MacTech Group Agenda

Tuesday, April 8, 2014

2:00 to 4:30 pm — Room B16-B Hillsborough Bld.

1) Announcements – 5 min

•  OIT will support only version 10.8.5 or newer of Mac OS X after Dec 31, 2014 – Current 10.7.5
•  OS X versions that shipped with Intel Hardware: support.apple.com/kb/HT1159
•  *Vintage and Obsolete Apple Products: support.apple.com/kb/HT1752?viewlocale=en_US
•  Apple Education Support Line 800-800-2775 use this number only. Always verify Apple Care Coverage with purchase info.
•  OIT does not have a  support policy for Boot Camp. & OIT  does not support Classic mode at all.
•  Mac Collection Licenses and Media info at http://software.ncsu.edu/vendor/apple/package/macintosh-os-x
• Antivirus for Macintosh – www.ncsu.edu/antivirus
•  OIT Macintosh Support Web Site go.ncsu.edu/mac for updates.
•  Unity Macintosh Workflow uses /Users/$uid$ in the Active Directory configuration with a local home on each machine
•  Modified Unity Macintosh Installs are supported by the unit which has made the modifications.
•  OIT supports only Apple, Intel (i386) hardware for Mac OS and software. Only unmodified iOS is supported.
•  Please remember to check prices at www.apple.com/education/pricelists/ to verify best price with NC State Marketplace
•  Authorized NC State personnel wanting to get access to training and tools for Apple Certified Technician should register at gsx.apple.com   Email Everette_Allen@ncsu.edu for Sold-to Account number and approval.
•  UNC Combined Pricing Initiative (CPI) oit.ncsu.edu/it-purchases/background-unc-cpi
•  Casper Suite Enterprise service https://nc.jamfcloud.com/  (or go.ncsu.edu/mdmadmin)
• WWDC 2014 is June 2-6, 2014 OIT will not attend due to travel freeze.
• MacPolicy and MacTech will not meetin in July or August 2014

2) Kaspersky available for BYOD late April 2014 – 5 min

Update on new Kaspersky Antivirus for the University community.  As announced before OIT has purchased Karspersky Endpoint Protection as a campus antivirus solution.  The license allows for 2 types of machines a) personally owned student, faculty, and staff machines (BYOD) and b) institutuinally owned machines.  OIT is working with Karspersky to use the vendor’s web site to allow BYOD users to download the stand-a-lone, unmanaged version of  Karspersky Endpoint Protection.  This version for BYOD should be ready for user’s to install by late April 2014.  Watch for an announcement and changes at www.ncsu.edu/antivirus. The version for institutionall machines which reports to a management console centerally will be announced latter in summer 2014.  Discussion

3) Casper 9  Update- 15 min

We have encountered a new issue with Casper 9.30 which is now a known defect per our SysNews post (https://sysnews.ncsu.edu/news/533ec0b2)  The specific JAMF defect is D-006681 and  is scheduled to be fixed in 9.31.  I have asked for a road map and estimate of time and am waiting to hear back.  The defect causes machine records, that have a Username populated from a directory and where that Username is associated with more than one device to loose both the Department and Building information.  This has effected many of us because we were scoping policies, smart groups, etc using Department and/or Building.  Existing machines will fall out of smart groups, and scopes for policies, MCX Configs, etc.  I have asked if there is a patch that could be applied to our hosted server but no reply yet.  The only work-a-rounds are a) to make sure a Username is associated with only one OSX or iOS device or b) not use Department or Building as scopes.  This issue was not known to OIT prior to the 9.30 update and we applogize for any problems it might have caused.  Discussion

3) Netbooting with OS X 10.9   – 15 min.

Everette has spent some time working on booting multiple old and new OS X devices that support OS X 10.9.  There is a limit of 32 meg for the kernal cache tftp transfer in the firmware of pre-2011 devices.  The kernal extention in 10.9.x is 35 meg causing the tftp to fail.  The issue is discussed at jamfnation.jamfsoftware.com/discussion.html?id=9836 with a nice script to fix existing netboot sets (.nbi) at blog.designed79.co.uk/?p=1807    Everette has been able to create a netboot that works over all the machine available to OIT  called casperimaging.nbi which is available from the OIT netboot servers. This set boots 10.9.2 and automatically runs Casper Imaging.app connecting to nc.jamfcloud.com. Discussion.

4) Netinstall creation with OS X 10.9- 20 min.  

 OIT has developed a way to create NetInstall boot sets from the Install OS X  Mavericks.app that is downloaded from the App Store.   All OS X installs starting with 10.8 have an command line tool  /System/Library/CoreServices/System Image Utility.app/Contents/MacOS/imagetool that can automate the creation of netinstall and netboot images.   The imagetool  command line tool can read a configuration plist file that allows for creation (and recreation) of a consistant, never-booted, netinstall set.  The osx109ni.plist is available for download from oit.ncsu.edu/mac/downloads/osx109ni.zip  The configuration assumes a)/Applications/Install OS X Mavericks.app, b) /Users/Shared as destination and c) the target hard drive is named Macintosh HD and will be formatted  and d) osx109ni.nbi as name of netintall set. Please feel free to use osx109ni.plist if you want to create netinstalls (imagetool –plist ./osx109ni.plist ) .  OIT also has a netinstall set for use with Casper called casper1092ni.nbi on the OIT netboot servers.   Discussion

5) UltraThin Nuke & Pave  – 10 min.  

As best practice OIT is abandoning bit copy imaging for deployment of OS X devices.  Instead we are moving to a modular deployment with Casper that supports multiple hardware and allows for continious improvement and update.  We are calling this UltraThin deployment.  This is different from the confusing Thin Imaging that is talked about on JAMF Nation and in Deploy Studio forums. To this end we are testing a Nuke&Pave sequence that uses both netinstall and netboot.  The theory is that there are only two types of machines a) those needing updates and b) those needing reinstall.  To be as efficent as possible it is best practice to think of reinstall machines as needing updates from nothing and build an install chain that uses that theory.  OIT is testing a netinstall set that formates the Macintosh HD and does unattended install of fresh OS X 10.9.2 and applies a First Boot Installer (https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/first_boot_package_install/) that then netboots to an automated run of Casper Imaging.app.  This provides a complete Nuke&Pave path that involves no bitcopy imaging!  The Casper Site admin or tech has complete control of the software applied via configuration as well as the first enrollment of new hardware directly into their site.  The OIT netboot servers have the two boot sets called casper1092ni.nbi and casperimaging.nbi.   Discussion.

6) “MS Office for iPad” – 5 min.  

Quick look at the new freemium MS apps for iPad.  There is no “Office” only word, excel and PowerPoint.  The free part is READ-ONLY which can already be done on iOS.  A paid by month or year subscription is required as in app purchase to edit documents.   Discussion.

7) Heart Bleed SSL Attack – 5 min.  

OS X is unix so always pay attention to security risks in UN*X like OSes.  However it does look like Mavericks is running 0.98y which is not vurnerable. See: https://jamfnation.jamfsoftware.com/discussion.html?id=10259  Discussion.

8) Rummor Mill – 5 min.  

Quick round of rummor mill predictions.  Discussion.

9) Q&A  – 5 min.  You ask we try to answer

Next meeting – May 13, 2014 in Room B16-B Hillsborough from 2:30-4:30 pm.

MacTech – 2nd Tuesday each month: Jan, Feb, Mar, Apr, May, Jun,  Jul, Sep, Oct, Nov, Dec

MacPolicy – 2nd Tuesday of every other month: Jan, Mar, May, Jul, Sep, Nov.

Neither MacPolicy or MacTech will meet in July or August.  All meetings will be held in B16-B Hillsborough Bld unless otherwise announced.