User template and Novell ActiveSync provisioning

Similar Messages

• Trying to create user template and login script

  I'm trying to setup a machine at work that's got an Admin account and a Student account.
  I want the student account to have limited privileges and to reset the desktop, dock etc. (user template) upon login.
  I've got a document here that was created by a former employee that states the following:
  Create a user template: (do this from the admin account)
  *Sudo ditto /Users/Student /Student/Library/User\ Template/Student.lproj*
  Upon entering this into terminal I was getting a message saying the real path was wrong, and now nothing happens when I enter the above.
  Ok, so in: "system/Library/User Template" there is a folder called Student.lproj
  Within Student.lproj there are no files.
  Should Student.lproj even exist there with no contents for this to work? When Terminal creates a template, does it copy this information into Student.lproj or does it create a new folder for the template?
  The account is hanging for quite a while on Login and logout now as well.
  Once I create this template for the Student account, I need to create a login script that will restore the template upon login of the Student account.
  please help

  It's /System/Library/... not /Student/Library
  Also, if you want it to reset at log out, just have them log in as Guest.
  See this article: http://www.michaelsmac.com/modules.php?file=article&name=News&sid=394

• AppleScript: Waiting for a user to enter user name and password

  I'm currently working on an AppleScript designed to automate binding a computer to Active Directory and another script to install a login certificate. While you can create a UNIX shell script for the Active Directory binding, I found that you have to have your user name and password in the script itself and this system will be deployed by multiple people.
  So instead I'm doing an GUI Automation AppleScript of Directory Utility. What I'd like to do is have the script to wait for the admin user (who will be remoting in by ARD) to enter their Network user and password, click okay and then continue the script to quit the program and then run a self-destruct (which I'd also appreciate any advice about doing in AppleScript)
  Here's the script so far, which I've set up successfully:
  activate application "Directory Utility"
  tell application "System Events"
    click text field 1 of row 1 of table 1 of scroll area 1 of group 1 of group 1 of window "Directory Utility" of application process "Directory Utility"
    click button 1 of group 1 of group 1 of window "Directory Utility" of application process "Directory Utility"
    click text field 2 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    keystroke "EXAMPLE.COMPANY.com"
    click UI element 3 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    click radio button "Administrative" of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    click checkbox "Allow administration by:" of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    click button 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    click row 1 of table 1 of scroll area 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    keystroke "GroupExamplePS NA"
    click button 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    click row 2 of table 1 of scroll area 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    keystroke "GroupExampleNA"
    click button 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    click row 3 of table 1 of scroll area 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    keystroke "GroupExampleNATemps"
    click button 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    click row 4 of table 1 of scroll area 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    keystroke "GroupExampleTeam 1"
    click button 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    click row 5 of table 1 of scroll area 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    keystroke "GroupExampleTeam 2"
    click button 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    click row 6 of table 1 of scroll area 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    keystroke "GroupExampleTeam 3"
    click button 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    click row 7 of table 1 of scroll area 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    keystroke "GroupExampleDesktop Admins"
    click button 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    click row 8 of table 1 of scroll area 1 of tab group 1 of sheet 1 of window "Directory Utility" of application process "Directory Utility"
    keystroke "GroupExampleDomain Admins"
    click button "Bind…" of sheet 1 of window "Directory Utility" of application process "Directory Utility
  <<WAIT LINE HERE FOR NETWORK ADMIN AND AND PASS, THEN USER WILL CLICK OKAY, THEN CONTINUE SCRIPT>>
  <<QUIT ACTIVE DIRECTORY>>
  <<SELF-DESTRUCT>>
  end tell
  It isn't a real command prompt like if you're changing System Preferences or something. It's a specialized prompt specifically for Directory Utility. However, I do need to know how to make AppleScript wait for a password for a standard Password Prompt for adding a certificate to the login keychain through Keychain Access. I've also done pretty much the same thing as above for that script.
  Any tips would be GREATLY appreciated.

