Surviving OS X as a Windows Admin

Dell World User Forum
UFIL522: Surviving OS X as a Windows Admin
Jeffrey J Hoover, Senior Trainer
Michael Klocek, Learning Development
Dell World
User Forum

Agenda
• Comparing OSX & Windows
• Permissions
• Preferences
• Security
• Launchd

Comparing OSX &
Windows

Buttons & Windows
• A bit different

Menus
• At the top of the screen
• Varies by Application
• Standards

Dock
• Shows Running or saved items
• Configurable

Navigation
• Program Switching
– Command-Tab
– Click on Dock Icon
• Program Launching
– Dock
– Launchpad
– Spotlight
– Finder double-click
• Finding Files
– Finder Navigation
– Finder Search/Spotlight
– /usr/bin/find
› $ find /Library -name "AMP*" -print

General Concepts
• It’s like Windows, only different
– Some people say very different
– Others say not so much
• Windows is a GUI with a command line option
• OS X is a GUI running on Unix
• K1000 needs command lines

Comparisons
OS X Windows
Terminal Command Prompt
Disk Image (DMG) ISO
Command Key Control Key
Command-C Control-C
Finder Windows Explorer
Safari IE
Firefox Firefox
System Preferences Control Panels
.APP .EXE
Menu Start
OS X Windows
ls (UNIX command) dir (DOS command)
/Volumes/ C:
/
daemon Service
Plist files for configuration Registry files for configuration
/System C:Windows
Dock Task Bar
App wide Menus Window Menus
Get Info Properties
Folders (Finder) Directories

Example Keyboard Shortcuts (Boot)
Option Display all bootable volumes (Startup Manager)
Shift Perform a Safe Boot (start up in Safe Mode)
Left Shift Prevent automatic login
C Start from bootable media (DVD, CD, USB thumb drive, and so forth)
T Start in FireWire target disk mode
N Start from NetBoot server
X Force Mac OS X startup (if non-Mac OS X startup volumes are present)
D Use Apple Hardware Test
Command-R Use Recovery (OS X Lion or later)
Command-V Start in Verbose Mode
Command-S Start in Single User Mode
Command-Option-P-R Reset NVRAM / parameter RAM
Hold down the Media Eject (⏏) key or
F12 key, or mouse or trackpad button
Eject removable discs

Keyboard Shortcuts
Key Name Note
⌘ Command key Could also have (Apple Logo)
^ Control key
⌥ Option key Could also have ‘alt’
⇧ Shift key
⇪ Caps Lock
fn Function key
⏏ Eject key Makes the ‘F’ keys dual purpose

Demo: Navigation

Deeper into OS X
• File System
• Terminal
• Library Directories
• Permissions and ownership
• Preferences & Property Lists (plists)
• Security

File System
• Command line is essential for KACE
• Unix
– FreeBSD/Darwin distribution
– Case Sensitive
– Forward Slashes

Structure
File structure starts at the
Root of the Drive. Not much
is visible in the GUI, but the
command line reveals more.

Terminal
• Command line is the way to go with the K1000
• Shell
– Think: CMD or PowerShell
– OS X supports: bash (default), csh, ksh, sh, tsch, & zsh
• Manual Pages ‘/usr/bin/man’
– e.g., ‘man ls’ will show you the manual for the ls command
• Navigation is similar, but listing the directory contents is different
– cd = change directory.
– $ cd /Library will take you to the /Library directory
– ls = list. Similar to dir command.
– ifconfig = ipconfig

Bash Tricks & Survival
• !$ - Use the last ‘noun’ in history.
– $ ls /bin #shows the list of the /bin directory
– $ cd !$ #Changes to the /bin directory
• ~ - shortcut to current user’s home directory
– cd ~Library #changes to the local user’s /Library
• . - current directory
• .. – parent directory
17

Terminal Tricks (bash)
. Current directory $ open .
.. Parent directory $ cd ..
!7 Rerun 7th command in history $ !7
!! Repeat the last command $ sudo !!
!$ Use the last noun used $
History 10 Show the last 10 commands
!grep Run the last command that
started with ‘grep’
$ !grep
grep 389/etc/services
<tab> Autocomplete /Lib<tab>
<arrow up> scroll through history
./ Execute something in the current
directory
$ ./AMPTools set HOST=kbox.example.com

Terminal Tricks (bash)
dirs show directory stack $ dirs
pushd Push a directory into stack $ pushd ~/Library/Preferences
popd cd to the next dir in stack $ popd
grep Search for something $ grep 389 /etc/services
| pipe – execute another
command on the output
$ ps –ax | grep AMP
^x^y Replaces x with y in previous
command
$ cat fiel
$ ^fiel^file
> Redirect output $ cat etc/hosts > /tmp/hosts.txt
; Separate two commands $ uptime > uptime.txt ; cat uptime.txt
sudo Run command with Admin
Privileges
$ sudo make me a sandwich

Demo: Terminal
Commands

Library
• Library directories are the home to:
– Configuration files
– Fonts
– Plug-ins
– Preferences
– Scripts
– …and more.
• Several different Library directories on the system:
– System
– Network
– Local
– User

Library
• /Library
– Local Library for application, developer, and all user use
– Typically the best place for Fonts, Plug-ins, and other resources
needed by all users.
– Has Application Support and Preferences
– Non dynamic path
• ~/Library
– User Library
– Dynamic Path
– Usually used for user preferences and other user items

/Network/Library
• Rarely used, requires Directory binding
• Usually the last place something is looked for

~/ (User’s Home)
• User’s files
• Default folder structure
• ~/Library is hidden by
default
• Mail
• Preferences
• User Application Settings
(Application Support)

Permissions

Permissions
• GUI
• Get Info…

Permissions
• UNIX File Permisions
– /bin/chmod to Change
› chmod 775 ~/Documents
› chmod +rw ~/Documents

Ownership
• UNIX ownership Rules
– Owner and Group
• /bin/chown to Change
– chown root:wheel /Library/LaunchAgents/foobar.plist

Demo: Permissions

Preferences

System Preferences
• Apple Control Panels
• Third Party Control Panels
• Most write to plists or other config files

System Preferences

Demo: Add User

Demo: Enable SSH

Preferences
• Behind the GUI
• PLIST (Property List) files are like Registry Keys
– Not mandatory, but wide-spread
• Checks in ~/Library first, then /Library
• ~/Library/Preferences/com.apple.finder.plist
– Contains information about windows, Desktop, icons, views, etc.

