >> Darn. Here I'd always hoped that some funky set of ACLs could >> prevent the problem. We have a problem where students move >> applications onto their desktops when trying to put it on their Dock >> (and then we get complains that the app is not installed, or that >> users (inexplicably) can not log into network accounts with a .app >> on the desktop.) >> >> If you are serious about writing a launchd item, and especially if >> your running all Leopard, there is a python application called >> crankd that can install hooks into system events (like filesystem >> activity, network transitions, and such) and call your code when it >> happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ >> is a place to start looking. I think it might be easier to work >> with than launchd. >> >> If you do come up with something, I'd appreciate it if you'd share. >> >> Cheers, >> Clinton Blackmore >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. Jeffrey A. Strauss Department of Educational Technology Systems Administrator Loyola High School of Los Angeles 1901 Venice Blvd. Los Angeles, Ca 90006 (213) 381-5121 x265 Please consider the environment before printing this e-mail. Jeffrey A. Strauss Department of Educational Technology Systems Administrator Loyola High School of Los Angeles 1901 Venice Blvd. Los Angeles, Ca 90006 (213) 381-5121 x265 Please consider the environment before printing this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/7f188722/attachment.html From Jason.Weber at district196.org Wed Feb 18 10:12:15 2009 From: Jason.Weber at district196.org (Weber, Jason) Date: Wed, 18 Feb 2009 12:12:15 -0600 Subject: [Casper] Creating Boot Camp Installer via Casper Message-ID: I am currently trying to setup a BootCamp install configuration within Casper, so I can easily deploy Windows in a dual boot config on our Macs.. I have been reading through the Resource Kit, and it's not looking all too bad, however I do have a few questions so hopefully a few of you Casper veteran's can give me a hand.. So far I have setup BootCamp and setup a test Windows config on a machine. I then ran sysprep, and have shutdown the Windows side.. So far so good.. At this point the directions say to boot back to the Mac side and install ntfsprogs (which I have downloaded..) My first question is how or what do I need to do, to configure this file, and what exactly is this doing? My second question (which I'm guessing doesn't come into play for a few more steps but I'll ask anyway!), is at which point do I install the sysprep.inf file to auto configure the Windows settings. Also how would I install/inject that file via Casper?? Any help (or other pointers I need to know) is greatly appreciated! Jason Weber Technology Support Cluster Specialist Independent School District 196 jason.weber at district196.org (952)-423-7974 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/49d82ac8/attachment.htm From mahughe at kckps.org Wed Feb 18 10:19:28 2009 From: mahughe at kckps.org (Mark Hughes) Date: Wed, 18 Feb 2009 12:19:28 -0600 Subject: [Casper] deploying ARD Admin Message-ID: <499BFCD0020000A30000C210@gwoes4.kckps.org> good find....didn't think about the mini's out in the Middle Schools... Mark Hughes, Apple Technician TIS Department, KCKPS USD500 Cell 913-449-7791 mahughe at kckps.org >>> "Thomas Larkin" 02/18/09 9:13 AM >>> We have had our fair share of problems with ARD admin. I have written a script that completely removes all components of ARD admin. I also find a nice little app that will copy all your saved files and preferences of ARD admin. So you can set up ARD admin exactly how you want to, then use this little app to capture your scanners, custom saved scripts, send unix commands, smart lists, etc. So you can create a nice deployment package and a reinstall package via Casper Here goes the app to create the back ups, and it is 100% free http://jenniferandjon.com/software/index.php?main_page=document_product_info&cPath=65&products_id=185 ( http://jenniferandjon.com/software/index.php?main_page=document_product_info&cPath=65&products_id=185 ) It is called seize ARD, dumps all your preferences into a plist file you can copy to multiple machines. Here goes the uninstaller script I wrote: http://tlarkin.com/tech/uninstalling-ard-admin So, if you are like us, or many others who I have talked to and your ARD crashes and gets the pinwheel of death. Here is a nice way to back up everything you need, and a script that wipes it out. Furthermore you can drop the ARD installer pkg file into casper admin and deploy it that way as well. We have some Mac Minis out in remote locations that run ARD admin. With all of these tools combined, along with Casper we can now back up how we want ARD admin to be configured, completely wipe it out, reinstall it, and lastly import back in all of our preferred settings. FYI ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 From Brooks.B.Patton at nasa.gov Wed Feb 18 10:20:28 2009 From: Brooks.B.Patton at nasa.gov (Brooks Patton) Date: Wed, 18 Feb 2009 10:20:28 -0800 Subject: [Casper] Uninstalling jamf from host Message-ID: <9A4B9E4F-F11F-4FDB-867C-ABA2B5A2EB35@nasa.gov> We are currently having some issues with host systems (intel running 10.5.6) that are freezing when casper runs inventory or other ongoing policies. Looking at the log we see: Feb 17 17:00:00 mac1064 com.apple.launchd[1] (com.jamfsoftware.task.enforceRestrictedSoftware): Throttling respawn: Will start in 9 seconds Before we whitelist the user we would like to try completely removing jamf from the system and then reinstall it. Is there an official method for removing the agent? If not does anybody have any recommendations for how to do this? Thanks, Brooks Patton NASA Advanced Supercomputing (650) 604-3967 From ktrampe at basd.k12.wi.us Wed Feb 18 10:36:19 2009 From: ktrampe at basd.k12.wi.us (Kerry Trampe) Date: Wed, 18 Feb 2009 12:36:19 -0600 Subject: [Casper] Uninstalling jamf from host In-Reply-To: <9A4B9E4F-F11F-4FDB-867C-ABA2B5A2EB35@nasa.gov> References: <9A4B9E4F-F11F-4FDB-867C-ABA2B5A2EB35@nasa.gov> Message-ID: <980742DA-84C1-44F7-8EE2-17A41B7BB2D0@basd.k12.wi.us> Hey Brooks, I recently ran into a similar issue and wanted to completely remove it as well. Here's the link support sent me: http://www.jamfsoftware.com/kb/article.php?id=038 Good luck! Kerry Trampe BASD Network Admin On Feb 18, 2009, at 12:20 PM, Brooks Patton wrote: > We are currently having some issues with host systems (intel running > 10.5.6) that are freezing when casper runs inventory or other ongoing > policies. Looking at the log we see: > > Feb 17 17:00:00 mac1064 com.apple.launchd[1] > (com.jamfsoftware.task.enforceRestrictedSoftware): Throttling respawn: > Will start in 9 seconds > > Before we whitelist the user we would like to try completely removing > jamf from the system and then reinstall it. > > Is there an official method for removing the agent? If not does > anybody have any recommendations for how to do this? > > Thanks, > > > Brooks Patton > NASA Advanced Supercomputing > (650) 604-3967 > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper From tlarki at kckps.org Wed Feb 18 10:37:05 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 18 Feb 2009 12:37:05 -0600 Subject: [Casper] Creating Boot Camp Installer via Casper In-Reply-To: References: Message-ID: <499C00F0.7141.0039.0@kckps.org> I will try to answer your questions below in bold text ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Weber, Jason" 02/18/09 12:12 PM >>> I am currently trying to setup a BootCamp install configuration within Casper, so I can easily deploy Windows in a dual boot config on our Macs.. I have been reading through the Resource Kit, and it?s not looking all too bad, however I do have a few questions so hopefully a few of you Casper veteran?s can give me a hand.. So far I have setup BootCamp and setup a test Windows config on a machine. I then ran sysprep, and have shutdown the Windows side.. So far so good.. At this point the directions say to boot back to the Mac side and install ntfsprogs (which I have downloaded..) My first question is how or what do I need to do, to configure this file, and what exactly is this doing? The NTFS.progs file is a binary that lest you read/write NTFS partitions from the Mac side. What the script does, is it runs as a post image script, so it will copy the image down after OS X is imaged. You also need the gtprefresh file too, and you can drop it into yours standard $PATH, I put it in /usr/sbin for my image. You also use their script to create the image from with in OS X, so you need those tools. My second question (which I?m guessing doesn?t come into play for a few more steps but I?ll ask anyway!), is at which point do I install the sysprep.inf file to auto configure the Windows settings. Also how would I install/inject that file via Casper?? You run sysprep after your windows image is complete, and it will seal the windows image. You want to have that ini file on the windows partition it will read it when it runs set up after imaging it. I will toss out a big hint right here. If you aren't running Microsoft networking clients and are running something like Novell instead. You can totally get rid of the MS networking client and not have to run sys prep since Novell doesn't care about duplicate computer names. Saved me a lot of hassle when we did our dual boot imaging. Any help (or other pointers I need to know) is greatly appreciated! Create your windows image, then seal it with sys prep, then boot off the Windows CD and boot into recovery console, run a chkdsk /r which will verify and fix any file system problems it may detect. This could also reduce your image size. When I was doing my trial images last summer I ran a chkdsk /r on it trying to troubleshoot some issue I was having and it shaved off about 2 gigs of crap off my windows image. Jason Weber Technology Support Cluster Specialist Independent School District 196 jason.weber at district196.org (952)-423-7974 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/5d9efd56/attachment.htm From NATHANIEL.LINDLEY at spps.org Wed Feb 18 10:46:53 2009 From: NATHANIEL.LINDLEY at spps.org (NATHANIEL.LINDLEY at spps.org) Date: Wed, 18 Feb 2009 12:46:53 -0600 Subject: [Casper] Creating Boot Camp Installer via Casper In-Reply-To: <499C00F0.7141.0039.0@kckps.org> Message-ID: In response to Tom's last comment about booting finished Windows image to CD then running CHKDSK /R, that sounds like a good idea. I've always hated how large the WINXPSP3 images were, especially with the pagefile.sys in there. Will this get rid of that, too? On another note, I also make a WinClone image of our WXP images so a tech can restore those one at a time without Casper or if it is a custom Windows image for a lab or something. Throw WinClone on the NetBoot image and we're good there. Often our teachers will wreck one OS side of their laptop but not both. Nathaniel Lindley ++++++++++++++++++ Educational Technology Saint Paul Public Schools Saint Paul, Minnesota nathaniel.lindley at spps.org phone: 651-248-6861 "Thomas Larkin" Sent by: casper-bounces at list.jamfsoftware.com 02/18/09 12:30 PM To "Jason Weber" , cc Subject Re: [Casper] Creating Boot Camp Installer via Casper I will try to answer your questions below in bold text ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Weber, Jason" 02/18/09 12:12 PM >>> I am currently trying to setup a BootCamp install configuration within Casper, so I can easily deploy Windows in a dual boot config on our Macs.. I have been reading through the Resource Kit, and it?s not looking all too bad, however I do have a few questions so hopefully a few of you Casper veteran?s can give me a hand.. So far I have setup BootCamp and setup a test Windows config on a machine. I then ran sysprep, and have shutdown the Windows side.. So far so good.. At this point the directions say to boot back to the Mac side and install ntfsprogs (which I have downloaded..) My first question is how or what do I need to do, to configure this file, and what exactly is this doing? The NTFS.progs file is a binary that lest you read/write NTFS partitions from the Mac side. What the script does, is it runs as a post image script, so it will copy the image down after OS X is imaged. You also need the gtprefresh file too, and you can drop it into yours standard $PATH, I put it in /usr/sbin for my image. You also use their script to create the image from with in OS X, so you need those tools. My second question (which I?m guessing doesn?t come into play for a few more steps but I?ll ask anyway!), is at which point do I install the sysprep.inf file to auto configure the Windows settings. Also how would I install/inject that file via Casper?? You run sysprep after your windows image is complete, and it will seal the windows image. You want to have that ini file on the windows partition it will read it when it runs set up after imaging it. I will toss out a big hint right here. If you aren't running Microsoft networking clients and are running something like Novell instead. You can totally get rid of the MS networking client and not have to run sys prep since Novell doesn't care about duplicate computer names. Saved me a lot of hassle when we did our dual boot imaging. Any help (or other pointers I need to know) is greatly appreciated! Create your windows image, then seal it with sys prep, then boot off the Windows CD and boot into recovery console, run a chkdsk /r which will verify and fix any file system problems it may detect. This could also reduce your image size. When I was doing my trial images last summer I ran a chkdsk /r on it trying to troubleshoot some issue I was having and it shaved off about 2 gigs of crap off my windows image. Jason Weber Technology Support Cluster Specialist Independent School District 196 jason.weber at district196.org (952)-423-7974 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/f9bdc949/attachment.html From detroye1 at apple.com Wed Feb 18 11:09:44 2009 From: detroye1 at apple.com (John DeTroye) Date: Wed, 18 Feb 2009 12:09:44 -0700 Subject: [Casper] Prohibit copying from /Applications In-Reply-To: References: Message-ID: Just to make sure there isn't -yet more- confusion, here's the skinny on application management using MCX (from my Tips doc - p. 32): d. Applications Management and control over applications has improved radically since Tiger. Whereas before, a user could drag an application into their home directory and alter it to bypass restrictions, and where schools had to totally disable Dashboard to stop users from running unapproved Widgets, Leopard MCX has much better control. 1. Applications themselves There are two different settings for application management, one is the ability to digitally sign applications to keep them from becoming altered. While this is a great setting, it does not provide application restrictions. The setting is missing the ability to set ?don?t allow anything but signed apps to run? or something to that effect. This renders the signing ineffective as a control mechanism. What works best for application management is path or folder restriction. You can set the locations where applications are allowed to run, and locations that are forbidden. (Picture here of the allowed being /Applications and /Library, disallowed being things like ~/) The idea here is that the default Applications folder is safe, and the /Library folder often contains sub-launched apps needed by mainstream ones. The user does not have permission to mess with either of these folders. You could further restrict /Library by designating just the Application Support folder. I found that a few sys admin apps, such as Sassafras? K2 tools need to run as a user task from / Library itself. Note that the user?s homedir is not allowed - so even if someone downloads an application to their home, they can?t launch it. You could also deny use of Installer. While the dialog box says ?Folders?, what it really means is the path. This means that you can add the path directly to an application as denied. The rules work like a firewall; so denies always win, and you can allow an app inside a denied folder - except - if you add the application to the ?Applications? pane, it can be launched anywhere, including from inside the user?s home directory. johnd -- John DeTroye Email: johnd at apple.com Sr. Consulting Engineer Systems Management Specialist Apple - Education iChat: johnd at mac.com Systems Management Guide - http://www.apple.com/education/go/sysmgmt/ Tips and Tricks Docs - http://web.me.com/johnd/ -- On Feb 18, 2009, at 11:03 AM, Jeff Strauss wrote: > No, what I?m doing now is just adding a folder inside the Office > 2008 app folder. I am using MCX to restrict apps, so I?ll see how it > goes. > > > On 2/18/09 9:57 AM, "Clinton Blackmore" > wrote: > > Funny you should post that. The same user posted the same solution > to my question on the MacNN forums yesterday. I?m testing it out > today. > > Fascinating. Please let us know how well it works. (Did you write > a script that can be deployed by Casper to do it?) > > > The author who suggested the technique just added that: > > Trying to catch this by watching filesystem events is the > wrong > approach, you will always be chasing after things. The better > approach, at least for users who aren't going to resort to the command > line, is to prevent the Finder from copying the apps. There is an easy > trick to this: put a folder inside the .app bundles (next to > "Contents") that starts with "A" and don't give users read or execute > permissions on that folder (I would go with root:wheel:0000). When the > Finder enumerates the files it is going to copy it will run into that > and stop. > > I did forget to mention that there is one dark side to doing this: it > breaks application signing. Apple has only started to use this, so > unless you are using MCX to restrict what applications a user can use > this will have no effect at the moment (this needs to be reviewed when > 10.6 comes out). You can still work with it, you just have to make > sure that the application signing happens with your modification in > place. For a lab image this should be very doable. > > -- > Karl Kuehn > > > On 18-Feb-09, at 10:33 AM, Jeff Strauss wrote: > > Funny you should post that. The same user posted the same solution > to my question on the MacNN forums yesterday. I?m testing it out > today. > > > On 2/18/09 9:28 AM, "Clinton Blackmore" > wrote: > > > I started seeing if I could figure out how to do this with crankd > (which, while it has potential, is still in its infancy and not well > documented), and, after getting something together that didn't > work, I > posted to the pymacadmin site. The thread is here: http://groups.google.com/group/pymacadmin/browse_thread/thread/2c077fcd1ed7361f > > The last response I got is very worthwhile, so I am sharing it here: > > > On Feb 17, 2009, at 9:54 PM, Clinton Blackmore wrote: > > > We have some problems when users copy a .app folder to their > desktop > > when trying to put it on their dock; specifically, this prevents > > network users from logging in. Also, I'm aware of another system > > administrator who wants to prevents students from copying .apps to > > their USB drives. > > Trying to catch this by watching filesystem events is the > wrong > approach, you will always be chasing after things. The better > approach, at least for users who aren't going to resort to the > command > line, is to prevent the Finder from copying the apps. There is an > easy > trick to this: put a folder inside