For my future deployments, i’ve decided to partition my managed Macs HD’s with 33% for the OS (which i’ve kept as being called Macintosh HD) & the remaining 67% as User data (which i’ve labelled Users HD).
To do this i’ve been using fstab to mount the “Users HD” partition to /Users. Below is how i achieve this, hope it helps.
Continue readingUPDATE: Since 8.61+ User information can be submitted following the method outlined here.
For couple of years now i’ve ran various flavours of the below script via a login policy on my Mac clients.
The purpose of this script is to first check if the user is a network user, & if so then perform a lookup of their account against AD grabbing information that can then be submitted to the JSS in the relevant fields as per the above.
See below for the script:
Continue readingUPDATE: A tool called authbuddy has just come to my attention that will managed this better & for 10.7+.
Way back in November 2010 I posted a script that would unlock each secure system preference pane for non-admins, (this can be found here).
With Lion came a more granular way to achieve the same, but rather then have a script for 10.6 & another for 10.7 i’ve amalgamated them with an OS check in the script.
I had an issue where a user wished to change DVD region on their mac. Not being an Admin they were not able to change it themselves from what was initially set.
I use the script from the Casper Resource kit titled “unlockRegionCodeSetting.sh” as part of my First run script. This sets the DVD region to the region of the 1st entered DVD. So this didn’t resolve the issue of letting a non-admin change the DVD region code themselves.
The blog post here, explains the situation & what is required. The below script will merely perform what is mentioned in the bottom section of that post. Therefore allowing non-admins to change region code if they are prompted too.
Continue reading
The below is hugely plagarised from a script posted by Mark Bolwell to the Mac Enterprise list.
I use a version of the below in my Casper Imaging workflow to configure the a VPN Cisco IPSec network connection. As i run it at Imaging time i’ve added some logic so it only runs on MacBook models (which you may wish to remove).
The difference for using the below to the other versions i’ve seems is that this method can be ran “silently” with no GUI interaction. As such it can be leveraged to be used with Self-Service.
Continue reading
We run the following on all macs with a wireless card as a offline policy via Casper at logout.
This script will:
The script itself has been built from a few scripts contained within Caspers Resource Kit & then modified for 10.7+ by myself.
UPDATE: Updated to now work with Lion
The Extension Attribute below checks to see if Mac has either an Airport or Wireless & returns “Yes” is the Mac has one & “No” if it doesn’t.
Continue reading
OSX’s built-in AD Plugin allows for the automated mounting of home/profile folders. The following can be used to disable this mounting:
sudo dsconfigad -useuncpath disable
I had this issue with a drive mapping app i create not mapping drives at initial login for AD accounts (this app will be discussed in another post shortly).
The Apple KB with the same title as this post advises how to fix, but if you wish to script it do the following:
WARNING: TEST, TEST, TEST THIS. ADDING AN EXTRA CHARACTER CAN LEAD TO YOUR MAC BEING STUCK IN A LOGIN LOOP. THE BELOW SHOULD BE ENTERED ON 2 LINES
Apples KB article on this, gives examples on how to add a network group or mobile account user to the lpadmin group.
If you simply wish each mac account to be a member of the lpadmin group, run the following:
sudo dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin