OS X:IP\System information on 10.7 Login Window

OS X, System Administrator No Responses »
May 232012

under 10.6 and previous versions of OS X you could click on the text on the login window and cycle through information about the computer (Serial number, Name, IP, Network accounts, …).  This was done away with under 10.7.  You regain the ability to retrieve this information from the login window with the below line of BASH:

defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName

This will need to be run with root permissions, so either use su or sudo to run this in terminal on the machine (i.e. sudo defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName) or you can send it to a few computers through apple remote Desktop using the unix button.  Make sure you choose to have it run as root on the remote computer.

Once you run this on a machine, you can now click on the clock in the upper right hand corner and it will cycle through the computer name, OS Version, and IP Address next to the clock with each click.

I like to give credit that i found this tip on afp548.com[here], it’s not my own creation.  But wanted to repost it so that others would hopefully find it helpful.

Posted by randerson at 5:00 pm Tagged with: , , , , ,

OS X: Deleting User Folders

OS X, System Administrator No Responses »
Jun 142010

I could have sworn that i had already posted this but it looks like i didn’t.  I posted the group policy we use to clean up users on our lab/library PCs, but we are actually mostly Mac os x. So I wrote a short bash script that can be sent out to the OS X computers through apple remote desktop.

I will give you the same warning i give my techs before they run this. You are deleting everything saved by any user not explicitly listed with a Username) echo “–saved i$” ;; section. Be 100% sure that no one has saved anything to their desktop or anywhere else in their local profile before running.

I make no claims that the code is pretty, just that it works.

#!/bin/bash

clear
echo "Cleaning up users ...";

cd /Users

for i in *;
do [ -d $i ] &&;
case "$i" in
admin)
echo "-- Saved $i";
;;
Administrator)
echo "-- Saved $i";
;;
Shared)
echo "-- Saved $i";
;;
techstaff)
echo "-- Saved $i";
;;

*)
rm -rf $i
echo "-- Deleted $i";
;;
esac
done

echo "...done";

You’ll need to create a case statement for each of the local accounts that you want to keep.

You can run it a few ways:

  • The quickest would be to copy the script into the unix shell script portion of Apple Remote Desktop and send it to a handful of computers.
  • You can also copy the script to a file and copy it out to all of the computers and then run it.  If the file was called cleanuser.sh and you copied it to /tmp/, you would run these lines through the unix script part of ARD.

chmod +x /tmp/cleanuser.sh
/tmp/cleanuser.sh
  • Least desirable would be to copy the script to a file and then manually run it on each individual computer.  Same two lines from above in terminal will run the script.
Posted by randerson at 9:00 am Tagged with: , , ,

OS X: Changing Account Password through ARD

OS X, System Administrator No Responses »
Jun 122010

In my ongoing battle to standardize our environment, I went to one of our schools to
reset the admin password on all of the computers. I sent the below command using
apple remote desktop’s unix command section.

passwd admin
Secretpassword
Secretpassword

I put the password twice because you have to confirm the new password. You could
substitute any local account for admin and reset it’s password as well.

Of course, all of this assumes you know a current account that has access to run
commands through remote desktop on all of computers.

Posted by randerson at 8:11 am Tagged with: , ,

Scripting: Creating users in OS X

OS X, scripting, System Administrator 2 Responses »
Mar 262010

Before i started working at my current job, they didn’t have a central person managing the systems and standardizing configuration, which meant it didn’t happen. The Tech personnel at each location would setup the computers however they wanted, which meant that no two computers were setup the same way. The problem with this was that trying to administer these systems now was difficult as no one was ever sure of what the administrator password or account name was. Luckily the building techs use Apple remote desktop regularly and even if they can’t tell you what the password for the computer is, they had added it to their computer list in ARD, which allows us to copy files and run commands on these computers. so i wrote the following script file for the them to copy out and run on their computers to create a TechStaff user, grant it admin privileges and rights to manage the computer over Apple Remote Desktop.

UserFound=$(dscl . -list /Users | Grep techstaff)
UserFound2=$(dscl . -list /Users | Grep techstaff)
if [ "$UserFound" = "" ] && [ "$UserFound2" = "" ]; then
	echo "Create techstaff..."
	#Create a new entry in the local (.) domain under the category /users.
	dscl . -create /Users/techstaff
	#Create and set the shell property to bash.
	dscl . -create /Users/techstaff UserShell /bin/bash
	#Create and set the user’s full name.
	dscl . -create /Users/techstaff RealName "Tech Staff"
	#Create and set the user’s ID.
	dscl . -create /Users/techstaff UniqueID 555
	#Create and set the user’s group ID property.
	dscl . -create /Users/techstaff PrimaryGroupID 1000
	#Create and set the user home directory.
	dscl . -create /Users/techstaff NFSHomeDirectory /Local/Users/techstaff
	#Set the password.
	dscl . -passwd /Users/techstaff MyPassword
	#give User Admin access
	dscl . -append /Groups/admin GroupMembership techstaff
	#Grant User Access through Remote Desktop
	/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users techstaff -privs -all
else
	echo "Found techstaff..."
fi

I then had them use the copy function of Apple Remote Desktop to copy this file to /tmp.
Copy File Settings for Apple Remote Desktop

What i had them do was choose all of the computers in their all computers list and choose to copy that file to all of them, knowing that it would fail on the ones that weren’t on, etc. on the results screen for the copy, sort the result column so you have all of the successful computers at the top and choose those. Using the Unix function of Apple Remote Desktop, I had them send the following three lines to those computers as root:

chmod +x /tmp/SCT2.sh
/tmp/SCT2.sh
rm -f /tmp/SCT2.sh

These lines make the script executable (chmod +x /tmp/SCT2.sh), run the script (/tmp/SCT2.sh), and then delete the script (rm -f /tmp/SCT2.sh).

The resulting output from running these lines will be one of two things, either a line saying that it found a techstaff user already on the computer, or a line that it’s creating techstaff and then the results of commands to create the user and give it permissions.

Posted by randerson at 8:00 am Tagged with: , , ,

OS X: Creating a User Template

OS X, System Administrator No Responses »
Jan 272010

Tested with 10.4, 10.5, 10.6, and 10.7

As we were switching our environment to a centralized Windows Directory and File Server System, we ran across a problem with setting some default settings for some of our users.  we were using a 10.5 Server as a Preference Server to lock down what applications a student could access, to add programs to a users dock, etc.  but there were somethings that we were not able to set that we wanted to, like showing Connected Servers on the Desktop or modifying what is shown is the sidebar. This hadn’t been an issue in the past since with an OS X server, the users settings follow them between computers, so the building tech would do it once and it would follow that user.  We were not doing this in the new environment, so the setting became User&computer Specific.  The below steps set the default settings that are used the first time that a user logs on to create their local profile.

Below are the steps that we took to set this for users.

1)   Login as someone with admin access on the machine

2)   Enable Root user

  1. 10.4
    1. i.     Open Net Info Manager (in Utilities)
    2. ii.     Security –> Enable Root User
    3. iii.     Set a password for the root user
  2. 10.5
    1. i.     Open Directory Utility
    2. ii.     Unlock Directory Utility
    3. iii.     Edit -> Enable Root User
    4. iv.     Set a password for the root user

3)   Create a User named Bob

4)   Log in as Bob and set any settings.  i.e. remove items from the doc, set Firefox as Default, set Firefox’s Homepage, Finder Settings,etc.

5)   Logout of Bob

6)   Login as someone with admin access

7)   Open terminal

8)   Enter the following commands (tab completion is your friend!)

su (enter the password you set for root)

cd /System/Library/User\ Template/English.lproj [before 10.5, the path is /System/Library/usertemplate/English.lproj

cp –rv ~Bob/* .

cp –rv ~Bob/.Trash . (10.4 only)

cp –rv ~Bob/.DS_Store .

cp –rv ~Bob/.CFUserTextEncoding .

exit

exit

9)   remove the Bob user from the local machine

Posted by randerson at 4:30 pm Tagged with: ,

OS X 10.5: Giving Non-Admins Printer Permissions

OS X, System Administrator 5 Responses »
Jan 222010

For some reason, Apple changed the way that printing is handled in 10.5 and probably 10.6 (haven’t verified yet) so that non-admin users cannot add printers, similar to Windows.  But they also are unable to unpause the printer or cancel print Jobs.  Below is a fix that i found that seems to solve the problem.

In \private\etc\cups there is a file called cupsd.conf, you will need to edit this file.

About halfway down there is a Section:

Before Edit

You need to get rid of the portions from <Limit CUPS … </Limit> and also <Limit Pause … </Limit>.  You could delete these sections, but I just comment them out so that these sections are still there, just ignored.  When working with Config files,  I always comment out instead of deleting as it allows me the ability to quickly reactivate portions if I need to.

When you’re done the section should look like this:

After Edit

You can either restart the CUPS Service, or Restart the computer.

Non-Admins should be able to add printers and modify print jobs now.

If you’re doing this on a bunch of computers you probably want to  use Apple Remote Desktop.

Edit the cupsd.conf file on one computer, test that it works and does what you want, then copy it to your computer running Apple Remote Desktop.

In Apple Remote Desktop, select the computers that you want to send the file to from your Computer list and click Copy in the taskbar.

Add the cups.conf file that you saved from the other computer by dragging it to the items to copy part of the window, set it to be saved in /private/etc/cups/ and to replace the existing cupsd.conf, and to inherit persmissions from the folder that it’s copied to.  These settings are shown below:

ARD Settings - Copy cupsd.conf

Now Click Copy and it will send the modified cupsd.conf file to all of the computers you selected and tell you whether it was successful or not.  Again, you will probably also want to restart these computers to ensure that the new settings take effect.

Posted by randerson at 12:14 pm Tagged with: , ,
© 2013 Suffusion theme by Sayontan Sinha