sudo dscl . append /Groups/admin GroupMembership cedgeThat works as a one-off operation but not in bulk. If your computer name is the same as the user who will be using the system you can then use the scutil command and “–get” the ComputerName:
scutil –get ComputerNameNOTE: The –get options in this article are two hyphens rather than one, WordPress just merges them for some reason… You can then use this as the variable to use for augmenting the GroupMembership for admin:
sudo dscl . append /Groups/admin GroupMembership `scutil —get ComputerName`Pop that into a post-flight package and you’ve got yourself a solution where you make the primary user of a system the admin of the local box and then make the subsequent users standard accounts. If your ComputerName doesn’t match your user name then all is not lost. One way to grab what admin user you’d like for each host would be to populate something on the client with that information. Another would be to put it in a csv and read the line for the csv that is associated to the computer in to obtain it. If you populate something on the client it could be the Text1 field from Apple Remote Desktop. This can be done using the Remote Management option in the Sharing System Preference, clicking on Computer Settings and then typing the data into the Info 1: field. To insert the information at image time (or at least programmatically), you could use defaults to write it into com.apple.RemoteDesktop.plist, located in /Library/Preferences:
To then read that variable:defaults write /Library/Preferences/com.apple.RemoteDesktop Text1 “cedge”
defaults read /Library/Preferences/com.apple.RemoteDesktop Text1The command to set the admin user based on the Text1 field would then be:
sudo dscl . append /Groups/admin GroupMembership `defaults read /Library/Preferences/com.apple.RemoteDesktop Text1`There are probably about as many other ways to go about this as there are Mac OS X mass deployments. For example, instead of inserting data into Text1 from a defaults command, you could use kickstart with the -computerinfo option to write data into -set1 -1 or something like that (which is likely safer than defaults, albeit more difficult if you decide to do it to your non-booted volume). But hopefully these options, somewhere down the road, will help someone (after all, that’s why we post this kind of thing, right?!?!).
krypted July 27th, 2010