or Connect
AppleInsider › Forums › Software › Mac OS X › Inside Mac OS X 10.7 Lion Server: remote lock, disk wipe and administration
New Posts  All Forums:Forum Nav:

Inside Mac OS X 10.7 Lion Server: remote lock, disk wipe and administration

post #1 of 37
Thread Starter 
In Mac OS X Lion Server, Apple brings iOS-like remote management features to the Mac, including "Find My Mac," remote wipe, and remote software and profile settings via push notifications.

Find and destroy my Mac

A related "Find My Mac" feature is rumored to be present on Lion in a developmental status (showing up as the FindMyMacd process), allowing users to remotely locate a missing notebook, for example, just as they can already use to locate an iPod touch, iPhone, or iPad.

A Lion Mac using a File Vault encrypted disk, just like the hardware encrypted iPhone 3GS and later iOS devices, will also facilitate remote wipe features similar to those that are already in place for mobile devices tied to MobileMe, enabling a user who has lost his or her MacBook to remotely destroy its contents before malicious thieves could even attempt to recover data from it.

While Apple hasn't yet officially revealed plans to add remote find/wipe/lock services for Lion Macs in MobileMe, it is clear that such a service will be available to Lion Server administrators, enabling them to remotely wipe or lock devices bound to the organization's Directory Server via Profile Server.



Lion Server Profile Manager for remote configuration

Additionally, the discovery of a new Uninstall.framework indicates that new Profile Server remote management tools (a feature of Lion Server for both Mac and iOS clients) will enable network administrators to remotely manage the software installed and removed on an organizations' machines, in addition to managing profiles (configuration files that are currently used to set up new iOS devices, and will in the future be used to set up Lion Macs).

While some of these tasks (including remote software installation) are already possible using Apple's Remote Desktop, the new web based Profile Manager in Lion Server promises to serve as a powerful remote administration solution that will allow companies to manage their mobile iOS devices and Macs using the same tool.

Apple says that its new Profile Manager "delivers simple, profile-based setup and management for Mac OS X Lion, iPhone, iPad, and iPod touch devices. It also integrates with your existing directory services and delivers automatic over-the-air profile updates using the Apple Push Notification service."

This indicates that the Apple Push Notification service foundation support discovered in Lion is not just used by FaceTime, but will also be used to update configuration information for enterprise users. For example, a company could upgrade its security policy for local WiFi networks and then push this configuration change to all of its iOS and Mac users for immediate installation.

post #2 of 37
I hope someone can clear up a question I have

On Apple's Lion page, it says Server is part of Lionwhat does this mean? Can you enable the server features through system preferences even if you don't buy a version that specifically says "server" on it?

If that's right, I'm excited to experiment with it!

(I'd clear this up myself but I don't have access to the beta.)
post #3 of 37
@autism

Mac os x Lion and Mac os x Lion Server are now combined....... which means that you will not have to buy a server edition of Lion.

You enable the server in the preference pane on Lion.
Apple!

Think Different
Reply
Apple!

Think Different
Reply
post #4 of 37
Thank you much, @MobileMe!
This summer should be a very fun one.
post #5 of 37
@MobileMe
are you sure about this? it would be really great fun to have server as an option without buying server software separately.

my way or the highway...

Macbook Pro i7 13" with intel SSD 320 series and 8GB RAM, iPhone 5, iPad 3 (Retina)

Reply

my way or the highway...

Macbook Pro i7 13" with intel SSD 320 series and 8GB RAM, iPhone 5, iPad 3 (Retina)

Reply
post #6 of 37
Quote:
Originally Posted by cutykamu View Post

@MobileMe
are you sure about this? it would be really great fun to have server as an option without buying server software separately.

It's on Apple's Lion page.
post #7 of 37
Quote:
Originally Posted by _Hawkeye_ View Post

It's on Apple's Lion page.

i see it now, thanks.

my way or the highway...

Macbook Pro i7 13" with intel SSD 320 series and 8GB RAM, iPhone 5, iPad 3 (Retina)

Reply

my way or the highway...

