Jamf has an excellent KB article on how to deploy the McAfee ePO agent.
https://jamfnation.jamfsoftware.com/article.html?id=182
However, if you have already installed the unmanaged client you will need to remove the agent before reinstalling.
1) Uninstall the existing (stand-alone) agent using Casper Remote by running the following command:
/Library/McAfee/cma/uninstall.sh
2) Install the agent using Casper Remote and the following command:
/Library/Application\ Support/McAfee/install.sh -i
If you do not first uninstall the agent you will receive the following error:
"An higher or same version of the agent is already installed installer: Error - The installed version of the agent is already greater than or equal to this version. Installation cannot continue"
Thursday, March 29, 2012
Friday, March 9, 2012
ExtremeZIP Optimisation and General Settings
We have received several requests as to the best way to optimise performance of Windows servers running ExtremeZIP file sharing for Apple clients. In particular many sites see the following warnings in their ExtremeZIP logs (Windows 2003 server):
If you see these warnings, or even if you don't but still want to make sure your system is running as smooth as possible, the first thing you should do is read this KB article from Group Logic:
http://support.grouplogic.com/?p=1544
It goes into detail about the registry settings that need to be tweaked in order to get the best out of ExtremeZIP. The KB is from 2009 but the registry changes are still applicable on 2008 R2 servers. Here is an example of the registry changes to make:
It is also recommended that on Windows 2003 server you Maximize Data Throughput for Network Applications instead of "File Sharing". To do this follow these steps:
If you see these warnings, or even if you don't but still want to make sure your system is running as smooth as possible, the first thing you should do is read this KB article from Group Logic:
http://support.grouplogic.com/?p=1544
It goes into detail about the registry settings that need to be tweaked in order to get the best out of ExtremeZIP. The KB is from 2009 but the registry changes are still applicable on 2008 R2 servers. Here is an example of the registry changes to make:
It is also recommended that on Windows 2003 server you Maximize Data Throughput for Network Applications instead of "File Sharing". To do this follow these steps:
- Right-click on My Network Places and select "Properties"
- Right-click on your NIC and select "Properties"
- Highlight "File and Print Sharing for Microsoft Networks" and click the "Properties" button
- Enabled Maximize data throughput for network applications
General ExtremeZIP Settings
We have found that the following setup works well for most locations (your mileage may vary).
Launch ExtremZIP Administrator and click on the "Settings" button; select the "File Server" tab.
Put ticks in the "Allow Encrypted Logins" and "Allow Kerberos Logins" only.
Click on the "Security" tab.
In order to have ExtremeZIP support Unix and more granular ACLs on volumes you must supply an AD account.
- Put a tick in "Global Catalog"
- Enter an account that has domain access. It is a good idea to use a service account that has a password set to never expire. Add the account in the format of "yourdomain\account.name"
- Enter the account password
- For "Domain" enter the FQDN of your domain
- For "Permissions" use the the settings in the above example. You generally don't want your Mac clients to be able to change folder permissions so remove the tick from "Allow Mac clients to change permissions"
- If you like you can select one of the tick boxes under "Show only accessible:" If you check the "Folders" option, users will see only folders that they can access. If you check the "Files" option, users will only see files they can access
- Under "Other Options" you can "Allow remote administration of server" if you want Windows admins to be able to use the remote admin features of ExtremeZIP (click the "Help" button for more details)
- By putting a tick in "Notify Mac clients of password expiration in XX days" your Mac clients will see a password change notification when they connect to an ExtremeZIP enabled share. Note: they can not change their password directly from the expiration warning dialogue box.
Search settings should be customised for your environment. If you put a tick in "Index volumes for search" ExtremeZIP will create an index of all the files on your ExtremeZIP volumes. This allows Mac clients to do rapid searches of files/folders using the ExtremeZIP index and does not impact the server drives. However, this only applies to searches performed at the root level of a volume. Searches performed in sub-folders will use standard Windows enumerated searching (more disk intense).
Keep the default "Maximum search index cache size" at 20MB.
"Lazy Indexing" limits the amount of system resources available for indexing and is recommended for servers under high load or with considerable I/O traffic.
"Automatically rebuild sparse indexes" is a maintenance function of ExtremeZIP that cleans up the indexes when 1/3 of the records are stale.
If you want to enable Spotlight searching put a tick in the "Support Spotlight Search" box.
Click on the "Filename Policy" tab.
If you are working in a mixed environment where Mac and PC users must share files it is recommended that you use ExtremeZIP's filename policy to force Mac clients to create files/folders that are compatible with Windows systems.
To enable filename policy enforcement put a tick in "Enforce Filename Policy".
"Apply policy to all volumes" will enable the policy on all files/folders in newly created volumes. Legacy volumes and existing files/folders will not be affected.
If you want the user to simply be warned of naming violations un-tick "Reject policy violations..."
Under "Do not allow:" you can select what characters and name lengths are acceptable.
Put a tick in "Characters illegal in Windows file or folder names" if you want to exclude filenames that contain characters not allowed in Windows. The characters are / ? < > \ : * | trailing spaces and trailing full-stops.
Put a tick in "Characters that will not display in Windows Explorer" to exclude names that can not be displayed in the font used by Windows Explorer (the default is Tahoma).
By limiting the file/folder names to 254 characters you can ensure compatibility with Windows systems. You may also enable the 254 character limit for paths as well.
Click on the "Service Discovery" tab.
For "Server Name" enter the server name as you want it to appear to Mac clients.
If you are in a standard Windows/Mac environment you only really need to tick the "File" and "Print" boxes next to "Bonjour" to make the ExtremeZIP enabled Windows server visible in a search from Mac clients. The rest of the protocols only need to be enacted if you use them at your location.
Note: there should be no need to use AppleTalk unless you have OS9 clients or AppleTalk printers.
The latest information, knowledge base articles and manuals can be found on the GroupLogic site.
Thursday, March 8, 2012
Slow Login on Snow Leopard Clients Bound to AD
We have received several reports that Snow Leopard clients that are bound to AD are experiencing very slow logins- up to five minutes before the desktop would appear.
One fix is to remove Active Directory/All Domains from the Authentication tab in Directory Services. Once this is done the login is very fast.
The drawback is that no other user will be able to log into the computer using their AD credentials.
AD password changes done via the login screen or System Preferences/Users/Change Password continue to work.
Full details can be found on Tech Smog.
One fix is to remove Active Directory/All Domains from the Authentication tab in Directory Services. Once this is done the login is very fast.
The drawback is that no other user will be able to log into the computer using their AD credentials.
AD password changes done via the login screen or System Preferences/Users/Change Password continue to work.
Full details can be found on Tech Smog.
Wednesday, March 7, 2012
How to enable or disable Airport from the command line
I was asked how to disable the Airport from the command line. Here is what you do: Disable: sudo ifconfig en1 down Enable: sudo ifconfig en1 up
"en1" is the network interface. "en0" is usually Ethernet and "en1" is normally the Airport.
You can send these commands via ARD.
Subscribe to:
Posts (Atom)