Comments for Mac Admin Corner http://macadmincorner.com General IT and Mac administration ramblings Sat, 28 Jan 2012 03:27:41 +0000 hourly 1 http://wordpress.org/?v=3.3.1 Comment on Silent Install of IBM SPSS Statistics 19 for Mac by Patrick http://feedproxy.google.com/~r/MacAdminCorner_Comments/~3/h0EznewIwl4/ Patrick Sat, 28 Jan 2012 03:27:41 +0000 http://blog.macadmincorner.com/?p=455#comment-716 @marcia The properties file is just a text file. Open it in TextEdit. @marcia

The properties file is just a text file. Open it in TextEdit.


]]> http://macadmincorner.com/silent-install-of-ibm-spss-statistics-19-for-mac/comment-page-1/#comment-716 Comment on Migrate Local User to Domain Account by Patrick http://feedproxy.google.com/~r/MacAdminCorner_Comments/~3/0A6EVsHcayc/ Patrick Sat, 28 Jan 2012 02:47:11 +0000 http://blog.macadmincorner.com/?p=352#comment-715 @Timothy That's not the normal result of this script. I haven't used this script in a long time so it's possible it needs to be updated for Lion. We mainly used it while we were migrating to AD, that's long done now and all our new deployments start off with AD. One thing that stands out is that Lion now has the opendirectoryd process instead of DirectoryService so that bit would need to be updated in this script. @Timothy

That’s not the normal result of this script. I haven’t used this script in a long time so it’s possible it needs to be updated for Lion. We mainly used it while we were migrating to AD, that’s long done now and all our new deployments start off with AD.

One thing that stands out is that Lion now has the opendirectoryd process instead of DirectoryService so that bit would need to be updated in this script.


]]> http://macadmincorner.com/migrate-local-user-to-domain-account/comment-page-2/#comment-715 Comment on Migrate Local User to Domain Account by Timothy http://feedproxy.google.com/~r/MacAdminCorner_Comments/~3/HUx_Tg-QS8o/ Timothy Wed, 18 Jan 2012 22:04:52 +0000 http://blog.macadmincorner.com/?p=352#comment-714 This script worked for me, sort of. It orphaned the existing local admin account and all its content. I was obliged to set perms on the orphaned account and populate them down through that structure, then copy over content from Documents to AD user Documents, Pictures to Pictures, Movies to Movies.... How was this script helpful then? This script worked for me, sort of. It orphaned the existing local admin account and all its content. I was obliged to set perms on the orphaned account and populate them down through that structure, then copy over content from Documents to AD user Documents, Pictures to Pictures, Movies to Movies…. How was this script helpful then?


]]> http://macadmincorner.com/migrate-local-user-to-domain-account/comment-page-2/#comment-714 Comment on Securing SSH on Mac OS X by limiting who can log in by Mike http://feedproxy.google.com/~r/MacAdminCorner_Comments/~3/DpBlqiKbUCg/ Mike Sun, 15 Jan 2012 22:20:49 +0000 http://blog.macadmincorner.com/securing-ssh-on-mac-os-x-by-limited-who-can-log-in/#comment-713 Thanks for this. I come from the Linux/BSD world, where configuring SSH is simpler. Apple saw fit to add the SACL stuff, which was preventing me from adding another SSH-capable user to my wife's machine. Thanks for this. I come from the Linux/BSD world, where configuring SSH is simpler. Apple saw fit to add the SACL stuff, which was preventing me from adding another SSH-capable user to my wife’s machine.


]]> http://macadmincorner.com/securing-ssh/comment-page-1/#comment-713 Comment on Allow Non-Admin users to Manage Printers by JasT http://feedproxy.google.com/~r/MacAdminCorner_Comments/~3/W3IDKvuQFVc/ JasT Mon, 09 Jan 2012 22:25:33 +0000 http://blog.macadmincorner.com/?p=266#comment-712 IWic, we are having the exact same issue. Any solution yet? Anyone else any help would be appreciated. IWic, we are having the exact same issue. Any solution yet? Anyone else any help would be appreciated.


]]> http://macadmincorner.com/allow-non-admin-users-to-manage-printers/comment-page-1/#comment-712 Comment on Silent Install of IBM SPSS Statistics 19 for Mac by marcia howell http://feedproxy.google.com/~r/MacAdminCorner_Comments/~3/7TMFbahCIOA/ marcia howell Thu, 05 Jan 2012 18:13:08 +0000 http://blog.macadmincorner.com/?p=455#comment-711 I'm having the same problem with SPSS 20. I try to open the installer.properties file and my computer wants to know what app to open it with. I'm missing the old simple days of spss. Does anyone know what app I'm supposed to use to open it? I’m having the same problem with SPSS 20. I try to open the installer.properties file and my computer wants to know what app to open it with. I’m missing the old simple days of spss. Does anyone know what app I’m supposed to use to open it?


