Mike Bombich used to make a product called “NetBoot Across Subnets” but he stopped developing it long ago (Mac OS X 10.4 era). The product still works somewhat, but PPC booting broke when Leopard came out. I posted a fix a couple years ago. These instructions can be used for imaging via Deploy Studio, NetInstall/NetRestore and likely some other methods.

There are three different ways I use to configure a machine to netboot:

1. Push NBAS.pkg
2. Run shell script
3. Applescript

Push a Package

The first method is by pushing the package that Bombich’s “NetBoot Across Subnets” outputs. I’m not sure where you can download the software from anymore and I don’t think I should distribute it. However, I don’t actually use the app anymore. I just modify the postflight file in my NBAS.pkg whenever I generate a new netboot image.

You can download a NBAS.pkg here.

Right click the package and select “Show Package Contents”.
Navigate to Contents/Resources/ and open the postflight file in a text editor such as TextEdit or TextWrangler (do not open in Word!).

Change the variables at the top of the script and save the file.

You can then deploy via Apple Remote Desktop (ARD) or add it to your systems management tool such as Absolute Manage or Casper.

So when ever you create a new netboot set, simply modify that postflight file. This can also be installed locally. If needed, boot from an external HDD if you need to image a machine that doesn’t have a bootable system. Keep in mind, it does not matter which drive you “install onto” as this is a payload free package and nothing actually gets installed.

Shell Script

The second method is to simply push a script to your machine(s) to set the startup disk. The easiest way to do this is to take the postflight script from NBAS.pkg. I would just add a “reboot” command to the end of the script or use another method to reboot.

If you use Absolute Manage, you can save this as an Execute Script template and add it to your favorites. This way you any script errors that may result in the command result window. I’m sure you can do the same in other systems.

Applescript

You can also make an applescript available to your team to run locally on a machine to netboot it. This might be a bit easier for junior desktop support techs as they won’t get confused about which drive to “install onto”. 

You can download the script from here. Or copy & paste from the script below:

(*
 
Set NetBoot Across Subnets.scpt
© 2011 Patrick Gallagher
http://blog.macadmincorner.com
 
This script may be freely modified.
Use at your own risk, no warranty. 	
 
Based on NBAS from Mike Bombich
 
*)
 
-- Set the following options
 
set server to "server.school.edu" --Enter IP or FQDN of netboot server
set sharepoint to "NetBootSP0" --In most cases this will not need to change
set setName to "DeployStudioRuntime-Intel.nbi" --Enter your Intel compatible netboot set name
set ppcSetName to "DeployStudioRuntime-PPC.nbi" --Enter your PPC netboot set name, if you have one
set imageName to "DeployStudioRuntime.sparseimage" --Enter image name, if using DeployStudio, no need to change
set protocol to "nfs" --Enter nfs or http
set nextboot to "--nextonly"
set arch to do shell script "arch"
 
--No modification should be needed below
 
if arch is equal to "i386" then
	do shell script "usr/sbin/bless --netboot --booter tftp://" & server & "/NetBoot/" & sharepoint & "/" & setName & "/i386/booter --kernel tftp://" & server & "/NetBoot/" & sharepoint & "/" & setName & "/i386/mach.macosx --options rp=nfs:" & server & ":/private/tftpboot/NetBoot/" & sharepoint & ":" & setName & "/" & imageName & space & "--nextonly" with administrator privileges
 
else
	do shell script "/usr/sbin/nvram boot-args=rp=" & protocol & ":" & server & ":/private/tftpboot/NetBoot/" & sharepoint & ":" & ppcSetName & "/" & imageName & space & "boot-file=enet:" & server & ",NetBoot\\\\" & sharepoint & "\\\\" & ppcSetName & "\\\\ppc\\\\mach.macosx\" boot-device=enet:" & server & ",NetBoot\\\\" & sharepoint & "\\\\" & ppcSetName & "\\\\ppc\\\\booter\"" with administrator privileges
end if
 
tell application "loginwindow"
	«event aevtrrst»
end tell

Summary

Do what you can to convince your network group to modify your network so you can netboot across subnets the way it it’s supposed to work. If not, I hope these methods above ease the pain. These are three ways to do the same thing!

Having warranty information on the machines you manage is important to have as part of your PC life-cycle management. It makes it easier to plan future PC replacements, assess risk and possibly know when to purchase another extension for warranties (unlike Apple, Dell has more flexible extended warranty options).Out of the box, Absolute Manage only gathers warranty data for Apple products. This is likely because of the vast number of PC manufacturers, and not all the major vendors provide a way to systematically retrieve warranty data (Dell and Apple do). To be fair, most other PC life-cycle management products don’t collect any warranty data. For example, to collect warranty data with LANDesk, you have to purchase an expensive 3rd party add-on called Data Translations Services from Managed Planet. A couple years ago, I posted a way to add Apple warranty data to LANDesk. This Dell script could potentially be adapted to also work with LANDesk by using external unmodeled data.

A high level overview includes:

1. Create a VBScript
2. Create and deploy script as a software package
3. Create “Custom Information Items” so results are added to inventory

Save The Script

I knew I was going to be in over my head if I tried to write a VBScript or Power Shell script myself, so searched online for an existing one instead. I fully expected to have to modify someone’s existing script, but I lucked out and found one that worked with no modifications (other than adapting for Dell’s new fields which this site updated with my mods). The script I’m using can be found at here at iBoyd.

Save the contents of that script to a text file and name it something like DellWarrantyGrabber.vbs.

Create Software Package

In Absolute Manage, create a new software package (I’m assuming you know how to do this already, if not, see the manual) and use your DellWarrantyGrabber.vbs as the payload. Make sure you set the platform as “Windows”, set the Installation User Context as “System account user” and you can also configure the “Installation Conditions” with the following settings:

The key name above is “HKEY_LOCAL_MACHINE\SOFTWARE\DellWarrantyInfo\1\Days Left”. Save the package. Install the package to a couple PC’s and verify the results appear in the registry in “HKEY_LOCAL_MACHINE\SOFTWARE\DellWarrantyInfo\1\”. The results should look something like:

Once you are sure the package is working, you can assign it to the “All PC’s” group if you know you have all Dell’s (keep in mind the VM’s on your Macs are considered PC’s). Or create a smart group that only includes Dell’s and assign to that (probably safer).

Custom Information Items

CIF’s are an extremely handy way to add additional data to inventory. Data can either be manual (entered from the admin console) or dynamic (retrieved from each machine). There are 6 bits of information the script grabbed from Dell. You might not need to report on all 6. For instance, “Provider” and “Warranty Extension Notice” probably will not be of much use, but who knows. I used all 6 just for the sake of completeness.

NOTE: I’m assuming you know how to create a Custom Information Item. If not, see the manual. Or you can download these I exported.

All 6 CIF’s will be identical, the only difference being the registry key being read. Below is an example of one:

The 6 names (you can make the names anything you want) and registry paths you will enter into each CIF is:

Dell Warranty Days Left – HKEY_LOCAL_MACHINE\SOFTWARE\DellWarrantyInfo\1\Days Left
Dell Warranty Description – HKEY_LOCAL_MACHINE\SOFTWARE\DellWarrantyInfo\1\Description
Dell Warranty End Date – HKEY_LOCAL_MACHINE\SOFTWARE\DellWarrantyInfo\1\End Date
Dell Warranty Extension Notice – HKEY_LOCAL_MACHINE\SOFTWARE\DellWarrantyInfo\1\Warranty Extension Notice
Dell Warranty Provider – HKEY_LOCAL_MACHINE\SOFTWARE\DellWarrantyInfo\1\Provider
Dell Warranty Start Date – HKEY_LOCAL_MACHINE\SOFTWARE\DellWarrantyInfo\1\Start Date

You can duplicate the first one you make to save some clicks.

