Inside Mac OS X 10.7 Lion Server: remote lock, disk wipe and administration

Posted:
in macOS edited January 2014
In Mac OS X Lion Server, Apple brings iOS-like remote management features to the Mac, including "Find My Mac," remote wipe, and remote software and profile settings via push notifications.



Find and destroy my Mac



A related "Find My Mac" feature is rumored to be present on Lion in a developmental status (showing up as the FindMyMacd process), allowing users to remotely locate a missing notebook, for example, just as they can already use to locate an iPod touch, iPhone, or iPad.



A Lion Mac using a File Vault encrypted disk, just like the hardware encrypted iPhone 3GS and later iOS devices, will also facilitate remote wipe features similar to those that are already in place for mobile devices tied to MobileMe, enabling a user who has lost his or her MacBook to remotely destroy its contents before malicious thieves could even attempt to recover data from it.



While Apple hasn't yet officially revealed plans to add remote find/wipe/lock services for Lion Macs in MobileMe, it is clear that such a service will be available to Lion Server administrators, enabling them to remotely wipe or lock devices bound to the organization's Directory Server via Profile Server.







Lion Server Profile Manager for remote configuration



Additionally, the discovery of a new Uninstall.framework indicates that new Profile Server remote management tools (a feature of Lion Server for both Mac and iOS clients) will enable network administrators to remotely manage the software installed and removed on an organizations' machines, in addition to managing profiles (configuration files that are currently used to set up new iOS devices, and will in the future be used to set up Lion Macs).



While some of these tasks (including remote software installation) are already possible using Apple's Remote Desktop, the new web based Profile Manager in Lion Server promises to serve as a powerful remote administration solution that will allow companies to manage their mobile iOS devices and Macs using the same tool.



Apple says that its new Profile Manager "delivers simple, profile-based setup and management for Mac OS X Lion, iPhone, iPad, and iPod touch devices. It also integrates with your existing directory services and delivers automatic over-the-air profile updates using the Apple Push Notification service."



This indicates that the Apple Push Notification service foundation support discovered in Lion is not just used by FaceTime, but will also be used to update configuration information for enterprise users. For example, a company could upgrade its security policy for local WiFi networks and then push this configuration change to all of its iOS and Mac users for immediate installation.



«1

Comments

  • Reply 1 of 36
    I hope someone can clear up a question I have?



    On Apple's Lion page, it says Server is part of Lion?what does this mean? Can you enable the server features through system preferences even if you don't buy a version that specifically says "server" on it?



    If that's right, I'm excited to experiment with it!



    (I'd clear this up myself but I don't have access to the beta.)
  • Reply 2 of 36
    @autism



    Mac os x Lion and Mac os x Lion Server are now combined....... which means that you will not have to buy a server edition of Lion.



    You enable the server in the preference pane on Lion.
  • Reply 3 of 36
    Thank you much, @MobileMe!

    This summer should be a very fun one.
  • Reply 4 of 36
    @MobileMe

    are you sure about this? it would be really great fun to have server as an option without buying server software separately.
  • Reply 5 of 36
    Quote:
    Originally Posted by cutykamu View Post


    @MobileMe

    are you sure about this? it would be really great fun to have server as an option without buying server software separately.



    It's on Apple's Lion page.
  • Reply 6 of 36
    Quote:
    Originally Posted by _Hawkeye_ View Post


    It's on Apple's Lion page.



    i see it now, thanks.
  • Reply 7 of 36
    Quote:
    Originally Posted by autism109201 View Post


    I hope someone can clear up a question I have?



    On Apple's Lion page, it says Server is part of Lion?what does this mean? Can you enable the server features through system preferences even if you don't buy a version that specifically says "server" on it?



    If that's right, I'm excited to experiment with it!



    (I'd clear this up myself but I don't have access to the beta.)



    While the OS install is part of the same image, no one is really sure if you server features are optional add-ons or require a full re-install. Currently, it's the latter, though I think the former would be much easier in the long run for end-users to handle.
  • Reply 8 of 36
    While the encrypted disk and remote wipe sound cool, this ignores File Vault's existing limitations. Every new Mac entices the owner to enable File Vault without warning them that this will make incremental backups impossible, including with Time Machine. Add to that the risk of complete data loss if a single sector of the encrypted volume is corrupted.



    I hope Lion includes a Time Machine update to allow incremental backups of the encrypted disk. Otherwise this is just adding salt to the wound.
  • Reply 9 of 36
    Quote:
    Originally Posted by dagamer34 View Post


    While the OS install is part of the same image, no one is really sure if you server features are optional add-ons or require a full re-install. Currently, it's the latter, though I think the former would be much easier in the long run for end-users to handle.



    Ah, I see! Either way, it should be easy enough to set up as a server when you do the initial setup, right? I mean, if you're already upgrading your computer, you would think users wouldn't mind a little extra time to make it server, even if you do need a full reinstall.
  • Reply 10 of 36
    markbmarkb Posts: 153member
    Remote wipe....that won't come back to bite them if they release it to John Q Public.
  • Reply 11 of 36
    Quote:
    Originally Posted by markb View Post


    Remote wipe....that won't come back to bite them if they release it to John Q Public.



    Couldn't you get Apple Remote Desktop if you were "John Q Public" anyway?

    You would think that remote wipe requires some type of authentication on both server and client.
  • Reply 12 of 36
    nagrommenagromme Posts: 2,834member
    It?s great to see OS X going places. Great article series too! I just noticed the ?Inside Mac OS X 10.7 Lion? link at the bottom?the best single source for Lion info: http://www.appleinsider.com/topics/I...OS_X_Lion.html
  • Reply 13 of 36
    lowededwookielowededwookie Posts: 1,143member
    Quote:
    Originally Posted by MobileMe View Post


    @autism



    Mac os x Lion and Mac os x Lion Server are now combined....... which means that you will not have to buy a server edition of Lion.



    You enable the server in the preference pane on Lion.



    You know, I actually thought this was the way Apple was heading with Mac OS X Server. With the server functionality built into all Macs it would mean you could set up centralised iTunes etc and share all the data with iPads and iPhones.



    It started to make sense when Apple release Apple TV 2 and the new Mac Mini Server. DHCP isn't really an issue with that largely being handled by the wireless routers and if they implemented some sort of Citrix style remote application running you could Remote Desktop into the Mac and run applications that require a desktop app not available on the iPad yet like internal software.



    I'm really looking forward to seeing what Apple does over the next couple of Mac OS X releases. I do think they will kill off Server and implement more of Server's features into the desktop OS and make servers easy.



    Apple doesn't do enterprise because there is no money to be made in the enterprise market. There are many that would disagree but the enterprise market is generally tighter than a virgin on her wedding day. They hate spending money and Apple likes to find markets that do like to spend money.



    That's the consumer market (rather apt name really) and when you look at the consumer market they are not all that tech savvy so making a really powerful OS super simple to use will allow Apple to roll in new features that will make a truly interconnected world like in the sci-fi movies we see.



    I can't wait. It is going to be an interesting 5 years.
  • Reply 14 of 36
    k.c.k.c. Posts: 60member
    Quote:
    Originally Posted by lowededwookie View Post


    I can't wait. It is going to be an interesting 5 years.



    In 5 years we con't be running anything more than a terminal to the Apple server farm, cloud if you like.
  • Reply 15 of 36
    stuffestuffe Posts: 394member
    Quote:
    Originally Posted by K.C. View Post


    In 5 years we con't be running anything more than a terminal to the Apple server farm, cloud if you like.



    If there was the remotest chance of being able to hold you to that thought, I would. In 5 years I intend to still be using my existing Macbook air and iMac, personally speaking....
  • Reply 16 of 36
    stuffestuffe Posts: 394member
    Quote:
    Originally Posted by MobileMe View Post


    @autism



    Mac os x Lion and Mac os x Lion Server are now combined....... which means that you will not have to buy a server edition of Lion.



    You enable the server in the preference pane on Lion.



    Not quite so easy, you do have to specifically add the software via a custom install during the initial install process. There might be a way os subsequently adding it to the install from teh CD (USB disk/whatever it is shipped on) but the application installer method for the Dev Preview cannot be used to add it post-install. I forgot to check it, and need to re-install to get at it. After this, the features probably appear in the Pref panes.
  • Reply 17 of 36
    stuffestuffe Posts: 394member
    Quote:
    Originally Posted by freediverx View Post


    While the encrypted disk and remote wipe sound cool, this ignores File Vault's existing limitations. Every new Mac entices the owner to enable File Vault without warning them that this will make incremental backups impossible, including with Time Machine. Add to that the risk of complete data loss if a single sector of the encrypted volume is corrupted.



    I hope Lion includes a Time Machine update to allow incremental backups of the encrypted disk. Otherwise this is just adding salt to the wound.



    Because it is "whole disk" the OS is effectively unaware that is is encrypted. TM will now work happily. See the other thread more specifically on Encryption for more commentary
  • Reply 18 of 36
    MacProMacPro Posts: 19,718member
    I can see 'Find My Mac' working through the network but a GPS chip in MacBooks would add even more power to that feature. Given all the the other goodies coming from the iOS /iPhone side I wonder if the GPS chip might also make it.
  • Reply 19 of 36
    timgriff84timgriff84 Posts: 912member
    All sounds very nice, but as there's no rack servers any more what is any serious person going to run this on? Fine there are a lot of smaller organisations that can get away with having it on a Mac pro. But all companies plan to grow and Apple's currently saying if you grow you need to switch to something else, which makes me wonder why you would invest in it in the first place.



    Quote:
    Originally Posted by stuffe View Post


    In 5 years I intend to still be using my existing Macbook air and iMac, personally speaking....



    If you had a 5 year old iMac or Macbook now then it wouldn't run snow leopard. Some 5 year old software won't even run on snow leopard. So in 5 years time I would say your iMac and Macbook Air will be useless for anything new, not to mention the battery in your Macbook Air unless you get it replaced will be dead by then. They'll still be nice machines but Apple make all their money from selling new hardware and traditionally care very little about supporting anything over 3 years old.
  • Reply 20 of 36
    mariomario Posts: 348member
    I hope there is a way to turn this crap off. All I need is another useless daemon (FindMyMacd) eating resources on my desktop. WTF Apple? If we continue like this, we'll end up with the same experience as Windows. First thing you do after unpacking the computer is re-install OS or clean up all the shit that's preinstalled on it.
Sign In or Register to comment.