1 / 30

Managing a Mac Lab: Tips to Make Life Easier

Managing a Mac Lab: Tips to Make Life Easier. Helen Siukola Jancich Anastasia Trekles Purdue University Calumet. Workshop Outline. Introductions What’s the Mac Environment Like at Your School? Options for Imaging and Restoring Lab Drives NetBoot & NetRestore Mac OS X, Users, and Security

kane
Download Presentation

Managing a Mac Lab: Tips to Make Life Easier

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing a Mac Lab: Tips to Make Life Easier Helen Siukola Jancich Anastasia Trekles Purdue University Calumet

  2. Workshop Outline • Introductions • What’s the Mac Environment Like at Your School? • Options for Imaging and Restoring Lab Drives • NetBoot & NetRestore • Mac OS X, Users, and Security • Other Lab Management Tricks from the Battlefield • Featured Software and Resources

  3. How’s Your Macs? • Every institution has its own lab and network configurations, making almost everyone’s situation unique • We may not get to cover every possible configuration during the workshop, but you are encouraged to visit http://www.bombich.com and http://www.macosxlabs.com to find scripts, articles, advice, and more to fit your exact needs

  4. Our Mac Environment • At Purdue Calumet, we have: • Novell Services almost exclusively for Windows users (the majority on campus) • 1 Xserve (10.3) and 1 Mac OS X 10.2 server for 3 websites, FTP, Apple File Services, and SMTP & POP Mail services • 4 Mac labs of varying sizes (largest holds 25 Macs) • About 20 faculty and staff using Macs in their offices

  5. Our Mac Environment • The Mac network is separate without the Novell client software • We manage our own users for OSX server access • Lab computers have a universal “student” login rather than authentication through LDAP - this would be possible, however, if the Novell server admins would allow access

  6. Imaging and Restoring • Mac clients all share almost the same software configuration • Differences between models and lab needs are handled with multiple drive images • Currently there are four images distributed across campus Mac labs

  7. Imaging Drives - Basic Steps • Take any Mac similar to your lab computers, and partition it into two drives (also works with an external Firewire drive) • Build the lab drive and install software as needed • Set up users and system and program preferences • Restart from the other partition • Use either Disk Utility, Disk Copy, or NetRestore Helper to make an image of the lab drive partition

  8. Imaging Drives - Notes • Don’t use a different OS from the lab drive’s to make the image • To save some time, create the lab image on a local drive first, then copy it to the network once it’s created if needed • OS9 Users: Disk Copy limits you to 2GB unless you have Disk Copy 6.4 • Get it here: http://homepage.mac.com/alk/personal/stuff.html • You’ll also need to use ASR 2.2.4 or higher to restore

  9. Restoring Drives • OS9: ASR 2.2.4 or higher for drive images over 2GB • Mac OS X 10.1: ASR 2.2.4 or asr at command line • Mac OS X 10.2: ImageJaguar script (get it from http://www.versiontracker.com), asr command line, or NetRestore (recommended) • Mac OS X 10.3: Disk Utility (rec.), asr, or NetRestore (rec.)

  10. Restoring Drives - Notes • You should use the same OS as the OS version of the drive image being restored, especially under Mac OS X (sub-versions, like 10.3.x also count in most cases) • For large images, local restore from a Firewire drive or CD/DVD is fastest • Use BootCD to create a startup disk for OSX (again, create your BootCD from the same OS as the drive image)

  11. NetBoot and NetRestore • NetRestore Helper can create NetBoot sets to load into your /Library/NetBoot/NetBootSP0 directory on your NetBoot server (login as root) • Use OS X Server 10.2 or higher for best results • Note that some older Macs can’t NetBoot with newer OS X Servers - restore locally instead

  12. NetBoot and NetRestore • To configure the NetInstall set with NetRestore: • Place your restore image on a readily available network drive • Tell NetRestore where to find it and what the authentication is • Test and Save the configuration, and your NetInstall set is ready

  13. NetBoot and NetRestore • For added security: • Don’t make the NetInstall set your default • Create a special user whose only role is NetRestores and is the only one with access to the drive image • Keep the drive image on a private part of your network

  14. NetBoot and NetRestore • Network speed and the size of the image will affect the amount of time you spend with NetBoot/NetRestore solutions • For a 14-station lab of slot-load Indigo iMacs at 10Mbps, it takes an average of 160-180 hours per station if they are all restoring at once • (NetBoot is housed on a dual processor Xserve G5)

  15. Mac OS X, Users, and Security • OSX allows more flexibility and security than ever before • You can have users log in using remotely-hosted information on LDAP or Active Directory servers

  16. No Directory Access? • Create universal local users with different privileges and preferences • Create a local user list and set System Prefs -> Accounts -> Login Options as “Name and Password” to prevent open listing of user accounts

  17. Mac OS X, Users, and Security • Securing Classic is important - if you don’t need it you might not even install a Classic System Folder • If you do need it, you can load your Classic folder into a read-only disk image and use ShadowClassic to make it usable • On any recent Apple Restore CD or DVD, get a ready-to-go Classic image from the “.images” invisible folder

  18. Save Time and Money with Universal User Accounts • Universal logins can make life difficult without DeepFreeze or another security/desktop management software • But, you can get around this and save some money! • Use LoginWindow Manager and a Logout Script as a hook to clean up the user’s home directory at each logout - “poor man’s DeepFreeze”!