PropertyList files
• XML or binary based
• Change or view with
– /usr/bin/defaults
– /usr/libexec/PlistBuddy
– Text Editor
– XCode

/usr/bin/defaults
• defaults read – list values
– $defaults read com.apple.finder CreateDesktop
– 1
• defaults write – change value
– $defaults write com.apple.finder CreateDesktop -bool false
• May need to restart effected process
– $killall Finder
› This works because the finder is monitored by launchd and always kept running

/usr/bin/defaults
• Don’t use defaults if there is a command write to do it…
• Return System Name
1. PlistBuddy -c 'Print System:System:ComputerName'
/Library/Preferences/SystemConfiguration/preferences.plist
2. system_profiler SPSoftwareDataType |grep Computer|awk '{ print $3 }’
3. defaults read /Library/Preferences/SystemConfiguration/preferences.plist System
|grep "ComputerName =" |awk '{ print $3 }'|sed s/"//g | cut -f 1 -d';’
4. scutil --get ComputerName

Demo: Defaults

Security

Security
• Standard Sysadmin procedures and policies apply
• Gatekeeper (authorized Apps)
• FileVault (Disk Encryption)
• Certs and Keychains

Security – Standards
• Create a Separate Administrator Account
System Preferences > Users & Groups
• Disable Automatic Login
System Preferences > Users & Groups (Login Options)
• Require Password Lock when Sleeping
System Preferences > Security & Privacy > General
• Require Password to Modify Preferences
System Preferences > Security & Privacy > General
• Block All Incoming Connections
System Preferences > Security & Privacy > Firewall (Advanced)
• Do Not Allow Safari to Open Safe Files
Safari > Preferences > General
• Update Software Regularly
System Preferences > Software Update

GateKeeper
"Gatekeeper is a new feature in Mountain Lion and OS X Lion v10.7.5 that builds on OS X's existing
malware checks to help protect your Mac from malware and misbehaving apps downloaded from
the Internet." --Apple
• Relies on Certs between the Developer and Apple.
• It is there for a reason… but it can get in the way.

Gatekeeper
• System Preferences
– Security level
• Anything new may get caught.
• Some things are quarantined

Gatekeeper
• You may have seen these:

Gatekeeper
• Get around it by right-clicking (control-click) and choose Open
• Then confirm you meant to open that

Gatekeeper
• If cert isn’t present or valid, gatekeeper interrupts and Quarantines the application
• Quarantines can be manipulated using /usr/bin/xattr

FileVault 2
• Disk Encryption
“FileVault 2 uses full disk, XTS-AES 128 encryption to help keep your data secure. With FileVault
2 you can encrypt the contents of your entire drive.”
• Lion & Mountian Lion only (10.7+)
• Recovery Key! Don’t lose it!
• FileVault originally only encrypted User’s Home directory.

FileVault 2
• Recovery Key! Don’t lose it!

Keychain

Keychain
• Keychain Access.app
– Holds passwords (that you choose to have the system save)
– Certificates
– Secure Notes, etc.
– Can be leveraged via Command line for Scripts
› you read the username like this from the command line
security find-internet-password -s ftp.home.com | grep "acct" | cut -d
'"' -f 4
› The service is what you entered in keychain, but without the prefix. And finally your password
security 2>&1 >/dev/null find-internet-password -gs ftp.home.com | cut
-d '"' -f 2
› That’s all. No more plain text passwords in your script.

Launchd
(Like Services in
Windows)

/sbin/launchd
• Service management framework
• Always running
• Monitors processes
• Scheduled actions
• Daemons run across the system
• Agents run as the User

/sbin/launchd
• Agent files
• ~/Library/LaunchAgents/ ... .plist
• /Library/LaunchAgents/ ... .plist
• /Library/LaunchDaemons/ ... .plist
• /System/Library/LaunchAgents/ ... .plist
• /System/Library/LaunchDaemons/ ... .plist
• /Network/Library/LaunchAgents/ ... .plist

/sbin/launchd
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.kace.ampagent</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Dell/KACE/bin/AMPAgent</string>
</array>
<key>WorkingDirectory</key>
<string>/Library/Application Support/Dell/KACE/bin</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
</dict>
</plist>

Demo: Launchd

Round-Table Discussion
Topics for discussion:
• Differences in K1 Management of MacOS
– Patching
– Software Distribution
– Scripting
• How does Netboot work?

Thank you.

KACE Support Portal Migrating to Dell Software Support Portal
• Starting in November, all KACE
Support Portal material will be
migrated to the Dell Software Support
Portal
• All service requests will be submitted
online or by phone
• Same great content
– Knowledge base articles
– Video tutorials
– Product documentation
– JumpStart training
• Check out the Support Portal Getting
Started videos

Surviving OS X as a Windows Admin

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Viewers also liked

Viewers also liked (20)

Similar to Surviving OS X as a Windows Admin

Similar to Surviving OS X as a Windows Admin (20)

More from Dell World

More from Dell World (20)

Recently uploaded

Recently uploaded (20)

Surviving OS X as a Windows Admin

Editor's Notes