10.7 Lion how to disable the Resume “Restore windows when quitting and re-opening apps”

Posted on December 8, 2011 by Lisa

I’m currently deploying Lion, one feature I really want to turn off for a number of reasons is the Resume functionality also known as:
System Preferences -> General -> Restore windows when quitting and re-opening apps checkbox.

The one that stops all the apps reopening when you log back in or restart.

To do this, we’ll use MCX.

You will need to Edit .GlobalPreferences

Choose whether you want Once, Often, Always, then add a new key called:

NSQuitAlwaysKeepsWindows of type boolean and value false.

Save your changes, do a MCX refresh on your clients. ( sudo mcxrefresh -n ) and no more windows.

If you’re still reading.. here is why I don’t want it. I work in a place where a lot of presentations are done often in a hurry. So on Saturday night at home on their own internet connection lets say theoretically a user is looking at something that doesn’t meet the safe for work criteria.. When they run in late on Monday morning plug in their laptop to the projector as its still starting up forgetting their weekend web browsing.. lets just say its better for all involved that we don’t see their content.

The users can thank me later :)

Posted in MCX | 4 Comments

Using Custom Triggers with the Casper Suite

Posted on October 3, 2011 by Lisa

Until recently I had been quiet happy strolling along with the built in triggers – login, startup, logout etc.. I was using these in combination with smart groups for package deployment or determining which computers needed to run a script. I would create a smart group for lets say all the computers that didn’t have a version of clickview installed, then set to install at startup.

I was asked recently about what I was doing with custom triggers.. the answer I wasn’t – I was quite happy with the builtin triggers.. then a few days another person asked me the same question.. OK it’s time to see what all the fuss is about. Let’s just say I implemented them pretty quickly.

I’ve created a custom trigger for a re-imaged computer. There are some applications that don’t package well – for example ones that generate files containing a unique identifier for the computer based on the MAC address. I was previously deploying these with smart groups for the computers that were missing the application.

Now I needed to do 2 things to have the application deployed on first boot:

  • Create a script that calls my custom trigger (setting the script to run “At Reboot” in Casper Admin) and assign to the configuration in Capser Admin
  • Using the web interface of my JSS create policies that are triggered by my custom trigger name

So part one is simple you need a script that is pretty much one line:


#!/bin/sh
jamf policy -trigger reimaged

A couple of points here, the jamf command with policy option needs to run as root, because we are running this as a first boot script it automatically runs as the root user. If say you were running the jamf policy command manually you should put sudo in front. It is also good practice to put the full path of the jamf command which I have left out of the example above.

The word reimaged is the name of our custom trigger, you can call this anything you like. You can also create as many custom triggers as you like.

Now that the freshly imaged computer is going to check in with the JSS to see what policies have the trigger reimaged, we just need to set reimaged as a trigger. This is really easy – When creating the policy in the general tab of your JSS Select Other for the “Triggered By” option, then when the text box opens up type the same trigger name as in your script in this example “reimaged”. For execution I select ongoing as we never know how often a computer will need to be reimaged.

Please share your custom trigger usage, I’d like to see what others are using them for.

Posted in Casper | Leave a comment

Petting the Orange Fox

Posted on September 27, 2011 by Lisa

It’s that time of year.. where I need to refresh and create new SOEs. One thing I’ve decided I want better this year is the firefox user experience. I’m tired of windows popping up making sure the users know their rights, and welcoming them to firefox. So here is a quick run down on the modifications I packaged to provide a better firefox user experience.

We’re on 10.6.8 and Firefox 6.0.2

First of all I want to set the default homepage.

Navigate to:  /Applications/Firefox.app/Contents/MacOS

Create a file called “browserconfig.properties” and add the following lines

browser.startup.homepage_reset=http://lisacherie.com
browser.startup.homepage=http://lisacherie.com

Next I’d like to remove the annoying popup on first launch asking if you would like to migrate a safari or other profile. Create a file in the same directory called “override.ini” with the following:

[XRE]
EnableProfileMigrator=false

Now to turn off some features like autoupdate which if allowed to run free might override my carefully selected customisations or worse just not work. I am also configuring firefox to use the system defined proxy. Some of the users where I work like to switch to anonymous proxies via the web browser (It’s nice to know our internet filtering works well!), so this will be locked to prevent change.

