Disable EFI password – Intel Mac

Boot normally and logon as an admin user.  Pop in the Leopard install dvd then open Terminal and type in

open /Volumes/Mac\ OS\ X\ Install\ DVD/Applications

In the window that opens, choose Utilities and then Firmware Password Utility. Uncheck the box to set the firmware password and click Change.  The EFI password is now blank.

Software Updates via terminal

If you want to do an automatic install of all the updates for a particular Mac, you can do it easily in the background using ARD.  Gather up the system you want to update then execute a unix command: softwareupdate -i -a and specify to run it as the root user even if you have not enabled the root user account on the workstation.  It takes a while but the results window pretty much updates after each title install — it’ll even tell you if the remote system needs restarting.

If you want to do it manaully (perhaps via a remote ssh login), log in as an administrative user, and type: sudo softwareupdate -i -a. You’ll be prompted to enter your admin level password.  If you wish, this can also be done locally via a terminal window.

To see all the command options, type man softwareupdate in a Terminal window.

Enabling VNC access via ssh

If you need to connect via a VNC client in Windows or such and don’t have ARD around, just login to the system via ssh and run the following (all one line):

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -activate -access -on -clientopts -setvnclegacy -vnclegacy yes -setvncpw -vncpw [your password] -restart -agent

This will set the remote Leopard system (and probably Tiger too) to allow legacy VNC connections from non-Macs and allow you to use the password you chose with the -vncpw option to connect from any VNC client.

You may also have to kill the AppleVNCServer process before you can successfully connect. Type

killall AppleVNCServer

. You can also find the PID through the ‘top’ command, then type kill .

Importing Users into Tiger Server (OS X 10.4)

(…to be edited. screenshots and more to be added)

Populate a spreadsheet using the following fields: Full Lastname (field:A1), Firstname (B1), DOB (C1), Grade (D1). Add additional columns for Teacher Name (E1), LastName-clean (F1), Grad Year(currently unused, G1), Shortname (H1), School Year (I1), Sequential UID# (J1), Unique(final) UserID# (K1).

Be sure to clean it up by removing spaces, apostrophes, hyphens, etc if you don’t use a self cleaning formula.

Cell# – Description

  • F2 – (maybe create a self cleaning name from A2)
  • H2 – =F2&B2
  • J2 – after all student data is entered, sort by grade then simply sequentally number them using three digits (ie: 001, 002)
  • K2 – =$I2&”0″&$D2&$J2

Name the tab SeedData.
Create a new tab called Data to Export.

For Reference:
Column – DataField

  • A=unused but must exist.
  • B=shortname:ID
  • C=Realname(first.last)
  • D=password(aka DOB in this spreadsheet)
  • E=homedir
  • F= AFP homdir
  • G=PasswordType
  • H=TeacherName
  • I=password specs (force change password on 1st login and do not allow further password changes)


  • B1 =SeedData!H2&”:”&SeedData!K2
  • C1 =SeedData!B2&”.”&SeedData!A2
  • D1 =SeedData!C2
  • E1 =”/Network/Servers/servername.blah.edu/Volumes/RAID/Students/”&SeedData!D2&”th/”&SeedData!H2
  • F1 =”<home_dir><url>afp\://servername.blah.edu/Students</url><path>”&SeedData!D2&”th/”&SeedData!H2&”</path></home_dir>”
  • G1 – Standard text: dsAuthMethodStandard\:dsAuthClearText
  • H1 =SeedData!E2
  • I1 – standard text (forces user to create a new password on login and disallows changing password later on): newPasswordRequired=1:canModifyPasswordforSelf=0

Example data after formula:

  • C1: first.last
  • E1:for a 6th grade student named first last- /Network/Servers/servername.blah.edu/Volumes/RAID/Students/6th/lastfirst
  • F1: <home_dir><url>afp\://servername.blah.edu/Students</url><path>6th/smithshane</path></home_dir>

When you’re done save/export as a CSV (windows), not as a CSV (comma delimited). This is needed to format the file with unix line feeds as opposed to adding a carriage return also like windows prefers. To make sure you using LF only, you could always open up the file in a text editor such as Notepad++ and tell it to re-save in unix format.

Open Workgroup Manager and Connect to your server using the directory admin user.

  • Select “Import” from the “Server” menu.
  • Select the csv file that we saved above.
  • Select “Ignore new record” from the “Duplicate Handling:” dropdown menu. If you want to replace existing records, delete them before importing.
  • Leave the other drop downs at “None” unless you have a preset that you want to use for all of the new users.
  • Leave the ID boxes blank, and click “Import”.

