Managing a Mac Lab: Tips to Make Life Easier

1
Managing a Mac Lab Tips to Make Life Easier

• Helen Siukola Jancich
• Anastasia Trekles
• Purdue University Calumet

2
Workshop Outline

• Introductions
• Whats the Mac Environment Like at Your School?
• Options for Imaging and Restoring Lab Drives
• NetBoot NetRestore
• Mac OS X, Users, and Security
• Other Lab Management Tricks from the Battlefield
• Featured Software and Resources

3
Hows Your Macs?

• Every institution has its own lab and network
  configurations, making almost everyones
  situation unique
• We may not get to cover every possible
  configuration during the workshop, but you are
  encouraged to visit http//www.bombich.com and
  http//www.macosxlabs.com to find scripts,
  articles, advice, and more to fit your exact needs

4
Our Mac Environment

• At Purdue Calumet, we have
• Novell Services almost exclusively for Windows
  users (the majority on campus)
• 1 Xserve (10.3) and 1 Mac OS X 10.2 server for 3
  websites, FTP, Apple File Services, and SMTP
  POP Mail services
• 4 Mac labs of varying sizes (largest holds 25
  Macs)
• About 20 faculty and staff using Macs in their
  offices

5
Our Mac Environment

• The Mac network is separate without the Novell
  client software
• We manage our own users for OSX server access
• Lab computers have a universal student login
  rather than authentication through LDAP - this
  would be possible, however, if the Novell server
  admins would allow access

6
Imaging and Restoring

• Mac clients all share almost the same software
  configuration
• Differences between models and lab needs are
  handled with multiple drive images
• Currently there are four images distributed
  across campus Mac labs

7
Imaging Drives - Basic Steps

1. Take any Mac similar to your lab computers, and
   partition it into two drives (also works with an
   external Firewire drive)
2. Build the lab drive and install software as
   needed
3. Set up users and system and program preferences
4. Restart from the other partition
5. Use either Disk Utility, Disk Copy, or NetRestore
   Helper to make an image of the lab drive partition

8
Imaging Drives - Notes

• Dont use a different OS from the lab drives to
  make the image
• To save some time, create the lab image on a
  local drive first, then copy it to the network
  once its created if needed
• OS9 Users Disk Copy limits you to 2GB unless you
  have Disk Copy 6.4
• Get it here http//homepage.mac.com/alk/personal/
  stuff.html
• Youll also need to use ASR 2.2.4 or higher to
  restore

9
Restoring Drives

• OS9 ASR 2.2.4 or higher for drive images over
  2GB
• Mac OS X 10.1 ASR 2.2.4 or asr at command line
• Mac OS X 10.2 ImageJaguar script (get it from
  http//www.versiontracker.com), asr command line,
  or NetRestore (recommended)
• Mac OS X 10.3 Disk Utility (rec.), asr, or
  NetRestore (rec.)

10
Restoring Drives - Notes

• You should use the same OS as the OS version of
  the drive image being restored, especially under
  Mac OS X (sub-versions, like 10.3.x also count in
  most cases)
• For large images, local restore from a Firewire
  drive or CD/DVD is fastest
• Use BootCD to create a startup disk for OSX
  (again, create your BootCD from the same OS as
  the drive image)

11
NetBoot and NetRestore

• NetRestore Helper can create NetBoot sets to load
  into your /Library/NetBoot/NetBootSP0 directory
  on your NetBoot server (login as root)
• Use OS X Server 10.2 or higher for best results
• Note that some older Macs cant NetBoot with
  newer OS X Servers - restore locally instead

12
NetBoot and NetRestore

• To configure the NetInstall set with NetRestore
• Place your restore image on a readily available
  network drive
• Tell NetRestore where to find it and what the
  authentication is
• Test and Save the configuration, and your
  NetInstall set is ready

13
NetBoot and NetRestore

• For added security
• Dont make the NetInstall set your default
• Create a special user whose only role is
  NetRestores and is the only one with access to
  the drive image
• Keep the drive image on a private part of your
  network

14
NetBoot and NetRestore

• Network speed and the size of the image will
  affect the amount of time you spend with
  NetBoot/NetRestore solutions
• For a 14-station lab of slot-load Indigo iMacs at
  10Mbps, it takes an average of 160-180 hours per
  station if they are all restoring at once
• (NetBoot is housed on a dual processor Xserve G5)

15
Mac OS X, Users, and Security

• OSX allows more flexibility and security than
  ever before
• You can have users log in using remotely-hosted
  information on LDAP or Active Directory servers

16
No Directory Access?

• Create universal local users with different
  privileges and preferences
• Create a local user list and set System Prefs -gt
  Accounts -gt Login Options as Name and Password
  to prevent open listing of user accounts

17
Mac OS X, Users, and Security

• Securing Classic is important - if you dont need
  it you might not even install a Classic System
  Folder
• If you do need it, you can load your Classic
  folder into a read-only disk image and use
  ShadowClassic to make it usable
• On any recent Apple Restore CD or DVD, get a
  ready-to-go Classic image from the .images
  invisible folder

18
Save Time and Money with Universal User Accounts

• Universal logins can make life difficult without
  DeepFreeze or another security/desktop management
  software
• But, you can get around this and save some money!
• Use LoginWindow Manager and a Logout Script as a
  hook to clean up the users home directory at
  each logout - poor mans DeepFreeze!

19
The Poor Mans DeepFreeze Logout Script

• Open Terminal and type sudo su to login as root
• Enter the following commands (note that the
  generic name student is our users name -
  replace it as needed)
• Cd /var/root
• Mkdir Scripts
• Mkdir student
• Cd Scripts

20
The Poor Mans DeepFreeze Logout Script

• Type pico logoutscript to create a placeholder
  file for the script
• !/bin/csh
• Exit 0
• Make it executable chmod ugox logoutscript
• Now copy the contents from the original account
• Ditto -rsrcFork /Users/student /private/var/root/s
  tudent
• Delete cache files for the account
• Rm -R /private/var/root/student/Library/Caches/

21
Now for the script - pico logoutscript again and
enter !/bin/csh Example user below has short
name student full paths used for commands in
case path variable is not set correctly login
window passes the user name to the script via the
variable 1 If ( 1 student ) then first,
unlock all files /usr/bin/chflags -R nouchg
/Users/student/ /usr/bin/chflags -R nouchg
/Users/student/.?? then, delete all the
files /bin/rm -R /Users/student/ /bin/rm -R
/Users/student/.?? ensure that the users
directory exists /bin/mkdir /Users/student/ copy
the clean version of the student
directory /usr/bin/ditto -rsrcFork
/private/var/root/student /Users/student /usr/sbin
/chown -R studentstaff /Users/student endif exit
0
22
The Poor Mans DeepFreeze Logout Script

• Use LoginWindow Manager from http//www.bombich.co
  m to set /private/var/root/Scripts/logoutscript
  as your Logout hook
• You can also add messages to the login window and
  more using this handy program
• For added security, keep LoginWindow Manager in a
  secure place away from users

23
Tips from the Battlefield

• Three words Apple Remote Desktop
• Simple AppleScript knowledge is a huge help
• Inserted disks missing from the Desktop might be
  in /Volumes - create a script to open this
  directory for users to access their disks
• AppleScript can also prompt users to authenticate
  to network volumes - works great for our PCounter
  server for authenticating to print
• Upgrade from older versions of OS X as soon as
  possible - you wont be sorry!

24
Tips Securing Printing

• Printers getting switched around or deleted?
• In OS9 - avoid using Desktop Printing and lock or
  hide the Chooser
• In OSX - secure Print Center
• Put Print Center (Printer Setup Utility in 10.3)
  in its own folder
• As an admin, open Terminal
• Type sudo chmod -R a-r nameoffolder
• So, Print Center will keep working with given
  printer list, but users cant change it or open
  the folder

25
Tips Hide a User

• To hide a user from the Login Window in OSX
• Enable Root from NetInfo Manager as an
  administrator
• Login as root and open NetInfo Manager again
• Change the UID of the account in question to
  something less than 500, like 499 (take note of
  the original UID too)
• Open Terminal and type (501 is the original UID
  and 499 is the new one)
• find / -user 501 -exec chown 499 \
• Use NetInfo Manager to change the home property
  to /var/admin for added security

26
Tips for the Battlefield

• What are your Mac management tips or stories
  youd like to share?

27
Featured Software

• Mike Bombich Software
• NetRestore/NetRestore Helper
• LoginWindow Manager
• ShadowClassic
• Info and more goodies
• Charles Srstka Software
• BootCD
• Apple
• Disk Utility (Mac OS X 10.3)
• Disk Copy (Mac OS X 10.2)
• Apple Software Restore (Mac OS 9)

28
Resources

• Mike Bombichs website, including many articles
  and discussion forums http//www.bombich.com
• MacEnterprise (MacOSXLabs), a growing project
  with a repository of information about Mac
  deployment in enterprise settings
  http//www.macosxlabs.org
• Charles Srstka produces several freeware
  utilities, including BootCD http//www.charlessof
  t.com

29
Resources

• Extras
• Helens website http//education.calumet.purdue.e
  du/Faculty/Jancich
• Stacis website http//education.calumet.purdue.e
  du/Faculty/trekles

30
Thank You!

• To download this presentation and get other
  related resources, visit our workshop website
• http//education.calumet.purdue.edu/Tutorials/ICE
  
• Helen Siukola Jancich
• Anastasia Trekles
• Purdue University Calumet
• http//www.calumet.purdue.edu