Archive for August, 2011

Activate Java web plug-ins setting in 10.7 from the command-line

August 31, 2011 14 comments

As part of getting ready to support 10.7 in my shop, I ran into a problem with Java plug-ins. The issue was that Java applications were not launching in Safari. Instead, I’d get a message saying “Inactive Plug-In”. Here’s how you can fix this in the GUI:

1. Go to /Applications/Utilities.

2. Double-click on the Java Preferences icon.

3. In the General tab, place a check in the box labeled Enable applet plug-in and Web Start Applications.

However, this setting is set on a per-user basis. I couldn’t check the box in my local admin account and expect it to apply to all future users of a particular Mac. However, there is a way to set this setting from the command-line. See below the jump for details.

Read more…

Categories: Java, Mac OS X, Scripting

Creating AD or OD mobile users from the command line

August 12, 2011 12 comments

On some occasions, I’ve been asked to create mobile accounts for people on workstations or servers without those people being available to log in at the login window. Here’s a way to create those accounts remotely via SSH. See below the jump for the details.

Read more…

Connecting to an SMB server from the command line in OS X

August 11, 2011 7 comments

I had a call yesterday, where someone was asking to SSH into a remote Mac workstation and mount a particular fileshare on that workstation. I had them do the following:


1. Log into the Mac with your account login and password.

2. Create a folder inside your home folder named sharename to match the name of the share on the server

Note: You should only need to create this folder if it doesn’t already exist.

3. Use the following command to mount the share, using the new sharename directory as the mountpoint:

mount_smbfs // ~/sharename

4. You should be prompted for your account password.

5. The SMB share should mount and you should be able to access it via the sharename directory.

To unmount the server share from using the command line in OS X:

1. Log into the Mac with your account login and password.

2. Make sure you’re not in the ~/sharename directory.

3. Use the following command to unmount the sharename share from ~/sharename:

umount ~/sharename


However, when mount_smbfs // ~/sharename was run, it didn’t connect and gave the following error:

mount_smbfs: server connection failed: No route to host

Trying mount_smbfs //username:password@servername/share ~/sharename also did not work. Same error, plus the user was understandably not happy with the idea of having his password in the clear.

After a bit more digging, I found the answer here. In 10.6, Apple had changed the mount_smbfs configuration so that it now expected the server’s workgroup or domain as part of the connection string. For anybody else that needs it, here’s how the command should be set up if the server is connected to an AD domain:

mount_smbfs //’DOMAIN;username’ ~/sharename

If you’re using a workgroup, it should be set up as:

mount_smbfs //’WORKGROUP;username’ ~/sharename

FileVault 2 article in MacTech’s July 2011 issue

August 8, 2011 Leave a comment

For those interested in learning more about how FileVault 2 works, I have an article in MacTech‘s July 2011 issue. It’s titled FileVault 2 Decrypted and is a nuts-and-bolts article that covers where we’ve been with FileVault, how FileVault 2 works, and how to encrypt your own Macs with FileVault 2.

If you’re interested in learning more about FileVault 2, I strongly encourage you to pick up a copy.

Categories: FileVault 2, MacTech

Repackaging iLife 11 for DeployStudio

August 7, 2011 12 comments

iLife 11 can be difficult to repackage for use with DeployStudio. There is a great article available here on the OS X Deployment and Management Wiki for how to do this, but you can also use the methodology referenced in this post to repackage iLife 11 for installation by DeployStudio. See below the jump for the procedure.

Read more…

Using a login banner with FileVault 2

August 4, 2011 1 comment

In a number of workplaces that require the use of encryption, there is often an accompanying requirement for a login banner that shows an Acceptable Use Policy, legal warning or other important information that the user must accept before logging in. While there isn’t the ability to set a login banner at FileVault 2’s pre-boot login screen at this point, you can leverage Lion’s built-in functionality to display a policy banner that must be accepted before the login process can complete. See below the jump for more details.

Read more…

CreateLionUser now available with InstaDMG1-6 r425

August 4, 2011 Leave a comment

One inestimably valuable tool that you get free with InstaDMG is the createUser.pkg, found in /path/to/instadmg/AddOns/createUser. This tool helps automate new local user creation, allowing you to securely pre-setup local admin and/or standard users as part of your InstaDMG-created image or anywhere else you could use a package installer.

With the advent of the 10.7 Developer Previews, it was found (to considerable dismay) that this reliable tool had broken. Fortunately, Per Olofsson of the University of Gothenburg stepped up to the plate and created CreateLionUser.pkg, a Python-built rewrite of createUser.pkg. CreateLionUser is also now being distributed with InstaDMG as of InstaDMG1-6 r425 and is also found at /path/to/instadmg/AddOns/createUser.

For full configuration details and credits, see the CreateLionUser-README at

%d bloggers like this: