Jamf Nation Community

tlarkin · ‎07-08-2008

Is anyone running any kind of scripts or hooks with in the windows side that use boot camp? Like, how would you force someone in windows to change the default boot volume back to OS X and reboot the system?

Thanks,

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351

tlarkin · ‎07-08-2008

Yeah, boot picker is nice and I have used that in the past. The only huge downside for me is that I have to open up firmware access for boot picker to run, and it doesn't like the fact that I make the windows partition not mount at start up via /etc/fstab. In my environment if we unlock firmware I know that some students will use target mode booting or an installer DVD to root a machine, and that is something my boss doesn't want to happen, nor do I. I know that physical access tosses all security out the window, but a firmware password is a huge deterrent, and 99% of the students won't want to physically open up their macbooks to bypass the firmware password. Mainly because we can tell, and we charge them for the laptop if that is the case.

Trust me, I would rather not put windows on any of these machines but due to time and a certain application I have absolutely no choice. Next school year if the developer doesn't get off their butts and fix their product to make it web based (like they are promising us) I am going to have to lobby to change products.

thanks,

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351

ernstcs · ‎07-08-2008

I've been asking for this same thing. I haven't checked out the updated version of bootcamp yet, but my guess there is nothing in there for "Enterprise" support.

If someone has something that does this I would owe them big time!

Craig

winkelhe · ‎07-08-2008

Not sure about forcing them....but have you seen BootPicker from bombich?? Or maybe rEFIt?? Their open source so maybe you could manipulate one to get the desired effect.

winkelhe · ‎07-08-2008

I know this doesn't help but if BootPicker has a problem with not mounting the volume why not just make it hidden with a .hidden file or using the setfile command found in the dev tools to set the invisible attribute?? Anyway, take a look at refit. I'm pretty sure you can lock down boot choices which means preventing target disk mode and optical/external booting. Here's info from the latest version:

ersion 0.11 (February 20, 2008): Support for the MacBook Air. Apple Hardware Test is no longer shown as a separate choice in the main menu. If present, it is now an option in the Mac OS X submenu. Additional configuration options to lock down rEFIt for a lab environment.

"Thomas Larkin" <TLARKI at kckps.org> 07/08/08 12:17 PM

To
<casper-bounces at list.jamfsoftware.com>, "Eric Winkelhake" <eric.winkelhake at us-resources.com>, "Craig S. Ernst" <ERNSTCS at uwec.edu>
cc
"Casper List" <casper at list.jamfsoftware.com>
Subject
Re: [Casper] boot camp commands on windows

Yeah, boot picker is nice and I have used that in the past. The only huge downside for me is that I have to open up firmware access for boot picker to run, and it doesn't like the fact that I make the windows partition not mount at start up via /etc/fstab. In my environment if we unlock firmware I know that some students will use target mode booting or an installer DVD to root a machine, and that is something my boss doesn't want to happen, nor do I. I know that physical access tosses all security out the window, but a firmware password is a huge deterrent, and 99% of the students won't want to physically open up their macbooks to bypass the firmware password. Mainly because we can tell, and we charge them for the laptop if that is the case.

Trust me, I would rather not put windows on any of these machines but due to time and a certain application I have absolutely no choice. Next school year if the developer doesn't get off their butts and fix their product to make it web based (like they are promising us) I am going to have to lobby to change products.

thanks,

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351

tlarkin · ‎07-08-2008

Eric

Thanks I have not looked at the newest version of boot picker or refit so they may have very well added command mode to it.

I will have to check that out

thanks

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351

Bukira · ‎07-09-2008

Hi,

I just use a login hook to unmount the windows partition at login

Criss Myers
Senior Customer Support Analyst (Mac Services)
Apple Certified Technical Coordinator v10.5
LIS Business Support Team
Library 301
University of Central Lancashire
Preston PR1 2HE
Ex 5054
01772 895054

tlarkin · ‎07-09-2008

Sorry if this is beating a dead horse, but I even have some peopel at Apple helping me on this one. I am also, on a side note, missing the corporate world now where you don't need to micromanage your users as much.

