Archive

Author Archive

Session videos available from Penn State MacAdmins Conference 2014

July 22, 2014 Leave a comment

The good folks at Penn State have posted the session videos from the Penn State MacAdmins Conference 2013. The sessions slides and videos are all accessible from the Penn State MacAdmins’ Resources page at the link below:

http://macadmins.psu.edu/conference/resources/

As all the session videos have been posted to YouTube, I’ve linked my FileVault 2 session here:

The Extending OS X Management Systems with Scripting session I co-hosted with Jeremy Reichman is linked here:

Firefox 31 allows access on non-Windows platforms to Sharepoint and IIS sites using HTTPS

July 22, 2014 1 comment

As part of Firefox 31’s release, Mozilla made a change to enable support for NT LAN Manager version 1 (NTLMv1) network authentication when connecting to sites that are using HTTPS to allow encrypted communication via SSL between Firefox 31 and the website in question. This is to address the change made in Firefox 30, which disabled support for NT LAN Manager version 1 (NTLMv1) network authentication for sites using either HTTP and HTTPS.

NTLMv1 authentication to sites using HTTP is still disabled by default. For more information on why HTTPS is now enabled while HTTP remains disabled, this Mozilla bug report discusses the issue.

A way to tell if the NTLMv1-using site you’re trying to access is using HTTP or HTTPS is to check the connection address. If it begins with https://, you should be OK. If it begins with http:// , Firefox 31 will still block NTLMv1 authentication.

If you need to enable NTLMv1 authentication for an HTTP site that uses NTLMv1 authentication, Mozilla has provided a workaround to non-Windows users of Firefox, in the form of a setting that can be toggled to allow NTLMv1 authentication. This workaround should allow Mac and Linux users to continue using NTLMv1 authentication on HTTP sites, which will allow access again to SharePoint-based or IIS-backed web applications. For those folks who need it, I have the workaround documented here.

Interviewed on Command-Control-power

July 21, 2014 Leave a comment

I was interviewed on Tuesday, July 15, 2014 by the good folks behind Command-Control-power. I had a lot of fun doing it and they’ve now posted the interview at the following link:

http://commandcontrolpower.com/podcast/2014/7/20/059-interview-with-rich-trouton

Here’s links to the people, conferences and most of the tools that came up during the interview:

People

Tom Bridge – http://bits.tombridge.com

Graham Gilbert – http://grahamgilbert.com

Ed Marczak – http://www.radiotope.com

Conferences

Penn State MacAdmins – http://macadmins.psu.edu

MacSysAdmin – https://macsysadmin.se

MacTech Conference – http://www.mactech.com/conference/

WWDC – https://developer.apple.com/wwdc/

Tools

FileVault 2 – http://support.apple.com/kb/ht4790

fdesetup – https://developer.apple.com/library/Mac/documentation/Darwin/Reference/ManPages/man8/fdesetup.8.html

AutoPkg – https://github.com/autopkg/autopkg

Casper – http://www.jamfsoftware.com/products/casper-suite/

Munki – http://code.google.com/p/munki/

Hardware Encrypted External Drives
Ironkey – http://www.ironkey.com

Categories: Interviews

AutoPkgr – A GUI for AutoPkg

July 15, 2014 6 comments

The Linde Group has released a new tool on Github: AutoPkgr, a GUI interface for AutoPkg. In my working with the initial release today, I’ve been impressed with the problems it solves for Mac admins who want to get started using AutoPkg but aren’t sure where to begin.

AutoPkgr_small

To use AutoPkgr, you will need to have the following pre-requisites:

1. OS X 10.9.x

2. Xcode and/or the Xcode Command Line Tools installed

3. Acceptance of the Xcode license agreement.

4. A logged-in user to run the AutoPkgr application in. This user can be a standard user or have admin rights.

Once the prerequisites have been met, see below the jump for details on installation and configuration.

Read more…

Penn State MacAdmins 2014 presentations on a per-tweet basis

July 13, 2014 Leave a comment

Penn State MacAdmins 2014′s communication lines ran in a number of directions, with few more important than Twitter. Thanks to Michael Lynn capturing presentation links from Twitter, links to most of the presentations can be accessed below the jump. These presentations can also be accessed via AFP548.

