Posted on 11-18-2014 10:33 AM
We've got a few macbook air carts on our campus used by various students. Each cart has one admin account for us techs, and one standard account for the students. I would like to be able to delete the data that students are storing on the computer locally. They are not AD accounts, and I would not like to delete the whole account. Ive been on the Discussions section and have found great scripts others are already using, but they mostly mention deleting the home folder. I would just like to delete the data stored in the Docs, Desktop, and Downloads folder. Now we are new to JAMF let alone scripting and logout hooks so any advice or ideas would also be appreciated. Would this be possible? Or would we have to delete the account and recreate it at the same time every logout? Thanks guys
Posted on 11-18-2014 10:39 AM
Depending on the requirements, you might want to keep a clone of the default student home folder somewhere and have a startup script that deletes the existing folder (or moves it as a rotating backup so you always have access to the last version) and copies the "template" to /users so there is always a fresh profile on reboot. Sort of like a "deep freeze" for that one home folder.
Posted on 11-18-2014 10:50 AM
I would personally delete the home folder and then create a new one from the user template. This is because users could leave items in the root of the home folder that you could miss. The script would like something like this:
#!/bin/sh
rm -Rf /Users/home_folder_name
cp -R /System/Library/User Template/English.lproj /Users/
mv /Users/English.lproj /Users/home_folder_name
chown -R home_folder_name /Users/home_folder_name
exit 0
If you do just want to empty a few sub-folders from the home folder it would be:
#!/bin/sh
rm -Rf /Users/home_folder_name/Desktop/*
rm -Rf /Users/home_folder_name/Documents/*
rm -Rf /Users/home_folder_name/Downloads/*
exit 0
You could always get a bit fancier with a for loop but the basic script above would do the trick.
Hope this helps.
Posted on 11-18-2014 11:53 AM
@alexjdale thank you for your input. I will look into this further with our administrator. In the mean time i just set up a policy with @davidacland 's second script and works great. Thanks again to you both for your swift and helpful responses! We appreciate it.
Posted on 11-18-2014 01:29 PM
Alternatively, have a look at Faronics DEEP FREEZE for Mac.
http://www.faronics.com/products/deep-freeze/mac/
Wipes any Data & installed Software at each Reboot...
You can schedule Maintenance Windows & automate them with Casper Suite.
Posted on 11-18-2014 07:24 PM
Curious, if you don't want to store any data on the account, could you not just use the Guest account, or a custom guest account?
Posted on 11-18-2014 07:37 PM
Hi @palitech.
I have created 2 policies and made them available offline. The first creates a "Student" account on startup, the second deletes the account on logout/shutdown. Student account is not an administrator.
Doing this ensures that any modifications to the account when logged in ie. changes in dock, desktop pattern, etc are not present when another student logs in.
Hope this helps.
Steve
Posted on 12-12-2014 12:15 PM
Your solution is perfect for the same issue the OP stated above. I have inherited a 10.8.5 image that I have neither the time nor motivation to mess with too much. The User Create/Delete policy is great but my predecessor did not suppress the AppleID prompt at login in the default user template. I will be updating this image next summer, but in the meantime, would love an easy fix and this does it minus the Apple ID registration at login.
The backstory is this: Students are logging into the 'Student' user account and then posting test answers in the Documents/Dekstop folders for class sections later on.
/randy
Posted on 12-14-2014 01:29 PM
To combat this, I have changed the value of the DidSeeCloudSetup key to TRUE in this file:
~/Library/Preferences/com.apple.SetupAssistant
Use composer to capture this file, upload it to Casper Admin and ensure that FUT is ticked. You can then set a policy that pushes out this file and saves it to the users template. That way, any new user that is created will not get the iCloud popup.
Hope that helps
Posted on 09-21-2018 01:22 PM
I have tried the policy solution as @stevevalle suggests and what I am finding is that it is about 85% effective, but about 15% of the time the create user policy fails because it says that the user already exists. To combat that I have added the following script to the create user policy and set it to execute before other items in the policy
#!/bin/sh
if [ -d "/Users/**[account short name]**" ]; then
sudo rm -Rf /Users/**[account short name]**
sudo dscl . delete /Users/**[account short name]**
echo "Preparing to create student account... please wait"
sleep 30
fi
Because it takes a little bit of time for the account to wipe I sleep the script for 30 seconds.
Still I am not getting 100% success. I still encounter issues where the create account policy cannot run because the account already exists.
I'm thinking that the script inside of the policy may not be executing 1st all of the time, is that possible?
I'm also thinking that maybe 30 seconds may not be enough time and I may have to move it to a minute?
I'm not sure what is happening when the students are putting their laptops away that the delete script is not always completing. I'm thinking that maybe putting a loop script that runs after the delete policy fires that loops until the account is actually deleted may solve part of the problem, but I worry that what is really going on is that students go to the Apple menu and select shutdown but then are closing the lid before the shutdown process completes.
Does anyone have any suggestions that would allow me to get this to work 100% of the time. All I am trying to do is to wipe the student account when the student shutdown the computer and to re-create the student account when the student powers on the computer.
Posted on 09-24-2018 05:40 AM
@adminNWA if you think the issue is that the account isn't deleting before the script tries to create an account, could you build a while
loop into this to loop until the account is deleted? I haven't tested it, but something like this (you would enter this instead of sleep 30
):
#!/bin/sh
accountExists=$(dscl . list /Users | grep "**[account short name]**") #if the account exists, this variable will equal the account name
countUp=0
while [ -n "$accountExists" ]
do #while the account exists, do this loop
echo $accountExists" still exists"
sleep 5
accountExists=$(dscl . list /Users | grep "**[account short name]**") #check again to see if account exists
((countUp++))
if [ "$countUp" -ge 12 ]; then #makes it cancel if it's checking for more than 1 minute and account is still there
echo $accountExists" still exists after 1 minute, could not delete account"
exit 1
fi
done
Again I haven't tested it, but in theory that should stay in the loop while the account still exists and then exit out of the loop (and allow you to run the command to create the account) when the account doesn't exist. So if 15% of the time it's taking more than 30 seconds to delete the account, this could help (and if you find it takes 1-2 minutes for the account to delete, you could change it to if [ "$countUp" -ge 24 ]
Posted on 09-24-2018 06:01 AM
*Sorry, just read your full comments and saw that you already considered doing a loop. And yeah, the loop wouldn't help if the issue was students not shutting down properly (like holding down the power button rather than shutting down properly, or running the laptop until the battery died)