Apple recently came out with their own doc for wireless connectivity using 802.1x
Thanks go out to Kirk at kkheconsulting for the update.
So I went ahead and installed the public Windows 7 beta (x64)…
Nice easy install with minimal prompting. Some quick noticeable points: UAC now has a few levels of interaction which is a nice change and the start menu is has a little bit of the usefull feel of xp thrown back into it.
My $10 usb 802.11g (realtek based) device was an immediate need so I did a quick search for drivers and couldn’t find anything that was signed (win7 requires signed drivers for everything) and the audio on my board (an Asus A8N–SLI Premium) was not intalled properly. Asus did have 64bit drivers on their website for my ‘older’ board.
So I broke down and drug a patch cable to my router and ran software updates which, in the end, made me all happy again because the drivers for both wireless and audio were available so I can also listen to music again. yea, no patch cord running across the room.
Web browser – Firefox – http://wiki.mozilla-x86-64.com/Download. There are issues with running a 64bit browser such as no flash player available, roboform and other 32bit apps will not hook into it. If you use a 64bit browser, you
Firewall – Comodo Internet Security (http://www.personalfirewall.comodo.com) has been winning awards for a while now and has good control for those that wish to delve into it. For a ‘easy’ firewall with no HIPS, I have seen recommendations for Vista firewall Control (http://sphinx-soft.com/Vista/index.html)
Antivirus – Comodo Internet Security (same package as firewall). If you don’t want to run both antivirus and firewall from Comodo, you can simply choose not to install one or the other. My 2nd choice for antivirus would have been Avast Home Ed. It’s not a true 64bit app, but the kernel level drivers are 64bit – http://www.avast.com/eng/avast_4_home.html
Defragger – JKDefrag which can alse be run as a portable app –
Archiver – PeaZip (http://peazip.sourceforge.net). PeaZip has a more familiar gui. A good alternative would be 7zip (http://www.7-zip.org).
/usr/sbin/lpadmin -p tms-copier-room18-01 -E -v lpd://tms-copier-room18-01 -P /Library/Printers/PPDs/Contents/Resources/en.lproj/CNR5050X1.PPD.gz -o printer-is-shared=false -D “tms-copier-room18-01 (Office)”
In Applescript you’ll need to use double quotes, etc.
do shell script “/usr/sbin/lpadmin -p tms-copier-room18-01 -E -v lpd://tms-copier-room18-01 -P /Library/Printers/PPDs/Contents/Resources/en.lproj/CNR5050X1.PPD.gz -o printer-is-shared=false -D ”tms-copier-room18-01 (Office)”“
If you have spaces in the driver name or elsewhere, be sure to preface them with a space. The below example uses a fictitious canon imagerunner example (the real ppd is not named as such)
do shell script “/usr/sbin/lpadmin -p Canon_Imagerunner -E -v lpd://tms-copier-room18-01 -P /Library/Printers/PPDs/Contents/Resources/en.lproj/Canon Imagerunner 4100.gz -o printer-is-shared=false -D ”tms-copier-room18-01 (Office)”“
to delete a printer, use the -x command.
/usr/sbin/lpadmin -x “name of printer”
Be sure to checkout the full list of options via the lpadmin man page. From terminal:
and remember, the do shell script command uses sh as the default shell, not bash.
Frontmotion Firefox CE (Community Edition) is a re-branded version of firefox. The original binaries are used but some preferences and other items are altered. In order to stay within Mozilla Firefox’s licensing, they had to change the icon and name. Basically, Mozilla Firefox has been repackaged as an MSI and some changes made to allow Group Policy templates to be used.
Updates to FM FirefoxCE and the mozilla.adm are available at: http://www.frontmotion.com/FMFirefoxCE/index.htm
Basic GPO settings via the administrative template are set as follows: Disable auto update, prompt for location to save downloads , disable check for default browser, & set the homepage. These are locked settings and cannot be edited by the user.
WPA Enterprise setup (aka, wpa peap)
1hr setup for PCs and Macs. It doesn’t go 100% in depth, but enough to get things going in a basic fashion.
Wireless SSO (Single Sign On) – http://technet.microsoft.com/en-us/magazine/2007.11.cableguy.aspx
Install Leopard Server in Advanced Mode as a Standalone Server.
Server Admin: Add wanted services, configure, and start them (specifically SMB)
Directory Utility: Bind to Domain
- Advanced options: Use UNC path from AD using SMB
- Default user shell: /bin/bash
Directory Utility: set the proper search order
:: Adding management functions in OD to work with the AD groups ::
Open WGM (WorkGroup Manager) and login as the Directory Administrator (diradmin)
- Add new members: in the sidebar, switch the directory to AD and
then click the groups icon. Drag the appropriate AD container to the
Using MS ADUC, set the home directories for the users.. note that
you can setup and turn on SMB on the OS X Server, and point the users
home directories (via AD) to the leopard server’s smb share.
What you end up with is AD accounts mapped to their homedir with MCX policy enforcement.
Manual bind on client: Using Directory Util, bind to the new OD
Master server then bind to AD. Place AD above OD in the search order.
login as test user…
To configure a Mac running OS X 10.5 (Leopard) to connect to a local Apple Software Update server, simply use the following command, where servername is the name of your local server that runs Software Update.
defaults write /Library/Preferences/com.apple.Softwareupdate CatalogURL http://servername:8088/
If you have any problems, verify that you can see the update server by accessing the following URL from the client’s web browser:
If you don’t see an XML-type page come up, you should verify that the Software Update service is running on the server, and that port 8088 is properly configured to allow traffic on your network.