Using a Custom Printer Preset as the Default

Ran across a customer who was asking about wanting to use a custom printer preset as the default preset.  Normally, OS X doesn't have any setting that you can use to do so, but I ran across a little trick that I still can't find any official documentation on, and yet seems to work.

  • Start printing a document, edit your settings and save it as a preset if you haven't already (I recommend for all printers, but its your call).
  • While keeping the dialog box open, hold the Option key and select your Preset, then print.
  • By holding the Option key, it should adjust your settings to use your preset as the default for future jobs.

It seems to play well with my system, but I dont have any real guarantee that this works consistently.  The alternative would be to enable the CUPS interface (navigate to http://localhost:631/printers/ and follow the instructions) to change settings that way, but most end users probably dont want to go down that rabbit hole...

Posted
AuthorMike Muir
CommentPost a comment

Resetting OS X/macOS Network Settings...

Ever get stuck with a system where all the various network interfaces don't seem to work or act right?  Wifi just doesn't seem to find any networks, or Ethernet is acting like its a Bluetooth module?  Your system's network settings are probably corrupt, but its an easy fix.

-Navigate to /Library/Preferences/SystemConfiguration/ and remove the preferences.plist file.

-Reboot and you should be good to go.

Posted
AuthorMike Muir
CommentPost a comment

Retrieving data from the Notes.app

Recently dealt with an issue where a user had notes stored in Notes.app, but randomly lost them all!  The problem came up that they were stored 'On My Mac' and not synchronizing with a service at all.  

As it turns out the data was there, but Apple Notes was not seeing the data behind the scenes.  All the data behind the scenes is stored in a .sqlite database, which does not make it easy to view the data, but there is a fix to retrieve it.

-Navigate to the working directory of the Notes: ~/Library/Containers/com.apple.Notes.
-Once there, navigate further into …/Data/Library/Notes, and notice the NotesVx.storedata file.  That is everything Notes.

-Grab a copy just in case, then open a terminal window.  Navigate to the .storedata file with the cd command, then run the following: sqlite3
-You will have a new command prompt “sqlite>”
-Type “.open NotesV6.storedata” (nothing will happen)
-At the next prompt, type “select ZHTMLSTRING from ZNOTEBODY;” then hit return

-Copy and paste the resulting text into a text editor, then save it as a .html file.
-Open said file in your web browser of choice, which will have the text all nicely formatted to have the notes re-created.

Posted
AuthorMike Muir
3 CommentsPost a comment

Automating a Managed Service Deployment

Beware: long winded tech post coming up...

Working for a company that deals in managed services makes life interesting when a new customer comes calling.  Naturally, we want to do the best we can for whoever asks us for help, but that usually involves juggling multiple specialized services that all focus on specific tasks.  Services such as Watchman Monitoring, Gruntwork from Mac-MSP(now part of MAX Remote Management), and MDM management from any number of companies have become indispensable, and we want to get them on every computer we can.  The problem comes from how to get all of those individualized services onto a 'new' computer that has come under our purview.

For a new computer, we normally want to add (at a minimum) the following to every computer we manage:

  • A local 'CR Administrator' admin account
  • Access via Remote Management and SSH
  • Watchman Monitoring
  • Gruntwork

Optional pieces include:

  • Bomgar (for secure Remote Access)
  • MDM management of choice: Right now we are starting to use FileWave.

We've seen if we try to install all of this on a single computer, it can take ~5-10 minutes per computer.  Then add time for making sure you have all the correct installers.  Then add time to juggle kicking the user off the computer for that time.  Then add time to make sure all the installers properly installed.  Then multiply for all computers you need to touch.

...it adds up.  All the more reason to automate this process.

We ended up going the route of using both shell scripting and then remote installation after the fact w/ FileWave.  So, we scripted the installation of the cradmin account, ARD and SSH access, and the installation of the FileWave client.  Afterwards, FileWave automatically installs the Watchman Monitoring agent, the Gruntwork agent, and the Bomgar agent after we move the respective computer into their assigned Client Group in FileWave.

 

Pre-Work:  Create a public web server for hosting flat files for download

We needed a central repository to download all of these various installers, and ended up deciding on Amazon Web Services' S3 service.  It is able to store all of our necessary packages and dmg's needed for install (on the cheap), so we store everything there.

Part 1: Creating the necessary 'CR Administrator' local admin account

Easily done by using CreateUserPkg, an application that will generate a pkg installer for creation of any local user account you specify.   We specify admin rights, our company's logo, and a UID less than 500, to keep it hidden from the login window for most of our customers.

Part 2: Scripting installation of cradmin, access to ARD and SSH, and FileWave installation

Once the cradmin installer is generated and uploaded to your public web server, do the same for the FileWave installer.  Afterwards, we wrote a script that downloads the cradmin installer to a hidden directory, installed, then removed.  Once installed, some commands are run to give cradmin Apple Remote Management and SSH access.  Finally, the FileWave installer (which has been customized for our specific settings) is taken care of the same way as cradmin: download the FileWave installer to a hidden directory, installed, and the remove it.

#!/bin/bash
# Deploy cradmin, ARD and SSH access for cradmin, and the FileWave client.

