Reinstalling an old version of MacOS

If you have an old Mac and need to reinstall the OS such as el capitan, mojave, high sierra but don't have a time machine backup but a usb boot disk you might be getting this error

This Copy of the Install MacOS {Version} is damaged, and can't be used to install macOS. 

The issue is a security certificate, that has expired because apple is setting very short security certificates, apparently for their installer something to about 2 years (which was the max life for tls certificates prior to 2020), and I would be these certificates for the MACOS installers will be getting shortened to 398 days just like the web based TLS certficates. 

To fix this problem you will have to set the date manually from the command line.  To do this we need to open the Terminal, and run the "date" command and set the date.  On the Menu bar go "Utilities -> Terminal"

you can read my post here on how to make a usb boot disk

By using the “date” commnd string, where date is in the [mm][dd]HH]MM[yy] format, which is Month Date Hour Minute Year without any separation.

I've noted the release date for three older versions of MACOS which you may want to install if you have a 2010 or older mac

Yosemite - date 0101010115

Mavericks - date 0101010114

El Capitan - September 30, 2015 - date 0712122316 (July 12, 12:23 2016)

Sierra - September 2016 - date 0712122317 (July 12 12:23 2017)

High Sierra - September 2017 - date 0712122318 (July 12, 12:23 2018)
If this is High Sierra type date 0601115918

Once that is done you can then exit the terminal and install macOS

You can view a video of the fix here https://youtu.be/LUNEKYH0CzM

To create MacOS boot disks 

References:
https://osxdaily.com/2019/10/24/fix-install-macos-application-damaged-cant-be-used-error-mac/
https://osxdaily.com/2012/07/04/set-system-time-mac-os-x-command-line/

https://www.ssl.com/blogs/apple-limits-ssl-tls-certificate-lifetimes-to-398-days/

Setting up and configuring wol and rpc remote shutdown for windows clients

If your looking for an inexpensive way to setup an automatic turning on and shutting off of your windows computer systems, using WOL and RPC are an excellent way to do that, you can even setup a Linux server for controlling the timing for turning the systems on/off and it isn’t too difficult to manage. I will do a post soon about setting up a linux server to run WOL and RPC Shutdown scripts. If your looking to set one up the quick and dirty version is:

Requirements SAMBA, Windows Admin and Password, Linux Admin and Password

Put startup/shutdown scripts in /etc/cron.daily

Startup
sudo -i -u $linuxAdminUser -p $password wakeonlan -i $IPADDRESS $MACADDRESS

Shutdown
sudo -i -u $linuxAdminUser -p $password net rpc shutdown -I $IPADDRESS -U $WindowsADM%$password -t 1 -f

Use Crontab to setup scheduling

Crontab schedule

For more information about crontab, you can visit this link about crontab

Here are the break down of the examples above

00 12 * * 5 user command

at minute 00, hour 12, * - no value (day of the month), * - no value (month), 5  the fifth day of the week (friday), user to run the script and script to run.

So the following example "00 12 * * 5 root /etc/cron.daily/shutdown.sh"

at minute 00, at 12 pm, on friday run as root the script shutdown in /etc/cron.daily

Setting up the Windows 10 Client

For setting up WOL/RPC shutdown, you have to have your windows clients prepped with the proper firewall rules and user accounts for privileged access.

• An administrator account (not called administrator as windows 10 upgrades disables this with each update)
• RPC and Remote Access Firewall Rules Allowing (I also allow ICMP and Ping) for remote management with services such as lansweeper and FOG
• Updated Intel network driver

One thing I have noticed recently is that the manufacturer driver doesn’t seem to work with WOL.  Working with some Lenovo m93 and m900 series and and HP {put hp model here} doing a full windows reinstall/reset breaks WOL.  Even getting an up-to-date manufacturer driver WOL doesn’t seem to work which is extremely odd. A major difference I can account for this is the update to the intel proset tools for their network driver which brings a GUI interface back to add and remove VLANs to Windows 10.

Nic Driver settings to enable WOL in Windows 10

Enable WOL in Windows 10.  In Windows 7 unchecking the computer to turn off the device would leave the device on but in windows 10 it disables all power management and turns it off.  For WOL to work you have to enable "Only allow a magic packet to wake the computer option"

Wake on Link Settings - Disabled

Wake on Magic Packet - Endabled

Wake on Pattern Match - Enabled

Wait for Link - Auto

Even with these settings being enabled and no errors WOL would not go.  I had S3, S4 and S5 enabled in the bios, which would enable WOL to work, but when I send the WOL packet the system stays off.

So I downloaded and installed the latest intel driver which comes with proset tools and this seemed to resolve the issue (Version 25 as of this post)

Version 25 of the Intel network driver and proset tools

Intel Proset software and drivers

Adapter driver Options

Teaming and Vlans

Once I updated the driver to version 25 WOL started working for my windows client.

RPC shutdown from Linux

sudo -i -u $linuxAdminUser -p $password net rpc shutdown -I $IPADDRESS -U $WindowsADM%$password -t 1 -f

RPC SHUTDOWN ERROR

To fix this issue

Manual Registry Hack

Open regedit.exe through the start menu search or run box, and then navigate down to the following key, creating a new key if it doesn’t exist.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Change the LocalAccountTokenFilterPolicy to 1

On the right-hand side, add a new 32-bit DWORD value named LocalAccountTokenFilterPolicy and set the value to 1.

To remove this tweak you can set the value to 0 or just delete the key.

With this setup you will be able to startup and shutdown any pc you have listed in your startup and shutdown scripts.

If your interested I had done a post which you can use powershell to add/remove VLANs to Windows 10, and the reason I had done the post is because the Intel VLAN driver no longer worked with Windows 10.

References

https://helpdeskgeek.com/networking/how-to-connect-to-a-remote-registry-windows-7-10/

https://blog.sip2serve.com/post/155565656901/shutdown-windows-10-remotely

Setting up kiosk printing mode for Vend

In January of 2020 I wrote a post about Setting up a point of sale (POS) system for a Horizon library.  Since then we have decided enable our second location in VEND and setup a single register.  Vend has a great post on setting up Chrome for kiosk printing; which is great but there are two issues with it that are mutually exclusive; meaning that if you solve one problem it causes the other.  What I discovered is that Google Chrome, would either print the webpage header/footer on the receipt or you would have to hit print twice to print the receipt.  The new Microsoft Edge does not have this problem.

Setting up VEND it was highly recommended sticking to chrome on windows, though they have a long list of recommended hardware and software on their site.  

Typically when you print from a browser such as chrome, you print and you get the google print preview

Printing From Chrome

And you can also set it up to print from the system dialogue window by pressing Ctrl + Shift + P

System Printing Dialogue Window

This can be controlled from Google Admin if you have Google for Business/Non-Profit/Education by going into Device Management -> Chrome -> Settings

With the options of 

• Allow using print preview
• Always use the system print dialog instead of print preview

Google Admin - Control Print Preview

If your not using google admin you use the the command line switches in sequence a list of command-line-switches for the Chromium project can be found here

For chrome we want to put the following at the end of the quote after a space on the shortcut.

--enable-print-preview --kiosk --kiosk-printing

This enables chrome's print preview mode so it doesn't use the system's dialogue, puts the chrome browser in kiosk mode and kiosk-printing automatically causes chrome to hit the print button leaving the preview up for a second or two.  If your using google admin you can skip the --enable-print-preview flag if you have it defined in the settings as shown in the Google Admin picture above.  Below is chrome with the command line switches.

Chrome is great and it worked ok but the main issue we came across was with the print-preview enabled it would print the page header and footer on the receipt

Receipt with the website header and footer which is printed
when you have kiosk tags enabled on chrome.

If you disable the print-preview, and use the system dialogue box for printing the receipt turns out without the web page header/footer on the receipt, but you had to either hit return or press the print button twice which is not the best thing for a cash register.

Receipt with no web page header/footer

So I downloaded and installed the new chromium based Microsoft edge and tried the chrome command line witches on edge and they worked great!  In fact you don't even need the --enable-print-preview switch, the receipt comes out with no wasted paper and everything else works just as it did on chrome; so we switch our VEND register to Microsoft Edge.

Using the Vend article for setting up kiosk mode, I did also some additional things using group policy to secure the system, and setup a startup script when the computer launches.

Here are some additional actions I had taken to secure the VEND Register System

• Create a admin and limited user (the vend register runs as the limited user)
• Set the default page to be the vend register store, along with the home page setting
• Create a startup script to launch edge using Task Scheduler

Task Scheduler

      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

      --kiosk --kiosk-printing

• Setup Group Policy to disable CTL+ALT+DEL options

Open the Local Group Policy Editor:
Click Start.
Enter Run.
Type gpedit.msc.
Click OK.

Navigate to User Configuration > Administrative Templates > System > Ctl+Alt+Del Options.
Prevent users from being able to use the following functionality by enabling the removal of the functions:
Remove Task Manager
Remove Lock Computer
Remove Change Password
Remove Logoff
To enable these to be removed:
Double-click the option.
Select Enabled.
Click OK.

Disable CTL+ALT+DEL 

• Then to disable the windows key

Open regedit.

Click on the Windows menu and type run, then put in regedit

click HKEY_LOCAL_ MACHINE on Local Machine  

Double-click the System\CurrentControlSet\Control folder, and then click the Keyboard Layout folder. 

On the Edit menu, click Add Value, type in Scancode Map, 

click REG_BINARY as the Data Type, and then click OK. 

Type 00000000000000000300000000005BE000005CE000000000 in the Data field, and then click OK. 

Close Registry Editor and restart the computer.

Disable Windows Key

Papercut MF Print Client Issues on Microsoft Hyper-V

I've had recently finished a project involving Papercut MF and I have to say from my experience with the software for what the organization wanted it worked much better then it's competitors.  Both Staff and clients are relatively happy with the product and the process.  

As I am working though documenting the process for setup, user accounts, etc; I came across a odd issue with Papercut.  After setting up and configuring a Papercut server on linux, I setup a new Windows 10 vm on Hyper-V to show how the client can be run and installed the print client would not work... at all.  I can run the installer and it installs no problem, but when you go to run the program it launches then quits; and when you do the same thing on a non-vm system it works just fine.  You could argue it's not an issue with papercut, but it is a VM issue which I would agree with if doing the disk2vhd or other cloning/imaging methods did not work which is how I originally tested to see if the system and process were viable for the organization.

I've been able to replicate this issue 100% of the time with a new install of windows on a Hyper-V client with a Linux Papercut Server; the work around is to get an image, or do a p2v conversion of a system to get the papercut client to work on Hyper-V.  As you can see below.

Papercut client not working on fresh VM install.

Papercut is not running

Papercut is installed but not running as shown in the taskbar

After grabbing a disk2vhd image of another station with papercut installed, the client remained working running in a VM environment

The task bar shows the papercut print client is running

Papercut is installed and running

Taskmanager shows papercut is running

It is an odd issue one that I hope Papercut fixes in the very near future but for now I'll go with using a p2v image for doing my testing and documentation of papercut.

******UPDATE******

Because I am documenting the process for setting up a papercut server I also setup a windows version and noticed several differences between the Linux Client and the Windows client particularly with the number of DLL files included in the Windows vs Linux client directory as showcased below.

At any rate taking the windows client files provided by the windows version of the papercut server fixed my Hyper-V client issue without having to use a disk2vhd copy.  All that are required are the missing dll files, once you add those missing files to the linux server provided client for windows; the client does work properly on a clean Hyper-V VM.