Adding an Apple computer to Microsoft Active Directory

In order to add an Apple computer to a Microsoft Active Directory infrastructure, you will need to enable the AD directory service on the Mac, as it is not enabled by default.
Your username and password on the Mac should ideally also match those of your AD credentials, but this is not necessarily required.
Browse to System --> Library --> Core Services and launch the Directory Utility application:

The following window will be displayed:

In order to make changes you may need to unlock the padlock icon and enter the details of a user account with administrative privileges. Tick the option to enable Active Directory. Click on the Advanced Settings button:

Enter in the details of the Active Directory domain that you wish to join and click on Bind. You may be prompted to enter the details of a user account with domain administrator privileges.

Once joined to the domain, you will know if the operation has been successful as the "Bind" button will change to "Unbind":

Your Mac will also now be listed in the Active Directory Computers folder:

You may now browse available servers directly within the Finder:

Or map a drive directly within the Go --> Connect to Server menu:

If prompted to enter a user account (which you may be if your local account details do not match those of the AD), enter in your AD credentials as a Registered User and select the option to save the details in your Keychain to prevent being prompted again:

Your connected drives are now accesible:

Apple iPhone Configuration Utility 2.0

The iPhone Configuration Utility allows the administrator to define common settings governing password policy, Server ActiveSync, certificates, wireless access points, VPN connectivity, LDAP access and more in a single configuration file and deploy those configuration settings to any number of iPhone devices.

With the release of OS 3.0 for the iPhone, the Configuration Utility has been updated to version 2.0 to reflect the new features available in the operating system. For an overview of the new features available in OS 3.0, read this article - http://blog.brightpointuk.co.uk/whats-new-enterprise-os-30-iphone

The iPhone Configuration Utility can be downloaded from the Apple web site for both Windows and Mac platforms - http://www.apple.com/support/iphone/enterprise/

More information on using the utility is available in the iPhone Enterprise Deployment Guide - http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf

General

This section defines the name and description of the configuration profile. The Security field allows the administrator to define whether the profile can be removed from the device by the user.

Passcode

This section defines the password policy - whether or not a password is required on the device, what strength that password should be, how many attempts the user has to enter their password correctly before the device is wiped, and how long the device can remain unlocked for without user interaction before the device will lock itself automatically.
How often a password must be changed, or whether passwords can be re-used can also be defined.

Restrictions

This section defines whether third party applications can be installed on the device by the user as well as controlling access to the Safari web browser, You Tube and the device camera.

WiFi

This section defines any wireless access points required, including authentication settings. Supported standards include:

• WEP
• WPA Personal
• WPA Enterprise
• WPA2 Personal
• WPA2 Enterprise
• EAP-TLS
• EAP-TTLS
• EAP-FAST
• EAP-SIM
• PEAP v0, PEAP v1
• LEAP

VPN

This section defines PPTP, L2TP or Cisco IPSec VPN server settings, including Proxy Settings if required.

Email

This section defines POP and IMAP email account settings.

Exchange

This section defines Exchange Server ActiveSync account settings.

LDAP

This section defines LDAP server settings for contact lookup.

CalDAV

This section defines server and account settings for a web-based calendar server using the CalDAV access protocol. NOTE - this is not a protocol used by Microsoft Exchange.

Subscribed Calendars

This section should be used in conjunction with the above CalDAV section - specific shared calendars are defined here rather than the server itself.

Web Clips

Web Clips are links added to the iPhone home page that allow fast access to favourite web pages. URLs, names and icons can be defined here.

Credentials

This section allows the administrator to add any required certificate files to the configuration package.

SCEP

This section allows the administrator to define SCEP server settings. SCEP is the Simple Certificate Enrollment Protocol and allows devices to be registered and authenticated automatically provided that they possess the appropriate certificate in order to be able to correctly respond to a challenge. Once authenticated the mobileconfig configuration file containing the remainder of the device settings can be downloaded to the device.

Advanced

This section defines cellular access point (GPRS / 3G) details, including Proxy Server settings if required.

Once the required profile settings have been defined, the configuration can be exported to a single configuration file, digitally signed if desired:

This configuration file can be deployed to a connected device directly via USB, or can be downloaded to the device from a web server or as an email attachment.

Apple iPhone Configuration Utility 3.0

Apple have released version 3 of the iPhone Configuration Utility, the tool that enables administrators to create deployable packages containing customised settings for Email, VPN, WiFi and device usage, etc and then deploy those packages to any number of iPhone devices, simplifying device setup and removing the need for users to contact the IT department as well as ensuring compliance.
The latest version of the tool can be downloaded here - http://support.apple.com/kb/DL851
This latest version of the tool provides support for iPhone OS 4 and the new functionality available in the new platform.

As before, various aspects of the device's configuration and functionality can be preconfigured by creating a configuration profile, including:

• Mobile Internet access point settings

  

• Password policy - length, complexity, age, history, number of failed attempts etc

  

• Restrictions - application installation, camera, screenshot capture, web browsing, youtube, itunes, movies, tv shows, etc

  

• WiFi

  

• VPN

  

• Email - POP / IMAP

  

• Exchange ActiveSync
• LDAP directory access
• CalDAV calendar access
• WebClips - shortcuts to web content
• Certificates
• Mobile Device Management

Exchange ActiveSync

Expanded elements of the Exchange ActiveSync protocol version 12.1 can now be configured, including:

All Exchange versions

• Enforce password on device
• Minimum password length
• Maximum failed password attempts
• Require both numbers and letters
• Inactivity time in minutes

Exchange 2007 / 2010

• Allow or prohibit simple password
• Password expiration
• Password history
• Policy refresh interval
• Minimum number of complex characters in password
• Require manual syncing while roaming
• Allow camera
• Require device encryption

Remote wipe of devices is also supported from Exchange.

