Deploying Mac OS X 10.5.x With BootCamp - Part 1
Recently we deployed 110 MacBooks to faculty and students in our school. We did not escape the process unscathed, and instead came away with a few process items that I want to pass along to others. We looked at using Deploy Studio to automate our imaging process. We also looked a Clonezilla which has worked really well on our Windows deployments in the past. Clonezilla will take an exact copy of your drive, and replicate it of other drives of similar size, as you might expect. We chose Deploy Studio for the additional post imaging scripting that was available. You can build up a workflow that will automatically bind the OS X partition to AD, and to OD, reset the LKDC, and deal with the byHost preferences, along with numerous other thngs.
Setting up Deploy Studio was fairly straight forward. We have an OS X server that was able to perform the role of our NetBoot server. From there, Deploy Studios setup assistant pretty much configured everything cleanly for us.
We built up our perfect image, with OS X 10.5.8 and BootCamp providing us with a Windows XP SP3 partition. Capturing that data with Deploy Studio was simple, and we were off to the races. Or so we thought. Off our 110 machines, all of them had “dirty” NTFS partitions pushed down to them by Deploy Studio. About one-third of those machines ran ChkDsk in less that a minute and then booted up into Windwos Setup with no issues. The other two-thirds of our machines had issues with security descriptors. After more than an hour of ChkDsk repairing these descriptors, the machines would beet into setup and complain that ther were missing or corrupt files. I spent an additional hour with 2 machines and some XP SP 3 CDs trying to locate missing files. I never got the Windows partition into a fully bootable state. Clearly something was very wrong, but what was it, and why was it affecting us so inconsistently?
We found that if we reimaged the failed machines, we would have roughly the same failure rate, but we would have more machines done. We also at this time employed Clonezilla to bang out a number of machines, that would need subsequent handling from us to perform all that we were asking Deploy Studio to script for us.
Ultimately we got the image deployed to all 110 machines, but ended up with a great number of problems with our workflow (particularly on the manually configured Clonezilla machines) We also had a disaster of a time getting the students logged in to the machines, which ultimately led us to a second imaging which I will talk about in Part 2 of this article.
Macintosh OS X - Active Directory Integration
Having an interesting issue with and OS X/AD integration. I have a Windows 2003 domain with many servers. I also have an OS X server running Open Directory. The OS X server is bound to AD, and all of the Macintosh clients are bound to both AD and to OD. This forms Apple’s “Golden Triangle” and allows users to login to a Mac using their AD credentials, while allowing you to specify “preferences” for the machine via the OD server. These preferences can be though of as Group Policies for Macs, however they are nowhere near as detailed as the catalog of settings you can enforce using Group Policy on the WIndows side.
Anyway.. I have a small issue with this system, and I am not yet certain where it comes form. My users all have a home directory mapped to the drive letter P:. This is specified in their AD accounts in the form of \\fileserver\users\students\user_name.
Recently, during a MacBook deploy to a small group of students I discovered that none of them could log in… or more specifically, they were able to log in, but received a message as the Mac tried to mount the sharepoint. I don’t have a copy of the message here, (its on my desk at work) but essentially it said that the sharepoint was not available. The students clicked OK to this and the machine proceeded to log them out.
A head scratcher indeed.
The machines are also running BootCamp with WIndows XP, and the students were able to log in and access their mapped drive under XP… so what gives. Also… I was able to login to a student computer as myself and get my network home folder mapped to my dock.
With a little bit of thinking, and some experimentation by one of my coworkers, we discovered that if we used the server’s correct hostname, rather than the generic “fileserver” CNAME that had been assigned to the machine, the student’s could log in.
None of this explains why for the past week we have had faculty (who have little more in the way of privileges than the students) able to log into their newly deployed Macs, pulling their network home form the same server, using the same CNAME, with absolutely no problem.
I can see that I will need to do a good bit of testing to see just what permission level the faculty has, that grants them access to the fileserver by it’s CNAME record rather than by it’s A record. It would make sense to me if this failed for users, but that it only effects a subset of them makes me wonder what kind of magic is working behind the scenes.
I will update this as I come up with more info.
Picton Castle - 10 years later
Walked on the decks of Picton Castle today. It’s been years… ten years in fact, since I last set foot on her decks. It was an interesting experience. Dan is the only person on board that was there when I was on board. The ship was much the same, and yet, much changed in the small details. Parts of the ship had been painted different colors, the blocks had been replaced by ornately carved blocks. Other differences too. The stove is now diesel fired, rather than coal, the engine room is cleaner than ever before, (but the engine still leaks oil in all the same places.)
I looked longingly at the ship, knowing that I am not likely to get a chance to sail on her again. Certainly not around the world again.
In Boston - Whipple Hill Users Conference - 09
I am in Boston. Home. It’s pretty great to be home. It’s even better that work paid for me to come home this summer. I will have to see if I can make that work out again in the future. I am here because we use Podium from Whipple Hill to generate our web content and to manage our student information system. It’s OK. It has it’s quirks. The conference is designed around orienting us to Podium and learning the tricks to make it do what we need it to do.
One of the most exciting things I will take home with me, (home on the West coast, not in Boston) is the idea that Social Media is something we, (the school) have absolutely no control over. Run a Google query similar to this: “My Company Name” -mycompany.com and tell me what you find. The query, for those of you who don’t use the advanced features of Google, will provide you with all the Google indexed content that mentions your company by name, yet doesn’t come from your company’s website. See… people are talking about you in ways you have zero control over. Well… the only way in which you can control this type of interaction is to behave ethically as an organization. If you do this, people will talk positively about you. If not… not so much.
You can check out what people are saying about the conference on Twitter.
Subway
It has been years since I last rode the subway. Seattle doesn't exactly have one, and neither does Tacoma. Last time I did this, people either read a book or listened to their walkman. I look around today and see that nearly everybody is listening to an iPod, phone, and tapping away on a phone of some sort. I guess that puts me in sync with everybody else around me.
Media has taken over our lives. It occupies our work lives, our personal lives, and even the spare cycles in between.
