Download older versions of macOS Server App from the Apple App Store

I recently set up a new Mac mini server for a client. macOS High Sierra was released 3 days ago, however the server shipped with macOS Sierra and I thought it prudent to stick with tried and tested 10.12 rather than launch into the wild, blue yonder with a 3-day old 10.13 setup.

This was all well and good until it came to downloading from the App Store.

I logged in with the client’s general-purpose Apple ID and went to purchase from the App Store. With the new release of macOS, had just been bumped to v5.4 which only supports 10.13. The App Store would not let me purchase as I was running 10.12.

There are two ways around this problem. They both result in the machine with 10.12 being able to download the previous version of that is compatible.

You can either sign in to a machine running 10.13 with the general Apple ID and purchase (but not download) the software, or if you have purchased previously on another Apple ID, sign in with this one.

Once you sign in to the App Store on the 10.12 machine with an account that has already purchased, you can click on the Install button in the Purchases history and then you’ll be informed that this version won’t work with your version of macOS, do you want to download a previous version.

Answer yes to this, the download starts and you can happily set up on an older version of macOS.

Create Windows Installation Media to Boot via USB in UEFI Mode

I’m setting up a HP Server and didn’t configure it with an optical drive. No problem, I thought, just boot it off a USB. Easy. Not so much… This was considerably more difficult than it really should have been.

I’m wanting to install Windows Server 2016. I want to install in UEFI mode, not in BIOS mode. I also want to boot off a USB.

I created the installer USB from an iso I downloaded from Microsoft. Couldn’t boot. I tried many different variations and without exception, I couldn’t boot from them. In desperation I tried to boot off the Windows 10 installer. It booted first go.

I was using my favourite media creation tool, Rufus, to create an install USB. This wanted to create an install USB with an NTFS file system. The installation media for Windows Server 2016 has an install.wim file that’s over 4 GB in size. The installation media for Windows 10 has an install.wim file that’s less than 4 GB. So, therefore I need NTFS to hold the files? Right?

Not so fast. As it turns out, the UEFI firmware can’t boot off a NTFS filesystem.

The Windows 10 installer (created from the Microsoft Media Creation Tool) actually has a FAT32 filesystem on the USB. The Windows Server 2016 installer however needs to be NTFS. But I can’t boot UEFI from NTFS. I tried booting the server in BIOS mode to see if that was the issue and sure enough, it booted up off the Windows Server 2016 USB stick.

After much searching for a solution and trying to boot time after time (and listening to the fans wind up like the server was preparing to take off every time) I found a PowerShell script that Emin had posted on their blog that would create an installer on USB with a FAT32 filesystem and use the Microsoft dism tool to split the install.wim file into less than 4 GB chunks.

How to create UEFI bootable USB media to install Windows Server 2016

I’ve copied the script here just in case the source blog disappears – but basically this did the trick for me.

Later on, I then found out that HP have a USB Key Utility that can make a bootable USB from a CD/DVD or iso, but I haven’t had a chance to test if it does the same thing as the script below.

# minimum size of USB stick 5.29GB

# Set here the path of your ISO file
$iso = ‘C:\Users\Kai Howells\Downloads\SW_DVD9_Win_Svr_STD_Core_and_DataCtr_Core_2016_64Bit_English_-3_MLF_X21-30350.iso’

# Clean ! will clear any plugged-in USB stick!!
Get-Disk | Where BusType -eq ‘USB’ |
Clear-Disk -RemoveData -Confirm:$true -PassThru

# Convert GPT
if ((Get-Disk | Where BusType -eq ‘USB’).PartitionStyle -eq ‘RAW’) {
Get-Disk | Where BusType -eq ‘USB’ |
Initialize-Disk -PartitionStyle GPT
} else {
Get-Disk | Where BusType -eq ‘USB’ |
Set-Disk -PartitionStyle GPT

# Create partition primary and format to FAT32
$volume = Get-Disk | Where BusType -eq ‘USB’ |
New-Partition -UseMaximumSize -AssignDriveLetter |
Format-Volume -FileSystem FAT32

if (Test-Path -Path “$($volume.DriveLetter):\”) {

# Mount iso
$miso = Mount-DiskImage -ImagePath $iso -StorageType ISO -PassThru

# Driver letter
$dl = ($miso | Get-Volume).DriveLetter

if (Test-Path -Path “$($dl):\sources\install.wim”) {

# Copy ISO content to USB except install.wim
& (Get-Command “$($env:systemroot)\system32\robocopy.exe”) @(

# Split install.wim
& (Get-Command “$($env:systemroot)\system32\dism.exe”) @(

# Eject USB
(New-Object -comObject Shell.Application).NameSpace(17).ParseName(“$($volume.DriveLetter):”).InvokeVerb(‘Eject’)

# Dismount ISO
Dismount-DiskImage -ImagePath $iso

Install FileMaker Server 16 on a Mac with macOS v5

The installer for FileMaker Server 16 refuses to install on a Mac if Apache is running. It doesn’t check what ports Apache has grabbed, just the fact that Apache is running is enough for the installer to bail out.