# CRADMIN
###Install CR Administrator account
# Part 1: Download cradmin installer from AWS instance to /tmp.
/usr/bin/curl [CRADMIN URL TO DOWNLOAD FROM] > /tmp/create_cradmin_kala-1.1.pkg
# Part 2: Install then remove package
/usr/sbin/installer -target / -pkg /tmp/create_cradmin_kala-1.1.pkg
/bin/rm /tmp/create_cradmin_kala-1.1.pkg

###Enable ARD and SSH for CRADMIN user
#Enable ARD for Specific Users
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers
#Enable ARD Agent for CRADMIN
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users cradmin -privs -all -restart -agent -menu
#Enable SSH
systemsetup -setremotelogin on
#Create SSH Group
dseditgroup -o create -q com.apple.access_ssh
#Add CRADMIN to SSH Group
dseditgroup -o edit -a cradmin -t user com.apple.access_ssh

###Install FileWave Custom Installer
# Part 1: Download FW installer from AWS instance to /tmp.
/usr/bin/curl [FILEWAVE URL TO DOWNLOAD FROM] > /tmp/FileWaveClient10.1.1_fw.crtg.io.pkg
# Part 2: Install then remove package.
/usr/sbin/installer -target / -pkg /tmp/FileWaveClient10.1.1_fw.crtg.io.pkg
/bin/rm /tmp/FileWaveClient10.1.1_fw.crtg.io.pkg

 

Part 3: Use FileWave to install Watchman Monitoring, Gruntwork and Bomgar

Now that we have the custom FileWave client installed, its already been enrolled into our system, so we can have it do the rest of the work for us.  In FileWave, we created a Client Group for all of the computers we are enrolling, so we can mass deploy instead of individually.  We also created Fileset of all the necessary installers, in this case, the individual pkgs uploaded to the FileWave server for install, customized for our clients preferences/name.

Once the FileSet is complete, we then associate the Client Group to the Fileset.  This way, when the client checks in to the FileWave server, they will see they have applications that need install, download the 3 installers, and install them, all without needing the extra hands on massaging.

 

Sure, we could script absolutely everything into a single installer to get it all taken care of, but we split it up this way for a few reasons:

  1. Ease of quick installation.  The initial installation of cradmin/ARD/SSH/FileWave is done by building the shell script into a single pkg installer that anyone can trigger if they have the existing admin rights.  This way, we don't even need to be hands on with the computer!  We could just email the installer or a download link to a new customer, and they can install it themselves.  All thats needed on our part is to move the client into the respective Client Group in FileWave after the fact.
  2. Make sure that there aren't any hiccups w/ the FileWave Client not being able to talk to our FileWave server.  If we notice that the client hasn't enrolled in the server after a few minutes, we know there is probably some networking issue we need to tackle.
  3. Im not a master at writing scripts, so using FileWave makes it easy, especially when juggling multiple hundreds of computers.  Time is a luxury :)

Naturally, we've tweaked this to make it work for us, but I would love to hear of different processes that others might have put to use (if anyone reads this :D )

Posted
AuthorMike Muir
Tagswatchman, gruntwork, FileWave, automation
CommentPost a comment

Allowing Ping on a Sonicwall From the Public

In case you are using an uptime monitor such as uptimerobot.com, you may want to monitor your primary firewall, in our case a Sonicwall.  However, its a good practice to not allow the whole of the internet to be able to ping your box.

As such, we are able to edit firewall rules to only allow ping connections from specific IP addresses:

  • Determine the public IP addresses your uptime monitor uses.
  • Login to your Sonicwall to create all of the necessary WAN address objects, then create a Address Object Group from the define objects.
  • Navigate to Network>Interfaces, then edit the X1 Interface and enable the Ping checkbox.  This creates a firewall rule for WAN>WAN:
    • Source Port: Any
    • Service: Ping
    • Source: Any
    • Destination: All X1 Management IP
  • You will want to edit 'Source' to the Address Object Group you previously created, save, and you're done.
Posted
AuthorMike Muir
CommentPost a comment

Fixing web based third party services after upgrading to OS X Server 5

For the most part, Server 5 has been a pleasant upgrade, but there was one rather major change that caused some headaches, especially when third-party web services are hosted on it, such as WebHelpDesk, JAMF Casper Suite, anything tomcat, etc...

Previously, all web services hosted by OS X Server were being leveraged by an Apache backend.  As such, you normally had to disable apache altogether with the following command:   

sudo apachectl stop

Unfortunately, this no longer works.  After much researching online I stumbled across this article from krypted.com: http://krypted.com/mac-security/troubleshooting-apache-proxies-and-tomcat-in-os-x-server-5/

Essentially, apache in OS X Server 5 is now acting as a proxy, so all web traffic goes through it first, not just HTTP(s) but other popular web ports as well: 80, 443, 8008, 8800, 8443, and 8843. As such, the trick is to tell Apache to not listen on the ports you need.

Simply edit the following file with your text editor of choice (vi, nano, etc): /Library/Server/Web/Config/Proxy/apache_serverproxy.conf

Navigate down about 10 lines to where you see the various 'listen [port]' lines.  Comment out those lines by adding a # in front of them.  For example, if you want to pass 8443 on to your Casper JSS, edit 'listen 8443' to show '#listen 8443'.  Once done, save the edit, restart the server and you should be good to go!

Posted
AuthorMike Muir
CategoriesTech Geekery
TagsServer, Web, Apache
CommentPost a comment