PDA

View Full Version : Remote OS X installs: reloaded



unclemac
04-02-2004, 11:20 AM
Hi all,

For anyone that remembers my saga (http://forums.macgurus.com/eve/ubb.x?a=tpc&s=40160367&f=70160549&m=56160549) from last year. . . it is that time again. This year we hope to push out an image with MacAdministrator (http://www.hi-resolution.com/products_admin_features.html#SoftwareDistribution) . There are others out there, including LanDesk, Filewave, and RsyncXCD, etc. MacAdmin seemed to be the best combination of features vs. cost.

Recap of last year: It was a resounding success, but many lessons learned along the way. Having all users as admin users has been a real hassle to actually admin, but several times better than what was done previoiusly: wide open on OS 9. We used a couple apps (LameSecure, Fruitmenu, and X Overload) to help lock down the most dangerous things, like Software Updater, Energy Saver, etc., but so much was still wide open.

Looks like we can finally have managed accounts with Panther, although still a few features and apps left to test. Still need Fruitmenu to lock out Software Update from the Apple menu. Also love the fact that you can display the machine active IP in the Apple menu; if the machine loses connectivity for any reason, including IP conflict, it says "no IP address". Timbuktu 6.0.3 is working nicely with 10.3.3, but not with fast user switching. . . if you connect to a machine, and then switch users via Timbuktu, the second user is "Look Only" - so you have locked yourself out of the machine. Dohh!

As a managed user, the Network system preference is always lcoked, and admin authentication is required. Not giving out admin password ever, so we need a work-around here. An Applescript to authenticate? Or to set the IP and network info? Anybody have a clever Idea?

Loading Norton AV, as we have seen a couple MS Orifice macro bugs. Not sure how to get it to run the automatic updater though. . . If the user is logged out, it does not run. If the user is logged in it will run, but still needs authentication. Have not really looked at this yet. . .bigger fish to fry right now.

unclemac
04-09-2004, 04:51 PM
Our image is just about complete. Always little tweaks.

At this point, we have two managed accounts, one admin, and root is not authenticated. Using the Limitations built into the Users preference pane for managed accounts, the current access level looks like this:

Apps managed users can run:
Calculator
DVD Player
Filemaker Pro
FirstClass
Firefox
Fontbook
ical
ichat AV
image capture
Internet Connect
Internet Explorer
iphoto
Norton Anti-virus
Norton live update
Preview
QuickTime Player
Reader
Real
RDC Access
Office (Word, Excel, PP)
Safari
Sherlock
Stickies
System Preferences (limited access)
Text Editor
Timbuktu (look only)
Windows Media Player

Utilities:
Airport Admin/Setup
Bluetooth
Colorsync
Grab
Keychain Access
Network Utility
Printer Setup Utility
Stuffit


Apps managed users cannot run:
Address book
Applescript Editor
iDVD
iMovie
iTune
Mail

Utilities:
Activity Monitor
Norton Scheduler
Console
Terminal
DisK Copy
Disk Utility
Installer
Netinfo Manager
ODBC Admin

And a coworker wrote a pretty slick Applescript to allow a managed user to get access to system prefs that are locked, and not need an admin password. Check it out at
Macscripter.com (http://bbs.applescript.net/posting.php)

On a security note, our little Applescript above is saved and run as a read only app. So when I tried to allow managed user access, I was surprised two times:

First, I could not enable it. Even though it was automatically detected and listed as an app it would not stay "checked" in the Users Sys Pref panel.

Second, even though not selected (because I was unable to) as an allowed or executable app, both managed users can run it.

Not sure what to make of that. Is it, or is it not an app? Why does it show as one, but it is not selectable? I do have Script Editor disabled, but it should not need Script editor to run. And it does run fine. Weird, and maybe a big hole; what else will run that is not "allowed" to be executed by the managed users???

Trojans and such? http://forums.macgurus.com/infopop/emoticons/icon_frown.gif

unclemac
05-10-2004, 09:57 AM
Update:

Been a while since I posted here cause we have been swamped. Shipped 22 new 14" ibooks on Friday, and another 16+ to go this week. Woohoo!

I pile of 30+ new ibooks is a sight to behold. :dance:

Have not posted more updates about user access to specific preference panes issues cause it has been a wild ride. Will get to that when I have a bit more time.

unclemac
01-04-2005, 10:40 AM
Well, it has been a busy year, and I have not made near the progress I had hoped for regarding imaging OS 10. Still using the old standbys: CCC, NetRestore, and 10.3 DU Restore to good effect. But all locally.

We have a decent assembly line for imaging HDs, but we really need a much more automated system. All of the the products (that I am aware of) have been progessing and evolving:

• Net Boot (OS X Server 10.3)
• MacAdministrator
• Casper
• FileWave
• RadMind

There are others too that I have not looked at much. Lotta stuff out there, none of it simple, and most of it is not cheap

Hope to see some demos and pick some brains at MWSF this year; our problem is that we need to get at machines all over different WANs, and most products are aimed more at typpical LANS - like schools.

And, there is at least one new comer:

Portlock Storage Manager


* News Flash (October 11, 2004):

Portlock Storage Manager is being ported to the PowerPC platform. This means that Portlock Software will be the only company with storage management and disaster recovery products support Linux, Mac OS X, NetWare and Windows for both the Intel and IBM processor platforms. We plan to support the following systems:
o Mac OS X
o RedHat Linux for PPC
o SuSE Linux for PPC
o Yellow Dog Linux for PPC

Potlock Storage Manger link. (http://www.portlock.com/products/stormgr/servertoserver.htm) Could be very interesting.

Using accurate system images, this bare-metal migration results in a very high-speed migration, duplicating all attributes to the new server, while minimizing hardware hassles. Servers can even be cloned across continents using TCP/IP.

Hmmmmm...... What about lil' ol' workstations?

Am very curious to see what Apple does with Net Boot in 10.4 Server. Maybe we will get a sneakpeak at MacWorld...one week to go.

Can't wait. :dance:

TZ
01-10-2005, 08:56 AM
Netopia [Expo Booth 749] plans to ship Timbuktu 8 in late February, integrating SSH support for "strong encryption", Rendezvous support, data compression, and a "Push Installer to "allow network administrators and IT managers to install Timbuktu Pro on remote computers that do not already have the software installed." (Pricing was not specified.)

They also have an Enterprise Edition.

www.netopia.com

unclemac
01-10-2005, 09:28 AM
Right up our alley. Still using TB2 6.0.3, so we are due for an upgrade.

TZ
01-11-2005, 06:21 AM
This site looks "brand new" and the software has not been around long... about a year. FileWave 1.0 currently, and now they are releasing 2.0 (but not until March)? What's up with that? Marketing! And 2.0 is shipping - "early March" sounds like they want some gullible customers to ante-up now and infuse some much needed "venture capital."

I would not bet on or trust it. Even their links to customer "success stories" don't work.

- TZ

FileWave 2.0, SQL-based Asset Trustee 7.0 announced
Tuesday, January 11, 2005 @ 12:30am

ÊFileWave today released FileWave 2.0, an update to its flagship software suite as well as Asset Trustee 7.0, an SQL-enabled version of the its hardware and software reporting tool.

FileWave 2.0 allows businesses of all sizes to distribute Macintosh and Windows software as well as System Updates easily and rapidly across their multi-platform distributed networks using FileWave 2.0's Patch Installer. FileWave XServer, one of its several modules, centrally stores all data relevant to end users, while intelligent FileWave Clients are installed on the end-user systems, allowing distribution of software and updates from a single location at any time.

FileWave is currently offering FileWave 2.0 free of-charge to qualified academic customers that sign up for a two-year support contract. It will ship in early March 2005.

FileWaveª gives network administrators the opportunity to concentrate on their daily core business by offering a mature and advanced solution for Software Distribution and Management.

FileWaveª helps small and large business to better compete in todays global markets by automating the following jobs.

Typical tasks for FileWaveª are:

¥ Installation and Upgrade of Applications
¥ Installation of Security Updates
¥ Installation and Update of Virus Protection Software
¥ Upgrade of the Operating System

http://www.filewave.com/documents/FW/FWDataSheet.pdf

http://www.filewave.com/products/fw_overview.html

The company also updated its cross-platform software and hardware Asset Inventory system, Asset Trustee 7.0. Also due in early March 2005, Asset Trustee supports Mac OS 9/X (Jaguar and Panther) and Windows 98/XP--with the ability to delive detailed hardware, software and configuration information for laptops, desktops and servers on the major desktop computing platforms. Version 7.0 incorporates an SQL backend database with a web-based PHP front end. FileWave also says that the software can build and save omplex queries for later reuse and that the results of all queries can be saved as text or in Microsoft Excel format.

Asset Trustee is designed for easy deployment on Mac OS 9/X and Windows based client computers. The Scanner, an automated agent installed on each computer in the enterprise, sends the information to the Asset Trustee PostOffice, a TCP/IP based server. After the PostOffice has processed the information from the Scanner, the Asset Trustee Inventory Database automatically imports incoming scanned data from the Scanners. Reports are generated from the Inventory Database. Pricing is based on the number of Scanners installed.

n existence since 1993, Asset Trusteeª is designed to help organizations maximize their IT investments by providing comprehensive hardware and software inventory for troubleshooting and auditing desktops. Asset Trusteeª customers are able to:

¥ Reduce unnecessary software costs
¥ Accurately budget for software purchases
¥ Reallocate underutilized software
¥ Reduce costs with accurate asset analysis
¥ Proactively manage software contracts

http://www.filewave.com/products/at_overview.html

unclemac
01-11-2005, 10:32 PM
Thanks TZ. Talked with these guys quite a bit today at their booth. They were here last year too... Not sure what to make of them. Alot of the admin tools in this sector for OS X in their infancy. Hard to tell who will make it.

More to report later.

TZ
03-02-2005, 01:20 PM
Wanted to be sure you saw the news about Timbuktu Pro 8 :D

unclemac
03-02-2005, 02:21 PM
Saw it and we already got a quote to upgrade. Thanks for the heads up.

175 user seats. More fun!

P.S.: will have some good updates to add here in the near future I hope. Been making slow but steady progress in our cloning and user access tweaking skills. Most of the old hacks have been replaced with actual procedures. Stay tuned.