Jamf Nation Community

And, if you are using Casper 7 you can now push an MCX pref to not require
admin privs to add printers.

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

Steve,

Would you please extrapolate on this? As I am going to migrate to
version 7 here really soon and would love to just push out MCX instead.

Thanks

Tom

Does anyone know if Casper 7 MCX settings will coexist with OD MCX settings? Or can this cause a potential problem?

JIM ORING, JR.

SCHAWK!

jim.oringjr at schawk.com

3116 West Avenue 32

Los Angeles, CA 90065 USA

schawk.com

Please consider the impact to the environment and your responsibility toward protecting it before
printing this e-mail.

It seems that script requires a password, which means you can put the
password in there but you would then be putting the password in your log
files which is not a good thing.

I am not sure exactly the best work around for this. I would go with
the MCX method or with the Casper Admin and Self Service methods.

I would say coexist as long as they don't overlap. Ie try to put same mcx in both od and Casper, u could use Casper as means to wenne itself off od, personally I'm gonna stick with od

If one did want to put the password in the script for testing, where would I
put it? I tried putting the password on the next line in the script, but it
throws an error when the script is run because it tries to run the password
as a command.
--
Alan Benedict
?
Macintosh Technician
The Integer Group
O: 515-247-2738
C: 515-770-8234
http://www.integer.com

You would use the "-p" flag in the dseditgroup command and put the password
right after it.

--missing content--

dseditgroup -o edit -n /Local/Default -u admin -p <adminpassword> -a
printerusers -t group lpadmin

Mobile user:

dseditgroup -o edit -n /Local/Default -u admin -p <adminpassword> -a studen
t
-t user lpadmin

Thomas
- in the JSS in 7 you can now create MCX preferences to push out. And
not to be a goob about it, but starting on page 302 of the Casper 7
manual, they lay out everything about Managed Preferences. It is
fairly simple to do, and during the creation of the profile you give
that MCX pref a scope of machines to work on.

Make sense?

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

On Wed, Jul 29, 2009 at 9:12 AM, Alan Benedict <abenedict at integer.com>wrote
:

If one did want to put the password in the script for testing, where woul

d

I put it? I tried putting the password on the next line in the script, b

ut

it throws an error when the script is run because it tries to run the password as a command. -- Alan Benedict =EF=A3=BF Macintosh Technician The Integer Group O: 515-247-2738 C: 515-770-8234 http://www.integer.com *From:* casper-bounces at list.jamfsoftware.com [mailto: casper-bounces at list.jamfsoftware.com] *On Behalf Of *Thomas Larkin *Sent:* Tuesday, July 28, 2009 1:57 PM *To:* Steve Wood *Cc:* Tommy Nguyen; <casper at list.jamfsoftware.com> casper at list.jamfsoftware.com *Subject:* Re: [Casper] lpadmin script Steve, Would you please extrapolate on this? As I am going to migrate to versi

on

7 here really soon and would love to just push out MCX instead. Thanks Tom >>> Steve Wood <swood at integer.com> 07/28/09 3:51 PM >>> And, if you are using Casper 7 you can now push an MCX pref to not requi

re

admin privs to add printers. Steve Wood Director of IT <swood at integer.com>swood at integer.com The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201 T 214.758.6813 | F 214.758.6901 | C 940.312.2475 On Tue, Jul 28, 2009 at 3:30 PM, Thomas Larkin < <tlarki at kckps.org>tlarki at kckps.org> wrote: Tommy Ever think of adding printers in Casper Admin then adding them as a self service install and limiting the scope of clients to what printers you w

ant

them to install. I looked at that hint and it only allows the "add printer app" to run, a

nd

it won't allow for users to add it via System Prefs. Every user is part

of

the _lpadmin group but I couldn't get it to work either really. Also are you running that as a log in hook? Because casper will only use $3 as the current user when using it as a log in hook. If you run it as

a

log in policy it should run as root and not ask for the password. -Tom >>> "Nguyen, Tommy" < <Tommy.Nguyen at raytownschools.org> Tommy.Nguyen at raytownschools.org> 07/28/09 3:21 PM >>> Hello, Can someone help me figure this script out? I am trying to setup rights for my network mobile users and they don=E2=80=99t have rights to add pr

inters.