lockPref("app.update.enabled", false);
lockPref("browser.rights.3.shown", true);
lockPref("browser.startup.homepage_override.mstone", "ignore");
lockPref("browser.startup.homepage", "http://lisacherie.com");
lockPref("browser.shell.checkDefaultBrowser", false);
lockPref("network.proxy.type", 5);
lockPref("profile.allow_automigration", false);
lockPref("profile.confirm_automigration", false);
lockPref("startup.homepage_override_url", "");
lockPref("startup.homepage_welcome_url", "");

Now to let firefox know to use these settings we have carefully crafted create the file:
/Applications/Firefox.app/Contents/MacOS/defaults/pref/_config.js

and populate with:

pref("general.config.obscure_value", 0);
pref("general.config.filename", "firefox.cfg");

Good luck! remember to make sure you use the same permissions as the existing firefox config files (watch out for the ACL). Please share if you find some other useful customisations.

Posted in Uncategorized | Leave a comment

1 iPad many users.. how do I support this….

Posted on June 28, 2011 by Lisa

A few things happened recently.. I was asked to prepare a number of iPads that would be shared amongst a number of users, so that each user would have a clean iPad, the so called cleaning needed to be quick and easy, so that a classroom teacher could do it at the end of class. I also needed to be certain the students would not accidently leave things behind.. like email accounts.. iTunes accounts.. or passcodes.. sounds like fun..

Then I saw a really cool podcast on different approaches to working with a fleet of mobile devices. There was some kind of tool mentioned that showed a way to lets call it re-image a mobile device in the same way you might re-image a lab computer. Perfect! I need this tool.. I made contact with the vendor and attempted to purchase for the organisation I work for.. Then I was told I can’t buy it.. It’s not available for purchase.

Crap!

So feeling sorry for myself for a while – how am I going to get this project done.. I was reminded I had a software engineering degree.. Maybe I could re-invent the wheel. Let’s think about this.. in iTunes there is a handy feature to back up my iPhone or insert device here. I always make sure I back up the backups of my iPhone, which are available in ~/Library/Application Support/MobileSync/Backup

So I have a copy of what I want on each iPad, but damned if I know how to write a whole lot of files across to a USB device.. i can’t excactly go cat file > “Lisa’s iPad”, but iTunes does know how to do this….

Let’s try and figure out how iTunes is doing this.. Open Activity Monitor and display the processes hierarchically.. this will let us see all the processes started by iTunes, and you got it… Choose the option to restore my iPhone/iPad/insert device….

Very briefly another process appears.. but doesn’t stay visible long enough for me to grab a sample or click the button in Activity Monitor to grab the open files listing to know where its hiding. So I have a pretty good idea of what the process might be called.. but where does it live?

My good friend Terminal and lsof – an awesome tool to give you a list of the open files at a point in time. So let’s restore my iPad again and have terminal ready to press enter on lsof. On the second try I pressed enter fast enough to get a massive long listing of open files (hint close everything else on your computer to make this list shorter.. lol).

Eventually I find a very long path hidden in the /System directory with the same name as our mystery iTunes process…

Bring back terminal!

cd to the directory we just found and let’s try running the command, and we get the super friendly output:

AppleMobileBackup[9149:903] ERROR: No action specified on command-line

crap.. what now.. there is no man page.. hmm time to start guessing..

help

same output

–help

part of the output included this:

Action (one required):
-b, –backup             perform a backup
-r, –restore            perform a restore

Oh YEAH!!

Now to start playing…. game on! I’ll re-invent the wheel yet.. and if I do it my way.. it’s going to have awesome rims!

Posted in Uncategorized | 1 Comment

CS5 and Network Homes

Posted on May 2, 2011 by Lisa

A while ago I mentioned that I would write up what I did to make CS5 play nice with network homes. Well kind of nice.. some of the apps just aren’t meant to be used with network homes.

First of all you’ll need to refer back to the earlier post I wrote about packaging CS5, and the post on MCX cache redirection.

  1. Package CS5 by selecting only the following applications (or the subset of the list below which you would like). It may be possible to have the other apps also work, in the environment I have I was unsuccessful. In any case, I’m not sure I want a large number of students video editing over the network with Premiere Pro :)
    • Photoshop
    • Media Player
    • Adobe Illustrator
    • Flash
    • Dreamweaver
    • Extension Manager
    • Flash Builder
    • Flash Catalyst
  2. Install Acrobat
  3. Refer to the earlier post and follow the instructions for licensing, updating, and packaging.
  4. Once packaged, you will need to make use of MCX cache redirection.
  5. Set up a login cache redirection for:
  6. It is also a good idea to set up the subsequent logout redirection depending upon your environment.