Macbook Pro i7 13" with intel SSD 320 series and 8GB RAM, iPhone 5, iPad 3 (Retina)

Reply
post #8 of 37
Quote:
Originally Posted by autism109201 View Post

I hope someone can clear up a question I have

On Apple's Lion page, it says Server is part of Lionwhat does this mean? Can you enable the server features through system preferences even if you don't buy a version that specifically says "server" on it?

If that's right, I'm excited to experiment with it!

(I'd clear this up myself but I don't have access to the beta.)

While the OS install is part of the same image, no one is really sure if you server features are optional add-ons or require a full re-install. Currently, it's the latter, though I think the former would be much easier in the long run for end-users to handle.
post #9 of 37
While the encrypted disk and remote wipe sound cool, this ignores File Vault's existing limitations. Every new Mac entices the owner to enable File Vault without warning them that this will make incremental backups impossible, including with Time Machine. Add to that the risk of complete data loss if a single sector of the encrypted volume is corrupted.

I hope Lion includes a Time Machine update to allow incremental backups of the encrypted disk. Otherwise this is just adding salt to the wound.
post #10 of 37
Quote:
Originally Posted by dagamer34 View Post

While the OS install is part of the same image, no one is really sure if you server features are optional add-ons or require a full re-install. Currently, it's the latter, though I think the former would be much easier in the long run for end-users to handle.

Ah, I see! Either way, it should be easy enough to set up as a server when you do the initial setup, right? I mean, if you're already upgrading your computer, you would think users wouldn't mind a little extra time to make it server, even if you do need a full reinstall.
post #11 of 37
Remote wipe....that won't come back to bite them if they release it to John Q Public.
post #12 of 37
Quote:
Originally Posted by markb View Post

Remote wipe....that won't come back to bite them if they release it to John Q Public.

Couldn't you get Apple Remote Desktop if you were "John Q Public" anyway?
You would think that remote wipe requires some type of authentication on both server and client.
post #13 of 37
Its great to see OS X going places. Great article series too! I just noticed the Inside Mac OS X 10.7 Lion link at the bottomthe best single source for Lion info: http://www.appleinsider.com/topics/I...OS_X_Lion.html
post #14 of 37
Quote:
Originally Posted by MobileMe View Post

@autism

Mac os x Lion and Mac os x Lion Server are now combined....... which means that you will not have to buy a server edition of Lion.

You enable the server in the preference pane on Lion.

You know, I actually thought this was the way Apple was heading with Mac OS X Server. With the server functionality built into all Macs it would mean you could set up centralised iTunes etc and share all the data with iPads and iPhones.

It started to make sense when Apple release Apple TV 2 and the new Mac Mini Server. DHCP isn't really an issue with that largely being handled by the wireless routers and if they implemented some sort of Citrix style remote application running you could Remote Desktop into the Mac and run applications that require a desktop app not available on the iPad yet like internal software.

I'm really looking forward to seeing what Apple does over the next couple of Mac OS X releases. I do think they will kill off Server and implement more of Server's features into the desktop OS and make servers easy.

Apple doesn't do enterprise because there is no money to be made in the enterprise market. There are many that would disagree but the enterprise market is generally tighter than a virgin on her wedding day. They hate spending money and Apple likes to find markets that do like to spend money.

That's the consumer market (rather apt name really) and when you look at the consumer market they are not all that tech savvy so making a really powerful OS super simple to use will allow Apple to roll in new features that will make a truly interconnected world like in the sci-fi movies we see.

I can't wait. It is going to be an interesting 5 years.
post #15 of 37
Quote:
Originally Posted by lowededwookie View Post

I can't wait. It is going to be an interesting 5 years.

In 5 years we con't be running anything more than a terminal to the Apple server farm, cloud if you like.
post #16 of 37
Quote:
Originally Posted by K.C. View Post

In 5 years we con't be running anything more than a terminal to the Apple server farm, cloud if you like.

