As I already wrote in yesterday’s post Apple – Notes / summary for the “Mac Integration Basics 10.8 Exam”, I’ve mainly been working with Microsoft products all my life. Since recently however, I’m also trying to get more familiar with Apple, Mac products and OS X and am trying to become certified.

One of the reasons, I’d never used Apple products before was because I never really deemed it necessary. Nowadays the number of Mac users seem to be growing and there is more demand for people with Mac / OS X knowledge.

As such my quest for knowledge and certification began. For me personally this meant:

Using Apple online resources
Reading books (mainly the great book Apple Pro Training Series: OS X Support Essentials. Before purchasing, you might also want to look for coupon codes as it might save you 30% off or more.)
Watching computer based training (CBT) videos
Working with OS X (thanks go out to my employer Open Line for providing me with a MacBook Pro, books and most importantly … TIME)
- Personally I didn’t think it was necessary to take a course at a training center, but some people might prefer this.
Asking colleagues for help (thanks guys !!!)
Making sure that I understood everything and if it wasn’t the case, look it up.
Taking notes / creating this summary blog post that can be used as a reference if needed
Testing my knowledge using test questions from Revise IT

I’ve taken the exam last friday and passed with 92.5%. Even though I think it was a pretty good score, I still had to make some educated guesses. This made me realize that there’s still a lot to learn and that getting more experience is important as well.

I also want to mention that I took the exam at LAI the training institute for IT professionals in Schiedam (The Netherlands). They were really kind, helpful and service oriented. The waiting area and test room were great and they even provided a pastry and all kind of drinks at no charge. This has been my best test taking experience to date, so keep up the good work guys.

I’m looking forward to attending the OS X Server 10.8 course at LAI the training institute for IT professionals at the end of March. I’ll try to create another blog post about this as well.

But now back to the important stuff, here are my notes/summary. I hope it is useful. If you find any errors or have any suggestions, please leave a comment.

Notes / summary for the “OS X Support Essentials 10.8 Exam”

Installation

OS X Mountain Lion can only be aquired from the Mac App Store.
Install preparations:
- Needs to be supported model
  - iMac (Mid 2007 or newer)
  - MacBook (Late 2008 Aluminum, or Early 2009 or newer)
  - MacBook Pro (Mid/Late 2007 or newer)
  - Xserve (Early 2009)
  - MacBook Air (Late 2008 or newer)
  - Mac mini (Early 2009 or newer)
  - Mac Pro (Early 2008 or newer)
- Requires 2GB RAM, 8GB of available HDD space. Also firmware needs to be up-to-date. More info on the website.
- Upgrade from OS X v10.6.8 or later.
- Don’t install an older version of OS X than the version that came with your Mac. Newer hardware might not be supported, possible issues are described here.
- Before upgrading:
  - Check if applications are compatible.
  - Backup data.
  - Ensure firmware is up-to-date (System Information, Boot Rom Version).
- Review configuration by going to the Apple icon in the upper left corner. Use the option key to switch between “About this Mac” and “System Information”. If desirable, save system information as .spx or print it to PDF. For older OS X versions, use “System Profiler”.
  - In “About this Mac” you can click on the OS X version multiple times so it will show Build and Serial Number also.
- Make backups if appropriate and make sure you can recover from them.
Install options:
- Using OS X recovery disk (700MB) by booting computer while holding the option key.
  - Restore from Time Machine Backup
  - Reinstall OS X.
  - Use disk utility to prepare/fix disk for installation.
- Install from DVD.
- Install from internet source.
- Upgrade by downloading OS X Mountain Lion from the App Store.
  - Installation process will delete installer application. Quit the installer if you want to upgrade several computers or create a full OS X recovery disk.
Possible destination disk (startup volume) situations preventing installation:
- Disk is faulty (hardware). In system information you can check the service and support coverage status.
- Disk contains Time Machine backups.
- Disk does not use required GUID (GPT) partitioning scheme.
- Disk is not formatted as Mac OS Extended (Journaled) volume.
- Disk needs to be slightly resized (reduced with 128MB).
- Disk uses software RAID or uses nonstandard Boot Camp partitioning. Installation is possible, but OS X Recovery HD cannot be created.
Installation disk can be an external disk as well. Does not need to be internal disk.
For monitoring and/or troubleshooting open the “Installer log” during installation or after installation use the “Console” application and open the “/var/log/install.log”.

Initial configuration steps

Configuration can be performed:
- Manually using Setup Assistant/System Setup at user/system initialization.
- Manually using the System Preferences app.
- Manually by editing configuration files.
- Automated using configuration profiles.
You can configure the computer name from within System Preferences, Sharing.
Software updates:
- Software update preferences apply to all users now with Mountain Lion.
- Keep in mind that OS X system updates can be bigger than 1 GB. Consider deploying a central software update server. Alternatively download updates to a local repository from http://support.apple.com/downloads.
- Client configuration for using a central software update server is not possible from within the GUI. Use a profile instead.
Setup Assistant helps getting the system configured properly for users. Includes by example language, keyboard, network settings, migration assistant, location settings, Apple ID, iCloud, time zone, registration and setting the computer account. The computer account is the only initial administrative user account.
Configuration profile
- Originally created to provide easy setup for iOS devices.
- Is a document that includes instructions for specific system settings and/or applications.
- Filename extension is .mobileconfig
- Verify the profile content and its result by testing it properly.
- Consider signing configuration profiles for added security.
- Install by simply double clicking if you have administrative privileges.
- Can be created using 3rd party tools or these ones created by Apple:
  - iPhone Configuration Utility.
  - Apple Configurator application.
  - Profile Manager service of OS X server.
- Can be distributed:
  - In any way you would distribute any other file (b.e. e-mail, fileserver, website).
  - Using push for OS X systems that are enrolled in a management server like by example OS X Server Profile Manager.
- Open Profiles in System Preferences to see the profiles on a computer.
  - Profiles will only show in System Preferences if a Profile is installed.
- More information in the Technical White Paper: Managing OS X with Configuration Profiles.

OS X Recovery

Replaces functionality previously accessed via OS X installation DVD.
Provides access to:
- Configuration and troubleshooting utilities.
  - Disk Utility, storage-related administration and maintenance.
  - Firmware Password Utility, secure startup process by disabling all alternate startup modes without a password.
  - Network Utility, network and internet troubleshooting utility.
  - Terminal, UNIX CLI of OS X. Most useful command: resetpassword
    - Reset password via Terminal.
      - Also resets home folder permissions to default.
      - Consider mitigating risks by setting a firmware password and/or enabling FileVault 2.
- Restore from Time machine Backup.
- Reinstall OS X.
By default located on the primary system disk. Macs with newer firmware can start up from an Apple server over the internet and access OS X Recovery features.
Accessed by restarting while holding command+R
Hold option key for startup manager with all boot options, including external OS X Recovery disks.
When disks are protected by FileVault 2, the disk needs to be unlocked before performing actions.
In OS X Recovery, Ethernet and Wi-Fi networking is available if the network provides DHCP services.
- Can also browse the internet.
External OS X Recovery disk creation options:
- Create a minimal OS X Recovery disk using the OS X Recovery Disk Assistant.
  - You need to download the Recovery Disk Assistant.
  - Must have a local hidden Recovery HD partition.
  - Requires only 1GB (USB flash) disk.
  - Requires local admin account.
  - Requires GPT and Mac OS Extended (Journaled) partitioning.
  - Supported by Apple.
  - Does not contain OS X installation assets, need to be downloaded from internet.
- Create a full OS X Recovery disk.
  - Includes the OS X installation assets. Make sure you create and use full OS X Recovery disks only for systems that are supported with a specific OS X version.
  - Requires 8GB (USB flash) disk.
  - Use disk utitlity on the disk and configure InstallESD.dmg as the source.
  - Requires GPT and Mac OS Extended (Journaled) partitioning.
You can change your startup disk from within OS X recovery using:
- Apple menu, Startup Disk.
- Menu, Quit OS X utilities, choose Startup Disk.

Applications

The Installer application simplifies installation of packaged application installations.
The Installer /private/var/log/install.log can be viewed with the Console application.
You can view the installed applications using the System information application.
New features/options for Installer applications introduced with OS X 10.5:
- Users may specify home folder as installation folder.
- Dynamic installation package that remains up-to-date when there is Internet access.
- Network installation packages download latest version from server during installation.
- Support for signed packages to increase security and reliability.

Local user accounts and groups

Types of user accounts
- Sharing only user
  - Only non authenticated access to shared files and folder.
  - Cannot log in and no home folder.
- Guest user
  - By default only non authenticated access to shared files.
  - The home folder, settings and history will be deleted on logoff.
  - Optionally enable guest user account support for unauthenticated login.
    - Will have same access as standard user.
    - Can restart or shutdown your Mac. Could compromise system during startup.
    - Consider disabling, changing permissions and/or applying parental controls.
- Standard user
  - Standard user cannot install software.
  - Managed user is a standard user to whom parental controls apply. By example:
    - Limit the allowed applications.
      - Limit App Store Apps.
      - Limit Other Apps.
        
        Parental controls are not honored by most 3rd party applications (b.e. FireFox and Outlook), keep this in mind when limiting applications.
      - Limit Widgets
      - Limit Utilities
    - Web – unrestricted access, try to limit access to adult websites, Allow access to only specific websites.
    - (Bedtime) Time Limits – weekday time limits, weekend time limits, prevent access during specific times.
    - People – allow communication only with approved addresses for Game Center, Mail and Messages.
    - Other – Restrict access to dicatation services, printers, password changes, optical media and the dock.
    - Maintain Safari, Messages and Application usage logs (both allowed and attempted but denied access).
  - Parental controls preferences can be managed remotely from another Mac OS X on the local network if you Allow Remote Setup.
  - Parental controls preferences is a limited subset of the more extensive managed preferences system available when using OS X Server.
- Administrative user
  - Initial account created during Mac set up.
  - Can modify anything on the computer. Including other administrative user accounts and the root account.
  - Can be used for daily use, but better is to adhere to principle of least privilege. Prevents catastrophic results of by example user errors, viruses or malicious scripts/applications.
- Root user (System Administrator)
  - Disabled by default.
  - Enable using Directory Utility. Use Finder, Go To, /System/Library/CoreServices/
    - In Directory Utility, Directory Editor, Systems Administrator.
Administer users accounts and groups using Users & Groups.
- Use secondary (or Control) click on a user to access advanced options.
  - User ID, Group, Account name, Login shell, Home directory, UUID and Aliases.
    - UUID is used for group membership and ACLs.
- Using Login Options you can configure to join a Network Account Server (Active Directory, LDAPv3, NIS).
User account information stored in XML in /var/db/dslocal/nodes/Default/users , accessible by root.
In Users & Groups you can configure Login Options (shown in login screen) like:
- Set a master password that can be used to reset the password of a user even when it’s logged on.
- Auto login (disabled by default).
- Show list of available users (enabled by default).
- Password hints after three wrong password attempts.
- Configure fast user switching (enabled by default).
  - Not supported for network accounts.
  - When using fast user switching:
    - you can run into contention issues with applications, documents or devices that cannot be used by multiple users simultaneously.
    - Attached external storage devices are available for all users in read/write. Disk images are available in read only. Only network shares remain secure.
- Configure the Mac to use accounts hosted from a shared network directory. By example from OS X Server.
Home folders
- Default location for local home folder is /Users/<accountname>
- By default includes the following items:
  - Desktop
  - Documents
  - Downloads
  - Library
    - Hidden by default in OS X Lion and later. Access through Finder menu, Go, holding the option key.
    - Includes many non-document resources like files, fonts, contacts, keychains, mailboxes, favourites, screen savers, widgets and many other application resources.
  - Movies
  - Music
  - Pictures
  - Public
    - Drop Box
- Optionally contains:
  - Applications (preferred location for application installations)
  - Sites (legacy folder for upgraded or migrated computers, viewable for others).
- Content only accessible for user (and root).Exceptions:
  - The Public folder where others have read access.
  - The Drop Box folder inside public folder where others have write and only the owner of the home folder can view it.
  - By default, files and folder put at the root of the home folder will be viewable by other users. Permissions can be modified ofcourse.
  - /Users/Shared
  - System Administrator (root) has access.
- Options for migrating and restoring home folders:
  - Using Migration Assistant.
    - Automates many steps.
    - Can use data from disks or other computers (including Windows).
    - Cannot be used if you need to reformat the disk containing the data.
    - Migration Assistant runs as part of the OS X Setup Assistant with new installations but can also be run manually afterwards.
      - Legacy FileVault-protected users accounts can only be migrated during the initial OS X Setup Assistant process.
  - Using a manual restore.
    - Is useful when you need to reformat the disk containing the data, because you will copy the data to a different disk before reformat.
    - Can also be used when an account has been deleted and the home folder content is still in /Users/Deleted Users
    - Basic steps:
      - Document the user account name.
      - Copy the user’s home folder to different disk. Make sure hidden files/folders like the Library are included as well.
      - On new install create and admin account with a different name than the account to be restored.
      - Copy the backup to the /Users folder. Make sure hidden files/folders like the Library are included as well.
      - In Users & Groups Preferemces create the user’s account with the same account name and choose to use the existing folder when prompted.
Customization
- Move menu items on the right side of the menu bar (menulets) by dragging the menu item while holding down the Command key. Example include the wireless icon and the volume icon.
Passwords
- Users can change their passwords using Users & Groups preferences. It even includes a Password Assistant that can help generate a strong password. You can also use Security & Privacy.
- Resetting passwords
  - Reset Regular and Legacy FileVault user account passwords using:
    - User & Group preferences with an administrator account for regular user accountss and with the Master Password for Legacy FileVault accounts.
    - Master Password
      - Does not require an admin account.
      - Enable and set in Users & Groups preferences.
      - At login when user enters incorrect password three times, a prompt will appear to rest the password using the master password.
    - Apple ID. At login when a non-Legacy FileVault user enters an incorrect password three times, and the account is associated with an Apple ID you can reset the local account password by logging authenticating with your Apple ID.
    - Reset Password in OS X Recovery.
  - Reset Master password
    - Reset using Users & Groups preferences.
    - Delete /Library/Keychains/FileVaultMaster.cer and /Library/Keychains/FileVaultMaster.keychain files.
  - Reset Apple ID
    - Follow the instructions on https://iforgot.apple.com
  - FileVault 2 password
    - After three incorrect password logins, you need to reset the password using a Recovery Key that you can you can write down / store somewhere or you can store it with Apple. If you store it with Apple you need to configure security questions and answers. To recover the key you can contact AppleCare if it is supported in your region.
- Login Keychain is normally synchronized with the account password. By resetting the account password it will not be in sync anymore. At first new logon however you will be presented with options to remedy this.

