FileVault2 and Login Passwords Out of Sync

After a password change on 10.12 or 10.13 Macs that are FV2 enabled, the user’s FV2 password gets out-of-sync with their Keychain password.  On restart, the user can only log into the computer using their old password.  The problem exists regardless of whether or not the machine is bound or using Enterprise Connect.

You will need to delete and re-add the account but without actually removing any data.

·      Delete the user’s existing account (Loss of user data can occur if not followed exactly)

o   Open System Preferences/Users & Groups

o   Unlock preferences by clicking on the lock icon and entering the local admin password when prompted

o   Highlight the existing user’s account and click on the minus button below “Login Options”

o   Make sure you choose the option Don’t change the home folder

Once you have confirmed, click the Delete User button

Rename user folder and apply permissions

·      Go to /Users and find the home directory of the user you deleted. It will have (Deleted) after the folder name.

·      Rename the folder to first.last (use the IPG AD account name)

·      Open Terminal

·      Type the following command to change ownership of the user’s home directory: 

sudo chown –R first.last:staff  /Users/first.last

·      Example:  sudo chown –R mark.lewis:staff  /Users/tom.jones

·      Wait until you receive the prompt again. If you see some errors, it is okay.

·      Restart and log in as the local admin

·      Open Terminal and type, “fdesetup ad -usertoadd [user name]”

·      Enter the user’s password when prompted

·      Restart

·      Log in as the user

·      You should be prompted to create a new Secure Token: make sure you do this!  If you don’t, FV2 will fail on the user’s account.

Note: I found out the hard way that the Secure Token screen vanishes after about 30 seconds.  If this happens to you, you will have to associate the Secure Token manually via Terminal.  For full details, see this page:

https://derflounder.wordpress.com/2018/01/20/secure-token-and-filevault-on-apple-file-system/

-->

Mac Server: Unable to update Server

After updating the OS on a Mac Mini to 10.12.6 and downloading Server.app 5.3.1 we encountered an error:

It turns out that not all OS/Server.app versions allow direct updates; in some cases you must do a data migration.  Apple posts an upgrade matrix here.

The quick fix, if you don't mind configuring the server again, is to simply trash the Server.app from Applications and remove the /Library/Server folder.  Once this has been done, you can re-install Server.app and it will launch the configuration manager.

If you get the "unable to update server" error and you need to keep your settings then you are in for a bumpy ride.  You have no choice but to do a data migration between two devices.  The procedure is explained in the same link as above and entails building a new system, target booting, doing a data migration and then installing Server.app.  Honestly, Apple couldn't have made it any harder if they tried.

Egnyte Desktop Sync Errors With Keynote Files

Egnyte, and indeed most non-Apple file systems, have difficulty saving Keynote files.  The structure of Keynote files are atypical and as such Egnyte tends to see a directory structure rather than a single file.

Keynote has the option of saving files either as a "Single File" or a "Package" and for the purposes of file system compatibility, we recommend using a "Package."  From within Keynote go to File/Advanced/Change File Type:

Note: As a rule-of-thumb, we recommend that any Keynote file larger than 1GB be zipped before being saved to Egnyte.

By default, Keynote saves everything as a Single File.  If you go to Terminal and look at the file attributes you will notice that it actually appears as a directory rather than a single file:

This can cause problems with both Egnyte Desktop Sync and the Web UI.  The Web UI will  show Keynote data not as a single file but as a directory.  This makes the file unreadable from the Web UI and can cause syncing issues with Desktop Sync.  In Desktop Sync, you may see an error such as this:

Simply saving the file as a "Package" from within Keynote does not always resolve the problem, it may simply return a different error:

 

If you see this error you will need to change the permissions on the Keynote file in order for it to Sync.

• Save the Keynote file as a Package
• Open Terminal
• Navigate to the folder containing the Keynote file
• Type "chmod 744 [file name]
• Example:  chmod 744 myfile.key

 If you type "ls -la" you will see that the file permissions have been set to allow the file owner (you) to Read/Write/Execute:

Normal Mac file permissions are 644 and look like this:

However, for some reason, Keynote files sometimes need the extra "execute" permission in order to get Egnyte to sync them correctly.

After changing the permissions, trigger a sync and it should complete without errors.

 

Setting the default home page in Safari with Casper

The first step is to create a .plist file:

Save the file as plain text with a name "com.apple.Safari"

Log into the JSS

• Create a new Configuration Profile
• On "General" tab set the"Level" to "Computer Level"

• Select "Custom Settings" from the left-hand column
•  Upload the .plist file you created earlier
• Ensure the "Preference Domain" is "com.apple.Safari"

• Scope it to the computers you want the preference applied to

We have had good luck with this method.