12 Replies Latest reply on Mar 25, 2009 6:01 AM by homermg

    delet profile


      Hi all,


      is it possible to delet profiles over the ldms on a mac? and to install certifikates?


      thanks in davance

        • 1. Re: delet profile

          Hi all,


          no one an idea? I dont found any information about it i the manual. :-(



          • 2. Re: delet profile

            If you want to delete the user folder, throw it into a custom script similar to this:



            REMEXEC01=rm -rf /Users/username


            or if you want to delete the cached login:



            REMEXEC01=dscl . -delete /Users/username


            (Where username = the username you want to delete)



            For certificates on a 10.5.x machine you could make a custom script similar to this:



            REMEXEC01=curl -s http://server/path/RootCA.pem -o /private/tmp/RootCA.pem

            REMEXEC02=curl -s http://server/path/IssuingCA.pem -o /private/tmp/IssuingCA.pem

            REMEXEC03=/usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /private/tmp/RootCA.pem

            REMEXEC04=/usr/bin/security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain /private/tmp/IssuingCA.pem




            For certificates on a 10.4.x machine you could make a custom script similar to this:



            REMEXEC01=curl -s http://server/path/RootCA.pem -o /private/tmp/RootCA.pem

            REMEXEC02=curl -s http://server/path/IssuingCA.pem -o /private/tmp/IssuingCA.pem

            REMEXEC03=/usr/bin/certtool i /private/tmp/IssuingCA.pem v k=/Library/Keychains/System.keychain

            REMEXEC04=/usr/bin/certtool i /private/tmp/RootCA.pem v k=/System/Library/Keychains/X509Anchors




            All of these script written in web browser editor, please verify the paths and syntax before you use them.



            • 3. Re: delet profile

              rm -rf

              • 4. Re: delet profile

                Thanks for proofing :-)

                • 5. Re: delet profile

                  one little mistake with rm and you get all paranoid forever

                  • 6. Re: delet profile

                    Hi all,


                    thank you very mach for such detailed answer!


                    can i also delete the user folder and cashed login from all users except Administrator?


                    in which type of file i should save this script?


                    do i deploy this script like a normal application? cretae pakage than method and so on?



                    thanks in advance

                    • 7. Re: delet profile

                      Those were written as LANDesk custom scripts, To create a LANDesk custom script login to the console and go to Manage Scripts, create a new script.



                      You could certainly put the content into a .sh file and create a software distribution to push a task as well. The .sh file would be much more flexible, as it would be fairly easy to create a loop to delete all folders in the /Users directory, or delete all users with dscl.



                      • 8. Re: delet profile

                        Hi Gil Burns,


                        the delete the files and folder works fine only in the usersetting is the account still there.


                        but i dont find the *.sh files if i create a script it open an *.ini file.


                        Can you help me to make a script wich delete all the all profile except Administrator.




                        also the certifikate installation is not working.


                        REMEXEC01=curl -s http://landesk/ldlogon/Certificate V1.cer -o /Users/Administrator/Certificate V1.cer
                        REMEXEC02=/usr/bin/certtool i /Users/Administrator/Certificate V1.cer v k=/Library/Keychains/System.keychain


                        i edit this parts, maybe i did somthing wrong

                        the transfering the certifikate is working, but i don see them in keychain


                        thank you very much for your help!

                        • 9. Re: delet profile

                          If you want to use .sh files, you need to create them yourself. Upload the files to your package server or your core server. Then create a Mac software distribution and use the .sh file as your source. Mac software distributions will support pushing of .sh files.



                          For your LANDesk custom script to push out certificates, I think you need to quote your paths and that might be all you need to do:



                          REMEXEC01=curl -s "http://landesk/ldlogon/Certificate V1.cer" -o "/Users/Administrator/Certificate V1.cer"
                          REMEXEC02=/usr/bin/certtool i "/Users/Administrator/Certificate V1.cer" v k=/Library/Keychains/System.keychain


                          If the quoting doesn't work, then substitute %20 for the spaces in the http URL. You also might consider a certificate file name without the spaces. :-)

                          • 10. Re: delet profile

                            after to qoute the parts nothing runs anymore.

                            without qoute the paths the certifikate is copy to the client only the installation of the certifikate is not working.


                            if i type the comands (/usr/bin/certtool i "/Users/Administrator/Certificate V1.cer" v k=/Library/Keychains/System.keychain) in the terminal i recive the folow error:

                            ***pemDecode: no terminator found
                            ***/Users/Administrator/certificate1.cer: Bad PEM formatting. Aborting.


                            i dont find anything about this errormessage


                            can you help me with this please?

                            • 11. Re: delet profile

                              Sorry I didn't catch it the last response, your certificates need to be in PEM format, not CER. You can import CER through the Keychain GUI, but the command line example I posted expects PEM.


                              A simple way to change the format is to import the certificates into the Keychain via the GUI, then export them into PEM.


                              You could also use the openssl command line to convert them like this:


                              openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem

                              • 12. Re: delet profile

                                Hi Gil,


                                after i build the PEM format it works!!!



                                do you know how i can also switch to " allways trust" certifikate in the script?


                                where  i can find the syntax for this?