System Security Settings

System and security settings include, but are not limited to:
- Logging out after x minutes of inactivity.
- Automatically update safe downloads list
- Requiring administrator password to access locked preferences.
- Requiring password after sleep or screensaver.
  - Lock computer using:
    - Control+Shift+Eject for lock (screen off)
    - If fast user switching is enabled, click the user account name in the top right corner and choose Login WIndow.
    - Configure keychain to show in menu bar, choose lock screen there.
- Disabling automatic login.
- Configuring a login message or policy banner.
- Configuring to allow applications downloaded from:
  - Mac App Store
  - Mac App Store and identified developers
  - Anywhere
- Encryption (FileVault).
- Firewall.
- Location services (can be limited to specific applications).
- Apps that are allowed to access your contacts.
- Disable remote control infrared receiver.
- Option to send diagnostics and usage data to Apple.
Legacy OS X FileVault (prior to OS X Lion)
- Only protects data in user’s home folder (not full disk encryption).
- Incompatible with many system management and backup applications.
- Deprecated, it is advised to use FileVault 2 instead. Requires:
  - Disabling all Legacy FileVault users.
  - Enough free space to be able to make a decrypted copy of home folder data. If this is not the case, consider manually migrating a copy of the home folder.
Find My Mac / Find My iPhone (iCloud)
- Remotely locate, lock, erase (or wipe) and display a message on the Mac or an iOS device using http://www.icloud.com
- Requires active internet connection.
- Requires local OS X Recovery partition.
- Requires iCloud and Find My Mac to be enabled.
- Systems with Find My Mac enabled also feature a “Guest”mode when the system is restarted. This increases the chance that the system will be used and will be able to access the internet, in turn helping locate the device.
Firmware Password
- Setting the Firmware Password prevents unauthorized users from using any startup-interrupt keyboard shortcuts.
- You can still boot from another startup disk if you hold the Option key when you start the Mac and enter the correct password.
- When the Firmware Password is lost:
  - Many Mac models before 2010 allow for the Firmware Password to be reset by removing some of the system memory. Then restart the Mac while holding the Command-Option-P-R keys.
  - For Mac models of 2010 or later you need to visit an Apple Authorized Service provider to clear the firmware password.
Application security
- Besides operating system and hardware security, it’s also important to use secure applications.
- Safari security

Keychain Management

The keychain contains securely stored passwords, keys, web forms, secure notes and certificates.
- Some website information may be store in cookies instead of in the keychain.
The local account password is not in the keychain.
If you forget a keychain’s password, its contents are lost forever due to encryption.
Managed using the Keychain Access application.
- Add/remove keychains, secure notes and password items.
- View passwords stored in the keychain and change them.
- Import/open keychains.
- Configure Keychain login settings to lock after x minutes or when sleep is initiated
- Verify or repair Keychain files using Keychain First Aid (requires password).
- Certificate assistant to create, request and configure certificates.
- Set preferences:
  - Show status in menu bar (easy access to keychain and to lock screen)
  - First aid options
  - Certificate options (including certificate revocation list settings)
Keychain files
- /Users/<useraccountname>/Library/Keychain/login.keychain
  - Each user has its own keychain. By default the password matches the user’s account password so it will unlock and use its content automatically.
  - A user can create multiple keychains and with different passwords for added security. Consider by example electronic banking accounts.
- /Libary/Keychain/System.keychain
  - Contains non user specific authentication data like passwords for wireless networks, 802.1X, network passwords, Kerberos, Legacy FileVault and Apple Push Service.
  - All users benefit from the keychain, only administrative users can modify.
- /Libary/Keychain/FileVaultMaster.Keychain
  - Encrypted with the FileVault master password.
- /System/Library/Keychains
  - Contains root certificates.
  - All users benefit from the keychain, only administrative users can modify.

File Systems

File Systems and Storage
- Managed using Disk Utility.
  - Dynamic disk repartitioning since OS X 10.5 with specific filesystems/options.
  - Provides secure erase options. Most secure (7-pass erase).
    - Meets US DoD standards according to Apple.
    - This may detoriate life expectancy for SSD.
  - Secure erase an item in CLI using srm command.
  - Create new volumes in an encrypted format.
    - It is however not possible to convert an existing Mac OS Extended volume to an encrypted volume with Disk Utility. You can do this using Finder though.
      - Requires disk to be using GPT.
      - For the system volume, FileVault 2 needs to be enabled.
  - To erase or repartition disks that contain encrypted volumes you need to first erase the encrypted volume or decrypt it.
  - Disk utility displays startup disk and its partitions first.
- Partition schemes:
  - GPT (GUID Partition Table).
    - Default for Intel-based Mac. Boot only supported on Intel.
    - Can be accessed from PowerPC Mac OS X 10.4.6 or later.
  - MBR (Master Boot Record).
    - Used by non-Mac + devices/peripherals (USB stick/memory cards).
    - Mac cannot boot from it.
  - APM (Apple Partition Map).
    - Default PowerPC-based Mac. Boot only supported on PowerPC.
    - Can be accessed from Intel-based Mac.
- Most commonly used volume formats in OS X:
  - Mac OS Extended. All options include
    - Journaled (helps preserve volume structure integrity)
    - Encrypted
      - Full disk XTS-AES 128 encryption, used by FileVault 2.
      - Not compatible with OS X prior to OS X Lion.
      - Cannot be dynamically repartitioned.
      - Existing non-encrypted disk can be converted to encrypted disk.
    - Case sensitivity. By default, Mac OS Extended format is case-preserving but case-insensitive. You can choose it to be case sensitive, but many (3rd party) applications may experience issues and it is not supported.
  - Unix File System (UFS).
  - MS DOS File System / (Extended) File Allocation Table (FAT32, ExFAT)
  - NT File System (NTFS). Read-only by default. Can add read-write support with 3rd party apps
FileVault 2
- If a local user is still configured to use Legacy FileVault, you cannot enable FileVault 2.
- If there are multiple local users, you can selectively grant users the ability to unlock and decrypt the protected system disk allowing them to start up the system by entering their password.
- Users whose password has been changed on the local system will continue to be FileVault enabled. After passwords resets from the network directory server, the user will however not be allowed to unlock the local FileVault 2 system disk. Re-enable the account for FileVault in Security & Privacy.
- When enabled, login window appears faster because startup is initiated from a special EFI booter on the Mountain Lion Recovery HD. User has to authenticate.
- If a user forgets their password, use the recovery key. If both are not available, the data will be lost.
- If FileVault 2 is enabled, other security features also turned on to ensure security.
  - Password required to log in after sleep and to exit screensaver.
  - After initial startup, only users enabled in FileVault will be able to log in, other users need an administrator to log in first.
File and folder actions
- In Finder, use File, Quick Look (Command+Y) to determine folder size and item count.
- Secure erasing files is possible using Finder in combination with Secure Empty Trash.
- Remounting volumes on a connected disk requires first unmounting and ejecting remaining volumes, then physically disconnecting and reconnecting the disk and then remounting. With Disk Utility you can do this without physically disconnecting and reconnecting.
- Properly unmounting/ejecting volumes helps minimizing the risk of data corruption.
- If a disk was improperly unmounted, a file system diagnostic will be run on the disk before it remounts volumes. This might take a while. Verify by checking if fsck process is running using the Activity Monitor application.
- Unmounting/ejecting volumes might fail because files might be in use. You can quit all programs, log out, restart the computer or use 3rd party applications like What’s Keeping Me (WKM) to resolve this.
- To encrypt files using finder, go the desktop and use CTRL+click on the volume you want to encrypt. Then enter the password you want to use.
Permissions (privileges) and Sharing
- Only users and processes with root account access can ignore file permissions.
- View and modify permissions using Finder. Get Info for single item,Inspector for multiple.
  - Get Info – Select file/directory, Finder menu, File, Get Info
    (or select file/directory and press Command+I).
    - When changing permissions, Get Info remembers previous settings so you can revert.
  - Show Inspector – Finder menu, File, hold Option, Show Inspector
    (Option+Command+I)
  - Add/remove users and groups using the + or – icons.
  - Change privileges using the drop down boxes.
  - Use the cog icon to revert privilege changes on files.
  - You can also propagate privilege changes recusively to items in the folder by using the “Apply to enclosed items…” option.
    - Cannot be easily reverted.
    - Locked items remain in their Original state.
- Permissions can be verified and repaired:
  - In Disk Utility.
  - In Terminal
    - For a folder:
      - sudo chmod -R 755 <path>
      - chown root:wheel <path>
    - For the system: sudo diskutil repairPermissions /
- Ownership for Permissions:
  - Owner. By default the creator of the file/folder.
  - Group. By default, group inherited from the folder it was created in. Mostly:
    - Belong to staff (primary group for local standard users)
    - Belong to wheel (primary group of root system account)
    - Belong to admin groups.
  - Everyone. Used to define access for those who are not owner and not part of a group (includes local, sharing and guest users).
- File permissions:
  - Read & Write
  - Read Only
  - No Access
- Folder permissions:
  - Read & Write
  - Read Only
  - Write Only (Drop Box), can copy/move files to it, but not browse it.
  - No Access
- More details about UNIX-style permissions on Wikipedia.
- Access Control Lists (ACL) and Access Control Entries (ACE)
  - Developed to expand on UNIX permissions architecture to provide more control and flexibility.
  - Similar to Windows-based NTFS permissions and UNIX NFSv4.
- Effective permissions
  - ACLs trump standard UNIX permissions.
  - Effective permissions are based on a combination of permissions.
- Effective permissions examples
  - Read & Write folder
    - Read & Write file
      - Can edit file content
      - Can view or copy file
      - Can move or delete file
      - Can rename file
    - Read Only file
      - Can’t edit file content
      - Can view or copy file
      - Can move or delete file
      - Can rename file
  - Read Only Folder
    - Read & Write file
      - Can edit file content
      - Can view or copy file
      - Can’t move or delete file
      - Can’t rename file
  - Read Only Folder
    - Read & Write file
      - Can edit file content
      - Can view or copy file
      - Can’t move or delete file
        
        Beware: Many applications will not be able to save changes to files in Read Only folders because they attempt to replace the original file instead of revising the file content.
      - Can’t rename file
  - Read & Write folder
    - Read & Write Locked File (locked file prevents non owner from modifying, moving, deleting or renaming. Sticky bit is similar)
      - Only owner can edit file content
      - Can view or copy file, but copies are locked
      - Only owner can move or delete
      - Only owner can rename file
- Permission behaviour when moving, copying or creating new files and folders
  - New files/folders will inherit permissions of its parent.
- Permissions for Nonsystem Volumes
  - With external disks files and folders can easily be used on multiple computers. The issue however is that these computers don’t share the same user account database. As a result interpreting file ownership can be an issue.
  - To prevent access issues, ownership is ignored on nonsystem volumes by default in OS X. If this is undesirable (security), you can override this using Finder, Get Info and unchecking “Ignore ownership on this volume”.
- UNIX Permissions and the Terminal application
  - File and folder permissions
    - Read (r–) = 4
    - Write (-w-) = 2
    - Execute (–x) = 1, necessary for opening folder.
    - No access (—) = 0
  - For directories permissions have a leading d. It could look like : drwxr-xr-x
  - For files permissions having a leading -. It could look like : -rw-r--r--
  - View permissions using ls -le
  - The first three characters after the leading character define the Owner privileges, the next three the Group privilege and the last three the Others privileges.
  - Setting privileges this way can be annoying. There is a numerical alternative:
    - 0 = No access
      1 = Execute
      2 = Write
      4 = Read
    - Permissions range from no access 0 (—) to full access 7 (rwx).
    - drwxr-xr-x translates to 755 for the directory (leading d character).
    - -rw-r--r-- translates to 644 for the file (leading – character)
  - Change ownership using chown
    - By example: sudo chown useraccountname “~/Documents/file.pdf”
    - man chown for more info (q to quit).
  - Modify permissions/ACLs chmod.
    - By example: sudo chmod 777 “~/Documents/file.pdf”
    - man chmod for more info (q to quit).
File System and permission Troubleshooting
- Some troubleshooting tools have already been discussed in the previous part.
- Keep in mind that you can also use Target disk mode on supported systems and disks.
- Recover data using Time Machine is applicable.
- Consider 3rd part disk recovery utilities.
- Troubleshooting permissions issues in Mac OS X

Data management

Hidden Items and Shortcuts
- By default the Finder hides much of the complexity of OS X from the user.
- Items can be hidden in two ways:
  - UNIX style, using a period “.” at the beginning will hide from Finder and Terminal.
  - OS X style, setting the item’s hidden flag will hide only from finder.
  - The user’s Library folder is hidden by default. Go to Finder, Go and hold the Option key to reveal the Library.
  - Finder, Go, Go to Folder (Command-Shift-G) to manually enter path.
- Bundles and Packages
  - Are common folders that contain related software and resources. By example .app, .bundle, .framework, .plugin, .download, etc.
  - Finder treats them as single files.
  - By default users cannot navigate them with Finder. To show content, use right click (control+click) and choose “Show Package Contents”.
  - Tools for creating and modifying bundles and packages are available to those with Mac Dev Center access.
- File System shortcuts
  - Not to be confused with shortcuts in Dock or the Finder sidebar.
    - Save references to Original items as part of their config files.
  - Real File System Shortcuts appear as individual files that can be located anywhere on a volume.
  - Types of File System Shortcuts. Comparison when used with 100MB file:
    - Alias
      - Can be created with Finder
        
        Finder menu, File, Make Alias (Command+L).
        
        Right click (Control+click), Make Alias.
        
