Macintosh information for Altiris is a little sparse and I've often been left in the cold with questions. Hopefully this article will help guide those who are trying to get Macs to show up in the Deployment Console.
Getting a Mac into the DS allows you to have control over the machines, copy files to them, and see their inventory.
Also included in this article is how to install the NS Agent (Altiris Agent) on a Mac. Our environment is very unique; we run mostly PCs but do have quite a few Macintosh machines (300 or so) that handle graphic design tasks so I get quite a bit of exposure to them.
Page 260 of this pdf covers the DS agent for Mac.
Before We Begin
When I first started working on Macintosh machines and getting them into the DS I ran into issues with my two test machines going into a reboot cycle no matter what command I tried to perform from the DS. After upgrading the OS from 10.4.6 to 10.4.11 this issue resolved itself and I was then able to send files and reboot/power down the machines.
At Least One Macintosh
First things first, you need at least one Macintosh to get this to work obviously. Next you're going to need the Altiris ADLAgent, with my Mac OS 10.4.11. I'm using the latest package called "altiris-adlagent-2.6-38.Darwin." The first thing you need to do is get this package from your DS, the default location should be eXpress\Agents\ADLAgent.
In order to get to this location from a Mac you need to go to the Mac and go to the "Go" menu and select connect to server or use the keyboard shortcut "Command+K". Next you need to type in "smb://servername" sans quotes. This tells the Mac that you want to use SMB rather than the Apple default of AFP.
If all goes as it should, a dialog should pop up asking you for credentials. Login with an account that has access to the eXpress share. I used my Active Directory account to sign in.
Next you should see a dialog with a dropdown asking you what share you would like to mount, select the eXpress share and click OK. This should put a shortcut on the Mac desktop to the eXpress share but it will also go ahead and open a window with the contents of the eXpress folder.
Navigate to the Agents folder and then to the ADLAgent folder and inside you should find the altiris-adlagent-2.6-xx.Darwin files. Any of these files that end with .Darwin you can use, but as previously mentioned, I am using 2.6-38 for this article. 2.6-38.Darwin.zip is the agent for Mac, power pc.
Go ahead and drag that file onto the Mac desktop and double click it. Double clicking will result in a .PKG file being put on the desktop with the exact same name as the .ZIP file we just expanded.
If you want to save some time (as I know most admins do!) you should put this .PKG file on a thumb drive and save yourself the trouble of SMB mounting the eXpress share on all of the Macs you want to get into the DS.
You will get a series of dialogs that you should be able to click through; the installer will prompt once for the IP of your deployment server, enter it and continue. You will receive one final prompt for an IP address of a server that can be used to netboot clients. Netbooting is a little outside the scope of this article but it is something I have done before. If anyone needs some documentation on netbooting or Mac imaging, send me a message. I usually leave the box blank and click ok. If you need to add an IP for a netboot server, I will show you where to edit the config file later.
A few minutes after the install finishes, you should be able to look in the DS and see your Mac now. Give it a test by right-clicking on the Mac and selecting Power Control > reboot to make sure it's working. Give it a few seconds and the Mac should reboot and come back with no hitches. One note is that you should go to System Preferences > Sharing and make sure Apple Remote Desktop is enabled and make sure sleep under System Preferences> Energy Savings is disabled as it instructs in the installation requirements. While you're in the system preferences you can also go ahead and make sure that "Remote Login" is checked. Remote login is what allows the NS to do agent update jobs etc on the Mac.
You can now view the inventory of the Mac, power control it, and even copy files to it.
A word of advice on copying files from a PC to a Mac: Let's assume you have a folder named "Test" with 2 text files and one subfolder inside of it. When you setup the details of the copy file, you need to define the path of the files on the Mac absolutely, meaning you need to include the folder name on the end of your destination path, for example: I want to copy my Test folder and all its contents to the Mac desktop. I would copy them from my DS, let's say C:\Program Files\Altiris\eXpress\ to /Users/Username/Desktop/Test and make sure you check "Copy Directory" and also "Copy all subdirectories". If you leave the /Test off the end of the path you're going to get 2 text files and a subfolder directly on the Mac desktop. Also know that it doesn't play well with spaces.
Now, as I said earlier, I will cover modifying a few of the default things that happen when the ADLAgent is installed. Located in /opt/altiris/deployment/adlagent/conf there is a file named "adlagent.conf." I prefer to edit my configuration files from command line, I just find it easier. With your Terminal open (Macintosh HD > Applications > Utilities > Terminal.app) you can do "cd /" this puts you in the root of the hard drive.
Next you should CD to the directory I mentioned above by doing "cd /opt/altiris/deployment/adlagent/conf". If you get an error about unknown you can try just moving up one folder at a time, i.e- "cd opt/" then "cd altiris/" etc until you are at the correct directory. Once you are in the conf directory you can use a text editor such as nano to edit the adlagent.conf file. The command you want is "sudo nano adlagent.conf". Don't forget to use sudo as we want to have permission to save this file once we are done editing it. If you happen to be on an older version of Mac OS X then you might have to substitue "pico" for "nano" as the text editor, they function exactly the same.