In the earlier post I mentioned the user template, unfortunately with network home users you won’t be able to populate the user home when deploying with the Casper Suite. If you want particular preferences applied you will need to set via MCX where possible or use some other script or utility to propogate the files to each account home directory.

I hope this helps you out, if you have additional tips to get these or the other apps in the suite working well or better with network homes please share!

As a side.. I’m pretty certain Adobe don’t support network homes with CS5, so it’s quite likely from time to time strange behaviour or unexpected exiting of apps will occur.

Posted in Adobe, MCX | Leave a comment

Flat batteries… Lost date and time

Posted on April 19, 2011 by Lisa

Back in the day there used to be an onboard battery which maintained the date and time of the system. These days it has been replaced with a capacitor.. If you also did first year Introduction to Electrical Engineering then think hard (like I had to) and you’ll remember a capacitor holds a charge for a while before the charge is gradually lost.

All good until you bring in students on summer holidays to the picture. I can tell you a large number do not use or charge their laptops over the holidays and when they return to school the capacitor has lost all charge also losing the system date and time. Once the date and time is lost the system clock reverts to 2001 and flashes up with a friendly warning about system instability and presents difficulty joining wireless networks.

A rough script I have put together runs at startup, checks to see if the time is set to the year 2001, and if so set the date to an arbitrary date within the range your NTP server will correct. Then reboot. Plenty of opportunity to make the script a bit smarter – I’ll leave that part for you. Please share if you come up with good ideas.

#!/bin/sh

DATE="04:19:11"
YEAR=`/usr/sbin/systemsetup -getdate | cut -d '/' -f 3`

if [ $YEAR == "2001" ]
then
 echo "we have a match"
 /usr/sbin/systemsetup -setusingnetworktime off
 /usr/sbin/systemsetup -setdate $DATE
 /usr/sbin/systemsetup -setusingnetworktime on
 reboot
fi
Posted in Date and Time | Leave a comment

MCX, Managed Client, Cache redirection, disabling iTunes sharing, radio streams, standardising the desktop picture

Posted on January 22, 2011 by Lisa

I really like MCX aka managed preferences, there are settings in the environment that need to be standardised for all users, and MCX allows me to make those settings centrally at a computer wide level.

Using WorkGroup Manager I ususally apply MCX to computer groups, looking at the GUI the options available are useful, but would appear limited, there are extra options that would be nice. By clicking the details tab, and choosing + you can pick additional preferences to manage. One of my favourites is ManagedClient, by choosing to import /System/Library/CoreServices/ManagedClient a number of additional preference options will appear. The options available in ManagedClient are so useful I am surprised more of these are not available in the GUI.

By clicking edit, you will then have the opportunity to select whether to Always, Often, or Once have the setting applied, usually I go with Always. Here are some of my favourites:

Cache Redirection: We have a number of shared computers that could be used by any number of users, it doesn’t make sense to use local accounts, or even mobile accounts, so we use network home directories on these computers. By default everything is written back to the network home including cache, which means a whole lot of extra traffic is going across the network, and a whole lot of extra read/writes to the network storage. Using MCX we can redirect cache to a folder on the local disk, preventing all the extra traffic and read/write requests. The options you want are in com.apple.MCXRedirector.

You will create a Login Redirection, and a Logout Redirection, which each have a Redirect Action comprising the action, destination folder path, and folder path.

To redirect ~/Library/Caches for all users you would choose options as illustrated in the screen shot below. Please note the screenshot also lists an additional redirect for Adobe that helped the application work better in our environment.

Top Menu Icons: I like to customise the icons in the top menu bar, for example I don’t want users having a Time Machine icon when as a standard user on a shared lab computer they can’t use time machine anyway. com.apple.mcxMenuExtras allows me to choose which items are displayed in that part of the screen real estate.

iTunes: Music sharing and radio streaming is great at home, I’m not overly thrilled about all that extra traffic, and shared music libraries across the network. The options available in com.apple.iTunes allow both of these to be disabled, along with options to restrict store content intented for mature audiences.

Desktop pictures: Some users just have a knack for picking inapropriate desktop pictures, on your home computer fine… On a shared lab computer, no thank you. By using com.apple.desktop you can preselect a nice tasteful desktop picture for your users. I typically do this for all shared computers that are in public spaces on campus. By default the options would only allow me to choose Once or Often, I manually copied the items to Always, ignored the orange alert about the manifests, and watched the standard picture appear (and stay). With the Once or Often options, the picture will appear, however can be changed – these options are useful to set an initial picture.

That’s all for today, please share any of your favourite MCX options.