Once saved, configuration profiles can be deployed to devices via email, by posting to a web server or locally via USB.

Mobile Device Management

iPhone OS 3.x or later supports over the air enrolment and configuration. New to version 3.0 of the iPhone Configuration Utility is the ability to enter details of the mobile device management server into a configuration profile, as well as the ability to specify which configuration items should be available via the DM server.
Support is also included for the Apple Push Notification Service (APNS), allowing the administrator to specify that should changes be made to the configuration profile, the DM server can be alerted to the change and push them to enrolled devices automatically.

Enrolment is the mechanism by which a device is authenticated before a configuration profile can then be delivered. This ensures that only trusted devices receive configuration settings. Because configuration profiles can also be locked and encrypted, once installed they cannot be removed or edited by the user, or shared with others.

The enrolment process can be deployed using web services and a certificate authority, and also requires a mechanism for user authentication. A typical end-to-end process would run as follows:

• The URL of the device management server is distributed via SMS or email
• The user accesses the link via the Safari web browser on the device. The web service will prompt the user to authenticate (which may be tied into Active Directory authentication)
• The web service issues an encrypted mobileconfig profile to the device which is installed automatically but not applied. The profile then requests one or more of a number of device attributes (iOS version, MAC address, IMEI number or SIM number)
• The device responds with the requested information, signing the response with its own (Apple-issued) certificate
• The web service issues an SCEP (Simple Certificate Enrolment Protocol) response with instructions on how to generate an RSA 1024 certificate request, and where to send it for certification
• The device sends the certificate request to the certification authority
• The CA creates the certificate and issues it to the device
• The device is then able to decrypt the encrypted mobileconfig profile

In a nutshell, then, although the iPhone supports over the air enrolment and configuration, this is not an out-of-the-box tool supplied by Apple - there is an amount of development and integration work to be done before devices can successfully authenticate with and access your network.

Fortunately, a number of device management vendors have already integrated this functionality of the iPhone into their own products, removing the need to do any integration work yourself, and enabling management of iPhone devices alongside other platforms within a single management interface. Vendors include Sybase Afaria, DME by Excitor as well as Fromdistance. Visit the device management section of the blog for more information.

For more information on the iPhone Configuration Utility, download the Apple Enterprise Deployment Guide - http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf

Configuring MacOS Snow Leopard access to Exchange 2007

As has already been much-publicised, MacOS 10.6, or "Snow Leopard", can access Exchange 2007 mailboxes to provide integration with the Mac's native email, contact and calendar applications: Mail, Address Book and iCal.

Only Exchange 2007 is supported, not Exchange 2003, and only Exchange 2007 servers running SP1 update 4 or later. At the time of writing, the public release candidate of Exchange 2010 appears to work fine.

The Mail, Address Book and iCal applications need to be configured separately. If the Exchange server in question is using a self-issued, or non root-trusted certificate, to avoid being prompted to accept the certificate each time a connection is established to the server, the root certificate of the CA which issued the certificate to the Exchange server should be added to the System folder within the Keychain application:

When running the Mail application for the first time, or when adding a new account within the Preferences pane, you will be prompted to enter your email address:

The setup wizard will attempt to determine the appropriate server and authentication settings to use based on your email address. Should any of the settings not be determined automatically, you will be prompted to complete them:

Complete the fields as required - the server address is typically the same as that used by Outlook Web Access (webmail) and the username is that used when logging into your desktop PC at the start of the day:

If prompted for a domain, again this is the same as that used when logging into your PC at the beginning of the day and should be entered in the username field in the format 'domain\username'

Once configured, your email messages will be downloaded automatically:

To edit your account settings once they have been defined, select the Accounts tab within the Preferences view:

Options pertaining to Junk Mail, Sent Items and Drafts can be defined:

The amount of data that is synchronised (entire messages with attachments, messages, or message headers) can be defined:

In order to configure Address Book and iCal access, similar settings must be entered when adding accounts:

Configuring the Cisco VPN client on the iPhone

This article was written using version 3.1.3 of the iPhone software.

Tap on the Settings icon and select General:

Select Network:

Select VPN:

Select the option to Add VPN Configuration:

Select the IPSec tab.

Enter in a name for the connection as well as the name or address of the VPN server. Depending on whether using certificate or group-based authentication, enter in the remaining connection settings as required. Contact your network administrator if you are unsure as to what settings to use.

When finished, save the new configuration.

To initiate the VPN connection quickly and easily from now on, a toggle switch for the VPN connection will be displayed on the main Settings page:

Connect to a Cisco VPN server from Mac OS Snow Leopard

MacOS 10.6, or Snow Leopard, features an integrated Cisco VPN client, able to connect to an IPSec Cisco VPN appliance.

To configure the VPN client, open the System Preferences and select Network. Click on the + symbol to add a new connection:

Select VPN as the Interface type, and Cisco IPSec as the VPN type. Enter a name for the connection and click Create:

Enter in the name or IP address of the VPN server as well as your VPN username and password - depending on how the authentication mechanism has been configured this may be your Windows login credentials or a separate account. Click on the Authentication Settings button:

Enter in the Group Name and Shared Secret details as provided by your network administrator, click OK.

Click Apply to save the changes. To initiate the connection, click the Connect button. After a few moments, provided that you have a connection to the Internet and the settings have been entered correctly, you will be connected:

To be able to connect and disconnect the VPN from the menu bar, tick the option to "Show VPN status in menu bar".

Connect to an SSH-based VPN via VNC from an Iphone

I have blogged previously about how to deploy an SSH-based VPN solution (http://blog.brightpointuk.co.uk/deploying-ssh-based-vpn-solution) enabling safe remote control of corporate assets without needing to worry about the health status of the machine doing the remote controlling.
It is possible to access the same SSH VPN server from an iPhone device using the iSSH application.

iSSH is not free, it must be purchased via the iTunes App Market, but once installed configuration is quick and simple and works via both WiFi and 3G connections.

