PowerPoint Presentation


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

PowerPoint Presentation

  1. 1. Managing a Mac Lab: Tips to Make Life Easier Helen Siukola Jancich Anastasia Trekles Purdue University Calumet
  2. 2. Workshop Outline <ul><li>Introductions </li></ul><ul><li>What’s the Mac Environment Like at Your School? </li></ul><ul><li>Options for Imaging and Restoring Lab Drives </li></ul><ul><li>NetBoot & NetRestore </li></ul><ul><li>Mac OS X, Users, and Security </li></ul><ul><li>Other Lab Management Tricks from the Battlefield </li></ul><ul><li>Featured Software and Resources </li></ul>
  3. 3. How’s Your Macs? <ul><li>Every institution has its own lab and network configurations, making almost everyone’s situation unique </li></ul><ul><li>We may not get to cover every possible configuration during the workshop, but you are encouraged to visit http://www.bombich.com and http://www.macosxlabs.com to find scripts, articles, advice, and more to fit your exact needs </li></ul>
  4. 4. Our Mac Environment <ul><li>At Purdue Calumet, we have: </li></ul><ul><ul><li>Novell Services almost exclusively for Windows users (the majority on campus) </li></ul></ul><ul><ul><li>1 Xserve (10.3) and 1 Mac OS X 10.2 server for 3 websites, FTP, Apple File Services, and SMTP & POP Mail services </li></ul></ul><ul><ul><li>4 Mac labs of varying sizes (largest holds 25 Macs) </li></ul></ul><ul><ul><li>About 20 faculty and staff using Macs in their offices </li></ul></ul>
  5. 5. Our Mac Environment <ul><li>The Mac network is separate without the Novell client software </li></ul><ul><li>We manage our own users for OSX server access </li></ul><ul><li>Lab computers have a universal “student” login rather than authentication through LDAP - this would be possible, however, if the Novell server admins would allow access </li></ul>
  6. 6. Imaging and Restoring <ul><li>Mac clients all share almost the same software configuration </li></ul><ul><li>Differences between models and lab needs are handled with multiple drive images </li></ul><ul><li>Currently there are four images distributed across campus Mac labs </li></ul>
  7. 7. Imaging Drives - Basic Steps <ul><li>Take any Mac similar to your lab computers, and partition it into two drives (also works with an external Firewire drive) </li></ul><ul><li>Build the lab drive and install software as needed </li></ul><ul><li>Set up users and system and program preferences </li></ul><ul><li>Restart from the other partition </li></ul><ul><li>Use either Disk Utility, Disk Copy, or NetRestore Helper to make an image of the lab drive partition </li></ul>
  8. 8. Imaging Drives - Notes <ul><li>Don’t use a different OS from the lab drive’s to make the image </li></ul><ul><li>To save some time, create the lab image on a local drive first, then copy it to the network once it’s created if needed </li></ul><ul><li>OS9 Users: Disk Copy limits you to 2GB unless you have Disk Copy 6.4 </li></ul><ul><ul><li>Get it here: http://homepage.mac.com/alk/personal/stuff.html </li></ul></ul><ul><ul><li>You’ll also need to use ASR 2.2.4 or higher to restore </li></ul></ul>
  9. 9. Restoring Drives <ul><li>OS9 : ASR 2.2.4 or higher for drive images over 2GB </li></ul><ul><li>Mac OS X 10.1 : ASR 2.2.4 or asr at command line </li></ul><ul><li>Mac OS X 10.2 : ImageJaguar script (get it from http://www.versiontracker.com ), asr command line, or NetRestore (recommended) </li></ul><ul><li>Mac OS X 10.3 : Disk Utility (rec.), asr, or NetRestore (rec.) </li></ul>
  10. 10. Restoring Drives - Notes <ul><li>You should use the same OS as the OS version of the drive image being restored, especially under Mac OS X (sub-versions, like 10.3.x also count in most cases) </li></ul><ul><li>For large images, local restore from a Firewire drive or CD/DVD is fastest </li></ul><ul><li>Use BootCD to create a startup disk for OSX (again, create your BootCD from the same OS as the drive image) </li></ul>
  11. 11. NetBoot and NetRestore <ul><li>NetRestore Helper can create NetBoot sets to load into your /Library/NetBoot/NetBootSP0 directory on your NetBoot server (login as root) </li></ul><ul><li>Use OS X Server 10.2 or higher for best results </li></ul><ul><li>Note that some older Macs can’t NetBoot with newer OS X Servers - restore locally instead </li></ul>