Posted in MCX | Leave a comment

Disabling CS5 updates

Posted on January 15, 2011 by Lisa

So we’ve gone to a lot of effort to get CS5 working, for standard users. There are few users who have admin rights to their laptops, I get worried about updates to major applications like Adobe as sometimes things change or cause a problem in the environment we have. Adobe have this article on disabling updates – I chose to disable machine wide.

  1. Users, especially those without admin accounts won’t be nagged about an update being available they can’t install anyway
  2. I don’t need to worry about an update causing a problem

If you use the method in the article the check for updates option won’t even appear in the menus! Of course an update can still be installed manually, however without being notified that there are updates available, and no easy menu option to check for updates, I find majority of your users won’t go manually searching  unless there is something very specific they need. Hopefully they’ll talk to you first!

Note: I’m yet to have a go with the Adobe Software Update Server.. Does it work well for you?

Posted in Adobe | Leave a comment

CS5

Posted on January 14, 2011 by Lisa

CS5 Master Collection has taken a chunk of my time lately. AAMEE and I didn’t get along very well.. so here are the steps I took to get a working package together. This is to create the full master collection. You will need to be either using local user accounts or mobile accounts, as some of the apps do not work with a network home directory. I’ll post another write up soon, on the extra steps to make some of the apps work with network homes.

  1. Don’t use the disks Adobe send you.. If you have a volume license, login and download the dmgs. These will likely be newer than your disks, and you won’t get prompted to keep changing disks, as you can mount them all at once. Nice! Make sure you also get the disks for Acrobat Professional you’ll need to install at the same time.
  2. I use the Casper Suite, I like it, it does what I need. So I used the Composer app in v8 to make this package. I used a clean mac to create the package, all that was installed was our base OS image, I disabled MCX, and logged in as the administrator, taking a new and changed files snapshot using compose.
  3. Once the snapshot was complete I opened the installer from the mounted dmg chose to install all the applications, entered the licensing details when prompted, then went for a beverage break.
  4. On completion of the Master Collection installation, I installed Acrobat Professional, I learnt the hard way to get a working package, install them both at the same time, if you try to keep the packages separate, your licensing won’t hold.
  5. Install any optional content that you would like from the other dmgs, I will admit I’m not very arty, I don’t know which optional content is needed, so I installed the whole lot, yes this makes it a big bloated installation, however it means it’s all there, and I won’t be asked later for optional installs, missing fonts, etc.
  6. Open each of the applications, enter the administrator password if prompted, make sure every app works, and let it run any post install setup.
  7. Check for updates, I chose to install all the available updates that were available at the time.
  8. Open all of your applications again and make sure they still work.
  9. Acrobat has a nasty habit of asking all users for an administrator password the first time the user launches the application. In education we don’t give out the administrator passwords, I edited the following files (thank you AFP548 for the tip) to prevent all the users being prompted for a password they don’t have. Edit the following files: AcroENUDist90SelfHeal.xml, AcroEFGPro90SelfHeal.xml, which are located in: /Library/Application Support/Adobe/Acrobat, in each file do a find and replace YES becomes NO, REQUIRED also becomes NO. Be careful which text editor you use, as you don’t want to leave additonal characters behind.
  10. Re-open Acrobat and Distiller to make sure the apps are still working.
  11. Adobe help – after installation needed to download a number of help content files. I chose all, and downloaded all, then set to manage manually. Take note here, these files appear to be specific to each user account.
  12. For sanity sake log in as a standard user and make sure all the apps work, and the user does not get prompted for admin passwords.
  13. Let Composer take another snapshot – time for another beverage.
  14. Composer should now show you a large list of all the files it has identified for the CS5/Acrobat installation. I like to trim this down, for example I don’t want various log files or preference files that were created. I also don’t want the files for the standard user.
  15. For those familiar with Composer you will know that there is the option to fill user template when creating a dmg, you will end up with 2 GB of help files! So this will slow your first login time immensely, you may like to consider clearing out the files when building the package.
  16. I chose to leave a number of the admin user’s preference files there, as I did not want the users to be prompted to participate in Adobe feedback, or prompted to register/create accounts. If you aren’t using composer you will need to manually place the files you want in the /System/Library/User Template/  folder.
  17. You can now build your package, I like to use the dmg option, which lets me fill the user template and end user accounts if I select those options during deployment with the casper suite.
  18. You should end up with a dmg file about 10 GB.

I hope this helps you :) Please comment if you have other suggestions to make a better CS5 package, or extra tips.

Posted in Adobe | Leave a comment