OK,
So, now I am looking to update our Tiger image. We have new
technologies and settings in place which require a freshly imaged
machine to run like 10 updates to bring it up to par. So, I am looking
at creating a new master image but have run into a snag. For security
reasons different buildings have different hidden local admin passwords.
All the hidden local admin accounts are also under /private/var. All
of them are the same local account name though.
I can see where if I run the client I can change the path but I can't
when creating a policy on the web end.
I dug into the /usr/sbin/jamf binary and did make a test script like
this that did work:
#!/bin/bash
#set hidden local admin account password to proper building
/usr/sbin/jamf resetPassword -username hadmin -password test
/usr/sbin/jamf setOFP -mode full test
This did set the password as test, so it worked. Now I guess I need to
create a policy with these scripts for each building's VLAN.
Has anyone done this before and does it work? I just want to make sure
that it will in fact search the /private/var for that hidden account.
Also I assume this script already runs as admin and does not need the
sudo since its over ssh in caspers ssh account correct?
Ideas, thoughts, and experiences are welcome please share!
Thanks,
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351