  Yeah, I know GUI Scripting is not the best way, but I couldn't find a successful variable system for the following script. The other issue is that I'd prefer to send this by ARD and have ARD ask for a User Name and Password, but I've found there's no way to do that. Then again, I can't send the AppleScript purely remotely either.
  What I mean by self-destruct is simply I only want the Active Directory binding script to run once upon login to the primary admin user and then delete itself so it doesn't get run again. The login certificate script I want to run once on each new user who logs in (so I'll likely be putting it in the "User Template") and then delete itself so it doesn't run the next time they log in. I can't figure out any way to hit those buttons through a shell script.
  Here's the original UNIX shell script: (This is what I'm using temporarily until I figure out a solution that doesn't require my user name and password to be embedded)
  #! /bin/bash
  MACNAME=$(scutil --get ComputerName)
  dsconfigad -add "CORP.DOMAIN.NET" \
  -username USER \
  -password PASS \
  -computer $MACNAME \
  -mobile disable \
  -mobileconfirm disable \
  -localhome enable \
  -useuncpath enable \
  -shell /bin/bash \
  -ou OU=Macs,CN=Computers,DC=corp,DC=DOMAIN,DC=net \
  -force \
  -localpassword "PASSWORD" \
  -groups "GROUPS"
  And here is the Certificate Installation AppleScript
  activate application "Keychain Access"
  tell application "Finder" to open POSIX file "/FolderName/Certificate.crt"
  delay (3)
  tell application "System Events" to tell process "Keychain Access"
    click button "Add" of window "Add Certificates"
    click button "Always Trust" of group 3 of sheet 1 of window "Keychain Access"
  end tell
  Thanks for the help. I really appreciate it. This is a rather new field for me and most of my knowledge comes from Google Searches and about a billion tabs trying to find answers.

• Problems customizing the user template

  Hi,
  I'm trying to customize the user template on 2 laptops. I've done this before with no problems, but this time it doesn't appear to be working correctly. I'm using the following command
  cp -R /Users/TEMPLATE/* /System/Library/User\ Template/English.lproj
  where TEMPLATE is the name of the user account I want to use as my custom template.
  When I enter this command I receive the following:
  usage: cp [-R [-H | -L | -P]] [-fi | -n] [-pvX] source_file target_file
  cp [-R [-H | -L | -P]] [-fi | -n] [-pvX] source_file ... target_directory
  Can anyone help me?
  I'm using Leopard and am logged in as root.

  I thought a typo may have been possible too. So I even copied and pasted the command string from the website which gave the directions for customizing the user template and it still wouldn't work. I ended up finding a post somewhere where someone else had problems with this and they simply suggested logging in as root and manually copying the files to the User Template folder which worked for me. Still like to know why it didn't work through the Terminal. Strange. Anyway, I have a workaround if I run into it again. Thanks for your help and the advice about the keychain!

• User Templates

  On Mac OS X 10.4.x I have used the User Template folder (/System/Library/User Template/English.lproj/*) to create a common screen for any user logging on to the campus network of my university. This seems to have changed with 10.5: I have found two template folders (User Templates and user.template); and neither seems to work.
  Is there any way to create and save a set of common settings for network users -- and for the Guest Account, which seems to hold so much promise?

  I found that if I copy folders and settings to both the User Template folders English.lproj and non-localized, then this would let everyone -- even those with lower-case aliases -- log on to the Macs.

• When add a people picker (user column) in Word document (Template) and try to add a name it stuck!

  When add a people picker (user column) in Word document (un the document Template) and try to add a name it stuck!
  Is it a known issue?
  keren tsur

  Hi,
  According to your description, I have tested in my environment and I  have the same behavior.
  Only if you type the wrong name in the first time, then you click the phone book to search the right name and save, it will stuck. It means if you do other operation(e.g. type the wrong name then click “resolve” button, then search in the phone book) and
  repeat the operation above, it won’t stuck.
  It is appreciate that you can submit a feedback to Microsoft:
  https://connect.microsoft.com/
  Thanks,
  Dean Wang
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Script to Copy preference file to all users profiles and to the default template

  I have build a package using Apple PackageMaker, this will install an application and a preference (plist) file to the current logged in user. Now I wanted to build a postflight script, which can copy a plist (ex com.test.plist) form an current logged in user to other user account on a machine also to the default user template (/System/Library/user template/...../Library/preferences) so any new user account created will have same preference file copied.

  Hi Mark...here is another script which work well if I have to copy my preference file from an account named as "admin" or some other account. However, it not certain that all Mac machine will have a account named as "admin". This is why I am looking for a way to copy the preference file from /private/var location to all user accounts on a mac.
  #!/bin/sh
  localUsers=$( dscl . list /Users UniqueID | awk '$2 >= 501 {print $1}' | grep -v admin )
  for userName in "$localUsers"; do
       cp /Users/admin/Library/Preferences/org.mypreference.plist /Users/$userName/Library/Preferences/
       chown $userName /Users/$userName/Library/Preferences/org.mypreference.plist
  done
  I tried to update it as suggest in some other forum like this, still no luck
  #!/bin/sh
  UserAccounts=`dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }'`
  for userName in "$UserAccounts"; do
       cp /private/var/org.mypreference.plist /Users/$userName/Library/Preferences/
       chown $userName /Users/$userName/Library/Preferences/org.mypreference.plist
  done
  When I run the above script it comes up with the following error:
  cp [-R [-H | -L | -P]] [-fi | -n] [-apvX] source_file target_file
  cp [-R [-H | -L | -P]] [-fi | -n] [-apvX] source_file ... target_directory
  chown: admin: No such file or directory
  chown: admin/Library/Preferences/org.mypreference.plist: No such file or directory

• Provisioning - Emailing User Name and Password to end user

  In GRC AC 5.3  Access Enforcer when a new user account is provisioned, a URL or link is sent to the end user's email.
  When the user clicks the link the user can view the user name and password.
  My questions?
  1. Should the end user have a UME role, to click the link and view the loginid and password?
  2. Is this 'URL menthod' optional or, is there a configuration to change it back to plain text login and password like in the GRC AC 5.2 version?
  Any help is appreciated.

  Hi Prakash,
      Here are the responses to your questions:
  1. Should the end user have a UME role, to click the link and view the loginid and password? No. End user does not need to have any role.
  2. Is this 'URL menthod' optional or, is there a configuration to change it back to plain text login and password like in the GRC AC 5.2 version? Yes, it is optional.
  You need to set Send Password in Email Reminder option to Yes at Configuration>Workflow>Email reminder-->Closing Tab.
  Regards,
  Alpesh

• How can set a customized search results template and all users see it

  Hi all ,,,,
  I Added new costume template search result
  And when I added this template it’s added only for the user how created this template ,And I need all users see and use this template can anyone tell how I can add template for search result and all users see it or if I can do synchronies for this template.

  I wasn't able to understand what was meant by this post. Therefore, I modified the standard template HeadLine View.
  Columns for this template are defined in the include slim_search_result_table_header_setup (in std_page.htm).
  Here is the modification of the code:
  <$if customTemplateId and not (baseTemplateId like customTemplateId)$>
            <$columnsString = utGetValue("customlisttemplates/" & strLower(customTemplateId), "columns")$>          
            <!-- Modify START by Oracle-->
       <$else$>
  <!-- here add default fields -->
            <$columnsString="dDocName,dDocTitle,dInDate,dDocAuthor"$>
  <!-- here add your custom fields -->
            <$columnsString=columnsString&",xComment"$>
            <!-- Modify END by Oracle-->
       <$endif$>

• YouTube Template User Name and Password

  Tried using the YouTube batch template. I got the advisory that compressor failed because it did not have a YouTube user name and password. I can't find instructions on how to include that info. Any suggestions.
  Thanks
  Kent

  Remember, that when you use the Batch Templates you need to select the job in the Batch window to load the job (not the target) into the Inspector so that you can access the Job Actions. From there you'll be able to input your YouTube (or MobileMe) account information.
  BG

• Pros and Cons for replacing the default user template?

  Hi,
  since I've installed a new server, I don't want to make any mistake,
  If I replace the default user template (*.iproj) by my own, is it really a bad idea?
  Am I better modifying the existing one (.plist) even if it is more work?
  Thanks

  If I replace the default user template (*.iproj) by my own, is it really a bad idea?
  While you can modify the default User Template, it is not a recommended practice to do so. Since you are managing clients via MCX, anything that you set in WGM for user preferences will be added to the user's profile at login. If you have a need for some specific application preferences that need to be added for users, configure the application on a workstation as a local user and then import the .plist into WGM. Anything else -folders or files- that an application creates in the local user prefs folders, that may be needed, can usually be placed in the /Library/Preferences, /Library/Application Support, and /Library/Managed Preferences folders on the clients so that users have access to them.

• OSX 10.6.2 and Novell Netware eDirectory 8.8 SP5

  Ok, forgive the long winded post - but I thought some background would be in order. Briefly, the problem we have is:
  We create a new user in eDirectory, extended them with apple-user,
  add apple-user-homeDirectory of:
  /Network/Servers/<ip of server>/SERVER.VOLUME/HomeDirectory
  and an apple-user-homeurl of:
  afp://<ip of server>/SERVER.VOLUME/HomeDirectory
  AFP works fine, I can manually mount this volume with login / password in OSX with Command-K
  LDAP authentication works great.
  After login, no home directory is mounted or exists, so we get an error (login still occurs).
  Now, if I change the apple-user-homeurl to:
  <home_dir><url>afp://<ip of server>/SERVER.VOL</url><path>HomeDirectory</path></home_dir> (this is how an X Serve stores this value in Open Directory) and attempt to login, login fails "because an 'error' occurred"
  If I check the console / system logs on the OSX client, I see:
  authorizationhost[455]: afp home directory mount failed in theEnumerator->Count in AFP_OpenSession: status = Unknown error: -5023
  Now, for the weird part, if I change apple-user-homeurl on the user back to:
  afp://<ip of server>/SERVER.VOLUME/HomeDirectory - login then works fine and their home directory is created and they are able to use the Mac normally.
  Any ideas? I will post this to Apple forums as well. If I get any answers I will cross-post them.
  Thanks,
  Joe Jenkins
  ps: Novell, please please please, we really need a working OSX client for Netware / OES!!!
  Background:
  New Netware 6.5SP8 server / eDirectory 8.8 SP5 / latest NMAS
  Latest Novell AFP FTF patch from mid Sept 2009
  Edirectory schema extended and LDAP mappings made with documentation I pieced together on the web. If I browse via ldap, I am seeing proper returns for all the objects I need to login.
  Mount object created in Edirectory for the AFP mount corresponding to users home directories.
  OSX test client is Snow Leopard 10.6.2 (patched this morning, clean install)
  Authentication works fine, client works fine once I do the switcheroo with the apple-user-homeurl as indicated above, AFP mounts work fine in OSX, no weird errors in NMAS/LDAP dstrace, AFPTCP.log etc
  By the way, if anyone else is trying to figure this out, my LDIF and my LDAP template may be of use:
  http://www.nerdnet.com/edirldifandplist.zip
  The LDIF is the Apple schema you apply to your eDirectory to support OS X computers. The template is used by the Directory Utility on OSX for mapping eDirectory values to their OSX values. It's taken me about two weeks of work off and on to get a working set of these, hope they save someone else some time!
  Thanks to whoever wrote the "Integrating Mac OS X and Novell eDirectory" document - it was a great help, as is Randy Saek's posts here and his written document "Mac OS X and Novell eDirectory integration" - with these documents and numerous posts on Novell's forums, I've almost got this working well (these documents are available all over the web, but if you can't find them, let me know and I'll put them on my webserver)
  Cheers,
  Joe Jenkins

