Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Msp mac admins-april-2015-undercoverofshell

925 views

Published on

Real-life examples of scripting for Mac System Administrators. Instead of detailed code snippets,I speak about the how and what you can do with scripting; things like:
-adding items to accessibility
-changing Notification Center settings from the command line
-fixing bugs/defects
-removing a wireless network from the preferred list
-modifying printer settings
-remotely logging into the GUI
-putting the /Users folder on a separate partition
-enforcing the wallpaper
-re-indexing GarageBand loops
-logging access to single-user mode

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Msp mac admins-april-2015-undercoverofshell

  1. 1. UNDER COVER OF SHELLScripting to finish the fight. April 23, 2015 @ JAMF HQ in Minneapolis, MN Jacob Salmela ACTC
  2. 2. AGENDA • Everyone on the same page • Why script? • Real-life examples
  3. 3. SAME PAGE ls, cd, mv, rm, cp qlmanage airport, ifconfig networksetup curl diskutil
  4. 4. WHY SCRIPT? • You are not good at repetitive tasks • computers are! • Pareto analysis: 80/20 • Run silently • Focus on your mission
  5. 5. EXAMPLES cd,ls cp mv pwd echo dd
  6. 6. BASIC SCRIPTS Day-to-day Automation And Deployment
  7. 7. ACCESS TO ASSISTIVE DEVICESsqlite3 or tccutil.py
  8. 8. ACCESSIBILITY • Add/remove & enable/disable • No user interaction • One line of code
  9. 9. NOTIFICATION CENTER SETTINGS NCutil.py
  10. 10. CHANGE ALERT SETTINGS • Add/remove apps • Change alert style • Get settings • Remove system alerts • One+ line of code
  11. 11. REMOVE SYSTEM NOTIFICATIONS
  12. 12. FIX BUGS / DEFECTS
  13. 13. JAMF (D-007146) • Multiple Recovery HDs get created • Regain lost space • 3 lines of code
  14. 14. REMOVE GUEST NETWORKnetworksetup
  15. 15. REMOVE GUEST NETWORK • Removes SSID from preferred list • Fewer "I can't print" calls • 4 lines of code
  16. 16. CHANGE SETTINGS ON ALL PRINTERS echo, nc, cat, for, lpadmin, lpstat, lpr
  17. 17. PRINTER SETTINGS • List all printer IP addresses • Change "Ready" message • Print a test page • Change serial numbers • Change any lpadmin setting • ~5 lines of code
  18. 18. REMOTE GUI LOGIN osascript
  19. 19. AUTOMATED KEYSTROKES • Login into the GUI • Verify settings after imaging • Pre-load labs for testing • Accessibility needs to be enabled • 8 lines of code
  20. 20. ENFORCE "MACINTOSH HD"diskutil
  21. 21. RENAMING THE VOLUME • Root drive not "Macintosh HD"? • Changes it back • 9 lines of code
  22. 22. FIX PAUSED PRINTERS lpstat, cupsenable, cupsdisable, cancel
  23. 23. UN-PAUSE WITHOUT PASSWORD • Students are not admins • Prompts for password • Detects and un-pauses • 11 lines of code
  24. 24. ADVANCED SCRIPTS Powerful automation
  25. 25. /USERS ON SEPARATE PARTITION diskutil
  26. 26. DATA SEGREGATION • Re-image without destroying user data • User and system data is separated • 24 lines of code • Caveats
  27. 27. SET POWER SCHEDULE FOR ALL COMPUTERS Python, pmset
  28. 28. DIFFERENT SETTINGS PER COMPUTER • Python script (better logic) • Different settings depending on computer name • 20+ lines of code
  29. 29. ENFORCE WALLPAPER Mavericks and Yosemite
  30. 30. ENFORCE WITH LAUNCHD • Stored in .db not .plist • Checks every 30 seconds • Enforces wallpaper • 40 lines of code
  31. 31. RE-INDEX GARAGEBAND LOOPS ALPindex, for, rm
  32. 32. Sometimes the loop browser may not show all the available loops on your computer. If this happens... support.apple.com/kb/PH1936
  33. 33. FOR LOOP FOR LOOPS • Apple-developed command line tool • Bypass Apple's 15 manual steps • Faster indexing • Log of installed loops • Moot in v10 (maybe)? • 40 lines of code
  34. 34. EFI ALTERNATIVE Single-user Mode Intrusion-Detection System
  35. 35. LOG SUM ACCESS • Real-time notification when someone boots to SUM • Text alerts • Klaxon • Extension attribute • Log all commands entered (forensics) • 42 lines + 8 lines of code
  36. 36. GEEKTOOL Scripting to display information
  37. 37. AT-A-GLANCE INFO • JSS connection status • Network IP and SSID • Computer names and model • OS X version • Power events • Config profiles installed • Users • Warranty status • Log files
  38. 38. WHEN ALL ELSE FAILS Keystrokes and mouse clicks
  39. 39. SIMULATE KEYSTROKESosascript
  40. 40. SIMULATE MOUSE CLICKSMouseTools, click, osascript
  41. 41. CLICK BUTTONS, LINKS, ETC. • Click at X, Y coordinate • Clicks might vary between resolutions • osascript is more accurate, if supported
  42. 42. HONORABLE MENTIONS • Set all four computer names • Set the dock for all users • Create users based on computer name • Remove login items • End-user notifications when script executes • Scripting Pearson's TestNav • Pi-hole: network-wide, hardware ad-blocking • Set Favorite Connect To... Servers
  43. 43. DONE • Automate mundane tasks • Time saved = mission pursued • Basic scripts--easy-to-adapt • Advanced scripts for unique tasks • Commands built in (except for two)
  44. 44. Questions?
  45. 45. RESOURCES• jacobsalmela.com • tccutil.py (download) • NCutil.py (download) • Fix multiple Recovery HDs • Remove guest network (or prevent access) • Change printer ready message (or serial number or any setting) • Remote GUI login • Enforce Macintosh HD • Fix paused printers • /Users on a separate partition • pmset all computers • Enforce wallpaper • Re-index GarageBand loops • Single-user Mode Intrusion-detection System (geeklet) • GeekTool desktop (geeklets) • Script mouse click (MouseTools) (download click) (real-life examples)

×