Mac Stuff

On a single Mac it’s a simple thing to set which time server your machine gets its time from. Simple go to System Preferences, click on “Date & Time” and enter the address for your preferred time server in the “set date & time automatically” box.

However, if you want to blow that setting out to multiple machines what do you do? The file that holds this setting is located in the /etc directory and is named ntp.conf.

Copy that file to the /etc directory on all your machines using something like Apple Remote Desktop and you’re done!

Just make sure the permissions match so the machine can read it correctly. The permissions should look like this:

-rw-r--r-- 1 root wheel 47 Apr 25 09:35 ntp.conf

admin :: Apr.25.2007 :: Management, System :: Comments Off on Setting the time server for multiple machines

Using the Printer Setup Utility in OS X is a very easy and simple way to create printers on a Mac. But occasionally you might have need to create printers at the command line. For example, you might want to create printers on remote machines that only have shell access. Or you might want to add the ability to create printers to a login script or a script that runs after a machine is re-imaged.

Well, the command to do this is lpadmin. lpadmin is used mainly to set up network printers. It’s the command line utility for CUPS, the underlying printing architecture of OS X. As usual you can type man lpadmin to get all the gory details. In this post I’m going to cover how to create a printer and how to delete one using Terminal and lpd.

Creating a new printer

The syntax to create a new printer is:

/usr/sbin/lpadmin -p "name of printer" -E -v lpd://"printer IP or DNS"/"queue name" -P "path to PPD file" -D "description"

The name of the printer is whatever you want the user to see, such as “color laser printer”. Just remember if your name has spaces in it you’ll either need to escape the spaces or quote the name. Also, the name cannot contain any non-printable characters (ex. % $ &). The description field, however, can. If you use the description field that is the name that appears in Printer Setup Utility. If you don’t then the name given in the - p flag will be the name.

All of the standard PPD files on a Mac are kept in /Library/Printers/PPD/Contents/Resources/en.lprog/. The actual PPD file will be contained in a .gz file. You just need to point to that file.

So, for our example we’ll set up a printer with the following attributes:

Name: Color_Laser
Type: HP Color Laser 4700
Print server: print.example.com
print queue: color_laser
description: Color Laser (Front Office)

So our command in the Terminal would be this:

usr/sbin/lpadmin -p Color_Laser -E -v lpd://print.example.com/color_laser -P /Library/Printers/PPDs/Contents/Resources/en.lproj/HP\ Color\ LaserJet\ 4700.gz -D "Color Laser (Front Office)"

Note that I quoted the “Color Laser (Front Office)” part to get around spaces in the name. That’s the name that appears in Printer Setup Utility.

Deleting a Printer

Deleting a printer is much easier. All you need is the name.

The syntax to delete a printer is:

/usr/sbin/lpadmin -x "name of printer"

If I wanted to delete the printer I just created all I would need to do is this:

/usr/sbin/lpadmin -x "Color Laser"

Note: The name you’re deleting is the name you gave it in the - p flag, not the description. So putting “Color Laser (Front Office)” in this would not work.

If you’ve forgotten what names you gave the printers open up a web browser on your machine and enter “http://127.0.0.1:631/printers”. That will take you to the configuration page for CUPS, which will list the printers by name.

Creating printers in AppleScript

You can wrap all of these commands up in an AppleScript and send it to users so they can install printers with just a click. Just wrap the commands in a do shell script command.

The one gotcha is because you are using quotes in the Terminal command AND you have to quote to actual command in AppleScript you have to escape the internal quotes by putting a “\” before each quote. You also have to escape and “escapes” you had in the original command.

To compare, here is the original command:

/usr/sbin/lpadmin -p "Color_Laser" -E -v lpd://print.example.com/color_laser -P /Library/Printers/PPDs/Contents/Resources/en.lproj/HP\ Color\ LaserJet\ 4700.gz -D "Color Laser (Front Office)"

And here is the command with the “do shell script” command in AppleScript:

[codesyntax lang=”applescript” lines=”no”]do shell script “/usr/sbin/lpadmin -p Color_Laser -E -v lpd://print.example.com/color_laser -P /Library/Printers/PPDs/Contents/Resources/en.lproj/HP\\ Color\\ LaserJet\\ 4700.gz -D \”Color Laser (Front Office)\””[/codesyntax]

admin :: Apr.20.2007 :: Applescript, Management, Scripts, shell scripts, Terminal :: 2 Comments »

Norton AntiVirus (now Symantec AntiVirus) is not, out of the box, able to automatically update it’s virus definitions or it’s application when running on a Macintosh. Symantec has posted two articles that, when put together, let you have all of your Macs update in the dead of night while they are logged out. I’ve been using this technique on all of the Macs in my computer labs for over a year with great success.

