View
844
Download
2
Category
Preview:
Citation preview
Under cover of shellScripting to finish the fight.
April 23, 2015 @ JAMF HQ in Minneapolis, MNJacob Salmela ACTC
-I talk about JAMF since that's what we use, but can use other MDMs
AgendaEveryone on the same page Why script?Real-life examples
Same Page
ls, cd, mv, rm, cp qlmanageairport, ifconfignetworksetup
curl
diskutil
-Most GUI apps have a command line counterpart. -Finder: opening a folder is the same as lsopening different folder is cdrenaming or moving a file: mvdeleting, copying...-Web browsing is equivalent to downloading a page via curl
Why script?You are not good at repetitive taskscomputers are!Pareto analysis: 80/20Run silentlyFocus on your mission
-Bart would write lines, but 4 lines of code lets you do it forever.
-Pareto: 80% of the problem you fix, happen from 20% of the issues causing them.-Simplest example: resetting a password--one cause but multiple help desk calls.
-Fix the 20%, you have 80% free time.
-5 years ago, spent all day running around. Now I prevent problems and am available for larger issues.
Examples
cd,ls cp mv pwd echo dd
-Each character has a unique ability and you send them out to do tasks-Mirrors command line tools: combine them to complete tasks
Basic scriptsDay-to-day Automation And Deployment
Access to assistive devicessqlite3 or tccutil.py
AccessibilityAdd/remove & enable/disableNo user interactionOne line of code
-Window pops up requesting access
-Example: TextExpander
-Database file--not as easy to deploy as a .plist
Notification Center settingsNCutil.py
change alert settingsAdd/remove appsChange alert styleGet settingsRemove system alertsOne+ line of code
-Change to banners to avoid "sticky" notifications
Remove system Notifications
Fix bugs / defects
-All software will have bugs, so you can use scripting to fix any issue
jamf (D-007146)Multiple Recovery HDs get createdRegain lost space3 lines of code
-Hard drives showing on desktop
-Click minus sign? No, script instead
Remove Guest Networknetworksetup
Remove Guest networkRemoves SSID from preferred listFewer "I can't print" calls4 lines of code
-Two networks, one throttled down
-400+ removals since beginning of school year
-400 times I don't have to run to fix printer.
Change settings on all printersecho, nc, cat, for, lpadmin, lpstat, lpr
printer settingsList all printer IP addressesChange "Ready" messagePrint a test pageChange serial numbersChange any lpadmin setting~5 lines of code
-Print page with IP address
-Shown you a lot: only up to 5 lines--you don't need to be a genius
remote gui loginosascript
automated keystrokesLogin into the GUIVerify settings after imagingPre-load labs for testingAccessibility needs to be enabled8 lines of code
-Anytime I need to touch three or more computers, I start to feel like Tom Cruise. Scripting can help with that.
-Maybe you work at JAMF and are a test proctor. Login all computer to test screen
enforce "Macintosh Hd"diskutil
Renaming the volumeRoot drive not "Macintosh HD"?Changes it back 9 lines of code
Fix paused printerslpstat, cupsenable, cupsdisable, cancel
Un-pause without passwordStudents are not adminsPrompts for passwordDetects and un-pauses11 lines of code
Advanced ScriptsPowerful automation
-Basic scripts are easy to modify
-Advanced--more for unique ideas
/Users on separate partitiondiskutil
data segregationRe-image without destroying user dataUser and system data is separated24 lines of codeCaveats
-Fast recovery
Fits in with OS X's resource domains: User, Local, Network, System.
-CoreStorage and Fusions drives not supported
Set power schedule for all computersPython, pmset
Different Settings per computerPython script (better logic)Different settings depending on computer name20+ lines of code
-Uses Python, but runs a bash command
-Don't overload power grid when computers come on
-Crashed JSS when not powerful enough
-Could make config profile for each one, but settings are slightly offset
Enforce WallpaperMavericks and Yosemite
Enforce with launchdStored in .db not .plistChecks every 30 secondsEnforces wallpaper 40 lines of code
-Could deploy a .db, but fun to mess with students
re-index garageband loopsALPindex, for, rm
-Apple does't say why it happens...
Sometimes the loop browser may not show all the available loops on your computer. If this happens...
support.apple.com/kb/PH1936
-You want to deploy GarageBand-Can deploy .plist to skip some of the steps-But still have the issue of loop index files
for Loop for loopsApple-developed command line toolBypass Apple's 15 manual stepsFaster indexingLog of installed loopsMoot in v10 (maybe)?40 lines of code
-ALPindex found in iLife installer
-Still can use for speed and log of loops
efi alternativeSingle-user Mode Intrusion-Detection System
log SUM accessReal-time notification when someone boots to SUMText alertsKlaxonExtension attribute Log all commands entered (forensics)42 lines + 8 lines of code
-How does it work?1. Script runs at boot2. Gets static IP3. If IP is pingable, alert is sounded
GeektoolScripting to display information
At-a-glance info JSS connection statusNetwork IP and SSIDComputer names and modelOS X versionPower eventsConfig profiles installedUsersWarranty statusLog files
-When you log in as an admin, you usually gather information to solve an issue. This makes info available as soon as you log in.
When all else failsKeystrokes and mouse clicks
Simulate keystrokesosascript
Simulate mouse clicksMouseTools, click, osascript
Click buttons, links, etc.Click at X, Y coordinateClicks might vary between resolutionsosascript is more accurate, if supported
Honorable MentionsSet all four computer namesSet the dock for all usersCreate users based on computer nameRemove login itemsEnd-user notifications when script executesScripting Pearson's TestNavPi-hole: network-wide, hardware ad-blockingSet Favorite Connect To... Servers
doneAutomate mundane tasks
Time saved = mission pursued
Basic scripts--easy-to-adapt
Advanced scripts for unique tasks
Commands built in (except for two)
Questions?
Resourcesjacobsalmela.comtccutil.py (download)NCutil.py (download)Fix multiple Recovery HDsRemove guest network (or prevent access)Change printer ready message (or serial number or any setting)Remote GUI loginEnforce Macintosh HDFix paused printers/Users on a separate partitionpmset all computersEnforce wallpaperRe-index GarageBand loopsSingle-user Mode Intrusion-detection System (geeklet)GeekTool desktop (geeklets)Script mouse click (MouseTools) (download click) (real-life examples)
Recommended