Jamf Nation Community

Getting the Mac OS style computer name (set by Casper Imaging) with my own
boot script and setting the proper unix hostname and also preventing DNS
from changing it seems to have worked for me. I put the following in a big
bootscript I have that sets timeserver, binds, etc etc.

name=$(scutil --get ComputerName)

hostname "${name}"

echo "HOSTNAME=${name}" >> /etc/hostconfig

Ryan M. Manly
Glenbrook High Schools

Lock the sharing system preference by WGM mcx and if changed I use the Casper update computer names to reset

Criss Myers

Would you mind detailing that last part for me???

Thanks guys and gals!

--
Matt Lee
FNG Sr. IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
matthew.lee at fox.com<mailto:matthew.lee at fox.com>

Need Help? Call the Help Desk at (310) 969-HELP (ext 24357) or online at http://itteam<http://itteam/>
Help Desk Hours: Mon-Fri, 6AM-6PM PST

I just cached a receipt file post imaging with the proper name and then set up a once a day cached policy that checks the current name versus the cache name and if the names don't match, then the cached named gets applied. The offline cached policy means it will run daily regardless if it is on campus or not.

It prevents DNS from setting the hostname to the name of a different machine
if scavenging etc. is not properly tweaked.

Problem illustrated here waaay back in the day.

http://hintsforums.macworld.com/showthread.php?t=29712

Apple says don't do it anymore...but like most *NIX things Apple says not to
do it works amazingly well. Also the HOSTNAME=-AUTOMATIC- line is not even
included anymore by default.

http://support.apple.com/kb/TA24107?viewlocale=en_US

Ryan M. Manly
Glenbrook High Schools

@tlarkin - How did you create a cache policy to run?

I have created 2 scripts.
Script 1. I use to create the cname.txt file on my clients already in the field.
Script 2. Will reset the computername if it does not match.

However, with script 2, how do I get this to actually run on a daily basis even when the computer is not on the network. How do I set up a once a day cached policy that checks the current name versus the cache name and if the names don't match, then the cached named gets applied? The offline cached policy means it will run daily regardless if it is on campus or not. I will be doing this for 10.6.8/10.7/10.8/10.9 versions, if anything changes depending on the version.

/url">@zmbarker][/url You may want to take a look at this very recent thread for some ideas - [https://jamfnation.jamfsoftware.com/discussion.html?id=9251

@mm2270][/url][/url][/url][/url - I am still confused?

1. On the JSS, where do I set the policy to run offline?
2. How do I create the luanchdeamon?
3. you stated in the post at https://jamfnation.jamfsoftware.com/discussion.html?id=9251

** "Another approach that could work, but would be a little more complicated, would be to have the script being triggered on your regular everyX minute offline trigger, check the last time it ran, possible by looking in a log file, and if the difference between the last time and the current time hasn't been >= 24 hours, exit silently. While this would work, it would mean the offline policy will be actually running on all your Macs at every check in attempt by the jamf binary, even if the user doesn't see anything. Probably not a huge deal if the script is pretty lightweight, but its just something to keep in mind. " **

NOTE: What I am trying to do is related to this posting https://jamfnation.jamfsoftware.com/discussion.html?id=2648
Then I need to do this based on this posting https://jamfnation.jamfsoftware.com/discussion.html?id=1541

Our users are local admins to their machines and if I can't lock-down the computername and HD name then I need to get these 2 workarounds going.

This is the CreateCname.txt script:

#!/bin/bash

## This script will create the cname.txt file and then add the computername to the file

FILE=$3/private/var/cname/cname.txt

if [ ! -d $FILE ]
then
mkdir -p $3/private/var/cname
fi

networksetup -getcomputername > $FILE

This is the ConfirmComputerName.sh script:

#!/bin/bash

setName=`cat $3/private/var/cname/cname.txt`
currentName="networksetup -getcomputername"

if [[ ${setName} != S{currentName} ]]

then echo "wrong name found, changing..."
/usr/sbin/scutil --set ComputerName $setName
/usr/sbin/scutil --set HostName $setName
/usr/sbin/scutil --set LocalHostName $setName
echo "naming convention fixed..."

else echo "No problem found...exiting..."

fi

exit 0

If we're talking about preventing changing the computer name, is there a reason why you don't just lock down the Sharing preference pane? I realize that as soon as you begin locking even a single Preference Pane it kind of opens a can of worms, so this may not be ideal, but that would stop the majority of cases of users renaming their Macs. I'm guessing most of them wouldn't go through the trouble of trying to learn how to rename their Mac from the command line.

Short of that, offline policies can be created in the JSS directly, but they are usually only done when set up as "Ongoing" frequency as was mentioned in the thread I linked to above. Once you choose "Ongoing" you will see a new checkbox appear called "Make available Offline" or something to that affect. What this does is caches down all the files and scripts necessary to run this policy offline, meaning away from your JSS on a regular basis. It will trigger based on whatever trigger you chose, like Every 15, Login, Logout, etc.

So, using that information, if you set up the policy with your rename script, just set it to Ongoing and Make Available Offline, then when it runs the first time against a Mac in scope, it leaves the files necessary for that to run on the Mac instead of deleting them after it runs. When the Mac checks in away from your JSS and can't connect, instead of just exiting, it looks to see if any offline policies are available and cached to it, and runs it if so.

Does that make sense?

Hey Everyone,

This post is really old. This was back when I was a System Administrator managing about 10k Macs. I was using flat files and a script to accomplish this. Now in version 9, this functionality is built in. The policy trigger would be a Network State Change, and in the advanced tab check the box that ensures the Computer Name. Then, select for the policy to be ongoing and cached, and it will rename the computer every single time it gets changed, instantly.

I tested this out back in Beta 9 RC 2 when I was doing some QA work. So, in version 9, there would be no need for a script, just to ensure that the name of the computer is correct in the JSS.

Does that make sense?

Thanks,
Tom

For people talking about using Casper's feature to reinforce the Computer Name, what mechanism stops the system from reconning a different name before the policy runs?

I'm personally grabbing the computer name from dsconfigad -show since that is what I would consider the "name of record" since all other names can be changed through outside means.

Hey Alex,

This was an old post migrated from the old mailing list back in the day. During those times, I would use the method of my previous post in this thread, of caching out the computer name after imaging to a flat file. This file would then be checked via a script and ran locally. So, the end user could rename the computer to whatever they wanted to, and when the script ran, it would update the computer name. The policy that ran the script was checked to do a recon. So, once the name was set back, it updated the device record in the JSS.

In version 9, that is no longer needed. Create an ongoing policy and check the box that makes it available online. Then by selecting the Network State Change event for the policy to be triggered, it will watch the system configuration file on the local OS X box, and anytime a change is made to the computer name, or the network it will trigger said policy. In the advanced payload, if you check reset computer name it will rename the computer to the name in the JSS. This is pretty much an instant change, as it uses a launchd mechanism of watch paths. So, anytime that file is appended (which it would be if a user changed the name) it would trigger the reset name feature, and reset the computer name.

I mentioned previously, I was testing this feature back in v9 beta, and it worked pretty much like a charm. There might be that split second where a recon happens before the policy triggers, but like I said it was pretty instant. I was setting the computer name via the scutil command as root when testing, and it always changed it right back. I would go as far to say, it would be an extremely rare occurrence that a recon would update the device record with a bad computer name before this ran, if it is set to ongoing and cached.

So, this all really depends on what the device record has for the computer name in the JSS. Typically, I would name the device during imaging or I would set a process in staging a new Mac where the computer name is defined and set during enrollment. To better ensure the device record in the JSS is the correct one.

I hope this helps.

Thanks,
Tom

@tlarkin thanks for that that great it's in Casper 9. I used your script with a launch daemon back in the day and it really helped me out. Thanks :)