Generating printer configurations using payload-free_package_printer_generator.sh
As part of a recent discussion, a colleague posted in the MacAdmins Slack that they needed to deploy printers as part of a DeployStudio workflow. DeployStudio doesn’t natively include this functionality, so that meant developing a way to deploy the desired printers to the appropriate Macs via one of the following methods:
- Using a script
- Using a management profile
As part of the conversation, I pointed to Nick McSpadden‘s PrinterGenerator tool:
https://github.com/nmcspadden/PrinterGenerator
Nick’s tool is designed to create printer configurations for deployment via Munki. However, my colleague wasn’t using Munki in this case and didn’t plan to deploy it. So even though there was a tool that could have solved the problem, adapting it to work for my DeployStudio-using colleague’s needs was going to take some time and effort.
The discussion got me started thinking about the problem of printer deployments and ways to solve it that could work for the vast majority of deployment solutions. After some research and testing, I’ve developed a solution that may work for most deployment needs. For more details, see below the jump.
Slides from the “Storing our digital lives: Mac filesystems from MFS to APFS” session at Penn State MacAdmins Conference 2017
For those who wanted a copy of my filesystem talk at the Penn State MacAdmins Conference 2017 conference, here are links to the slides in PDF and Keynote format.
PDF – http://tinyurl.com/psumac2017pdf
Keynote – http://tinyurl.com/psumac2017key
Using Brisk to file bug reports with Apple
As part of preparing for macOS High Sierra, I need to file bug reports to report problems that I’m finding with the beta releases. As part of this, I’ve started using a tool named Brisk. It helps streamline the process by filing bug reports via a native app on my Mac, rather than having to go through this process:
- Open a web browser.
- Go through the process of signing into bugreport.apple.com
- File a bug report Apple’s bug reporting web interface
Brisk also makes it easy to cross-post the submission of a bug report to OpenRadar. Since bugreport.apple.com is not publicly searchable and only allows developers to see their own bugs, OpenRadar is a way for developers to share their own bug reports and keep both themselves and their colleagues up-to-date on the status of various bugs filed with Apple. For more details, see below the jump.
Enabling least-privilege screensharing using Apple’s Remote Desktop Client and Screen Sharing.app
In a number of Mac-using environments, there is often a need for IT staff to remotely connect to a Mac’s screen using Apple’s Remote Desktop application and work with the person on the other end to resolve a problem. However, there can be several technical and human-centric issues with enabling remote assistance:
- Authentication – To enable access using a username and password, that user account must be granted access rights by belonging to a group or by explicitly granting rights to a local account.
- Password rotation – If you’re enabling screensharing via granting access to a local account, the security requirements in most environments mandate that those passwords be changed on a regular basis. However, securely changing the account password on multiple remote Macs can be a management challenge on its own.
- Access privileges – A lot of folks don’t like the idea that someone they don’t know can take over access to their keyboards and screens without the remote customer saying it’s OK for them to do so. Frankly, I’ve been on both sides of this fence and I don’t like it either.
However, there is a way to enable screen sharing using Apple’s Remote Desktop Client and Apple’s Screen Sharing.app which does the following:
- Removes the need for any account to be enabled for screen sharing access
- Mandates that all screen sharing access be approved by the logged-in user
- Does not allow screen sharing access if no user is logged in.
For more details, see below the jump.
Filesystem session at Penn State MacAdmins 2017
I’ll be speaking at Penn State MacAdmins Conference 2017, which is taking place in State College, PA from July 11th – 14th, 2017. My session will be an overview of Apple’s past and present filesystems, with an introduction to Apple File System (APFS) and a discussion of its current state of development. For those interested, my talk will be on Wednesday, July 12th.
For a description of what I’ll be talking about, please see the Storing our digital lives: Mac filesystems from MFS to APFS session description. You can see the whole list of speakers here on the Speakers page.
Automating the enablement of object versioning on AWS S3 buckets
As part of some work I’ve been doing with Amazon Web Services, I needed to enable object versioning on all S3 buckets in an account.
However, I had three issues that I needed to accommodate for:
- There were a sufficient number of S3 buckets that enabling versioning via the S3 web console would be inconvenient.
- Some of the S3 buckets in the list already had object versioning enabled, while others in the list did not.
- I had forgotten which ones already had versioning enabled, so I’d have to check each one.
To address all three issues, I’ve written a script that uses the aws command line tool to detect which S3 buckets do not have object versioning enabled and enable it on the detected S3 buckets. For more details, see below the jump.
Activating EndNote X8 using management profiles
I’ve moved on from a role where I needed to support Clarivate Analytics’s EndNote bibliography software, but I noticed that my colleague Rusty Myers is now deploying it in his environment.
As part of his work, Rusty discovered that it was possible to bypass the activation process by adding the AcceptedENX7.2EULA key to /Library/Preferences/com.ThomsonResearchSoft.EndNote.plist:
In Rusty’s case, the key is being added by running the following commands with root privileges:
/usr/bin/defaults write "/Library/Preferences/com.ThomsonResearchSoft.EndNote.plist" "AcceptedENX7.2EULA" -string "1"
Reading through Rusty’s post, I wondered if you could apply this setting via a management profile instead of writing the necessary values to /Library/Preferences/com.ThomsonResearchSoft.EndNote.plist. With some testing, I verified that it’s possible to also bypass the activation process with a management profile.
For those who want to bypass EndNoteX8’s activation process using a management profile, I’ve created a .mobileconfig file and posted it here on Github:
https://github.com/rtrouton/profiles/tree/master/ActivateEndNote/EndNoteX8
I’ve also created one for EndNoteX7, since it appears that the setting has not changed since EndNoteX7’s release. However, I do not have access to that version of EndNote and can’t test it to make sure.
If you’re still deploying EndNote X7, please give it a try and let me know. The .mobileconfig file for EndNoteX7 has been posted here on Github:
https://github.com/rtrouton/profiles/tree/master/ActivateEndNote/EndNoteX7
Recent Comments