  19. The Poor Man’s DeepFreeze Logout Script • Open Terminal and type sudo su to login as root • Enter the following commands (note that the generic name “student” is our user’s name - replace it as needed): • Cd /var/root • Mkdir Scripts • Mkdir student • Cd Scripts

  20. The Poor Man’s DeepFreeze Logout Script • Type pico logoutscript to create a placeholder file for the script: • #!/bin/csh • Exit 0 • Make it executable: chmod ugo+x logoutscript • Now copy the contents from the original account: • Ditto -rsrcFork /Users/student /private/var/root/student • Delete cache files for the account: • Rm -R /private/var/root/student/Library/Caches/*

  21. Now for the script - pico logoutscript again and enter: #!/bin/csh #Example user below has “short name” student #full paths used for commands in case path variable is not set correctly #login window passes the user name to the script via the variable $1 If ( $1 == ‘student’ ) then #first, unlock all files /usr/bin/chflags -R nouchg /Users/student/* /usr/bin/chflags -R nouchg /Users/student/.??* #then, delete all the files /bin/rm -R /Users/student/* /bin/rm -R /Users/student/.??* #ensure that the users directory exists /bin/mkdir /Users/student/ #copy the clean version of the student directory /usr/bin/ditto -rsrcFork /private/var/root/student /Users/student /usr/sbin/chown -R student:staff /Users/student endif exit 0

  22. The Poor Man’s DeepFreeze Logout Script • Use LoginWindow Manager from http://www.bombich.com to set /private/var/root/Scripts/logoutscript as your Logout hook • You can also add messages to the login window and more using this handy program • For added security, keep LoginWindow Manager in a secure place away from users

  23. Tips from the Battlefield • Three words: Apple Remote Desktop • Simple AppleScript knowledge is a huge help • Inserted disks missing from the Desktop might be in /Volumes - create a script to open this directory for users to access their disks • AppleScript can also prompt users to authenticate to network volumes - works great for our PCounter server for authenticating to print • Upgrade from older versions of OS X as soon as possible - you won’t be sorry!

  24. Tips: Securing Printing • Printers getting switched around or deleted? • In OS9 - avoid using Desktop Printing and lock or hide the Chooser • In OSX - secure Print Center • Put Print Center (Printer Setup Utility in 10.3) in its own folder • As an admin, open Terminal • Type sudo chmod -R a-r nameoffolder • So, Print Center will keep working with given printer list, but users can’t change it or open the folder

  25. Tips: Hide a User • To hide a user from the Login Window in OSX: • Enable Root from NetInfo Manager as an administrator • Login as root and open NetInfo Manager again • Change the UID of the account in question to something less than 500, like 499 (take note of the original UID too) • Open Terminal and type (501 is the original UID and 499 is the new one): • find / -user 501 -exec chown 499 { } \; • Use NetInfo Manager to change the “home” property to “/var/admin” for added security

  26. Tips for the Battlefield • What are your Mac management tips or stories you’d like to share?

  27. Featured Software • Mike Bombich Software: • NetRestore/NetRestore Helper • LoginWindow Manager • ShadowClassic • Info and more goodies… • Charles Srstka Software: • BootCD • Apple • Disk Utility (Mac OS X 10.3) • Disk Copy (Mac OS X 10.2) • Apple Software Restore (Mac OS 9)

  28. Resources • Mike Bombich’s website, including many articles and discussion forums: http://www.bombich.com • MacEnterprise (MacOSXLabs), a growing project with a repository of information about Mac deployment in enterprise settings: http://www.macosxlabs.org • Charles Srstka produces several freeware utilities, including BootCD: http://www.charlessoft.com

  29. Resources • Extras • Helen’s website: http://education.calumet.purdue.edu/Faculty/Jancich • Staci’s website: http://education.calumet.purdue.edu/Faculty/trekles

  30. Thank You! To download this presentation and get other related resources, visit our workshop website: http://education.calumet.purdue.edu/Tutorials/ICE Helen Siukola Jancich Anastasia Trekles Purdue University Calumet http://www.calumet.purdue.edu

More Related