Launch the iSSH client and select the option to add a new configuration:

Enter in a name for the configuration as well as the external IP address or DNS name of the SSH server.
Specify the port that the SSH service runs on as well as the username and password that should be used to log into the server.

Scroll down and set the options to SSH and VNC:

Specify the password for the VNC connection on the remote host to be accessed, as well as the host's internal IP address and the port that the VNC server is running on.

Initiate the connection, you will now be able to remotely control the target host via VNC from your iPhone:

Connecting to an OpenVPN server from an iPhone

GuizmoVPN (http://www.guizmovpn.com) is an OpenVPN client for the iPhone available for installation on Jailbroken devices. OpenVPN is, as its name suggests, an open source virtual private networking application, suitable for a wide range of secured comms applications. For more information read this blog article - http://blog.brightpointuk.co.uk/openvpn

The iPhone client is available for download within the Cydia manager, but must first be added to the list of available sources. Within Cydia browse to Manage --> Sources:

and add the source "http://cydia.guizmovpn.com", you will then be able to install the client.

Full installation options are available on the GuizmoVPN web site, but setup is relatively quick and painless provided you have a correctly written client configuration script. The following script worked for me:

client
dev tun
proto udp
hand-window 15
remote (server_IP_address) 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert jamesl.crt
key jamesl.key
comp-lzo
verb 3

Your script would naturally need to include the IP address of your OpenVPN server and specify the appropriate key and certificate files.

The script should be saved as a ".ovpn" file in the same directory as all required key and certificate files. The directory itself should then be compressed to a ZIP file and copied across to the iPhone.

The easiest way to do this is to connect the iPhone to an available WiFi network and upload the ZIP file to the device from your PC. Launch the GuizmoVPN client on the iPhone and select the option to enable the web server:

Provided that WiFi is enabled on the iPhone and connected to the wireless network, its local IP address will be displayed:

From your PC, or another machine on the same wireless network, open a browser and connect to the IP address of the iPhone on port number 2095, as shown in the GuizmoVPN screen, the following will be displayed in your browser window:

Browse to where the ZIP file is saved on your PC and upload it to the iPhone.
Once uploaded, the configuration will then be listed in the GuizmoVPN client:

You can now turn off the web server on the iPhone.
To initiate the connection to the OpenVPN server, simply move the Connect switch to On. If prompted for a password, enter it at the prompt. If the connection is successful, an icon will be added to the status bar at the top of the screen to represent the VPN connection:

You will now be able to access remote resources via their internal address:

If your are unsuccessful, view the log file for information and error messages to assist your troubleshooting.

Copying contacts between groups on the iPhone

Each address book added to the iPhone, be it an Exchange account, Google account, or contacts stored on the iPhone itself, is assigned a "Group" in the Contacts application on the iPhone. Sometimes it is necessary to copy or move contacts between these groups, for example if you wish to backup contacts stored on the iPhone memory and are unable to sync with Outlook on the desktop. In this situation you could create a free GMail account, set it up as an account on the phone (selecting the option to synchronise contacts), then move or copy your contacts into this new group.

iOS does not have the ability to move contacts between groups by default, fortunately there is a free application available in the AppStore called "OrbiContacts":

Install the application and launch it:

Select the option to Copy or Move contacts as desired:

Select the contact group you want to copy or move from, tap Next

Select the contacts you wish to copy or move, or select all if desired, tap Next

Select the contact group you want to put the contacts into. The contacts will now be copied or moved depending on the option you selected, and once complete will then synchronise online automatically.

Enterprise deployment of the iPhone with XML configuration scripts

It is not possible to use an iPhone until you have first connected it to a PC that has iTunes installed and run through the activation process (unless you are running iOS 5, which removes this requirement).

iTunes will then run the user through a wizard which will activate the device for service (the same also applies to the iPod Touch).

If the iPhone is being rolled out across a business, this means that the administrator must decide whether to install iTunes on each iPhone user’s PC, or activate all devices themselves on their own PC with iTunes installed.

NOTE – iTunes is only required for the activation process. Once activated, iTunes is not required to enable the device to access corporate systems, only to synchronise music, photos and videos.

iTunes is required, however, to install software updates onto the device.

NOTE – if your organization does not use Mircosoft Exchange, it is still possible to use the iPhone and iPod Touch with POP and IMAP-based email servers. Calendar and Contact entries can also be synchronized with the Address Book and iCal applications on MacOS and with Microsoft Outlook on a Windows PC via iTunes.

Configuring Devices

If you are only deploying a small number of devices, it may be preferable to allow users to configure their own devices. However, should a large number of devices be deployed, there are tools available to help.

The use of configuration profiles allows for a number of settings to be quickly and easily deployed to a large number of devices.

A configuration profile is an XML document that contains settings on Email, WiFi connections, VPN settings, certificates and security policy settings.

Profiles are distributed to devices either via email, as an attachment, or via a web link.

Configuration Profiles are created using the iPhone Configuration Utility, an application for both MacOS and Windows available for free download from the Apple web site:

http://www.apple.com/support/iphone/enterprise/

The interface for the utility looks like this:

A full explanation of the Configuration Utility can be downloaded from the Apple web site:

http://support.apple.com/manuals/en_US/Enterprise_Deployment_Guide.pdf

The General tab allows you enter a name and identifying information for the Profile.

The Passcode Settings tab allows the administrator to define an on-device password usage policy:

The maximum number of failed attempts field allows the administrator to define how many times the device password can be entered incorrectly before the device becomes unusable. By default, after six unsuccessful attempts the device imposes a time delay before a passcode can be entered again. The time delay increases with each failed attempt. After the eleventh failed attempt, the device is locked and must be reauthorised via iTunes.