So, I know that the exe file for boot camp in Windows lives here

C:Program FilesBoot CampKbMgr.exe

I was thinking I could do a simple script like this (and my Windows scripting skills suck)

@echo off
rem run your program and wait until its done
start /wait path omaptest ......

rem bootcampfix ....
C:Program FilesBoot CampKbdMgr.exe".... Restart in Mac OS X....

rem schedule reboot NOW. during testing change 0 to 60
rem reboot can be stopped by shutdown -a from a cmd prompt (start menu/run cmd)
shutdown -r -t 0

However I don't think it works, well I know it doesn't work.

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351

ernstcs · ‎07-09-2008

Hi Tom,

I'm glad that you've got a working solution, but you and JAMF will have to pardon my soapbox about Apple since I see an Apple email address copied on this message.

I know that one of the folks in our area worked out a similar solution a long while back with screen control, but to me this is a hack and not a real solution. All Apple needs to do is add some simple command line interaction with their application and MANY people would not be going through what you've been going through. I just don't get what the hang up is on Apple's part, like this request is somehow foreign in an Enterprise environment they seemingly want to be a part of, particularly in education where I think they are pushing dual-platform systems and hardware.

I've gone through my Apple channels with no response regarding this and talk about frustration...

Tom, let us know how reliable this turns out to be for you.

Thanks...and good night.

Craig

tlarkin · ‎07-09-2008

Well,

After a long and hard day of surfing the web and google searching every possibility my Novell/software developer guy I work with actually figured it out. Now, when a user logs into windows there is an object policy in Novell that if they have the bootcamp.exe installed on their machine it will automatically launch the MAP testing software. Now, once they exit the machine it runs a script which invokes a freeware program called autoIT. AutoIT will detect the current open window and can open and execute programs. So we told it to open up the boot camp manager in windows, select OS X start up disk and you can map mouse coordinates for current open windows. He basically mapped out where the OK button is located to reboot and then told it to reboot the system. Then it reboots back into OS X. I found this all on a thread from Bombich's site.

This would also be great for anyone who was deploying dual booting OS X/Windows boxes and wanted the machine to after it was done imaging reboot windows to run sysprep just once, and then reboot back into OS X permanently.

here is the script:

;; boot_to_osx.au3 ;; ;; there's no way to do this with the command line or anything, ;; so here's a little autoit script to use apple's provided ;; utility to bless the OSX drive.

#requireadmin Local $dom = envget("USERDOMAIN")
;;runas("maptestadmin",$dom,"m4pt3st",0,"C:Windowssystem32AppleControlPanel.exe")
Run("C:Windowssystem32AppleControlPanel.exe") WinWait("Boot Camp Control Panel") WinActivate("Boot Camp Control Panel") WinWaitActive ("Boot Camp Control Panel") ControlClick ("Boot Camp Control Panel", "", "[CLASSNN:SysListView321]", "left", 1, 40, 20) ControlClick("Boot Camp Control Panel", "OK", 1)
Run("C:Windowssystem32shutdown.exe -f -r -t 0")

here is the app autoIT

http://www.autoitscript.com/autoit3/downloads.shtml

Here is the bombich link

http://forums.bombich.com/viewtopic.php?p=45711

Of course Steve Rose, the guy I work with is the genius that put it all together.

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351

tlarkin · ‎07-09-2008

He is my AppleSE and was working with me to get the problem fixed. I CC'd him out of sheer laziness of making two separate emails.

I think everyone agrees, and reading through the bombich forums I found at least 15 threads on the subject I was looking for. There is indeed a demand for it, but just like anything else change takes time and it never comes over night.

Sorry I probably should have sent a separate email but I have been working on this all day and am now cutting corners to get more stuff done. I probably won't even get home until around 9pm tonight to finish the rest of this crap up.

So far, in our limited two laptop test, it worked.

I really need version 6 and self service policy to make it work exactly how I want to.

Also, I did find that the bless command has a reboot once argument that can be used in syntax with the command. I haven't had time to poke through it all yet but it seems like there may be a way to do it natively in OS X as we speak, it just may not be very intuitive.

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351