The two articles are Running LiveUpdate using UNIX commands and Scheduling LiveUpdate for all users using UNIX commands.

Putting the information from these two articles together you can set up your Macs to auto-update using this procedure.

We’re going to set up a root-level cron job to run a command to update the things we need. I like to have it run around 3 AM. If you don’t know how to do it at the command line use Cronnix and edit the System cron job.

First we’ll cover the basic flag options you have.

-liveupdatequiet

If you don’t want that annoying LiveUpdate window to pop up (especially since you’re logged out) you need the -liveupdatequiet YES flag. If you do want it to show then leave this flag out.

The default action is to show it. However, if you are running this when the machine is logged out you could come in the next morning to a lot of machines with the LiveUpdate window showing behind the login window.

-liveupdateautoquit

If you want LiveUpdate to automatically quit when it’s done use the -liveupdateautoquit YES flag.

I’m not sure why you WOULDN’T want it to quit when it’s done.

Update options

To tell LiveUpdate what to update you have to choose from these options with the -update flag.

LUal = All Symantec products
LUdf = Norton AntiVirus virus definition updates
LUlu = LiveUpdate
LUna = Norton AntiVirus

Putting it all together

So, putting this all together, an example command to silently update the virus definitions would look like this. Watch out for line wraps. This should all be on one line:

/Applications/Symantec\ Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate -update LUdf
-liveupdatequiet YES -liveupdateautoquit YES

Things to watch out for

One “gotcha” to look out for. Symantec changed the name of the folder that holds LiveUpdate between versions 9 and 10. So, the above example will work in version 10. To have it work in version 9 use this path:

/Applications/Norton\ Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate

A second thing to watch out for is when you use the LUal option. If the actual AntiVirus or LiveUpdate applications get updated you’ll need to restart the machine. Norton will give your users an error message when they log in if the machine hasn’t been rebooted since the update.

For that reason I only update the virus definitions this way. When the actual applications need updating I run the command using the LUal flag using Apple Remote Desktop’s “Run UNIX command” function on all the machines at once and then restart them.

admin :: Mar.29.2007 :: Management, System, Terminal :: Comments Off on Making Symantec (Norton) AntiVirus update when logged out

There are times when you may need to get information about your system via the command line. Perhaps for a shell script or you’re already working in Terminal and it’s just quicker then opening the GUI version of System Profiler.

The command line version of System Profiler is, appropriately enough, “system_profiler”.

You can type man system_profiler to get a list of all the many things it can do. Here are a few examples.

You can get three different levels of reports.

• system_profiler -detailLevel mini gives you a report without personal information
• system_profiler -detailLevel basic gives you hardware and network information only
• system_profiler -detailLevel full gives you everything

system_profiler -xml will export everything to an XML file for use in a web page or database. You can combine this command with others to get only certain information

For example, to get only the hardware and network information on a certain machine and write it to an XML file you can use this:

system_profiler -xml -detaiLevel basic > /Users/myaccount/Desktop/report.xml

Enter system_profiler -listDataTypes to get a list of the different areas that system_profiler gathers data on.

Those types are:

SPHardwareDataType
SPNetworkDataType
SPSoftwareDataType
SPParallelATADataType
SPAudioDataType
SPBluetoothDataType
SPDiagnosticsDataType
SPDiscBurningDataType
SPFibreChannelDataType
SPFireWireDataType
SPDisplaysDataType
SPMemoryDataType
SPPCCardDataType
SPPCIDataType
SPParallelSCSIDataType
SPPowerDataType
SPPrintersDataType
SPSerialATADataType
SPUSBDataType
SPAirPortDataType
SPFirewallDataType
SPNetworkLocationDataType
SPModemDataType
SPNetworkVolumeDataType
SPApplicationsDataType
SPExtensionsDataType
SPFontsDataType
SPFrameworksDataType
SPLogsDataType
SPPrefPaneDataType
SPStartupItemDataType

So, to get information on the type of hardware a machine has enter system_profiler SPHardwareDataType into Terminal and you’ll get something like this:

Hardware Overview:

Machine Name: Power Mac G5
Machine Model: PowerMac7,3
CPU Type: PowerPC G5 (3.0)
Number Of CPUs: 2
CPU Speed: 2.5 GHz
L2 Cache (per CPU): 512 KB
Memory: 2 GB
Bus Speed: 1.25 GHz
Boot ROM Version: 5.1.8f7
Serial Number: XXXXXXXXXXX

system_profiler SPPrintersDataType will give you all the information on the currently installed printers.

system_profiler SPFirewallDataType will tell you if the Firewall is on or off and if it’s on what rules are in effect. If the firewall is off you’ll get no return on the command.

admin :: Mar.28.2007 :: Management, System, Terminal :: Comments Off on Using System Profiler in Terminal

Where I work I have lots of people stopping in to ask questions. Usually this involves me getting up to work with them, often for long periods of time. I’m not very good at remembering to change my iChat status to “away” so I came up with this AppleScript.

