Master ARD Setup & Control.sh

1. #!/bin/sh
2. # Copyright©, 2013 David Koff for the J. Paul Getty Trust
3.  
4. # Script has six sub routines from which the user can pick. Routines can:
5. # 1) create a fully hidden admin account called "ard"
6. # 2) delete that same fully hidden account
7. # 3) turn all user ard access ON
8. # 4) turn all user ard access OFF
9. # 5) set ard prefs to getty "standard" access
10. # 6) refresh the ARD service
11.  
12. # script is great at being one central location for all ARD admin activities
13. # Created: 4.15.2009
14. # Last Updated: 6.14.13
15.  
16. #--------------------------------------------------
17. # CREATE: Hidden ARD Account
18. #--------------------------------------------------
19. create_ARD() {
20. screen_clear;
21. # create user account folder structure
22. mkdir /private/var/ard
23.  
24. # create user account
25. dscl . -create /Users/ard
26. dscl . -create /Users/ard realname "ard"
27. dscl . -create /Users/ard NFSHomeDirectory /private/var/ard
28. chown -R ard /private/var/ard
29. dscl . -passwd /Users/ard ma5ter      #password changed by policy within 15min
30. dscl . -create /Users/ard PrimaryGroupID 405
31. dscl . -create /Users/ard UniqueID 405
32. dscl . -create /Users/ard shell /bin/bash
33.  
34. # Add admin Users to the admin group
35. dscl . -append /Groups/admin GroupMembership ard
36.  
37. # hide account from login window and fast user switching menu
38. sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE
39. sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array add ard
40.  
41. # different versions of the OS require different ARD calls
42. if [ $build -gt 4 ]; then
43.     echo "your OS is $os and will now be set to use ARD"
44.     $ARD -activate
45.     $ARD -configure -allowAccessFor -specifiedUsers
46.     $ARD -configure -users ard -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutdown -SendFiles -ChangeSettings -clientopts -setreqperm -reqperm yes
47. else
48.     echo "your OS is earlier than 10.5 and will now be configured"
49.     $ARD -activate
50.     $ARD -configure -users workstation,fieldtech -access -off -privs -none -clientopts -setmenuextra -menuextra no
51.     $ARD -configure -users ard -access -on -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutdown -SendFiles -ChangeSettings -clientopts -setreqperm -reqperm yes
52. fi
53. echo "ARD account has been created, Service is activated and access set."
54. sleep 2
55. open /System/Library/PreferencePanes/SharingPref.prefPane
56. set_Choice;
57. }
58.  
59. #--------------------------------------------------
60. # DELETE: ARD Account
61. #--------------------------------------------------
62. delete_ARD() {
63. screen_clear;
64. # deletes user account, user folder and membership to admin group
65. dscl . -delete /Users/ard
66. rm -dr /private/var/ard
67. dscl . -delete /Groups/admin GroupMembership ard
68. echo "ARD account has been deleted."
69. sleep 2
70. set_Choice;
71. }
72.  
73. #--------------------------------------------------
74. # ARD: AllUser Access ON
75. #--------------------------------------------------
76. all_ON() {
77. screen_clear;
78. # enables all access for all users
79. $ARD -activate
80. $ARD -configure -allowAccessFor -allUsers -privs -all
81. echo "ARD access is now enabled for all users."
82. sleep 2
83. open /System/Library/PreferencePanes/SharingPref.prefPane
84. set_Choice;
85. }
86.  
87. #--------------------------------------------------
88. # ARD: AllUser Access OFF
89. #--------------------------------------------------
90. all_OFF() {
91. screen_clear;
92. # disables all access for all users
93. $ARD -configure -access -off
94. echo "ARD access is now disabled for all users."
95. sleep 2
96. open /System/Library/PreferencePanes/SharingPref.prefPane
97. set_Choice;
98. }
99.  
100. #--------------------------------------------------
101. # ARD: Set Standard Getty Access
102. #--------------------------------------------------
103. getty_ON() {
104. screen_clear;
105. # sets proper Getty access for just the ARD account
106. # different versions of the OS require different ARD calls
107. if [ $build -gt 4 ]; then
108.     echo "your OS is $os and will now be set to use ARD"
109.     $ARD -activate
110.     $ARD -configure -allowAccessFor -specifiedUsers
111.     $ARD -configure -users ard -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutdown -SendFiles -ChangeSettings -clientopts -setreqperm -reqperm yes
112. else
113.     echo "your OS is earlier than 10.5 and will now be configured"
114.     $ARD -activate
115.     $ARD -configure -users workstation,fieldtech -access -off -privs -none -clientopts -setmenuextra -menuextra no
116.     $ARD -configure -users ard -access -on -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutdown -SendFiles -ChangeSettings -clientopts -setreqperm -reqperm yes
117. fi
118. echo "ARD account has been created, Service is activated and access set."
119. sleep 2
120. open /System/Library/PreferencePanes/SharingPref.prefPane
121. set_Choice;
122. }
123.  
124. #--------------------------------------------------
125. # ARD: Restart the Service
126. #--------------------------------------------------
127. restart_ARD() {
128. screen_clear;
129. $ARD -activate
130. $ARD -restart -agent -console
131. echo "ARD service has been restarted."
132. sleep 2
133. open /System/Library/PreferencePanes/SharingPref.prefPane
134. set_Choice;
135. }
136.  
137. #----------------------------------------
138. # choice
139. #----------------------------------------
140. set_Choice() {
141. screen_clear;
142. echo "What would you like to do:"
143. echo ""
144. echo ""
145. echo ""
146. echo "(1) Create ARD account on a Mac & set Getty Access Prefs"
147. echo "(2) Delete ARD account from a Mac"
148. echo "(3) ARD AllUser Access TURN ON"
149. echo "(4) ARD AllUser Access TURN OFF"
150. echo "(5) ARD Getty Standards TURN ON"
151. echo "(6) RESTART ARD service"
152. echo ""
153. echo "(7) EXIT script & quit terminal"
154. echo ""
155. echo ""
156. echo ""
157. echo "Enter the number of your choice and hit return."
158. read choice
159.     case "$choice" in
160.         "1") create_ARD; break;;
161.         "2") delete_ARD; break;;
162.         "3") all_ON; break;;
163.         "4") all_OFF; break;;
164.         "5") getty_ON; break;;
165.         "6") restart_ARD; break;;
166.         "7") exit_script; break;;
167.     esac
168. }
169.  
170.  
171. #--------------------------------------------------
172. # screen clear
173. #--------------------------------------------------
174. screen_clear() {
175. count=0
176. while [ $count -lt 30 ]
177. do
178.     count=`expr $count + 1`
179.     echo ""
180. done
181. }
182.  
183.  
184. #--------------------------------------------------
185. # exit
186. #--------------------------------------------------
187. exit_script() {
188. screen_clear;
189. echo "This program will now quit itself. Thank you."
190. sleep 2
191. killall Terminal
192. exit 0
193. }
194.  
195.  
196. #--------------------------------------------------
197. # launcher
198. #--------------------------------------------------
199. screen_clear;
200.  
201. # set variables
202. build=`sw_vers | grep ProductVersion | cut -c 20`
203. os=`sw_vers | grep ProductVersion | cut -c 17-20`
204. ARD="/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart"
205.  
206. echo "This script allows you to set up a variety of ARD services"
207. echo "or create a hidden ARD account on any Mac running any OS."
208. echo ""
209. echo ""
210. echo "Do you wish to continue (y/n)? "
211. read answer
212. if [ $answer = "n" ]; then
213.     exit_script;
214. else
215.     set_Choice;
216. fi