the .app bundles (next to > "Contents") that starts with "A" and don't give users read or execute > permissions on that folder (I would go with root:wheel:0000). When > the > Finder enumerates the files it is going to copy it will run into that > and stop. > > This is easy to circumvent by either copying things by > opening > the .app bundle, or by working on the command line, but it does put > up > a big enough barrier that most users won't be able to cross it. > > -- > Karl Kuehn > lark... at softhome.net > > > On 14-Feb-09, at 3:16 PM, Jeff Strauss wrote: > > > Thanks for that. I'm going to start work on it after the weekend. > > Expect email asking for help :) > > > > Sent from my iPhone > > > > On Feb 14, 2009, at 2:17 PM, "clinton.blackmore" >> wrote: > > > >> Darn. Here I'd always hoped that some funky set of ACLs could > >> prevent the problem. We have a problem where students move > >> applications onto their desktops when trying to put it on their > Dock > >> (and then we get complains that the app is not installed, or that > >> users (inexplicably) can not log into network accounts with a .app > >> on the desktop.) > >> > >> If you are serious about writing a launchd item, and especially if > >> your running all Leopard, there is a python application called > >> crankd that can install hooks into system events (like filesystem > >> activity, network transitions, and such) and call your code when > it > >> happens. I don't know a lot about it, but http://code.google.com/p/pymacadmin/ > >> is a place to start looking. I think it might be easier to work > >> with than launchd. > >> > >> If you do come up with something, I'd appreciate it if you'd > share. > >> > >> Cheers, > >> Clinton Blackmore > >> > >> > >> _______________________________________________ > >> Casper mailing list > >> Casper at list.jamfsoftware.com > >> http://list.jamfsoftware.com/mailman/listinfo/casper > > > This email has been scanned by Barracuda Network's Anti-Virus and > Spam Firewall. > > > > Jeffrey A. Strauss > Department of Educational Technology > Systems Administrator > Loyola High School of Los Angeles > 1901 Venice Blvd. > Los Angeles, Ca 90006 > (213) 381-5121 x265 > > Please consider the environment before printing this e-mail. > > > > > > > Jeffrey A. Strauss > Department of Educational Technology > Systems Administrator > Loyola High School of Los Angeles > 1901 Venice Blvd. > Los Angeles, Ca 90006 > (213) 381-5121 x265 > > Please consider the environment before printing this e-mail. > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/771b32ea/attachment.html From miles.leacy at themacadmin.com Wed Feb 18 11:44:18 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Wed, 18 Feb 2009 14:44:18 -0500 Subject: [Casper] KVMs Message-ID: Sorry for the off-topic post, but I figured that this is a group that would have some information and opinions on the subject. I have inherited some aging data centers, and I'm trying to update them. Do you have a brand/model of rackmount, Xserve friendly KVM that you consider to be "best of breed"? Please reply off-list. I'll gladly share any gathered info with interested parties, I just want to avoid spamming the list. Thanks, ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/054ff6b9/attachment.htm From tlarki at kckps.org Wed Feb 18 11:55:23 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 18 Feb 2009 13:55:23 -0600 Subject: [Casper] Creating Boot Camp Installer via Casper In-Reply-To: References: <499C00F0.7141.0039.0@kckps.org> Message-ID: <499C134B.7141.0039.0@kckps.org> I have used winclone in the past and you can actually deploy it via ARD Admin if you want. I have never tried it, but there is a document floating around the interwebs with a how to guideline to do so. However, I can use casper remote and ARD admin to reinstall windows, and just Windows itself. The install script actually will pull the windows down from the casper share. You can log in as local admin, run disk utility and wipe out the windwos partition and resize the volume so it is all one HD, then run the script. It will, resize and pull down the image immediately and you don't have to mess with winclone. When I was troubleshooting some issues we had with our dual boot imaging set up, I would run the Windows image script manually from the local admin account and watch what it did line by line in terminal to show me what was going on. So, you could easily use casper remote to mount the casper share, and then run the script, but you would need to get rid of the current windows partition since the script is reliant on what disk slice to use. You could also do that via a script. Winclone, however, is a nice and free tool. So I suggest you try it out. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> 02/18/09 12:46 PM >>> In response to Tom's last comment about booting finished Windows image to CD then running CHKDSK /R, that sounds like a good idea. I've always hated how large the WINXPSP3 images were, especially with the pagefile.sys in there. Will this get rid of that, too? On another note, I also make a WinClone image of our WXP images so a tech can restore those one at a time without Casper or if it is a custom Windows image for a lab or something. Throw WinClone on the NetBoot image and we're good there. Often our teachers will wreck one OS side of their laptop but not both. Nathaniel Lindley ++++++++++++++++++ Educational Technology Saint Paul Public Schools Saint Paul, Minnesota nathaniel.lindley at spps.org phone: 651-248-6861 "Thomas Larkin" Sent by: casper-bounces at list.jamfsoftware.com 02/18/09 12:30 PM To "Jason Weber" , cc Subject Re: [Casper] Creating Boot Camp Installer via Casper I will try to answer your questions below in bold text ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Weber, Jason" 02/18/09 12:12 PM >>> I am currently trying to setup a BootCamp install configuration within Casper, so I can easily deploy Windows in a dual boot config on our Macs.. I have been reading through the Resource Kit, and it?s not looking all too bad, however I do have a few questions so hopefully a few of you Casper veteran?s can give me a hand.. So far I have setup BootCamp and setup a test Windows config on a machine. I then ran sysprep, and have shutdown the Windows side.. So far so good.. At this point the directions say to boot back to the Mac side and install ntfsprogs (which I have downloaded..) My first question is how or what do I need to do, to configure this file, and what exactly is this doing? The NTFS.progs file is a binary that lest you read/write NTFS partitions from the Mac side. What the script does, is it runs as a post image script, so it will copy the image down after OS X is imaged. You also need the gtprefresh file too, and you can drop it into yours standard $PATH, I put it in /usr/sbin for my image. You also use their script to create the image from with in OS X, so you need those tools. My second question (which I?m guessing doesn?t come into play for a few more steps but I?ll ask anyway!), is at which point do I install the sysprep.inf file to auto conYou run sysprep after your windows image is complete, and it will seal the windows image. You want to have that ini file on the windows partition it will read it when it runs set up after imaging it. I will toss out a big hint right here. If you aren't running Microsoft networking clients and are running something like Novell instead. You can totally get rid of the MS networking client and not have to run sys prep since Novell doesn't care about duplicate computer names. Saved me a lot of hassle when we did our dual boot imaging. Any help (or other pointers I need to know) is greatly appreciated! Create your windows image, then seal it with sys prep, then boot off the Windows CD and boot into recovery console, run a chkdsk /r which will verify and fix any file system problems it may detect. This could also reduce your image size. When I was doing my trial images last summer I ran a chkdsk /r on it trying to troubleshoot some issue I was having and it shaved off about 2 gigs of crap off my windows image. Jason Weber Technology Support Cluster Specialist Independent School District 196 jason.weber at district196.org (952)-423-7974 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/e47f7e3c/attachment.html From tlarki at kckps.org Wed Feb 18 14:55:39 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Wed, 18 Feb 2009 16:55:39 -0600 Subject: [Casper] Uninstalling jamf from host In-Reply-To: <980742DA-84C1-44F7-8EE2-17A41B7BB2D0@basd.k12.wi.us> References: <9A4B9E4F-F11F-4FDB-867C-ABA2B5A2EB35@nasa.gov> <980742DA-84C1-44F7-8EE2-17A41B7BB2D0@basd.k12.wi.us> Message-ID: <499C3D8A.7141.0039.0@kckps.org> I am imaging about 30 machines right now so nothing to do while the progress bar moves across. I got bored, saw this on the mailing list, and compiled a quick uninstall script. I tested it and it removed the files from the casper client and the commands were gone, I also added in some information about what you do with the client machine after removing the casper client. I also then used quickadd.pkg to put the package back on. So here you go everyone, an uninstall script. Please use at your own risk and feedback positive or negative is good always. Maybe I'll publish this on my website.. when I get around to doing all my casper docs I want to publish. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Kerry Trampe 02/18/09 12:36 PM >>> Hey Brooks, I recently ran into a similar issue and wanted to completely remove it as well. Here's the link support sent me: http://www.jamfsoftware.com/kb/article.php?id=038 ( http://www.jamfsoftware.com/kb/article.php?id=038 ) Good luck! Kerry Trampe BASD Network Admin On Feb 18, 2009, at 12:20 PM, Brooks Patton wrote: > We are currently having some issues with host systems (intel running > 10.5.6) that are freezing when casper runs inventory or other ongoing > policies. Looking at the log we see: > > Feb 17 17:00:00 mac1064 com.apple.launchd[1] > (com.jamfsoftware.task.enforceRestrictedSoftware): Throttling respawn: > Will start in 9 seconds > > Before we whitelist the user we would like to try completely removing > jamf from the system and then reinstall it. > > Is there an official method for removing the agent? If not does > anybody have any recommendations for how to do this? > > Thanks, > > > Brooks Patton > NASA Advanced Supercomputing > (650) 604-3967 > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/166f36cf/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: remove_jamf.sh.zip Type: application/zip Size: 1496 bytes Desc: PKZIP (compressed) files Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090218/166f36cf/attachment.zip From jared.nichols at ll.mit.edu Thu Feb 19 05:53:01 2009 From: jared.nichols at ll.mit.edu (Nichols, Jared) Date: Thu, 19 Feb 2009 08:53:01 -0500 Subject: [Casper] Self Service network port Message-ID: Hi- I was looking over this article: http://www.jamfsoftware.com/kb/article.php?id=034 I noticed that it doesn't mention specifically what port Self Service uses to communicate with the JSS. I'm assuming that since it's using HTTP rendering for most of that, it's using 8443 since I have SSL enabled on the server. Is this correct? I assume that the transfer of the package itself occurs over AFP. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/67be2bb0/attachment.htm From ERNSTCS at uwec.edu Thu Feb 19 06:29:21 2009 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Thu, 19 Feb 2009 08:29:21 -0600 Subject: [Casper] Self Service network port In-Reply-To: Message-ID: You are correct if you are using secure connections, 8443. The transfer itself can happen over AFP, but it can also happen via port 80 if you have web enabled distribution points. Craig E On 2/19/09 7:53 AM, "Nichols, Jared" wrote: Hi- I was looking over this article: http://www.jamfsoftware.com/kb/article.php?id=034 I noticed that it doesn't mention specifically what port Self Service uses to communicate with the JSS. I'm assuming that since it's using HTTP rendering for most of that, it's using 8443 since I have SSL enabled on the server. Is this correct? I assume that the transfer of the package itself occurs over AFP. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/631f77e5/attachment.htm From jared.nichols at ll.mit.edu Thu Feb 19 06:10:24 2009 From: jared.nichols at ll.mit.edu (Nichols, Jared) Date: Thu, 19 Feb 2009 09:10:24 -0500 Subject: [Casper] 10.4 vs 10.5 server for test environment Message-ID: Hi- I'm going to be setting up a test environment on a second xserve. Basically, another JSS. 2 questions about this: 1. The hardware I have available has 10.4 server on it. Is there that much of a difference, that I should go with the cost of upgrading to 10.5 on that box when it comes to the JSS? 2. Related, if there is a big enough difference, instead of purchasing another copy of 10.5 server, is there a way to set up a second instance of the JSS (the test JSS) on the same box as my prod JSS? Related note, my NICs are teamed. I know this is likely not recommended, but I'm curious anyway. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/061af7b3/attachment.html From ERNSTCS at uwec.edu Thu Feb 19 06:37:59 2009 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Thu, 19 Feb 2009 08:37:59 -0600 Subject: [Casper] 10.4 vs 10.5 server for test environment In-Reply-To: Message-ID: My test environment is a G5 tower running Tiger Server. Works great. I attempted to use Parallels server for my test environment Leopard server, but performance was an issue for some reason (haven't gotten back around to that yet), and this wasn't even on the same Xserve as my main JSS. In production I used teamed NICs on my Xserve. I don't think it's convenient or even easy/possible to run a second instance of the JSS on the same system without some heavy modification. Craig E On 2/19/09 8:10 AM, "Nichols, Jared" wrote: Hi- I'm going to be setting up a test environment on a second xserve. Basically, another JSS. 2 questions about this: 1. The hardware I have available has 10.4 server on it. Is there that much of a difference, that I should go with the cost of upgrading to 10.5 on that box when it comes to the JSS? 2. Related, if there is a big enough difference, instead of purchasing another copy of 10.5 server, is there a way to set up a second instance of the JSS (the test JSS) on the same box as my prod JSS? Related note, my NICs are teamed. I know this is likely not recommended, but I'm curious anyway. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/ff9096ad/attachment.htm From CMyers at uclan.ac.uk Thu Feb 19 06:44:58 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Thu, 19 Feb 2009 14:44:58 +0000 Subject: [Casper] 10.4 vs 10.5 server for test environment In-Reply-To: References: Message-ID: <499D706A.BB96.0081.0@uclan.ac.uk> I would think that since the JSS uses MYSQL and Tomcat that using 10.4 wouldnt be an issue My test and live is very similar so that i can full replicate the live environment, My test lab is a dual core 2.0ghz XServe with 2gb ram and bonded NIC's with 10.5.6 My live server (ATM) is a quad core 2.8ghz XServe with 32gb ram and bonded NIC's with 10.5.6 But i have 2 new 8 core 3ghz XServe with 32gb of ram and fiber channel cards and 10.5.6 which i will soon be testing for performance on fiber over ethernet As the JSS uses MYSQL and Tomcat i would think it very difficult to have 2 mysql databases on the 1 server, ud have to make a virtual server then i guess it would be possible to have as many as you need for different domains, but im not a mysql expert, the web side would be easy but not sure about the mysql side Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Thu, Feb 19, 2009 at 2:10 PM, in message , "Nichols, Jared" wrote: Hi- I?m going to be setting up a test environment on a second xserve. Basically, another JSS. 2 questions about this: The hardware I have available has 10.4 server on it. Is there that much of a difference, that I should go with the cost of upgrading to 10.5 on that box when it comes to the JSS? Related, if there is a big enough difference, instead of purchasing another copy of 10.5 server, is there a way to set up a second instance of the JSS (the test JSS) on the same box as my prod JSS? Related note, my NICs are teamed. I know this is likely not recommended, but I?m curious anyway. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/fc01a344/attachment.htm From CMyers at uclan.ac.uk Thu Feb 19 06:52:19 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Thu, 19 Feb 2009 14:52:19 +0000 Subject: [Casper] 10.4 vs 10.5 server for test environment In-Reply-To: References: Message-ID: <499D7223.BB96.0081.0@uclan.ac.uk> What would happen if you create 2 domain entries with different ip's hosted them on the same server, youd have jss1.mydomain.com and jss2.mydomain.com and have two different ip's resolving via your dns Then using the JSS Setup utility connected to jss1 and installed the JSS and then conencted to jss2 and installed a second JSS Both would be hosted on your server via the same NIC but have different databases under different domains and ip's ???? Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Thu, Feb 19, 2009 at 2:37 PM, in message , "Ernst, Craig S." wrote: My test environment is a G5 tower running Tiger Server. Works great. I attempted to use Parallels server for my test environment Leopard server, but performance was an issue for some reason (haven?t gotten back around to that yet), and this wasn?t even on the same Xserve as my main JSS. In production I used teamed NICs on my Xserve. I don?t think it?s convenient or even easy/possible to run a second instance of the JSS on the same system without some heavy modification. Craig E On 2/19/09 8:10 AM, "Nichols, Jared" wrote: Hi- I?m going to be setting up a test environment on a second xserve. Basically, another JSS. 2 questions about this: The hardware I have available has 10.4 server on it. Is there that much of a difference, that I should go with the cost of upgrading to 10.5 on that box when it comes to the JSS? Related, if there is a big enough difference, instead of purchasing another copy of 10.5 server, is there a way to set up a second instance of the JSS (the test JSS) on the same box as my prod JSS? Related note, my NICs are teamed. I know this is likely not recommended, but I?m curious anyway. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/74650df3/attachment.htm From ERNSTCS at uwec.edu Thu Feb 19 06:54:34 2009 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Thu, 19 Feb 2009 08:54:34 -0600 Subject: [Casper] 10.4 vs 10.5 server for test environment In-Reply-To: Message-ID: My test environment is a G5 tower running Tiger Server. Works great. I attempted to use Parallels server for my test environment Leopard server, but performance was an issue for some reason (haven't gotten back around to that yet), and this wasn't even on the same Xserve as my main JSS. In production I used teamed NICs on my Xserve. I don't think it's convenient or even easy/possible to run a second instance of the JSS on the same system without some heavy modification. Craig E On 2/19/09 8:10 AM, "Nichols, Jared" wrote: Hi- I'm going to be setting up a test environment on a second xserve. Basically, another JSS. 2 questions about this: 1. The hardware I have available has 10.4 server on it. Is there that much of a difference, that I should go with the cost of upgrading to 10.5 on that box when it comes to the JSS? 2. Related, if there is a big enough difference, instead of purchasing another copy of 10.5 server, is there a way to set up a second instance of the JSS (the test JSS) on the same box as my prod JSS? Related note, my NICs are teamed. I know this is likely not recommended, but I'm curious anyway. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/9d123922/attachment.html From ERNSTCS at uwec.edu Thu Feb 19 06:57:25 2009 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Thu, 19 Feb 2009 08:57:25 -0600 Subject: [Casper] 10.4 vs 10.5 server for test environment In-Reply-To: <499D7223.BB96.0081.0@uclan.ac.uk> Message-ID: The issue is the name of the database and how the components connect to it. The database is jamfsoftware, you need to be able to change everything that points to that to a second database with a different name. I personally would never want to mix test and production on the same box regardless of whether or not it's possible, with the exception of if the second instance was virtualized. Craig E On 2/19/09 8:52 AM, "Criss Myers" wrote: What would happen if you create 2 domain entries with different ip's hosted them on the same server, youd have jss1.mydomain.com and jss2.mydomain.com and have two different ip's resolving via your dns Then using the JSS Setup utility connected to jss1 and installed the JSS and then conencted to jss2 and installed a second JSS Both would be hosted on your server via the same NIC but have different databases under different domains and ip's ???? Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Thu, Feb 19, 2009 at 2:37 PM, in message , "Ernst, Craig S." wrote: My test environment is a G5 tower running Tiger Server. Works great. I attempted to use Parallels server for my test environment Leopard server, but performance was an issue for some reason (haven't gotten back around to that yet), and this wasn't even on the same Xserve as my main JSS. In production I used teamed NICs on my Xserve. I don't think it's convenient or even easy/possible to run a second instance of the JSS on the same system without some heavy modification. Craig E On 2/19/09 8:10 AM, "Nichols, Jared" wrote: Hi- I'm going to be setting up a test environment on a second xserve. Basically, another JSS. 2 questions about this: 1. 2. 3. 4. The hardware I have available has 10.4 server on it. Is there that much of a difference, that I should go with the cost of upgrading to 10.5 on that box when it comes to the JSS? 5. 6. 7. 8. 9. 10. Related, if there is a big enough difference, instead of purchasing another copy of 10.5 server, is there a way to set up a second instance of the JSS (the test JSS) on the same box as my prod JSS? Related note, my NICs are teamed. I know this is likely not recommended, but I'm curious anyway. 11. 12. 13. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/fd779038/attachment.htm From jared.nichols at ll.mit.edu Thu Feb 19 06:52:40 2009 From: jared.nichols at ll.mit.edu (Nichols, Jared) Date: Thu, 19 Feb 2009 09:52:40 -0500 Subject: [Casper] 10.4 vs 10.5 server for test environment In-Reply-To: Message-ID: That's good to know. The test box I'm looking at using is a G5 Xserve with Tiger Server. Looks like I'll go that route. Thanks! j On 2/19/09 09:37 , "Ernst, Craig S." wrote: My test environment is a G5 tower running Tiger Server. Works great. I attempted to use Parallels server for my test environment Leopard server, but performance was an issue for some reason (haven't gotten back around to that yet), and this wasn't even on the same Xserve as my main JSS. In production I used teamed NICs on my Xserve. I don't think it's convenient or even easy/possible to run a second instance of the JSS on the same system without some heavy modification. Craig E On 2/19/09 8:10 AM, "Nichols, Jared" wrote: Hi- I'm going to be setting up a test environment on a second xserve. Basically, another JSS. 2 questions about this: 1. The hardware I have available has 10.4 server on it. Is there that much of a difference, that I should go with the cost of upgrading to 10.5 on that box when it comes to the JSS? 2. Related, if there is a big enough difference, instead of purchasing another copy of 10.5 server, is there a way to set up a second instance of the JSS (the test JSS) on the same box as my prod JSS? Related note, my NICs are teamed. I know this is likely not recommended, but I'm curious anyway. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/449f8708/attachment.html From CMyers at uclan.ac.uk Thu Feb 19 07:01:47 2009 From: CMyers at uclan.ac.uk (Criss Myers) Date: Thu, 19 Feb 2009 15:01:47 +0000 Subject: [Casper] 10.4 vs 10.5 server for test environment In-Reply-To: References: <499D7223.BB96.0081.0@uclan.ac.uk> Message-ID: <499D745B.BB96.0081.0@uclan.ac.uk> I agree on not mixing, you need a test lab separate so you can reboot it or flatten it at any time without disruption Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Thu, Feb 19, 2009 at 2:57 PM, in message , "Ernst, Craig S." wrote: The issue is the name of the database and how the components connect to it. The database is jamfsoftware, you need to be able to change everything that points to that to a second database with a different name. I personally would never want to mix test and production on the same box regardless of whether or not it?s possible, with the exception of if the second instance was virtualized. Craig E On 2/19/09 8:52 AM, "Criss Myers" wrote: What would happen if you create 2 domain entries with different ip's hosted them on the same server, youd have jss1.mydomain.com and jss2.mydomain.com and have two different ip's resolving via your dns Then using the JSS Setup utility connected to jss1 and installed the JSS and then conencted to jss2 and installed a second JSS Both would be hosted on your server via the same NIC but have different databases under different domains and ip's ???? Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Thu, Feb 19, 2009 at 2:37 PM, in message , "Ernst, Craig S." wrote: My test environment is a G5 tower running Tiger Server. Works great. I attempted to use Parallels server for my test environment Leopard server, but performance was an issue for some reason (haven?t gotten back around to that yet), and this wasn?t even on the same Xserve as my main JSS. In production I used teamed NICs on my Xserve. I don?t think it?s convenient or even easy/possible to run a second instance of the JSS on the same system without some heavy modification. Craig E On 2/19/09 8:10 AM, "Nichols, Jared" wrote: Hi- I?m going to be setting up a test environment on a second xserve. Basically, another JSS. 2 questions about this: The hardware I have available has 10.4 server on it. Is there that much of a difference, that I should go with the cost of upgrading to 10.5 on that box when it comes to the JSS? Related, if there is a big enough difference, instead of purchasing another copy of 10.5 server, is there a way to set up a second instance of the JSS (the test JSS) on the same box as my prod JSS? Related note, my NICs are teamed. I know this is likely not recommended, but I?m curious anyway. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/b487cfdc/attachment.htm From jared.nichols at ll.mit.edu Thu Feb 19 06:52:40 2009 From: jared.nichols at ll.mit.edu (Nichols, Jared) Date: Thu, 19 Feb 2009 09:52:40 -0500 Subject: [Casper] 10.4 vs 10.5 server for test environment In-Reply-To: Message-ID: That's good to know. The test box I'm looking at using is a G5 Xserve with Tiger Server. Looks like I'll go that route. Thanks! j On 2/19/09 09:37 , "Ernst, Craig S." wrote: My test environment is a G5 tower running Tiger Server. Works great. I attempted to use Parallels server for my test environment Leopard server, but performance was an issue for some reason (haven't gotten back around to that yet), and this wasn't even on the same Xserve as my main JSS. In production I used teamed NICs on my Xserve. I don't think it's convenient or even easy/possible to run a second instance of the JSS on the same system without some heavy modification. Craig E On 2/19/09 8:10 AM, "Nichols, Jared" wrote: Hi- I'm going to be setting up a test environment on a second xserve. Basically, another JSS. 2 questions about this: 1. The hardware I have available has 10.4 server on it. Is there that much of a difference, that I should go with the cost of upgrading to 10.5 on that box when it comes to the JSS? 2. Related, if there is a big enough difference, instead of purchasing another copy of 10.5 server, is there a way to set up a second instance of the JSS (the test JSS) on the same box as my prod JSS? Related note, my NICs are teamed. I know this is likely not recommended, but I'm curious anyway. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/449f8708/attachment-0001.html From miles.leacy at themacadmin.com Thu Feb 19 07:08:37 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Thu, 19 Feb 2009 10:08:37 -0500 Subject: [Casper] 10.4 vs 10.5 server for test environment In-Reply-To: References: <499D7223.BB96.0081.0@uclan.ac.uk> Message-ID: It is absolutely possible to run multiple JSSes on the same box. I'm almost absolutely sure this isn't supported, and I agree wholeheartedly with Craig that such experimentation shouldn't be done on production boxes. I would recommend picking up VMWare and running your test box(es) on a VM. What I've done is spec out two beefy Xserves and installed VMWare on them for my testing environment. This should be more cost effective than purchasing and maintaining a bunch of low to mid-range boxes and certainly less headaches than scrounging old hardware (which I've found to be PPC these days, and most of the stuff I want to test requires Intel). If you are a Developer Connection member, you can download install media for Tiger, Leopard and prerelease Snow Leopard builds (of course you'd be under an Apple NDA, as I am, so don't ask me about Snow Leopard. Sign up and find out for yourself). and a serial number that's good for a few months, which should be long enough to get through any testing. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/19 Ernst, Craig S. > The issue is the name of the database and how the components connect to > it. The database is jamfsoftware, you need to be able to change everything > that points to that to a second database with a different name. > > I personally would never want to mix test and production on the same box > regardless of whether or not it's possible, with the exception of if the > second instance was virtualized. > > Craig E > > > On 2/19/09 8:52 AM, "Criss Myers" wrote: > > > > What would happen if you create 2 domain entries with different ip's > hosted them on the same server, > > > > youd have jss1.mydomain.com and jss2.mydomain.com and have two different > ip's resolving via your dns > > > > Then using the JSS Setup utility connected to jss1 and installed the JSS > and then conencted to jss2 and installed a second JSS > > > > Both would be hosted on your server via the same NIC but have different > databases under different domains and ip's ???? > > > > Criss > > > Criss Myers > > Senior Customer Support Analyst (Mac Services) > > Apple Certified Technical Coordinator v10.5 > > LIS Business Support Team > > Library 301 > > University of Central Lancashire > > Preston PR1 2HE > > Ex 5054 > > 01772 895054 > > >>> On Thu, Feb 19, 2009 at 2:37 PM, in message < > C5C2CAE7.13C57%ernstcs at uwec.edu>, "Ernst, Craig S." > wrote: > > > > > > My test environment is a G5 tower running Tiger Server. Works great. I > attempted to use Parallels server for my test environment Leopard server, > but performance was an issue for some reason (haven't gotten back around to > that yet), and this wasn't even on the same Xserve as my main JSS. > > In production I used teamed NICs on my Xserve. > > I don't think it's convenient or even easy/possible to run a second > instance of the JSS on the same system without some heavy modification. > > Craig E > > On 2/19/09 8:10 AM, "Nichols, Jared" wrote: > > > > > > > > > Hi- > > I'm going to be setting up a test environment on a second xserve. > Basically, another JSS. 2 questions about this: > > > > > 1. > 2. > 3. > 4. The hardware I have available has 10.4 server on it. Is there that > much of a difference, that I should go with the cost of upgrading to 10.5 on > that box when it comes to the JSS? > 5. > 6. > 7. > 8. > 9. > 10. Related, if there is a big enough difference, instead of purchasing > another copy of 10.5 server, is there a way to set up a second instance of > the JSS (the test JSS) on the same box as my prod JSS? Related note, my > NICs are teamed. I know this is likely not recommended, but I'm curious > anyway. > 11. > 12. > 13. > > > > > > Thanks > > j > --- > Jared F. Nichols > Desktop Engineer, Infrastructure and Operations > Information Services Department > MIT Lincoln Laboratory > 244 Wood Street > Lexington, Massachusetts 02420 > 781.981.5436 > > > > > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/523bd792/attachment.htm From tlarki at kckps.org Thu Feb 19 08:08:55 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 19 Feb 2009 10:08:55 -0600 Subject: [Casper] 10.4 vs 10.5 server for test environment In-Reply-To: <499D745B.BB96.0081.0@uclan.ac.uk> References: <499D7223.BB96.0081.0@uclan.ac.uk> <499D745B.BB96.0081.0@uclan.ac.uk> Message-ID: <499D2FB7.7141.0039.0@kckps.org> It is totally possible to run multiple JSS on one machine. When you launch casper admin, and hold down the option key, you can expand the window to another path. You can run multiple instances of the JSS on one server, how do you think they do the CCA training? It runs multiple JSS off of one laptop for the certification. Attached is a screen shot of where you would put it in. If I recall from last years CCA training when you run the JSS setup utility you can add a custom path, thus installing another instance and you can do that repeatedly . Also, for your test environemnts all you need is a few Mac Minis. That is what I do. Run NAT or use a router that runs NAT, then one mini has server, DNS, hosts the JSS etc. Then Have two mini clients. Separate from everything else. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Criss Myers" 02/19/09 9:01 AM >>> I agree on not mixing, you need a test lab separate so you can reboot it or flatten it at any time without disruption Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Thu, Feb 19, 2009 at 2:57 PM, in message , "Ernst, Craig S." wrote: The issue is the name of the database and how the components connect to it. The database is jamfsoftware, you need to be able to change everything that points to that to a second database with a different name. I personally would never want to mix test and production on the same box regardless of whether or not it?s possible, with the exception of if the second instance was virtualized. Craig E On 2/19/09 8:52 AM, "Criss Myers" wrote: What would happen if you create 2 domain entries with different ip's hosted them on the same server, youd have jss1.mydomain.com and jss2.mydomain.com and have two different ip's resolving via your dns Then using the JSS Setup utility connected to jss1 and installed the JSS and then conencted to jss2 and installed a second JSS Both would be hosted on your server via the same NIC but have different databases under different domains and ip's ???? Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Thu, Feb 19, 2009 at 2:37 PM, in message , "Ernst, Craig S." wrote: My test environment is a G5 tower running Tiger Server. Works great. I attempted to use Parallels server for my test environment Leopard server, but performance was an issue for some reason (haven?t gotten back around to that yet), and this wasn?t even on the same Xserve as my main JSS. In production I used teamed NICs on my Xserve. I don?t think it?s convenient or even easy/possible to run a second instance of the JSS on the same system without some heavy modification. Craig E On 2/19/09 8:10 AM, "Nichols, Jared" wrote: Hi- I?m going to be setting up a test environment on a second xserve. Basically, another JSS. 2 questions about this: The hardware I have available has 10.4 server on it. Is there that much of a difference, that I should go with the cost of upgrading to 10.5 on that box when it comes to the JSS? another copy of 10.5 server, is there a way to set up a second instance of the JSS (the test JSS) on the same box as my prod JSS? Related note, my NICs are teamed. I know this is likely not recommended, but I?m curious anyway. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/ff831bd2/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Picture 8.png Type: image/png Size: 57641 bytes Desc: Portable Network Graphics Format Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/ff831bd2/attachment.png From tlarki at kckps.org Thu Feb 19 11:22:16 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Thu, 19 Feb 2009 13:22:16 -0600 Subject: [Casper] 10.4 vs 10.5 server for test environment In-Reply-To: References: <499D7223.BB96.0081.0@uclan.ac.uk> Message-ID: <499D5D08.7141.0039.0@kckps.org> Even though my previous email about this said it was indeed very much possible to do so, and you could even have different clients checking into the different instances of the JSS, but I would have to agree with Miles, this is probably not recommended. Unless perhaps you split the load between two separate JSS servers, then had all your VLANs chopped up and pointed one network segment to one JSS and other segment to the other JSS. Then all you have to do is edit the /etc/jamf.conf file on the client to point to the right server. My new xserve though handles about 6,000+ clients checking in every 15 minutes just fine for the most part. My database is chunky and tends to need some maintenance from time to time but for the most part one server handles it OK. We then have building level distribution points which helps also. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/19/09 9:08 AM >>> It is absolutely possible to run multiple JSSes on the same box. I'm almost absolutely sure this isn't supported, and I agree wholeheartedly with Craig that such experimentation shouldn't be done on production boxes. I would recommend picking up VMWare and running your test box(es) on a VM. What I've done is spec out two beefy Xserves and installed VMWare on them for my testing environment. This should be more cost effective than purchasing and maintaining a bunch of low to mid-range boxes and certainly less headaches than scrounging old hardware (which I've found to be PPC these days, and most of the stuff I want to test requires Intel). If you are a Developer Connection member, you can download install media for Tiger, Leopard and prerelease Snow Leopard builds (of course you'd be under an Apple NDA, as I am, so don't ask me about Snow Leopard. Sign up and find out for yourself). and a serial number that's good for a few months, which should be long enough to get through any testing. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/19 Ernst, Craig S. The issue is the name of the database and how the components connect to it. The database is jamfsoftware, you need to be able to change everything that points to that to a second database with a different name. I personally would never want to mix test and production on the same box regardless of whether or not it's possible, with the exception of if the second instance was virtualized. Craig E On 2/19/09 8:52 AM, "Criss Myers" wrote: What would happen if you create 2 domain entries with different ip's hosted them on the same server, youd have jss1.mydomain.com and jss2.mydomain.com and have two different ip's resolving via your dns Then using the JSS Setup utility connected to jss1 and installed the JSS and then conencted to jss2 and installed a second JSS Both would be hosted on your server via the same NIC but have different databases under different domains and ip's ???? Criss Criss Myers Senior Customer Support Analyst (Mac Services) Apple Certified Technical Coordinator v10.5 LIS Business Support Team Library 301 University of Central Lancashire Preston PR1 2HE Ex 5054 01772 895054 >>> On Thu, Feb 19, 2009 at 2:37 PM, in message , "Ernst, Craig S." wrote: My test environment is a G5 tower running Tiger Server. Works great. I attempted to use Parallels server for my test environment Leopard server, but performance was an issue for some reaI don't think it's convenient or even easy/possible to run a second instance of the JSS on the same system without some heavy modification. Craig E On 2/19/09 8:10 AM, "Nichols, Jared" wrote: Hi- I'm going to be setting up a test environment on a second xserve. Basically, another JSS. 2 questions about this: The hardware I have available has 10.4 server on it. Is there that much of a difference, that I should go with the cost of upgrading to 10.5 on that box when it comes to the JSS? Related, if there is a big enough difference, instead of purchasing another copy of 10.5 server, is there a way to set up a second instance of the JSS (the test JSS) on the same box as my prod JSS? Related note, my NICs are teamed. I know this is likely not recommended, but I'm curious anyway. Thanks j --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090219/9df3f238/attachment.html From tlarki at kckps.org Fri Feb 20 08:00:22 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 20 Feb 2009 10:00:22 -0600 Subject: [Casper] time bomb accounts on a smart group Message-ID: <499E7F36.7141.0039.0@kckps.org> So, the last two years of our 1:1 has been fun. There is one problem that I have though that takes up a lot of my time and there is no good solution. That is when I give out a spare laptop to a user while theirs is in for repair. These laptops are inventoried for the purpose of being loaners. So, to rather constantly be updating my inventory and constantly reassigning users to specific machines we give out spares. Next school year I plan on naming every spare with a unique naming convention and then making a smart group of these spare machines. I want to make it so that every 30 days a policy runs that disables all local user accounts, thus forcing the user to come see me for support thus allowing me to get their spare back form them and into my inventory. I have had students refuse to give me back spares because they don't want to give up their 5 gigs of songs they ripped to them. I also am going to have active search and destroy policies that limit the files being saved on spares. Basically, I want spare machines to not be as fun as their actual machine so they have lots of incentive to bring me back the spare. I figure I could just loop all user accounts and change their passwords to something ridiculous (random 30 character string) and then force a reboot. They won't be able to log in and they will come see me immediately if they can't log in. I think this is pretty simple to do, but I would like any feed back from anyone on the list who has done something like this before. Thanks in advance, and have a good weekend. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090220/5f86e8e2/attachment.htm From miles.leacy at themacadmin.com Fri Feb 20 08:23:17 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Fri, 20 Feb 2009 11:23:17 -0500 Subject: [Casper] time bomb accounts on a smart group In-Reply-To: <499E7F36.7141.0039.0@kckps.org> References: <499E7F36.7141.0039.0@kckps.org> Message-ID: Sounds like you need an Acceptable Use Policy that has support and enforcement from the school board/district. When I worked at a K-12, a student refusing to return school equipment for any reason, nevermind a non-school related reason, was grounds for disciplinary action. As for disabling the machine, you could run a script that deletes all accounts from the local directory service (except your admin account and root), and deletes all directory bindings. Deleting the account info from the DS will leave /Users alone, so students can't accuse you of deleting their work. You could also chown /Users to your admin account and the admin group. You should also have a firmware password in place to keep them from booting into target mode. If they're *really* savvy, they can change the RAM config and get past the firmware password, but at that point, they've clearly entered the realm of wrongdoing. Though it occurs to me, if the hard disk is functioning when you have to send a machine for repair, why not clone or even physically swap the drive into a "loaner" machine, and then update the inventory such that the student is now assigned the "loaner" as their machine? It seems like a lot less work. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/20 Thomas Larkin > So, the last two years of our 1:1 has been fun. There is one problem > that I have though that takes up a lot of my time and there is no good > solution. That is when I give out a spare laptop to a user while theirs is > in for repair. These laptops are inventoried for the purpose of being > loaners. So, to rather constantly be updating my inventory and constantly > reassigning users to specific machines we give out spares. > > Next school year I plan on naming every spare with a unique naming > convention and then making a smart group of these spare machines. I want to > make it so that every 30 days a policy runs that disables all local user > accounts, thus forcing the user to come see me for support thus allowing me > to get their spare back form them and into my inventory. > > I have had students refuse to give me back spares because they don't want > to give up their 5 gigs of songs they ripped to them. I also am going to > have active search and destroy policies that limit the files being saved on > spares. > > Basically, I want spare machines to not be as fun as their actual machine > so they have lots of incentive to bring me back the spare. I figure I could > just loop all user accounts and change their passwords to something > ridiculous (random 30 character string) and then force a reboot. They won't > be able to log in and they will come see me immediately if they can't log > in. > > I think this is pretty simple to do, but I would like any feed back from > anyone on the list who has done something like this before. > > Thanks in advance, and have a good weekend. > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090220/54918f14/attachment.html From tlarki at kckps.org Fri Feb 20 08:46:10 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 20 Feb 2009 10:46:10 -0600 Subject: [Casper] time bomb accounts on a smart group In-Reply-To: References: <499E7F36.7141.0039.0@kckps.org> Message-ID: <499E89F2.7141.0039.0@kckps.org> Considering I send probably 50 units in a week for HD failure that is not really an option. Plus I barely have time to admin the 30 servers, do all the casper packages plus admin the casper servers, create users/groups and manage the LDAP, update the images, let alone do any sort of hardware repair. They hired me to pretty much do everything here and I pretty much do everything from end user support all the way up do directory administration, casper stuff, you name it I probably most likely do it. We have an AUP in place, however I am not educational administration so I can't do any sort of discipline nor do I want to. The principals actually work well with us, and it always comes down to me having them force kids to come bring in their spare. I want to avoid getting people involved to force kids to come trade their spare in. Plus the admins already deal with tons of AUP infractions every day, like students using their laptops to do unacceptable things, which I won't go into because you know what I am talking about. Also as a standard to the troubleshooting process and to ensure they have the most up to date software a machine with issues gets wiped and reimaged anyway, and home sync should only sync their documents folder and there are clean up scripts that delete any music and movies on their home directory plus their disk quota is 200 megabytes. We also have our own custom built inventory system that ties into Casper our software developers made. It ties in student information from the SILK program they use for the student database as well as serial number and asset tag of the machine that I dumped out of the Casper database. There is also a built in ticket system for repair history and work orders and an assign system for assigning machines to the repair center for repair or for a student to be assigned a spare. If I didn't have to deal with end user support on top of everything else I do, could possibly reassign, however that is not a timely option at this point in time. Each machine is labeled with stickers of the student name and the learning community they belong to. So, I would have to use some sort of goo be gone to clean off the labels, relabel it, reivnetory it, un assign the current user to their machine, and then repeat 40 to 60 times per a week as that is my average of machines that go out for repair. I think in our set up, a every 30 day policy assigned to spare machines that cleans them out is probably the best bet. Students also have access to an online web based product called "school loop" which allows them to store their school work on their locker on line, and it apparently has unlimited space. However, there is a file size limit of like 5 megabytes. So, with home folder sync and school loop they have the means to back up their data. Sorry for the long novel like explanation but given out current structure the time bomb effect would be best practice. I was thinking of just changing all passwords on the machine to something ridiculous or using dscl or jamf binary to just delete them. Our admin accounts live in /private/var for a reason, mainly being so that I can kill all users in /Users and never worry about deleting our local admin account or root. Thanks again for any input and for reading this sort of a rant of an email. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Miles Leacy 02/20/09 10:23 AM >>> Sounds like you need an Acceptable Use Policy that has support and enforcement from the school board/district. When I worked at a K-12, a student refusing to return school equipment for any reason, nevermind a non-school related reason, was grounds for disciplinary action. As for disabling the machine, you could run a script that deletes all accounts from the local directory service (except your admin account and root), and deletes all directoryfrom the DS will leave /Users alone, so students can't accuse you of deleting their work. You could also chown /Users to your admin account and the admin group. You should also have a firmware password in place to keep them from booting into target mode. If they're *really* savvy, they can change the RAM config and get past the firmware password, but at that point, they've clearly entered the realm of wrongdoing. Though it occurs to me, if the hard disk is functioning when you have to send a machine for repair, why not clone or even physically swap the drive into a "loaner" machine, and then update the inventory such that the student is now assigned the "loaner" as their machine? It seems like a lot less work. ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/20 Thomas Larkin So, the last two years of our 1:1 has been fun. There is one problem that I have though that takes up a lot of my time and there is no good solution. That is when I give out a spare laptop to a user while theirs is in for repair. These laptops are inventoried for the purpose of being loaners. So, to rather constantly be updating my inventory and constantly reassigning users to specific machines we give out spares. Next school year I plan on naming every spare with a unique naming convention and then making a smart group of these spare machines. I want to make it so that every 30 days a policy runs that disables all local user accounts, thus forcing the user to come see me for support thus allowing me to get their spare back form them and into my inventory. I have had students refuse to give me back spares because they don't want to give up their 5 gigs of songs they ripped to them. I also am going to have active search and destroy policies that limit the files being saved on spares. Basically, I want spare machines to not be as fun as their actual machine so they have lots of incentive to bring me back the spare. I figure I could just loop all user accounts and change their passwords to something ridiculous (random 30 character string) and then force a reboot. They won't be able to log in and they will come see me immediately if they can't log in. I think this is pretty simple to do, but I would like any feed back from anyone on the list who has done something like this before. Thanks in advance, and have a good weekend. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090220/4d2959a7/attachment.html From clinton.blackmore at westwind.ab.ca Fri Feb 20 08:59:42 2009 From: clinton.blackmore at westwind.ab.ca (Clinton Blackmore) Date: Fri, 20 Feb 2009 09:59:42 -0700 Subject: [Casper] time bomb accounts - exchange program In-Reply-To: <499E7F36.7141.0039.0@kckps.org> References: <499E7F36.7141.0039.0@kckps.org> Message-ID: <3C329727-9DF6-48ED-B4F0-AE22349983F7@westwind.ab.ca> Greetings. This only peripherally addresses your question, and goes against what you said about re-assigning computers, but I thought you'd find it interesting as a different approach. The idea was synthesized from two facts: 1) the techs didn't like wasting time transferring a users data to a loaner and then back to their original machine when it returned from repair, and 2) someone said, "we are big enough that we could insure ourselves." [We purchased around 800 new computers to replace/supplement older ones last summer.] We still billed an insurance fee on each computer, but instead of purchasing Apple Care for our computers, we decided to put the money into buying additional units (and attempted to standardize on just a couple of models)*, and have instituted what we call the exchange program. When a unit comes in that is malfunctioning, the user is given an identical unit. We transfer data when we can (or use mobile/ network accounts), but have told users that they are responsible for backing up their own data. Then, the original unit can go for repair (or warranty work if it qualifies.) When it comes back, it is re-imaged and placed onto the exchange pile. We do not have to hunt down the user and get a loaner back. We really need to formalize a policy for removing computers from workgroup manager and marking them as in for repairs in Casper, and, if you do an exchange program yourself, you need to keep the exchange units out or sight and out of mind, or risk politicians sabotaging your program by saying, "Why do we have twenty MacBooks just sitting here, when they could form a new lab?" We are only six or seven months into our exchange program, but it seems to be working fairly well. Cheers, Clinton Blackmore * We also took back the older computers we were replacing, and redistributed some while keeping spares ready for exchange purposes. [Well, except for the oldest ones, which we discarded.] On 20-Feb-09, at 9:00 AM, Thomas Larkin wrote: > So, the last two years of our 1:1 has been fun. There is one > problem that I have though that takes up a lot of my time and there > is no good solution. That is when I give out a spare laptop to a > user while theirs is in for repair. These laptops are inventoried > for the purpose of being loaners. So, to rather constantly be > updating my inventory and constantly reassigning users to specific > machines we give out spares. > > Next school year I plan on naming every spare with a unique naming > convention and then making a smart group of these spare machines. I > want to make it so that every 30 days a policy runs that disables > all local user accounts, thus forcing the user to come see me for > support thus allowing me to get their spare back form them and into > my inventory. > > I have had students refuse to give me back spares because they don't > want to give up their 5 gigs of songs they ripped to them. I also > am going to have active search and destroy policies that limit the > files being saved on spares. > > Basically, I want spare machines to not be as fun as their actual > machine so they have lots of incentive to bring me back the spare. > I figure I could just loop all user accounts and change their > passwords to something ridiculous (random 30 character string) and > then force a reboot. They won't be able to log in and they will > come see me immediately if they can't log in. > > I think this is pretty simple to do, but I would like any feed back > from anyone on the list who has done something like this before. > > Thanks in advance, and have a good weekend. > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090220/2a54b796/attachment.htm From tlarki at kckps.org Fri Feb 20 09:10:42 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 20 Feb 2009 11:10:42 -0600 Subject: [Casper] time bomb accounts - exchange program In-Reply-To: <3C329727-9DF6-48ED-B4F0-AE22349983F7@westwind.ab.ca> References: <499E7F36.7141.0039.0@kckps.org> <3C329727-9DF6-48ED-B4F0-AE22349983F7@westwind.ab.ca> Message-ID: <499E8FB2.7141.0039.0@kckps.org> I have over 6,000 of the same macbooks. We label them with names of the student and assign them the laptop in our inventory system. I see so many failed HDs on these models it is insane. I sometimes send over 50 machines out for repair per a week, from just one building. The building I work out of has over 1400 laptops in it. I am not sure how you do it at your school, but each machines has a tattoo metal sticker on it with a unique Asset tag number. If the sticker is ripped off there is a tattoo under it that says STOLEN in huge red letters. I have to scan each machine in and do about 3 to 4 minutes of clerical work on the inventory database to un-assign and reassign a laptop, which I do on some circumstances. I have probably over 100 spare laptops in my building that are used for repairs or they can be checked out for certain events by staff and then brought back to me. So I have to manage 100+ spares plus my 1400 in my building, plus the 6,000+ district wide. My department is like 6 people, that is an average of 1 person per 1,000 laptops. We are just too under staffed to be dealing with paper work stuff all day. With the budget cuts we aren't getting any more staff any time soon. We have things in place where they can save their school work, both from home folder sync and school loop. Plus I am thinking about putting drop box on the image for next year which will give them 2gigs of free space to sync whatever they want over the Internet. I do kind of wish I had a stock of spare parts and a HD cloner, then i would just clone 20 HDs and when one comes in with a bad HD, swap out the drives then just order the part through GSX, but we don't have that in place. How do you guys that work in 1:1 handle your spare machines? ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> Clinton Blackmore 02/20/09 10:59 AM >>> Greetings. This only peripherally addresses your question, and goes against what you said about re-assigning computers, but I thought you'd find it interesting as a different approach. The idea was synthesized from two facts: 1) the techs didn't like wasting time transferring a users data to a loaner and then back to their original machine when it returned from repair, and 2) someone said, "we are big enough that we could insure ourselves." [We purchased around 800 new computers to replace/supplement older ones last summer.] We still billed an insurance fee on each computer, but instead of purchasing Apple Care for our computers, we decided to put the money into buying additional units (and attempted to standardize on just a couple of models)*, and have instituted what we call the exchange program. When a unit comes in that is malfunctioning, the user is given an identical unit. We transfer data when we can (or use mobile/network accounts), but have told users that they are responsible for backing up their own data. Then, the original unit can go for repair (or warranty work if it qualifies.) When it comes back, it is re-imaged and placed onto the exchange pile. We do not have to hunt down the user and get a loaner back. We really need to formalize a policy for removing computers from workgroup manager and marking them as in for repairs in Casper, and, if you do an exchange program yourself, you need to keep the exchange units out or sight and out of mind, or risk politicians sabotaging your program by saying, "Why do we have twenty MacBooks just sitting here, when they could form a new lab?" We are only six or seven months into our exchange program, but it seems to be working fairly well. Cheers, Clinton Blackmore * We also took back the older computers we were replacing, and redistributed some while keeping spares ready for exchange purposes. [Well, except for the oldest ones, which we discarded.] On 20-Feb-09, at 9:00 AM, Thomas Larkin wrote: So, the last two years of our 1:1 has been fun. There is one problem that I have though that takes up a lot of my time and there is no good solution. That is when I give out a spare laptop to a user while theirs is in for repair. These laptops are inventoried for the purpose of being loaners. So, to rather constantly be updating my inventory and constantly reassigning users to specific machines we give out spares. Next school year I plan on naming every spare with a unique naming convention and then making a smart group of these spare machines. I want to make it so that every 30 days a policy runs that disables all local user accounts, thus forcing the user to come see me for support thus allowing me to get their spare back form them and into my inventory. I have had students refuse to give me back spares because they don't want to give up their 5 gigs of songs they ripped to them. I also am going to have active search and destroy policies that limit the files being saved on spares. Basically, I want spare machines to not be as fun as their actual machine so they have lots of incentive to bring me back the spare. I figure I could just loop all user accounts and change their passwords to something ridiculous (random 30 character string) and then force a reboot. They won't be able to log in and they will come see me immediately if they can't log in. I think this is pretty simple to do, but I would like any feed back from anyone on the list who has done something like this before. Thanks in advance, and have a good weekend. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090220/10429d7e/attachment.htm From john_wetter at hopkins.k12.mn.us Fri Feb 20 09:17:56 2009 From: john_wetter at hopkins.k12.mn.us (John Wetter) Date: Fri, 20 Feb 2009 11:17:56 -0600 Subject: [Casper] time bomb accounts on a smart group In-Reply-To: <499E89F2.7141.0039.0@kckps.org> Message-ID: It looks like you have thought about this, but in our 1-1 program, we just have them barcoded. The only unique thing on the laptop is the students account and we 'check out' the laptop to the student in our Library circulation system. So, when we give them a spare, that becomes their new computer and when the fixed laptop comes back from AppleCare, it gets thrown in the spare pile to be imaged whenever we get to it and image a bunch. This should help avoid the issue of needing to collect laptops back as I can see from both sides the inconvenience of that. -John On 2/20/09 10:46 AM, "Thomas Larkin" wrote: Considering I send probably 50 units in a week for HD failure that is not really an option. Plus I barely have time to admin the 30 servers, do all the casper packages plus admin the casper servers, create users/groups and manage the LDAP, update the images, let alone do any sort of hardware repair. They hired me to pretty much do everything here and I pretty much do everything from end user support all the way up do directory administration, casper stuff, you name it I probably most likely do it. We have an AUP in place, however I am not educational administration so I can't do any sort of discipline nor do I want to. The principals actually work well with us, and it always comes down to me having them force kids to come bring in their spare. I want to avoid getting people involved to force kids to come trade their spare in. Plus the admins already deal with tons of AUP infractions every day, like students using their laptops to do unacceptable things, which I won't go into because you know what I am talking about. Also as a standard to the troubleshooting process and to ensure they have the most up to date software a machine with issues gets wiped and reimaged anyway, and home sync should only sync their documents folder and there are clean up scripts that delete any music and movies on their home directory plus their disk quota is 200 megabytes. We also have our own custom built inventory system that ties into Casper our software developers made. It ties in student information from the SILK program they use for the student database as well as serial number and asset tag of the machine that I dumped out of the Casper database. There is also a built in ticket system for repair history and work orders and an assign system for assigning machines to the repair center for repair or for a student to be assigned a spare. If I didn't have to deal with end user support on top of everything else I do, could possibly reassign, however that is not a timely option at this point in time. Each machine is labeled with stickers of the student name and the learning community they belong to. So, I would have to use some sort of goo be gone to clean off the labels, relabel it, reivnetory it, un assign the current user to their machine, and then repeat 40 to 60 times per a week as that is my average of machines that go out for repair. I think in our set up, a every 30 day policy assigned to spare machines that cleans them out is probably the best bet. Students also have access to an online web based product called "school loop" which allows them to store their school work on their locker on line, and it apparently has unlimited space. However, there is a file size limit of like 5 megabytes. So, with home folder sync and school loop they have the means to back up their data. Sorry for the long novel like explanation but given out current structure the time bomb effect would be best practice. I was thinking of just changing all passwords on the machine to something ridiculous or using dscl or jamf binary to just delete them. Our admin accounts live in /private/var for a reason, mainly being so that I can kill all users in /Users and never worry about deleting our local admin account or root. Thanks again for any input and for reading this sort of a rant of an email. -- John Wetter Technology Support Administrator Educational Technology, Media & Information Services Hopkins Public Schools 952-988-5373 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090220/9cc58046/attachment.html From mahughe at kckps.org Fri Feb 20 09:36:32 2009 From: mahughe at kckps.org (Mark Hughes) Date: Fri, 20 Feb 2009 11:36:32 -0600 Subject: [Casper] time bomb accounts - exchange program Message-ID: <499E9437020000A30000C4D8@gwoes4.kckps.org> Let me add to some of our structure of sorts that Tom didn't mention. Our district wants each student to have the use of one machine for their entire high school career. This eliminating a student not taking care of their own machine over that time. If they choose to leave it filthy and it goes to repair, they will get the same filthy machine back from repair. Not giving out decent machines to those who choose not to take care of them. This would be a disservice to those who treat their laptops w/ the greatest of care. We have a loaner program in place if the repair allows for one, if not then a deductible has to be meet before a loaner can be issued. I work w/ Tom in the dept supporting him and 4 other tech where the 1:1 exists as well as the other 40 buildings in the district. We are definitely under manned but we get by. Each day is a challenge and job security for the most part is not much of an issue here, there's plenty to do! Mark Hughes Mark Hughes, Apple Technician TIS Department, KCKPS USD500 Cell 913-449-7791 mahughe at kckps.org >>> Clinton Blackmore 02/20/09 11:02 AM >>> Greetings. This only peripherally addresses your question, and goes against what you said about re-assigning computers, but I thought you'd find it interesting as a different approach. The idea was synthesized from two facts: 1) the techs didn't like wasting time transferring a users data to a loaner and then back to their original machine when it returned from repair, and 2) someone said, "we are big enough that we could insure ourselves." [We purchased around 800 new computers to replace/supplement older ones last summer.] We still billed an insurance fee on each computer, but instead of purchasing Apple Care for our computers, we decided to put the money into buying additional units (and attempted to standardize on just a couple of models)*, and have instituted what we call the exchange program. When a unit comes in that is malfunctioning, the user is given an identical unit. We transfer data when we can (or use mobile/ network accounts), but have told users that they are responsible for backing up their own data. Then, the original unit can go for repair (or warranty work if it qualifies.) When it comes back, it is re-imaged and placed onto the exchange pile. We do not have to hunt down the user and get a loaner back. We really need to formalize a policy for removing computers from workgroup manager and marking them as in for repairs in Casper, and, if you do an exchange program yourself, you need to keep the exchange units out or sight and out of mind, or risk politicians sabotaging your program by saying, "Why do we have twenty MacBooks just sitting here, when they could form a new lab?" We are only six or seven months into our exchange program, but it seems to be working fairly well. Cheers, Clinton Blackmore * We also took back the older computers we were replacing, and redistributed some while keeping spares ready for exchange purposes. [Well, except for the oldest ones, which we discarded.] On 20-Feb-09, at 9:00 AM, Thomas Larkin wrote: > So, the last two years of our 1:1 has been fun. There is one > problem that I have though that takes up a lot of my time and there > is no good solution. That is when I give out a spare laptop to a > user while theirs is in for repair. These laptops are inventoried > for the purpose of being loaners. So, to rather constantly be > updating my inventory and constantly reassigning users to specific > machines we give out spares. > > Next school year I plan on naming every spare with a unique naming > convention and then making a smart group of these spare machines. I > want to make it so that every 30 days a policy runs that disables > all local user accounts, thus forcing the user to come see me for > support thus allowing me to get their spare back form them and into > my inventory. > > I have had students refuse to give me back spares because they don't > want to give up their 5 gigs of songs they ripped to them. I also > am going to have active search and destroy policies that limit the > files being saved on spares. > > Basically, I want spare machines to not be as fun as their actual > machine so they have lots of incentive to bring me back the spare. > I figure I could just loop all user accounts and change their > passwords to something ridiculous (random 30 character string) and > then force a reboot. They won't be able to log in and they will > come see me immediately if they can't log in. > > I think this is pretty simple to do, but I would like any feed back > from anyone on the list who has done something like this before. > > Thanks in advance, and have a good weekend. > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. From mahughe at kckps.org Fri Feb 20 09:39:15 2009 From: mahughe at kckps.org (Mark Hughes) Date: Fri, 20 Feb 2009 11:39:15 -0600 Subject: [Casper] time bomb accounts on a smart group Message-ID: <499E94E8020000A30000C4DE@gwoes4.kckps.org> The metal tag that holds our asset number is a part of the theft tag program that we work with that helps in tracking down stolen or reported missing laptops. It is barcoded as well. Mark Mark Hughes, Apple Technician TIS Department, KCKPS USD500 Cell 913-449-7791 mahughe at kckps.org >>> John Wetter 02/20/09 11:24 AM >>> It looks like you have thought about this, but in our 1-1 program, we just have them barcoded. The only unique thing on the laptop is the students account and we 'check out' the laptop to the student in our Library circulation system. So, when we give them a spare, that becomes their new computer and when the fixed laptop comes back from AppleCare, it gets thrown in the spare pile to be imaged whenever we get to it and image a bunch. This should help avoid the issue of needing to collect laptops back as I can see from both sides the inconvenience of that. -John On 2/20/09 10:46 AM, "Thomas Larkin" wrote: Considering I send probably 50 units in a week for HD failure that is not really an option. Plus I barely have time to admin the 30 servers, do all the casper packages plus admin the casper servers, create users/groups and manage the LDAP, update the images, let alone do any sort of hardware repair. They hired me to pretty much do everything here and I pretty much do everything from end user support all the way up do directory administration, casper stuff, you name it I probably most likely do it. We have an AUP in place, however I am not educational administration so I can't do any sort of discipline nor do I want to. The principals actually work well with us, and it always comes down to me having them force kids to come bring in their spare. I want to avoid getting people involved to force kids to come trade their spare in. Plus the admins already deal with tons of AUP infractions every day, like students using their laptops to do unacceptable things, which I won't go into because you know what I am talking about. Also as a standard to the troubleshooting process and to ensure they have the most up to date software a machine with issues gets wiped and reimaged anyway, and home sync should only sync their documents folder and there are clean up scripts that delete any music and movies on their home directory plus their disk quota is 200 megabytes. We also have our own custom built inventory system that ties into Casper our software developers made. It ties in student information from the SILK program they use for the student database as well as serial number and asset tag of the machine that I dumped out of the Casper database. There is also a built in ticket system for repair history and work orders and an assign system for assigning machines to the repair center for repair or for a student to be assigned a spare. If I didn't have to deal with end user support on top of everything else I do, could possibly reassign, however that is not a timely option at this point in time. Each machine is labeled with stickers of the student name and the learning community they belong to. So, I would have to use some sort of goo be gone to clean off the labels, relabel it, reivnetory it, un assign the current user to their machine, and then repeat 40 to 60 times per a week as that is my average of machines that go out for repair. I think in our set up, a every 30 day policy assigned to spare machines that cleans them out is probably the best bet. Students also have access to an online web based product called "school loop" which allows them to store their school work on their locker on line, and it apparently has unlimited space. However, there is a file size limit of like 5 megabytes. So, with home folder sync and school loop they have the means to back up their data. Sorry for the long novel like explanation but given out current structure the time bomb effect would be best practice. I was thinking of just changing all passwords on the machine to something ridiculous or using dscl or jamf binary to just delete them. Our admin accounts live in /private/var for a reason, mainly being so that I can kill all users in /Users and never worry about deleting our local admin account or root. Thanks again for any input and for reading this sort of a rant of an email. -- John Wetter Technology Support Administrator Educational Technology, Media & Information Services Hopkins Public Schools 952-988-5373 From clinton.blackmore at westwind.ab.ca Fri Feb 20 10:34:21 2009 From: clinton.blackmore at westwind.ab.ca (Clinton Blackmore) Date: Fri, 20 Feb 2009 11:34:21 -0700 Subject: [Casper] time bomb accounts - exchange program In-Reply-To: <499E8FB2.7141.0039.0@kckps.org> References: <499E7F36.7141.0039.0@kckps.org> <3C329727-9DF6-48ED-B4F0-AE22349983F7@westwind.ab.ca> <499E8FB2.7141.0039.0@kckps.org> Message-ID: <5D6DF724-635C-41DF-A0A7-B5475B91B302@westwind.ab.ca> Good heavens! I thought we were undermanned. We do have asset tags on our computers. I really like the idea of having "stolen" written underneath them. I also love the idea of students keeping the same laptop and reaping the rewards of how well they care for it. Our 1:1 project has the laptops staying with the grade and being handed on to a new student each year. When one of our one-to-one units has a failure, and it is not a harddrive failure, we will swap the harddrive from one MacBook to an exchange unit, be certain the new unit is properly reconned and in the right work group in WGM, and get it back to the student. If the HDD is toast, we'll give them a new unit and have them sync to their mobile account. [We only have 175 one-to-one students, and thus face two-magnitudes of order few problems.] In Workgroup manager, on the basic tab, it has an option called: "User can [ ] access account". I would find out how to replicate that change from the command line (via a local node if necessary), and use that as the basis of disabling the account. I'd also consider seeing if there is something you can do to automate or speed up the work you do updating information in your inventory database. And yet, I feel all too keenly the plight of the farmer, who, when going for wood was asked, "Why don't you sharpen your saw? It'll make it easier" and who replied "I don't have time to sharpen the saw! I've got all these trees to cut!" Cheers, Clinton On 20-Feb-09, at 10:10 AM, Thomas Larkin wrote: > I have over 6,000 of the same macbooks. We label them with names of > the student and assign them the laptop in our inventory system. I > see