I have it run via a cron job every 20 minutes. It checks to see if the screen saver is active. If it is then it changes my iChat status to “away’. Simple.

Paste this code into Script Editor and compile. Save it out as a script file.

[codesyntax lang=”applescript” lines=”no”]
tell application “System Events”
set theList to the name of every process
if theList contains “ScreenSaverEngine” then
tell application “iChat”
set theStat to status
if theStat is available then
set status to away
set status message to “Away”
end if
end tell
end if
end tell
[/codesyntax]

Now use something like Cronnix to set it up as a cron job for your account.

When running AppleScripts either in Terminal or for something like a cron job you need to use “osascript”. If you’re using Cronnix you can use the settings below. Click “OK” in the window and then “Save” in the main Cronnix window and you’re done!

admin :: Mar.23.2007 :: Applescript, Management, Scripts :: Comments Off on Using the Screensaver to change my iChat status

This hint is for people who don’t have Apple Remote Desktop 3.0 and may need to know whose been logging into a machine. This can come in particular use if you run a public computing lab and need to know whose been logging into your computers at 2 AM or need to know if a certain student was using a computer at a certain time.

The login stats are kept in /var/log/ in a file named wtmp

Go to Terminal to run the commands below. You either have to be logged in as root or run them as sudo.

To find out how many times people have logged in during the current month:

ac -p

To find out when people have logged in during the current month:

last

To find out this information for previous months you must unzip the log files in /var/log

Example:

gunzip /var/log/wtmp.0.gz will unzip the previous months log files

After you have unzipped you can run the following:

To find out when people logged in during that month:

last -f "path to unzipped file"

Example:

last -f /var/log/wtmp.0

To find out how many times people logged in that month:

ac -p -w "path to file name"

Example:

ac -p -w /var/log/wtmp.0

webmaster :: Mar.22.2007 :: Management, System, Terminal :: 1 Comment »

This is less and less an issue but it still occasionally happens. Someone sends you a file, usually an application, that has resource forks in it. Either through the email system they used or the method the transferred to a server with the resource fork gets stripped out. Usually you’ll see it as a file with the same name as the application with a “.” in front of it.

You can recombine these into something useful with a somewhat hidden application on your Mac. It’s called, appropriately enough, “FixUpResourceForks”. It has to be run out of Terminal but it’s quite simple.

• Open Terminal
• Make sure both files reside in the same folder.
• Enter the following in Terminal on one line:

/System/Library/CoreServices/FixupResourceForks /path/to/folder

Obviously “/path/to/folder” is the path to the folder that holds both files. The easy way to find that is to type the first part of the command in Terminal followed by a space. Then drag the folder containing the files onto the Terminal window and it will automatically put in the correct path. Then just hit “Return” and it will recombine the files into one usable file again.

admin :: Mar.14.2007 :: Management, Terminal :: Comments Off on Fixing Files with broken Resource Forks

Here are three quick ways to identify which DHCP server your machine is getting it’s IP address from. This can come in handy when trying to track down rogue DHCP servers that pop up on a network.

In Tiger:

• Open System Profiler
• Click on “Network”
• Select which service you want to see
• It is listed under “DHCP Server Responses:” next to “Server Identifier”

In Panther and below:

• In Terminal type “ipconfig getoption en0 server_identifier”
• Change “en0” to “en1″ if using wireless

You can also wrap it in an AppleScript. This should work on most version of OS X.

[codesyntax lang=”applescript” lines=”no”]
do shell script “ipconfig getoption en0 server_identifier”
set theIP to the result
display dialog “Your DHCP server IP is: ” & theIP
[/codesyntax]

Save it as an application. Great for getting this information from the Terminal-challenged user.

admin :: Mar.14.2007 :: Applescript, Management, Scripts, System, Terminal :: Comments Off on Identifying a DHCP server

When you manage the preferences on your workstations via Workgroup Manager the settings are stored on the local clients in the MCX cache. This can be manually cleaned out in NetInfo but there is a much easier way.

• Open Terminal
• Run the following command. Use “sudo” if you’re not logged in as root:
  /System/Library/CoreServices/mcxd.app/Contents/Resources/MCXCacher
• Enter your admin password

The command needs to be run on each machine seperately.

If you are using Apple Remote Desktop 3.x you can enter this withou the “sudo” in the “Run UNIX” box and run it as root on a large number of machines at once..

admin :: Mar.13.2007 :: Management, Server, System, Terminal :: Comments Off on Clearing the MCX cache