12 Replies Latest reply on Mar 25, 2009 6:01 AM by homermg

    delet profile

    Apprentice

      Hi all,

       

      is it possible to delet profiles over the ldms on a mac? and to install certifikates?

       

      thanks in davance

        • 1. Re: delet profile
          Apprentice

          Hi all,

           

          no one an idea? I dont found any information about it i the manual. :-(

           

          thx

          • 2. Re: delet profile
            Apprentice

            If you want to delete the user folder, throw it into a custom script similar to this:

             

            [MACHINES_MACX]

            REMEXEC01=rm -rf /Users/username

             

            or if you want to delete the cached login:

             

            [MACHINES_MACX]

            REMEXEC01=dscl . -delete /Users/username

             

            (Where username = the username you want to delete)

             

             

            For certificates on a 10.5.x machine you could make a custom script similar to this:

             

            [MACHINES_MACX]

            REMEXEC01=curl -s http://server/path/RootCA.pem -o /private/tmp/RootCA.pem

            REMEXEC02=curl -s http://server/path/IssuingCA.pem -o /private/tmp/IssuingCA.pem

            REMEXEC03=/usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /private/tmp/RootCA.pem

            REMEXEC04=/usr/bin/security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain /private/tmp/IssuingCA.pem

             

             

             

            For certificates on a 10.4.x machine you could make a custom script similar to this:

             

            [MACHINES_MACX]

            REMEXEC01=curl -s http://server/path/RootCA.pem -o /private/tmp/RootCA.pem

            REMEXEC02=curl -s http://server/path/IssuingCA.pem -o /private/tmp/IssuingCA.pem

            REMEXEC03=/usr/bin/certtool i /private/tmp/IssuingCA.pem v k=/Library/Keychains/System.keychain

            REMEXEC04=/usr/bin/certtool i /private/tmp/RootCA.pem v k=/System/Library/Keychains/X509Anchors

             

             

             

            All of these script written in web browser editor, please verify the paths and syntax before you use them.

             

             

            • 3. Re: delet profile
              Employee

              rm -rf

              • 4. Re: delet profile
                Apprentice

                Thanks for proofing :-)

                • 5. Re: delet profile
                  Employee

                  one little mistake with rm and you get all paranoid forever

                  • 6. Re: delet profile
                    Apprentice

                    Hi all,

                     

                    thank you very mach for such detailed answer!

                     

                    can i also delete the user folder and cashed login from all users except Administrator?

                    and

                    in which type of file i should save this script?

                    and

                    do i deploy this script like a normal application? cretae pakage than method and so on?

                     

                     

                    thanks in advance

                    • 7. Re: delet profile
                      Apprentice

                      Those were written as LANDesk custom scripts, To create a LANDesk custom script login to the console and go to Manage Scripts, create a new script.

                       

                       

                      You could certainly put the content into a .sh file and create a software distribution to push a task as well. The .sh file would be much more flexible, as it would be fairly easy to create a loop to delete all folders in the /Users directory, or delete all users with dscl.

                       

                       

                      • 8. Re: delet profile
                        Apprentice

                        Hi Gil Burns,

                         

                        the delete the files and folder works fine only in the usersetting is the account still there.

                         

                        but i dont find the *.sh files if i create a script it open an *.ini file.

                         

                        Can you help me to make a script wich delete all the all profile except Administrator.

                         

                         

                         

                        also the certifikate installation is not working.

                        [MACHINES_MACX]


                        REMEXEC01=curl -s http://landesk/ldlogon/Certificate V1.cer -o /Users/Administrator/Certificate V1.cer
                        REMEXEC02=/usr/bin/certtool i /Users/Administrator/Certificate V1.cer v k=/Library/Keychains/System.keychain

                         

                        i edit this parts, maybe i did somthing wrong

                        the transfering the certifikate is working, but i don see them in keychain

                         

                        thank you very much for your help!

                        • 9. Re: delet profile
                          Apprentice

                          If you want to use .sh files, you need to create them yourself. Upload the files to your package server or your core server. Then create a Mac software distribution and use the .sh file as your source. Mac software distributions will support pushing of .sh files.

                           

                           

                          For your LANDesk custom script to push out certificates, I think you need to quote your paths and that might be all you need to do:

                           

                          [MACHINES_MACX]

                          REMEXEC01=curl -s "http://landesk/ldlogon/Certificate V1.cer" -o "/Users/Administrator/Certificate V1.cer"
                          REMEXEC02=/usr/bin/certtool i "/Users/Administrator/Certificate V1.cer" v k=/Library/Keychains/System.keychain

                           

                          If the quoting doesn't work, then substitute %20 for the spaces in the http URL. You also might consider a certificate file name without the spaces. :-)

                          • 10. Re: delet profile
                            Apprentice

                            after to qoute the parts nothing runs anymore.

                            without qoute the paths the certifikate is copy to the client only the installation of the certifikate is not working.

                             

                            if i type the comands (/usr/bin/certtool i "/Users/Administrator/Certificate V1.cer" v k=/Library/Keychains/System.keychain) in the terminal i recive the folow error:

                            ***pemDecode: no terminator found
                            ***/Users/Administrator/certificate1.cer: Bad PEM formatting. Aborting.

                             

                            i dont find anything about this errormessage

                             

                            can you help me with this please?

                            • 11. Re: delet profile
                              Apprentice

                              Sorry I didn't catch it the last response, your certificates need to be in PEM format, not CER. You can import CER through the Keychain GUI, but the command line example I posted expects PEM.

                               

                              A simple way to change the format is to import the certificates into the Keychain via the GUI, then export them into PEM.

                               

                              You could also use the openssl command line to convert them like this:

                               

                              openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem

                              • 12. Re: delet profile
                                Apprentice

                                Hi Gil,

                                 

                                after i build the PEM format it works!!!

                                THX

                                 

                                do you know how i can also switch to " allways trust" certifikate in the script?

                                 

                                where  i can find the syntax for this?