[Casper] Search and destroy apps

Miles Leacy miles.leacy at themacadmin.com
Mon Jan 12 12:30:21 PST 2009 

I received a note about my script from someone at Apple, and I want to make
sure to mention that Leopard's MCX will allow you to prohibit launching apps
from a user's home folder.  In fact, you can allow or disallow the launching
of apps from any folder(s).
The script I provided is an option if you:
have Tiger clients
don't have OD
don't want to mess with using MCX in the local directory service
want to delete the app(s) as well as deny launching

----------
Miles A. Leacy IV

 Certified System Administrator 10.4
 Certified Technical Coordinator 10.5
 Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Mon, Jan 12, 2009 at 1:17 PM, Miles Leacy <miles.leacy at themacadmin.com>wrote:

> I left out a command in the script in my first message.  Here is the
> complete script:
> #!/bin/bash
>
> ##### HEADER BEGINS #####
> # scr_maint_searchDestroyAppsInHomeFolder.bash
> #
> # Created 20090112 by Miles A. Leacy IV
> # miles.leacy at themacadmin.com
> # Modified 20090112 by Miles A. Leacy IV
> # Copyright 2009 Miles A. Leacy IV
> #
> # This script may be copied and distributed freely as long as this header
> remains intact.
> #
> # This script is provided "as is".  The author offers no warranty or
> guarantee of any kind.
> # Use of this script is at your own risk.  The author takes no
> responsibility for loss of use,
> # loss of data, loss of job, loss of socks, the onset of armageddon, or any
> other negative effects.
> #
> # Test thoroughly in a lab environment before use on production systems.
> # When you think it's ok, test again.  When you're certain it's ok, test
> twice more.
> #
> # This script performs a search & destroy on any apps in the user's home
> folder
> # This script deletes user data.  Be sure of your organization's policies
> as they may apply before using.
> #
> # Again, THIS SCRIPT DELETES USER DATA.  Make sure you understand what data
> will be deleted and that it is
> # permissible to delete that data before using this script.
> #
> # It is intended to be run as part of a Casper policy triggered by login.
> #
> # Note: This script can take several minutes to run on very large home
> folders.
> # It took 5 minutes and 31 seconds on a 146.77 GB home folder on a Mac Pro
> in testing.
> #
> ##### HEADER ENDS #####
>
> # Set $isapp to indicate whether an item is an application
> # initial value is 0
> # a value of 0 = not an application
> # a value of 1 = an application
> isapp=0
>
> # return the absolute path of each item in the specified directory and act
> upon them in the "do" loop.
> find  /Users/$3 | while read file
> do
>
> # skip the contents of .app bundles
>     [[ "$file" = *.app/* ]] && continue
>
> # determine whether $file is an application and change value of $isapp if
> it is
>     isapp=`mdls -name kMDItemKind "$file"|grep -c Application`
>
> # if $file is an application ($isapp contains any nonzero value), act upon
> it.
>     if [ $isapp -ne 0 ];
>       then echo "Deleting" "$file"; rm -R "$file"
>     fi
>
> # reset $isapp
>     isapp=0
>
> done
>
>
> ----------
> Miles A. Leacy IV
>
>  Certified System Administrator 10.4
>  Certified Technical Coordinator 10.5
>  Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> On Mon, Jan 12, 2009 at 12:26 PM, Miles Leacy <miles.leacy at themacadmin.com
> > wrote:
>
>> Hi all,
>> I have another script to share.  In more than one environment I've worked
>> with, users were not allowed to store or run apps in/from their home
>> folders.  Policies were made clear that any apps in one's home folder were
>> considered a policy violation, and subject to automatic deletion.  I put
>> together the following script to make sure I never had to go hunt for
>> someone's hidden apps again.
>>
>> #!/bin/bash
>>
>> ##### HEADER BEGINS #####
>> # scr_maint_searchDestroyAppsInHomeFolder.bash
>> #
>> # Created 20080729 by Miles A. Leacy IV
>> # miles.leacy at themacadmin.com
>> # Modified 20090112 by Miles A. Leacy IV
>> # Copyright 2009 Miles A. Leacy IV
>> #
>> # This script may be copied and distributed freely as long as this header
>> remains intact.
>> #
>>  # This script is provided "as is".  The author offers no warranty or
>> guarantee of any kind.
>> # Use of this script is at your own risk.  The author takes no
>> responsibility for loss of use,
>> # loss of data, loss of job, loss of socks, the onset of armageddon, or
>> any other negative effects.
>> #
>> # Test thoroughly in a lab environment before use on production systems.
>> # When you think it's ok, test again.  When you're certain it's ok, test
>> twice more.
>> #
>> # This script performs a search & destroy on any apps in the user's home
>> folder
>> # This script deletes user data.  Be sure of your organization's policies
>> as they may apply before using.
>> #
>> # Again, THIS SCRIPT DELETES USER DATA.  Make sure you understand what
>> data will be deleted and that it is
>> # permissible to delete that data before using this script.
>> #
>> # It is intended to be run as part of a Casper policy triggered by login.
>> #
>> # Note: This script can take several minutes to run on very large home
>> folders.
>> # It took 5 minutes and 31 seconds on a 146.77 GB home folder on a Mac Pro
>> in testing.
>> #
>> ##### HEADER ENDS #####
>>
>> # Set $isapp to indicate whether an item is an application
>> # initial value is 0
>> # a value of 0 = not an application
>> # a value of 1 = an application
>> isapp=0
>>
>> # return the absolute path of each item in the specified directory and act
>> upon them in the "do" loop.
>> find  /Users/$3 | while read file
>> do
>>
>> # skip the contents of .app bundles
>>     [[ "$file" = *.app/* ]] && continue
>>
>> # determine whether $file is an application and change value of $isapp if
>> it is
>>     isapp=`mdls -name kMDItemKind "$file"|grep -c Application`
>>
>> # if $file is an application ($isapp contains any nonzero value), act upon
>> it.
>>     if [ $isapp -ne 0 ];
>>       then echo "Deleting" "$file";
>>     fi
>>
>> # reset $isapp
>>     isapp=0
>>
>> done
>>
>> ----------
>> Miles A. Leacy IV
>>
>>  Certified System Administrator 10.4
>>  Certified Technical Coordinator 10.5
>>  Certified Trainer
>> Certified Casper Administrator
>> ----------
>> voice: 1-347-277-7321
>> miles.leacy at themacadmin.com
>> www.themacadmin.com
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090112/508ec704/attachment.html

More information about the Casper mailing list