This article is the outgrowth of some work I did for a customer in recent weeks.  Big companies are buying iPhones by the truckload to use in their architecture.  These same companies have enough employees to make centralized iPhone activation a little unrealistic.  Throw in a heterogeneous OS client environment and, well, system administrators want to know i) how to deploy iTunes for Windows so their users can activate their iPhones themselves and ii) how to enforce pre-configured parental controls on iTunes for Windows.

In Mac OS X 10.2.2 journaling was added to the Mac OS X Extended file system (I first read about it here on afp548). Journaling introduced a lot of great stuff, most notably improved resiliency to crashing. This resiliancy comes from the fact that a journaled file system uses part of a disk to write changes that are intended to go into the actual file system. This way if a crash occurs while a transaction to the file system is occurring the file system will usually easily and quickly recover by using the journal to bring the file system back into a consistent state.

Read on for more…

Snow Leopard comes with a great little new command in mcxrefresh, which as you might have guessed refreshes policy information. This allows you to request a new set of policies and provided the command returns with no errors the process has completed successfully (exit's 0). Use a UID using the -u option and use a short name using the -n option:

mcxrefresh -n cedge

You can also use the -a option, which prompts for authentication when dealing with Active Directory. There's not really a lot to mcxrefresh, but what there is turns out to be really useful.

The networksetup command is pretty useful for deploying static network information, which is otherwise tedious (to say the least).  In Mac OS X 10.6 there are three major additions to networksetup that have not gotten a lot of attention yet.  The first is that you can now use networksetup to import and export 802.1x profiles (and link them to certificates that you import from pkcs12 into Keychain), which will hopefully ease implementation burdens for environments with supported 802.1x setups.  The second is that networksetup can now be used to manage a Baseboard Management Controller (BMC), which is the chip that enables ipmi/Lights Out Management.  The third new option is the addition of network locations control from within networksetup.  This means that networksetup can now be used to configure basically the entire network stack. 

Read on for more…

On Mac OS X 10.5, if you connect two different ports on a host to two different networks and assign them with two different IP schemes then only one can act as the default gateway.  This means that any incoming packets will all, by default, get responded to over the default gateway; despite which interface the packets came in on.  You can customize your routing table using the route command but this can be tedious and doesn't always necessarily net the desired results.

Read on for a bit more…

Apple has moved Directory Utility from /Applications/Utilities/ to /System/Library/CoreServices/ .

It can also be accessed through the Accounts System Preference by going to Login Options and clicking "Edit" next to the network account server at the bottom. There is an "Open Directory Utility…" button there.

 It also appears that Firmware updates have a new location in a folder in CoreServices, which is rather nice. 

Next up, it looks as though the Kerberos application has been renamed "Ticket Viewer".

The 10.5 only application "Directory" seems to be missing in action. I was hoping that its functionality was merged into Address Book, but it does not appear to be the case.

 Please add any others in the comments below. 

A number of you may have noticed the article on ZDNet that stated that Mac OS X now has built in Malware protection (actually, I guess Intego made it public).  Despite the fact that the articles from Intego and then ZDNet were written prior to the release of the actual operating system (in their defense it was only 3 days prior) they have a point. They were also correct in that this isn't using a standard anti-virus engine such as ClamAV (which many think should be included by default in both Client and Server rather than as just a mail plug-in for Server)…  So what is this new anti-malware tool and what's it doing?

Apple has made documentation available for 10.6, which is available here..

http://www.apple.com/server/macosx/resources/documentation.html

 At first glance, it appears to be a vast improvement from the documentation of 10.0-5, going into the detail of the different relationships between applications, as well as breaking out several applications that used to be grouped together. 

In a number of contexts, we hear about directory services plug-ins. A directory services plug-in is a way for a Mac OS X computer to leverage the DirectoryServices daemon to obtain account information (be it authentication or policy information) from a server. This might be an Active Directory server that uses the Active Directory Plug-in or an Open Directory server that uses LDAP. You disable plug-ins that you don't need and enable plug-ins (ie Active Directory plug-in or third party plug-ins) that you need in order to access directory services of various types.  These plug-ins are developed in the form of .dsplug files. The default plug-ins that Apple includes with Mac OS X are located in the /System/Library/Frameworks/DirectoryService.framework/Versions/A/Resources/Plugins folder in Mac OS X. Any .dsplug file stored in this directory will be loaded as a plug-in, assuming it matches the parameters laid out in the DirectoryServices API.

 Ed. Note: This is a fairly common question that we get. Sizing is always a pain, especially when you're moving into a new setup. So if you have any wisdom on the matter, please post in the comments.

We are a K-12 school (K-8 at one site and 6-12 at the other) that is using a Mac Pro at each site to house home folders as well as run OD

My first question is this:  Should one server be handling both of these tasks?  If not, is there a economical way to change this.  I ask because when a class atempts to logon, there is a serious bottle-neck!  To eliminate this at one site, I made the older students (that have larger home folders) mobile with assigned seating in the lab of iMacs.  This seems to have solved the speed issue and I'd like to try something similar at the other site which has a laptop cart of macbooks as its lab. 

So here's the second question: How many accounts can live on a single workstation and work well?

Any help you could offer would be great!

Server & Clients 10.5.6