]]> http://macadmincorner.com/silent-install-of-ibm-spss-statistics-19-for-mac/comment-page-1/#comment-711 Comment on Allow Non-Admin users to Manage Printers by iWIC http://feedproxy.google.com/~r/MacAdminCorner_Comments/~3/viyjaS3G8bI/ iWIC Wed, 04 Jan 2012 23:56:42 +0000 http://blog.macadmincorner.com/?p=266#comment-710 This work around does not seem to work for us as well. Here's our story... We have Macs bound to Active Directory. Users are allowed to login to these Mac using their AD credentials. 1. We have a Windows print server setup, and printers are displayed as Open Directory in the Add Printer System Preferences setting. The Printer & Fax in the System Preferences is normally locked on a standard end user without elevated rights. Attempting to add a local or network shared printer calls for an account with admin rights, either a local admin admin account or a domain admin. Of course unlocking the Printer & Fax portion with an account with admin rights then unlocks everything else in the System Preferences such as Accounts, Security, etc. settings. Any way around this? -Where a standard users can connect themselves to a network printer? In contrast, in the Windows evironment, standard AD users are allowed to connect themselves to a network printer without being prompted for an account with elevated rights. -Of course, we have granted them permission through user and group security settings. However, is there an equivalent in the Mac environment? 2. Next... We have a shared printer configured on one Mac. From time to time with other Mac client computers printing to it, when there's a jam, or to cancel a print job, or anytime where the printer needs some user intervention, clients are prompted with "Type the name and password of a user in the "Print Operator" group to allow {printer name or ip} @{computer name}.app to make changes." We've entered in a local admin account which resides on the Mac with the shared printer, and still no go. Both local admin account on other Mac client workstations and domain accounts do not work as well. Any suggestions with a fix for this? Also, any idea what's going on here? Would purchasing a Mac OS Server, attached to AD as well, solve these issues? This work around does not seem to work for us as well.

Here’s our story… We have Macs bound to Active Directory. Users are allowed to login to these Mac using their AD credentials.

1. We have a Windows print server setup, and printers are displayed as Open Directory in the Add Printer System Preferences setting. The Printer & Fax in the System Preferences is normally locked on a standard end user without elevated rights. Attempting to add a local or network shared printer calls for an account with admin rights, either a local admin admin account or a domain admin. Of course unlocking the Printer & Fax portion with an account with admin rights then unlocks everything else in the System Preferences such as Accounts, Security, etc. settings. Any way around this? -Where a standard users can connect themselves to a network printer? In contrast, in the Windows evironment, standard AD users are allowed to connect themselves to a network printer without being prompted for an account with elevated rights. -Of course, we have granted them permission through user and group security settings. However, is there an equivalent in the Mac environment?

2. Next… We have a shared printer configured on one Mac. From time to time with other Mac client computers printing to it, when there’s a jam, or to cancel a print job, or anytime where the printer needs some user intervention, clients are prompted with “Type the name and password of a user in the “Print Operator” group to allow {printer name or ip} @{computer name}.app to make changes.” We’ve entered in a local admin account which resides on the Mac with the shared printer, and still no go. Both local admin account on other Mac client workstations and domain accounts do not work as well. Any suggestions with a fix for this? Also, any idea what’s going on here?

Would purchasing a Mac OS Server, attached to AD as well, solve these issues?


]]> http://macadmincorner.com/allow-non-admin-users-to-manage-printers/comment-page-1/#comment-710 Comment on Migrate Local User to Domain Account by MIke http://feedproxy.google.com/~r/MacAdminCorner_Comments/~3/ti9NU5ABYxE/ MIke Fri, 30 Dec 2011 18:14:06 +0000 http://blog.macadmincorner.com/?p=352#comment-709 Can anyone give *exact* steps for running this in Lion? i.e. - should we run it in a local admin account only? Should the machine already be bound to AD or not? I ran this once (haphazardly since the outcome didn't matter much) and while the files and folders did migrate, the user had lost permissions to just about everything. Restoring those permissions on all of the folders and in more than too many cases, sub-folders as well, was no fun. Kudos to the script author(s) though. This was sorely needed... Can anyone give *exact* steps for running this in Lion? i.e. – should we run it in a local admin account only? Should the machine already be bound to AD or not? I ran this once (haphazardly since the outcome didn’t matter much) and while the files and folders did migrate, the user had lost permissions to just about everything. Restoring those permissions on all of the folders and in more than too many cases, sub-folders as well, was no fun.

Kudos to the script author(s) though. This was sorely needed…


]]> http://macadmincorner.com/migrate-local-user-to-domain-account/comment-page-2/#comment-709 Comment on Migrate Local User to Domain Account by Dustin Day http://feedproxy.google.com/~r/MacAdminCorner_Comments/~3/YF6tYEjtW2c/ Dustin Day Wed, 14 Dec 2011 19:57:05 +0000 http://blog.macadmincorner.com/?p=352#comment-705 @Patrick The only folder that I see is the new network account and the guest folder. I have tried to use Disk Drill to recover these files before you replied to my question. The results that came up from that utility were all temp files, I still can't find the user's documents, email files, etc. Any help is greatly appreciated! Thanks Again Patrick @Patrick

The only folder that I see is the new network account and the guest folder. I have tried to use Disk Drill to recover these files before you replied to my question. The results that came up from that utility were all temp files, I still can’t find the user’s documents, email files, etc.

Any help is greatly appreciated!

Thanks Again Patrick


]]> http://macadmincorner.com/migrate-local-user-to-domain-account/comment-page-1/#comment-705 Comment on Migrate Local User to Domain Account by Patrick http://feedproxy.google.com/~r/MacAdminCorner_Comments/~3/QcY7AVLiMD4/ Patrick Wed, 14 Dec 2011 14:42:08 +0000 http://blog.macadmincorner.com/?p=352#comment-704 @Dustin. The home folder is never deleted. Only renamed. Look in your /Users folder, you should still see a folder named after the local user. You should be able to fix it manually by running: sudo mv /Users/localhomefolder /Users/networkuser sudo chown -R networkuser /Users/networkuser @Dustin.
The home folder is never deleted. Only renamed. Look in your /Users folder, you should still see a folder named after the local user. You should be able to fix it manually by running:
sudo mv /Users/localhomefolder /Users/networkuser
sudo chown -R networkuser /Users/networkuser


]]> http://macadmincorner.com/migrate-local-user-to-domain-account/comment-page-1/#comment-704