The WiFi tab allows the administrator to define WiFi access points to be used by the device:

The VPN tab contains information on Virtual Private Network connection settings:

The Email Settings tab contains information on POP and IMAP-based email account settings:

The Exchange tab is where the settings relating to Server ActiveSync are entered:

You will notice the lack of a field to enter Domain information. This should be included in the Username field in the from "domain\username".

The Credentials tab is used to publish certificates to the device. CER, DER, CRT, P12 and PFX certificates types are supported.

The Advanced tab allows the administrator to define cellular access point settings:

Once the profile has been configured within the Utility, it can be Exported, which will create a ".mobileconfig" file (which can then be uploaded to a web site), or emailed as an attachment.

Update - the Apple iPhone Enterprise Configuration Utility has been updated to version 2.0 - http://blog.brightpointuk.co.uk/apple-iphone-configuration-utility-20

Managing iOS devices from Mac OS X Lion Server

It has long been possible to create configuration profiles for the iPhone and iPad, store those settings in a single file and deliver that file to devices via email or by download from a web server, by using the iPhone Configuration Utility.
This functionality has been incorporated into the release of Mac OS X Lion Server, in the Profile Manager feature.

Once the feature is enabled, select the link to "Open the Profile Manager". The configuration is performed via a web interface which you must log into with an administrative user account:

Once logged in you can edit the default configuration profile, or create additional profiles:

Editing a profile allows you to configure a wide range of features.

The General section allows you to enter a name for the profile and specify security settings - whether profiles may be uninstalled by users.

The Passcode section allows you to define security settings: whether a device requires a passcode to access it, how complex that passcode needs to be, how often it needs to be changed, whether passcodes can be re-used, how many attempts users may try to enter their passcode incorrectly, etc.

The Email section allows you to predefine POP and IMAP-based email account settings.

The Exchange section allows you to predefine Microsoft Exchange ActiveSync settings.

The LDAP section allows you to define directory access parameters.

The CardDAV section allows you to define address book access parameters.

The CalDAV section allows you to define calendar access parameters.

The Network section allows you to predefine wireless access point settings.

The VPN section allows you to predefine connection parameters for remote access accounts, including Juniper, Cisco, F5, as well as generic IPSec, PPTP and L2TP accounts.

The Certificate section allows you to add certificates to the configuration profile for installation onto the iOS clients.

The SCEP section allows you to define SCEP mobile device management server settings.

The Web Clips section allows you to package web URLs for installation onto iOS clients.

The Restrictions section allows you to disable specific functionality on the iOS clients including use of the camera the ability to install applications, use of Safari and YouTube and more.

The Subscribed Calendars section allows you to pre-subscribe users to shared CalDAV-based calendars.

The APN section allows you to predefine cellular connection settings.

Once all parameters have been configured, save the profile. Configured settings will be displayed in the list of available profiles:

Profiles can be accessed by users by browsing to the Lion server from their web browser - http://(Lion_Server)/mydevices/:

Or directly from their iPhone or iPad:

Once logged in, a list of available profiles will be displayed:

Which can be downloaded and installed onto the iOS device

MyWi for iPhone

The MyWi software for jailbroken iPhones adds the ability to use your iPhone as a wireless hotspot: to share the iPhone's cellular connection to the Internet with other wireless clients via WiFi.

Free to trial for 3 days, the application must then be purchased. Offering WEP security as well as the ability to specify a DHCP network range, the application always features a USB bridge option enabling you to use your iPhone's WiFi connection to the Internet (provided that it is connected to an access point that has access to the Internet) via USB from your laptop.

Data usage information is also available:

Wireless clients simply need to connect to the SSID broadcast by the device. The wireless network will be listed as a "computer-to-computer" network:

The MyWi application is available within Cydia on Jailbroken devices.

NTR Connect for iPhone

NTR Connect is a remote control solution for both Windows and Mac that enables you to remotely access your home or work PC from a web browser, or from your iPhone.
Similar in functionality to the better-known LogMeIn solution, whereas the LogMeIn client for the iPhone costs in the region of £18.00, the NTRConnect client is free.

The desktop agent is free to download, and account creation is also free and takes a few minutes. Visit www.ntrconnect to download and install the agent.
When run for the first time, you will be prompted to enter your account details and register the computer with the service, entering a descriptive name to identify the machine. Once installed, the agent runs on MacOS as a standalone application:

The client application for the iPhone can be downloaded free directly from the App Store. When launched, you will be prompted to sign in:

And you will then be displayed a list of registered computers:

Tapping the machine's entry will connect you to the computer:

A number of options are available, such as limiting the number of colours displayed to improve performance over low-bandwidth connections:

Piwik Web Analytics for iPhone

I have blogged previously about the open source Piwik web analytics software package, which enables webmasters to keep track of visitors to their web sites, including where those visitors came from, which search engines referred them, what keywords they typed in, which other web sites referred them or what marketing campaigns drove their traffic. In short, it's a great little utility and a worthy rival to Google Analytics.

A client is available for the Android platform which I have also blogged about previously.
It is also possible to access Piwik analytical data from your iPhone. Although the Android client can parse the web site data by accessing the standard Piwik URL, the method I have found for the iPhone whilst trawling the web, involves uploading an additional PHP-based component to the Piwik web site.

Download a ZIP file from this link - http://www.inovatis.fr/images/Piwik4iPhone0.11.zip

Extract the contents of the zip file and upload the contents to a subfolder of your Piwik installation called, say, "iphone".

Edit the contents of the config.php file to include the authentication key for your Piwik web site (located in the Admin --> Users section of the Piwik web interface) as well as the full URL to the new web site (along the lines of http://(piwik_web_server)/piwik/iphone/) - including a trailing "/".

