Archive for February, 2011

Setting a new default item view in Outlook 2011

February 22, 2011 1 comment

I had a question come up today, with regards to a person I’m working on moving from Entourage 2008 EWS to Outlook 2011, on how to re-set the items view. The person in question had set their view to meet their needs, but the import process had reset all of the views to Outlook 2011’s default. They wanted to know how they could fix that and (with the help of William Smith, Microsoft MVP ), I was able to give this person a way to reset their view without having to hit every folder and manually reset everything.

Setting up a new default view:

Set up the items view exactly how you want to see it (for example, on your Inbox) , then set it to be the default view that all new mailboxes should use by using the following command:

View menu –> Arrange By –> Make This the Default View.

The new Default view should apply to any new mailboxes, but it would need to be manually applied to existing mailboxes.

Applying the new Default View to existing mailboxes:

To apply the default view to other folders, select a folder and run this command:

View menu –> Arrange By –> Restore to Defaults.

That should set the folder’s items view to match the view you set for your original mailbox that you used to set the new default view.

You can also apply this view to multiple nested mailboxes by selecting the top-most folder in the folder hierarchy and running this command:

View menu –> Arrange By –> Restore to Defaults.

When prompted, have it apply to This and All Subfolders.

Adding groups from your directory service to your Mac’s admin group

February 17, 2011 2 comments

If your Mac environment is using a directory service for authentication (like Apple’s Open Directory or Microsoft’s Active Directory), you can add a group from your directory service to be a member of your Mac’s local admin group (members of which have administrative rights on your Macs.) This helps simplify granting administrative rights on your Macs, as you can add and remove accounts to your server-end group to grant and remove administrative rights for those accounts on your Macs.

To add a group from your directory service to your Mac, you can use the following command:

sudo dseditgroup -o edit -a “group name” -t group admin

If you’re adding an AD group, you may need to add the AD domain’s name:

sudo dseditgroup -o edit -a “DOMAIN\group name” -t group admin

For Active Directory, you can also use the dsconfigad tool to enable or disable administrative rights for a particular AD group:

sudo dsconfigad -groups “group name”

Groups can be specified by domain to ensure security is not compromised, e.g., “domain”

One thing to watch for with adding AD groups is that the group whose members you want to give administrator rights to needs to be listed as the Primary Group in AD for those accounts. Otherwise, they may not be given administrative rights on the Macs despite the AD group being added to the local admin group.

Finding the serial number of a Mac from the command line

February 14, 2011 Leave a comment

If you need to look up the serial number of the Mac you’re on from the command line, or feed it into a script variable, here’s a way to use system_profiler to display it (command should be all in one line):

system_profiler SPHardwareDataType | grep 'Serial Number (system)' | awk '{print $NF}'

Looking up AD home directory locations from an AD-bound Mac

February 9, 2011 2 comments

One of the occasional issues I’ve run into at work is that we don’t have one central location that stores all of our AD home directories. As a result, telling someone where it is can take some digging and delay. To help speed up the process, I worked with Peter Bukowinski to build an easy-to-use AppleScript that looks this information up. It should be pretty generic, but the only location I’ve tested it at is here at my workplace. Your milage may vary.

Assumptions: In order to work correctly, the script needs for the Mac to be bound to an AD domain. The AD-bound Mac also needs to be connected to the AD domain via a domain-reachable network connection or via VPN.

Using the script:

Launch the script and provide the username in the blank provided, then click OK.

The home folder will then be displayed in a dialog box. You’ll also be prompted to copy the home folder information to the Mac’s clipboard for pasting (if needed.) Click OK to dismiss the dialog without copying the information. Clicking either button will quit the script.

Update: Peter added some more functionality to the script by making the copying of the information to the clipboard optional and adding error checking for when an AD account was set up without having a home directory set in the account profile. Downloads and source code have been updated to reflect the changes.

Click here to download the script. Source code is beneath the jump.

Read more…

mod_nss issue causing problems with running Tomcat and Apache on the same RedHat server

February 7, 2011 2 comments

I’ve been evaluating Jamf‘s Casper Mac management suite at my workplace, with the Casper server hosted off of a RedHat Enterprise Linux virtual server (instead of an Apple XServe.) I have been pushing software using an SMB share, which mounts on the desktop, then disappears. However, because I want the process to be as invisible as possible, I decided to enable Apache on the server in addition to the Tomcat installation I’ve got running.

Apache promptly complained at startup:


httpd failed. The error was: Stopping httpd: [FAILED]

Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:8443

(98)Address already in use: make_sock: could not bind to address

no listening sockets available, shutting down

Unable to open logs


This didn’t make any sense because Apache is set to use port 80, rather than 8443. After some research, I found a post on the Parallels forums that pointed to an Apache module called mod_nss being the culprit. The suggested fix was to uninstall mod_nss using yum:

yum remove mod_nss

Since it didn’t look like I was going to be using the functionality that mod_nss was providing, I uninstalled it. Once removed, Apache fired up without complaint.

Categories: Mac administration

Setting access controls on SSH

February 3, 2011 Leave a comment

Want SSH on, but want controls over who can log into it? On Mac OS X 10.5.x and higher, you can set this with a SACL for the SSH service.

Command to create the SACL (if it doesn’t already exist):

dseditgroup -o create -q

Add your user to the SACL group:

dseditgroup -o edit -a myuser -t user

(replace “myuser” with the shortname of your own account.)

With the SACL in place, only your account (and any others you add) will be able to log in to your Mac via SSH. You can also modify this setting through the Sharing pane of your System Preferences.

%d bloggers like this: