[tlarkin]

Well, if you are going to script it out, is it going to run over ssh or telnet to the Windows client? I am not sure if I can be that much of help as I have little experience doing that. I can do some basic scripting in bash though if you post something I could help.

[tlarkin]

Do you set binding by DHCP? You can promote your new server to ODM and then demote the old ODM to connected to a directory or replica and Authentication won’t change. By design the client will go out to the server it is bound to, then try the next available one on the directory.

There should be a whole kbase article actually describing how you can change your master server in a production environment.

[tlarkin]

[QUOTE][u]Quote by: gneagle[/u][p]Some bits of info:

1) The NSGlobalDomain data is currently stored in a file called .GlobalPreferences.plist (note the leading period). Each user can have one, and there’s a “global” .GlobalPreferences.plist in /Library/Preferences

2) The defaults command has a nasty habit of changing the owner of the file to the user running the command and the mode to 600. So if you modify a user’s file as root with the defaults command, you could cause it to be owned by root and mode 600, and now the user can’t read the file. So be careful when doing this sort of thing as root; you may need to chown/chmod afterwards.

3) Don’t hard-code paths like /Users/$var/Library/Preferences. Your users may not all have home dirs in /Users. A better way to modify the defaults for a given user:

sudo -u “$username” defaults write NSGlobalDomain NSSpellCheckerAutomaticallyIdentifiesLanguages -bool FALSE

So:

#!/bin/sh

# get the current logged in user
cur_user=`/bin/ls -l /dev/console | awk ‘/ / { print $3 }’`

# modify user logged-in user’s defaults
sudo -u “$username” /usr/bin/defaults write NSGlobalDomain NSSpellCheckerAutomaticallyIdentifiesLanguages -bool FALSE
sudo -u “$username” /usr/bin/defaults write NSGlobalDomain NSPreferredSpellServers -array-add ‘( \”ga_IE\”, Open )’
sudo -u “$username” /usr/bin/defaults write NSGlobalDomain NSPreferredSpellServerLanguage ga_IE

Not sure about the quoting/escaping in the second defaults command; you may need to tweak it.

4) If this installer is run in an automated fashion, like via ARD, Casper, LANrev, or munki (as examples), there may be _no_ logged in user, and so it may not do what you expect. So you may want to provide a way for a user to configure these preferences for themselves later.
[/p][/QUOTE]

Well then a better method would be something like this then perhaps, going by your input here for best practices.

[code]
#!/bin/bash

#loop through /Users and execute a command

for i in /bin/ls /Users | grep -v “Shared” ; do

sudo -u “$i” /usr/bin/defaults write NSGlobalDomain NSSpellCheckerAutomaticallyIdentifiesLanguages -bool FALSE
sudo -u “$i” /usr/bin/defaults write NSGlobalDomain NSPreferredSpellServers -array-add ‘( \”ga_IE\”, Open )’
sudo -u “$i” /usr/bin/defaults write NSGlobalDomain NSPreferredSpellServerLanguage ga_IE

/bin/echo “done”

exit 0
[/code]

[tlarkin]

I am not sure what you mean by monitor services as Server Admin will allow you to connect to any server and monitor the services running. Could you give some more specific examples of what you want to accomplish?

Thanks

[tlarkin]

Now, if that preference is only created on the fly when it is first ran, we can go ahead and create the file. Please edit my script if it is wrong.

[code]
#!/bin/bash

#########
# post flight script for ________
#
# this will modify the current user’s preferences
#
##########

# Now we get the current logged in user

cur_user=`/bin/ls -l /dev/console | awk ‘/ / { print $3 }’`

# Assuming these are user prefs in ~/Library/Preferences…

# Now check if the file exists and if not, create it
# MAKE SURE that the correct file path is put here, below is just an example

file=”/Users/$cur_user/Library/Preferences/com.NSGlobalDomain.plist”

# Now check to see if it exists

if [[ -e $file ]]

then /bin/echo “$file exists, proceeding”

else /usr/bin/touch $file

fi

# now write default setting to said file.

/usr/bin/defaults write /Users/$cur_user/Library/Preferences/NSGlobalDomain NSSpellCheckerAutomaticallyIdentifiesLanguages -bool FALSE

/usr/bin/defaults write /Users/$cur_user/Library/Preferences/NSGlobalDomain NSPreferredSpellServers -array-add ‘( \”ga_IE\”, Open )

/usr/bin/defaults write /Users/$cur_user/Library/Preferences/NSGlobalDomain NSPreferredSpellServerLanguage ga_IE

/bin/echo “done writing preferences”

exit 0
[/code]

You will have to edit the names of the plists and test this.

[tlarkin]

I read through the manual page and it seems that the defaults command always uses the current user. My script should instead use full paths of the current user, though it may be tricky.

Here go some other ways you can do this:

1) Configure it exactly how you want to under your account. Then mass copy that plist file out to all the client machines, into the user’s folder via ARD admin’s copy command.

2) Modify the user template, and whenever a new user logs in, they get that pref from the template. This only works on new users logging in, so existing users won’t get this.

3) Use some sort of snap shot based package maker, push it out that way

4) Look at getting better third party management tools

5) if you use Open Directory try to push it out via MCX.

There are plenty of options for you to do this. I have done this exact thing with the Casper Suite at my job (I manage about 8,000 Macs) for plist files that are user level specific.

Well to answer your question, if it is in /Library/Preferences then it is global (may also be in /Library/Application Support/), but if the plist file is in ~/Library/Preferences then it is user specific.

If it is user specific it may not actually create a plist until the app actually runs. most of them are created on the fly first time run. If that is the case I can modify the script to make sure it is there before we proceed.

[tlarkin]

I am the type of person, that if I can do it in BASH I do it in BASH and like to use native binaries.

So, this is what I would do in my environment. Take it for what you will, modify it if you wish, or disregard it since it may not be exactly what you are looking for.

[code]
#!/bin/bash

#########
# post flight script for ________
#
# this will modify the current user’s preferences
#
##########

# Now we get the current logged in user

cur_user=`/bin/ls -l /dev/console | awk ‘/ / { print $3 }’`

# Assuming these are user prefs in ~/Library/Preferences…

/usr/bin/defaults write /Users/$cur_user/Library/Preferences/NSGlobalDomain NSSpellCheckerAutomaticallyIdentifiesLanguages -bool FALSE

/usr/bin/defaults write /Users/$cur_user/Library/Preferences/NSGlobalDomain NSPreferredSpellServers -array-add ‘( \”ga_IE\”, Open )

/usr/bin/defaults write /Users/$cur_user/Library/Preferences/NSGlobalDomain NSPreferredSpellServerLanguage ga_IE

/bin/echo “done writing preferences”

exit 0
[/code]

There is another way you could loop through /Users and just write it globally to all user accounts on the system. I am not sure if this code will work exactly as advertised because I have no way of testing it. So you’ll need to test it out.

Let me know how it works.

[tlarkin]

This is a post script to configure an installed package? Can you drop a few more details? I think I can probably whip up a shell script that can do what you want. If the script runs as root (which is probably does) and if you need to modify user level preferences, you will need to either wild card the users (or use an expression), or have it pull up who is the current user.

[tlarkin]

I sent you an email via your forum account. Let me know what you think. I would really like to write some things up on using Casper since there is not a lot out there. Let me know what you think.

[tlarkin]

Does file wave not have an inventory system that can do a lot of this native?

[tlarkin]

[QUOTE][u]Quote by: jasonkstupski[/u][p]Hello all,

I’m running a test Snow Leopard upgrade on one of our deployed 10.5.8 images with local MCX running. After I installed the upgrade, I noticed that my hidden user (uid = 499) disappeared completely, and all the local MCX settings got wiped out. Is this expected behavior, or is there a way to prevent those two (pretty major) changes from happening?

Thanks,
Jason[/p][/QUOTE]

I think this is a bug because I have seen this all over some mailing lists. Upgrading kills some management, but if you do a clean install and apply your management and hidden users they work. Something in the upgrade process kills that stuff.

[tlarkin]

[QUOTE][u]Quote by: dead2sin[/u][p]I was wondering if anyone can confirm if 10.6 Server has any functionality similar to that of NetRestore when bombich still made it. Specifically, will it create a netboot set that can be ARD’s into remotely to image?

Thanks,

Nate[/p][/QUOTE]

You should look at Deploy Studio as it has pretty much replaced Netrestore. In fact, Bombich said that Deploystudio is what he wanted Netrestore to become.

I am not what you mean when you say, “will it create a netboot set that can be ARD’s into remotely to image?”

Do you mean can you boot across subnets by sending it a command via ARD? The answer is yes, but you would want to use the bless command.

[tlarkin]

You can only do log in hooks on computer groups, not user groups. If you do authenticated binds and import computer names into a list in OD you can set computer group policies to execute log in scripts.

For what you want to do though, launchd can handle this.

Are there going to be passwords involved to map these shares? if so, you gotta store the password in the script which is not a good idea security wise. Unless, you maybe take certain measures. I only put passwords in scripts when I have to.

If you put the launch agent in /Library/LaunchAgents will will run anytime any user logs in. If you put it in /Library/LaunchDaemons it will run anytime the system is booted up, globally.

use launchctl to load the launchd item permanently and you can then have it run forever.

[tlarkin]

I wrote this script a while ago to clean off machines that were to be loaned out on a temporary basis. This works in 10.5 and I must warn you, it will delete everything in /Users. This is why I keep all my local admin accounts hidden away in /prviate/var.

Use at your own risk

[code]
#!/bin/bash

#loop through /Users and delete every account, ensure they are removed from the admin group and all data is gone
#this will completely scrub out /Users

for a in `/bin/ls /Users | grep -v “Shared”` ; do

#remove the account from admin group if applicable

/usr/bin/dscl . -delete /Groups/admin GroupMembership $a

#remove user from directory services, local

/usr/bin/dscl . -delete /Users/$a

#remove all user data

/bin/rm -rf /Users/$a

/bin/echo “done”

exit 0
[/code]

Use this at your own risk, and definitely test it out first.

[tlarkin]

What third party utility are you running? Perhaps it is calling for older data?

[Author]

Posts