Posts Tagged ‘Send Unix Command’

Spin passwords using Apple Remote Desktop

Monday, February 18th, 2013

We routinely need to change our administrative passwords on multiple computers as part of our security policy. Since we already have remote access to many of our Mac OS X computers through Apple Remote Desktop (ARD), changing that administrator password is quick and simple.

First, a short shell script:

#!/bin/bash
# Change an account's password

ACCOUNT="ladmin"
PASSWORD="MyNewP@55w0rd"
/usr/bin/dscl . passwd /Users/$ACCOUNT $PASSWORD

if [ $? = 0 ] ; then
echo "Password reset."
else
echo "Password not reset."
fi

In ARD, click the Send UNIX Command button and paste the script into the top field. Choose to run this command as a specific user and specify root.

Send UNIX Command

From the Template drop down menu in the upper right corner select Save as Template… and save these settings with a descriptive name such as Spin ladmin password.

Save as template

To use and reuse this template, select the workstations with the old account password and click the Send UNIX Command button in ARD’s toolbar. Choose the Spin ladmin password template from the Template drop down menu. Adjust the account name and password accordingly in the script and then click the Send button.

ARD can spin dozens or hundreds of account passwords in just a few seconds without having to know the original.

Starting (and restarting) Retrospect Clients From the Command Line

Monday, March 10th, 2008

Port scan the system to see if port 497 is up. Send Unix Command(this very often does not work for me) : exec SystemStarter stop RetroClient # then exec SystemStarter start RetroClient

If the above fails, enable SSH by sending the command via Send Unix: systemsetup -setremotelogin on

Open up a new terminal window and ssh into the system: ssh 318admin@192.168.1.150

Run the following to start the retrospect startup item: sudo /Library/StartupItems/RetroClient/RetroClient

if that does not work you can try to manually run the daemon in the foreground: sudo /Applications/Retrospect\ Client.app/Contents/Resources/pitond

This last command is only helpful for debugging as the client will exit as soon as you close the window. however you can open up multiple (ssh) terminal windows to view the logs on while you manually start and stop the service.

tail -f /var/log/retroclient.log tail -f /var/log/system.log

Using Defaults in OS X

Monday, November 21st, 2005

The defaults terminal command in MacOS X allows you to add/change settings for applications which use the system’s standard XML based preferences file format.

A perfect example of this is adding items to the Dock for a user. Just copy and paste the following commands into a Terminal window (in this example, we’re adding TextEdit to the Dock; change the filepath to whatever application you want to add ):

$ defaults write com.apple.dock persistent-apps -array-add ‘tile-datafile-data_CFURLString/Applications/TextEdit.app_CFURLStringType0

$ killall Dock

As with any UNIX command, you can extend this into ARD by using the Send UNIX Command. This allows you to make changes to the dock for multiple users at the same time.

5 Tips and Tricks with Apple Remote Desktop

Tuesday, September 27th, 2005

HOW TO…

1. Create a new user on remote machines.
There are several ways to create new users across multiple machines with ARD, including running niutil. But because the Send UNIX Command is not interactive, there is no way to enter a password when prompted unless you know more advanced Unix syntax.

My preferred method is to create an ARD installer package (you can even specify an account with no ARD privileges to just create a generic user without ARD rights), and then use the Install Package command on the client machine(s). If you need that user to have admin rights on his/her machine (the ARD package installer creates a standard, non-admin user by default), you can run the UNIX command after you have installed the package (be sure to run it as root):

niutil -appendprop / /groups/admin users newusername

2. Remove a user from remote machines.
It’s as easy as running two UNIX commands as root from ARD (be careful, these commands are case sensitive):

niutil -destroy . /users/deletedusername
rm -rf /Users/deletedusername

Be careful not to delete the user account that your ARD admin machine is using for ARD access!

3. Figure out who needs which updates.
Let’s say you have a large group of computers that need updating, but you have no idea which machines need which updates. You can send a UNIX command to all selected computers simultaneously to get a look at who needs updating:

10.2 clients:
softwareupdate

10.3 & 10.4 clients:
softwareupdate –-list

Software Update will launch as a background process on the selected machines, without requiring any action by the user (and without their even knowing it). Once their systems have checked with the Software Update server for the latest updates, you will see the results of your query in a separate window.

4. Force clients to get current via Software Update.
Tired of pushing patch after patch using the Install Package command? You can force client machines to run their own Software Update locally by sending a UNIX command (this must be run as root to work properly):

10.3 & 10.4 clients:
softwareupdate –-install –-all

Software Update will launch as a background process on the selected machines, without requiring any action by the user. Mac OS X 10.3 clients will retrieve their updates from Apple, so be mindful of sudden bandwidth constraints for your LAN if you try this during a busy time on a lot of machines simultaneously. But if your 10.4 Server and Clients are configured for Software Update services, the client machines will retrieve their updates from the cached packages on the server, saving you significant bandwidth resources and time.

10.2′s version of softwareupdate doesn’t have a man page, so I still haven’t figured out how to tell Jaguar systems to update everything to the current version. My workaround was to first get a list of all eligible updates (see item 3 above), then use the command:

softwareupdate –-install [list each update individually]

Be careful to not leave client systems in an unstable state. When the softwareupdate application is done installing an update that requires a restart, it will be indicated on the status window’s output screen.

5. Export and Import computer lists.
Unfortunately, there is no way to move the entire collection of Computers and Lists from one ARD Admin machine to another (that is, without moving the entire POSTGRESQL database, ARD .plist files, and ARD Keychain items). It’s less complicated just to export the list(s) of your choosing and import to the other machine.

Select a list and choose File > Export Window; you can now save the contents of the window to a text file. On the other ARD Admin machine, you can create a new Scanner, choose File Import, and drag-and-drop the text file into the Scanner window. You can then add those items to the Master List (or any other list you are managing).

I didn’t mention the software auditing capabilities of ARD: you can get a
full report of all software installed on the remote machine(s), and do a
search across multiple machines for a single app (you know, in case you
can’t remember which of your 50 macs you downloaded that special application
to).

You can also rename machines, tell groups of Macs to quit all apps and log
out and/or restart/shutdown, perform hard drive and network diagnostics,
clone a hard drive (local to remote: appears to be a remote ghosting
feature)….