Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # Copyright©, 2013 David Koff for the J. Paul Getty Trust
- # Script has six sub routines from which the user can pick. Routines can:
- # 1) create a fully hidden admin account called "ard"
- # 2) delete that same fully hidden account
- # 3) turn all user ard access ON
- # 4) turn all user ard access OFF
- # 5) set ard prefs to getty "standard" access
- # 6) refresh the ARD service
- # script is great at being one central location for all ARD admin activities
- # Created: 4.15.2009
- # Last Updated: 6.14.13
- #--------------------------------------------------
- # CREATE: Hidden ARD Account
- #--------------------------------------------------
- create_ARD() {
- screen_clear;
- # create user account folder structure
- mkdir /private/var/ard
- # create user account
- dscl . -create /Users/ard
- dscl . -create /Users/ard realname "ard"
- dscl . -create /Users/ard NFSHomeDirectory /private/var/ard
- chown -R ard /private/var/ard
- dscl . -passwd /Users/ard ma5ter #password changed by policy within 15min
- dscl . -create /Users/ard PrimaryGroupID 405
- dscl . -create /Users/ard UniqueID 405
- dscl . -create /Users/ard shell /bin/bash
- # Add admin Users to the admin group
- dscl . -append /Groups/admin GroupMembership ard
- # hide account from login window and fast user switching menu
- sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE
- sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array add ard
- # different versions of the OS require different ARD calls
- if [ $build -gt 4 ]; then
- echo "your OS is $os and will now be set to use ARD"
- $ARD -activate
- $ARD -configure -allowAccessFor -specifiedUsers
- $ARD -configure -users ard -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutdown -SendFiles -ChangeSettings -clientopts -setreqperm -reqperm yes
- else
- echo "your OS is earlier than 10.5 and will now be configured"
- $ARD -activate
- $ARD -configure -users workstation,fieldtech -access -off -privs -none -clientopts -setmenuextra -menuextra no
- $ARD -configure -users ard -access -on -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutdown -SendFiles -ChangeSettings -clientopts -setreqperm -reqperm yes
- fi
- echo "ARD account has been created, Service is activated and access set."
- sleep 2
- open /System/Library/PreferencePanes/SharingPref.prefPane
- set_Choice;
- }
- #--------------------------------------------------
- # DELETE: ARD Account
- #--------------------------------------------------
- delete_ARD() {
- screen_clear;
- # deletes user account, user folder and membership to admin group
- dscl . -delete /Users/ard
- rm -dr /private/var/ard
- dscl . -delete /Groups/admin GroupMembership ard
- echo "ARD account has been deleted."
- sleep 2
- set_Choice;
- }
- #--------------------------------------------------
- # ARD: AllUser Access ON
- #--------------------------------------------------
- all_ON() {
- screen_clear;
- # enables all access for all users
- $ARD -activate
- $ARD -configure -allowAccessFor -allUsers -privs -all
- echo "ARD access is now enabled for all users."
- sleep 2
- open /System/Library/PreferencePanes/SharingPref.prefPane
- set_Choice;
- }
- #--------------------------------------------------
- # ARD: AllUser Access OFF
- #--------------------------------------------------
- all_OFF() {
- screen_clear;
- # disables all access for all users
- $ARD -configure -access -off
- echo "ARD access is now disabled for all users."
- sleep 2
- open /System/Library/PreferencePanes/SharingPref.prefPane
- set_Choice;
- }
- #--------------------------------------------------
- # ARD: Set Standard Getty Access
- #--------------------------------------------------
- getty_ON() {
- screen_clear;
- # sets proper Getty access for just the ARD account
- # different versions of the OS require different ARD calls
- if [ $build -gt 4 ]; then
- echo "your OS is $os and will now be set to use ARD"
- $ARD -activate
- $ARD -configure -allowAccessFor -specifiedUsers
- $ARD -configure -users ard -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutdown -SendFiles -ChangeSettings -clientopts -setreqperm -reqperm yes
- else
- echo "your OS is earlier than 10.5 and will now be configured"
- $ARD -activate
- $ARD -configure -users workstation,fieldtech -access -off -privs -none -clientopts -setmenuextra -menuextra no
- $ARD -configure -users ard -access -on -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutdown -SendFiles -ChangeSettings -clientopts -setreqperm -reqperm yes
- fi
- echo "ARD account has been created, Service is activated and access set."
- sleep 2
- open /System/Library/PreferencePanes/SharingPref.prefPane
- set_Choice;
- }
- #--------------------------------------------------
- # ARD: Restart the Service
- #--------------------------------------------------
- restart_ARD() {
- screen_clear;
- $ARD -activate
- $ARD -restart -agent -console
- echo "ARD service has been restarted."
- sleep 2
- open /System/Library/PreferencePanes/SharingPref.prefPane
- set_Choice;
- }
- #----------------------------------------
- # choice
- #----------------------------------------
- set_Choice() {
- screen_clear;
- echo "What would you like to do:"
- echo ""
- echo ""
- echo ""
- echo "(1) Create ARD account on a Mac & set Getty Access Prefs"
- echo "(2) Delete ARD account from a Mac"
- echo "(3) ARD AllUser Access TURN ON"
- echo "(4) ARD AllUser Access TURN OFF"
- echo "(5) ARD Getty Standards TURN ON"
- echo "(6) RESTART ARD service"
- echo ""
- echo "(7) EXIT script & quit terminal"
- echo ""
- echo ""
- echo ""
- echo "Enter the number of your choice and hit return."
- read choice
- case "$choice" in
- "1") create_ARD; break;;
- "2") delete_ARD; break;;
- "3") all_ON; break;;
- "4") all_OFF; break;;
- "5") getty_ON; break;;
- "6") restart_ARD; break;;
- "7") exit_script; break;;
- esac
- }
- #--------------------------------------------------
- # screen clear
- #--------------------------------------------------
- screen_clear() {
- count=0
- while [ $count -lt 30 ]
- do
- count=`expr $count + 1`
- echo ""
- done
- }
- #--------------------------------------------------
- # exit
- #--------------------------------------------------
- exit_script() {
- screen_clear;
- echo "This program will now quit itself. Thank you."
- sleep 2
- killall Terminal
- exit 0
- }
- #--------------------------------------------------
- # launcher
- #--------------------------------------------------
- screen_clear;
- # set variables
- build=`sw_vers | grep ProductVersion | cut -c 20`
- os=`sw_vers | grep ProductVersion | cut -c 17-20`
- ARD="/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart"
- echo "This script allows you to set up a variety of ARD services"
- echo "or create a hidden ARD account on any Mac running any OS."
- echo ""
- echo ""
- echo "Do you wish to continue (y/n)? "
- read answer
- if [ $answer = "n" ]; then
- exit_script;
- else
- set_Choice;
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement