[factor]

[QUOTE][u]Quote by: Flash[/u][p]
My “too-smart-for-their-own-good” students have found yet another method to run apps which are blocked by MCX settings. Any brilliant ideas how to stop this, besides taking away access to Keyboard & Mouse pane? Blocked apps will launch flawlessly if the user merely sets their right button to open the blocked app.

[b]What doesn’t work:[/b]
1. Deleting Dashboard from the Apps folder does not keep them from running Dashboard with the above right button method. I cannot explain this. Perhaps there is binary somewhere that needs to be deleted?

2. Custom Dashboard and AppleHIDMouse plists in the Details tab of Group Preferences. For instance, a Dashboard plist Key “mcx-disabled”, Type boolean, with Value=true. Or forcing the right button to a certain value. These prefs are forcibly applied at login, but that doesn’t stop the student from changing it for that session.

Please, help me outsmart these aspiring Milnicks.[/p][/QUOTE]

Dashboard widgets don’t run too well without this:
/System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app

(do a “ps -a” after you have had the Dashboard open)
Haven’t tried removing it (I don’t have the need) your Mac may or may not be happy after that.

Note — the reason the “/Applicaitons/Dashboard.app” thingo isn’t actually required is that the widgets are not child processes of such a program, they are child processes of the Dock but simply display on a virtual desktop. Dashboard appears to be tied right into the windowserver.

[factor]

[QUOTE][u]Quote by: drbruhn[/u][p]Good evening, everyone,

Our shop is switching over to using authentication via Active Directory on our 10.4.X machines, and there’s one nagging little problem that we’ve been coming across. We have multiple printers defined on the client Macs. How do we set a particular printer to be the default for each new user that logs in?

Thanks!
Dave[/p][/QUOTE]

~/.lpoptions
for each user.

So if you want to set it per machine you will need a login script that writes this file to the user’s home directory based on the machine they are at.

[factor]

[QUOTE][u]Quote by: coolpor2[/u][p]Mactroll;

I’ve managed to get verbose output from the NB startup on the client. It’s gets an IP from our dhcp server, locates the path of the image on the server
but then spits out RPC timeout error. On Bombich.com he says that this is likely a NFS issue, but I’ve managed to run the mnt commands he suggest
to check nfs connectivity when booted locally on the client machines. aaargh!!![/p][/QUOTE]

I would guess that your mach.macosx.mkext in the i386 directory on the server (that gets sucked down by TFTP) doesn’t have all the required networking type bits in it.

That is — you are getting the kernel initial boot image via TFTP, and the kernel has started to spit some stuff out (boot loader has relinquished control, kernel has taken over), it then goes looking for the “/” root directory. The kernel cannot do the NFS connection bit though because some part of the network card driver or network filesystem driver is missing (kext cache needs to be built specially to support NFS boot — see the bottom of the Bombich article I think).

[factor]

[QUOTE][u]Quote by: -mcg-[/u][p]Taking this concept one step further…

How would one go about moving the software updates from from an Internet accessible server running Apple’s SUS to a [i]non[/i]-Internet accessible server in an attempt to host a mirror of the Apple SUS updates. Think unclassified to classified networks here.
-mcg-[/p][/QUOTE]

As you don’t actually want the synching thingo to be working on your internal network, just a copy of the files which get served up to a client ? —

SoftwareUpdateServer, as seen by the client is just a webserver. A webserver that includes a file index.sucatalog which references from where the client should download all the other bits. You will need to parse/sed the index.sucatalog file to manipulate the download locations to point to the locations on your internal server.

All you need to copy across is the index.sucatalog file and the “downloads” directory (which lives next to the index.sucatalog file).

After you have that stuff, throw it up on any internal webserver. Make sure the index.sucatalog is pointing back to the internal webserver (open it, read it, just XML). Then point your clients to use this index.sucatalog for their software updates (/Library/Preferences/com.apple.SoftwareUpdate.plist)

Of course if you were really doing this on a “secure” network you would want to check the signatures of all the files after you had brought them onto the secure network but before you published them.

[factor]

[code]
chmod +a “usernameofowner allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,file_inherit,directory_inherit” directoryname

chmod +a “everyone allow add_file,search,add_subdirectory” directoryname
[/code]

Make sure that the unix permissions are set to either drwx-wx-wx or drwx—— to use the above. Otherwise you will need to throw in appropriate denys as well.

I was surprised that a Google for anything along the lines of: example acl Mac OS X server Drop Box / DropBox, didn’t return anything useful.

So after some thinking + fiddling (unfortunately the docs were insufficiently specific/accurate to allow solution by thinking alone …) I decided on the above.

Note “search” maps to the old ‘x’ on a directory (can change into / work with the directory but cannot list the contents), “list” maps to the old ‘r’ for a directory.

[Author]

Posts