so many failed HDs on these models it is insane. I sometimes > send over 50 machines out for repair per a week, from just one > building. The building I work out of has over 1400 laptops in it. > I am not sure how you do it at your school, but each machines has a > tattoo metal sticker on it with a unique Asset tag number. If the > sticker is ripped off there is a tattoo under it that says STOLEN in > huge red letters. I have to scan each machine in and do about 3 to > 4 minutes of clerical work on the inventory database to un-assign > and reassign a laptop, which I do on some circumstances. > > I have probably over 100 spare laptops in my building that are used > for repairs or they can be checked out for certain events by staff > and then brought back to me. So I have to manage 100+ spares plus > my 1400 in my building, plus the 6,000+ district wide. My > department is like 6 people, that is an average of 1 person per > 1,000 laptops. We are just too under staffed to be dealing with > paper work stuff all day. With the budget cuts we aren't getting > any more staff any time soon. > > We have things in place where they can save their school work, both > from home folder sync and school loop. Plus I am thinking about > putting drop box on the image for next year which will give them > 2gigs of free space to sync whatever they want over the Internet. > > I do kind of wish I had a stock of spare parts and a HD cloner, then > i would just clone 20 HDs and when one comes in with a bad HD, swap > out the drives then just order the part through GSX, but we don't > have that in place. > > How do you guys that work in 1:1 handle your spare machines? > > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > >>> Clinton Blackmore 02/20/09 > 10:59 AM >>> > Greetings. > > This only peripherally addresses your question, and goes against > what you said about re-assigning computers, but I thought you'd find > it interesting as a different approach. > > The idea was synthesized from two facts: 1) the techs didn't like > wasting time transferring a users data to a loaner and then back to > their original machine when it returned from repair, and 2) someone > said, "we are big enough that we could insure ourselves." [We > purchased around 800 new computers to replace/supplement older ones > last summer.] > > We still billed an insurance fee on each computer, but instead of > purchasing Apple Care for our computers, we decided to put the money > into buying additional units (and attempted to standardize on just a > couple of models)*, and have instituted what we call the exchange > program. When a unit comes in that is malfunctioning, the user is > given an identical unit. We transfer data when we can (or use > mobile/network accounts), but have told users that they are > responsible for backing up their own data. > > Then, the original unit can go for repair (or warranty work if it > qualifies.) When it comes back, it is re-imaged and placed onto the > exchange pile. We do not have to hunt down the user and get a > loaner back. > > > We really need to formalize a policy for removing computers from > workgroup manager and marking them as in for repairs in Casper, and, > if you do an exchange program yourself, you need to keep the > exchange units out or sight and out of mind, or risk politicians > sabotaging your program by saying, "Why do we have twenty MacBooks > just sitting here, when they could form a new lab?" > > > We are only six or seven months into our exchange program, but it > seems to be working fairly well. > > Cheers, > Clinton Blackmore > > > * We also took back the older computers we were replacing, and > redistributed some while keeping spares ready for exchange > purposes. [Well, except for the oldest ones, which we discarded.] > > > On 20-Feb-09, at 9:00 AM, Thomas Larkin wrote: > >> So, the last two years of our 1:1 has been fun. There is one >> problem that I have though that takes up a lot of my time and there >> is no good solution. That is when I give out a spare laptop to a >> user while theirs is in for repair. These laptops are inventoried >> for the purpose of being loaners. So, to rather constantly be >> updating my inventory and constantly reassigning users to specific >> machines we give out spares. >> >> Next school year I plan on naming every spare with a unique naming >> convention and then making a smart group of these spare machines. >> I want to make it so that every 30 days a policy runs that disables >> all local user accounts, thus forcing the user to come see me for >> support thus allowing me to get their spare back form them and into >> my inventory. >> >> I have had students refuse to give me back spares because they >> don't want to give up their 5 gigs of songs they ripped to them. I >> also am going to have active search and destroy policies that limit >> the files being saved on spares. >> >> Basically, I want spare machines to not be as fun as their actual >> machine so they have lots of incentive to bring me back the spare. >> I figure I could just loop all user accounts and change their >> passwords to something ridiculous (random 30 character string) and >> then force a reboot. They won't be able to log in and they will >> come see me immediately if they can't log in. >> >> I think this is pretty simple to do, but I would like any feed back >> from anyone on the list who has done something like this before. >> >> Thanks in advance, and have a good weekend. >> >> ___________________________ >> Thomas Larkin >> TIS Department >> KCKPS USD500 >> tlarki at kckps.org >> blackberry: 913-449-7589 >> office: 913-627-0351 >> >> >> >> >> >> _______________________________________________ >> Casper mailing list >> Casper at list.jamfsoftware.com >> http://list.jamfsoftware.com/mailman/listinfo/casper > > > This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090220/b5c42667/attachment.html From hbonath at computersitecolumbus.com Fri Feb 20 12:48:57 2009 From: hbonath at computersitecolumbus.com (Henry Bonath) Date: Fri, 20 Feb 2009 15:48:57 -0500 Subject: [Casper] Entourage Saved Passwords Message-ID: Does anyone know if there is a way to force Entourage to not save a password? Thanks. -Henry ________________________________ [http://www.computersitecolumbus.com/images/CSC_Logo.jpg] Henry Bonath Network Engineer Computer Site Columbus 6155-N Huntley Road Columbus, OH 43229 computersitecolumbus.com Tel: 614.786.7100 Cell: 614.738.0822 Fax: 614.786.7310 Your I.T. Department ________________________________ 15:50:02 Fri 20 Feb 2009 This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090220/bdcac411/attachment.htm From jstrauss at loyolahs.edu Sat Feb 21 11:24:11 2009 From: jstrauss at loyolahs.edu (Jeff Strauss) Date: Sat, 21 Feb 2009 11:24:11 -0800 Subject: [Casper] Network users can't access Documents Message-ID: In testing the final steps before imaging 700 Macs, I found that my test users can't access their own Documents folder. It gives an "insufficient access privileges" error. They're pretty heavily managed with WGM, but I hadn't noticed this problem during previous testing. What WGM settings define home folder access? Jeffrey A. Strauss Department of Educational Technology Systems Administrator Loyola High School of Los Angeles 1901 Venice Blvd. Los Angeles, Ca 90006 (213) 381-5121 x265 Please consider the environment before printing this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090221/3ee9e70c/attachment.html From jstrauss at loyolahs.edu Sun Feb 22 17:58:43 2009 From: jstrauss at loyolahs.edu (Jeff Strauss) Date: Sun, 22 Feb 2009 17:58:43 -0800 Subject: [Casper] Smart group by boot volume name? Message-ID: Is there any way to create a group by boot volume name? In the inventory details it displays the name, but I don't see where I can add it for a smart group. Jeffrey A. Strauss Department of Educational Technology Systems Administrator Loyola High School of Los Angeles 1901 Venice Blvd. Los Angeles, Ca 90006 (213) 381-5121 x265 Please consider the environment before printing this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090222/6aa0d397/attachment.htm From jstrauss at loyolahs.edu Sun Feb 22 17:57:44 2009 From: jstrauss at loyolahs.edu (Jeff Strauss) Date: Sun, 22 Feb 2009 17:57:44 -0800 Subject: [Casper] Network users can't access Documents In-Reply-To: Message-ID: Forget this; weird bug that didn't reoccur on any other machine. On 2/21/09 11:24 AM, "Jeff Strauss" wrote: In testing the final steps before imaging 700 Macs, I found that my test users can't access their own Documents folder. It gives an "insufficient access privileges" error. They're pretty heavily managed with WGM, but I hadn't noticed this problem during previous testing. What WGM settings define home folder access? Jeffrey A. Strauss Department of Educational Technology Systems Administrator Loyola High School of Los Angeles 1901 Venice Blvd. Los Angeles, Ca 90006 (213) 381-5121 x265 Please consider the environment before printing this e-mail. Jeffrey A. Strauss Department of Educational Technology Systems Administrator Loyola High School of Los Angeles 1901 Venice Blvd. Los Angeles, Ca 90006 (213) 381-5121 x265 Please consider the environment before printing this e-mail. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090222/1fafca5c/attachment.html From tlarki at kckps.org Mon Feb 23 07:52:36 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Mon, 23 Feb 2009 09:52:36 -0600 Subject: [Casper] possible to image with no JSS? Message-ID: <49A271E4.7141.0039.0@kckps.org> I think this has been covered before, but is there a way to netboot and image with out the server being able to connect to the JSS? Just curious... Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090223/28363eee/attachment.html From miles.leacy at themacadmin.com Mon Feb 23 08:19:36 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Mon, 23 Feb 2009 11:19:36 -0500 Subject: [Casper] Smart group by boot volume name? In-Reply-To: References: Message-ID: Sounds like a good candidate for a dummy package. #!/bin/bash # get the device id of your boot volume bootdevid=`bless --getBoot` # If the boot volume's device id matches up with the volume name you're # looking for, call the custom-triggered policy. if [ `diskutil list| grep "${bootdevid:5}"| grep -c "theBootVolumeYoureLookingFor"` -ne 0 ] then jamf policy -action theCustomTrigger fi ---------- Miles A. Leacy IV ? Certified System Administrator 10.4 ? Certified Technical Coordinator 10.5 ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/22 Jeff Strauss > Is there any way to create a group by boot volume name? In the inventory > details it displays the name, but I don't see where I can add it for a smart > group. > * > Jeffrey A. Strauss > *Department of Educational Technology > *Systems Administrator > *Loyola High School of Los Angeles > 1901 Venice Blvd. > Los Angeles, Ca 90006 > (213) 381-5121 x265 > > Please consider the environment before printing this e-mail. > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090223/d10905ac/attachment.htm From bstewart at brocku.ca Tue Feb 24 12:30:49 2009 From: bstewart at brocku.ca (Bruce Stewart) Date: Tue, 24 Feb 2009 15:30:49 -0500 Subject: [Casper] Entourage Saved Passwords In-Reply-To: Message-ID: Hi Henry, Interesting question. Entourage stores its passwords in the OS X Keychain. If you tell Entourage to save a password and then open your Keychain (go to Applications/Utilities and open Keychain Access), you will see a category on the left panel called ?Passwords?. Under this is Applications where the passwords for applications are stored. Your password for any Entourage accounts ( I have several) will be listed by server type, strangely not by the name Entourage. I have a couple in there listed as Exchange. In there are the individual account settings for password. It is possible to deny access to this keychain item from this menu but I am not sure if you could stop this from creating a new keychain item for a user. Perhaps this permission could be pre-populated on a per user basis if you know the server they were talking to. I do not see anything online about this being scriptable. Would be useful if it was. I am not sure but perhaps others on the list would like to chime in? I would be interested in this as well. I do not like users storing passwords on systems. They tend to forget them if they do not type them in for months. We do thousands of password resets a year for users; mostly because they do not type it in until the next time it expires and they have to get it reset. Catch 22, can't set a new password unless you know your old one. Bruce ________________________________ Bruce Stewart Systems Support/Analyst Information Technology Services Brock University 500 Glenridge Ave., St. Catharines, Ontario Canada, L2S 3A1 (905) 688-5550 Ext. HELP (4357) bruce at brocku.ca On 20/02/09 3:48 PM, "Henry Bonath" wrote: Does anyone know if there is a way to force Entourage to not save a password? Thanks. -Henry ________________________________ Henry Bonath Network Engineer Computer Site Columbus 6155-N Huntley Road Columbus, OH 43229 computersitecolumbus.com Tel: 614.786.7100 Cell: 614.738.0822 Fax: 614.786.7310 Your I.T. Department ________________________________ 15:50:02 Fri 20 Feb 2009 This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. ________________________________ Confidentiality Notice: This e-mail, including any attachments, may contain confidential or privileged information. If you are not the intended recipient, please notify the sender by e-mail and immediately delete this message and its contents. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090224/3a74f341/attachment.htm From william.smith at merrillcorp.com Tue Feb 24 13:03:15 2009 From: william.smith at merrillcorp.com (Smith, William) Date: Tue, 24 Feb 2009 15:03:15 -0600 Subject: [Casper] Entourage Saved Passwords In-Reply-To: Message-ID: On 2/24/09 2:30 PM, "Bruce Stewart" wrote: > Entourage stores its passwords in the OS X Keychain. If you tell Entourage to > save a password and then open your Keychain (go to Applications/Utilities and > open Keychain Access), you will see a category on the left panel called > ?Passwords?. Under this is Applications where the passwords for applications > are stored. [snip] > I do not like users storing passwords on systems. They tend to forget them if > they do not type them in for months. We do thousands of password resets a year > for users; mostly because they do not type it in until the next time it > expires and they have to get it reset. Catch 22, can't set a new password > unless you know your old one. You?re correct that scripting passwords in Entourage is not possible. If administrators want to take a sledgehammer approach then they can create a logout policy that deletes: ~/Library/Keychains/login.keychain I'd weigh the costs and benefits of not allowing passwords to be stored for all users vs. Help Desk calls to reset passwords. While I hate the Mac OS X Keychain myself, it is useful to the end users. Whose inconvenience weighs more? -- bill William M. Smith, Technical Analyst MCS IT Merrill Communications, LLC (651) 632-1492 From pgawlocki at cellsignal.net Wed Feb 25 04:44:40 2009 From: pgawlocki at cellsignal.net (Peter Gawlocki) Date: Wed, 25 Feb 2009 07:44:40 -0500 Subject: [Casper] Adobe Photoshop Elements 6 Message-ID: <5C620A6B-4451-488A-9A62-1B2B4E2EA189@cellsignal.net> Hey Casper listers... I am new to Casper (we just bought and installed a couple weeks ago) and I am having difficulty with Photoshop Elements. If I use the "Adobe" method in Casper Admin, I add the dmg and go to the 'options tab' and select "this is an Adobe..." it scans and says "This image does not appear to be a valid Adobe Installer Image or Adobe Updater." When I tried using Composer and using the snapshot method, it all seems to work until I deploy to test and launch. the message at launch is. "Licensing for this product has stopped working.... ...please reinstall or call your IT Administrator.." Does anyone on the list have any experience with Photoshop Elements? Thanks. Peter From Wil.Hutchins at utas.edu.au Thu Feb 26 13:05:08 2009 From: Wil.Hutchins at utas.edu.au (Wil Hutchins) Date: Fri, 27 Feb 2009 08:05:08 +1100 Subject: [Casper] Imaging Problems - Permissions Message-ID: <33BC3CE2-6734-4D6F-A91D-1DDABFA1BF33@utas.edu.au> Hi All, First of all, my apologies if this has previously been discussed in the casper-request forum, however I've searched though a year or so worth of emails and haven't found the topic raised. This is probably nothing more than me missing a simple option in the master image creation process. Basically, the issue I am facing is the random read-only permissions set across the local HDD after being imaged with my Base1056 OS Package. My base image is fairly standard, with all software updates applied to the Mac OS, admin user created, delete unwanted apps, clean caches and capture with Composer as a compressed DMG. After imaging the root level of the HDD has read only permissions, as well as other directories littered with what I would consider to be incorrect permissions. I have attempted to repair permissions pre/post Composer capture, as well as after imaging, to no avail once image is deployed. Any ideas or methods that you use when creating your images with Composer (Operating System package or dmg, Application packaging or dmg) to avoid this issue would be greatly appreciated. Thankyou in advance. -------------------------------- Wil Hutchins IT Manager School of Architecture & Design University Of Tasmania Locked Bag 1-323 Launceston, Tasmania Australia 7250 P 03 6324 4490 M 04 1736 4239 F 03 6324 4477 E Wil.Hutchins at utas.edu.au http://www.utas.edu.au/arch ------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/74da7f9c/attachment.htm From Dustin.Dorey at district196.org Thu Feb 26 13:31:48 2009 From: Dustin.Dorey at district196.org (Dorey, Dustin) Date: Thu, 26 Feb 2009 15:31:48 -0600 Subject: [Casper] Imaging Problems - Permissions In-Reply-To: <33BC3CE2-6734-4D6F-A91D-1DDABFA1BF33@utas.edu.au> References: <33BC3CE2-6734-4D6F-A91D-1DDABFA1BF33@utas.edu.au> Message-ID: Hello there, A few questions, what Server OS are you running? What version of Casper Suite and JSS are you running? And Did you run upgrades on either or both of those to get to that version? For instance if you originally started with OS X Server 10.4.x and Casper 5.x and upgraded to OS X Server 10.5.x and Casper 6.x That would be good to know. The reason I ask is that we had that scenario and had numerous permissions issues that were resolved when we took everything down, zeroed and built a fresh 10.5 server install and installed Casper 6.01 directly. Though by doing that we were not able to determine what exactly caused the problem. Just curious if you may be in the same situation. If not well, I'm out of ideas. Good Luck! From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of Wil Hutchins Sent: Thursday, February 26, 2009 3:05 PM To: casper at list.jamfsoftware.com Subject: [Casper] Imaging Problems - Permissions Hi All, First of all, my apologies if this has previously been discussed in the casper-request forum, however I've searched though a year or so worth of emails and haven't found the topic raised. This is probably nothing more than me missing a simple option in the master image creation process. Basically, the issue I am facing is the random read-only permissions set across the local HDD after being imaged with my Base1056 OS Package. My base image is fairly standard, with all software updates applied to the Mac OS, admin user created, delete unwanted apps, clean caches and capture with Composer as a compressed DMG. After imaging the root level of the HDD has read only permissions, as well as other directories littered with what I would consider to be incorrect permissions. I have attempted to repair permissions pre/post Composer capture, as well as after imaging, to no avail once image is deployed. Any ideas or methods that you use when creating your images with Composer (Operating System package or dmg, Application packaging or dmg) to avoid this issue would be greatly appreciated. Thankyou in advance. -------------------------------- Wil Hutchins IT Manager School of Architecture & Design University Of Tasmania Locked Bag 1-323 Launceston, Tasmania Australia 7250 P 03 6324 4490 M 04 1736 4239 F 03 6324 4477 E Wil.Hutchins at utas.edu.au http://www.utas.edu.au/arch ------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090226/0dc8a304/attachment.html From smith.jonathan at gene.com Thu Feb 26 16:15:48 2009 From: smith.jonathan at gene.com (Jonathan Smith) Date: Thu, 26 Feb 2009 16:15:48 -0800 Subject: [Casper] Deploying .app packages Message-ID: <462d1b830902261615g57ee55b7l5134e2e7e99ab108@mail.gmail.com> Hey All- I received a package from a developer but it was saved as a .app file. Can Casper deploy .app files? Has anyone tried this? Thx jon -- Jonathan H. Smith | Sr. Systems Engineer | Genentech | office: 650-225-4968| mobile: 650-302-6985 | smith.jonathan at gene.com | -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090226/61a02211/attachment.html From ktrampe at basd.k12.wi.us Thu Feb 26 17:13:48 2009 From: ktrampe at basd.k12.wi.us (Kerry Trampe) Date: Thu, 26 Feb 2009 19:13:48 -0600 Subject: [Casper] Deploying .app packages In-Reply-To: <462d1b830902261615g57ee55b7l5134e2e7e99ab108@mail.gmail.com> References: <462d1b830902261615g57ee55b7l5134e2e7e99ab108@mail.gmail.com> Message-ID: <11912BE7-3366-4D19-92EA-EB841E28B5CE@basd.k12.wi.us> Hey Jon, you'll want to use composer to package your app. The new version works pretty swanky. You can just toss the .app file in your /Applications folder and then open Composer, drag it (the .app) into the left pane and then click "Build as DMG". You can do the same thing with the older version, you'll just need to either do a prebuilt package, or actually run the snapshot before putting the .app in place, then put it in place and build the package. *phew!