  12. 12. NetBoot and NetRestore <ul><li>To configure the NetInstall set with NetRestore: </li></ul><ul><ul><li>Place your restore image on a readily available network drive </li></ul></ul><ul><ul><li>Tell NetRestore where to find it and what the authentication is </li></ul></ul><ul><ul><li>Test and Save the configuration, and your NetInstall set is ready </li></ul></ul>
  13. 13. NetBoot and NetRestore <ul><li>For added security: </li></ul><ul><ul><li>Don’t make the NetInstall set your default </li></ul></ul><ul><ul><li>Create a special user whose only role is NetRestores and is the only one with access to the drive image </li></ul></ul><ul><ul><li>Keep the drive image on a private part of your network </li></ul></ul>
  14. 14. NetBoot and NetRestore <ul><li>Network speed and the size of the image will affect the amount of time you spend with NetBoot/NetRestore solutions </li></ul><ul><li>For a 14-station lab of slot-load Indigo iMacs at 10Mbps, it takes an average of 160-180 hours per station if they are all restoring at once </li></ul><ul><ul><li>(NetBoot is housed on a dual processor Xserve G5) </li></ul></ul>
  15. 15. Mac OS X, Users, and Security <ul><li>OSX allows more flexibility and security than ever before </li></ul><ul><li>You can have users log in using remotely-hosted information on LDAP or Active Directory servers </li></ul>
  16. 16. No Directory Access? <ul><li>Create universal local users with different privileges and preferences </li></ul><ul><li>Create a local user list and set System Prefs -> Accounts -> Login Options as “Name and Password” to prevent open listing of user accounts </li></ul>
  17. 17. Mac OS X, Users, and Security <ul><li>Securing Classic is important - if you don’t need it you might not even install a Classic System Folder </li></ul><ul><li>If you do need it, you can load your Classic folder into a read-only disk image and use ShadowClassic to make it usable </li></ul><ul><li>On any recent Apple Restore CD or DVD, get a ready-to-go Classic image from the “.images” invisible folder </li></ul>
  18. 18. Save Time and Money with Universal User Accounts <ul><li>Universal logins can make life difficult without DeepFreeze or another security/desktop management software </li></ul><ul><li>But, you can get around this and save some money! </li></ul><ul><li>Use LoginWindow Manager and a Logout Script as a hook to clean up the user’s home directory at each logout - “poor man’s DeepFreeze”! </li></ul>
  19. 19. The Poor Man’s DeepFreeze Logout Script <ul><li>Open Terminal and type sudo su to login as root </li></ul><ul><li>Enter the following commands (note that the generic name “student” is our user’s name - replace it as needed): </li></ul><ul><ul><li>Cd /var/root </li></ul></ul><ul><ul><li>Mkdir Scripts </li></ul></ul><ul><ul><li>Mkdir student </li></ul></ul><ul><ul><li>Cd Scripts </li></ul></ul>
  20. 20. The Poor Man’s DeepFreeze Logout Script <ul><li>Type pico logoutscript to create a placeholder file for the script: </li></ul><ul><ul><li>#!/bin/csh </li></ul></ul><ul><ul><li>Exit 0 </li></ul></ul><ul><li>Make it executable: chmod ugo+x logoutscript </li></ul><ul><li>Now copy the contents from the original account: </li></ul><ul><ul><li>Ditto -rsrcFork /Users/student /private/var/root/student </li></ul></ul><ul><li>Delete cache files for the account: </li></ul><ul><ul><li>Rm -R /private/var/root/student/Library/Caches/* </li></ul></ul>
  21. 21. <ul><li>Now for the script - pico logoutscript again and enter: </li></ul><ul><ul><li>#!/bin/csh </li></ul></ul><ul><ul><li>#Example user below has “short name” student </li></ul></ul><ul><ul><li>#full paths used for commands in case path variable is not set correctly </li></ul></ul><ul><ul><li>#login window passes the user name to the script via the variable $1 </li></ul></ul><ul><ul><li>If ( $1 == ‘student’ ) then </li></ul></ul><ul><ul><li>#first, unlock all files </li></ul></ul><ul><ul><li>/usr/bin/chflags -R nouchg /Users/student/* </li></ul></ul><ul><ul><li>/usr/bin/chflags -R nouchg /Users/student/.??* </li></ul></ul><ul><ul><li>#then, delete all the files </li></ul></ul><ul><ul><li>/bin/rm -R /Users/student/* </li></ul></ul><ul><ul><li>/bin/rm -R /Users/student/.??* </li></ul></ul><ul><ul><li>#ensure that the users directory exists </li></ul></ul><ul><ul><li>/bin/mkdir /Users/student/ </li></ul></ul><ul><ul><li>#copy the clean version of the student directory </li></ul></ul><ul><ul><li>/usr/bin/ditto -rsrcFork /private/var/root/student /Users/student </li></ul></ul><ul><ul><li>/usr/sbin/chown -R student:staff /Users/student </li></ul></ul><ul><ul><li>endif </li></ul></ul><ul><ul><li>exit 0 </li></ul></ul>