        Click and drag the original item while holding down the Option and Command keys.
      - Useless in Command-Line tools like Terminal. They think aliases are files, not references.
      - More resilient to location changes of the original items. Finder even has option “Fix Alias”.
      - Finder, Get Info, shows Kind: Alias and size of 1.2 MB.
      - Used by Finder, File, New Burn Folder.
    - Symbolic Links
      - Can be created only in Terminal.
      - Can be used in CLI and Finder.
      - Pointers to the file system path of the original item.
      - Symbolic link is broken when original file changes location. Replacing file is no problem.
      - Finder, Get Info, shows Kind: Alias and size of 35 bytes.
    - Hard links
      - Can be created only in Terminal.
      - Can be used in CLI and Finder.
System Resources
- Found in Library through Finder (Go, hold Option key, Library).
- System resource hierarchy domains (keep in mind when troubleshooting).
  - User (deprecated, might still be used by applications though).
  - Local (available to all local user accounts, includes root Applications and root Library folder).
  - Network (configure automounted share to enable).
  - System (all items necessary to provide core system functionality).
- When multiple copies of similar resources exist in different domains, the resource most specific to the user will be used.
- Some of the Library items and the domains they can be found in:
  - Application Support (in User and Local)
    - Often contains help files, templates or resources.
  - Extensions (in Local and System)
    - Also called kernel extensions.
    - Low-level drivers that attach to kernel, core or OS and provide support for hardware, networking and peripherals.
  - Fonts (in every Library folder)
    - Use System Information view installed fonts.
    - Use Font Book to manage fonts in a GUI (fonts can be added, removed, disabled, verified, restored to default).
    - 3rd party font-management tools are available.
    - Applications may need restart before font is available.
    - If font for all users, place in /Library/Fonts
    - If font for current user, place in ~/Library/Fonts
    - Mac OS X font search order: /System/Library, /Network/Library, ~/Library
    - Outline fonts (vector fonts) include TrueType fonts, OpenType fonts and Postscript fonts.
  - Frameworks (in every Library folder)
    - Repositories of shared code.
    - Use System Information to view loaded frameworks.
  - Keychains (in every Library folder)
    - Contains securely stored passwords, keys, web forms, secure notes and certificates.
  - LaunchDaemons and LaunchAgents (in Local and System)
    - Define processes that start automatically via the launchd process.
    - LaunchAgents for processes to run when user is logged in.
    - LaunchDaemons for processes to run in background even when no user is logged in.
  - Logs (in every Library folder)
    - Use Console to view logs.
  - PreferencePanes (in every Library folder)
    - Can be found in System Preferences.
    - Possibly useful 3rd party preference panes.
  - Preferences (in User and Local)
    - Contains files with system and application preferences.
  - Startup Items (in Local and System)
    - Precursors to LaunchDaemons and LaunchAgents.
    - Apple discourages the use of Startup Items. Currently launchd still supports many Startup Items, but may not be true for future versions.
    - Generally installed by 3rd party software that hasn’t been updated.
Metadata and Spotlight
- Metadata describes content. By example names, paths, creation and modification dates, permissions, extended attributes (color label) and flags (hidden).
- You can add custom metadata to your files/folders by entering Spotlight comments in the Get Info and Inspector from the Finder.
- Apple uses a forked file system:
  - Makes complex items appear as a single item in the file system, while it actually consists of a data fork and a resource fork.
  - Only fully supported on Mac OS Extended File System volumes.
  - Legacy file systems like FAT, Xan and older NFS shares do not know how to properly store meta data:
    - AppleDouble file format used to work around this:
      - Metadata stored seperately in ._<filename>
      - Invisible in Finder (and Windows Explorer by default).
      - Some files have trouble with being split up.
  - NTFS supports alternative data streams (similar to file forking) and is used by OS X when writing to NTFS based SMB shares.
- Spotlight search
  - Access by pressing Command+Space or clicking the looking glass icon in the top menu bar. Access the Spotlight window using Option+Command+Space.
  - Spotlight goes beyond local filesystem search. It is able to search e-mail, shared files from other Mac clients, servers, airdisk volumes, Time Machine backups, Wikipedia and even results from your default web search engine.
  - Search results are grouped by type. By example Applications, System Preferences, Documents, Messages, PDF documents, Webpages.
  - Using Spotlight preferences customize locations not to index, categories to be included and the order in which they are presented.
  - When you hover over search results, contents of files can be shown as a preview using Quick Look. Examples include e-mails or PDF files and iWork and Microsoft Office files (even when these applications are not installed). These previews are even dynamic, allowing you to browse through them and making it easier to find what you’re looking for.
  - Advanced Spotlight search operations include AND, OR, NOT, ranges, is, matches, contains, begins with, ends with. You can also use multiple criteria in a single search (use Finder and click the + icon).
  - Searches can be saved if desirable.
  - Spotlight uses indexing for search results.
    - New volumes are automatically indexed.
      - Ignoring requires manual configuration.
    - Shared volumes from other computers are not indexed. Spotlight can connect to indexes on AFP shares hosted on OS X Server.
    - Location of indexes:
      - At the root of every volume in a folder .Spotlight-V100
      - For Legacy FileVault user at the root level inside the encrypted home folder.
      - In application defined location, for mail by example in: ~/Library/Mail/Envelope Index
  - When experiencing issues with Spotlight consider forcing index rebuild by deleting index and restarting the computer.
  - Spotlight filters search results based on permissions. This means results on locally attached non-system volumes will be shown as well by default because owership is ignored.
  - Spotlight Plug-Ins
    - Can be created by Apple (/System/Library/Spotlight) or third parties (/Library/Spotlight or ~/Library/Spotlight).
    - Determine what is indexed. It provides functionality to:
      - Extract and index metadata
      - Extract and index content of filetypes like mail, PDF, iWork, Office, Photoshop.
      - Use or search (meta)data from applications.
      - Search in other places like by example Wikipedia
File Archives
- Archiving is saving copies of information to another location or format better suited for long-term storage or network transfer.
- Archiving options include (Zip) Archives and Disk Images
  - (Zip) Archives
    - Created using Finder.
    - Highly compatible with other operating systems.
    - Easy way to archive relatively small amounts of data.
    - Finder decompresses in the same folder as the source by default.
    - Archive utility gives more control over (de)compression preferences.
      - /System/Library/CoreServices/Archive Utility.app
        (take a look in this folder for even more useful tools).
      - Archive Utility contains a preference pane Archive that can be installed in System Preferences. To do this in Finder, right click (Control+click) Archive Utility.app and select “Show Package Contents”. Then double click /Contents/Resources/Archives.prefPane
      - Cannot compress any mounted volume.
  - Disk Images
    - Created using Disk Utility.
      - Size can be up to 2 TB.
      - Can be read-only or read/write.
      - Can be compressed.
      - Can be encrypted (128-bit or 256-bit AES).
      - Can be fixed size or expendable (sparse disk image).
      - Disk image format can be converted by saving it to a new copy.
      - Supports any partition scheme or volume format that OS X supports.
    - By default only OS X can access. Other OS requires 3rd party tools.
    - Files that contain entire virtual disks and volumes.
      - Image can only be created from volume that can temporarily be dismounted.
    - Can be treated like a removable volume (mount/unmount).
Time Machine
- Time machine is Apple’s solution for easily creating backups.
  - Enabled by default.
  - User must select backup disk. System auto scans network for Time Machine network share or waits for you to attach external disk.
  - Choose the disk to use and whether or not to use encryption.
    - Even though it is possible to backup to a second partition of the local disk, it is not recommended since it does not provide protection against disk failure or loss of the computer.
  - Configuration, preferences and backup status can be accessed from
    - The Time Machine icon in the menu bar
    - Time Machine in System Preferences
    - Secondary click (Control+click) Time Machine
- Time machine can backup:
  - To any local Mac OS X volume except for the startup volume.
  - To Apple Filing Protocol (AFP) network shares hosted by OS X Server or Time Capsule wireless base station.
- Compression is not used for performance reasons.
- Encryption is supported. Password is saved to the local system keychain for automatic retrieval. Needs to be entered manually when the disk is connected to a different computer.
- In OS X Mountain Lion support has been added for multiple Time Machine backup disks.
  - Allows for more flexibility.
  - Makes strategies for storing backups offsite easier.
  - Allows for combining local backups and backups to network share.
- In OS X Mountain Lion Time Machine supports local snapshots.
  - Backups can be made even when the backup disk is not available.
  - Backups are made to the local disk, which means it is not a true backup because in the event of hardware failure everything will be gone. It does however provide a way to go back in time as long as there are no hardware issues.
  - Only enabled on Mac portables with Time Machine left in “On” state.
  - Notification if 10 days passed without backup to the backup disk.
  - The amount of disk space used by local snapshots can be found in About This Mac, More Info, Storage. Space used on the system volume used for local snapshots appears as “Backups”.
- System sleep can prevent Time Machine backups.
  - With OS X Mountain Lion, Time Machine can backup while in Power Nap mode.
- Backup procedure
  - Entire file system backups are created hourly by the backupd process by default.
    - To only backup manually, turn off Time Machine and start manually by secondary clicking (control+click) Time Machine application.
    - Backups to local disks can be postponed by disconnecting the disk.
  - Manual backups can be initiated using the Time Machine icon in the menu bar.
  - Time Machine copies almost all content of the file system to the backup volume.
  - If you don’t perform a full backup of your system volume, you cannot perform a full restore. This means you have to install OS X first and then restore the rest.
  - Time Machine Backup exclusions.
    - Files that can be easily restored or are not important are ignored.
      - System log files are excluded.
      - Spotlight index is excluded.
      - Files in trash are excluded.
      - Software developers can specify application data not to backup.
      - You can modify the configuration file that specifies what to ignore: /System/Library/CoreServices/backupd.bundle/Contents/Resources/StdExclusions.plist
      - In Time Machine preferences you can also configure exclusions.
  - Between backups, background process monitors changes. With next backup only change items are copied to the backup volume. Then the new content is combined with hard link file system pointers to the previous backup content to create a simulated point-in-time state and save space.
  - Time machine “ages out” data to save space.
    - Notification when older items need to be deleted for new backups.
    - Hourly backups are kept for 1 day.
    - Daily backups are kept for 1 week.
    - Weekly backups until the backup volume is full.
    - Time machine always keeps at least one copy of every item that is still on your current file system.
- Time Machine caveats
  - Not suitable for large files that change often (and only a few bytes).
    - File needs to be backupped completely again.
    - Uses lots of space on backup volume.
    - Causes “aging out” of backups, limiting restore history.
  - Can only backup Legacy FileVault accounts when the user is logged out.
  - Time Machine caveats
- Restore using Time Machine application
  - Easy graphical user interface (GUI). By secondary clicking (Control+click) Time Machine application you can:
    - Enter Time Machine.
    - Browse other Time Machine disks.
  - Graphical user interface is available from within some applications, but most will present you with a historical view in Finder.
    - Apps with Time Machine restore integration including Apple created apps like Address Book, Mail and iPhoto.
      - To access Time Machine for these applications make sure the application is in the foreground and then start Time Machine either from the menu bar or from the Dock.
  - Local snapshots (not really backupped) show as grey tickmarks in the timeline, while regular backups have pink tickmarks. If pink tickmarks appear dimmed, it’s because the Time Machine backup disk is currently unavailable.
  - Legacy FileVault users cannot access home folder backup via Time Machine application.
- Restore via Migration Assistant
  - Can be used to restore complete user home folder (also for Legacy FileVault user) or other nonsystem data.
- Restore an entire system using OS X Recovery
  - Only possible when you did not exclude items from the system volume backup.
  - Scans for local and network Time Machine backup volumes.
- Restore using Finder manually
  - When GUI restore is not working, you can browse backup with Finder since file system features are used that are part of standard Mac OS Extended volumes.
  - Directly modifying Time Machine backup contents can damage backup hierarchy. Default file system permissions prevent write access.
  - Backup locations:
    - Local snapshots are cached locally to a hidden folder:
      /Volumes/MobileBackups
      - Items in this location aren’t permanent. They will eventually be copied to backup disk and then erased on the local disk.
    - Time Machine backups on local disks are located in the root of the backup volume in a folder named Backups.backupdb
      - Folder contains a subfolder for each computer backed up on this volume. Then for each computer there are subfolders with the date and time of the backup.
    - Time Machine network backups are located at the root of the share, most commonly named Backups.
      - Each computer’s backup is saved as a seperate sparse disk image file with the computer’s sharing name.
      - When you browse the sparse disk image, similar structure is used as with Time Machine backups on local disks.

Applications and Processes

Application Installation
- Installation using Mac App Store. Requires internet, Apple ID and admin authentication.
  - Purchasing apps from Mac App Store requires OS X 10.6.6 or later.
  - When you want to re-install an application you’ve purchased from the Mac App Store or if you want to install the application to another device, go to “Purchases” in the App Store.
  - Applications in the Mac App Store need to meet several requirements and have gone through a verification process before they are available.
    - This is for quality reasons and to minimize the risk that applications are harmful (b.e. malware, privacy).
    - As of June 2012, application has to be sandboxed.
    - Application is code signed.
    - If harmful applications were able to get through the initial process, Apple can quickly pull the application from their store.
  - Create an Apple ID from the iTunes Store or the iOS App Store if you only want it to be able to install free items.
  - Applications are tied to your Apple ID.
    - If purchases are made using an iCloud account, you can enable automatic downloading of purchased applications. This comes in handy when you own multiple Mac computers. There are limitations though, see the iTunes Store Terms and Conditions.
  - Automatic updates are enabled by default and you get notifications about available updates.
    - If you don’t see updates you should be seeing, force the Mac App Store to reevaluate your installed software. Hold the Option key, open Mac App Store, click Updates, release Option key.
  - Mac App Store access can be disabled or limited for user with parental controls. You can specify specifically allowed apps or you can specify to allow only apps that are appropriate for specific age groups.
    - Do not delete Mac App Store, is required to perform system updates.
- Traditional installation methods
  - Four primary application environments in OS X are:
    - Native OS X applications
      - Can be created using Cocoa and Carbon.
        
        Cocoa
        
        Apps run on iOS and Mac OS X.
        
        Primarily based on Objective-C.
        
        Full support 64-bit graphical apps.
        
        Latest OS X features can be used.
        
        Carbon
        
        Still works in Mountain Lion, but deprecated.
        
        Primarily based on C and C++.
        
        No full support 64-bit graphical apps.
        
        Latest OS X features cannot be used b.e. Auto Save and iCloud services.
    - UNIX commands
    - Java applications
      - Java application environment originally developed by Sun Microsystems. Now owned and primarily maintained by Oracle Corporation.
      - The goal in Java is to create nonplatform-specific apps.
      - Java Runtime Environments currently available for OS X:
        
        Java SE 6 not included with OS X, instead it will auto download and install the first time it is needed.
        
        Requires administrative permissions.
        