* Hope this helps! Sorry for the brevity, it's been a... day... ;) Have a great night, Kerry On Feb 26, 2009, at 6:15 PM, Jonathan Smith wrote: > Hey All- I received a package from a developer but it was saved as > a .app file. Can Casper deploy .app files? Has anyone tried this? > > Thx > jon > > > -- > Jonathan H. Smith | Sr. Systems Engineer | Genentech | office: > 650-225-4968| mobile: 650-302-6985 | smith.jonathan at gene.com | > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090226/12709d69/attachment.html From aw_aca_bre at nwoca.org Fri Feb 27 04:36:58 2009 From: aw_aca_bre at nwoca.org (Brad Rellinger) Date: Fri, 27 Feb 2009 07:36:58 -0500 Subject: [Casper] Battery Capacity? Message-ID: Hello, 2 Questions: 1) In JSS, for each computer, there is a entry called "Battery Capacity" -- what exactly is this? It shows any where from 98% - 109% 2) Is there anywhere that it collects "Cycle count" for the installed battery? Thanks ---------- Brad Rellinger Technology Specialist Anthony Wayne Schools K-12 aw_aca_bre at nwoca.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/29fb27df/attachment.html From Dustin.Dorey at district196.org Fri Feb 27 05:56:58 2009 From: Dustin.Dorey at district196.org (Dorey, Dustin) Date: Fri, 27 Feb 2009 07:56:58 -0600 Subject: [Casper] Battery Capacity? In-Reply-To: References: Message-ID: I started working on a script to grab that information but haven't had time to get back to it. If you're really interested as far as I got was that you can access system profiler via the command line and you can grep and awk for that information pretty easily that way. I was just trying to work out how I was going to output that data. Might at least give you a place to start. -Dusty- Dustin Dorey Technology Support Cluster Specialist ISD 196 Apple Valley, Eagan, Rosemount dustin.dorey at district196.org 952|423|7971 From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of Brad Rellinger Sent: Friday, February 27, 2009 6:37 AM To: Jamf List Serve Subject: [Casper] Battery Capacity? Hello, 2 Questions: 1) In JSS, for each computer, there is a entry called "Battery Capacity" -- what exactly is this? It shows any where from 98% - 109% 2) Is there anywhere that it collects "Cycle count" for the installed battery? Thanks ---------- Brad Rell div> Technology Specialist Anthony Wayne Schools K-12 aw_aca_bre at nwoca.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/58022175/attachment.html From tlarki at kckps.org Fri Feb 27 06:20:37 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 27 Feb 2009 08:20:37 -0600 Subject: [Casper] Battery Capacity? In-Reply-To: References: Message-ID: <49A7A255.7141.0039.0@kckps.org> I think this should be a feature request for recon. In terminal if you run jamf help recon you get a list of all the recon switches you can run on a machine. There are switches to skip applications and fonts and unix apps and what not, but there is no switch to run hardware report only. If you look at a machine in inventory in the JSS it does in fact list battery capacity. So, I say make it a feature request to use Recon to run such custom reports and then say output it to an HTML file or XML, which it looks like you can already output such things to file but when I played with the command a few minutes ago i was unable to get it to save to my desktop. My syntax was probably wrong but it did not kick off any errors. As for Dustin's suggestion it will work using system_profiler binary from the command line. I can never ever get awk to work right for me so I would either grep it or use sed. I think I was helping an Apple SE write a script for battery capacity last year for a smaller school but I can't recall the outcome of it. ___________________________ Thomas Larkin TIS Department KCKPS USD500 tlarki at kckps.org blackberry: 913-449-7589 office: 913-627-0351 >>> "Dorey, Dustin" 02/27/09 7:56 AM >>> I started working on a script to grab that information but haven?t had time to get back to it. If you?re really interested as far as I got was that you can access system profiler via the command line and you can grep and awk for that information pretty easily that way. I was just trying to work out how I was going to output that data. Might at least give you a place to start. -Dusty- Dustin Dorey Technology Support Cluster Specialist ISD 196 Apple Valley, Eagan, Rosemount dustin.dorey at district196.org 952|423|7971 From: casper-bounces at list.jamfsoftware.com [mailto:casper-bounces at list.jamfsoftware.com] On Behalf Of Brad Rellinger Sent: Friday, February 27, 2009 6:37 AM To: Jamf List Serve Subject: [Casper] Battery Capacity? Hello, 2 Questions: 1) In JSS, for each computer, there is a entry called " Battery Capacity" -- what exactly is this? It shows any where from 98% - 109% 2) Is there anywhere that it collects "Cycle count" for the installed battery? Thanks ---------- Brad Rell div> Technology Specialist Anthony Wayne Schools K-12 aw_aca_bre at nwoca.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/2dfa54fb/attachment.html From miles.leacy at themacadmin.com Fri Feb 27 07:21:39 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Fri, 27 Feb 2009 10:21:39 -0500 Subject: [Casper] Battery Capacity? In-Reply-To: <49A7A255.7141.0039.0@kckps.org> References: <49A7A255.7141.0039.0@kckps.org> Message-ID: This is completely conjecture, and maybe one of the JAMF guys can chime in on this, but I believe that "battery capacity" is the difference between the Apple-advertised full-charge mAh and the current actual full-charge mAh of the battery, expressed as a percentage. I think the feature request would be to add fields for the following to the JSS database: Charge remaining (mAh) Charging [probably not necessary] Full charge capacity (mAh) Cycle count Condition With these data in the database and selectable in an advanced search on inventory, this would solve the need, no? Battery capacity is already a smart group criterion, so you could have a smart group that will notify you when a battery drops below a capacity threshold you're comfortable with. ---------- Miles A. Leacy IV ? Certified System Administrator ? Certified Trainer Certified Casper Administrator ---------- voice: 1-347-277-7321 miles.leacy at themacadmin.com www.themacadmin.com 2009/2/27 Thomas Larkin > I think this should be a feature request for recon. In terminal if you > run jamf help recon you get a list of all the recon switches you can run on > a machine. There are switches to skip applications and fonts and unix apps > and what not, but there is no switch to run hardware report only. If you > look at a machine in inventory in the JSS it does in fact list battery > capacity. > > > So, I say make it a feature request to use Recon to run such custom > reports and then say output it to an HTML file or XML, which it looks like > you can already output such things to file but when I played with the > command a few minutes ago i was unable to get it to save to my desktop. My > syntax was probably wrong but it did not kick off any errors. > > As for Dustin's suggestion it will work using system_profiler binary from > the command line. I can never ever get awk to work right for me so I would > either grep it or use sed. I think I was helping an Apple SE write a script > for battery capacity last year for a smaller school but I can't recall the > outcome of it. > > > > > ___________________________ > Thomas Larkin > TIS Department > KCKPS USD500 > tlarki at kckps.org > blackberry: 913-449-7589 > office: 913-627-0351 > > > > > > >>> "Dorey, Dustin" 02/27/09 7:56 AM >>> > > I started working on a script to grab that information but haven?t had > time to get back to it. If you?re really interested as far as I got was > that you can access system profiler via the command line and you can grep > and awk for that information pretty easily that way. I was just trying to > work out how I was going to output that data. Might at least give you a > place to start. > > -Dusty- > > > > Dustin Dorey > > Technology Support Cluster Specialist > > ISD 196 Apple Valley, Eagan, Rosemount > > dustin.dorey at district196.org > > 952|423|7971 > > > > > > > > From: > > casper-bounces at list.jamfsoftware.com [mailto: > casper-bounces at list.jamfsoftware.com] *On Behalf Of *Brad Rellinger > *Sent:* Friday, February 27, 2009 6:37 AM > *To:* Jamf List Serve > *Subject:* [Casper] Battery Capacity? > > > > Hello, > > > > 2 Questions: > > > > 1) In JSS, for each computer, there is a entry called " > > Battery Capacity" -- what exactly is this? It shows any where from 98% - > 109% > > > > > 2) Is there anywhere that it collects "Cycle count" for the installed > battery? > > > > > Thanks > > > > > ---------- > > Brad Rell div> > > Technology Specialist > > Anthony Wayne Schools K-12 > > aw_aca_bre at nwoca.org > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/6ecd5775/attachment.html From clinton.blackmore at westwind.ab.ca Fri Feb 27 08:55:36 2009 From: clinton.blackmore at westwind.ab.ca (Clinton Blackmore) Date: Fri, 27 Feb 2009 09:55:36 -0700 Subject: [Casper] Trolling the Logs Message-ID: Greetings. Feel free to scroll down to my (somewhat generic) question that comes after a bunch of specific pre-amble. We (still) have an issue where students are unable to authenticate, which does not seem to be tied to which machine they are using or which user they are, and is alleviated when we reboot our open directory master. I learned at a meeting the other day that the problem is much more widespread than I'd imagined. [Incidentally, the promising instructions at http://discussions.apple.com/thread.jspa?messageID=8221483 did not repair our ODM, and we mean to replace it ASAP.] I just found out about the "last" command, which shows how long users log in. An a computer where issues occurred, the output shows: CJHS-eMacLab-15 (192.168.20.75) Leav695 console Wed Feb 25 14:33 - 15:18 (00:44) Leav848 console Wed Feb 25 08:46 - 09:30 (00:44) Sugd358 console Tue Feb 24 09:05 - 09:23 (00:17) reboot ~ Mon Feb 23 13:28 Nels177 console Mon Feb 23 12:56 - crash (00:32) reboot ~ Mon Feb 23 12:54 Nels177 console Mon Feb 23 12:53 - crash (00:01) Zaug139 console Fri Feb 13 10:57 - 12:52 (10+01:54) Smit292 console Fri Feb 13 10:03 - 10:57 (00:53) Russ532 console Fri Feb 13 09:37 - 09:58 (00:21) Gibb964 console Fri Feb 13 08:51 - 09:07 (00:16) Wynd235 console Thu Feb 12 14:35 - 14:54 (00:18) Schm734 console Thu Feb 12 13:42 - 14:29 (00:47) It is obvious that Nels177 could not log in; he is listed as logged in for 1 and 32 seconds, and he rebooted the computer twice. It is worth noting that the computer usage logs in casper show: Computer Usage Logs | Back to top logout Leav695 Wednesday, February 25 2009 at 3:18 PM login Leav695 Wednesday, February 25 2009 at 2:33 PM logout Leav848 Wednesday, February 25 2009 at 9:31 AM login Leav848 Wednesday, February 25 2009 at 8:46 AM logout Sugd358 Tuesday, February 24 2009 at 9:23 AM login Sugd358 Tuesday, February 24 2009 at 9:05 AM startup Monday, February 23 2009 at 1:29 PM login Nels177 Monday, February 23 2009 at 12:56 PM startup Monday, February 23 2009 at 12:55 PM login Nels177 Monday, February 23 2009 at 12:53 PM logout Zaug139 Monday, February 23 2009 at 12:52 PM Interesting. They show that he did log in and that the next action was that the computer restarted. Here I thought Casper missed the event entirely. The Question: I have created a policy to run the "last" command on all of our computers, and it will create a number of logs for each computer (each day). Does anyone have any advice on how to troll through the data? I might be able to go to the policy log page and download every link from it (page after page), either manually (shudder) or with a script (maybe using twill). Alternatively, I have granted myself access to the MySQL database that Casper is using. I have been able to get at snippets of the data in that way. So, does anyone troll their logs for data in ways like this, and if so, do you have any advice to offer (before I spend a fair chunk of time seeing if I can get data into files and grep it or figure out how to do some non-beginner SQL searches on it)? Or is there another method altogether that I should look into? Thank you, Clinton Blackmore This email has been scanned by Barracuda Network's Anti-Virus and Spam Firewall. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/41604291/attachment.html From pbenham at bates.edu Fri Feb 27 10:00:00 2009 From: pbenham at bates.edu (Paul Benham) Date: Fri, 27 Feb 2009 13:00:00 -0500 Subject: [Casper] Sophos AV install question Message-ID: <46F9C714-4CAF-4B0C-A3A5-440EF0739345@bates.edu> Hi, I am in the process of building packages to use with our brand spanking new Casper Suite. I have run into a couple of problems but I'm going to post them one at a time and try and get some feedback on them individually. We use Sophos AV and I have tried using Composer 7 to make both a dmg and a pkg to use with Casper, but have not been able to get a working copy of Sophos out of it. There are two problems, firstly after being installed (either via policy or Casper Remote) the Sophos Updater pops up with an error saying is can't be started (this sometimes takes a couple of minutes to appear after the install). Secondly the Sophos menu item does not appear (this is a check box in the Sophos Preference Pane). I then tried using the vanilla mpkg that Sophos arrives as, but when I try and install that via Casper Remote it fails, and I get this message in the jamf logs: Fri Feb 27 12:37:57 A7388 jamf[1544]: Installing Sophos Anti- Virus.mpkg... Fri Feb 27 12:37:58 A7388 jamf[1544]: Installation failed. The installer reported: installer: Error the package path specified was invalid: '/Library/Application Support/JAMF/Downloads/Sophos Anti- Virus.mpkg'. Finally I went ahead and installed it using Apple ARD, and it worked fine. so...any suggestions on how to get Casper to install Sophos AV successfully? thanks paul _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Paul Benham Desktop Operations Specialist Bates College 110 Russell Street Lewiston, ME 04240 PH: 207-786-6382 pbenham at bates.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/4d2e7178/attachment.html From mark.sampers at district196.org Fri Feb 27 10:12:26 2009 From: mark.sampers at district196.org (Sampers, Mark) Date: Fri, 27 Feb 2009 12:12:26 -0600 Subject: [Casper] Sophos AV install question In-Reply-To: <46F9C714-4CAF-4B0C-A3A5-440EF0739345@bates.edu> Message-ID: Paul, With regards to the ?vanilla? mpkg... We had the same problem at our district. We found that once we had the mpkg loaded in our Casper share, we had to launch the JSS Setup Utility, select File sharing and Fix permissions. Once this was done, the package worked. We then created a follow-up package to create our network settings. Hope this helps, -- Mark Sampers Technology Support Cluster Specialist Independent School District 196 From: Paul Benham Date: Fri, 27 Feb 2009 13:00:00 -0500 To: Casper List Serve JAMF Subject: [Casper] Sophos AV install question Hi, I am in the process of building packages to use with our brand spanking new Casper Suite. I have run into a couple of problems but I'm going to post them one at a time and try and get some feedback on them individually. We use Sophos AV and I have tried using Composer 7 to make both a dmg and a pkg to use with Casper, but have not been able to get a working copy of Sophos out of it. There are two problems, firstly after being installed (either via policy or Casper Remote) the Sophos Updater pops up with an error saying is can't be started (this sometimes takes a couple of minutes to appear after the install). Secondly the Sophos menu item does not appear (this is a check box in the Sophos Preference Pane). I then tried using the vanilla mpkg that Sophos arrives as, but when I try and install that via Casper Remote it fails, and I get this message in the jamf logs: Fri Feb 27 12:37:57 A7388 jamf[1544]: Installing Sophos Anti-Virus.mpkg... Fri Feb 27 12:37:58 A7388 jamf[1544]: Installation failed. The installer reported: installer: Error the package path specified was invalid: '/Library/Application Support/JAMF/Downloads/Sophos Anti-Virus.mpkg'. Finally I went ahead and installed it using Apple ARD, and it worked fine. so...any suggestions on how to get Casper to install Sophos AV successfully? thanks paul _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Paul Benham Desktop Operations Specialist Bates College 110 Russell Street Lewiston, ME 04240 PH: 207-786-6382 pbenham at bates.edu _______________________________________________ Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/dfa5119d/attachment.html From cmyers at uclan.ac.uk Fri Feb 27 10:23:00 2009 From: cmyers at uclan.ac.uk (Criss Myers) Date: Fri, 27 Feb 2009 18:23:00 +0000 Subject: [Casper] Sophos AV install question In-Reply-To: References: Message-ID: <7BCE4F3A-214F-4991-A3C8-93B60E71E028@uclan.ac.uk> I was just gonna suggest permissions , I always check permissions in server admin for the Casper share everytime I upload a package. Also propergate the permissions into the mpkg as that might make it fail. If the sub packages have incorrect permissions On 27 Feb 2009, at 18:12, "Sampers, Mark" wrote: > Paul, > > With regards to the ?vanilla? mpkg... > > We had the same problem at our district. We found that once we had > the mpkg loaded in our Casper share, we had to launch the JSS Setup > Utility, select File sharing and Fix permissions. Once this was > done, the package worked. We then created a follow-up package to > create our network settings. > > Hope this helps, > > -- > Mark Sampers > Technology Support Cluster Specialist > Independent School District 196 > > From: Paul Benham > Date: Fri, 27 Feb 2009 13:00:00 -0500 > To: Casper List Serve JAMF > Subject: [Casper] Sophos AV install question > > Hi, > > I am in the process of building packages to use with our brand > spanking new Casper Suite. I have run into a couple of problems but > I'm going to post them one at a time and try and get some feedback > on them individually. > We use Sophos AV and I have tried using Composer 7 to make both a > dmg and a pkg to use with Casper, but have not been able to get a > working copy of Sophos out of it. There are two problems, firstly > after being installed (either via policy or Casper Remote) the > Sophos Updater pops up with an error saying is can't be started > (this sometimes takes a couple of minutes to appear after the > install). Secondly the Sophos menu item does not appear (this is a > check box in the Sophos Preference Pane). > I then tried using the vanilla mpkg that Sophos arrives as, but when > I try and install that via Casper Remote it fails, and I get this > message in the jamf logs: > > Fri Feb 27 12:37:57 A7388 jamf[1544]: Installing Sophos Anti- > Virus.mpkg... > Fri Feb 27 12:37:58 A7388 jamf[1544]: Installation failed. The > installer reported: installer: Error the package path specified was > invalid: '/Library/Application Support/JAMF/Downloads/Sophos Anti- > Virus.mpkg'. > > > Finally I went ahead and installed it using Apple ARD, and it worked > fine. > > so...any suggestions on how to get Casper to install Sophos AV > successfully? > > thanks > > paul > > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > Paul Benham > Desktop Operations Specialist > Bates College > 110 Russell Street > Lewiston, ME 04240 > PH: 207-786-6382 > pbenham at bates.edu > > > > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper > _______________________________________________ > Casper mailing list > Casper at list.jamfsoftware.com > http://list.jamfsoftware.com/mailman/listinfo/casper -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/526f5ea4/attachment.htm From sjhinding at isd194.k12.mn.us Fri Feb 27 10:01:43 2009 From: sjhinding at isd194.k12.mn.us (Sandy J. Hinding) Date: Fri, 27 Feb 2009 12:01:43 -0600 Subject: [Casper] possible to image with no JSS? In-Reply-To: References: Message-ID: re: possible to image with no JSS? I have synced a FW drive using Casper Admin: drag the drive into the Left Pane>Right Click the drive>sync it to the JSS On same FW, I have boot partition(s) I have the boot partition(s) auto-login to root and open Casper v 5.13 (known bug in Casper Imaging-on fix list) Put Casper 5.13 in the Casper partition in the "Casper Data" folder with the data.xml file This allows me to image offsite, and provides an extra disaster recovery source as well... Sandy casper at list.jamfsoftware.com on February 23, 2009 at 2:00 PM -0600 wrote: >possible to image with no JSS? (Thomas Larkin) I think this has been covered before, but is there a way to netboot and image with out the server being able to connect to the JSS? Just curious... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/629324fa/attachment.htm From tlarki at kckps.org Fri Feb 27 11:34:12 2009 From: tlarki at kckps.org (Thomas Larkin) Date: Fri, 27 Feb 2009 13:34:12 -0600 Subject: [Casper] possible to image with no JSS? In-Reply-To: References: Message-ID: <49A7EBD4.7141.0039.0@kckps.org> Sandy Thanks you rock ?xml version="1.0" encoding="ISO-8859-1"?> >>> "Sandy J. Hinding" 02/27/09 12:01 PM >>> re: possible to image with no JSS? > I have synced a FW drive using Casper Admin: drag the drive into the Left Pane>Right Click the drive>sync it to the JSS > On same FW, I have boot partition(s) I have the boot partition(s) auto-login to root and open Casper v 5.13 (known bug in Casper Imaging-on fix list) Put Casper 5.13 in the Casper partition in the "Casper Data" folder with the data.xml file > This allows me to image offsite, and provides an extra disaster recovery source as well... > Sandy > > casper at list.jamfsoftware.com on February 23, 2009 at 2:00 PM -0600 wrote: possible to image with no JSS? (Thomas Larkin) I think this has been covered before, but is there a way to netboot and image with out the server being able to connect to the JSS? Just curious... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/79ce81d2/attachment.html From sjhinding at isd194.k12.mn.us Fri Feb 27 12:03:52 2009 From: sjhinding at isd194.k12.mn.us (Sandy J. Hinding) Date: Fri, 27 Feb 2009 14:03:52 -0600 Subject: [Casper] Adobe Photoshop Elements 6 In-Reply-To: References: Message-ID: Hi Peter, Haven't worked on this in awhile, but as I recall, previous to CS3, (so maybe Elements too?) , if you installed Adobe products, you needed to create a registration DB file that included ALL your Adobe serial numbers, and then include that in an "AdobeRequired" package, which had to be installed along with all adobe applications. Otherwise, this file would be wiritten over by each Adobe app package and only the last one installed would work. FIle location: /Library/Application Support/Adobe/Adobe Registration Database Run Composer Install all your Adobe apps on one machine Use the pre-built feature to break out ea application into its own installer, and then leave all the rest for the "AdobeRequired" installer. (This would be the same method to break out ILife into separate Application Packages) Begining with CS3, I think that since you are running that from the mounted image, it injects that serial # into wherever(not same filename) as if you were sitting there with the disks I hope this is helpful... Sandy casper at list.jamfsoftware.com on February 25, 2009 at 2:00 PM -0600 wrote: >Hey Casper listers... > >I am new to Casper (we just bought and installed a couple weeks ago) >and I am having difficulty with Photoshop Elements. > >If I use the "Adobe" method in Casper Admin, I add the dmg and go to >the 'options tab' and select "this is an Adobe..." it scans and says >"This image does not appear to be a valid Adobe Installer Image or >Adobe Updater." > >When I tried using Composer and using the snapshot method, it all >seems to work until I deploy to test and launch. the message at launch >is. "Licensing for this product has stopped working.... ...please >reinstall or call your IT Administrator.." > >Does anyone on the list have any experience with Photoshop Elements? > >Thanks. > > > >Peter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/d2104d62/attachment.html From miles.leacy at themacadmin.com Fri Feb 27 12:37:07 2009 From: miles.leacy at themacadmin.com (Miles Leacy) Date: Fri, 27 Feb 2009 15:37:07 -0500 Subject: [Casper] Trolling the Logs In-Reply-To: References: Message-ID: 2009/2/27 Clinton Blackmore > I have created a policy to run the "last" command on all of our computers, > and it will create a number of logs for each computer (each day). Does > anyone have any advice on how to troll through the data? > My question to you is "What's your goal?" We can do a lot of stuff with just about any data. In order to do something useful, we need to define what it is that we want. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/cf9b92a7/attachment.html From ERNSTCS at uwec.edu Fri Feb 27 12:53:27 2009 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Fri, 27 Feb 2009 14:53:27 -0600 Subject: [Casper] Sophos AV install question In-Reply-To: <46F9C714-4CAF-4B0C-A3A5-440EF0739345@bates.edu> Message-ID: The other guys nailed this already with the permissions thing. The other thing is I don't think their installer is agreeable with changing the name of the mpkg at all, but you haven't. Their uninstall pkg inside the installed application is handy as well. I also never had it working to install Sophos at the time of imaging using Casper Imaging so it deploys with a policy once the system is up in running normally after imaging. Craig E On 2/27/09 12:00 PM, "Paul Benham" wrote: Hi, I am in the process of building packages to use with our brand spanking new Casper Suite. I have run into a couple of problems but I'm going to post them one at a time and try and get some feedback on them individually. We use Sophos AV and I have tried using Composer 7 to make both a dmg and a pkg to use with Casper, but have not been able to get a working copy of Sophos out of it. There are two problems, firstly after being installed (either via policy or Casper Remote) the Sophos Updater pops up with an error saying is can't be started (this sometimes takes a couple of minutes to appear after the install). Secondly the Sophos menu item does not appear (this is a check box in the Sophos Preference Pane). I then tried using the vanilla mpkg that Sophos arrives as, but when I try and install that via Casper Remote it fails, and I get this message in the jamf logs: Fri Feb 27 12:37:57 A7388 jamf[1544]: Installing Sophos Anti-Virus.mpkg... Fri Feb 27 12:37:58 A7388 jamf[1544]: Installation failed. The installer reported: installer: Error the package path specified was invalid: '/Library/Application Support/JAMF/Downloads/Sophos Anti-Virus.mpkg'. Finally I went ahead and installed it using Apple ARD, and it worked fine. so...any suggestions on how to get Casper to install Sophos AV successfully? thanks paul _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Paul Benham Desktop Operations Specialist Bates College 110 Russell Street Lewiston, ME 04240 PH: 207-786-6382 pbenham at bates.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/7755be51/attachment.html From erin.johnson at jamfsoftware.com Fri Feb 27 13:35:44 2009 From: erin.johnson at jamfsoftware.com (Erin Johnson) Date: Fri, 27 Feb 2009 13:35:44 -0800 Subject: [Casper] Battery Capacity? Message-ID: Hello everyone! I saw this thread and I thought I would drop in on it. A few weeks ago I wrote a few scripts, one set that reports battery cycle count and the another that reports the battery charge capacity. The two sets are as follows: BattCyclesRcpt.sh & BattCapRcpt.sh These two scripts create dummy receipts in the form of: Battery.CycleCount.x Battery.ChargeCapacity.y Where where x is the Battery's cycle count, and where y is the battery's charge capacity. The down side to using receipts is that x and y are going to be variable therefore there will be no way to efficiently search or scope policies to these values. BattCyclesRecon.sh & BattCapRecon.sh These two scripts set a recon field to an appropriate value. The following available fields can be set: -realname The Real Name of the primary user -email The email address of the primary user -position The Position (Job Title) of the primary user -building The text representation of a Building in the JSS -department The text representation of a Department in the JSS -phone The Phone number of the primary user -room The Room that the computer is in Instructions on how to specify which recon fields the battery data is stored in are within the headers of the scripts. As for searching, depending upon the field you use, you will be able to do a bit more compared to the first set; however, you will not be able to perform a range search. Now, for the expected disclaimer: these scripts, while they may make it to the Resource Kit at some point, are explicitly NOT supported. Use at your own risk, and all. :) Hope that helps! Erin Johnson Support Specialist erin.johnson at jamfsoftware.com .................................................................... JAMF Software 1011 Washington Ave. S Suite 350 Minneapolis, MN 55415 .................................................................... Office: (612) 605-6625 Facsimile: (612) 332-9054 .................................................................... US Support: (612) 216-1296 .................................................................... http://www.jamfsoftware.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/a59e5700/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: BatteryScripts.zip Type: application/octet-stream Size: 5729 bytes Desc: BatteryScripts.zip Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/a59e5700/attachment.obj From jared.nichols at ll.mit.edu Fri Feb 27 18:24:47 2009 From: jared.nichols at ll.mit.edu (Nichols, Jared) Date: Fri, 27 Feb 2009 21:24:47 -0500 Subject: [Casper] Running script as current user Message-ID: Hi- Is there a way to run a script as the currently logged in user instead of root? What I want to do is have the software update background check run, do the auto download and then prompt the user that updates are ready for install. I can do this with a script that runs: cd /System/Library/CoreServices/Software\ Update.app/Contents/Resources/ ./SoftwareUpdateCheck But, only if you run it as the logged in user. If you run it as root with the agent (or just a sudo on the command line) it's no different than just popping up Software Update and watching it scan for updates. I know it's a minor difference, but I like attention to detail :) I thought about using sed to pull the current user name from the output of ls -l /dev/console And then assigning that to a variable and using sudo -u but I'm not a sed wiz. Is this the right approach or is there a better way? --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/95de08ac/attachment.htm From ERNSTCS at uwec.edu Fri Feb 27 18:36:35 2009 From: ERNSTCS at uwec.edu (Ernst, Craig S.) Date: Fri, 27 Feb 2009 20:36:35 -0600 Subject: [Casper] Running script as current user In-Reply-To: References: Message-ID: I would check the displayMessage verb for the jamf binary. In your script you do a command: /usr/sbin/jamf displayMessage -message 'There are Apple updates available for you to install'. This will bring up a dialog window with an OK button to clear for the currently logged on user. For future reference if you have a script that you will run using the jamf binary with Casper Remote, a policy, etc. if you use $3 I believe that gives you the username of the currently logged on user. Wonder if that helps out your issue? Craig Ernst Systems Management and Configuration +-------------------+ University of Wisconsin-Eau Claire Learning and Technology Services 105 Garfield Ave Eau Claire, WI 54701 Phone: (715) 836-3639 Fax: (715) 836-6001 +-------------------+ ernstcs at uwec.edu ________________________________________ From: casper-bounces at list.jamfsoftware.com [casper-bounces at list.jamfsoftware.com] On Behalf Of Nichols, Jared [jared.nichols at ll.mit.edu] Sent: Friday, February 27, 2009 8:24 PM To: Casper List Subject: [Casper] Running script as current user Hi- Is there a way to run a script as the currently logged in user instead of root? What I want to do is have the software update background check run, do the auto download and then prompt the user that updates are ready for install. I can do this with a script that runs: cd /System/Library/CoreServices/Software\ Update.app/Contents/Resources/ ./SoftwareUpdateCheck But, only if you run it as the logged in user. If you run it as root with the agent (or just a sudo on the command line) it?s no different than just popping up Software Update and watching it scan for updates. I know it?s a minor difference, but I like attention to detail :) I thought about using sed to pull the current user name from the output of ls -l /dev/console And then assigning that to a variable and using sudo ?u but I?m not a sed wiz. Is this the right approach or is there a better way? --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 From jared.nichols at ll.mit.edu Fri Feb 27 18:47:09 2009 From: jared.nichols at ll.mit.edu (Nichols, Jared) Date: Fri, 27 Feb 2009 21:47:09 -0500 Subject: [Casper] Running script as current user In-Reply-To: Message-ID: Hi- Just figured it out. Using cut instead of sed was the key. Here's the script. Feel free to recycle (attached too) #!/bin/sh ################################################################################################ ##### Filename: backgroundswupd.sh ##### ##### Author: Jared F. Nichols ##### ##### Purpose: Trigger the background process to check for and download software updates ##### ##### as the currently logged in user ##### ################################################################################################ ## Set a variable that takes the output of the current console owner and cut the result down user=`ls -l /dev/console | cut -d " " -f 4` ## Run the background software check as the user. cd /System/Library/CoreServices/Software\ Update.app/Contents/Resources/ sudo -u $user ./SoftwareUpdateCheck exit 0 On 2/27/09 21:36 , "Ernst, Craig S." wrote: I would check the displayMessage verb for the jamf binary. In your script you do a command: /usr/sbin/jamf displayMessage -message 'There are Apple updates available for you to install'. This will bring up a dialog window with an OK button to clear for the currently logged on user. For future reference if you have a script that you will run using the jamf binary with Casper Remote, a policy, etc. if you use $3 I believe that gives you the username of the currently logged on user. Wonder if that helps out your issue? Craig Ernst Systems Management and Configuration +-------------------+ University of Wisconsin-Eau Claire Learning and Technology Services 105 Garfield Ave Eau Claire, WI 54701 Phone: (715) 836-3639 Fax: (715) 836-6001 +-------------------+ ernstcs at uwec.edu ________________________________________ From: casper-bounces at list.jamfsoftware.com [casper-bounces at list.jamfsoftware.com] On Behalf Of Nichols, Jared [jared.nichols at ll.mit.edu] Sent: Friday, February 27, 2009 8:24 PM To: Casper List Subject: [Casper] Running script as current user Hi- Is there a way to run a script as the currently logged in user instead of root? What I want to do is have the software update background check run, do the auto download and then prompt the user that updates are ready for install. I can do this with a script that runs: cd /System/Library/CoreServices/Software\ Update.app/Contents/Resources/ ./SoftwareUpdateCheck But, only if you run it as the logged in user. If you run it as root with the agent (or just a sudo on the command line) it's no different than just popping up Software Update and watching it scan for updates. I know it's a minor difference, but I like attention to detail :) I thought about using sed to pull the current user name from the output of ls -l /dev/console And then assigning that to a variable and using sudo -u but I'm not a sed wiz. Is this the right approach or is there a better way? --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 --- Jared F. Nichols Desktop Engineer, Infrastructure and Operations Information Services Department MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts 02420 781.981.5436 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/41ba085e/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: backgroundswupd.sh.zip Type: application/octet-stream Size: 853 bytes Desc: backgroundswupd.sh.zip Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20090227/41ba085e/attachment.obj