If there was the remotest chance of being able to hold you to that thought, I would. In 5 years I intend to still be using my existing Macbook air and iMac, personally speaking....
post #17 of 37
Quote:
Originally Posted by MobileMe View Post

@autism

Mac os x Lion and Mac os x Lion Server are now combined....... which means that you will not have to buy a server edition of Lion.

You enable the server in the preference pane on Lion.

Not quite so easy, you do have to specifically add the software via a custom install during the initial install process. There might be a way os subsequently adding it to the install from teh CD (USB disk/whatever it is shipped on) but the application installer method for the Dev Preview cannot be used to add it post-install. I forgot to check it, and need to re-install to get at it. After this, the features probably appear in the Pref panes.
post #18 of 37
Quote:
Originally Posted by freediverx View Post

While the encrypted disk and remote wipe sound cool, this ignores File Vault's existing limitations. Every new Mac entices the owner to enable File Vault without warning them that this will make incremental backups impossible, including with Time Machine. Add to that the risk of complete data loss if a single sector of the encrypted volume is corrupted.

I hope Lion includes a Time Machine update to allow incremental backups of the encrypted disk. Otherwise this is just adding salt to the wound.

Because it is "whole disk" the OS is effectively unaware that is is encrypted. TM will now work happily. See the other thread more specifically on Encryption for more commentary
post #19 of 37
I can see 'Find My Mac' working through the network but a GPS chip in MacBooks would add even more power to that feature. Given all the the other goodies coming from the iOS /iPhone side I wonder if the GPS chip might also make it.
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
post #20 of 37
All sounds very nice, but as there's no rack servers any more what is any serious person going to run this on? Fine there are a lot of smaller organisations that can get away with having it on a Mac pro. But all companies plan to grow and Apple's currently saying if you grow you need to switch to something else, which makes me wonder why you would invest in it in the first place.

Quote:
Originally Posted by stuffe View Post

In 5 years I intend to still be using my existing Macbook air and iMac, personally speaking....

If you had a 5 year old iMac or Macbook now then it wouldn't run snow leopard. Some 5 year old software won't even run on snow leopard. So in 5 years time I would say your iMac and Macbook Air will be useless for anything new, not to mention the battery in your Macbook Air unless you get it replaced will be dead by then. They'll still be nice machines but Apple make all their money from selling new hardware and traditionally care very little about supporting anything over 3 years old.
post #21 of 37
I hope there is a way to turn this crap off. All I need is another useless daemon (FindMyMacd) eating resources on my desktop. WTF Apple? If we continue like this, we'll end up with the same experience as Windows. First thing you do after unpacking the computer is re-install OS or clean up all the shit that's preinstalled on it.

Mac Pro, 8 Core, 32 GB RAM, nVidia GTX 285 1 GB, 2 TB storage, 240 GB OWC Mercury Extreme SSD, 30'' Cinema Display, 27'' iMac, 24'' iMac, 17'' MBP, 13'' MBP, 32 GB iPhone 4, 64 GB iPad 3

Reply

Mac Pro, 8 Core, 32 GB RAM, nVidia GTX 285 1 GB, 2 TB storage, 240 GB OWC Mercury Extreme SSD, 30'' Cinema Display, 27'' iMac, 24'' iMac, 17'' MBP, 13'' MBP, 32 GB iPhone 4, 64 GB iPad 3

Reply
post #22 of 37
I wonder how hard it would be to also add GPS in the Mac Notebook lines. This would make retrieval much easier if someone lost or had their notebook stolen. It can't cost too much as it is built into my Panasonic Lumix camera. It would be a welcome item to have to a more precise "Find my mac" feature. It would make the computer a bit more useful for location aware apps too.
post #23 of 37
Quote:
Originally Posted by djmikeo View Post

I wonder how hard it would be to also add GPS in the Mac Notebook lines. This would make retrieval much easier if someone lost or had their notebook stolen. It can't cost too much as it is built into my Panasonic Lumix camera. It would be a welcome item to have to a more precise "Find my mac" feature. It would make the computer a bit more useful for location aware apps too.

