Combo Lab Kit Project - Windows Partition Unmount Solution
Well, after a lot of work and a very late night talking with Everette at ITD, It has been determined that the best way to proceed for unmounting the Windows Partition is through a login hook. Yes, this will likely go away with 10.5, but we are going to stick with 10.4 for a while and the capability is there with launch agents, but it will need some tweaking. I plan to continue investigating launch agents, but for now will stick with login and logout hooks.

One thing of note is that you can't implement the hook recommended by bombich.com with the NCSU Mac Lab Kit, or with any Mac that already has login and logout hooks implemented. To unmount the Windows partition at login put this line at the end of the login.hook file just above the "exit 0;" line:

#Unmount windows volume for Design
$myerr = `diskutil unmount force disk0s3`;

Replace "disk0s3" with whatever your Windows volume is called.

To remount the volue and relauch Bootpicker at logout, put the following in the logout.hook just above the "exit 0;" line:

# Mount Windows Partition for Design
$myerr = `diskutil mount disk0s3`;
$myerr = `/Applications/Utilities/BootPicker.app/Contents/MacOS/BootPicker`;

I've had four machines, three in a public lab and one in our equipment checkout office, running for a while now with no problems. The next problem I face is getting a WSUS server up and running for our Windows side and a Software Update server running for the OS X side.

I'd also like to get netboot running on all the lab machines so I can deploy the kits with a click of the button.

Otherwise, all is well and I'm proceeding with the plan to provide Dual Boot with the new Macs for this Fall at the earliest and Spring at the latest.
Posted by jmjenki3 ( Aug 02 2007, 03:16:19 PM EDT ) Permalink

Combo Lab Kit Project - Agents, Daemons and Hooks. Oh My!
With the "death" of login and logout hooks, as well as ttys editing falling by the wayside with the move to 10.5, I've begun to investigate Launch Agents and launchd editing under OS X for use in the labs. I've mentioned Lingon before, which does an excellent job of creating Launch Agents, but I've run into a slight issue. With Lingon, you can create Users Agents and Users Daemons. Agents run as the login user and Daemons run as root.

The problem I'm having is that I have a script that unmounts the Windows partition so an intrepid user can't go snooping around through the Windows partition and do nasty things. If I run the script as a Users Agent, then on login, I get prompted for Administrative access, no surprise since I'm logged in as a non admin account. If I run the script as a Users Daemon, then the Windows partition unmounts at boot, which breaks my OS selection screen (Bootpicker).

Further, at logout, I need the computer to go back to the OS selection screen. However, since the Windows partition is unmounted, Bootpicker doesn't see it as a choice and the computer just goes back to the OS X login screen. Under Windows, I've accomplished this by remapping the logout button to restart the computer. Our OS X labkit could be made to do the same thing, but there may be other things done behind the scene at logout in the OS X labkit that I need to verify before I implement at restart at logout. I would much rather have a script that logs out the user and remounts the windows partition or just lets it appear as part of the OS selection screen.

I'm going to head over to Bombich.com to see if I can get any advice on this.
Posted by jmjenki3 ( Jul 19 2007, 10:47:06 AM EDT ) Permalink

Ditto
Found a neat little trick with OS X. I'd never had occasion to copy a whole directory through the command line until today. While restoring a server after a hard drive upgrade, I needed to copy my backups from an external disc. Drag-n-drop in the Finder would fail because of permission issues and I didn't feel like waiting for a Verify and Repair Disk Permissions. I just needed the data back on the server.

I tried running a simple sudo cp in the Terminal, but it failed because what I wanted to copy was a directory.

So, I found this hint from MacDevCenter. It is a command line utility called ditto and you can use it to restore entire directories. It has two flags that I've found to be very useful - the -V flag turns on verbose mode, so you can see what's copying and -rsrc preserves permissions and ownership. Here's the full usage:

ditto -V -rsrc /PATH-TO-SOURCE/DIRECTORY /PATH-TO-TARGET/DIRECTORY
Posted by jmjenki3 ( Jul 13 2007, 10:06:05 AM EDT ) Permalink

Windows Vista and Retrospect
I upgraded my laptop to Vista yesterday and started testing some common apps. One thing I did find was that the Retrospect client does not work immediately after installation. You have to take the following three steps to make it work:

1. Allow the program access through Windows Firewall.
• Windows Button>Control Panel>Windows Firewall
• Click on the Exceptions Tab
• Click on the Add Program button
• In the Path Field type: c:\Windows\System32\RetroClient.cpl
2. Add TCP/UDP ports for the Firewall.
• Windows Button>Control Panel>Windows Firewall
• Click on the Exceptions Tab
• Click on the Add Port button
• Add a TCP and UDP exception for port number 497
  

Posted by jmjenki3 ( Jun 15 2007, 11:40:12 AM EDT ) Permalink

Combo Lab Kit Project - Adventures In Time

After many tears and much blood, I think, I hope I have solved my dual boot time sync problem.

