I have posted before on here with scripts I am working on to support a College coming up with some tools to manage Macs with some configuration scripts.
Anyone who has criticisms/comments for my script here, please: I’m glad to hear it. I’m fairly new at this.
Basically, I wanted to come up with a way of fixing the annoying “login keychain needs access to your local items” which comes up. I, myself, had the annoying problem of being pestered by keychain warnings after I changed my password on my account. My account is a network account that is a local instance of a Windows Active directory account. After my MacBook picked up the password change, it reflected it for the login, but I was being pestered constantly for the Keychain password which necessitated that I used the old password to “allow” access for various pieces of the Keychain. Rather than fix it, I set about creating this script to create a tool which I hoped could work for any user.
This script first creates a folder on logged-in user’s desktop, names it with specifics of the logged in user and puts a date on it.
It then goes into local user’s Keychains, ~/Library/Keychains/ and specifically finds what should be the folder with the long alphanumeric name (which is always different, right?) It dumps the keychain contents into a variable and looks at the first paragraph, which should be the alphanumeric folder.
It then uses the name of that first paragraph to pinpoint copying the alpha-numeric folder into the desktop backup folder. Then it does a recursive, forced removal of that folder with the local settings.
The last thing I have yet to do is to also do a pop up reminder telling the user to reboot.
Obviously, this is removing Keychain items, so I consider it a highly dangerous experiment.
(*
Help from: http://macscripter.net/viewtopic.php?id=24737
and from http://macscripter.net/viewtopic.php?id=42880
*)
display dialog "We are going to trash your current Keychain" with icon note buttons {"groovy", "lol, whu? NO!"} default button 1 cancel button 2
set doshellresults to do shell script "ls -l /dev/console"
set punter to word 3 of doshellresults -- fancy way of setting punter to logged in user
set pittedDate to do shell script "date '+%Y%m%d'"
-- this is a variable that puts todays date in an ASCII friendly way
-- such as 20140812
-- we're going to trash keychain settings
-- but to be safe, I am putting them in a folder on the desktop
-- i'm calling the variable 'Dumpster'
set Dumpster to punter & "_keychain_" & pittedDate
tell application "Finder"
set folderExists to exists of (container Dumpster of (path to desktop))
if folderExists is true then delete container Dumpster
end tell
-- we are going to yank out the keychain and toss it in our temporary dumpster
-- if the dumpster folder exists, already, this command will delete it
try
tell application "Finder"
make new folder at (path to desktop as text) with properties {name:Dumpster}
end tell
end try
delay 1
-- now's the unforgiving part
try
set keyHole to do shell script "ls -1 ~/Library/Keychains/"
-- ls with the switch -1 (that's number one) to avoid listing invisible items with dots at the beginning
set gaGa to paragraph 1 of keyHole
-- if all goes correctly, this should be the long argle bargle folder with all annoying local settings
-- has to be without administrator privileges. I found doing it with admin privileges doesn't seem to to work correctly
end try
try
do shell script "cp -R ~/Library/Keychains/" & gaGa & " ~/Desktop/" & Dumpster & "/" with administrator privileges
do shell script "rm -rf ~/Library/Keychains/" & gaGa with administrator privileges
end try