Removing the Office 2011 installers’ application quit function

The Microsoft Office 2011 installer and Office 2011 update installers include functionality to force browsers and Office applications to close before the installation runs. This functionality can be helpful if you’re installing Office 2011, but more often then not is a headache to Mac admins who want to remotely deploy the installer(s).

The script that controls the application quitting function is embedded in one of the Office 2011 installers’ included installer packages. To fix this, the embedded installer package in question needs to be edited to remove the script’s contents. See below the jump for the procedure.

Read more…

fdesetup authrestart – FileVault 2’s one-time encryption bypass feature

OS X 10.8.2 included one important change to Apple’s fdesetup FileVault 2 management tool. fdesetup now has the authrestart verb, which allows a FileVault 2-encrypted Mac to restart and bypass the FileVault 2 pre-boot login screen. Instead, the Mac reboots as a unlocked system and goes straight to the regular login window.

When you run the fdesetup authrestart command, it asks for a password or recovery key. The password must be an account that has been enabled for FileVault 2 (i.e. an account that shows up at the FV2 pre-boot login screen.) After that, it puts an unlock key in system memory and reboots. On reboot, the reboot process automatically clears the unlock key from memory.

To show what this looks like, I’ve made a short video showing the process

Note: The video has been edited to artificially reduce the amount of time needed for the process. Run time of the pre-edited video was 4 minutes.

Gatekeeper Status Check Script

As of Mac OS X 10.7.5, Apple has now made Gatekeeper’s GUI functionality available on both Lion and Mountain Lion. Gatekeeper is disabled on Lion Macs by default, but users with admin privileges can turn it on.

To help Mac admins monitor whether Gatekeeper has been enabled, I’ve written a script that checks spctl to see if Gatekeeper’s assessment system is enabled or disabled. When run with root privileges, this script checks 10.7 and 10.8 Macs to see if Gatekeeper is disabled. If Gatekeeper is disabled, script returns Disabled. Any other status will result in script returning Active.

#!/bin/bash

osvers=$(sw_vers -productVersion | awk -F. '{print $2}')

if [[ ${osvers} -lt 7 ]]; then
  echo "Gatekeeper Not Available For This Version Of Mac OS X"
fi

if [[ ${osvers} -ge 9 ]]; then
  echo "Future Not Known Yet. Revise Me In Mid-2013"
fi

# Checks Gatekeeper status on 10.7.x Macs

if [[ ${osvers} -eq 7 ]]; then
    gatekeeper_status=`spctl --status | grep "assessments" | cut -c13-`
   if [ $gatekeeper_status = "disabled" ]; then
      result=Disabled
   else
      result=Active
   fi
   echo $result
fi

# Checks Gatekeeper status on 10.8.x Macs

if [[ ${osvers} -eq 8 ]]; then
    gatekeeper_status=`spctl --status | grep "assessments" | cut -c13-`
   if [ $gatekeeper_status = "disabled" ]; then
      result=Disabled
   else
      result=Active
   fi
   echo $result
fi

This script is available here on my GitHub repo. I’ve also written a Casper Extension Attribute which is available here.