But I found some help from apple that would let local and network users

to

add printers without being administrators. <http://support.apple.com/kb/HT3511>http://support.apple.com/kb/HT3511 When you add them to the user group of lpadmin it would ask for password from the command line. dseditgroup -o edit -p -d admin -t group _lpadmin dseditgroup -o edit -n /Local/Default -u admin -p -a $3 -t user lpadmin (this line would ask for user of admin password, no idea where to add if

I

put it in the script?) Thank you in advanced.

---

Casper mailing list <Casper at list.jamfsoftware.com>Casper at list.jamfsoftware.com <http://list.jamfsoftware.com/mailman/listinfo/casper> http://list.jamfsoftware.com/mailman/listinfo/casper

---

Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper

---

Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper

---

Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper

--0016e640876815654b046fd93b6d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

You would use the &quot;-p&quot; flag in the dseditgroup command and put th
e password right after it.<div><br></div><div>From the Apple article, netwo
rk user:</div><div><br></div><div>dseditgroup -o edit -n /Local/Default -u admin -p &lt;adminpassword&gt; -a printerusers -t group lpadmin</div>
<div><br></div><div>Mobile user:</div><div><br></div><div>dseditgroup -o ed
it -n /Local/Default -u admin -p &lt;adminpassword&gt; -a student -t user l
padmin</div><div><br></div><div><br></div><div>Thomas -=C2=A0in=C2=A0the=C2
=A0JSS=C2=A0in=C2=A07=C2=A0you=C2=A0can=C2=A0now=C2=A0create=C2=A0MCX=C2=A0
preferences=C2=A0to=C2=A0push=C2=A0out.=C2=A0=C2=A0And=C2=A0not=C2=A0to=C2
=A0be=C2=A0a=C2=A0goob=C2=A0about=C2=A0it,=C2=A0but=C2=A0starting=C2=A0on
=C2=A0page=C2=A0302=C2=A0of=C2=A0the=C2=A0Casper=C2=A07=C2=A0manual,=C2=A0t
hey=C2=A0lay=C2=A0out=C2=A0everything=C2=A0about=C2=A0Managed=C2=A0Preferen
ces.=C2=A0=C2=A0It=C2=A0is=C2=A0fairly=C2=A0simple=C2=A0to=C2=A0do,=C2=A0an
d=C2=A0during=C2=A0the=C2=A0creation=C2=A0of=C2=A0the=C2=A0profile=C2=A0you
=C2=A0give=C2=A0that=C2=A0MCX=C2=A0pref=C2=A0a=C2=A0scope=C2=A0of=C2=A0mach
ines=C2=A0to=C2=A0work=C2=A0on.</div>
<div><br></div><div>Make=C2=A0sense?</div><div><br></div><div><br><div>Stev
e Wood<br>Director of IT<br><a href"mailto:swood at integer.com">swood at inte
ger.com</a> <br><br>The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas
, TX 75201 <br>
T 214.758.6813 | F 214.758.6901 | C 940.312.2475 <br>
<br><br><div class"gmail_quote">On Wed, Jul 29, 2009 at 9:12 AM, Alan Be
nedict <span dir"ltr">&lt;<a href"mailto:abenedict at integer.com">abene
dict at integer.com</a>&gt;</span> wrote:<br><blockquote class"gmail_quote" style"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
If one did want to put the password in the script for testing, where would I put it? =C2=A0I tried putting the password on the next line in the script
, but it throws an error when the script is run because it tries to run the password as a command.<br clear"all">
<font color"#888888">

--<br>Alan Benedict<br>=EF=A3=BF<br>Macintosh Technician <br>The Integer Gr
oup<br>O: 515-247-2738<br>C: 515-770-8234<br><a href"http://www.integer.
com" target"_blank">http://www.integer.com</a></font><div><div></div><di
v class"h5">
<br><br>
<br><br><div class"gmail_quote"><blockquote class"gmail_quote" style
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgc
olor"#FFFFFF"><div><div><blockquote type"cite"><div><div><div><div st
yle"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in
">

<p style"margin:0in;margin-bottom:.0001pt"><b><span style"font-size:1

Would you mind sharing the settings you used with the rest of us? :)
--
Alan Benedict
?
Macintosh Technician
The Integer Group
O: 515-247-2738
C: 515-770-8234
http://www.integer.com

If you still just wanted to add a directory group to the local admin group
using a script via a Casper policy, you don't need to supply the -p flag
and a password. Casper runs scripts as root on the local workstation.

For example, this is what we use:

/usr/sbin/dseditgroup -o edit -n /Local/Default -a od-staff-all -t group
lpadmin

where od-staff-all is our all staff group. You could change to using a
username there as well, such as with Casper's script parameters.