Now the problem came a week before. Basically because of various acquisitions and no set standard for the local admin account on Macs, doing a mass roll-out of the new KBOX Agent to 200odd Macs was going to be quite a challenge. So I created a little script (works in Leopard and Tiger but I cannot confirm for Panther or Jaguar ) and packaged it using Package Maker on my Mac (This is part of the developer add-ins that come on the OS X discs)
#!/bin/bash
sudo /usr/bin/dscl . -create /Users/macadmin
sudo /usr/bin/dscl . -create /Users/macadmin UserShell /bin/bash
sudo /usr/bin/dscl . -create /Users/macadmin RealName "macadmin"
sudo /usr/bin/dscl . -create /Users/macadmin UniqueID 550
sudo /usr/bin/dscl . -create /Users/macadmin PrimaryGroupID 20
sudo /usr/bin/dscl . -create /users/macadmin NFSHomeDirectory /Users/macadmin
sudo /usr/bin/dscl . -passwd /Users/macadmin password
sudo /usr/bin/dscl . -append /Groups/admin GroupMembership macadmin
sudo /usr/bin/dscl . -create /Users/macadmin picture "/Library/User Pictures/Sports/8ball.tif"
Now this creates a Mac admin account called....well macadmin! Now I'll walk through what exactly this script does so you're more aware and can customise to your own liking. I have labelled items you can customise for yourself in red.
"sudo /usr/bin/dscl . -create /Users/macadmin" will create a user with the short name for you called macadmin (If you are used to UNIX then you'll know it is limited to 8characters but Macs doesnt care and let you put in whatever you want but for best practise stick to 8characters or below).
"sudo /usr/bin/dscl . -create /Users/macadmin UserShell /bin/bash" Tells OS X that whenever Terminal is used by the user its default shell will be /bin/bash. which is the default for Mac users so it would be best to leave this as it is.
"sudo /usr/bin/dscl . -create /Users/macadmin RealName "macadmin"" Makes the actual login name macadmin (you can also login as the short name too. So for me my short name is mightymd (because my name is longer than 8characters its simply mighty and then my initials) and my RealName is Mike Donaldson.)
"sudo /usr/bin/dscl . -create /Users/macadmin UniqueID 550" and "sudo /usr/bin/dscl . -create /Users/macadmin PrimaryGroupID 20" basically give the account a UniqueID (this is required and starts from 501 for the first account and then 502 for the second account....so I have chosen 550 because its doubtful you will have 49 other local accounts on your macs!) and the PrimaryGroupID is set to 20 by default so I have left that as is.
"sudo /usr/bin/dscl . -create /users/macadmin NFSHomeDirectory /Users/macadmin" creates and sets the users profile to be saved in /Users/macadmin. Obviously if you call your user something else then it would be /Users/username.
"sudo /usr/bin/dscl . -passwd /Users/macadmin password" This will set the macadmin accounts password to password. So you can put in whatever you like for this. But you need to keep this script safe as the password is sitting there in clear text and is risky if everyone can access it.
"sudo /usr/bin/dscl . -append /Groups/admin GroupMembership macadmin" This adds the macadmin user to the admin GroupMembership.
"sudo /usr/bin/dscl . -create /Users/macadmin picture "/Library/User Pictures/Sports/8ball.tif"" This is basically just to give the account a specific login pic. I use the 8ball but you can pick whatever you like. Just take a look in "/Library/User Pictures" and choose your favourite and add it in.
Now you can run that via ARD or save this as a .sh file by using Text or Xcode (i prefer using Xcode just so I can verify my scripts) and then package it using Package Maker and you have your own .pkg file to deploy out whenever you are at the macs in question and bingo!
The next problem I came against was turning on VNC support on the Macs and setting a password for it. Below does this easily enough. It basically turns on VNC, give all local users full access, restarts the agent so the changes are in place and you can specify a password so that when you connect via UltraVNC/RealVNC or any other VNC product it will ask for a password first, so that no-one can just hop on to anyone elses mac without authorisation
#!/bin/sh
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -allUsers -privs -all -restart -agent -menu -clientopts -setvnclegacy -vnclegacy yes -setvncpw -vncpw "password"
And then once you've got it all working......have a beer!
Thanks to your write-up I definitely learned some thing from it. Good content on this internet site Always looking forward to new post.
ReplyDeleteThank you on your assist!
ReplyDeleteTerrific post. Thanks.
ReplyDeletekeep at it man, your nearly there , thanks for the read!
ReplyDeleteYou guys should invest alot of time working on this blog. im impressed
ReplyDeletei think you have a nice page here... today was my first time coming here.. i just happened to discover it performing a google search. anyway, great post.. i'll be bookmarking this page for sure.
ReplyDeleteHeya i am for the first time here. I came across this board and I find It really useful & it helped me out much. I hope to give something back and help others like you aided me.
ReplyDeleteSensational info. I look forward to seeing more.
ReplyDeleteI know this is truly boring and you are skipping to the next comment, but I just wanted to throw you a big thanks - you cleared up some things for me!
ReplyDeleteI've been here a few times and it appears like your articles get much more informative each time. Maintain it up I appreciate reading them.
ReplyDeleteDo you mind if I quote this in an article I'm writing?
ReplyDeleteThanks on your help!
ReplyDeleteI would like to thank you for the efforts you have made in writing this article.
ReplyDeleteWow, what a Excellent share . Many thanks :-)
ReplyDeleteHello are using Wordpress for your site platform? I'm new to the blog world but I'm trying to get started and create my own. Do you require any html coding expertise to make your own blog? Any help would be greatly appreciated!
ReplyDeleteThis design and setup works perfect tnx for this nice theme
ReplyDeleteHi Warineryes Blog.com does use WordPress underneath but no html coding is required at all. Nice and easy like using Word to create your posts. You can however use HTML coding if you wishHope this helps :)
ReplyDeleteCourse not. Let me know how you get on
ReplyDeleteHi! This post couldn't be written any better! Reading through this post reminds me of my good old room mate! He always kept talking about this. I will forward this page to him. Fairly certain he will have a good read. Thanks for sharing!
ReplyDeleteNeat blog! Is your theme custom made or did you download it from somewhere? A design like yours with a few simple tweeks would really make my blog stand out. Please let me know where you got your theme. Thank you
ReplyDelete