Archive

Archive for March, 2012

Diagnosing AD binding problems from the command line

March 29, 2012 6 comments

Every so often, a user may call the help desk to report that they can’t log into their Mac using their Active Directory account’s username and password. Here’s a way to diagnose remotely if their workstation is having an AD problem and needs to be re-bound.

1. Use SSH to remotely connect to the Mac in question: ssh administrator@workstation-name.domain.org

This message may appear if it’s the first time connecting from your workstation to the remote Mac:

The authenticity of host ‘workstation-name.domain.org (ip.address.here)’ can’t be established.

RSA key fingerprint is 47:15:1f:e0:b1:dc:05:25:2c:cf:ae:aa:8c:ac:83:c3.

Are you sure you want to continue connecting (yes/no)?

Enter yes when prompted and hit Return.

Read more…

Apple installer package certificate expiration

March 24, 2012 3 comments

On Friday, March 23rd at 1:26 PM Eastern Daylight Time, the certificate that Apple embedded in various Apple software installers expired.

Screen Shot 2012-03-24 at 1.48.34 PM

If you’re using Installer.app in Mac OS X’s GUI, you’ll get a warning about the certificate being invalid and asked if you want to install it anyway.

Screen Shot 2012-03-24 at 1.48.30 PM

However, the command line installer tool does not have the option of “certificate invalid, install anyway.” Instead, installations run with the installer tool will fail. This affects any systems management tool that uses Apple’s installer tool via the command line to install packages.

At this time, the best recommendation I have is to download new copies of the various Apple-provided installers that you need for your workflow. The new installers should include a new certificate that’s good until 2019.

Screen Shot 2012-03-24 at 1.46.24 PM

One installer in particular that you may want to re-download is the 10.7.3 installer from the Mac App Store, as the installer has a RemoteDesktop.pkg installer included that may have an expired certificate. Re-downloading the 10.7.3 installer from the MAS after Friday, March 23rd will give you a 10.7.3 installer that works properly.

Update: Greg Neagle’s checkPackageSignatures and flatpkgfixer scripts are extremely helpful here. checkPackageSignatures will help you find expired certificates in your packages and disk images. flatpkgfixer will help you with any software you can’t re-download by removing package signing either from single flat packages or from disk images that contain packages.

Backing up Der Flounder

March 19, 2012 Leave a comment

I’m very fortunate that WordPress.com’s hosting has provided me with a free way to blog without having to worry about anything besides “Is it up?” However, along with the question “Is it up?”, there’s the possibility that the answer someday may be “No”. The usual answer to this problem is “Set up an automated backup”, but I had the following technical issues to deal with:

  • Backups can only be made manually via the admin console
  • Backups made via the admin console would not include the hosted media (images, videos, etc)
  • Media is linked at a separate address
  • I do not have shell access to the server(s) hosting the blog (which would allow me to set up a normal WordPress backup)

Fortunately, there’s a relatively straightforward solution: mirror the site to a local backup using HTTrack. See below the jump for the details.

Read more…

Changing Font Sizes in Outlook 2011

March 16, 2012 2 comments

We’ve gotten in a couple of calls from our users asking how to set their fonts to be larger. So that other folks know, here’s how you do it:

Changing the default font for outgoing messages in Outlook 2011

1. Go to the Outlook menu and select Preferences

2. In the Outlook Preferences window, open Fonts


Screen shot 2012-03-16 at 10.33.59 AM

3. Change the font and font size to what’s desired, then close the Fonts window to save the changes

Screen shot 2012-03-16 at 10.34.07 AM

Changing the font size for incoming messages in Outlook 2011

To change the font size in the Reading Pane or while you are viewing a message:

1. Go to the Format menu in Outlook

2. Select Increase Font Size or Decrease Font Size


Screen shot 2012-03-16 at 10.38.48 AM

Categories: Office 2011

Interactive local user – LDAP mobile account migration script

March 16, 2012 Leave a comment

I’ve posted a new script (adapted from the original by Patrick Gallagher) that’s designed to help folks migrate from local user accounts to a non-syncing LDAP mobile user account.

