Tuesday, October 25, 2011

Making corrections after deployment (or whoops!)

Like clockwork, almost as soon as we deployed the new workstations, we began receiving complaints about things that weren't right.  Most of the initial complaint were "I need the administrator password so that I can install software and make changes."  This was met with a resounding "NO!"  It's been an uphill battle and we admittedly have to do some good work to repair our department's reputation. It was most entertaining to get a phone call with a complaint and to be able to tell them "Look at the computer, I'm logged into it right now. And, that program that you said doesn't work does."

The last week or so has been pretty quiet.  After they began to see printers and software magically appear on their computers, they stopped complaining.

There was one item that slipped by us: Some of the laptops would be going home with teachers and administrators and they would need to be able to connect to their home wireless networks.  We had this locked down to prevent students from changing to an open network that they can see from the school.

After hours of digging and false starts, I found the preference file that needed to be changed:


My first reaction was it's a plist, it should be easy to script the change.  Wrong! It doesn't act like any of the other plist files.  Using a "defaults write" command would put the setting into the wrong place in the file.  I tried to open it in several plist editors, and it only found some of the settings, none of which I needed to change.

After I got home I spent a couple of hours trying to use sed and awk to change the file, but I couldn't get the regex correct.  I was about to give up, when I decided to give Google another try and found my answer:


I ran it with the -h flag to see the options available and I found what I needed:

RequireAdmin (Boolean)
RequireAdminIBSS (Boolean)
RequireAdminNetworkChange (Boolean)
RequireAdminPowerToggle (Boolean)

I could use "/usr/libexec/airportd en1 prefs RequireAdmin=NO" to change all of the settings at once or I could use the others to get more granular if I chose. I wrapped this in a quick BASH script and tested - success!! Here's the code that I created.

#  Script to allow Users to change the wireless network without requiring a password

# Turn off all settings
/usr/libexec/airportd en1 prefs RequireAdmin=NO

# To allow granular settings you could do the following:
#/usr/libexec/airportd en1 prefs RequireAdminIBSS=
#/usr/libexec/airportd en1 prefs RequireAdminNetworkChange=
#/usr/libexec/airportd en1 prefs RequireAdminPowerToggle=

exit 0

Tomorrow I get to see if it works with Lion.


Anonymous said...

Thank you!

Anonymous said...

You're a lifesaver. Thanks!