Archive
First look at Crypt
Since the release of Google’s Cauliflower Vest, one of the wishlist items that a number of Mac admins have wanted is to use Cauliflower Vest’s capabilities without needing to use Google App Engine as the server backend. Crypt, a new open-source project being developed by Graham Gilbert, looks like a step in the right direction. See below the jump for details.
2012 in review
The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.
Here’s an excerpt:
About 55,000 tourists visit Liechtenstein every year. This blog was viewed about 350,000 times in 2012. If it were Liechtenstein, it would take about 6 years for that many people to see it. Your blog had more visits than a small country in Europe!
Fixing one systems management tool’s agent with another systems management tool
One of the issues you can run across with systems management tools is doing an automated uninstall and reinstall of the agent software. The dilemma is that you can tell the agent to uninstall itself, but after that there’s no agent software on the machine to run the reinstall command. Most management tools include the ability to scan your network and install agents on machines automatically, but that may not be appropriate for all environments as you may have some machines where you don’t want to install the systems management agent.
I ran across a situation like that recently in my own environment. For details, see below the jump.
Pulling Guest OS information from offline VMWare Fusion VMs
As a related task to my Boot Camp partition detection, I also wanted to see if I could get information on the OS running in VMWare Fusion VMs without the VM actually being up and running. After some poking, I saw that I could get information on running VMs by using the vmrun list command. However, there didn’t see to be a way to pull information on non-running VMs using VMWare Fusion 5’s vmrun command.
After some additional investigation, it looked like the data I wanted was stored in /Users/username_here/Library/Preferences/com.vmware.fusion.plist in the VMFavoritesListDefaults2 plist key. In that plist key, the information I wanted was stored in the guestOS dict. With that information, I was able to use grep and awk to pull just the OS information I wanted. The command I used was:
defaults read com.vmware.fusion VMFavoritesListDefaults2 | grep guestOS | awk '{print $3}' | sed 's/"//g' | sed 's/;//g'
When I did that against my own VMs, here’s the output I received.
Note: One thing to be aware of is that OS X VMs will report their Darwin OS info.
Because this information is stored on a per-user basis, you would need to check each user account to pull the VMs associated with each account.
Detecting Boot Camp partitions with Casper
I was recently tasked with reporting on how many Boot Camp installs of Windows we had on our Macs. Boot Camp is something we normally do on a as-needed basis, so it’s not on every machine. However, I did need something that worked consistently across the various flavors of OS X that we have.
In this case, I was asked to just verify the existence of a Boot Camp partition and was not tasked with identifying the version of Windows that was installed on the partition. With a little help from this thread on JAMF Nation, I was able to come up with the following script for use as a Casper Extension Attribute:
#!/bin/sh
#
# Using diskutil list to check for
# disk partitions reporting as
# "Microsoft Basic Data"
#
BOOTCAMP_DETECT=$( /usr/sbin/diskutil list | grep -c "Microsoft Basic Data" )
#
# If Microsoft Basic Data partition is
# reported by diskutil, script reports
# "Yes". If no Microsoft Basic Data partition
# is reported by diskutil, script reports "No".
#
if [[ "${BOOTCAMP_DETECT}" == "1" ]]; then
result=Yes
else
result=No
fi
echo "<result>$result</result>"
exit 0
This script uses the diskutil list command to check for disk partitions reporting as being Microsoft Basic Data. I chose not to look for NTFS volumes, as that could pick up false positives from non-Boot Camp NTFS drives.
If a Microsoft Basic Data partition is reported by diskutil, the script reports Yes. If there is not a Microsoft Basic Data partition on the Mac, the script reports No.
For those interested, the script is available on my GitHub repo:
Credant Enterprise Edition for Mac adds FileVault 2 support
Credant has added support for managing FileVault 2-encrypted Macs to Credant Enterprise Edition for Mac 7.5.x. Based on my working with it over the past couple of weeks, it looks like a solid solution for managing FileVault 2 encryption on both 10.7.x and 10.8.x. For more details, see below the jump.
Adding AD domain groups to /etc/sudoers
A recent discussion on the MacEnterprise list focused around how to give members of Active Directory groups the ability to run commands as root using the sudo command-line utility. This would allow the users in those groups the ability to run some or all commands with root privileges in Terminal without having to give those accounts administrative privileges on the Mac in question.
To do this, you would need to add an entry to the /etc/sudoers file. /etc/sudoers gives listed users or groups the ability to execute commands while having the privileges of the root user.
Editing /etc/sudoers
To edit /etc/sudoers safely, make sure to use the visudo utility. This application will do a sanity check on your changes to /etc/sudoers before putting them into production.
visudo uses vi as its editor. If you haven’t used vi previously, I recommend doing some research on vi commands before launching visudo.
Adding entries to /etc/sudoers
Adding the following entry to /etc/sudoers would allow you to give full sudo permissions to an AD group named ITadmins:
%DOMAIN\\ITadmins ALL=(ALL) ALL
Because a number of AD groups have spaces in the names, you’ll need to escape the spaces using backslashes. For example. adding the following entry to /etc/sudoers would allow you to give full sudo permissions to an AD group named Group Name With Spaces:
%DOMAIN\\Group\ Name\ With\ Spaces ALL=(ALL) ALL
In both cases, replace DOMAIN with your AD domain’s name.
Der Flounder 
Recent Comments