Now from your iPhone simply open Safari and browse to the URL:

Setting up Exchange ActiveSync on the Apple iPhone

The information and screenshots in this guide were sourced from the Apple setup guide available for download from the Apple web site: http://www.apple.com/iphone/enterprise/integration.html

From the Home screen tap Settings

Tap Mail, Contacts, Calendars

Tap Add Account

Tap Microsoft Exchange

Enter your email address, domain, username and password. The description field can contain anything meaningful to you to identify the email account. "Work Email" might be an example.

Tap Next when all fields have been completed. The device will now attempt to ascertain the correct server settings to use automatically based on the email address entered. This feature requires Exchange 2007 and also requires that the 'autodiscover' feature is enabled and configured correctly. Should the device not be able to determine the server information automatically the following screen will be displayed:

Tap Accept.

Enter the server information and tap Next.

Select the folders which you want to synchronise. Tap Save to complete the setup procedure and begin the initial synchronisation with the server.

If your administrator has enforced a password policy on the server, you will be prompted to enter a password on the device:

Enter your desired password twice. You are now set up to synchronise with your Exchange server. Tap Next to configure further options:

Siax - set up your iPhone as a remote extension of an Asterisk PBX

Siax is a fully functional VoIP client for the iPhone, providing support for both SIP and IAX protocols, enabling you to make intra-office calls remotely via either 3G or WiFi connections directly from your iPhone. Interfacing with your existing contacts list and providing support for multiple VoIP accounts, Siax is very intuitive to use and easy to configure. Note, however, that Siax is not free, licenses costing in the region of £6, and also requires that your iPhone be jailbroken.

Configuring a SIP account

Within the Siax client, select More --> Accounts:

Select Edit followed by the option to Add a new SIP account, the following screen will be displayed:

Enter in the name or IP address of the SIP server as well as your extension's username and password. Enter in details of the SIP port to use if non-standard as well as proxy details if required.

Your account will now be listed, select the option to turn it on to initiate the connection to the server. If all goes well, the indicator will turn green to denote a successful connection:

Additional settings, including STUN and Codec information, can be defined in the Settings menu:

The keypad interface will list available connected SIP and IAX servers:

The Contacts list is a duplicate of the iPhone's own dialer application, and enables you to select which Siax account you wish to use when placing the call:

Taking screenshots of the iPhone

There are two simple methods of capturing screenshots of the iPhone.
The first method simply involves pressing and holding the home button by pressing the power button once. An image of the screen will be saved to the Photos folder automatically.

The second method involves downloading and installing the iPhone SDK from the Apple Developer web site.
Once installed, load the XCode application:

Connect the iPhone via the supplied USB cable, you will be prompted whether or not you want to use the device for development purposes:

Select to the option to Use for development

In the XCode Organizer window, click on the Screenshots tab:

You can now capture screenshots and save them to the Finder simply by dragging and dropping:

Use your iPhone as a WiFi remote with VLC Media Player on Mac OS X

The iPhone can be used as remote control devices for the free VLC Media Player application on both Windows and MacOS. In this post I am using a Mac Mini running Snow Leopard and VLC Media Player 1.0.5 ....and an iPhone 3GS running version 4.0 of the iOS.

Configure the Firewall

If your Mac's firewall is enabled, you will need to allow the VLC application to accept incoming requests - this is configured within the Security System Preferences:

Configure VLC Media Player

Within VLC Media Player on the Mac, select the option to add a Web Interface:

Now launch the VLC Preferences pane and select the option to view All Preferences. Scroll to Interface -> HTTP and enter in the IP address of the Mac's wireless adapter:

Configure the Wireless Router

If your wireless access point is configured to only allow specific MAC addresses, you will need to locate the MAC address of your iPhone (Settings --> General --> About) and add it to your access point:

Add this address to your wireless router.

Configure the iPhone

The VLC Remote application is free to download from the iTunes App Store.

Ensure that the iPhone is connected to the same wireless network as the Mac and is assigned an IP address on the same local network (or on a network that can route to the destination network). NOTE - the destination machine to be controlled does not itself necessarily need to be connected to the network wirelessly, provided that it is on the same network as the wireless access point.

Launch the VLC Remote application on the iPhone and select the option to Add a Computer. Add a new VLC Server and enter in the IP address of the Mac to be controlled:

You will now be connected to your Mac's VLC Media Player and be able to stop, pause and play media files as well as access any Playlists configured:

NOTE - to locate the IP address of the target machine, on that machine open the Network System Preferences and open the Advanced properties of the network adapter:

Limited additional options are available, including how far ahead a skip command takes you:

Using AirPrint from an iPhone or iPad via Printopia

AirPrint, included with the release of version 4.2 of the iOS software for the iPhone and iPad, is Apple's technology enabling wireless printing directly from your iOS device to an AirPrint-capable printer.

Bizarrely, at the time of writing Apple's own AirPort device does not support AirPrint, but a solution is available in the form of Printopia if you don't have an AirPrint-capable printer of which there are few. Unfortunately this does require that you have a WiFi-capable Mac desktop or laptop powered on and connected to the printer, but allows you to share any printers installed on the Mac from your iOS device.

Install Printopia onto the Mac. An icon will be added to the System Preferences pane:

Share the printers that you want to be available to the iOS device.

From the iOS device, select the option to print the item you want, be it an email, photo or document:

You can now select which printer you wish to use as well as how many copies you want to print:

Tap on Select Printer, the iOS device will search for available printers:

After a few moments the printers shared by Printopia will be listed:

Select the printer you want to use, your file will be sent:

If your list of printers is empty, ensure that the wireless network you have connected to is the one that your desktop Mac is connected to. If using wireless repeaters, or the Mac is connected to the local network via ethernet, ideally both the iOS device and the Mac should have an IP address in the same subnet.
If all else fails, on the WiFi-capable Mac create a computer-to-computer network and set the iOS device to connect to that:

Visit the Printopia web site for more details and updates.

