Hey all,
I work at my local Community College. We have two Mac labs for the Art and Applied Art & Design departments, consisting of about 60 total Macs. We use Faronics Deep Freeze application on all the computer, an absolutely fantastic program. In short, the root drive is frozen so students can’t make any permanent changes to the HD (the program takes a snapshot of your drives current state, and when you reboot, it restores the HD to that state). We have a partition named THAWDRIVE which is, as the name implies, “thawed.” This means that anything saved on that HD won’t be lost next reboot. This partition has all of the user accounts on it, so they can still save documents to their desktops.
In any event, I’ve developed some scripts to automate adding a list of users to each computer, then creating and pointing their home directories to the thawed partition. Here are the steps I took to add the users to each of the computers (remember, admin’s user account is located on the thawed partition):
- Using Remote Desktop, copy AddUser.scpt and ChangePass to each computer’s admin desktop.
- Execute Terminal Command via RD as user “root”: osascript /Volumes/THAWDRIVE/admin/Desktop/AddUsers.scpt
- Execute Terminal Command via RD as your admin account: rm /Volumes/THAWDRIVE/admin/Desktop/Adduser.scpt; rm /Volumes/THAWDRIVE/admin/Desktop/ChangePass
And that’s it.
Script code below:
--> Set up parental controls for users: Open all preferences, burn discs, and modify doc, but
--> NOT change password or manage printers.
set parentalControl to "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
<plist version=\"1.0\">
<dict>
<key>mcx_application_data</key>
<dict>
<key>com.apple.Classic</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_data_timestamp</key>
<date>2006-08-21T20:19:00Z</date>
<key>mcx_preference_settings</key>
<dict>
<key>ClassicRedirectUserFolders</key>
<true/>
</dict>
</dict>
</array>
</dict>
<key>com.apple.iChatAgent</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_data_timestamp</key>
<date>2006-08-21T20:18:29Z</date>
<key>mcx_preference_settings</key>
<dict>
<key>Setting.parentalControls</key>
<true/>
</dict>
</dict>
</array>
</dict>
<key>com.apple.mcxprinting</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_data_timestamp</key>
<date>2006-08-21T20:19:00Z</date>
<key>mcx_preference_settings</key>
<dict>
<key>RequireAdminToAddPrinters</key>
<true/>
</dict>
</dict>
</array>
</dict>
<key>com.apple.systempreferences</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_data_timestamp</key>
<date>2006-08-21T20:19:00Z</date>
<key>mcx_preference_settings</key>
<dict>
<key>com.apple.preference.myaccount</key>
<array>
<string>ChangePassword</string>
</array>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</plist>"
set theIndex to 1
set theId to 502
set passList to {"passForUser1", "passForUser2", "passForUser3"}
set shortNames to {"user1", "user2", "user3"}
set longNames to {"User 1", "User 2", "User 3"}
--> /Library/User Pictures/
set pictList to {"Animals/Butterfly.tif", "Animals/Cat.tif", "Animals/Dog.tif"}
--> Create accounts
repeat with i in shortNames
--> Add the user
do shell script "echo '" & i & "::" & theId & ":" & theId & "::0:0:" & (item theIndex of longNames) & ":/Volumes/THAWDRIVE/" & i & ":/bin/bash' | sudo niload -v passwd /"
--> Add the user's group
do shell script " echo '" & i & ":*:" & theId & ":" & i & "' | sudo niload -v group /"
--> Set the password
do shell script "/Volumes/THAWDRIVE/admin/Desktop/./ChangePass " & i & " " & (item theIndex of passList)
--> Create user home dir
do shell script "sudo cp -R /System/Library/'User Template'/English.lproj /Volumes/THAWDRIVE/" & i
--> Add user picture
do shell script "sudo niutil -createprop / /users/" & i & " picture '/Library/User Pictures/" & (item theIndex of pictList) & "'"
--> Set Parental Controls
do shell script "sudo niutil -createprop / /users/" & i & " mcx_settings '" & parentalControl & "'"
--> Add login item
do shell script "sudo defaults write /Volumes/THAWDRIVE/" & i & "/Library/Preferences/loginwindow '{
AutoLaunchedApplicationDictionary = (
{
Hide = 0;
Path = \"/Library/Scripts/Login Scripts/" & i & ".app\";
}
);
BuildVersionStampAsNumber = 17371360;
BuildVersionStampAsString = 8J135;
SystemVersionStampAsNumber = 168036096;
SystemVersionStampAsString = \"10.4.7\";
}'"
--> Change ownerships to proper owner
do shell script "sudo chown -R " & i & ":staff /Volumes/THAWDRIVE/" & i
do shell script "sudo chmod 700 /Volumes/THAWDRIVE/" & i
--> Increment theIndex and theId
set theIndex to theIndex + 1
set theId to theId + 1
end repeat
--> Cleanup
do shell script "sudo chown admin:staff /Volumes/THAWDRIVE/"
do shell script "sudo chmod 755 /Volumes/THAWDRIVE/"
ChangePass:
#!/usr/bin/expect -f
set password [lindex $argv 1]
spawn passwd [lindex $argv 0]
#--enter $argv2's pass
expect "*password:"
send "$password\r"
#--retype pass
expect "*password:"
send "$password\r"
expect eof
If you have any hints, code improvement suggestions, etc., it’d be much appreciated. As it stands, the script works great, but I’m sure it can be refined.
