• Mac OS X Server

    Manage Groups In Mavericks Server

    October 23, 2013

    There are a number of ways to create groups in OS X Mavericks Server (Server 3). The first is using the Server app, the second is using Workgroup Manager (which could be running on an older operating system and connecting to the Mavericks Server in question), the third is using the Users & Groups System Preference pane and the fourth is using the command line. In this article we will look at creating groups in the Server app. Once a server has been an Open Directory Master all user and group accounts created will be in the Local Network Group when created in Server app. Before that, all user and…

    Read More
  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Making Every User an Admin

    July 27, 2010

    If you deploy a large number of computers to users who are somewhat likely to play practical jokes on each other then you will run into some interesting issues. If you are deploying one computer to every user and you want each user to be an administrator of their computer then you might be tempted to allow all users to be administrators of all computers. If you do then prepare for an infinite number of sometimes amusing practical jokes. But really, being proactive about this brings up an interesting point: how do you deploy a computer and make only the user who you want to be an administrator an administrator.…

    Read More
  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    More Group Management with dseditgroup

    September 8, 2009

    Now that we’ve covered using dscl to create a group, let’s look at using dseditgroup to do the same thing. In the previous example we created a group called Local Admins or ladmins for short. First let’s read that group’s information. To do so, run dseditgroup followed by the operation, which can be read, create, delete, edit or checkmember as the operations (verbs). The -o is optional, so : dseditgroup -o read ladmins Or the following has the same output: dseditgroup read ladmins In the case of a namespace collision between two ladmins in two directory services then the one listed highest in the Search Policy would be displayed. The…

    Read More
  • Mac OS X,  Mass Deployment

    Create Groups Using dscl

    September 7, 2009

    The directory services command line (dscl) command can be used to create a group. Here we’re going to use dscl to create a group called Local Admins (or ldadmins for short).  First up, create the group: dscl . create /Groups/ladmins Now give our ladmins group the full name by creating the name key: dscl . create /Groups/ladmins RealName “Local Admins” Now to give the group a password: dscl . create /Groups/ladmins passwd “*” Now let’s give the group a Group ID: dscl . create /Groups/ladmins gid 400 That wasn’t so hard, but our group doesn’t have any users. dscl . create /Groups/ladmins GroupMembership localadmin Why create a group with just…

    Read More
  • Mac OS X,  Mac OS X Server

    Snow Leopard Eats dirt (7 ate 9)

    September 1, 2009

    Once upon a time there was a very nice little application called dirt. Snow Leopard ate him. Or maybe more to the point it was dscl who ate him… Either way he’s gone. Now, use the -authonly option in dscl if you’d like to test password validity. Goodbye dirt, we will remember ya’ fondly!

    Read More
  • Mac OS X Server

    Mac OS X: Managed Preferences without Open Directory

    September 16, 2008

    Yes, you can apply an MCX against a local account easily using the -mcximport and -mcxexport dscl extensions.  Simply setup the MCX like you want it for a managed account using Workgroup Manager and then from the interactive dscl environment do a -mcxexport <Path to account> -o <filename> and then copy the file to a target system.  Then, on the target system, do a -mcximport <path to account> -o <path to same filename>. Then test!  Happy policy making!

    Read More