No matter what I was trying, my OS X time was defaulting back to four hours behind. I found this possible solution here:

OS X Solution
http://www.macosxhints.com/article.php?story=20070507030228844

Windows Solution
http://discussions.apple.com/message.jspa?messageID=2378251#2378251

Here are the steps I've taken:

1. Disable Windows Time Service. Start>Control Panel>Date and Time
2. Click on Internet Time tab
3. Uncheck the box next to "Automatically synchronize with an Internet time server" and click OK.
4. Install Tardis 2000. It's a third party time management app that runs as a service when Windows starts.
5. Reboot into OS X
6. Log in as labadmin
7. Install Lingon
8. Copy the Lingon application to your /usr/labadmin/Admin Apps folder
9. Launch the Lingon application
10. Click the toolbar's "Assistant" button (bow-tie icon)
11. Make sure that "Run a job at startup" radio button is selected and click "Next"
12. In the "Label" field, type in a name for this task, using reverse-domain naming (edu.ncsu.time)
13. Uncheck the "Launch only when I log in" checkbox
14. Check "Must be run as root" (this checkbox will be enabled when you un-select the one above)
15. Click "Next"
16. In the "Job" field, type "/usr/sbin/ntpdate -u" and click "Create"
17. At this point, you should be prompted to authenticate as an admin user
18. Reboot into Windows and then back to OS X to verify the time is right.

Posted by jmjenki3 ( Jun 12 2007, 02:51:03 PM EDT ) Permalink

Combo Labkit Project - Timesync Issues ****UPDATE - 6/11/2007****

So, it turns out that the registry edit messed up both Operating systems. A student worker came to me and told me that the Windows OS time was ahead by 4 hours. It seems that there is no problem with the time when logged in as admin.

My next idea is try a login hook on OS X that resets the correct time. Windows seems to run on the correct time without the registry edit, so if I can get OS X to reset its time on login, this problem will be licked.

****END UPDATE****

One of our students workers found an interesting problem with our dual boot test machine. When booting into OS X after booting into Windows, the system time is offset by 4 hours. The time appears correctly in Windows.

After some research, I found a potential solution here. Here's the snippet of what I had to implement:

1. Boot Windows
2. Click Start --> Run and type regedit. Click OK
3. The Windows Registry Editor should pop up. Navigate within the explorer to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation
4. Click on the TimeZoneInformation "folder" from the navigation pane if you haven't already done so.
5. This assumes the correct key doesn't exist. If it does, you will just change the existing key's value: Right click on the white space within the folder (If you don't have a right mouse button, you may need to download a program called applemouse to emulate the "control-click" of the apple 1-button mouse). Select new --> DWORD Value. Title the key "RealTimeIsUniversal" (No quotes). Set the value to "1" (No quotes again). Hexidecimal should be fine.
6. Either reboot and set the clock in MacOS or set the clock in Windows. You should now be able to reboot into either OS and have a correct clock.

Both operating systems appear to functioning with the correct time. I'll watch for any more oddities.

Posted by jmjenki3 ( Jun 11 2007, 11:46:50 AM EDT ) Permalink

IT Database Revamp Over the past three years (and beyond before I came here), The College of Design IT Department has been using Filemaker to keep track of its assets. While the current database design has been functional, it has also become a hassle to keep up to date. The current IT Database consists of three separate databases that are tied together through a series of commands and value lists that transfer data to one another.

My project is intended to bring all that data into one database, stored in different tables. I'm also hoping to including a bit more functionality that will perform some common functions like sorting and finding records, rather than having to go through the program menus in Filemaker.

The basic structure is already done and the database is functional. I'm just working on a few extra bells and whistles (such as the afore-mentioned sorting and finding records) that will make this project complete.
Posted by jmjenki3 ( Jun 05 2007, 08:53:21 AM EDT ) Permalink

Combo Labkit Project Update We recently learned about another bootloader program called Bootpicker. It seems to be a much better choice for our dual boot lab deployment because it addresses all of the security concerns we had about rEFIt.

1. It locks down external device booting through OS X's firmware password, so it is no longer possible to insert an external hard drive, CD or DVD and select it as a bootable volume. You must know the machine's firmware password to boot to anything other than the Mac or Windows Volume.
2. Bootpicker boots into an OS X shell instead of through EFI, thereby enabling remote commands to be sent to all machine's via Apple Remote Desktop. This makes management of the labs much easier.
3. It is now possible to combine Bootpicker and NetRestore to image the labs (both Mac and Windows OS's) from one central location.

We have deployed our Mac Mini beta machine with Bootpicker and are continuing to test it.
Posted by jmjenki3 ( May 29 2007, 02:03:45 PM EDT ) Permalink

XGrid and Windows Rendering I've been researching XGrid for OS X as a possible replacement for the College of Design Render Farm. Bascially, XGrid using a server to got out and use other computers to render jobs, just like the Render Farm did. My only problem - find a solution for the Windows users. I've found nothing as yet, but I'm starting to wonder what the feasibility would be of exporting jobs from programs like StudioTools and 3D Studio Max to Maya, which runs on OS X.

As I'm not an avid user of any of these programs, I intend to seek out faculty and students who are everyday users to test my idea. Of course, this all assumes that Maya will render under XGrid...another test to run.
Posted by jmjenki3 ( May 08 2007, 11:28:48 PM EDT ) Permalink

Render Farm End of Life As most of you may or may not know, the Render Farm will be shutting down on May 14, 2007. The machines that comprise the Render Farm are well over seven years in age and many are beginning to show their age. As such, we will be discontinuing rendering service over the summer as we investigate other possibilities.

One such possibility is XGrid, a service offered through Mac OS X. Basically, it collects unused processing cycles from available machines and creates one big rendering node. We will investigate this as a possibility over summer break and keep you posted.
Posted by jmjenki3 ( May 07 2007, 09:05:52 AM EDT ) Permalink

Combo Lab Kit Project We are investigating the possibility of deploying dual boot Macintosh machines running Mac OS X and Windows XP. Currently, we are using a 1.83 mHz Dual Core Mac Mini as our test machine.

Setting up the machine

I used Apple's bootcamp to partition the machine under the factory install OS and then installed Windows XP. The Windows partition cannot be Wolfprepped (for more information on Wolfprep, see http://microsys.unity.ncsu.edu/wolfprep/) because part of the Wolfprep process includes creating a backup partition to reimage machines in the case of disaster recovery. This process corrupts the bootcamp setup and renders the Windows partition unusable.

Instead, I installed a base install of Windows XP and made sure all software updates were run. Next, I downloaded the Novell client and logged into the network as Wolfprep (to obtain the password for the Wolfprep user and gain access to the Wolfprep server, you must contact the ITD Help Desk).

The Imaging Process

I chose to set up the Windows lab kit first because the Mac Lab Kit has a Firmware password enabled that you have to enter every time when you choose which partition to boot at startup. Once I installed Windows through Bootcamp, I downloaded the Novell client and logged in with the Wolfprep user. This performs a modified Wolfprep install - the Application Launcher is installed and access to all applications associated with that computer is granted.

After the Windows lab kit was installed, I imaged the Mac partition with the Mac lab kit. Once the lab kit was installed, I had to find a way to deal with the Windows partion mounting on login. Although the partion mounted as read-only, there was still a security risk. Any file on the Windows partition could be read and copied, including a file conatining sensitive information about system administrative access.

After talking with Apple, I was told of a login hook that would unmount the Windows partition at login. Once the login hook was tested, I had to find a way to select which OS to boot without having to input the administrative password. After some research, we learned of a bootloader program called rEFIt (homepage: http://refit.sourceforge.net/). rEFIt bypasses the firmware password when OS X boots up and allows a user to choose an Operating System.

Deployment and Security Concerns

I placed the Mac Mini in the IT Lab Checkout office for student workers to use as a private beta test. The reason we have not moved forward with a full rollout in the labs is because of a security concern with rEFIt. It is possible to boot external devices and CDs with rEFIt and there is currently no way to lock down that capability (i.e. with a password or complete disabling of external booting). Until such time as we find another solution, or the makers of rEFIt fix this problem, we will not be moving forward with a full lab deployment.

Looking Forward

We recently received the shipment of new Intel Macs for the Mac Lab updates. Joe and I are discussing designating one machine to be the public beta dual boot machine. More on this as time progresses.
Posted by jmjenki3 ( May 07 2007, 08:48:27 AM EDT ) Permalink

Hello World In the coming days, I intend for this to be a resource where I report IT issues relating to the College of Design. Here will be a centralized resource for Design faculty, staff and students to keep track of projects, lab and server updates, etc. Posted by jmjenki3 ( May 05 2007, 02:00:43 AM EDT ) Permalink