I’m mostly posting this here for ease of finding it in the future. It seems like most people prefer to disable CTRL+ALT+DEL instead of actually allowing the Synergy service to initiate the Secure Attention Sequence (aka: CTRL+ALT+DEL).
Associate Director of Endpoint Solutions Engineering with Technology Solutions at UTSA and has been a professional in IT for over 20 years. He love his family, likes his motorcycle, and figures IT out!
During my adventures with Salt Stack, I wanted to accept keys automatically on the master. However, I wanted to do this more intelligently than just accepting all of them.
During my adventures with Salt Stack, I was having issues wrapping my head around how I was going to control what environment my dev machines were in. I even thought that pillar[environment] returning None was a bug. Turns out, I just needed to think more about what process would work in my environment. To solve this, I have created a very simple custom grain file that would store and set the our `dev` and `pre` environments. If you want to know how to use it, check out the readme. If you have issues with it, please use the issue tracker. General questions and comments can be made here and I’ll get to them as I can. Tested on: 10.8.4
We spent the day working on an issue where our User Policy wasn’t being applied to the User AD Object logging into a computer. We confirmed the usual steps: User AD Object is in the OU where the GPO is applied. GPO is enabled. Security Filtering is not filtering out the User AD Object. The policy was simply not showing up on the computer (would not display with `gpresult /r`). After some more digging, we found the issue: One of the GPOs applied to the Computer AD Object had the Configure user Group Policy loopback processing mode was set to Replace. Solution: Change Configure user Group Policy loopback processing mode to Merge. Note: our default has always been to use Merge in this setting … this one just slipped through the cracks. 🙁 Explanation The GPO Explanation of the Replace setting says: “Replace” indicates that the user settings defined in the computer’s Group Policy Objects replace the user settings normally applied to the user. To me, this means that Policies applied in the computer’s GPO will overwrite the policies applied, but then we look at the GPO Explanation of the Merge setting: “Merge” indicates that the user setting defined in the computer’s Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer’s Group Policy Objects take precedence over the user’s normal settings. Wait a minute! That looks more like what I want!! So what’s the difference? To find that answer, I dug in the Microsoft KB. The Win7 description of the setting wasn’t very useful, but the WinXP description of the setting was the key to my complete understanding. Quoted here for posterity (the key is bolded): Merge Mode:In this mode, when the user logs on, the user’s list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer’s location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer’s GPOs to have higher precedence than the user’s GPOs. In this example, the list of GPOs for the computer is added to the user’s list. Replace Mode:In this mode, the user’s list of GPOs is not gathered. Only the list of GPOs based on the computer object is used. So when do you want to use Replace mode? A quick scenario might be at a lab computer at a school that allows users to login with their AD credentials instead of using the auto-login account. You may not want the settings that you allow to be loaded at a user’s office computer to be pulled down to the lab computer.
During my adventures with Salt Stack, I wanted a more robust way to configure and maintain the AD Bind configuration on my Apple computers. To solve this, I have created a module to wrap dsconfigad calls and made it available on GitHub. If you want to know how to use it, check out the wiki. If you have issues with dsconfigad, please use the issue tracker. General questions and comments can be made here and I’ll get to them as I can. Tested on: 10.8.4
I have been in IT for over 15 years. most of that tenure has been managing Windows – mostly in the Desktop/Laptop realm. This means that I’ve got a lot of experience with AD, GPO, SCCM, scripting, etc. Recently, I took over the management of Apple Desktops/Laptops for the organization that I work for. Before now, Apples were the outlier — just give the user admin rights and good luck. Now that it’s my purview, I’m opting for more centralized management technique. Something to, as closely as possible, mimic GPO (for managing settings) and SCCM (for managing software) for Windows. This is where Salt Stack and Munki come into the picture. Those names kind of sound like a couple of lame superheroes, right? /snicker Note: I don’t have a lot of experience with Munki (yet!) because I’ve got one of my people working on it. That’s right, I’ve got people! Salt Stack What is Salt Stack? Honestly, SaltStack wasn’t my first pick. I tried out Puppet and it worked great! So why did I switch? Puppet is not a complete product for what I want to do, and I want to contribute and help fill the gaps. Frankly, the shortcoming was that I don’t know Ruby and have no desire to learn Ruby. Nothing against Ruby … I just didn’t want to learn yet another language to accomplish this task. Especially, if there is something written in a language I know. I quickly turned my head towards Salt Stack, written in Python. In an afternoon, I had a Salt Master up on Debian and Apple OS X.8.4 connecting to it and ready for commands. I’ve since written a couple of modules/grains/scripts for Salt Stack to help me accomplish what I’m doing. You can keep up with the running list of my Salt Stack programming projects my Salt Stack tag filter.
I previously posted about tweaking the Firefox install to prevent the Mozilla Maintenance Service from installing. Ph0neutria asked an off topic that intrigued me, so this is the answer to that. My solution installs a particular version and language of Firefox. If the language is not specified, it will check for a current install and match that language, defaulting to en-US. https://gist.github.com/VertigoRay/6091281 Note: You’ll want to sign the code so you can run it without changing the execution policy to unrestricted. Sample Usage: InstallFirefox.ps1 22.0 InstallFirefox.ps1 22.0 ‘es-ES’ I know the code isn’t commented, but I just use the `Write-Debug` lines as comments. To see the debug output, you’ll need to set the DebugPreference variable: $DebugPreference=’Continue’ Thought about, allowing “latest” for the version, but that would be a bit more complex since you would have to parse the page to get the version number from the latest version. Not dificult, but beyond the scope of this solution.