I recently had the realization (spurred by a co-worker who noticed the problem) that I was Doing Something Wrong and in fact had been doing it wrong for over a year. The problem had to do with how my first boot script was setting the multiple network time servers in use on our work network. I had been setting it like this:
#Primary Time server for Company Macs
#Secondary Time server for Company Macs
/usr/sbin/systemsetup -setnetworktimeserver $TimeServer1,$TimeServer2
I’d thought this would tell the Macs to use both network time server addresses. Instead, the Macs were actually seeing it as one server with the address of ns0.time.server,ns1.time.server. Naturally, this address didn’t resolve to squat, which meant that the Macs weren’t getting the correct time.
Fortunately, there’s a number of ways to fix this. See below the jump for three of them.
One of my users asked how he could create an meeting from an email in Outlook 2011. After doing a bit of research, here’s how you can create meetings from your Outlook 2011 email.
1. Select the email you want.
2. Click the Meeting button in the Outlook toolbar.
3. A new meeting window should pop up with the details from the email, including the email’s addressees listed as the meeting invitees.
4. Make whatever edits are needed.
5. Click Send to send the meeting invitation.
In the event that someone has lost some or all of their contacts from Address Book or Outlook, but had them on their iPhone/iPad, there’s a way to extract the contacts data from the iTunes-hosted backup of their iDevice.
Since the procedure to do it for free can be a little tricky (lots of outfits are willing to sell you a way to do iPhone contact recovery for $24.95 and up), see below the jump for the way I did it.
Due to the way that FileVault 2 handles logins, with the user logging in at the pre-boot login screen and then brought directly into their account, users with Active Directory accounts will not get the password expiration warning that normally appears at the login window.
If you need to have those notifications in your environment, Peter Bukowinski’s ADPassMon is a great freeware utility for showing your users how long they have until their AD password expires. It launches and runs after the user logs in, so it’s unaffected by FileVault 2’s handling of the login process.
For complete information on this utility, see the ADPassMon product page.
FileVault 2 Decrypted for Enterprise, the second article in my two-part series on FileVault 2, is now available in the August 2011 issue of MacTech. This article is focused on the issues involved with setting up a managed deployment of FileVault 2 in a medium to large environment, so I encourage you to pick up a copy if you’re looking at a project like that.
One item to note with regards to this article has to do with a advisory I included with regards to using FileVaultMaster.keychain as a recovery key. As of the publication deadline, 10.7.0 was the current release and the ability to use FileVaultMaster.keychain as a recovery key was broken. I’m happy to report that Apple has fixed this as of 10.7.1, so you can now disregard that note.
Something I’ve personally wanted to be able to do with DeployStudio for a while now is do an OS upgrade. I’ve built a mostly-automated process for 10.5 -> 10.6 upgrades that leverages both NetInstall and DeployStudio, but having to switch between the NetInstall and DeployStudio set involves some manual work that I’ve been wanting to automate but wasn’t sure how.
Enter Greg Neagle’s InstallLionPkg, which allows you to create an installer package that does an unattended install of Mac OS X 10.7.x. As it’s an installer package (albeit a BIG one), you can deploy this with Munki, Casper, Absolute Manage, Apple Remote Desktop, DeployStudio, etc. You can even run it as a standalone installer.
I’ll spare you the delighted gibbering I started doing as soon as I started thinking of all the ways I could leverage this, and focus on how you can use this with DeployStudio. See below the jump for the details.