Clone Parental Control settings with Apple Remote Desktop

Mar 05, '08 07:30:02AM

Contributed by: dormouse

The key to cloning parental controls with ARD is niutil, the command line utility for netinfo. This works for Tiger (and probably Panther), but will not work in Leopard as Apple has finally banished netinfo from Leopard.

Read on for the how-to...

Here's how to do the cloning...

  1. Set the parental controls in the normal manner (System Preferences » Accounts » Parental Controls) on the donor machine.
  2. On the ARD admin machine, select the donor machine and send this Unix command /usr/bin/niutil -readprop . /users/student mcx_settings, where student is the account with the parental controls; execute as root and be sure to display all output.
  3. Select the plist in the ARD results window. Use Command-A to select all, then place the cursor in front of the first line of the plist, hold down shift, and click. Copy the plist.
  4. Create a new document in a text editor that preserves the UTF-8 coding with the contents of the clipboard (the plist). I recommend the free TextWrangler from Bare Bones Software.
  5. Add these two lines at the beginning of the file:
      #!/bin/bash
      mcx_var=$(cat  <<'EndOfParameter'
  6. Add these two lines to the end of the file:
      EndOfParameter)
      /usr/bin/niutil -createprop . /users/student mcx_settings "$mcx_var"
    Again, student is the account to be set.
  7. Save the file in a convenient spot and make it executable (e.g., chmod 740 thescript).
The file is now a shell script to replace the parental controls on the machine where it is executed. Ideally, one would paste this into the Send Unix Command window of ARD and blast it out to the desired machines. This fails in my tests with ARD2. Some alternatives: Place the script in a convenient location on the server. A simple approach is to use your ARD admin machine as a server: just turn on Personal File Sharing (System Preferences » Sharing), but there is a limit of 10 simultaneous connections.

In ARD, select the target machines and send these shell commands (execute as root):
  $ mkdir /Volumes/tmpserver/
  $ mount -t afp afp://admin:password@server/admin /Volumes/tmpserver/
  $ /Volumes/tmpserver/Documents/thescript
  $ umount -f /Volumes/tmpserver/
Use the appropriate username (I've shown admin) and password, and use either the URL or the IP address of your server machine. This creates the mountpoint (/Volumes/tmpserver/), mounts the server on it, executes the script, then unmounts the server. In this example, the mountpoint is created in the /Volumes directory, and the script has been put in the Documents folder of the admin account (and is named thescript).

You're putting in the admin account password, but ARD encrypts its transmissions (be careful if you save this as an ARD task). If you don't otherwise want file sharing on, turn it off after you're done with this procedure.

Note: There is a section in this same plist to lock the dock; insert or remove it to lock/unlock the dock.

Comments (1)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20080228122425114