Would be largely pointless if you ask me, while notebooks etc are portable, I still like to think of them more as "transportable", as in I move it from the office, to home, to mym Mums house etc, but never actually on the go (I know other people's usage varies) and GPS reception in buildings is usually no better than IP address tranaslocation.

My non-3G/GPS iPad it found to within a few meters of my iphone when they are both next to each other indoors and I track them down.
post #24 of 37
Quote:
Originally Posted by MobileMe View Post

@autism

Mac os x Lion and Mac os x Lion Server are now combined....... which means that you will not have to buy a server edition of Lion.

You enable the server in the preference pane on Lion.

I wonder how this is going to affect the Mac Mini since there is a separate Mini server.
ADS
Reply
ADS
Reply
post #25 of 37
Quote:
Originally Posted by sequitur View Post

I wonder how this is going to affect the Mac Mini since there is a separate Mini server.

Also a separate Mac Pro Server. Likely won't affect either of them, particularly the Mini. I also don't believe they'll still be selling the Mac Pro Server by Lion's release.
post #26 of 37
Quote:
Originally Posted by sequitur View Post

I wonder how this is going to affect the Mac Mini since there is a separate Mini server.

There will still be a need for a Mini without an Optical and with a 2nd Drive.
post #27 of 37
Quote:
Originally Posted by sequitur View Post

I wonder how this is going to affect the Mac Mini since there is a separate Mini server.

If anything, many people will "play around" with Lion server and then decide to get a Mac mini server.
post #28 of 37
Quote:
Originally Posted by sequitur View Post

I wonder how this is going to affect the Mac Mini since there is a separate Mini server.

Thunderbolt too hopefully.
Then we can have true high speed external storage.
It should also allow the addition of additional Gbit ethernet ports
post #29 of 37
One of my biggest pet peeves with Snow Leopard is that you can't Remote to another Mac and use it without the remote-controlled Mac's screen being fully visible and anyone being able to walk up to it and mess with your session.

I hope they fix this in Lion so that you remote desktop to a machine, that machine's screen is blanked and locked, like it is under Windows. This is one of the few things MS got right that Apple has consistently failed at.
post #30 of 37
Quote:
Originally Posted by zorinlynx View Post

One of my biggest pet peeves with Snow Leopard is that you can't Remote to another Mac and use it without the remote-controlled Mac's screen being fully visible and anyone being able to walk up to it and mess with your session.

I hope they fix this in Lion so that you remote desktop to a machine, that machine's screen is blanked and locked, like it is under Windows. This is one of the few things MS got right that Apple has consistently failed at.

Apple already fixed it. It's called Apple Remote Desktop and its available on the Mac App Store.
post #31 of 37
Quote:
Originally Posted by lowededwookie View Post

Apple doesn't do enterprise because there is no money to be made in the enterprise market.

So if some corporate employees asks their IT department why they can't have Macs , would it be ok for that IT department to quote your explanation above?

Mac fans like to explain away Apple's lack of enterprise support. But these same Mac fans then berate corporate IT departments for not supporting Macs more. You can't have it both ways.
post #32 of 37
Quote:
Originally Posted by Haggar View Post

So if some corporate employees asks their IT department why they can't have Macs , would it be ok for that IT department to quote your explanation above?

Mac fans like to explain away Apple's lack of enterprise support. But these same Mac fans then berate corporate IT departments for not supporting Macs more. You can't have it both ways.

Your comment makes no sense and is typical of many forum members who love to remove context.

I said Apple doesn't do enterprise in the sense that they don't concentrate on that market because there is no money to be made. How is this difficult for you to understand?

It is up to IT departments to allow Macs on the networks not Apple so you clearly have no idea what you are talking about.

When you have IBM, HP, Acer, Dell all giving corporate deals that Apple essentially can't match what do you think the bean counters are going to go for? Therefore my statement stands.

What users want and what users get in the corporate world are always two different things but then you'd know that if you had done anything in corporate IT. Look at where Macs are relegated to in corporate IT... generally the graphics departments or website testing. Rarely are they used for day to day work.

This is not a failing of Apple's it's a failing of the corporates because they are too blind to see that Macs have lower TCOs than PCs and yet all they look at is how much Macs initially cost.

