Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Script the Login window through Apple Remote Desktop' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Script the Login window through Apple Remote Desktop
Authored by: ihadmeavision on Feb 16, '10 06:03:10PM

Great hint and link, thank you! Does anyone know what would happen if a student decided not to login but clicked in the password field and left. Since it's actually typing in the field and then tabs to the next field, could someone see your password? Curtain mode is broken in ARD (at least mine is) so could any of these potentially expose your password, if the fields get reversed? Would there be a way to make sure the first field selected is the username field? Thanks for any suggestions.



[ Reply to This | # ]
Script the Login window through Apple Remote Desktop
Authored by: applebit on Feb 16, '10 07:09:15PM

That is where my original script owns any other solution that is out there. You can have incorrect fields selected and the script will select the appropriate field.

Also since it fills in the field rather then "types" in the field, it is a futher reason to use the top script I provided.

There is nothing wrong with other scripts - they do the job, but the one I worked long and hard to find a solution for is a 100% certainty that it will not expose passwords and will login properly.

I can't tell you enough how overjoyed I am to finally have this solution!

---
Jon McCullough
Systems Support Specialist



[ Reply to This | # ]
Script the Login window through Apple Remote Desktop
Authored by: GuidoDelConfuso on Feb 16, '10 11:04:28PM
There is nothing wrong with other scripts - they do the job, but the one I worked long and hard to find a solution for is a 100% certainty that it will not expose passwords and will login properly.

Really? You can't think of a single attack vector against sending a shell script containing a plaintext password across the network to be executed (from a world-readable file with a known name) on a machine where it trusts implicitly that the operating system utilities haven't been compromised before typing its password into the second dialog box of any application that happens to be named "SecurityAgent"? Well, how about this one, for starters: mkfifo /tmp/Login_Automatically.sh ; cat /tmp/Login_Automatically.sh

Don't get me wrong. I'm sure your script performs admirably the job it's intended to do, and it may well be secure enough for your purposes. But let's not get cocky and claim with "100% certainty that it will not expose passwords". If anything, you're begging for your password to be stolen as soon as some inquisitive user with a bit more computer knowledge than scruples takes an interest in your remote login scheme. In other words, if you've already deployed this system in your average college computer lab--or, God forbid, a high school lab--then your password is already common knowledge among the student body.

[ Reply to This | # ]

Script the Login window through Apple Remote Desktop
Authored by: ecwh73 on Sep 06, '11 10:31:46AM

John,

What technique did you use to determine the field names in SecurityAgent? 10.7 has completely broken this functionality and I'm rather hurting here to fix it. We manage around a 1000 macs, mostly during production hours. The original Apple ARD script still works, but it's rather clumsy pushing strings into System Events without field references.

Given the format is just "text field 1 of group 1 of window 1", was it just a lucky guess?

I have developed a rather trivial way to push out password hash updates if required, but I would rather not have to need to due to a field population error.



[ Reply to This | # ]
Script the Login window through Apple Remote Desktop
Authored by: applebit on Mar 20, '12 11:21:32AM
I have since discovered that 10.7 has broke this - an altered version worked for me this morning (even showing this to some of the other tech's in our office) then it broke - now if I run the same code by sending out via ARD it works... I submitted a bug report with Apple because we need this resolved!



sudo touch /var/db/.AccessibilityAPIEnabled
osascript <<EOT<br> tell application "System Events"
tell process "SecurityAgent"
set value of text field 1 of group 1 of window "Login" to "localpass"
set value of text field 2 of group 1 of window "Login" to "localadmin"
end tell
end tell
EOT


and the other option that WAS working but now isn't (and only a few short hours later!):


osascript <<EOT<br> tell application "System Events"
tell process "SecurityAgent"
repeat 2 times
delay 0.1
key code 48
delay 0.1
key code 51
end repeat
keystroke "username"
key code 48
keystroke "password"
repeat 3 times
delay 0.1
key code 36
end repeat
end tell
end tell
EOT


---
Jon McCullough
Systems Support Specialist


[ Reply to This | # ]
Script the Login window through Apple Remote Desktop
Authored by: applebit on Mar 20, '12 11:31:07AM
Just sent to Apple Bug Report:

ok, new info - if I send the command thru ARD it works and *THEN* it will work in the script - it appears as though "System Events" is not running until then. So either this was done by design or it is a bug. Either way it would be **GREATLY** helpful to know as this is a }}MAJOR{{ functionality of our environment and we are considering moving all 2000 intel machines to 10.7 in a few months.
---
Jon McCullough
Systems Support Specialist


[ Reply to This | # ]
Script the Login window through Apple Remote Desktop
Authored by: patrickfergus on Feb 16, '10 07:55:14PM

Restart the target computers--then you'll have the same field selected on each computer. Not elegant, but doesn't require enabling the accessibility for assistive devices. Luckily I'm not competing with curious kids who might go touch machines that spontaneously restart, so YMMV and enabling accessibility might be the way to go for you.



[ Reply to This | # ]