Your bash (Bourne-Again Shell) terminal will be taken over by the text document adlagent.conf. You can use the arrow keys to scroll down through the document and read the comments which, as usual, are indicated by "#" prefixing the sentence. At the bottom of this file you can see the setting for updating the IP address of an OSX Server serving netboot images. If you modify or uncomment settings in the file as you can CTRL+O to save it, it will prompt you for a filename and will already be named the current file name, you can just hit enter and it will save. The carets at the bottom with the letters show you controls for editing, the caret indicates the Control key.
Another thing you will want to change in the adlagent.conf is the saving location of the aclient.log incase you need to troubleshoot. By default and I'm not quite sure how this happened; the aclient.log can be found in the /opt/altiris/deployment/adlagent/bin folder under "C:\Program Files\Altiris\Aclient\AClient.log". This does actually get saved into the bin folder with a filename similar to "C\/Program Files\/Altiris...." You can see below I have adjusted it to save in the log folder under aclient.log.
In the next screenshot you can see Aclient.log successfully created in the log folder.
If for some reason you need to uninstall the ADLAgent from a Mac, there is an uninstall script in /opt/altiris/deployment/adlagent/bin. Easiest way to uninstall is to open the Terminal (Applications > Utilities > Terminal.app) and type in "sudo sh /opt/altiris/deployment/adlagent/bin/uninstall.app" sans quotes. This will prompt you for root password and after providing it, the uninstaller will start. If you are having trouble with this you can open Terminal and use the cd or change directory command "cd /opt/altiris/deployment/adlagent/bin". Then try "sudo sh ./uninstall.app" and see if that helps.
If you're like I used to be then you might be a little confused when you see some of these commands or paths prefixed with "./". Don't worry about that, most of us are used to Windows or DOS which automatically searches the current directory for a file or command. Unix which is at the heart of Mac OS X does not function this way. If you want to run something in the current directory, then you need to prefix it with a ./ which tells it to first look in the current directory.
After running the uninstall.app with the above commands you will be presented with this dialog:
Click OK and you will be presented with several dialogs that have OK buttons, it is unnecessary to click these. Once the uninstaller finishes the ADL Agent should be no more. That about covers it for the deployment agent for Mac, let's move on to the NS Agent.
Before we actually begin installing the NS Agent there are a few things on the Mac that we need to do first. You will need to make sure that the root user account is enabled and had a decent password. You can enable the root user and assign a password by going to the NetInfo Manager found in "Macintosh HD > Applications>Utilities"
With the netinfo manager open, you will want to go to the "Security" menu and the drop down to "Enable root user"
You will then receive a notification that the root users password is currently blank and that you need to assign a password. Click OK and a dialog will come up where you need to input your new root user password twice and click OK. Please be cautious with what you pick as your password, the root user the end-all, be-all user with access to everything. We also keep the root password of all of our Macs the same so that if we ever need to do admin tasks to them, we know what the password is.
If for some reason you have a Mac and the root user password has already been set and you do not know what it is, don't worry, nothing a little terminal knowledge can't take care of. Open the Terminal and you want to use the following command "sudo sh" it will prompt you for your current user account password, unless you've recently issued a sudo command and given it your password. Type in your password and you will receive a shell (sh) prompt. From the sh# prompt type in "passwd root" it will ask for a new password, enter it, then enter again to confirm and bang, new root password for you my friend. Type "exit" to back out of the sh# prompt.
There are 3 ways to install the NS Agent; the push install, the pull install, and the manual install. Although the pull install and manual install are considered two different methods, in this case they are pretty much identical. Assuming you have the Altiris Agent for Mac solution installed the first method which is the Push method.
In console 6.0 go to the "Configuration" tab and then on the left pane menu expand "Altiris Agent" then expand "Altiris Agent Rollout" and there is a task there called "Altiris Agent Installation". In console 6.5 click "Configure> Agents> Agent Push". You should have a tab in the right pane window called "Install Altiris Macintosh Agent", click it. You should be presented with a list of computers, you can click "OsName" to arrange them into their respective OS versions. From this list, select the computer you wish to push to and click "Install Altiris Agent". A dialog should come up confirming your intent to install the Altiris Agent on the selected computer. It will finish after a moment and you should be all set.
If you click on "Install Settings" you will notice there is an area where you can define the username and password used to connect to the Macs
The next method which is the pull method involves browsing to the page listed in the same area we were just in. On the target machine you want to browse to this page and follow the directions. The page instructs you to download a file called bootstrap.Z. The page also gives you a set of commands to run from the Terminal. You can download the bootstrap.Z file and place it on the root of the hard drive and then open terminal, and execute the command "uncompress aex-bootstrap.Z && chmod u+x aex-bootstrap && sudo ./aex-bootstrap http://your-ns-server.dotted.domain." The && characters in this command act to chain the commands together so that you don't have to do each one separately. Remember to replace "your-ns-server.dotted.domain" with the name of your NS server and domain name with the dots.
Running the above command should take care of the NSAgent install. There is no reason to explain the manual installation since that is what you just did. If you want to get technical, a pull install would be if you pulled the bootstrap.Z file from the website and installed it with the commands versus a manual install would be getting the file from a thumb drive or other method and installing it but that is splitting hairs. If you need to get the bootstrap.Z file it should be located at "\\NS_Server\nscap\bin\mac\agent".
I hope this information helps everyone corral those Macs and keep better tabs on their environment. If you're looking for some more Mac information Kbuller posted an article on the Juice located here that covers some scripts you can run with remote desktop to accomplish some things.