When I’m working on a little bash script, I’ll often make a backup, each time I save and test. Then I can revert back, if I need to. The syntax I’ll use is to cp and then curly-bracket the output into .bak files (that’s a 90s era file extension I use for such nonsense): cp filename.sh{,.bak} So if I’m writing a script called MYSCRIPT.sh: cp MYSCRIPT.sh{,.bak} The resultant backup of the script is MYSCRIPT.sh.bak.
-
-
Enable And Disable Permissions On Volumes Using A Script
Someone hands you a USB drive. You put it in your computer and you can’t access anything on it. You are running an imaging lab and you want to backup or troubleshoot a device before you re-image it, but you can’t access certain files. Obviously, you can sudo. But, you can also simply disable permissions on that volume (which, like getting someone to make you a sandwich, requires sudo of course). The command used to enable and disable permissions on a volume is vsdbutil, located at /usr/sbin/vsdbutil. And there’s a LaunchDaemon at /System/Library/LaunchDaemons/com.apple.vsdbutil.plist that interacts with diskarbitrationd so that when a volume is mounted, it is marked as having permissions…
-
Apple Configurator 2
Apple Configurator 2 is now out and there are some really cool new features available to people deploying Apple Configurator. Apple Configurator 2 now supports feature called Blueprints. A Blueprint is a set of configuration options (such as profiles, apps, etc) that are easily applied to devices by applying a given Blueprint. So basically a canned set of options that can be configured on a device. For example, you can have a Blueprint called Training that have training apps and settings for a training room network and then you can have another Blueprint for Kiosks, that have different apps for a kiosk, one app for a kiosk, an SSID for a kiosk…
-
Use SSH, ARD, SNMP, And The Server App Remotely on OS X Server 5
SSH allows administrators to connect to another computer using a secure shell, or command line environment. ARD (Apple Remote Desktop) allows screen sharing, remote scripts and other administrative goodness. You can also connect to a server using the Server app running on a client computer. To enable any or all of these, open the Server app (Server 5 for El Capitan and Yosemite), click on the name of the server, click the Settings tab and then click on the checkbox for what you’d like to enter. All of these can be enabled and managed from the command line as well. The traditional way to enable Apple Remote Desktop is using…
-
Simple Preflight and Sanity Checking in Scripts
I was recently building some preflight scripts and was looking to record some information about a machine live, before proceeding with a script. I found the cheapest way to determine information about architectures and chipsets when scripting preflight scripts for OS X to be the arch and machine commands respectively. For example, to verify the architecture is i386, use the arch command with no options: /usr/bin/arch Which simply outputs “i386”: i386 To check the machine type, simply use the machine command: /usr/bin/machine Which outputs as follows: x86_64h
-
Scripted Country Geolocations Using OS X’s Built-In ip2cc
Recently I was working on a project where we were isolating IP addresses by country. In the process, I found an easy little tool built right into OS X called ip2cc. Using ip2cc, you can lookup what country an IP is in. To do so, simply run ip2cc followed by a name or ip address. For example, to lookup apple.com you might run: ip2cc apple.com Or to lookup Much Music, you might run: ip2cc muchmusic.ca The output would be: IP::Country modules (v2.28) Copyright (c) 2002-13 Nigel Wetters Gourlay Database updated Wed May 15 15:29:48 2013 Name: muchmusic.com Address: 199.85.71.88 Country: CA (Canada) You can just get the country line: ip2cc…
-
Account Management Using The jamf Binary
The jamf binary comes with a lot of cool little features that you can use to script things quickly, because JAMF has already built things to help you. We’ll look at two really quick. The first is the deleteAccount verb which, surprisingly, deletes accounts. With that verb, you’ll use the -username operator to define a given user that you’d like to remove. That username is defined as the short name (or what dscl shows) of a given user. For example, if I wanted to remove the user rorygilmore, I’d run the following command: /usr/sbin/jamf deleteAccount -username rorygilmore You can then provide a popup on the screen that you completed that…
-
Bring Out Yer Apps with Autopkg! (Maybe with a little help)
(Guest post by Allister Banks) Working with modern tools in the ‘auto'(dmg/pkg) suite, it sure reinforces the old chestnut, ‘it’s turtles XML all the way down.’ The thing that struck me when first diving into using autopkg was that different product recipes could potentially have a good amount of similarities when they share common processors. One example is drag-drop apps that can be discovered with an ‘appcast’ URL, which, in my recollection, became common as the Sparkle framework gained popularity. This commonality is exactly the type of thing sysadmins like myself seek to automate, so I built a few helper scripts to 1. discover what apps have appcast URLs, 2. generate the base…
-
Import And Export Active Directory Objects In Server 2012
The LDIFDE utility exports and imports objects from and to Active Directory using the ldif format, which is kinda’ like csv when it gets really drunk and can’t stay on one line. Luckily, ldif can’t drive. Actually, each attribute/field is on a line (which allows for arrays) and an empty line starts the next record. Which can make for a pretty messy looking file the first time you look at one. The csvde command can be used to export data into the csv format instead. In it’s simplest form the ldifde command can be used to export AD objects just using a -f option to specify the location (the working…
-
Delete Messages From Exchange Using PowerShell
Before I type anything else, allow me to state that running a search and deleting things with a script from a users (or a loop of all users) is a very dangerous process. However, I’ve often noticed that an outbreak of bad things can cause us to do some pretty awesome things. So, you can use the get-Mailbox cmdlet to pipe a mailbox into the search-mailbox cmdlet and from there use the -SearchQuery option to search for an attachment, following the attachment option with a filename and then delete it using the -DeleteContent option. The example would be as follows: Get-Mailbox -Identity “cedge” | Search-Mailbox -SearchQuery attachment:ichatsmileys.pkg.zip -DeleteContent You can…