The script currently supports 10.6.x and 10.7.x. If you need this for your own shop, feel free to download a copy.

Direct link to script and README:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/migrate_local_user_to_LDAP_mobile_account

Interactive FileVault 2 initialization script

March 13, 2012 2 comments

I’ve written an interactive script that uses the Cauliflower Vest csfde tool as a standalone utility to enable FileVault 2 encryption on your boot volume. The script will ask some questions, then uses that information to initialize the encryption and enable the user account specified.

The script is available here on my GitHub repo.

csfde

The script is expecting the csfde tool to be installed in /usr/local/bin. Install the csfde tool there before running the script.

If the script detects that csfde is not present in /usr/local/bin, it will stop and not run.

Recovery Key

If you are using a managed recovery key (i.e. a properly configured FileVaultMaster.keychain in /LibraryKeychains) – the script will report that fact and not output a machine-generated recovery key.

If you are not using a managed recovery key – the script will output a machine-generated recovery key that is individual to this specific Mac and display it to the user.

If you are using a improperly configured managed recovery key – the script will output a machine-generated recovery key that is individual to this specific Mac and display it to the user.

VERY IMPORTANT: The machine-generated individual recovery key is not saved anywhere outside the machine. Make a record of it or you will have no recovery key to help unlock your Mac’s encryption if there’s a problem.

The script will request a restart and then report [Process Completed] once it has completed initializing the FileVault 2 encryption process and reported on the recovery key. Once you’ve made a record of the recovery key (if needed), It is safe at that point to close the Terminal window and reboot your Mac.

Digital signage using the Apple TV

March 11, 2012 23 comments

Recently at work, I was given an interesting assignment: “Figure out a way to build an inexpensive solution for 30 large displays to display individual content.”

The requirements included the following:

1. Solution needed to be able to display multiple presentations (think PowerPoint and Keynote slides)

2. Solution needed to be able to loop the multiple presentations in a pre-determined order

3. Solution needed to be cheaper than the other solutions under consideration

4. Solution preferably would be automated, with as little human intervention needed as possible

After evaluating a number of options, I came up with an all-Apple solution that cost under $5000. See below the jump for details.

Read more…

Categories: Mac administration

“Setting Warning Banners in Lion” and “Encrypting Beyond the Boot Drive” in MacTech’s March 2012 issue

March 10, 2012 Leave a comment

I’ve got two articles in the March 2012 issue of MacTech: Setting Warning Banners in Lion and Encrypting Beyond the Boot Drive.

Setting Warning Banners in Lion discusses the login banner options available in Lion and how they can be applied towards meeting the warning banner requirements your workplace may be mandating.

Encrypting Beyond the Boot Drive is a nuts-and-bolts article about encrypting non-boot volumes with FileVault 2′s encryption, to make sure that your data is protected no matter where it’s stored.

Categories: MacTech

Updated Kace KBox 1000 agent uninstaller now available

March 7, 2012 Leave a comment

My shop upgraded to Dell Kace KBox 1000 5.3.x recently, so I’ve had to update my uninstaller script to uninstall the new 5.3 agent as well as the older 5.1 agent.

I’ve posted the new script here on my GitHub repo, and I’ve also updated my previous post to include the script changes.

Categories: Mac administration

Using VLC to convert unplayable Quicktime movies

March 7, 2012 2 comments

We received an unusual ticket this morning. One of our users had a Quicktime movie file that was playing fine on his 10.4.11 Mac, but was not in the PowerPoint he was creating in his new MacBook Air running Lion.

On investigation, the problem looked clear. The Quicktime movie was using the Quicktime 7 XVid codec. While the codec was still working with Quicktime 7 on Lion, PowerPoint was tapping into Quicktime X, which refused to work with the codec. Meanwhile, efforts to export it from Quicktime 7 were failing. At that point, I remembered that VLC could play XVid-encoded movies. Could it export them too? It turned out that VLC could. See below the jump for the details.

Read more…

Categories: Mac administration
Follow

Get every new post delivered to your Inbox.

Join 143 other followers

%d bloggers like this: