Under cover of shellScripting to finish the fight.

April 23, 2015 @ JAMF HQ in Minneapolis, MNJacob Salmela ACTC

-I talk about JAMF since that's what we use, but can use other MDMs

AgendaEveryone on the same page Why script?Real-life examples

Same Page

ls, cd, mv, rm, cp qlmanageairport, ifconfignetworksetup

curl

diskutil

-Most GUI apps have a command line counterpart. -Finder: opening a folder is the same as lsopening different folder is cdrenaming or moving a file: mvdeleting, copying...-Web browsing is equivalent to downloading a page via curl

Why script?You are not good at repetitive taskscomputers are!Pareto analysis: 80/20Run silentlyFocus on your mission

-Bart would write lines, but 4 lines of code lets you do it forever.

-Pareto: 80% of the problem you fix, happen from 20% of the issues causing them.-Simplest example: resetting a password--one cause but multiple help desk calls.

-Fix the 20%, you have 80% free time.

-5 years ago, spent all day running around. Now I prevent problems and am available for larger issues.

Examples

cd,ls cp mv pwd echo dd

-Each character has a unique ability and you send them out to do tasks-Mirrors command line tools: combine them to complete tasks

Basic scriptsDay-to-day Automation And Deployment

Access to assistive devicessqlite3 or tccutil.py

AccessibilityAdd/remove & enable/disableNo user interactionOne line of code

-Window pops up requesting access

-Example: TextExpander

-Database file--not as easy to deploy as a .plist

Notification Center settingsNCutil.py

change alert settingsAdd/remove appsChange alert styleGet settingsRemove system alertsOne+ line of code

-Change to banners to avoid "sticky" notifications

Remove system Notifications

Fix bugs / defects

-All software will have bugs, so you can use scripting to fix any issue

jamf (D-007146)Multiple Recovery HDs get createdRegain lost space3 lines of code

-Hard drives showing on desktop

-Click minus sign? No, script instead

Remove Guest Networknetworksetup

Remove Guest networkRemoves SSID from preferred listFewer "I can't print" calls4 lines of code

-Two networks, one throttled down

-400+ removals since beginning of school year

-400 times I don't have to run to fix printer.

Change settings on all printersecho, nc, cat, for, lpadmin, lpstat, lpr

printer settingsList all printer IP addressesChange "Ready" messagePrint a test pageChange serial numbersChange any lpadmin setting~5 lines of code

-Print page with IP address

-Shown you a lot: only up to 5 lines--you don't need to be a genius

remote gui loginosascript

automated keystrokesLogin into the GUIVerify settings after imagingPre-load labs for testingAccessibility needs to be enabled8 lines of code

-Anytime I need to touch three or more computers, I start to feel like Tom Cruise. Scripting can help with that.

-Maybe you work at JAMF and are a test proctor. Login all computer to test screen

enforce "Macintosh Hd"diskutil

Renaming the volumeRoot drive not "Macintosh HD"?Changes it back 9 lines of code

Fix paused printerslpstat, cupsenable, cupsdisable, cancel

Un-pause without passwordStudents are not adminsPrompts for passwordDetects and un-pauses11 lines of code

Advanced ScriptsPowerful automation

-Basic scripts are easy to modify

-Advanced--more for unique ideas

/Users on separate partitiondiskutil

data segregationRe-image without destroying user dataUser and system data is separated24 lines of codeCaveats

-Fast recovery

Fits in with OS X's resource domains: User, Local, Network, System.

-CoreStorage and Fusions drives not supported

Set power schedule for all computersPython, pmset

Different Settings per computerPython script (better logic)Different settings depending on computer name20+ lines of code

-Uses Python, but runs a bash command

-Don't overload power grid when computers come on

-Crashed JSS when not powerful enough

-Could make config profile for each one, but settings are slightly offset

Enforce WallpaperMavericks and Yosemite

Enforce with launchdStored in .db not .plistChecks every 30 secondsEnforces wallpaper 40 lines of code

-Could deploy a .db, but fun to mess with students

re-index garageband loopsALPindex, for, rm

-Apple does't say why it happens...

Sometimes the loop browser may not show all the available loops on your computer. If this happens...

support.apple.com/kb/PH1936

-You want to deploy GarageBand-Can deploy .plist to skip some of the steps-But still have the issue of loop index files

for Loop for loopsApple-developed command line toolBypass Apple's 15 manual stepsFaster indexingLog of installed loopsMoot in v10 (maybe)?40 lines of code

-ALPindex found in iLife installer

-Still can use for speed and log of loops

efi alternativeSingle-user Mode Intrusion-Detection System

log SUM accessReal-time notification when someone boots to SUMText alertsKlaxonExtension attribute Log all commands entered (forensics)42 lines + 8 lines of code

-How does it work?1. Script runs at boot2. Gets static IP3. If IP is pingable, alert is sounded

GeektoolScripting to display information

At-a-glance info JSS connection statusNetwork IP and SSIDComputer names and modelOS X versionPower eventsConfig profiles installedUsersWarranty statusLog files

-When you log in as an admin, you usually gather information to solve an issue. This makes info available as soon as you log in.

When all else failsKeystrokes and mouse clicks

Simulate keystrokesosascript

Simulate mouse clicksMouseTools, click, osascript

Click buttons, links, etc.Click at X, Y coordinateClicks might vary between resolutionsosascript is more accurate, if supported

Honorable MentionsSet all four computer namesSet the dock for all usersCreate users based on computer nameRemove login itemsEnd-user notifications when script executesScripting Pearson's TestNavPi-hole: network-wide, hardware ad-blockingSet Favorite Connect To... Servers

doneAutomate mundane tasks

Time saved = mission pursued

Basic scripts--easy-to-adapt

Advanced scripts for unique tasks

Commands built in (except for two)

Questions?

Resourcesjacobsalmela.comtccutil.py (download)NCutil.py (download)Fix multiple Recovery HDsRemove guest network (or prevent access)Change printer ready message (or serial number or any setting)Remote GUI loginEnforce Macintosh HDFix paused printers/Users on a separate partitionpmset all computersEnforce wallpaperRe-index GarageBand loopsSingle-user Mode Intrusion-detection System (geeklet)GeekTool desktop (geeklets)Script mouse click (MouseTools) (download click) (real-life examples)