Archive
Activate Java web plug-ins setting in 10.7 from the command-line
As part of getting ready to support 10.7 in my shop, I ran into a problem with Java plug-ins. The issue was that Java applications were not launching in Safari. Instead, I’d get a message saying “Inactive Plug-In”. Here’s how you can fix this in the GUI:
1. Go to /Applications/Utilities.
2. Double-click on the Java Preferences icon.
3. In the General tab, place a check in the box labeled Enable applet plug-in and Web Start Applications.
However, this setting is set on a per-user basis. I couldn’t check the box in my local admin account and expect it to apply to all future users of a particular Mac. However, there is a way to set this setting from the command-line. See below the jump for details.
Creating AD or OD mobile users from the command line
On some occasions, I’ve been asked to create mobile accounts for people on workstations or servers without those people being available to log in at the login window. Here’s a way to create those accounts remotely via SSH. See below the jump for the details.
Connecting to an SMB server from the command line in OS X
I had a call yesterday, where someone was asking to SSH into a remote Mac workstation and mount a particular fileshare on that workstation. I had them do the following:
—–
1. Log into the Mac with your account login and password.
2. Create a folder inside your home folder named sharename to match the name of the share on the server
Note: You should only need to create this folder if it doesn’t already exist.
3. Use the following command to mount the share, using the new sharename directory as the mountpoint:
mount_smbfs //username@servername.example.com/share ~/sharename
4. You should be prompted for your account password.
5. The SMB share should mount and you should be able to access it via the sharename directory.
To unmount the server share from using the command line in OS X:
1. Log into the Mac with your account login and password.
2. Make sure you’re not in the ~/sharename directory.
3. Use the following command to unmount the sharename share from ~/sharename:
umount ~/sharename
—–
However, when mount_smbfs //username@servername.example.com/share ~/sharename was run, it didn’t connect and gave the following error:
mount_smbfs: server connection failed: No route to host
Trying mount_smbfs //username:password@servername/share ~/sharename also did not work. Same error, plus the user was understandably not happy with the idea of having his password in the clear.
After a bit more digging, I found the answer here. In 10.6, Apple had changed the mount_smbfs configuration so that it now expected the server’s workgroup or domain as part of the connection string. For anybody else that needs it, here’s how the command should be set up if the server is connected to an AD domain:
mount_smbfs //’DOMAIN;username’@servername.example.com/share ~/sharename
If you’re using a workgroup, it should be set up as:
mount_smbfs //’WORKGROUP;username’@servername.example.com/share ~/sharename
FileVault 2 article in MacTech’s July 2011 issue
For those interested in learning more about how FileVault 2 works, I have an article in MacTech‘s July 2011 issue. It’s titled FileVault 2 Decrypted and is a nuts-and-bolts article that covers where we’ve been with FileVault, how FileVault 2 works, and how to encrypt your own Macs with FileVault 2.
If you’re interested in learning more about FileVault 2, I strongly encourage you to pick up a copy.
Repackaging iLife 11 for DeployStudio
iLife 11 can be difficult to repackage for use with DeployStudio. There is a great article available here on the OS X Deployment and Management Wiki for how to do this, but you can also use the methodology referenced in this post to repackage iLife 11 for installation by DeployStudio. See below the jump for the procedure.
Using a login banner with FileVault 2
In a number of workplaces that require the use of encryption, there is often an accompanying requirement for a login banner that shows an Acceptable Use Policy, legal warning or other important information that the user must accept before logging in. While there isn’t the ability to set a login banner at FileVault 2’s pre-boot login screen at this point, you can leverage Lion’s built-in functionality to display a policy banner that must be accepted before the login process can complete. See below the jump for more details.
CreateLionUser now available with InstaDMG1-6 r425
One inestimably valuable tool that you get free with InstaDMG is the createUser.pkg, found in /path/to/instadmg/AddOns/createUser. This tool helps automate new local user creation, allowing you to securely pre-setup local admin and/or standard users as part of your InstaDMG-created image or anywhere else you could use a package installer.
With the advent of the 10.7 Developer Previews, it was found (to considerable dismay) that this reliable tool had broken. Fortunately, Per Olofsson of the University of Gothenburg stepped up to the plate and created CreateLionUser.pkg, a Python-built rewrite of createUser.pkg. CreateLionUser is also now being distributed with InstaDMG as of InstaDMG1-6 r425 and is also found at /path/to/instadmg/AddOns/createUser.
For full configuration details and credits, see the CreateLionUser-README at http://code.google.com/p/instadmg/source/browse/trunk/AddOns/createUser/CreateLionUser-README.txt
Creating a never-booted 10.7 image with included Recovery HD partition
One of my goals for 10.7 has been to recreate how my 10.6.x workflows work as closely as possible, with images being created with InstaDMG and deployed with DeployStudio. 10.7’s introduction of the Recovery HD partition threw a monkey wrench into that. However, after some research, more testing and an international effort to discover an Apple-supported way to create a Recovery HD partition without actually installing 10.7 on a drive, I was able to come up with a way to do it. See below the jump for details.
Lion, why did you hide ~/Library?
With every new OS release, Apple does at least one thing that a) annoys me and b) makes me wonder about the thought process that went behind it. In 10.5, it was the way the OS asked me “Do you want to make this a Time Machine backup?” every time I plugged in a hard drive. In 10.6, it was the rage-inducing way I effectively couldn’t configure the firewall from the command line beyond “On” and “Off” without resorting to PlistBuddy. In 10.7, it’s the way the OS hides ~/Library.
I managed to fix my 10.5 annoyance, I’ve got nothing still for my 10.6 annoyance, and I’ve written this script for 10.7. Use it in good health.
Note: I’m sure Apple did something in 10.2, 10.3 and 10.4, but it’s so long ago, I really can’t remember……..oh yeah, now I remember!
Der Flounder 
Recent Comments