Using Apple's AirPlay technology from the iPhone with an AirPort Express station

Apple's AirPlay technology, included with the release of iOS 4.2 for the iPhone and iPad, it is possible to stream music directly from your iOS device to a set of audio speakers (or an amplifier) connected to an Apple AirPort Express device. At the time of writing there are only a limited number of AirPlay-enabled speakers, but the AirPort module can be connected to any set of portable speakers or an amp via a standard 3.5mm connector.

Connect to the AirPort module and ensure that the AirTunes feature is enabled:

From the iOS device, connect to the wireless network provided by the AirPort device, or to the same wireless network that the AirPort is on if it is acting as a repeater. On the iOS device launch the iPod application and select to play a track. Now, in addition to the standard play and pause commands, you will see an icon to select a remote device:

Tap on the icon to display a list of all available playback devices:

You are now streaming your music wirelessly.

Using the iPhone as a Bluetooth Modem on MacOS X

In order to use the iPhone as a modem (to "tether" it with your laptop), you will first need to activate the service on your account with your mobile operator.

When activated, you will have the option of enabling Internet Tethering in the Network Settings menu:

To use the iPhone as a modem via Bluetooth, you must first turn on the Bluetooth service on the device, this is located under the General settings menu:

Once Bluetooth is activated, you can then enable the Internet Tethering:

On the Mac, launch the Setup Bluetooth Device wizard:

The Mac will then search for available Bluetooth devices within range and display a list of those devices it can detect, select the iPhone:

The Mac will generate a random PIN for the Bluetooth connection:

Enter the same PIN onto the iPhone when prompted:

The Mac will install a new Bluetooth network adapter for the connection:

Select the option to open the Network Preferences, the new Network Adapter will be displayed:

To initiate Internet sharing from the Mac, press the Connect button:

After a few moments your Mac will be connected to the Internet via the iPhone's data connection. You can now close the Bluetooth Setup wizard:

Using the iPhone as a USB Modem on Mac OS X

In order to use the iPhone as a USB modem (to "tether" it with your laptop), you will first need to activate the service on your account with your mobile operator.

When activated, you will have the option of enabling Internet Tethering in the Network Settings menu:

The iPhone also supports modem tethering via Bluetooth, if using the device via USB only select the option for USB only

Connect the iPhone to your Mac with Tethering turned on, the Mac will detect a new network adapter automatically:

Select the option to Open Network Preferences, the new Network Adapter will be listed:

Select the option to Apply the changes. Your Mac will now be connected to the Internet via your iPhone's data connection.

Using the iPhone as a WiFi remote for iTunes

Using the free Apple Remote application, available for download from the iTunes App Store, it is possible to remotely access your iTunes library on the desktop and search for, play, stop, pause and skip tracks.

The iPhone will need to be connected to the same wireless network as the desktop computer, and the computer will need to be configured to accept incoming connections to iTunes on any firewall software that is running.

Launching the iPhone application will prompt you to add a library:

You will assigned a 4-digit code to use to complete the pairing process. The application will then search for all available iTunes instances on the same local wireless network. In iTunes on the desktop, the option to enable a Remote Device will be displayed:

Selecting the device will prompt you to enter the same 4-digit code into the computer:

The iTunes library will then be displayed on the iPhone:

And you will be able to browse and control the playback of your music:

VManage for iPhone

VManage for iPhone is an application that enables remote management of a VMWare infrastructure, allowing administrators to power virtual machines on and off while out of the office, view status of machines and track any alerts.

For more information, view the application's entry in the iTunes Store Here

I have only used the application against the free VMWare Server product, both versions 1.x and 2.x, but Virtual Center and ESX Server are also supported.
When used with VMWare Server, the server will need the web server component installed, and access through to the server allowed on any firewalls on TCP port 8333.

Once installed on the iPhone, the server address is configured under the Settings menu rather than within the application itself:

Enter the server address in the form https://(vmware_server):8333/sdk/

Enter any authentication information required, this can be either Windows authentication details or a Linux user account depending on your infrastructure.

Once configured, the application can be launched:

Provided that the client can access the server - note if a VPN connection is required, be sure to initiate the connection before launching the VManage application - a list of available virtual machines will be displayed:

Status information on individual virtual machines can be viewed:

And machines can be powered off and on:

On the Hosts tab you can view status information on the VMWare server itself, including memory usage:

On the Tasks tab you can view the success or failure of actions:

The application is quite limited in its functionality, but hopefully additional features will be added in the future. It is worth noting that the web interface of the VMWare server can be viewed directly in the Safari web browser on the iPhone.
For additional functionality, the Rove Mobile Admin solution may be worth considering - www.roveit.com

Viscosity OpenVPN client for MacOS

OpenVPN is a free, open source SSL-based virtual private networking solution that I have posted about previously (http://blog.brightpointuk.co.uk/openvpn). Although it is possible to configure access to an OpenVPN server from a Mac manually, and there are free GUI-based clients available, such as Tunnelblick (http://code.google.com/p/tunnelblick/), these require that you create the connection script manually and have a working knowledge of how the OpenVPN server has been deployed.

Viscosity (http://www.viscosityvpn.com/) is a GUI-based VPN client for the Mac that is easy to configure and unobtrusive when running. Connection settings can be installed in a single package for enterprise deployments and the client can be integrated the Growl notification platform for MacOS.

Multiple connections can be defined. Creating a connection, assuming that the OpenVPN server has been deployed with the standard configuration, requires simply that you enter in the name or IP address of the server, and specify the path to your key files:

Should you wish to adjust the default settings, advanced configuration options are available:

Once created, connections can be launched quickly and easily directly from the menu bar:

You will be prompted to enter your password (which can be saved to the Keychain if you do not wish to be prompted for it again):

Once connected the menu bar icon will change to reflect the connection status:

Read more on the Viscosity web site.

What's new for the Enterprise in iPhone OS 4?

The next version of the iPhone operating system, and a new iPhone model, is expected this summer. Current iPhone 3G and 3GS models will be upgradeable to the new OS. So how can the Enterprise expect to benefit from the next version of the iPhone?
I have blogged previously about the Exchange and Device Management capabilities of the current platform, but when compared with solutions such as BlackBerry and Windows Mobile / Windows Phone, the iPhone does not provide all of the integration and security features that help IT administrators sleep at night.

Apple have detailed the new business features that iPhone OS 4 will include on their web site - http://www.apple.com/iphone/business/preview-iphone-os/

New features include:

Multi-tasking

• Application developers will be able to access up to 7 multi-tasking engines, crucially enabling the holy grail of running applications in the background. This has significant implications for device management vendors as it means their client application will be able to run permanently in the background and will not be circumvented each time the user, say, receives a phone call as happens with the current 3.x platform. Messaging and other notification-based services will also benefit from this welcome addition. From a simple usability perspective it means you'll be able to listen to music whilst trawling through emails, or reading an e-book (see below).

Data Protection

• Email messages and attachments can be encrypted using the device passcode as an encryption key

Wireless application distribution

• OS 4 will support OTA delivery of corporate-hosted applications via either WiFi or 3G without requiring users to connect their device to iTunes on a PC or Mac

Exchange Email

• Multiple Exchange ActiveSync accounts will be supported as well as official support for Exchange 2010 server. A new unified Inbox displays all messages in one location, as well as allowing users to view messages by account if preferred

Device Management

• In addition to the existing iPhone Enterprise Configuration Utility, which provides the IT administrator the ability to create device configuration profiles including Exchange ActiveSync, password, VPN and WiFi settings as well as hardware and software restrictions, iPhone OS 4 will include APIs to enable third party device management solutions to configure devices

SSL VPN Support

• In addition to the PPTP, L2TP and Cisco IPSec VPN client capability of the iPhone, OS 4 will also provide support for SSL VPNs. Apple reference support for the Juniper and Cisco SSL VPN solutions, personally support for the OpenVPN solution would be attractive.

For general users, the iPhone OS 4 will also offer the ability to arrange application icons into folders, and it will be possible to install a greater number of applications on devices.
The iBooks application will allow users to browse for, download and read e-book publications on the device and sync those books with the desktop via iTunes.

The addition of multi-tasking for the iPhone, and the opening up of API integration to Apple's own configuration provisioning utility will hopefully open up a wealth of device management capabilities for the platform.
Personally, for the business user on the go I would like to see enhancements to the Exchange email client, including the ability to define synchronisation schedules (as opposed to simply 'on and off') as well as the ability to edit Out Of Office message text and status (as is already possible on the Android platform if you're lucky enough to have the HTC Desire or any of the Microsoft Windows Phone devices)

iPhone OS 4 is expected for release this summer.

What's new for the enterprise in OS 3.0 for the iPhone?

Version 3.0 of the iPhone operating system is now available for download from Apple. This latest release of the OS brings several new features including MMS support, Copy & Paste, Search, USB tethering (modem usage), among others. But what about for the enterprise: will this latest OS make the handset more attractive to system admins who until now may have preferred Windows Mobile, Symbian or BlackBerry?

I have blogged previously about the iPhone Enterprise Configuration Utility (http://blog.brightpointuk.co.uk/enterprise-deployment-iphone-xml-configu...), which allows you to define common settings relating to password usage, Server ActiveSync, VPN profiles, Wireless Access Points and Certificates and save that set of configurations to a unique XML-based package that can then be rolled out to any number of devices. The iPhone Configuration Utility version 2.0 has been updated to include the new features available in this new version of the operating system.

Here are some of the highlights:

• CalDAV calendar wireless syncing is now supported - enabling read-only access to shared calendars or colleague's calendars using the CalDAV protocol (note - this does not apply to Microsoft Exchange)
• LDAP server support for contact look-up in mail, address book and SMS - meaning that you start to type in a contact into an email or text message, then have the device query a corporate address book for any matches
• Configuration profiles can be encrypted and locked to a device so that their removal requires an administrative password
• iPhone Configuration Utility 2.0 now allows you to add and remove encrypted configuration profiles directly onto devices that are connected to your PC by USB
• Online Certificate Status Protocol (OCSP) is now supported for certificate revocation
• On-demand certificate-based VPN connections are now supported
• VPN proxy server information can now be defined via the configuration utility
• Microsoft Exchange users can invite users to meetings
• The camera can be disabled via a device configuration policy
• The length of time a device can be left unlocked with no user interaction can be defined via a device configuration policy
• Email messages and calendar events can be searched on the local device
• Email can also be searched remotely on Exchange 2007 or IMAP servers or the MobileMe service
• Email subfolders can be synced via Server ActiveSync
• GPRS / 3G / WiFi proxy server information can now be defined via the configuration utility
• Cisco IPSec VPN infrastructure is now supported
• 802.1x EAP-SIM wireless authentication protocol is now supported
• Devices can now be authenticated and enrolled over the air using a Simple Certificate Enrollment Protocol server (SCEP)
• Web Clips can be installed onto devices via the configuration utility. Web Clips are added to the Home Screen and provide users fast access to favourite web pages
• iTunes can now store device backups in encrypted format (iTunes version 8.2 or later)

More information can be found online in the Apple iPhone Enterprise Deployment Guide available for download here - http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf

It is perhaps important to note the features that are NOT available on the iPhone when used in conjunction with an Exchange server:

• Task synchronisation
• Editing Out of Office message text

As before, when activating a new iPhone device, unless the SIM card has been activated already, the device must be connected to a PC with iTunes installed to complete the activation process.

The iPhone Configuration Utility can be downloaded from the Apple web site for both Windows and Mac platforms - http://www.apple.com/support/iphone/enterprise/

Winebottler - run Windows apps on MacOS

It is already possible to run Windows on Mac computers, either by booting into the operating system via BootCamp, or by running a virtualised machine image using tools such as Microsoft Virtual PC (for PowerPC Macs) or Intel-based tools such as VMWare Fusion and Parallels Desktop. Applications can even be run in individual windows on the Mac desktop without the need to see the entire Windows desktop.

One drawback of this approach is that the entire Windows operating system needs to be loaded in the background, so that even if you are only accessing a relatively small application, a lot of the Mac's memory and processor performance is being utilised.

Wine

Ever since Apple began using Intel processors in their computers, an open source project known as Wine has made it possible to run Windows applications on MacOS directly, independently of the Windows operating system.

Wine works well on both MacOS Tiger (10.4) and Leopard (10.5), but not so well on Snow Leopard (10.6) - individual pre-requisite packages needing to be manually compiled to run in a 32-bit environment rather than default 64-bit: I'll come onto Snow Leopard in a moment.
You must be using an Intel-based Mac in order to use Wine, will require the XCode tools installed from the OS X installation disc, and will also require MacPorts installed (http://www.macports.org)

Once MacPorts has been installed, configure the PATH environment for your user account with the following command in Terminal:

echo export PATH=/opt/local/bin:/opt/local/sbin:\$PATH$'\n'export
 MANPATH=/opt/local/man:\$MANPATH | sudo tee -a /etc/profile

You can now download and install Wine and all pre-requisite packages with the following command:

sudo port install wine-devel

Alternatively you can use an application such as PortAuthority (http://www.apple.com/downloads/macosx/unix_open_source/portauthority.html) to manage your MacPorts via a GUI:

Once installed, a virtual Windows environment will be created in a hidden directory in your User folder on the Mac called 'Wine':

To run a self-contained Windows executable file, such as MineSweeper, say, simply save the EXE file to your Mac somewhere, then load the Terminal and navigate to that folder. Run the file using Wine with the following command:

wine winmine.exe

If all has gone according to plan, you will see MineSweeper load in an X11 window:

If you want to install a Windows-based application, follow the same procedure, except copying the installer file to the Mac and invoking it via Wine at the command prompt:

wine setup.exe

In this example I'm installing the VMWare Server Console for Windows application. By running the setup.exe in Wine I see the installer wizard in an X11 window:

Once installed, you will see the new program files in the virtual Windows environment in the Wine directory:

You can now locate the installed program EXE file and launch this within Wine using the same command format in Terminal:

wine vmware.exe

Clever stuff.

WineBottler

WineBottler (http://winebottler.kronenberg.org/) is the new home of the Wine project and has added a GUI to the platform as well as Snow Leopard support. The package is still in beta stage at the moment and still requires an Intel processor and the XCode tools to be installed on your Mac.

Once installed on the mac, EXE files are associated with Wine automatically:

Running an EXE file will prompt you whether or not to just run the file, or to create an application installation package:

Again, running a self-contained application such as Notepad.exe, will simply load:

If you want to install an application, the procedure is slightly different. Within WineBottler you can create what are called 'Prefixes'. The procedure in the background is effectively the same, but Bottler allows you to add an icon for the application in your Mac Applications folder, and add pre-built Wine ports of pre-requisite Microsoft software, such as the DotNet Framework, to that application.

To create a Prefix, launch WineBottler:

Browse to where you have saved the installer EXE file (or MSI files are also supported, although I haven't tried one yet):

Specify the name of the resulting .app package you want to create as well as where to put it:

The package will then run the installer and you will see the installer in an X11 window as before:

Once the installer has completed, should the Windows application contain more than one EXE file in the Program Files directory, you can specify which one should be launched:

The prefix is then created, and an icon added to the Applications folder, using the appropriate icon:

Just amazing!

Within the WineBottler application are also links to download pre-compiled Prefixes, including builds of Internet Explorer 7 and 8.

Prefix packages can also be built to include all of the required Microsoft packages as well as the Wine package itself, so that built files can then be run on other Macs that don't have Wine installed.

If you have resisted seriously considering using the Mac platform because of that 'one app' that only runs on Windows - this may be a solution for you.

iPhone OS 4 Exchange ActiveSync Hotfix

Since the release of version 4 of the iPhone operating system (iOS4), there have been a number of reports of an inability to synchronise with Microsoft Exchange, or intermittent synchronisation failures coupled with administrators reporting increased load on their Exchange servers.

Whilst I have not experienced this problem myself, the issue has been tracked back to the default time interval within which the iPhone will attempt to synchronise with Exchange before timing out and initiating a new session. Apple have released an updated configuration profile which increases this period to 240 seconds which is hoped to resolve the issue.
The issue is detailed on the Apple web site in support article 3398 (http://support.apple.com/kb/TS3398) and the configuration profile is available for download here - http://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/TS3398/Defau...

The "mobileconfig" file can be emailed to users and installed onto the device simply by selecting it, or users can paste the above link into the Safari web browser on the iPhone itself.

Once installed, the device should be powered off and on again to apply the new profile.

Google have also responded to reports from users of an inability to synchronise GMail accounts via the Exchange ActiveSync protocol from iOS4 devices by applying an update to their mail servers. It is now possible to sync GMail using the following details:

• Exchange Server Address - m.google.com
• Username - full Google email address
• Password - Google account password
• Domain - (optional) google

After installation, the new profile will be listed (and can be removed) under Settings --> General --> Profile.