Apple chooses not to actively go into the enterprise market because it's just so difficult to get stupid IT managers to Think Different.

If enterprise were intelligent they would spend the higher upfront costs and go Apple and make that money and more back in the lack of support costs but when you're controlled by the beanies and blaming it on shareholders then the lack of foresight comes to play.

I've just come out of working for a corporate IT support company who themselves are a corporatation and I've seen it first hand. When your customers have better IT equipment than an IT outfit and your customer's machines are crap then you can understand how pathetic the enterprise market really is. Hell, our machines were secondhand from some of our customers.

And you think Apple is going to make inroads with companies like that? Keep dreaming.
post #33 of 37
Quote:
Originally Posted by Haggar View Post

Mac fans like to explain away Apple's lack of enterprise support. But these same Mac fans then berate corporate IT departments for not supporting Macs more. You can't have it both ways.

IT departments don't like to support Macs out of self-preservation. Supporting Macs would threaten their job security.
post #34 of 37
Quote:
Originally Posted by lowededwookie View Post

I'm really looking forward to seeing what Apple does over the next couple of Mac OS X releases. I do think they will kill off Server and implement more of Server's features into the desktop OS and make servers easy.

Apple doesn't do enterprise because there is no money to be made in the enterprise market. There are many that would disagree but the enterprise market is generally tighter than a virgin on her wedding day. They hate spending money and Apple likes to find markets that do like to spend money.

You also have to consider that, by essentially giving away a server class OS, Apple is severely undercutting the Windows Server market. M$ charges a premium for their offering, with expensive seat licenses, rendering the cost of the server hardware almost immaterial. Yes, Linux has been an alternative, but Apple is making servers easy. Linux still requires a gearhead IT guy, or paid support.
post #35 of 37
Quote:
Originally Posted by lowededwookie View Post

Your comment makes no sense and is typical of many forum members who love to remove context.

I said Apple doesn't do enterprise in the sense that they don't concentrate on that market because there is no money to be made. How is this difficult for you to understand?

If it's ok for Mac fans to use that as an explanation for Apple lack of enterprise support, then it should also be ok for IT departments to use that as a reason for not buying more Macs. After all, don't companies want to buy from vendors that understand and support their market?
post #36 of 37
Quote:
Originally Posted by Haggar View Post

In order for IT departments to invest heavily in Macs, they need to know that they will get the proper support from Apple. And Steve Jobs saying things like "enterprise is not our customer" is not very reassuring. Given Apple's attitude toward enterprise customers, do you think companies will fall over themselves to buy Macs? So don't make the IT departments out to be the total bad guys. There is plenty of blame to go around. But all the end user sees is their IT department telling them no, and people on forums like these putting the sole blame on the IT departments.

That's not true at all. Apple offers great support for enterprise markets, they just don't have special divisions for those customers. In other words Apple treats enterprise customers no different to their consumer customers who they already treat with high regard.

IT's perception of what Apple supplies is wrong and that can be seen with their recent announcement for the Apple Stores.

Enterprise like to be treated differently to everyone else but Apple doesn't care. They offer the same level of service to all. If the Enterprise was willing to spend $500/year then they get priority treatment but if they don't then they get the same as everyone else.
post #37 of 37
Quote:
Originally Posted by lowededwookie View Post

That's not true at all. Apple offers great support for enterprise markets, they just don't have special divisions for those customers. In other words Apple treats enterprise customers no different to their consumer customers who they already treat with high regard.

IT's perception of what Apple supplies is wrong and that can be seen with their recent announcement for the Apple Stores.

Enterprise like to be treated differently to everyone else but Apple doesn't care. They offer the same level of service to all. If the Enterprise was willing to spend $500/year then they get priority treatment but if they don't then they get the same as everyone else.

Apple has chosen to address enterprise sales and support using a third party (Unisys). This approach works better then Apple trying to tailor its operations to deal with the enterprise.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Inside Mac OS X 10.7 Lion Server: remote lock, disk wipe and administration