A note about dates

The “End Date” you would normally want to save with a “Data Type” of “Date” for the purpose of reporting. However, I was unable to get this to work. I reported it to Absolute’s support and they found that it is a bug that only occurs when running a DOS/VBScript with the Windows agent. They later also replied that the date has to be in ISO format for dynamic info items, e.g. 2010-12-30T05:25:13Z but I have not taken the time to modify the script to handle this. If you make the change, please share by commenting below.

The Result

I hope you’re able to put this to some good use. Please let me know if anything is not clear. Enjoy!

While there is documentation for doing a silent install of SPSS Statistics, the instructions for version 19 leave out some critical details. This post aims to clear up what needs to be done for a silent install of IBM’s SPSS Statistics 19. These instructions are for the site or volume license version where a network license server is not being used (if you are using a network license server, you can simply repackage /Applications/IBM and /Library/Application Support/IBM). Each installed copy of SPSS has to be activated online, which means re-packaging is not an option.

Versions 17 and 18 did not install silently as documented and according to their KB article 83035, the only resolution was to wait for version 19 because of a problem with “InstallAnywhere”. Because of this, I never found a way to deploy versions 17 or 18.

The Instructions

The SPSS doc you want to refer to is the “Site License Administrators Guide” which is on the DVD. The instructions indicate you can find the silent installer at /MacOS/Administration/SPSS Statistics_Installer_Silent.bin, however you will find that this file is missing. I reported it to IBM/SPSS and they responded that they apparently didn’t have room on the disc (and didn’t bother telling anyone). So they posted the installer on their support site. You will need to register for an account at http://support.spss.com (I don’t remember if there were any requirements, I registered a while ago) and search their knowledge base for resolution number 91524 or go to this link.

Download the file SPSS Statistics_Installer_Silent.bin. This file contains the entire installer so you will not need the GUI installer that is on the disc. The only other file you will need from the disc is the installer.properties file. This is the file that contains all the properties used for the install (duh). You will need to make some changes to this file before it will work properly. This file is well commented, but it seems they didn’t update this file for version 19. It seems to have many of the defaults from previous versions (such as default application path doesn’t reflect the change to IBM).

You will want to specify the following settings in the installer.properties:

INSTALLER_UI=silent
 
USER_INSTALL_DIR=/Applications/IBM/Statistics/19/
 
LICENSE_ACCEPTED=true
 
### LICENSETYPE
#For site license
site=1
 
COMPANYNAME="Emory University"
AUTHCODE=111222333444555

This is just a small snippet of the file, I only posted the parts I needed to change. Obviously, you will want to specify your company/school name as well as your license code.

The command to deploy is simply:

SPSS_Statistics_Installer_Silent.bin -f installer.properties

A couple things to note. Your deployment tool may interpret a successful install as an error because it doesn’t report back an “exit 0″. So you may have to run the command from a script, I use:

#!/bin/sh
 
scriptDir=$(dirname "$0")
 
"${scriptDir}/SPSS_Statistics_Installer_Silent.bin" -f "${scriptDir}/installer.properties"
 
exit 0

Another issue is that because the license activation is machine specific, you will not be able to use this installer with InstaDMG or include it with a monolithic image. If you deploy with DeployStudio, you will need to make it a first boot install and ensure the network is available when it is installed. We use Absolute Manage to deploy as needed.

They provide a sample script in their Enterprise Administration Guide (PDF, pages 89-90) but it does not copy & paste well, so you will have to pay special attention to the formatting and line breaks of your script.

Enjoy!

The details about accessing the manifest can be found here. There are quite a few settings that can be managed with this manifest. However, I was a bit surprised to find that all the settings are managed “Always” instead of “Often” or “Once”. Most 3rd party applications prefer often (including many Apple apps) because the always setting completely disables a configured setting. I hope to see some of these settings also available for “once”.

With this move, this possibly makes Chrome more manageable than Firefox (not including non-vendor manifests/GPO’s), on Mac or PC. Will this be enough for you to start deploying Chrome in your environment? Sound off below.

You can download the script here, or copy/paste the code below into AppleScript Editor. You only need to specify your OD server address.

-- Set the domain to your OD domain
set domain to "od.school.edu"
set computerList to paragraphs of (do shell script "dscl /LDAPv3/" & domain & space & "-list /Computers")
set computerName to choose from list computerList
set memberList to (do shell script "dscl /LDAPv3/ecod.as.emory.edu search /ComputerGroups Member" & space & computerName & space & "| grep Member | cut -f1-1")
 
display dialog memberList

The reason I show a list of computers, instead of asking for one to be typed is because it is case sensitive. So it’s more consistent to select from a list.

Update: Added sleep command with random wait. This will help alleviate some load on your SUS and perhaps prevent a DOS attack. Thanks to rsaeks via Twitter.

Copy and paste the following into an Apple Remote Desktop (ARD) “Send Unix Command” window and send as root:

#!/bin/sh
 
# Random number of seconds to wait
# The more machines you use this with, the higher the number should be
sleep `expr $RANDOM % 120`
 
if who | grep console; then
echo Machine is in use
exit 1
fi
 
COMMAND_LINE_INSTALL=1 softwareupdate -i -a
shutdown -r now
exit 0

1. If bound to another OD domain, it removes that binding. If you’re not moving from another domain, you can ignore that part, it won’t hurt that it’s in there.
2. Adds the computer record to OD. Normally with anonymous binds you have to manually add the computer account. This takes care of that by authenticating as a diradmin. Because of this, keep this script in a safe place.
3. Fixes the search order if the machine is also bound to AD in a golden triangle (or magic triangle) so that Tiger machines use AD first and Leopard/Snow Leopard machines look to OD first.
4. Bind machine(s) remotely with tools such as Apple Remote Desktop (ARD), Absolute Manage (LANrev) or LANDesk.

Please be aware this script might not work in all environments. Try to understand how the script works and be prepared to modify for your environment. One issue I frequently find with any type of binding script (OD or AD) is the timing never seems to be perfect. By that I mean that the script runs faster than the directoryservice process can recognize the changes. I try to account for this by putting in “sleep xx” commands in certain places but you may need to play around with this a bit.

What I try to do is follow up the script with a simple “defaults read /Library/Preferences/DirectoryService/SearchNodeConfig “Search Node Custom Path Array” to ensure both OD and AD are in there. If they’re not, I just run the bind script again and it usually gets it the 2nd time.

To download the script, click here.

Or copy/paste:

#!/bin/sh
 
# Patrick Gallagher
# http://www.macadmincorner.com
# Updated 12/11/2009
 
# These variables need to be configured for your env
odAdmin="" #enter your OD admin name between the quotes
odPassword=""  # Enter your OD admin password between the quotes
domain="od.school.edu" # FQDN of your OD domain
oldDomain="oldod.school.edu" # If moving from another OD, enter that FQDN here
oldODip="111.222.333.444" # Enter the IP of your old OD
ADdomain="ad.school.edu" # Enter your AD domain here
computerGroup=computers  # Add appropriate computer group you want machines to be added to, case sensitive 
 
# These variables probably don't need to be changed
computerName=`/usr/sbin/scutil --get LocalHostName`
nicAddress=`ifconfig en0 | grep ether | awk '{print $2}'`
check4OD=`dscl localhost -list /LDAPv3`
check4ODacct=`dscl /LDAPv3/${domain} -read Computers/${computerName} RealName | cut -c 11-`
check4AD=`dscl localhost -list /Active\ Directory`
osversionlong=`sw_vers -productVersion`
osvers=${osversionlong:3:1}
 