  A long winded post deserves a long winded reply! Are you serving the home directories from Novell's AFP file server? If not -- if you're serving them from a Mac server -- then nevermind all this.
  If so, you may need to create a generic mount object in your eDirectory tree (not an AppleShare object -- I've never been able to get that working)
  Get Properties of the mount object and, under the "Other" tab (I'm assuming you're using ConslowOne) add the following attributes: values (or whatever variations of them are appropriate for you)
  apple-mountDirectory: /Network/Servers
  apple-mountOption: net
  apple-mountOption: url==afp://;AUTH=NO%20USER%[email protected]/staff-network-drive
  (yes, apple-mountOption gets two values! i just wrote the attribute twice for clarity)
  apple-mountType: url
  Once I had this in place I still had to do some fiddling with how to specify the home directory for each user. I settled on
  OSX Home: /Network/Servers/10.9.7.11/student-network-drive/Users/stevejobs
  (you would put this in apple-user-homeDirectory, not OSX Home. We just mapped things a little differently.)
  apple-user-homeurl: <homedir><url>afp://10.9.7.11/student-network-drive</url><path>Users/stevejobs</path> </homedir>
  Note how we have Users/stevejobs in the path section. This is different than how Workgroup Manager will save it, even though it will appear to be the same path if you look at it in WGM (thanks, apple.) Unfortunately the way WGM saves it doesn't work (at least, I couldn't get it to) so you can't use WGM to assign this attribute. I ended up writing a shell script to do it.
  Hope that helps. If you want the shell script, I can probably dig it up but make sure you know what you're doing with it. It is tailored to our system and I didn't bother writing any exception handling, so it could very well nuke your system, call you names and eat your dog.

• Leopard Default User Template

  Hi,
  I used to be able to create a customised default user template in Tiger by copying my customised account to the /System/Library/User\ Template/English.lproj folder.
  In leopard however new accounts are not getting the customised settings.
  My method is as follows:
  Create temp account
  Login to temp account and customise all my settings such as desktop image, icons, finder preferences, dock, program preferences, printers, etc.
  before logging out I delete the login keychain, references and files. Clear out the ~/Library/Caches folder.
  logout and into and admin account.
  Run terminal
  su - to enable root user
  copy the current default template to a backup area using..
  cp -R /System/Library/User\ Template/English.lproj/* /backup are path
  Then clear it out
  rm -R /System/Library/User\ Template/English.lproj/*
  Then copy the new one in
  cp -R /Users/Temp/* /System/Library/User\ Template/English.lproj
  All the files and folders copy over but when I login with a new account none of the customised settings are used.
  Any ideas on how to get this working?

  Situation I can authenticate network users to LDAP on our Novell server. Our Novell server does not have mappings for Apple computers though so it is just basic authentication. I was able to script mapping of the appropriate volumes as a start up item in the dock because some of our servers can connect as AFP servers.
  The problem is after they authenticate through LDAP at the login screen they all get dumped into the root users profile and they have root user powers. Even after I disabled the root user.
  I wanted them to use the custom default profile I made. I created a temp user called student customized it copied its profile to the default user profile location. With the instructions you posted above. If I create a new user in account preferences it uses that custom profile fine BUT network users always login as the / a root user.
  I could possibly use the root user because we want to lock down the harddrive with deepfreeze. BUT the Novell iPrint program required for users to print does not work at all in this crazy Fake Root user environment.
  What am I missing to get my Mac to use my custom profile.

• Template based on Modify Provision Resource not showing existing groups

  Hi All,
  In OIM 11gR1, we have created custom templates based on Provision and Modify Provision Resource. For templates based on Modify Provision Resource, Oracle says that it should show all existing groups/responsibilities of the beneficiary during request creation. However, it shows empty rows during adding of new responsibilities. Has anyone faced this issue and why is this happening.
  Please let us know.
  Thanks.

  Samique Tanweer, Hope this solutions helps you.
  One possibility is, If your CSS template is common for both BI and Other department Users except LOGO, then create a single CSS template.
  In your report, Take a blank cell. Insert image into it.
  Now, Create a Alert based on Users and apply that alert(Rule) to above inserted image.

• Group policy template for Novell Client for Windows 7

  Does anyone know if there is a group policy template for the Novell Client for Windows 7? I find it really hard to believe that Novell has not yet released one, but I cannot find one anywhere. We use ZCM 11.2, and I really need to be able to send out settings for the client via a group policy.
  By the way, I am also posting this on the Novell Client forum, but since this is also a ZCM thing, I am hoping I might get some feedback here.
  Rick P

  Two recent/new resources are available for the Novell Client 2 SP3 for Windows:
  Cool Solutions AppNote: Novell Client 2 SP3 for Windows: Registry Settings
  Novell Client 2 SP3 for Windows: Registry Settings | Novell User Communities
  Cool Solutions Tool: Group Policy Administrative Template for Novell Client 2 SP3 for Windows
  Group Policy Administrative Template for Novell Client 2 SP3 for Windows | Novell User Communities