OS X: Deleting User Folders

OS X, System Administrator No Responses »
Jun 142010

I could have sworn that i had already posted this but it looks like i didn’t.  I posted the group policy we use to clean up users on our lab/library PCs, but we are actually mostly Mac os x. So I wrote a short bash script that can be sent out to the OS X computers through apple remote desktop.

I will give you the same warning i give my techs before they run this. You are deleting everything saved by any user not explicitly listed with a Username) echo “–saved i$” ;; section. Be 100% sure that no one has saved anything to their desktop or anywhere else in their local profile before running.

I make no claims that the code is pretty, just that it works.

#!/bin/bash

clear
echo "Cleaning up users ...";

cd /Users

for i in *;
do [ -d $i ] &&;
case "$i" in
admin)
echo "-- Saved $i";
;;
Administrator)
echo "-- Saved $i";
;;
Shared)
echo "-- Saved $i";
;;
techstaff)
echo "-- Saved $i";
;;

*)
rm -rf $i
echo "-- Deleted $i";
;;
esac
done

echo "...done";

You’ll need to create a case statement for each of the local accounts that you want to keep.

You can run it a few ways:

  • The quickest would be to copy the script into the unix shell script portion of Apple Remote Desktop and send it to a handful of computers.
  • You can also copy the script to a file and copy it out to all of the computers and then run it.  If the file was called cleanuser.sh and you copied it to /tmp/, you would run these lines through the unix script part of ARD.

chmod +x /tmp/cleanuser.sh
/tmp/cleanuser.sh
  • Least desirable would be to copy the script to a file and then manually run it on each individual computer.  Same two lines from above in terminal will run the script.
Posted by randerson at 9:00 am Tagged with: , , ,

OS X: Changing Account Password through ARD

OS X, System Administrator No Responses »
Jun 122010

In my ongoing battle to standardize our environment, I went to one of our schools to
reset the admin password on all of the computers. I sent the below command using
apple remote desktop’s unix command section.

passwd admin
Secretpassword
Secretpassword

I put the password twice because you have to confirm the new password. You could
substitute any local account for admin and reset it’s password as well.

Of course, all of this assumes you know a current account that has access to run
commands through remote desktop on all of computers.

Posted by randerson at 8:11 am Tagged with: , ,

Scripting: Creating users in OS X

OS X, scripting, System Administrator 2 Responses »
Mar 262010

Before i started working at my current job, they didn’t have a central person managing the systems and standardizing configuration, which meant it didn’t happen. The Tech personnel at each location would setup the computers however they wanted, which meant that no two computers were setup the same way. The problem with this was that trying to administer these systems now was difficult as no one was ever sure of what the administrator password or account name was. Luckily the building techs use Apple remote desktop regularly and even if they can’t tell you what the password for the computer is, they had added it to their computer list in ARD, which allows us to copy files and run commands on these computers. so i wrote the following script file for the them to copy out and run on their computers to create a TechStaff user, grant it admin privileges and rights to manage the computer over Apple Remote Desktop.

UserFound=$(dscl . -list /Users | Grep techstaff)
UserFound2=$(dscl . -list /Users | Grep techstaff)
if [ "$UserFound" = "" ] && [ "$UserFound2" = "" ]; then
	echo "Create techstaff..."
	#Create a new entry in the local (.) domain under the category /users.
	dscl . -create /Users/techstaff
	#Create and set the shell property to bash.
	dscl . -create /Users/techstaff UserShell /bin/bash
	#Create and set the user’s full name.
	dscl . -create /Users/techstaff RealName "Tech Staff"
	#Create and set the user’s ID.
	dscl . -create /Users/techstaff UniqueID 555
	#Create and set the user’s group ID property.
	dscl . -create /Users/techstaff PrimaryGroupID 1000
	#Create and set the user home directory.
	dscl . -create /Users/techstaff NFSHomeDirectory /Local/Users/techstaff
	#Set the password.
	dscl . -passwd /Users/techstaff MyPassword
	#give User Admin access
	dscl . -append /Groups/admin GroupMembership techstaff
	#Grant User Access through Remote Desktop
	/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users techstaff -privs -all
else
	echo "Found techstaff..."
fi

I then had them use the copy function of Apple Remote Desktop to copy this file to /tmp.
Copy File Settings for Apple Remote Desktop

What i had them do was choose all of the computers in their all computers list and choose to copy that file to all of them, knowing that it would fail on the ones that weren’t on, etc. on the results screen for the copy, sort the result column so you have all of the successful computers at the top and choose those. Using the Unix function of Apple Remote Desktop, I had them send the following three lines to those computers as root:

chmod +x /tmp/SCT2.sh
/tmp/SCT2.sh
rm -f /tmp/SCT2.sh

These lines make the script executable (chmod +x /tmp/SCT2.sh), run the script (/tmp/SCT2.sh), and then delete the script (rm -f /tmp/SCT2.sh).

The resulting output from running these lines will be one of two things, either a line saying that it found a techstaff user already on the computer, or a line that it’s creating techstaff and then the results of commands to create the user and give it permissions.

Posted by randerson at 8:00 am Tagged with: , , ,
© 2013 Suffusion theme by Sayontan Sinha