A new window should pop up asking you to enter Record Type, Special Characters, and Field Mappings.

Users will be the record type.
Special Characters:

  • Record delimiter: 0x0A – Newline
  • Attribute delimiter: 0x2C – ,
  • Attribute value delimiter: 0x3A – :
  • Escape character: 0x5C – \

Field Mappings:
(screenshot later)

Everything but the AuthMethod is selectable from the drop down menu. To get to the AuthMethod, select “Other” from the drop down menu and then select
AuthMethod from the secondary menu.

Creating a new user from cmdline – OS X (Leopard)

Run the commands with sudo or as root.

Create a new local user (.) in the user category: dscl / -create /Users/ericgus

Shell (bash): dscl . -create /Users/ericgus UserShell /bin/bash

Users full name: dscl . -create /Users/ericgus RealName "Mr. Eric Gustafson"

User ID: dscl . -create /Users/ericgus UniqueID 503

Group ID: dscl . -create /Users/ericgus PrimaryGroupID 20

Home directory: dscl . -create /Users/ericgus home /Users/ericgus

Password: dscl . -passwd /Users/ericgus PASSWORD (or for a prompted entry use: passwd ericgus)

Add Administrative functions: dscl . -append /Groups/admin GroupMembership ericgus

-- Or a full blown script with prompting that checks userid, etc.  As written, this assumes root user (and bootup as single user I believe)  I'll update this as I come up with something that can be pushed via ard or such. --


#This script will create a user of your choice using your credentials. The user will not show up in the login window until a restart.

#Function to check the current usernames against the new username.

function checkusername {
local testun=$(dscl . -list /Users | grep $userA)
if [ “$testun” == “$userA” ];
echo “The username “$userA” already exists”
echo “Username is unique!”

#Function to check the current userID’s against the new userID.

function checkuserid {
local testuid=$(dscl . -list /Users UniqueID | grep “$userid” | awk ‘{print $2}’ )
if [ “$testuid” == “$userid” ];
echo “The userid “$userid” already exists”
echo “UserID is unique!”

#Funtion to check that both passwords are the same.

function chkpasswd {
if [ $password != $password2 ]
echo “Passwords do not match or are blank. Passwords can’t be blank. Exiting…”
exit 0
echo “Passwords Match!”

#Step 1, enter new credentials to create user with.

echo “Enter Real Name”
read realname
echo “Enter Username”
read userA
echo “Enter Password”
read password
echo “Re-Enter Password”
read password2

#Check to see if your sure you want to use the entered credentials.

echo “Use these creds?”
echo “Real Name: “$realname
echo “Username: “$userA
echo “Password: “$password

echo “Y or N:”
read creds

if [ $creds = y -o $creds = Y ];
echo “Let’s make a user named “$userA” with the password “$password
echo “Are you in Single User Mode? (Default N)”
read sum

#Checks to see if your in single user mode. If you are, it loads the directory services plist.

if [ $sum = y -o $sum = Y ];
echo “Loading Directory Services”
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
echo “Skipping launchctl load”

#Asks if you need to see all the userID’s already used.

echo “Making user…”
echo “Do you know what userID is availible? (Default Y)”
read existuserid

if [ $existuserid = n -o $existuserid = N ];
#Prints the existing user account records and inserts them to users.out.
dsexport users.out /Local/Default dsRecTypeStandard:Users
#Prints users.out to screen.
tail -n 5 users.out
echo “Find the next userID available.”
#Removes users.out to clean up after printing to screen.
rm users.out

#Asks for the new userID. Checks if userID exists using checkuserid function.

echo “OK, Enter new userID number:”
read userid

#The meat of the script. These are the commands that create the user with your specified credentials.

dscl . -create /Users/””$userA””
dscl . -create /Users/””$userA”” UserShell /bin/bash
dscl . -create /Users/””$userA”” RealName “$realname”
dscl . -create /Users/””$userA”” UniqueID $userid
dscl . -create /Users/””$userA”” PrimaryGroupID 80
dscl . -create /Users/””$userA”” home /Users/””$userA””
dscl . -passwd /Users/””$userA”” $password
dscl . -append /Groups/admin GroupMembership “”$userA””

echo “All Done, “$userA” was created!”
sleep 2
echo “Please Try Script Again!”
exit 1

Ramblings from a SysAdmin/Tech