If you have running on your Mac, even if all web services are turned off or disabled, you will still have Apache running.

This situation is laughable. Apple’s subsidiary, FileMaker Pro, is making software that with a few tweaks could co-exist perfectly with macOS and it’s Apache reverse proxy, but they don’t.

A quick hack to at least get you through the installer is to run the following command in the Terminal before running the installer, and then killing it when your’e done.

while sleep 5; do sudo killall -9 httpd; done

Just make sure you don’t then enable FileMaker Server’s web services, or if you do that you don’t use a port that uses (namely 80 and 443 and a few others) and you should be good to go.

Configuring macOS v5 to bind to a particular IP Address

It’s long been a painful thing for me that macOS not only binds to all IP addresses on a system, but takes port 80 and 443, even if all web-related services are off. It’s also a major annoyance that while Apple have published methods for having your app sit behind Apache as a reverse proxy in, no one uses this functionality, not even Apple’s own subsidiary FileMaker Pro.

Actually, it’s even worse than this, the latest version of FileMaker Pro absolutely refuses to install on a Mac with installed – claiming that the installer can’t even run when Apache is running. On a Mac with installed, you can not completely shut down Apache using anything in the GUI, it’s simply impossible to do so.

Now that I’ve got that rant out of the way, John over on the Rumpus blog has written up a post describing how to get to bind to a particular IP. This is helpful if you want something else, such as Kerio Connect, to be able to use port 80 and 443 on a different IP on the same machine

The basics, reproduced here in case the link ever goes down, are:

In /Library/Server/Web/Config/apache2/httpd_server_app.conf find the line that looks like this:

Remove the comment and set the IP address to the address that you have assigned to Apache. For example, if the address you have assigned to Apache is “”, you would change the line to:

Save the change, close the file, and then open the file:

In this config file, you will find “listen” configuration settings for several ports, including 80, 443, 8008, 8800, 8443 and 8843. Alter them so that instead of an asterisk, the Apache address is specified. To set OS X Server’s proxy service to bind only to the example address “”, the “listen” config section would look like this:


Enable Retina / HiDPI modes for a Mac mini plugged into a 4K HDTV

This one is pretty short and simple once you get down to it.

I recently set up a client’s boardroom with a really sweet 75″ Sony 4K Android TV, a Logitech Group video conferencing webcam, a Mac mini and a Sonos Playbar. Everything was really sweet, except that the Mac mini refused to treat the TV as a Retina or HiDPI screen.

The result of this was that the Mac mini would use the TV at it’s native resolution – it saw the TV as a monitor running at 3840 x 2160. What I wanted it to do was treat it as a 1920 x 1080 display, but in Retina mode, so UI elements would be a reasonable size from across the room but text and graphical elements would still be sharp.

I was able to enable HiDPI modes by first running the following command in Terminal:

sudo defaults write /Library/Preferences/ DisplayResolutionEnabled -bool true

Once this had been applied, I rebooted and logged in again. Then, when I went into my Displays preferences, instead of selecting Resolution: Best for built-in display, I held down the Option key and clicked on Scaled.

Scrolling down to the bottom of the list revealed the HiDPI modes – I selected 1920 x 1080 (HiDPI) and voila! I was running in Retina mode and could comfortably use the Mac mini from across the other side of the room.

Keyword Searches for Email Discovery in Kerio Connect mailserver

I recently had a client with a huge amount of email stored in Kerio Connect and they needed to perform discovery against some mailboxes with a lot of email in them. It was desirable to retain the folder structure, however the emails were spread across a large number of folders across 3-4 different user accounts.

I resorted to searching and gathering the raw .eml files from the Connect mail store. The limitation of this is that it’s a raw text search, I’m not doing any Base 64 decoding nor am I decoding any file formats in attachments, so it’s really only searching the headers and body of the email, not any attachments.

First, I created a text file with a list of the keywords – one per line. Then, I used this as a list of search terms for grep and passed the filenames that matched to rsync to copy them to another folder, retaining the existing folder structure.

21 GB of results later, someone who isn’t me now has their work cut out for them to go through the emails.

The command I came up with to to this is (all on one line)

grep -i -I -Z -r -l -f /Users/admin/Desktop/grep-patterns.txt /Volumes/Data/kerio/mailserver/store/mail/ | xargs -I{} rsync -Rv {} /Volumes/Data/Email\ Discovery/201707/

If you’ve got a better way to do this, please let me know! I’m aware that you can run searches in the Kerio Connect Client (aka webmail) however this doesn’t provide any way to export the emails as .eml files nor does it handle large amounts of results very well (the list of emails are paginated). You can also search in or Outlook however again, this is a manual process and exporting the emails and retaining the folder structure is difficult. Exchange (and, by extension, Office 365) has legal discovery and litigation hold features, but all of this email is in Kerio Connect.

Firefox for Mac gets stuck on installing your updates…

Firefox for Mac can get stuck in an update loop if you have been using an older version and it’s downloaded a new version to install, but before it gets to install it, you manually update to a new version.

The symptom is that it gets stuck with a dialog box saying “Firefox is installing your updates and will start in a few moments”

You can force-quit the updater app, but whenever you launch Firefox, it comes up again.

Deleting everything related to Firefox or Mozilla in the ~/Library/Application Support folder doesn’t fix this, nor does deleting preferences.

What you actually need to do is go into ~/Library/Caches and delete the Mozilla and the Firefox folders (you may not need to delete both of them, but I didn’t try just one).

Then relaunch Firefox and it should start up as normal.

Set access permissions on Resource Calendars in Office 365

I’ve set up another client on Office 365 recently and they have a couple of resource calendars – one for the Boardroom and one for the Meeting Room.

What they wanted to do that was a bit different was to have both of these calendars visible in the Apple Calendar app (or what used to be called iCal). If you add people to the resource calendar as a Delegate in Office 365, then you can view the calendar in Calendar app, but everyone gets read/write permissions, which is prone to human error and not what we wanted.

We need to have users added to the resource calendar with Reviewer level or higher permissions in order to be able to add the calendar as a delegate calendar in Calendar app. I tried adding people to the calendars at various points in the Office 365 portal and the Exchange portal, but to no avail.

What I needed to do was break out the trusty PC and tell Office 365 exactly what to do with PowerShell.

First, I logged into Office 365 as the tenant’s admin account and had a look at the existing permissions:

Get-MailboxFolderPermission -Identity boardroom:\Calendar

This gave me a list of who had what permissions:

FolderName   User         AccessRights
----------   ----         ------------
Calendar     Default      {LimitedDetails}
Calendar     Anonymous    {None}
Calendar     Kai Howells  {Editor}
Calendar     Someone Else {Editor}

As you can see, the Default user has LimitedDetails – this equates to being able to see free/busy and event titles but nothing more (I think).

I could then change the default permissions to Reviewer (see free/busy and see full event details) and also set someone (me in this example) to be the Owner so they could edit the permissions via Outlook in the future if required.

Set-MailboxFolderPermission -Identity boardroom:\Calendar -User Default -AccessRights Reviewer

Set-MailboxFolderPermission -Identity boardroom:\Calendar -User khowells -AccessRights Owner

After checking the permissions with Get-MailboxFolderPermissions, I could see it had updated:

FolderName   User         AccessRights
----------   ----         ------------
Calendar     Default      {Reviewer}
Calendar     Anonymous    {None}
Calendar     Kai Howells  {Owner}
Calendar     Someone Else {Editor}

Now that this has been done, I’m going to try adding the resource calendars back into Calendar app as a delegated calendar and it should show up with Read Only access.

Apple’s new MacBook Pro – cheaper in Australia than the USA?

We’ve hit an unusual point with pricing on Apple’s latest equipment that was announced at WWDC on 5th June (6th June Australian time).

Looking at the price on the top-spec MacBook Pro 15″ as an example, it is significantly cheaper to purchase this laptop in Australia than in the USA.

In the USA, the laptop is $2,799 USD without tax. Including NYC’s 8.875% tax this bumps it up to $3,047 USD.

In Australian spondoolas the same laptop us $4,099 AUD including GST.
Taking off the GST gives us approximately $3,725 AUD.
Converted to USD (via Westpac’s FX rates this morning) gives us $2,655 USD.

Disk-Arbitrator – Mount disks read-only on macOS

Disk Arbitrator is a Mac OS X forensic utility designed to help the user ensure correct forensic procedures are followed during imaging of a disk device. Disk Arbitrator is essentially a user interface to the Disk Arbitration framework, which enables a program to participate in the management of block storage devices, including the automatic mounting of file systems. When enabled, Disk Arbitrator will block the mounting of file systems to avoid mounting as read-write and violating the integrity of the evidence.

It is important to note that Disk Arbitrator is not a software write blocker—it does not change the state of currently attached devices nor does it affect newly attached devices to force a device to be read-only. The user still must be careful to not accidentally write to a disk with a command such as “dd”. Owing to this fact, a hardware or software write-blocker may still be desirable for the most sound procedure. Disk Arbitrator compliments a write-blocker with additional useful features and eliminates the typical forensic recommendation to “disable disk arbitration.”