# Check if on OD already
if [ "${check4OD}" == "${domain}" ]; then
	echo "This machine is joined to ${domain} already."
	odSearchPath=`defaults read /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" | grep $domain`
	if [ "${odSearchPath}" = "" ]; then
		echo "$domain not found in search path. Adding..."
		dscl /Search -append / CSPSearchPath /LDAPv3/$domain
		sleep 10
	fi
else if [ "${check4OD}" == "${oldDomain}" ]; then
	echo "Removing from ${oldDomain}"
	dsconfigldap -r "${oldDomain}"
	dscl /Search -delete / CSPSearchPath /LDAPv3/"${oldDomain}"
	dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"${oldDomain}"
	echo "Binding to $domain"
	dsconfigldap -v -a $domain -n $domain
	dscl /Search -create / SearchPolicy CSPSearchPath
	killall DirectoryService
else if [ "${check4OD}" == "${oldODip}" ]; then
	echo "Removing from ${oldODip}"
		dsconfigldap -r "${oldODip}"
		dscl /Search -delete / CSPSearchPath /LDAPv3/"${oldODip}"
		dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"${oldODip}"
		echo "Binding to $domain"
		dsconfigldap -v -a $domain -n $domain
		dscl /Search -create / SearchPolicy CSPSearchPath
		killall DirectoryService
else
	echo "No previous OD servers found, binding to $domain"
	dsconfigldap -v -a $domain -n $domain
	dscl /Search -create / SearchPolicy CSPSearchPath
	sleep 10
	dscl /Search -append / CSPSearchPath /LDAPV3/$domain
	echo "Killing DirectoryService"
	killall DirectoryService
	fi
fi
fi
 
if [ "${check4ODacct}" == "${computerName}" ]; then
	echo "This machine has a computer account on ${domain} already."
else
	echo "Adding computer account to ${domain}"
	dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -create /Computers/${computerName} ENetAddress "$nicAddress"
	dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /Computers/${computerName} RealName ${computerName}
	# Add computer to ComputerList
	dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /ComputerLists/${computerGroup} apple-computers ${computerName}		
 
	# Set the GUID
	GUID="$(dscl /LDAPv3/${domain} -read /Computers/${computerName} GeneratedUID | awk '{ print $2 }')"
	# Add to computergroup
	dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /ComputerGroups/${computerGroup} apple-group-memberguid "${GUID}"
	dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /ComputerGroups/${computerGroup} memberUid ${computerName}
fi
 
sleep 25 # Give DS a chance to catch up
 
# Fix DS search order
echo "Checking DS search order..."
if [ "${check4AD}" == "${adDomain}" ]; then
	dsconfigad -alldomains enable
	dscl /Search -delete / CSPSearchPath "/Active Directory/${adDomain}"
	dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/${adDomain}"
	dscl /Search -append / CSPSearchPath "/Active Directory/All Domains"
	if [ $osvers -eq 4 ]; then
		echo "OS detected as ${osversionlong}"
		echo "Setting AD, then OD to search order..."
		dscl localhost changei /Search CSPSearchPath 2 "/Active Directory/All Domains"
		dscl localhost changei /Search CSPSearchPath 3 /LDAPv3/$domain
		dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains"
	else if [[ ${osvers} -eq 5 || 6 ]]; then
		echo "OS detected as ${osversionlong}"
		echo "Setting OD, then AD to search order..."
		dscl localhost changei /Search CSPSearchPath 3 "/Active Directory/All Domains"
		dscl localhost changei /Search CSPSearchPath 2 /LDAPv3/$domain
		dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains"
	fi
fi
	else if [ "${check4AD}" == "All Domains" ]; then
	dscl /Search -append / CSPSearchPath "/Active Directory/All Domains"
	sleep 15
		if [ $osvers -eq 4 ]; then
			echo "OS detected as ${osversionlong}"
			echo "Setting AD, then OD to search order..."
			dscl localhost changei /Search CSPSearchPath 1 "/Active Directory/All Domains"
			dscl localhost changei /Search CSPSearchPath 2 /LDAPv3/$domain
		else if [[ ${osvers} -eq 5 || 6 ]]; then
			echo "OS detected as ${osversionlong}"
			echo "Setting OD, then AD to search order..."
			dscl localhost changei /Search CSPSearchPath 2 /LDAPv3/$domain
			dscl localhost changei /Search CSPSearchPath 3 "/Active Directory/All Domains"
			dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains"
		fi
	fi
fi
fi	
 
echo "Finished. Exiting..."
exit 0