Read more…

Slides from the “Extending OS X Management Systems with Scripting” Session at Penn State MacAdmins 2014

July 12, 2014 Leave a comment

PSUMacAdmins2014TheSession01

For those who wanted a copy, click on the link below for the Extending OS X Management Systems with Scripting slides in PDF format.

PDF: http://tinyurl.com/PSUMac2014ExtendScriptPDF

Slides from the FileVault 2 Session at Penn State MacAdmins 2014

July 10, 2014 Leave a comment

For those who wanted a copy of my FileVault 2 talk at Penn State MacAdmins, here are links to the slides in PDF and Keynote format.

PDF: http://tinyurl.com/PSUMac2014PDF

Keynote slides: http://tinyurl.com/PSUMac2014key

Referencing a FileVault 2 institutional recovery key as part of an fdesetup plist file in Mavericks

July 5, 2014 Leave a comment

As part of the man page for fdesetup, Apple provides a sample plist file as a guide for those who want to import authentication credentials as part of running commands with fdesetup.

Screen Shot 2014-07-04 at 9.14.18 PM

As part of the plist, there are two plist keys that reference using a keychain which contains the private key for an institutional recovery key:

KeychainPath

KeychainPassword

For KeychainPath, you will need to provide the file path to the keychain as the plist value. For KeychainPath, you will need to provide the password that unlocks that keychain.

For example, if you put the keychain file into the /tmp directory, you would reference /tmp/filename.keychain as the KeychainPath plist value. If the password to unlock that keychain is seKritPassword, you would reference seKritPassword as the KeychainPassword plist value.

Screen Shot 2014-07-04 at 9.11.03 PM

One particular thing to note is that the KeychainPath entry on the fdesetup man page references that this works with certain fdesetup commands, but does not specify which commands are applicable.

Screen Shot 2014-07-04 at 9.15.46 PM

As of OS X 10.9.4, it appears that you can leverage the KeychainPath and KeychainPassword plist keys with the following two fdesetup commands.

fdesetup changerecovery

Screen Shot 2014-07-04 at 8.52.33 PM


Screen Shot 2014-07-04 at 8.39.27 PM


fdesetup removerecovery

Screen Shot 2014-07-04 at 8.53.18 PM

Screen Shot 2014-07-04 at 8.57.12 PM

If using the current institutional key to authenticate, the plist should look like this.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeychainPath</key>
<string>/path/to/filename.keychain</string>
<key>KeychainPassword</key>
<string>password</string>
</dict>
</plist>

Screen Shot 2014-07-04 at 8.44.02 PM

If you are using the current institutional key to authenticate a change to a new institutional recovery key, you can also embed the public key of the new institutional recovery key in the plist. In that case, the plist will look like this.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeychainPath</key>
<string>/path/to/filename.keychain</string>
<key>KeychainPassword</key>
<string>password</string>
<key>Certificate</key>
<data>
(Certificate data goes here.)
</data>
</dict>
</plist>

Screen Shot 2014-07-04 at 8.43.14 PM

VMware Fusion Technology Preview July 2014 includes ESXi management options

July 4, 2014 Leave a comment

VMware has released the VMware Fusion Technology Preview July 2014 as of Jul 3, 2014. One of the new items included in the Features list was this one:

Support for viewing VMware Fusion Professional to VMware Workstation, VMware ESXi, VMware vSphere servers in the library (File > Connect to Server)

When I investigated, it looks like this feature brings to VMware Fusion something that’s been in VMware Workstation for a while: a way to manage free ESXi and paid vSphere servers.

For more details, see below the jump.

Read more…

Upgrading from Casper 8.73 to 9.32

June 28, 2014 4 comments

Since Casper 9.x was first released, I’ve been preparing for my shop’s own upgrade from Casper 8.x to 9.x. As of the morning of Saturday, June 28th, those preparations have ended with my shop’s successful upgrade to Casper 9.32. When I mentioned this on Twitter, I heard from a few folks who mentioned that they were planning to also do this in the near future and @theycallmebauer asked if I was going to post about my experience.

Screen Shot 2014-06-28 at 3.48.47 PM

I thought that was a good idea, so please see below the jump for the details.

Read more…

Follow

Get every new post delivered to your Inbox.

Join 143 other followers

%d bloggers like this: