It’s pretty common to use keys for ARD for shuttling data back and forth. In an environment where you’re using one tool to image computers and another tool to then perform patch management, the Computer Information fields in ARD are a place where you can keep this information and not run the risk of it getting overwritten with a software update. In the past few weeks we’ve looked at importing information into DeployStudio, using a csv file and from the command line. We also looked at populating those ARD fields with scripts, using an example of populating the information with the username or computername and then keying administrative users from that.
But in many environments, once the system has been imaged, it needs to move into a mode of patch management. Having this data already in the ARD fields (or a custom plist you drop somewhere else in the system such as /Library/Preferences) then allows you to easily have information follow the computer from the moment you get the serials (cradle) to the retirement of the device (grave). To import information into Casper, we’re going to use the jamf command with the recon verb. Recon will use an -endUsername option that populates the user who has the computer based on the first field in ARD, which we have populated with the users shortname from our directory service.
/usr/sbin/jamf recon -endUsername $(defaults read /Library/Preferences/com.apple.RemoteDesktop Text1)
jamf can also be used to create accounts, be they administrative (-admin), hidden from the list at LoginWindow and the Accounts System Preference pane (-hidden), SSH-only (-secureSSH) or standard user accounts. If you don’t already have access to log into the host via recon, once you have the Casper package installed, create an account. For this example, we’ll use jamfadmin as the username (replacing MySecretPassword with your desired password):
/usr/sbin/jamf createAccount -username jamfadmin -realname “JAMF Administrative Account” -password MySecretPassword –home /var/jamfadmin -hiddenUser -admin -secureSSH
And if you wanted to also create a user with administrative rights, rather than use our previous options, you could run the following, which would create the information based on the ARD fields rather than an Open Directory account (thus leveraging a local pull of a mobile home of a sort, or replacing the mobile home functionality if you don’t have a directory service):
/usr/sbin/jamf createAccount -username $(defaults read /Library/Preferences/com.apple.RemoteDesktop Text1) -realname “$(defaults read /Library/Preferences/com.apple.RemoteDesktop Text2)” -password MySecretPassword –home /Users/$(defaults read /Library/Preferences/com.apple.RemoteDesktop Text1) -admin
krypted August 11th, 2010