  22. 22. The Poor Man’s DeepFreeze Logout Script <ul><li>Use LoginWindow Manager from http://www.bombich.com to set /private/var/root/Scripts/logoutscript as your Logout hook </li></ul><ul><li>You can also add messages to the login window and more using this handy program </li></ul><ul><li>For added security, keep LoginWindow Manager in a secure place away from users </li></ul>
  23. 23. Tips from the Battlefield <ul><li>Three words: Apple Remote Desktop </li></ul><ul><li>Simple AppleScript knowledge is a huge help </li></ul><ul><ul><li>Inserted disks missing from the Desktop might be in /Volumes - create a script to open this directory for users to access their disks </li></ul></ul><ul><ul><li>AppleScript can also prompt users to authenticate to network volumes - works great for our PCounter server for authenticating to print </li></ul></ul><ul><li>Upgrade from older versions of OS X as soon as possible - you won’t be sorry! </li></ul>
  24. 24. Tips: Securing Printing <ul><li>Printers getting switched around or deleted? </li></ul><ul><li>In OS9 - avoid using Desktop Printing and lock or hide the Chooser </li></ul><ul><li>In OSX - secure Print Center </li></ul><ul><ul><li>Put Print Center (Printer Setup Utility in 10.3) in its own folder </li></ul></ul><ul><ul><li>As an admin, open Terminal </li></ul></ul><ul><ul><li>Type sudo chmod -R a-r nameoffolder </li></ul></ul><ul><ul><li>So, Print Center will keep working with given printer list, but users can’t change it or open the folder </li></ul></ul>
  25. 25. Tips: Hide a User <ul><li>To hide a user from the Login Window in OSX: </li></ul><ul><ul><li>Enable Root from NetInfo Manager as an administrator </li></ul></ul><ul><ul><li>Login as root and open NetInfo Manager again </li></ul></ul><ul><ul><li>Change the UID of the account in question to something less than 500, like 499 (take note of the original UID too) </li></ul></ul><ul><ul><li>Open Terminal and type (501 is the original UID and 499 is the new one): </li></ul></ul><ul><ul><ul><li>find / -user 501 -exec chown 499 { } ; </li></ul></ul></ul><ul><ul><li>Use NetInfo Manager to change the “home” property to “/var/admin” for added security </li></ul></ul>
  26. 26. Tips for the Battlefield <ul><li>What are your Mac management tips or stories you’d like to share? </li></ul>
  27. 27. Featured Software <ul><li>Mike Bombich Software: </li></ul><ul><ul><li>NetRestore/NetRestore Helper </li></ul></ul><ul><ul><li>LoginWindow Manager </li></ul></ul><ul><ul><li>ShadowClassic </li></ul></ul><ul><ul><li>Info and more goodies… </li></ul></ul><ul><li>Charles Srstka Software: </li></ul><ul><ul><li>BootCD </li></ul></ul><ul><li>Apple </li></ul><ul><ul><li>Disk Utility (Mac OS X 10.3) </li></ul></ul><ul><ul><li>Disk Copy (Mac OS X 10.2) </li></ul></ul><ul><ul><li>Apple Software Restore (Mac OS 9) </li></ul></ul>
  28. 28. Resources <ul><li>Mike Bombich’s website, including many articles and discussion forums: http://www.bombich.com </li></ul><ul><li>MacEnterprise (MacOSXLabs), a growing project with a repository of information about Mac deployment in enterprise settings: http://www.macosxlabs.org </li></ul><ul><li>Charles Srstka produces several freeware utilities, including BootCD: http://www.charlessoft.com </li></ul>
  29. 29. Resources <ul><li>Extras </li></ul><ul><ul><li>Helen’s website: http://education.calumet.purdue.edu/Faculty/Jancich </li></ul></ul><ul><ul><li>Staci’s website: http://education.calumet.purdue.edu/Faculty/trekles </li></ul></ul>
  30. 30. Thank You! <ul><li>To download this presentation and get other related resources, visit our workshop website: </li></ul><ul><li>http://education.calumet.purdue.edu/Tutorials/ICE </li></ul><ul><li>Helen Siukola Jancich </li></ul><ul><li>Anastasia Trekles </li></ul><ul><li>Purdue University Calumet </li></ul><ul><li>http://www.calumet.purdue.edu </li></ul>