Create a mac admin via Terminal and turn VNC on

Now a while back we replaced our LANDesk solution with a new appliance at the time called KBOX (made by KACE who are now owned by Dell) and the major benefit to us was the support for Macs. LANDesk though officially supported Apple Macs, was quite weak and we couldn't rely on it. Shame really as LANDesk for PCs was fantastic in my eyes!

Now the problem came a week before. Basically because of various acquisitions and no set standard for the local admin account on Macs, doing a mass roll-out of the new KBOX Agent to 200odd Macs was going to be quite a challenge. So I created a little script (works in Leopard and Tiger but I cannot confirm for Panther or Jaguar ) and packaged it using Package Maker on my Mac (This is part of the developer add-ins that come on the OS X discs)

#!/bin/bash

sudo /usr/bin/dscl . -create /Users/macadmin

sudo /usr/bin/dscl . -create /Users/macadmin UserShell /bin/bash
sudo /usr/bin/dscl . -create /Users/macadmin RealName "macadmin"

sudo /usr/bin/dscl . -create /Users/macadmin UniqueID 550

sudo /usr/bin/dscl . -create /Users/macadmin PrimaryGroupID 20

sudo /usr/bin/dscl . -create /users/macadmin NFSHomeDirectory /Users/macadmin

sudo /usr/bin/dscl . -passwd /Users/macadmin password

sudo /usr/bin/dscl . -append /Groups/admin GroupMembership macadmin

sudo /usr/bin/dscl . -create /Users/macadmin picture "/Library/User Pictures/Sports/8ball.tif"

Now this creates a Mac admin account called....well macadmin! Now I'll walk through what exactly this script does so you're more aware and can customise to your own liking. I have labelled items you can customise for yourself in red.

"sudo /usr/bin/dscl . -create /Users/macadmin" will create a user with the short name for you called macadmin (If you are used to UNIX then you'll know it is limited to 8characters but Macs doesnt care and let you put in whatever you want but for best practise stick to 8characters or below).

"sudo /usr/bin/dscl . -create /Users/macadmin UserShell /bin/bash" Tells OS X that whenever Terminal is used by the user its default shell will be /bin/bash. which is the default for Mac users so it would be best to leave this as it is.

"sudo /usr/bin/dscl . -create /Users/macadmin RealName "macadmin"" Makes the actual login name macadmin (you can also login as the short name too. So for me my short  name is mightymd (because my name is longer than 8characters its simply mighty and then my initials) and my RealName is Mike Donaldson.)

"sudo /usr/bin/dscl . -create /Users/macadmin UniqueID 550" and "sudo /usr/bin/dscl . -create /Users/macadmin PrimaryGroupID 20" basically give the account a UniqueID (this is required and starts from 501 for the first account and then 502 for the second account....so I have chosen 550  because its doubtful you will have 49 other local accounts on your macs!) and the PrimaryGroupID is set to 20 by default so I have left that as is.

"sudo /usr/bin/dscl . -create /users/macadmin NFSHomeDirectory /Users/macadmin" creates and sets the users profile to be saved in /Users/macadmin. Obviously if you call your user something else then it would be /Users/username.

"sudo /usr/bin/dscl . -passwd /Users/macadmin password" This will set the macadmin accounts password to password. So you can put in whatever you like for this. But you need to keep this script safe as the password is sitting there in clear text and is risky if everyone can access it.

"sudo /usr/bin/dscl . -append /Groups/admin GroupMembership macadmin" This adds the macadmin user to the admin GroupMembership.

"sudo /usr/bin/dscl . -create /Users/macadmin picture "/Library/User Pictures/Sports/8ball.tif"" This is basically just to give the account a specific login pic. I use the 8ball but you can pick whatever you like. Just take a look in "/Library/User Pictures" and choose your favourite and add it in.



Now you can run that via ARD or save this as a .sh file by using Text or Xcode (i prefer using Xcode just so I can verify my scripts) and then package it using Package Maker and you have your own .pkg file to deploy out whenever you are at the macs in question and bingo!

The next problem I came against was turning on VNC support on the Macs and setting a password for it. Below does this easily enough. It basically turns on VNC, give all local users full access, restarts the agent so the changes are in place and you can specify a password so that when you connect via UltraVNC/RealVNC or any other VNC product it will ask for a password first, so that no-one can just hop on to anyone elses mac without authorisation

#!/bin/sh

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -allUsers -privs -all -restart -agent -menu -clientopts -setvnclegacy -vnclegacy yes -setvncpw -vncpw "password"

And then once you've got it all working......have a beer!

Create new mail contacts from a CSV file for Exchange 2007/2010

Today I had a colleague come to me, asking for help as she had a user asking to have 649 mail contacts created and added to a distribution group by the end of the day.

Now instead of sitting there and slowly adding in each and every single contact individually (which if you've had to do this before in Exchange you'll know it's an absolute nightmare!!) I decided to modify a script I wrote a while back for importing mailboxes from a CSV file.

So the format of the CSV file should be:

Name	Email	OUPAth
Test User	test.user@domain.com	domain.local/Mail Contacts/Test

For the OUPath you can easily find this out by going into your Active Directory and right clicking on the folder you wish the mail contacts to be imported into, and going to Properties


As you can see in the Object section you can find out the OU Path, by looking at the Canonical name of object:

Once the .CSV file is created and formatted correctly you can use this wonderful little powershell script I wrote:


Import-CSV C:\createnewcontact.csv | ForEach-Object{
New-MailContact -ExternalEmailAddress $_.Email -Name $_.Name -OrganizationalUnit $_.OUpath
}

Now I'll talk you through section by section on what this script does so you're a little more aware (and i can prove I didn't just copy and paste from a website :p)

Now "Import-CSV C:\createnewcontact.csv" basically tells Powershell to import data from the CSV file which lives directly on the C:\ and is called createnewcontact.csv (bare in mind if you call your CSV differently you will need to change this section)

"ForEach-Object"{ allows you to perform an action on each item in the collection (in this case everything between the { }

"New-MailContact" This is kind of self-explainatory to be honest. If you want a new mailbox you put in New-Mailbox and for a new mail contact you use New-MailContact


Now when you run New-MailContact manually into PowerShell it asks you for 2 pieces of information:

• ExternalEmailAddress


• Name

So when your PowerShell script runs New-MailContact it still needs this information. So by using "-ExternalEmailAddress$_.Email" you are telling the script that when it gets asks what the -ExternalEmailAddress is the PowerShell sees $_.Email which signifies to it that it should get this information from the Email column ($_. tells it to use the column and the name after it is the column name)

This is the same for -Name $_.Name -OrganizationalUnit $_.OUpath

I'm not the greatest at explaining things so I do apologise. If in doubt just copy exactly what I've done and you'll be fine :)



Pop in the location of the script into Power Shell (or if you're really lazy just drag and drop the script from Explorer into the Power Shell window) and hit enter and watch it run away and create hundreds of mail contacts from your .CSV file in seconds...and then have a beer