FW: enableARD.sh

It's pretty much the same as the script from the resource kit...

#!/bin/sh
############################################################################
########################
#
# Copyright (c) 2010, JAMF Software, LLC. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
are met:
# Redistributions of source code must retain the above
copyright
# notice, this list of conditions and the following
disclaimer.
# Redistributions in binary form must reproduce the above
copyright
# notice, this list of conditions and the following
disclaimer in the
# documentation and/or other materials provided with the
distribution.
# * Neither the name of the JAMF Software, LLC nor the
# names of its contributors may be used to endorse or
promote products
# derived from this software without specific prior written
permission.
#
# THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE
# DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
############################################################################
########################
#
# SUPPORT FOR THIS PROGRAM
#
# This program is distributed "as is" by JAMF Software, LLC's Resource
Kit team. For more
# information or support for the Resource Kit, please utilize the
following resources:
#
# http://list.jamfsoftware.com/mailman/listinfo/resourcekit
#
# http://www.jamfsoftware.com/support/resource-kit
#
# Please reference our SLA for information regarding support of this
application:
#
# http://www.jamfsoftware.com/support/resource-kit-sla
#
############################################################################
########################
#
# ABOUT THIS PROGRAM
#
# NAME
# enableARD.sh -- Enable ARD and Configure Remote Management Settings
#
# SYNOPSIS
# sudo enableARD.sh
# sudo enableARD.sh <mountPoint> <computerName> <currentUsername>
<targetUsername>
#
# If the $targetUsername parameter is specified (parameter 4), this is
the account that will be
# granted access to ARD.
#
# If no parameter is specified for parameter 4, the hardcoded value in
the script will be used.
#
# DESCRIPTION
# This script enables and configures remote management settings for a
user. There are a number
# of options that the script is capable of configuring, which should be
specified in the privs
# string. Please see the kickstart man page for more information.
#
# The following options are available in the kickstart application:
#
# -DeleteFiles
# -ControlObserve
# -TextMessages
# -ShowObserve
# -OpenQuitApps
# -GenerateReports
# -RestartShutDown
# -SendFiles
# -ChangeSettings
# -ObserveOnly
# -mask
#
# ARD access is granted and priviliges are assigned to an individual
account on computers running
# Mac OS X 10.3 and later. It can be used with a hardcoded value in the
script, or read in as a
# parameter. Since the Casper Suite defines the first three parameters
as (1) Mount Point,
# (2) Computer Name and (3) username, we are using the forth parameter
($4) as the passable
# parameter. We do not use $3 since it may not match up to the username
that we want to grant
# access for.
#
############################################################################
########################
#
# HISTORY
#
# Version: 1.1
#
# - Created by Tedd Herman on August 5th, 2008
# - Modified by Nick Amundsen on August 5th, 2008
#
############################################################################
########################
#
# DEFINE VARIABLES & READ IN PARAMETERS
#
############################################################################
########################

# HARDCODED VALUE FOR "USERNAME" IS SET HERE
targetUsername="macadmin"

# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 4 AND, IF SO, ASSIGN TO
"USERNAME"
if [ "$4" != "" ] && [ "$targetUsername" == "" ];then targetUsername=$4
fi

# DEFINE WHICH PRIVILEGES WILL BE SET FOR THE SPECIFIED USER
privs="-DeleteFiles -ControlObserve -TextMessages -ShowObserve -OpenQuitApps
-GenerateReports -RestartShutDown -SendFiles -ChangeSettings"

############################################################################
########################
# # SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
#
############################################################################
########################

if [ "$targetUsername" != "" ]; then echo "Enabling Apple Remote Desktop Agent..."

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resource
s/kickstart -activate -configure -allowAccessFor -specifiedUsers echo "Setting Remote Management Privileges for User: $targetUsername
..."

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resource
s/kickstart -configure -access -on -privs $privs -users $targetUsername
else echo "Error: The parameter 'targetUsername' is blank. Please specify a
user."
fi

What does the jamf.log file on the machine say? Are there any errors in the
On Mon, Aug 9, 2010 at 2:03 PM, Wojda, John <john.wojda at searshc.com> wrote:
log that would indicate a problem?

I use a script on reboot during imaging that adds an extra ARD user to my
machines and it works flawlessly.

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

It just says

Running Script enableARD.sh...

Running Script setProxy.sh...

No errors that I saw..

John Wojda

Lead System Engineer, CTS

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

SMS / Text Page: 2245873298
<mailto:12245873298 at messaging.sprintpcs.com>

Team Lead: Chris Sta Ana
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

Try setting the privs to all for that user and see what happens. I
think if you leave the users part out, it allows any local admin account
access

Could you post the line of code from your script? The kickstart
command requires some switches. For example, in my post image script
(oddly enough I am adding code to it right now so it is up) I just do
this:

# ensure remote desktop is enabled for our local admin accounts #

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart
-activate

# now set access to remote desktop, refer to admin 1 and admin 2 from
above

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart
-configure -users $admin1_short,$admin2_short -access -on -privs -all

/bin/echo "ARD client configured"

I set privs='-all'

Then disabled ARD and pushed the script, it re-enabled it and gave all the
permissions. So I reimaged the machine but it still didn't enable ARD. ARD
reports as ARD Not Active on the system.

Again, no errors in jamf.log or in the casper logs looks normal.

You are running the correct client version of ARD? It is up to date? OK, image a machine and then ssh into it or log in as local admin and
run the commands and see if they work. Maybe your script has a weird
white space in it or something. I have had this happen before. So run
the commands manually as root and see what happens. Also you can try
restarting the ARD agent as sometimes it bugs out

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart
-restart -agent

Looks like the -restart -agent worked.

Was able to get in right away.

Can I just add that somewhere to the bottom of the script?

John Wojda

Lead System Engineer, CTS

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

SMS / Text Page: 2245873298
<mailto:12245873298 at messaging.sprintpcs.com>

Team Lead: Chris Sta Ana
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

Sure, but that won't tell you what is causing it. I would make sure
the managed account for Casper credentials match, that when you
copied/pasted or modified the script you did not put any kind of weird
white space in there or something to cause it not to run right.

Then again, I have seen the agent freak out, so I keep that ARD restart
command in my bash history.

I've tried it across multiple images and hardware. I've tried a couple
other scripts I found online...They all work when pushed through casper
remote, but not through imaging. Is it possible that it may be a
problem with Casper 7.31?

I don't see any errors in the logs (remote and imaging, and jamf.log)
only shows the script was run, I verified the script is chmod +x and set
to "At Reboot", I know the original script used to work as well - I had
built about a dozen systems and would ARD in to them... for testing and
packaging...

John Wojda

Lead System Engineer, CTS

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

SMS / Text Page: 2245873298
<mailto:12245873298 at messaging.sprintpcs.com>

Team Lead: Chris Sta Ana
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

John,

Your script is set to run post image right? If it runs preimage it
will just write those settings to the nbi. So you need to set the ARD
script to run at reboot.

Not sure exactly what was going on, but I set it to run via a trigger
and that seemed to work for both the 10.5.8 and 10.6.4 image.

Thank you to all who helped!

Now to tackle VNC :-)

John Wojda

Lead System Engineer, CTS

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

SMS / Text Page: 2245873298
<mailto:12245873298 at messaging.sprintpcs.com>

Team Lead: Chris Sta Ana
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>