        Oracle supplies Java SE 7.
      - Both environments can be installed side-by-side.
      - When you know Java is needed, consider including it in the standard install.
      - Managed using /Applications/Utilities/Java Preferences
      - Check installed version in System Preferences, Other.
    - UNIX applications that use the X Window System
      - Previous OS X versions included the Apple version of X11.
      - In Mountain Lion, X11 is not included anymore. When you try to run it from within applications, support article HT5293 will be shown in the browser with a link to the XQuartz project for X11. XQuartz 2.7.2 or later is recommended.
  - Other (non primary) application environments in OS X.
    - Legacy Mac applications
      - Applications created for Mac OS 9 with PowerPC.
      - Classic compatibility environment is used to to run Mac OS 9 apps, but is not supported since OS X 10.5
      - Rosetta Compatibility environment is used to run PowerPC based apps but is not supported since Lion.
    - Unix applications
      - Mac OS X 10.5 and later are POSIX and Unix 03 compliant.
      - Mac OS X system foundation named Darwin is baed on the open source FreeBSD (Free Berkely Software Distribution) Unix CLI.
      - Mostly accessed using Terminal.
Application Security
- While applications in the Mac App Store have gone through a process that also evaluates security, this is not the case for other applications. To protect against bad software, OS X includes the following technologies:
  - Process Security
    - Processes started by user will have access similiar to that of the user.
    - If system privileges are needed, you need to provide credentials, granting the application system level access (b.e. installations).
  - Application Sandboxing
    - Application and process sandboxing limits access to what is needed through a sophisticated arrangement of rules.
    - Sandboxing is an optional feature.
      - Apple sandboxed all applications and processes that could benefit from it
    - The majority of sandbox rules are created by developers.
    - Some sandbox rules are user initiated.
      - User opening a specific file outside of the sandbox.
      - Other examples of user-initiated access are found in Security & Privacy under Privacy.
  - Code Signing
    - Secure signed application and process code support since OS X 10.5
    - Code is verified on disk AND while it’s running.
    - Used in OS X Mountain Lion for automatically identifying trust for new app installs.
    - Also provides application identification for other parts of the system, including keychain, personal application firewall, parental controls preferences, application settings and managed client settings.
    - Developers can use the Mac App Store system to code sign their application even though they won’t use the Mac App store.
  - File Quarantine
    - Introduced in OS X 10.5
    - File quarantine service displays warning on attempt to open item downloaded from an external source like the Internet.
    - Quarantined items include documents, scripts and disk images.
    - File quarantine requires that the item is marked for quarantine by the application that downloaded it. Built-in OS X applications do this, but 3rd party applications might not.
    - Files copied to the Mac from by example a share or a USB drive also do not trigger file quarantine.
    - Administrative users can permanently clear quarantine, users cannot.
    - Apple maintains a list of known malicious software that is updated automatically via OS X software update mechanism. It is stored in:
      /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist
    - More info : HT3662 “About file quarantine in OS X”
  - Gatekeeper
    - Introduced in Mountain Lion.
    - Leverages both code signing and file quarantine.
    - You can choose one of these options to allow applications downloaded from:
      - Mac App Store
        
        When a version of the application is available from the Mac App Store, when you download it from somewhere else it is not allowed.
      - Mac App Store and identified developers (default setting)
        
        Developers can use an Apple-verified code signing certificate to identify their applications and that contains their unique developer ID.
        
        File quarantine dialog will be shown for downloaded applications.
        
        Blocks non (properly) signed apps.
        
        Daily check with Apple for blacklisted developer signatures. If an app from a blacklisted developer is installed on the user’s system it will not open.
      - Anywhere
        
        Similar to previous OS X versions.
        
        All applications are allowed regardless of source.
        
        File quarantine dialog will be shown for downloaded applications.
    - Identifies modified/damaged applications regardless of security.
    - You can temporarily bypass/override gatekeeper. In Finder secondary click (Control+click) the application and choose open. Then confirm you want to open the application from the unidentified developer.
      - Once you’ve bypassed Gatekeeper for an application, it will be considered an exception and will open normally.
      - Use instead of setting security to “Anywhere” if possible.
      - Will not work for applications that automatically open other background or child applications (also trigger GateKeeper).
        
        Temporarily set security to “Anywhere” until app has been installed and is working correctly.
Installing applications
- Traditional Installation Methods
  - Drag-and-drop installations
    - Generally used for less complex application installations.
    - Some items will be installed by simply double clicking. By example fonts, preference panes, screen savers and widgets.
    - Install by dragging and dropping application file to desired folder.
      - In general OS X doesn’t care where it is located. Keep in mind though that some locations are more appropriate and secure than others.
      - Many developers simplify the proces by using a Finder window background that encourages users to copy applications to an appropriate directory. TextWrangler by example does this.
    - Often the following folders are used for applications:
      - For all users : /Applications
        
        Only administrative users can modify.
      - For the current logged on user : ~/Applications
        
        User has to create this.
  - Installation packages
    - Generally used for complex application installations (.pkg or .mpkg).
    - Default deployment mechanism for most Apple software updates and third-party software that requires install of items in multiple locations.
    - Installer application is opened when you open an installation package and will guide you through the installation.
      - By clicking the lock icon in the top right corner in Installer, you can view the certificate and its path.
      - On occasion third-party installers may be used (.app)
    - Often requires administrative user authentication, because frequently install items that can affect other users and the operating system.
Updating installed applications
- Apple software and software from Mac App Store is updated automatically by default. Configure using Software Update in System Preferences.
- Third-party software can provide self-update option.
- Manually update software.
Removing installed applications
- Drag and drop to the Trash.
- For Mac App Store applications only:
  - Open Launchpad, hold option key, click “x” button.
  - Open Launchpad, hover the applicaton, click and hold until “x” button appears and then click the “x” button.
- Application uninstaller in rare occasions if 3rd party installer was used.
Document Management
- Auto Save and document Versions
  - The idea is that users shouldn’t worry about saving files (after initial save).
  - This is combined with versions to provide users more control/flexibility.
  - Auto Save applications have file menu option “Duplicate” instead of “Save As” (after the initial save). Holding Option key will also show “Save As”.
  - Auto-save applications in Mountain Lion also add “Rename…” and “Move To…” to the file menu.
  - If the title bar of an application contains “Edited” this is also a visual cue that the application auto saves.
  - You can easily go back to previous versions using File, Browse All Versions …
    - Versions browser restore GUI similar to Time Machine GUI.
      - Can use copy and paste using Command+C and Command+V or using secondary click (Command+click).
      - To delete a version, select the document name in the title bar and select “Delete this version”.
    - Versions are stored in : /.DocumentRevision-V100 at the root of the disk containing original document.
      - Locked by default.
        
        Manually (un)lock a file by clicking on the file name in the title bar and selecting lock or unlock. When it is locked, this also shows in the title bar.
    - Document Version history is maintained only on the volume where the original document is saved. If you send a file by mail or any other way, it does not include the version history.
    - If Time Machine is enabled, version history will use these backups (integration) and you will be able to go back further.
  - Most Apple-designed applications in Mountain Lion support Auto Save and Versions including TextEdit, Pages, Preview, Numbers and KeyNote.
  - You can disable Auto Save by going to System Preferences, General and selecting “Ask to keep changes when closing documents”.
    - Can cause delay and require manual action for logout.
- Automatic Resume
  - Resume after logout is enabled by default.
    - If disabled, forcibly override by holding Option key when logging out
  - Resume after quit is disabled by default. Enable from System Greferences, General by deselecting “Close windows when quitting an application”.
  - Allows supported applications to maintain their current state event if the user logs out or the application is quit by automatically saving the documents and the state of the application.
  - Supported applications can also be automatically quit by the system when system resources are running low. Only idle applications are quit.
- iCloud integration to save in iCloud (introduced with OS X Mountain Lion).
  - Requires user signed in to iCloud with Documents & Data enabled.
  - Only Mac App Store applications are able to save to iCloud. Examples include TextEdit, Preview, Pages, Numbers and Keynote.
  - Using the file menu of a supported application like TextEdit you can use “Save as” or “Duplicate To” to save in iCloud.
  - When opening supported application (TextEdit), it shows a new iCloud document browser interface which also can be manually opened using File, Open.
    - Open files stored in iCloud or upload files to iCloud by dragging them onto the iCloud document browser interfade.
    - In title bar switch between “iCloud” and local resources “On My Mac”.
    - Browser interface of specific app only shows files managed by app.
    - iCloud documents can be managed using finder as well:
      ~/Library/Mobile Documents/ with subfolders for each service/app.
  - Similar to iOS, you can create folders in the iCloud document browser interface by dragging a document onto another document.
  - Move local files to iCloud by clicking name in title bar, move to iCloud.
  - Quick Look can also be used by pressing space.
  - Secondary click (Control+click) includes more options, including sharing.
  - iCloud synchronization is performed in the background nearly instantaneous.
  - iCloud synchronizes data locally if multiple devices on the same network share and iCloud account for efficiency.
  - You can also manage iCloud documents using http://www.icloud.com
- OS X Launch Services
  - Determines action when user double clicks file.
  - Maintains database that maps file types to appropriate apps.
  - Many common file types are mapped to built-in applications like Preview, Pages and TextEdit if the primary application is missing.
  - If no appropriate application can be found, you get a prompt that allows you to either choose an application manually or to search suggests search the Mac App Store for a compatible application.
  - In Finder you can either secondary click a file (Control+click) and choose Open With or use Finder, Get Info, Open With to:
    - Determine the current default application for this file.
    - Choose appropriate application to open the file with.
    - Manually browse for an application that is not in this list.
    - Search the Mac App Store for a compatible application.
    - You can also choose to always use the chosen application for this file.
  - From Finder you can use Get Info (Command+I) or Inspector (Option+Command+I) to do the same as described above. It also allows you to change the default application for all files of this filetype though. To do this, under “Use this application to open all documents like this one” click the “Change All…” button and confirm.
- Quick Look
  - Quick look shows an interactive preview of files including videos.
  - Supports many document formats.
  - Is used in Spotlight when you hover over a document.
  - Can be openend (and closed) by pressing Space in Finder, Time Machine restore interface, most open and save browser dialogs, Mail, other applications.
  - Provides previews for other views including Cover Flow, Get Info, Inspector.
  - Plugins can be found in /Library/QuickLook or ~/Library/QuickLook
  - 3rd parties can create Quick Look plugins.
Application Management and Troubleshooting
- Process types
  - Applications
    - Started by user.
  - Commands
    - Started by user.
    - CLI
  - Daemons
    - Runs in background as system.
    - Usually start at startup and keeps running.
    - Rarely have UI.
  - Agents
    - Runs only when user is logged on.
- Process Features
  - OS X Process Performance Features balances resources without letting any single process hog all resources.
  - Symmetric multiprocessing (multi cpu/gpu cores and threads)
  - Simultaneous 32-bit and 64-bit support
    - Most Apple software is 64-bit now.
      - Using Finder, Get Info or Inspector shows Kind: Application (32-bit) for 32-bit applications. The 64-bit applications show as Kind: Application.
    - Process that handles Dashboard runs both 32-bit and 64-bit widgets.
    - System Preferences prompts to restart when you switch between 32-bit and 64-bit preference panes.
    - 32-bit drivers, software and plugins need to be considered.
      - 32-bit plugins will not work in 64-bit application. From the Finder Get Info or Inspector you can secondary click (Control+click) and selecting “Open in 32-bit mode” as a workaround.
  - “Open in Low Resolution” checkbox is available on Macs with Retina display to disable high res assets that might be incompatible with older app plug-ins.
- Memory management features
  - Protected memory (process memory is seperate from other processes).
  - Dynamic memory allocation (efficient use of real and virtual memory).
  - Secure memory allocation (execute disable and address space layout randomization)
- System Information gathers information about installed applications when opened.
  - Includes name, version number, modification date, application type and if it was purchased from the Mac App Store (does not show for apps included in OS X).
  - Scans:
    - /Applications
    - /Applications/Utilities
    - ~/Applications
    - /System/Library/CoreServices
    - Other Applications folders at the root of any mounted volumes.
- Monitoring Processes with Activity Monitor
  - By default shows columns with for each process the ID (PID), name, user, % CPU, threads, Real Mem and the kind : Intel (64-bit) or Intel.
  - Shows system wide summary stats for CPU, System Memory, Disk Activity, Disk Usage and Network.
    - System Memory “page ins” and “page outs” are totals since last system startup. High number of page outs indicates system does not have enough real memory, slowing performance.
  - By default shows only processes for current. Change with drop-down box.
  - Search box can be used to filter processes.
  - From Menu, View you can:
    - Modify (additional) columns to be shown
      - CPU Time
      - # Ports
      - Real Private Memory, Real Shared Memory, Virtual Private Memory
      - Messages Sent
      - Messages Received
      - Sudden Termination (yes=app supports automatic resume)
      - Sandbox (yes=app is sandboxed)
    - Modify update frequency
    - Filter Processes
  - Can be used to Quit Process, Inspect and Sample Process.
- For more detailed info, take a look at Instruments application of Xcode Tools Package.
- Application troubleshooting
  - General application troubleshooting steps you can use:
    - Check if application is compatible with used OS X version. Mac OS X v10.6 and later protect against certain incompatible software that can quit unexpectedly or cause other issues.
    - Try another document
    - Restart application
    - Try another application
    - Restart computer
    - Try another user account
    - Check diagnostic reports in Console application created at crash/hang
      - ~/Library/Logs/DiagnosticReports
      - Log is <application> with extension .crash .hang or .spin
      - Can also use File, New System Log Query to perform custom search across most common logs.
    - Delete application’s cache files in:
      - /Library/Caches
      - ~/Library/Caches
      - ~/Library/Saved Application State
    - Replace preference file
    - Replace application resources / reinstall application
- Forcibly quit application
  - In Apple menu, Force Quit (Command+Option+Escape).
  - In Dock, on the application do a secondary click (Control+Click) or click and hold. Then hold the Option key and click “Force Quit”.
  - In activity monitor, select application, Quit Process, Force Quit.
    - Only GUI method to quit processes of other users/system.
- Preference troubleshooting
  - Common application resource to cause problems.
  - Can be found in any Library folder. Normally in ~/Library/Preferences for user related preferences and /Library/Preferences for general preferences.
    - Folder naming example: com.apple.dashboard.plist
  - Most application and system preferences saved as property list (plist) files.
    - Contain both internal application configuration and user preferences.
    - Plist file can be XML or binary encoded. Both can easily be viewed using Quick Look. For editing, you can use tools like xCode that can be found in the Mac App Store.
    - Often change, increased risk of corruption.
      - Apple worked hard to safeguard its apps and preferences against corruption.
      - 3rd party applications that use the Apple preference model recognize corrupt file, ignore it and create a new one.
      - Many 3rd party applications use own proprietary preference models that are not as resilient. Could lead lead to crashing during startup or frequent crashes in general.
    - Rename preference file, have app create new with original settings.
    - Some applications do not use property list files. Consult the documentation or developer to find out what files are used for what and where they are stored.
- Application Resource Troubleshooting
  - Corrupted application software can cause issues, but rare.
  - Associated nonpreference resources can be a source of application problems as well. Examples include resources from local and user Library folders like fonts, plug-ins and keychains and items in the Application Support folder.
  - When troubleshooting:
    - Knowing the application behaviour is crucial.
    - Some applications store resources in ~/Documents as well.
    - Check if issue affects all users or specific users only to narrow possible causes.
    - Check application and diagnostic report logs to determine which resources the application tried to access when it crashed.
    - If many corrupted files, file system or hardware might be faulty.
- Assistive technologies (accessibility features in System Preferences)
  - Universal settings:
    - Enable access for assistive devices (b.e. braille devices).
    - Show Accessibility status in menu bar.
  - Seeing (assist people who have trouble seeing/cannot see)
    - Display
      - Modify cursor size
      - Modify display resolution
      - Modify brightness
      - Enhance contrast
      - Use greyscale
      - Invert colors
    - Zoom
      - Configure zooming preferences including gestures and keyboard shortcuts
    - VoiceOver (spoken-word interface)
      - Enable using Command+F5
      - Open VoiceOver Training
      - Open VoiceOver Utility
      - Enable Voiceover at login window using User & Groups Preference Pane.
      - VoiceOver is very elaborate, do the VoiceOver Training, open the VoiceOver Utility and visit the Apple VoiceOver resource website for more information.
  - Hearing (assist people who have trouble hearing/cannot hear)
    - Enable screen flash as alternative to alert sound.
    - Play stereo audio as mono.
    - Modify volume levels.
  - Interacting (assist people who have trouble interacting)
    - Keyboard
      - Enable sticky keys (enable to press a set of modifier keys as a sequence, instead of all at once).
      - Enable slow keys (configure delay between key press and activation of the key press).
      - Open keyboard preferences
        
        Key repeat detection configuration
        
        Keyboard brightness (backlight) settings
        
        Enable use of F1, F2, etc. keys as standard function keys (when selected press Fn key to use special features printed on the key).
        
        Modifier keys (option key, control key, command key and caps lock).
        
        Change keyboard type.
    - Mouse & Trackpad
      - Enable Mouse Keys (use keyboard to emulate mouse)
      - Configure double-click speed
      - Ignore built-in trackpad when mouse or wireless trackpad is present.
      - Trackpad options (scroll speed, scroll type, dragging)
      - Mouse options (scroll speed)
    - Speakable Items (spoken commands)
      - Settings
        
        Speakable items on/off
        
        Voice can be modified using Dictation & Speech preferences.
        
        Upon recognition, “Speak command acknowledgement” on/off and what sound to play.
      - Listening Key
        
        Change listening key
        
        Listening method
        
        Listen only when key is pressed.
        
        Listen continuously with keyword
      - Commands
        
        Enable, disable and configure command sets.
- Dashboard and Widgets
  - Provides instant access to Widgets.
  - Access using:
    - F12 or F4 (depending on Mac model) by default, can be changed.
    - Four finger swipe
    - CTRL + left arrow key, CTRL + right arrow key, CTRL + up arrow key
  - Add/remove widgets.
    - Add/remove using the + and – icons. When you press + you also get option “More Widgets …” that will open http://www.apple.com/downloads/dashboard/ where you can find more widgets in multiple categories.
    - If you download the widget with Safari, it auto prompts for install. If you aquire it another way, double click in Finder.
    - Widget applications are subject to quarantine and Gatekeeper.
    - You can also very easily create your own custom widgets from (parts of) webpages in Safari by choosing File, Open in Dashboard and selecting the part you want to include in your Dashboard.
  - Stored system wide in /Library/Widgets and for users in ~/Library/Widgets
  - launchd process starts at user log in, launchd starts Dock process. First time user attempts to access Dashboard, Dock process starts Dashboard process.
  - Dashboard runs with user privileges.
  - Download of 3rd party widget cannot be prevented, but use can be restricted using Parental Controls preferences.
  - Troubleshooting Widgets
    - Reset from Dashboard by clicking once on the widget and pressing Command+R. An animation indicates it has been reset.
    - Forcibly quit the dashboard process and restart it. Alternatively restart all processed by logging out the user and logging back in again.
    - Similar to troubleshooting other applications, consider removing preference files for the specific Widget and restarting the dashboard.
    - Remove all Dashboard and Widget preference files, log out, log in.

Network Configuration

Network Essentials
- 7 layer OSI model (Open Systems Interconnection Reference Model).
- Network interface can be physical or virtual (b.e. VPN).
- Network protocl defines a set of standard rules dor data representation, signaling, authentication, or error detection across network interfaces (b.e. TCP/IP).
- Network service
  - In the context of System Preferences, Network, it describes configuration assigned to interface. By example Ethernet, Firewire, Wi-Fi, Bluetooth PAN.
  - In another context it describes a service like by example File Sharing services, messaging services, collaboration services, DHCP services, DNS services, etc.
- MAC address, 48-bit, 00:1C:B3:D7:2F:99,first 3 groups define OUI (Organizationally Unique Identifier) while the last three groups define the device.
- TCP/IP
  - Data is split into multiple packets, that are then being re-assembled in order at the cost of some overhead.
  - Transmission Control Protocol (TCP) ensures data arrives complete (reliable).
  - Internet Protocol (IP) provides network addressing and data routing.
- UDP (User Datagram Protocol)
  - Does not guarantee reliability or ordering of data, but less overhead. Used for by example DNS, media streaming, VoIP.
- IPv4, 32-bit, 4 billion globally unique addresses, 4 octets each within range 0-255 (b.e. 192.168.1.1), private address space ranges used with Network Address Translation (NAT) to translate between public and private IP and to make the most out of limited number of globally unique addresses.
- Subnet mask, only required for IPv4. Declares which part of IP address defines the network the device is on, notation can be four octets (b.e. 255.255.255.0) or Classless Inter Domain Routing – CIDR (b.e. /24), used to determine if communication is local.
- Router address / gateway, reroute traffic between networks they bridge, uses routing tables.
- IPv6, 128 bit, 2^128 globally unique addresses, eight groups of four-digit hex seperated by colon (b.e. 2C01:0EF9:0000:0000:0000:0000:142D:57AB), omit one or more consecutive sections of zeroes, using a double colon (::) b.e. (2C01:0EF9::142D:57AB).
- Address Resolution Protocol (ARP) maps IP to MAC and stores in table for fast switching.
- Domain Naming System (DNS), translates DNS name to IP (forward lookup) or IP to DNS name (reverse lookup), hierarchical structure with at the top the “root” or “.” domain.
- Dynamic Host Configuration Protocol (DHCP), DHCP server provides IP addressing automatically to DHCP clients. Can include DNS and other options as well.
  - Enabled by default for Ethernet and Wi-Fi interfaces in OS X.
  - In some cases, DHCP Client ID needs to be configured in advanced settings.
  - IPv6 addressing information is auto detected as well. Automatic IPv6 configuration is not provided by standard DHCP or PPP services though.
  - If multiple DHCP servers available, first one that responds will be used.
- Bonjour is Apple’s implementation of Zero configuration networking (Zeroconf). A group of technologies that includes service discovery, address assignment, and hostname resolution. Bonjour locates devices such as printers, other computers, and the services that those devices offer on a local network using multicast Domain Name System (mDNS) service records (UDP5353).
  - OS X also uses SMB to auto discover other devices/file services.
  - Local Bonjour requires no configuration.
  - Wide-Area Bonjour requires Mac to be configured to use DNS server and search domain that supports the protocol.
  - Register your Mac for Wide Area Bonjour from Sharing, edit and then selecting the checkbox “Use dynamic global hostname”. You can then enter Hostname, user, password and choose to “Advertise services in this domain using Bonjour”.
  - Bonjour name is <computername>.local by default.
  - On OS X 10.5 and higher, Bonjour and SMB cannot be disabled through GUI.
Network configuration, viewing and troubleshooting
- Initial networking configuration is handled by Setup Assistant that runs the first time you start up after a new OS X installation.
  - If you don’t configure during inital setup, Mac auto enables any active network interface (including connecting to unrestricted wireless networks) and attempts to configure via DHCP.
- Network in System Preferences
  - Shows network services
    - Based on interfaces (b.e. Ethernet, Firewire, Thunderbolt, Wi-Fi (PAN), Bluetooth PAN, USB cellular GPRS/3G, virtual interface).
    - Can be added and removed.
    - Service status lights:
      - Green = Connected and configured
        
        Does not guarantee correct TCP/IP config.
      - Red = Not Connected
        
        No cable
        
        Disconnected (not always on interface b.e. VPN)
        
        Settings might be incorrect
      - Yelllow = Connected but not properly configured
        
        Connection active, TCP/IP no correct config.
        
        Wi-Fi is on, but not connected
        
        Bluetooth PAN is in Unknown state, no IP.
      - No light / Greyed out = Disabled
    - Can turn off Wi-Fi and bluetooth.
    - Advanced allows you to configure IP addressing, DNS, WINS (netbios name, workgroup, WINS servers), 802.1X, Proxies and hardware (speed, duplex, MTU size).
      - MTU packet size for internet traffic is 1500 bytes by default. If network uses Jumbo Frames, adjust accordingly.
    - Using the Action button (gear/cog icon) for services, you can:
      - Duplicate, rename, (de)activate services
      - Set service order (priority with multiple active services).
      - Import / export configuration.
      - manage virtual interfaces.
        
        PPoE (Point-to-Point Protocol over Ethernet)
        
        VPN (Virtual Private Network)
        
        VLAN (Virtual Local Area Network)
        
        Link aggregate (teaming)
        
        6 to 4 (tunnel between IPv4 and IPv6)
    - Deactivating or deleting a network service from the list is the only way to disable a hardware network interface in OS X.
      - Network service interfaces can only be deleted if they’re not part of a configuration profile. If necessary modify using the Profiles system preference.
  - Lets you choose current location (b.e. home) and lets you edit available locations and the settings you want to use for other locations (b.e. work). The default location is named Automatic.
    - If multiple locations have been created, you can also switch location by clicking the Apple menu icon and selecting Location.
  - “Assist me …” provides option “Network Diagnostics” to help troubleshoot and resolve issues.
  - “Network Setup Assistant” helps with setting up a new connection.
  - When modifying configuration, it is not applied immediately. Use apply or revert.
  - Applying new configuration or switching location, may disrupt connection.
  - When multiple service types are available for the same network, OS X will auto determine the preferred interface. By example wired is preferred over wireless and is considered the primary active network service interface.
    - Automatic source routing ensures related incoming and outgoing connections use the same interface, regardless of service order.
- Network utility application (also available in OS X Recovery)
  - Info (for all interfaces MAC, IP, speed, status, vendor, model, statistics).
    - Often en0 interface is the first internal Ethernet port and en1 Wi-Fi.
  - Netstat (routing table, statistics for each protocol, multicast info, state of all current socket connections)
  - Ping (unlimited pings or x number of pings).
    - Ping might be blocked by firewalls.
  - Lookup (forward and reverse DNS lookup)
  - Traceroute
    - Ping might be blocked by firewalls.
  - Whois (domain to look up and whois server to get whois info from)
  - Finger (enter user name and domain to get info about user)
  - Port Scan
- Wi-Fi
  - Wi-Fi icon in the menu bar can be used to view, join, create (ad-hoc) network and can also be used to access Network Preferences.
    - Use “Join Other Network” to join network with invisible network where the SSID is not broadcasted.
    - Access Wi-Fi Diagnostics by holding option while clicking Wi-Fi icon.
      - Create Diagnostic Report. Collects information about Bonjour services, nearby networks, Wi-Fi performance and runs a number of diagnostic tests.
      - Turn On Debug Logs. Enables basic or advanced logging to diagnose the state of the network.
      - Capture Network Traffic. Captures all network traffic on the Wi-Fi, Ethernet or Bluetooth interfaces.
  - Supported auth: WEP, WPA(2), WPA(2) Enterprise (per-user authentication)
    - At join WPA(2) Enterprise as admin, pass is saved to system keychain. All users can connect and Mac auto connects at start/wake.
  - If you join and authenticate to a WPA/WPA2 Enterprise, an 802.1X service configuration is created automatically. May also prompt for certificate validation. Will also be saved to system keychain by default.
  - If a captive portal is detected for the wireless network you joined, a window showing the portal’s sign-in page will be opened.
  - In Advanced settings of Wi-Fi you can configure whether administrator authorization is required to:
    - Create computer-to-computer networks
    - Change networks
    - Turn Wi-Fi on or off
- Bluetooth
  - Icon con be configured to show in the menu bar.
    - Set Bluetooth to on, off or discoverable.
    - Send file
    - Browse Device
    - Set up Bluetooth Device
    - Open Bluetooth Preferences
  - Holding option while clicking icon in menu bar reveals extra option:
    - Create diagnostics report on the desktop
- VPN
  - OS X includes VPN support out-of-the-box for:
    - L2TP over IPsec (UDP 1701)
    - Point-to-Point Tunneling Protocol – PPTP (TCP 1723)
    - Cisco IPSec (UDP 4500)
  - VPN is easiest to configure using configuration profile. See Profiles.
  - VPN status icon can be shown in the menu bar and can also be used to establish a VPN connection.
  - Options vary for each VPN type.
    - Authentication options
      - User Authentication
        
        Password
        
        RSA SecurID
        
        Certificate
        
        Kerberos
        
        CryptoCard
      - Machine Authentication
        
        Shared Secret
        
        Certificate
        
        Group Name (Optional)
    - Advanced options (not supported in the built-in Cisco IPsec client)
      - Options
        
        Session
        
        Disconnect when switching user accounts
        
        Disconnect when user logs out
        
        Send all traffic over VPN connection
        
        Advanced
        
        Use verbose logging
      - VPN on Demand (only with certificate-based authentication)
        
        Automatically creates VPN connection.
        
        Configure domains where VPN on Demand should be used and specify which configuration should be used for each domain.
      - TCP/IP
        
        IPv4 config (using PPP, manually, off)
        
        IPv6 config (auto, manually or link-local only)
      - DNS
        
        DNS servers (configure one or more)
        
        Search domains (configure one or more)
      - Proxies
        
        Select protocols to configure
        
        enable/disable : Exclude simple hostnames
        
        Bypass proxy settings for specific Hosts and Domains.
        
        Enable/disable : Use Passive FTP Mode (PASV)
  - Some VPN services require a 3rd party VPN client. VPN might also need to be configured using a 3rd party tool and might not be configurable from Network in system preferences.
  - Troubleshoot using /var/log/system.log using Console.
- 802.1X Configuration
  - Can be used to secure wired and wireless networks.
  - Supported methods for automatic configuration:
    - User-selected Wi-Fi network with WPA(2) Enterprise authentication
    - Administrator-provided 802.1X configuration profile
      - Only method for non Wi-Fi 802.1X
      - Double click local copy of configuration profile or having Mac managed by a Mobile Device Management (MDM) solution like OS X Server through Profile Manager.
- IP Proxies
  - Supports proxy for FTP, HTTP(S), streaming (RTSP),Socks and Gopher.
  - Supported configuration methods
    - Using manual configuration
    - Using local or network hosted proxy auto-config (PAC) files
    - Using Web Proxy Auto Discovery Protocol (WPAD)

Network Troubleshooting
- Apple provides many resources for network configuration and troubleshooting at http://www.apple.com/support/networking/
- Determine network issue area
  - Local (hardware, settings, cabling)
  - Network (hardware, settings, cabling)
  - Network service (applications, settings, daemons)
- Main tools are Network preferences, Network Diagnostics and Network Utility.
- Common network issues
  - Ethernet connectivity issue troubleshooting considerations:
    - Local cable (try other cable, check if not substandard cable, check NIC lights if appropriate)
    - Local settings and switch port settings (speed/duplex)
    - Ethernet status in System Preferences, Network
    - Ethernet stats in Network Utility (send errors, recv errors, collisions)
    - Switch port statistics (send errors, recv errors, collisions)
    - Other physical cables in the path (patch panel, switch)
    - Other physical ports (patch panel, switch)
    - Check driver/firmware version
  - Wi-Fi Connectivity issue troubleshooting considerations:
    - Use Wi-Fi icon in menu bar to:
      - Check if connected to correct wireless network.
      - Check connection status
    - Check driver/firmware version
    - Hold the Option key while clicking the Wi-Fi icon in the menu bar:
      - Shows statistics for the currently selected Wi-Fi network:
        
        PHY Mode: b.e. 802.11n
        
        Channel : b.e. 11 (2.4 GHz)
        
        BSSID (Basic service set identification) which is the MAC address of the access point.
        
        Security: b.e. WPA2 Enterprise
        
        RSSI (Received Signal Strength Indication). indication of the power level being received by the antenna. The higher the RSSI (or less negative), the stronger the signal. : b.e. -45
        
        Transmit rate in Mbit/s : b.e. 120
        
        MCS (Modulation and Coding Scheme) Index : b.e. 23
  - DHCP Service Issues troubleshooting considerations:
    - Local settings configured to use DHCP ?
    - Self-assigned (link-local / APIPA) address (169.254.x.x) used ?
      - Shows as Self-Assigned in Network preferences.
      - Client can only connect with other network devices on the local network in the same subnet (no gateway)
    - More people / devices with problems ?
      - Check if DHCP server and service is working.
      - Check for connectivity from the client to the DHCP server/service.
        
        DHCP request forwarding (iphelper) necessary and working ?
        
        Firewall not blocking ?
      - Check if scope is exhausted.
      - Check for rogue DHCP servers.
  - DNS Service Issues Troubleshooting considerations:
    - Local settings configured correctly (IP, subnet mask, gateway, DNS).
      - Configured correctly in DHCP ?
      - Rogue DHCP ?
    - Keep in mind that in most cases the topmost network service interface is the primary and is used for all DNS resolution (except if primary network interface is lacking router/gateway configuration).
    - Do only specific hosts (or specific zones) not resolve (correctly) ?
    - Flush/reset the DNS cache using Terminal:
      OS X 10.6: sudo dscacheutil -flushcache
      OS X (Mountain) Lion: sudo killall -HUP mDNSResponder
    - More people / devices with problems ?
      - Check if DNS server and service is working correctly.
      - Check for connectivity from the client to the DNS server/service.
        
        Firewall not blocking ?

Network Services

Network services
- Network Services Architecture
  - Client-Server architecture (mail, internet, etc.)
  - Protocols and ports used. List of well known ports products.
  - Network service identification using by example:
    - IP
    - DNS
    - Dynamic Service Discovery.
      - Browse local and WAN resources like browsing network shares from Finder or locating network printers using Print & Fax preferences.
      - Used by built-in network applications like Messages, Image Capture iPhoto, iTunes, Safari and OS X Server.
      - Used by 3rd party network applications.
      - Bonjour Service Discovery Protocol
      - AppleTalk network browsing protocol unsupported for OS X 10.6 and later.
  - Network Service Account Settings / Authentication
    - Can be deployed using local copies of a configuration profile or managing Mac using Mobile Device Management (MDM) solution like Profile Manager in OS X Server.
    - Mail, Contacts & Calendars in System Preferences sets up your accounts to use with Mail, Contacts, Calendar, Messages, and other apps. Use the + and – icon to add/remove. Includes:
      - iCloud
      - Microsoft Exchange
      - Gmail
      - Twitter
      - Facebook
      - Yahoo!
      - AoL
      - vimeo
      - flickr
      - Add Other Account
        
        Mail
        
        Messages
        
        CalDAV
        
        CardDAV
        
        LDAP
        
        OS X Server account
        
        Auto detects OS X Server >= 10.7
  - Application specifics
    - Mail version 6 (Mountain Lion)
      - Requires Microsoft Exchange Server 2007 SP1 UR4 with Exchange Web Services (EWS) enabled.
      - POP (TCP110), IMAP (TCP143), Encrypted POP (TCP995), Encrypted IMAP (TCP993). SMTP (TCP25), Encrypted SMTP (TCP25, TCP465 or TCP587). Exchange Web Services – EWS (TCP80), Exchange Web Services Secure (TCP443).
      - MAPI is not supported.
    - Notes
      - Uses IMAP mail services to save notes.
      - Can be shared with other network services using sharing.
      - Can only access network service when configured via Mail, Contacts & Calendars preference or configuration profile.
    - Calendar version 6 (previously iCal) and Reminders (tasks/to-do)
      - Ideally configured using Mail, Contacts & Calender preferences or configuration profile.
      - Calendar also features its own Setup Assistant.
      - Cannot configure Reminders seperately from Calendar.
      - Save Reminders locally or to network calendar service like:
        
        Internet based calendar services like iCloud, Yahoo and Google (TCP443).
        
        CalDAV collaborative calendaring.
        
        Open standard
        
        Uses WebDAV (TCP8008) encrypted (TCP8443)
        
        OS X Server Calendar Service is based on CalDAV.
        
        Exchange 2007 or newer using EWS.
        
        Calendar web publishing and subscription
        
        TCP80 and TCP443 (encrypted)
        
        Subscribe to iCalendar files .ics hosted on WebDAV servers.
        
        Allows sharing, but doesn’t provide true collaborative calendaring environment.
        
        Apple hosts many calendars for many purposes on its website.
      - Reminders application creates and manages to-do calendar events. Calendar ignores to-do events.
      - Calendar email invitation
        
        Uses iCalendar files.
        
        Integrated with Mail to auto send/receive calendar invitations as email attachments.
    - Contacts version 7 (formerly known as Address Book)
      - Can use local. But can also use network contact services:
        
        Internet-based contact services (iCloud, Google, Yahoo)
        
        CardDAV contact sharing
        
        Exchange 2007 or newer contact sharing
        
        Directory service contacts (LDAP), configure:
        
        Directly from account Setup Assistant
        
        Through integration with OS X systemwide directory services (configured in User & Groups preferences).
      - Can also share contacts by clicking share button.
      - Ideally configured using Mail, Contacts & Calender preferences or configuration profile.
      - Contacts also features its own Setup Assistant.
      - You can update contact information from other services in Mail, Contacts & Calendars preferences by selecting the service and clicking “Update Contacts”.
    - Messages version 7 (formerly known as iChat)
      - Supports ten-way audio conferencing, four-way video conferencing, peer-to-peer file sharing, remote screen sharing, and high-resolution Messages Theater for sharing video from supported applications.
      - Depending on features used, TCP and UDP ports need to be opened. Even though outdated, this KB document may be of help.
      - Ideally configured using Mail, Contacts & Calender preferences or configuration profile.
      - Messages also features its own Setup Assistant for configuring chat network service accounts.
      - Supports:
        
        iCloud iMessage
        
        Can communicate with iOS devices.
        
        Can only be configured with Mail, Contacts & Calender preferences.
        
        Highly efficient for devices that rely on battery power (based on Apple push).
        
        Does not support advanced features like video conferencing, screen sharing and Messages Theater.
        
        Internet Messaging services (AOL Instant Messenger/AIM, Yahoo!, Google Talk)
        
        Privately hosted messaging services based on open source Jabber servers:
        
        Uses eXtensible Messaging and Presence Protocol – XMPP (TCP5222) or encrypted (TCP5223).
        
        b.e. OS X Server Messages service.
        
        Ad hoc messaging
        
        Bonjour network discovery protocol is used to automatically find other Messages or iChat users.
        
        No configuration necessary.
- File Sharing Protocols
  - OS X provides built-in support for file service protocols:
    - Apple Filing Protocol – AFP v3 (TCP548) encrypted SSH (TCP22)
      - Supports all features of Mac OS Extended file system.
    - Server Message Block – SMB (TCP139+445)
      - Mainly used by Windows, but also other platforms use it.
      - Supports many features of Mac OS Extended file system.
      - OS X supports Distributed File Service (DFS) referrals.
    - Web-based Distributed Authoring and Versioning – WebDAV (TCP80) and encrypted (TCP443)
      - Extends HTTP service with basic read/write file services.
      - Use the http prefix in the connect to server screen.
    - File Transfer Protocol – FTP (TCP20+21)
      - Supported
      - Finder mounts FTP shares as read only.
      - Secure FTP – FTPS (TCP989+990).
        
        Commands are encrypted, but data is not.
        
        Supported in Terminal, but not in Finder.
        
        Not to be confused with SSH File Transfer Protocol – SFTP (TCP22)
        
        Uses SSH encryption.
        
        Commands and data are encrypted.
        
        Supported in Terminal and Finder.
- Connecting to File Shares
  - Connecting to File Shares Using Finder
    - Automatically discovered shared resources can be browsed
      - In Sidebar
        
        Shared category shows first eight computers + All… that links to the Finder Network folder.
        
        The Network folder is not a standard folder. Updated dynamically with discovered network file services and currently mounted file systems.
        
        Access the Network folder directly by going to the Devices category, <device name>, Network (Command+Shift+K).
    - Manually connect by entering the address of the server.
      - Using Menu, Go, Connect To Server (Command+K),enter:
        
        Protocol – afp:// , smb:// , nfs:// , http:// , https:// , ftp:// or ftps://
        
        Server – ip, fqdn, bonjour name
        
        Share / resource name
      - For connecting to DFS, read this KB article.
      - When connected, server is added to Sidebar in Shared.
  - File Share Authentication
    - Automatic authentication is attempted using these methods:
      - Kerberos when using Kerberos SSO authentication.
      - Using previously saved authentication info in keychain when using non-Kerberos authentication.
      - Authenticate as guest.
    - Manual authentication
      - In Finder in Shared category select Server and choose “Connect As”. Then select either:
        
        Connect as Guest
        
        Registered User
        
        Enter user name and password and optionally save credentials in keychain
        
        Using an Apple ID
        
        Only for AFP share using Apple ID
        
        Only shows when local Mac and computer hosting the share run OS X
        
        Local account must be tied to Apple ID
  - File Share mount / dismount
    - Mounted File Shares show in the Finder Sidebar and will also show in any application’s Open dialog.
      - It will also show in the Save As / Duplicate dialog if you select <computer name> in the Where field and then use the arrow down button next to the Save As field.d
    - When authenticated to file services, you are presented with the list of shared volumes your account is allowed to access. Select the shared volumes you want to mount (use Command key to select multiple).
    - You can dismount volumes by pressing the Eject icon next to the server in Finder.
    - You can automatically mount file shares for users: Go to Users & Groups, select account, Login Items, + , select share you want to add.
      - Alternatively create shotcuts / aliases in Dock, Desktop or in Finder.
        
        Drag and drop from Finder sidebar or the Network browser to login items on the Dock does not work. Instead do this from the Desktop or from the Computer location in the Finder using Menu, Go, Computer (Shift+Command+C).
- Troubleshooting Network Applications and File Sharing service
  - Check application specific configurations and preferences.
  - Mail
    - Mail app includes tool: Menu, Window, Connection Doctor.
    - Apple online mail Setup Assistant helps configure mail.
  - Messages
    - Messages app includes tool: Menu, Video, Connection Doctor. View conference statistics, chat capabilities and Messages error log.
      - Note: Connection Doctor is just for Mail and Messages application.
        
        For troubleshooting network/internet connection issues you should use network diagnostics instead. It can be found under System Preferences, Network, Assist me, Diagnostics.
        
        For home users, initially configuring is simplied by using the Network Setup Assistant. It can be found under System Preferences, Network, Assist me, Assistant.
        
        Network Tools app includes ping, lookup, etc.
  - File Sharing Service troubleshooting
    - Windows servers prior to 2008 include Services for Macintosh (SFM) which only provides the legacy AFP 2 file service. While OS X is still compatible with AFP 2, it is optimized for AFP 3.1
      - There are many known performance issues with AFP 2, so try to avoid using it.
      - Use SMB instead if possible or use 3rd party product like Group Logic ExtremeZ-IP for AFX 3.1 support.
      - Legacy AFP on OS X requires specific configuration.
Host Sharing and Personal Firewall
- Host Sharing Services (configured using Sharing)
  - DVD or CD Sharing (Remote Disc)
    - Only shares Optical Disc
    - Cannot configure user-specific access
    - Can only access using Bonjour
    - When enabled, launchd process listens and when request comes in, starts ODSagent process that listens for requests on very high randomly selected TCP port.
    - Accessible only from Macs using Finder sidebar or Migration Assistant
  - File Sharing
    - AFP (AppleFileServer process), SMB (smbd process)
    - Only standard and administrative have users access by default.
  - Printer sharing
    - Covered in detail later on.
  - Scanner sharing
    - Only for Macs using Bonjour and Image Capture application.
      - Use Image Capture also for sharing a digital camera.
    - When enabled, launchd process listens and when request comes in, starts Image Capture Extension Background process that listens for requests on very high randomly selected TCP port.
    - Using Sharing preferences you can enable specific scanners.
    - When using network scanner sharing, keep in mind that other computers on the network can see what’s on the scanner bed. Especially with sensitive information.
  - Remote Login (sshd)
    - SSH, SCP, SFTP (Secure File Transfer Protocol)
  - Remote Management – Apple Remote Desktop (ARD) application.
    - Screen Sharing is a subset of ARD. Both provide the VNC service.
  - Remote Apple Events
    - Allows applications and AppleScripts on another Mac to communicate with applications and services on your Mac.
    - Often used to facilitate automated AppleScript workflows between applications running on seperate Macs.
    - When enabled, launchd process listens for TCP+UDP 3130 and when request comes in, starts AEServer background process as needed.
    - By default just non-guest users can access. Can limit using Sharing.
  - Screen Sharing – System Screen Sharing (AppleVNCServer)
    - Screen Sharing Methods in OS X:
      - System Screen Sharing
      - Messages Screen Sharing
      - Apple Remote Desktop (ARD).
    - Screen sharing is a subset of ARD remote management service. When Remote Management is enabled, Screen Sharing inaccessible.
    - Modified version of cross-platform Virtual Network Computing – VNC protocol (TCP+UDP5900) that includes clipboard, file sharing and optional encryption (when using ARD or OS X Lion or later).
      - Should integrate with 3rd party VNC solutions.
    - Backwards compatible with OS X 10.5 or later
    - Screen sharing to virtual desktop supported with OS X Lion or newer.
    - By default only administrative users can access. You can optionally specify users/groups to allow access, or allow guest access (either view only or control with password).
    - When attempting to access Mac computer’s screen sharing, current logged-in user must authorize the session.
    - You can access a system’s screen sharing by:
      - Finder, sidebar, shared, select Mac, click Share Screen.
      - Finder, menu, Go, Connect to Server, vnc://<computer>
      - The methods above start the Screen Sharing application. You can also start it directly from /System/Library/CoreServices/
      - Using a 3rd party VNC client.
    - You can connect:
      - By asking for permission
      - As a registered user
      - Using an Apple ID
    - Depending on remote computer’s system, the following three situations can occur:
      - Remote computer not a Mac running OS X
        
        You connect to its current screen.
      - Remote computer is Mac running OS X
        
        No one logged in.
        
        You connect to its current screen.
        
        Authenticated as currently logged-in user.
        
        You connect to its current screen.
        
        Authenticated as different user than the one currently using the Mac.
        
        You can choose to log in to a virtual screen or to Share Display with a currently logged on user (user has choice to allow or not).
    - When Screen Sharing application is active, all keyboard commands are sent to the remote computer (including keyboard shortcuts)
  - Screen Sharing – Messages Screen Sharing
    - Messages application can be used for screen sharing while also being able to use voice and instant messages.
    - Supports reverse screen sharing.
    - Does not require Mac to have Screen Sharing enabled.
    - Requires OS X 10.5 or later.
    - Cannot force user to share screen. User decides to allow or not.
  - Screen Sharing – Apple Remote Desktop 3 (ARD) Remote Management
    - Most complete Screen Sharing solution included in OS X.
    - ARD administration software provides advanced functionality: http://www.apple.com/remotedesktop.
      - Remotely gather system information, usage statistics, change settings, add/remove files and software, send UNIX commands, perform almost any management task.
    - ARDagent listens for incoming administration requests (UDP3283).
    - AppleVNCServer listens for screen sharing requests (TCP5900).
    - You can configure who has access and what they are allowed to do.
  - Internet Sharing – NAT (natd), DHCP (bootpd), DNS (named)
  - Bluetooth Sharing
- Host Network Identification Methods in OS X:
  - IP: used by any network host, configure using Network.
  - DNS name: used by any network host, configure on DNS server.
  - Computer name: used by Mac (AirDrop+Bonjour), configure using Sharing.
  - Bonjour Name: used by any Bonjour host, configure using Sharing.
  - Netbios name: used by any SMB host, configure using Network.
- AirDrop (peer-to-peer Wi-Fi file sharing service)
  - Only available on newer Mac models.
    - If your Mac is supported, AirDrop can be accessed using Finder, Go, Airdrop (Shift+Command+R). Depending on your preferences, it might also be in the finder sidebar.
  - Scans for AirDrop systems within Wi-Fi range every time you select the window.
    - Both users don’t have to be connected to the same Wi-Fi network.
  - For other systems to show up in AirDrop, the other System must also have the AirDrop window selected in Finder.
  - Icons in AirDrop window are based on Mac computer’s logged-in user account.
  - Name in AirDrop defaults to Mac computer name as set in Sharing. If current logged-in user has Apple ID associated and you have the user in your Contacts.
  - Transfer files by simply drag and drop. Requires confirmation by both parties.
- Personal Firewall
  - Disabled by default.
  - Enable and configure using Security & Privacy.
    - By default incoming traffic allowed for connections that where initiated from your Mac and for any signed software of enabled service.
  - Firewall options you can configure:
    - Block all incoming connections (except those required for basic Internet services such as DHCP, Bonjour and IPSec).
    - Specify which applications to allow/block incoming conections for:
      - Add/remove applications manually and specify action.
      - Adding/removing services in Sharing, affects the items.
      - When new applications requests network access, you will get a dialog asking whether to allow or deny.
    - Automatically allow signed software to receive incoming connections.
    - Enable stealth mode (do not respond to/acknowledge ICMP ping, etc).
      - Adds complexity when troubleshooting.
  - Traditional firewall uses rules based on service port numbers, which can be troublesome with applications that use dynamic ports. Modern firewall like thatin OS X uses adaptive technology that allows connections based on applications and service needs (also closes ports when not needed anymore).
    - port-based firewall ipfw is still in OS X as well. Use terminal or config files to configure.
  - Firewall logging always enabled. Use Console: /private/var/log/appfirewall.log
- Shared Service Troubleshooting
  - Determine where the likely cause of the issue is.
    - One client affected, then probably local client issue.
      - Software
      - Hardware
      - Configuration (network, application)
      - User error
      - Authentication
    - More clients affected
      - Might be Mac providing shared service
        
        Application/Service
        
        Local firewall
        
        Software
        
        Hardware
        
        Configuration
      - Might be network related
        
        Network firewall
        
        Routing
        
        Switch
        
        Switches
      - Might be related to other services the shared service depends on (b.e. DNS or LDAP/Active Directory).

Peripherals and Printing

Peripherals and Drivers
- Peripheral technologies
  - Peripheral connectivity types
    - Peripheral buses – general pupose to connect external device
    - Expansion buses – expand HW compatibility / extra connect options
    - Storage buses – access storage devices
    - Audio and video connectivity
  - Each connection is specialized for particular communication. Combination of technologies often required for peripheral.
  - Use System Information to view connected peripherals and connection types.
  - Peripheral buses examples
    - FireWire 400/800 (IEEE-1394)
      - Hot-pluggable.
      - Can be daisy-chained.
      - Up to 63 simultaneous devices using hubs.
      - Can supply about 7 watts per port (instead of 2.5 of USB).
      - Standard interface for many digital video devices.
      - Allows Mac to be used in target disk mode without OS.
      - Firewire 400 max 400 Mbit/s, FireWire 800 max 800 Mbit/s.
      - Firewire 800 port backwards compatible with Firewire 400.
      - USB and Thunderbolt are replacing FireWire because it is cheaper and/or better.
    - Universal Serial Bus (USB) 1.1 / 2.0 / 3.0
      - Hot-pluggable.
      - Can be daisy-chained.
      - Up to 127 devices per USB host controller.
      - Most Macs have two external USB host controllers.
      - Port may supply up to 2.5 watts of power (500 mA at 5v) to power device (instead of 7 watts with Firewire).
        
        Unpowered hubs split power between ports, usually supplying only 0.5 watts (100 mA) each.
        
        System displays warning and disables device if not enough power is available for device. System information displays current available to and desired by device.
      - USB 1.1 , 1.5-12 Mbit/s
      - USB 2.0 , max 480 Mbit/s theoretically in reality lower.
      - USB 3.0 , max 5 Gbit/s , often blue inside of connector.
      - USB versions are backwards compatible.
    - Bluetooth (BT)
      - Short range wireless 1-10m peripheral connection.
      - Standard originally developed by Ericsson for phone headsets. Used for headsets, mice, keyboard, printers, cell phones.
      - Not designed for fast wireless connections like WiFi.
      - Power efficient (works with low power devices).
      - Bluetooth versions:
        
        BT 1.2 (712 kb/s)
        
        BT 2.1 + Extended Data Rate – EDR (3Mbit/s)
        
        BT 3.0 + High Speed – HS (24Mbit/s)
        
        BT 4.0 + Low energy support (200kbit/s)
      - Newer Mac systems (2011+) support all BlueTooth versions. Previous Mac compatible with OS X Mountain Lion (without Xserve) support up to 2.1 + EDR.
    - Thunderbolt
      - Provides 2 bidirectional 10Gbit/s channels (20Gbit/s in and 20Gbit/s out simultaneously).
        
        Future versions planned to provide up to 100 Gbit/s channels.
      - Up to 10W of power to connected devices.
      - Max cable length 3 meters
        
        Optical cabling available soon (100m no power)
      - Combines PCI Express and DisplayPort data into single connection and cable.
      - Supports hub or daisy chain of up to six devices (up to two of these devices being high-resolution displays).
      - One cable can be used for multiple purposes. By example the Apple Thunderbold display is connected with the Mac through a single Thunderbolt cable and provides high-definition digital display, built-in camera, microphone, audio speakers, 3-port USB hub, FireWire port, Gigabit Ethernet port and an additional Thunderbolt port for another display.
  - Expansion Buses examples
    - PCI Express (PCIe)
      - PCIe 1.x (32 Gb/s)
      - PCIe 2.x (64 Gb/s), backwards compatible
    - ExpressCard 34 – based on PCIe and USB (2.5 Gb/s)
  - Storage Buses examples
    - Advanced Technology Attachment – ATA (133 MB/s)
      - Only 2 drives per controller.
    - Serial ATA – SATA
      - SATA300 (3 Gb/s) or SATA600 (6 Gb/s)
      - External SATA (eSATA)
    - Small Computer System Interface – SCSI (320 MB/s)
      - Up to 16 drives per controller
    - Serial Attached SCSI – SAS (3 Gb/s)
      - Up to 16384 devices using expanders
    - Fibre Channel (up to multiple GB/s)
      - Relatively expensive
      - Apple Xsan network storage built around it
  - Audio and Video Connectivity
    - Analog stereo audio
    - TOSLINK digital audio
    - Composite video (640×480)
    - S-Video (640×480)
    - Video Graphics Array – VGA (2048×1536)
    - Digital Video Interface – DVI (1920×1200)
    - Dual-Link DVI – DVI-DL (2560×1200)
    - Mini DisplayPort (3840×2160)
      - Multiple versions with different specs.
      - Thunderbolt uses same connector form factor.
    - High Definition Multimedia Interface – HDMI (3840×2160)
      - Multiple versions with different specs.
- Bluetooth (BT) peripherals
  - Configure using Bluetooth in System Preferences or using the menu icon.
    - Make sure BT is enabled on your Mac.
    - Options:
      - Turn BT mode on/off.
      - Turn discoverable mode on/off.
      - Enable/disable BT icon in menu bar.
        
        In menu bar you can see paired devices, edit settings for these devices and also access general BT settings and preferences.
      - BT sharing setup.
      - Press the + or – icon to add/remove device (including pairing using Bluetooth Setup Assistant).
  - Discoverable mode advertises Mac as BT resource to any device within range. For security reasons only enable when pairing to a peripheral.
  - Paired devices are shown by clicking on the Bluetooth icon in the Menu bar. By clicking on the device you can adjust settings like the name.
- Peripheral troubleshooting
  - Peripheral Device Classes (based on function)
    - Human Input Devices (HID) – Keyboard, mouse, trackpad, gamepad.
    - Storage devices – hard disk, flash disk, optical drive, iPod.
    - Printers
    - Scanners – Using Image Capture Framework and Image Capture app.
      - Supports both local and shared scanners.
    - Digital cameras
    - Video devices – uses Quicktime framework
    - Audio devices – uses Core Audio framework
  - Peripheral Device Drivers
    - OS is intermediary between peripherals and applications. Application needs to support the device class, while OS handles technical details of communicating with each model of peripheral in that class.
    - Some peripherals are supported via generic class drivers, while others require their own specific driver.
      - Driver needs to be installed before connecting peripheral.
    - Device driver implementations in OS X include:
      - Kernel Extensions (KEXTs)
        
        Adds peripheral support at OS X kernel.
        
        Load and unload with system automatically.
        
        Some are hidden, most in /Library/Extensions or /System/Library/Extensions
        
        Examples include HID, storage devices and audio and video devices.
        
        Currently loaded KEXTs can be viewed using System Information, Extensions.
        
        Mountain Lion is the first OS X version that requires kernel startup in 64-bit mode.
        
        Third-party KEXTs that haven’t been upgraded to 64-bit won’t work and will be ignored.
      - Framework plug-ins
        
        Adds specific peripheral support to framework.
        
        By example adds support for additional scanners and digital camers to Image Capture framework.
      - Applications
        
        Application is specifically written for peripheral.
        
        By example iTunes for iPod, iPhone and iPad.
  - General Peripheral Troubleshooting
    - Check System Information
    - Check cables and hardware.
    - Try on different computer.
    - Latest driver/firmware and software?
      - Check System Information Utility, Software – Extensions
      - If latest, try older versions (downgrade) ?
    - Sufficient USB power ?
    - Tried reconnecting peripheral ?
    - Tried using different port, cable, device, etc ?
    - Tried restarting computer ?
    - Tried unplugging other devices ?
Print and Scan
- Print system architecture
  - OS X uses Common Unix Printing System 1.6 (CUPS) to manage local printing.
    - Uses Internet Printing Protocol (IPP) for managing printing tasks.
    - Uses PostScript Printer Description (PPD) files as basis for drivers.
      - non-Postscript printers can also be described using PPD.
  - Process
    - User prints, spool is generated in /var/pool/cups, cupsd passes spool through print chain (series of filter process) that transform it to a format understood by the destination printer and sends it to it.
      - When printed from app in GUI or Terminal print command, Portable Document Format (PDF) is generated as spool.
      - When printed from the command line, a PostScript (PS) file is generated.
  - Configure printer settings
    - Associate printer driver with printer device.
      - Default OS X installation only includes Apple and generic print drivers (saves space).
      - Installation requires administrative
      - If you add a printer for driver not available, will download using Apple software update service.
      - Apple supplies driver downloads for most popular models.
      - Preferrably use Apple provided drivers, otherwise download directly from manufacturer.
      - Apple built-in drivers installed in /System/Library/Printers
      - 3rd part in /Library/Printers
        
        Primarily in PPD folder, but may differ.
- Print and scan configuration
  - Configure or check config using Print & Scan preferences.
  - Locally connected printers show local Mac sharing name as location.
  - When you physically plug in local printer and if administrative user:
    - Auto installs driver if Mac already has driver.
    - Prompted with automatic software update installer if driver isn’t installed, but is available from Apple.
    - Nothing happens auto when driver is unavailable.
  - Configure auto-discovered network printer
    - Must be added manually.
      - From File, Print in any application, printer dropdown box, select auto detected printer.
      - Using Print & Scan.
      - You can add network printer on local network (bonjour, shared on other Mac or AirPort Base station.
      - Apropriate drivers are aquired from Mac that is sharing the network printer.
  - Configure non auto-discovered network printer
    - Must be added manually.
    - From File, Print in any application, printer dropdown box, add printer.
    - Using Print & Scan.
    - Using /System/Library/CoreServices/AddPrinter
  - Add printer window options
    - Default (usb, firewire, network auto detect printer)
    - Fax (select modem port)
    - IP (Line Printer Daemon – LPD, Internet Printing Protocol – IPP, HP JetDirect printer).
      - Might require manual driver specification fom dropdown box Print Using. You can use spotlight to narrow the search.
    - Windows (SMB)
      - Might require manual driver specification fom dropdown box Print Using. You can use spotlight to narrow the search.
  - Print & Scan options
    - Add/remove printer.
    - Set printing defaults (printer + paper size).
    - Open print queue
    - Edit an existing configuration and check supply levels.
    - Open scanner and enable/disable sharing options.
  - From Sharing preference, configure shared printers and user permissions.
    - By default users can re-share printers. In general not desired.
- Managing print jobs
  - OS X features unified Print dialog that combines previously seperate Page Setup (document size, orientation and scale settings) and Print dialog (all other printer settings).
  - For backwards compatibility, OS X allows older applications to seperate the dialogs.
  - Some applications may use custom dialogs.
- Basic printing
  - Choose File, Print (or press Command+P) to print.
    - Some apps may bypass the print dialog if Command+P is used.
    - Print dialog often shows preview and starts with default settings.
    - You can override settings like Printer, Copies, Two-Sided, Pages to print, PDF (print to PDF, print to PostScript).
      - Use Show details for more options.
        
        Bottom half shows application specific printing settings.
        
        You can save print presets.
        
        Stored in : ~/Library/Preferences/com.apple.print.custompresets.plist
        
        Application specific settings cannot be saved to preset.
        
        Manage presets by selecting Show Presets.
- PDF Tools workflow options:
  - Default: Open PDF in Preview, Save as PDF, Save as PostScript, Fax PDF, Add PDF to iTunes, Mail PDF, Save PDF to Web Recipients Folder.
  - You can manually add PDF workflows to /Library/PDF Services or ~/Library/PDF Services
  - You can create custom PDF workflows using /Applications/Utilities/AppleScript Editor or /Applications/Automator application
- Managing Printer Queues
  - Access printer queue:
    - If printer queue already open, click Dock icon.
    - Using Print & Scan preferences by selecting device, Open Print Queue.
    - Using finder ~/Library/Printers
      - Drag folder to Dock for easier access.
  - Queue options (re-order job, pause job, delete job, settings and scanner if it’s a multifunctional).
- Print system troubleshooting
  - Check printer queue (connection issue, paused, stuck jobs)
  - Check page and print settings.
  - Check PDF output of the application because that part in the CUPS workflow might cause an issue. Then it’s generic issue and not specific application printing issue.
  - Check if you can print from another application.
  - Check cabling.
  - Check printer hardware status (visual, menu, tooling).
  - Check phone line and settings for fax issues.
  - Use peripheral troubleshooting techniques for local printers.
  - Use network troubleshooting techniques for network printers.
  - Delete and reconfigure printers.
  - Update/reinstall drivers.
  - Repair installed software disk permissions using the Disk Utility Repair Permissions feature.
  - Review CUPS log files.
    - While in any printer queue application choose Printer, Log & History. Opens Console utility to CUPS error_log. Can also access_log and page_log in /private/var/log/cups
    - Manually open above files using Finder.
    - CUPS error_log may not exist if CUPS service hasn’t yet logged any serious print errors.
  - For advanced print system management and troubleshooting, access Mac CUPS web interface http://localhost:631
  - Reset the entire print system:
    - Print & Scan preferences, secondary click (Control+click) in the printer list and choose “Reset Printing System”.
    - Print & Scan preferences, option+click the minus “-” button.
    - This will clear all configured devices, shared settings, custom presets and queued print jobs.

System Startup

OS X system startup process fail can have many causes.
Each system startup stage has audible and/or visible cues.
System startup stages are:
- System initialization (processes for OS start) consists of the stages firmware, booter, kernel, system and launchd:
  - Firmware (HW test and initialization and locating and starting booter).
    - Power On Self Test (POST) + UEFI.
    - If POST succesful, startup chime sound, bright flash from power-on light and all displays show light gray background.
    - If POST fails, display may remain blank or off and you may get error codes that can manifest as tones and lights. Meaning differs per model, see http://www.apple.com/support. Firmware passes on any special startup mode instructions to the booter (see startup keys).
      - Check hardware.
      - Check cabling.
      - Go to Apple Store or Apple Authorized Service Provider.
  - Booter, loads system kernel and kernel extensions (KEXTs)
    - By default loads last specified boot file stored in NVRAM.
      - If FileVault 2 is used, system starts with OS X Recovery HD boot where user must enter credentials. Also at the end stage, the user doesn’t have to enter credentials to log on.
    - When found/succesful, dark gray Apple logo on main display.
      - Same is true when using NetBoot and downloading booter file and cached kernel info from NetBoot server. Will also add small dark gray spinning globe icon below Apple icon.
    - If no booter file found, flashing folder icon + question mark is shown.
    - If unable to load kernel, dark gray prohibited sign is shown.
      - If starting Mac from volume containing system the Mac has never booted from, the prohibited icon indicates that the version of OS X on the volume is not compatible with the Mac’s hardware. Only occurs when installing older OS X version to newer Mac, which is not supported.
      - Use Safe Boot (hold shift). Booter attempts startup volume verify and repair (dark gray progress bar). If repairs are necessary, Mac auto restarts before continuing and you need to keep holding down shift. Booter verifies startup volume again and if ok, loads kernel and essential KEXTs again (using the cleanest and slowest process that clears caches).
    - Booter process: /System/Library/CoreServices/boot.efi
  - Kernel (provides foundation, loads additional drivers and core UNIX BSD).
    - If succesful,dark gray spinning gear below Apple logo on main display.
      - May not be noticeable on new fast models.
    - In most cases kernel is loaded by booter from cached files. It is however also located on system volume at /mach_kernel
    - If unsuccesful, try Safe Boot (hold shift).
      - If unsuccesful, reinstall OS X.
      - If succesful, issue may be 3rd party KEXT. Then start in Verbose mode (Command+V) to identify offending KEXT and move it to quarantine and reboot normally.
        
        Can use Target disk mode for moving.
  - System launchd (starts non kernel process launchd that loads rest of system)
    - Process ID (PID) of 1.
      - Kernel_task is its parent process, PID 0.
    - Dark gray spinning gear disappears and white background appears briefly on all displays. If succesful login screen will be shown or the Finder if user is set to auto logon.
      - When using multiple displays you might also notice white flash on secondary display as result of launchd starting WindowServer process.
    - If unsuccesful, login screen may not be shown and/or screen may be stuck at black or white screen.
      - Safe Boot (hold shift), forces system launchd process to ignore 3rd party fonts, launch daemons and startup items.
        
        If then it works:
        
        Start Verbose mode, find and (re)move offending item(s).
        
        Consider removing /Library/Caches.
        
        Consider renaming preferences in /Library/Preferences and/or /Library/Preferences/SystemConfiguration
        
        If then it still does is does not work:
        
        Start Mac in single-user mode (Command+S):
        
        verify and repair system volume : /sbin/fsck -fy
        keep repeating until OK.
        
        Mount startup volume as read write: /sbin/mount -uw
        
        Make changes like removing suspicious file.
        
        Start up the system by entering the exit command or shutdown using shutdown -h now
        
        Re-install OSX
    - Launchd preference files in /Library/LaunchDaemons and /System/Library/LaunchDaemons
    - Apple encourages use of launchd for all auto started processes, but legacy startup routines are supported as well:
      - Traditional Unix : /etc/rc.local (not included in OS X default)
      - launchd also starts /sbin/SystemStarter process that manages system processes as with legacy OS X startup items.
        
        OS X has no built-in startup items, but SystemStarter looks in /System/Library/StartupItems and /Library/StartupItems
    - You can view the processes that are loaded by launchd using Activity monitor and selecting “All processes, hierarchically” from the dropdown box.
- User session with the stages:
  - loginwindow process (started by launchd)
    - Launches the Dock and the Finder.
    - Can run as background process and a graphical interface application.
      - maintains user session.
- Sleep modes, logout and shutdown
  - Generally user intitiated using Apple menu or the physical power button.
    - Process or application can also initiate these actions:
      - Restart after install with Installer or Mac App Store app.
      - Energy Saver preference with e.g. auto sleep.
      - Auto logout after inactivity as set in Parental Controls.
  - Sleep does not quit open processes, while logout and shutdown does.
    - OS X feature Auto Resume is enabled by default and reopens user’s items to their previous state upon login.
    - Safe Sleep is supported on all OS X mountain Lion compatible portable Macs. They also copy entire contents of system memory to an image file on the system volume. This way no data is lost when the Mac runs out of battery power.
      - When restarting from safe sleep mode, a light gray version of Mac screen is shown together with a small progress bar. If FileVault 2 is used, credentials need to be entered first.
    - Power Nap
      - Supported for Mac systems mid 2011 or later with all flash storage.
        
        SSD and Flash Storage are not the same. Flash storage is directly connected while SSD are connected to a controller instead.
      - Allows Mac to occasionally wake to low-power mode. Also known as dark wake (no display, only background tasks).
      - Many built-in OS X apps and services support Power Nap. Including Mail, Contacts, Calendar, Reminders, Notes, documents in iCloud, Photo Stream, Mac AppStore Updates, Time Machine Backup, Find My Mac updates, VPN on demand and MDM configuration profiles.
      - Power Nap only updates apps running when sleep initiated.
      - Enabled by default when Mac connected to power adapter. Can optionally be enabled when running on battery power.
        
        When power level is 30% or less, Power Nap will be suspended until connected to power adapter.
      - After sleep, will wait 30 minutes before dark-waking. Then dark-wakes every hour. Update frequency varies per app.
      - Power Nap log at /var/log/zzz.log
      - Some Macs require firmware update to support Power Nap.
    - Logout
      - loginwindow process issues Quit Application event to all applications.
        
        Applications that support OS X Auto Save and Resume save open documents and quit app.
        
        Otherwise app asks user to save documents.
        
        If the document save or application quit is not completed in 45 seconds, logout will be aborted.
        
        If application quit is complete, background processes and GUI session quit, logout scripts are run and logout is written to main system.log
        
        When logging out (not shutting down or restarting), new loginwindow process is started.
    - Shutdown and Restart
      - loginwindow process Logs out current user.
      - If other user logged in with fast user switching, enter administrative user authentication before forcibly quiting.
      - After all users logged out, issue quit to remaining processes
      - When all processes are quit, kernel stops system launch and shuts down the system.
        
        If system not shut down, wait a while. After that, force by holding down power button.
      - If restart issued, computer firmware begins startup process.
        
        With restart, full POST is not performed. So when troubleshooting hardware, Shut Down.
Diagnose startup issues
- Startup shortcuts
  - If Mac firmware password is set, all startup shortcuts are disabled except for the Option key for Startup Manager that will prompt for the password.
  - Some hardware may not support startup keys (e.g. Bluetooth wireless keyboards). Keep wired USB keyboard / mouse nearby.
  - Startup shortcuts to select other system:
    - Option – Startup Manager.
    - C – Boot CD/DVD.
    - D – Start Apple Hardware Test partition on first restore DVD.
    - Command-Option-D – Start Apple Hardware test using internet connection to Apple Servers.
    - N – Start from last-used Netboot server, if none then from default Netboot server.
    - Option+N – Start from default Netboot server.
    - Command+R – Start from local OS X recovery if available, otherwise OS X internet recovery.
    - Command+Option+R – Start from OS X internet recovery.
  - Startup shortcuts to modify OS X default startup
    - Shift – Safe Boot
      - OS X diagnostic modes cannot be used on systems with FileVault 2 enabled. For more info, see this KB.
    - Command+V – Verbose mode. Shows startup progress.
    - Command+S – Single user mode. Starts only core kernel and BSD Unix functionality.
      - You’ll be logged in as root.
      - Get processes using: “ps -ax”
      - Test local TCP/IP stack using: ping -c2 127.0.0.1
        
        -c2 is 2 pings.
        
        Without -c2 will continue to ping until CTRL+C.
      - Examine system log file using: “less +G /var/log/system.log” b = backwards, space = forward, q = quit.
      - Change to directory /var/db : “cd /var/db”
      - Remove file using : “rm <file>”
  - Other Startup Utilities
    - T – Target disk mode
      - Alternatively you can go to System Preferences, Startup Disk, Target Disk Mode to restart in Target Disk Mode.
    - Command+Option+P+R – Reset NVRAM settings and restart.
    - Eject, F12, mouse or trackpad – Eject removable media.