Free without Warranty
home page url:
The ZENworks OS X agent (ZAC) is based on the ZENworks Unix agent. By default, both of these agents only grant SuperUser rights to the "root" user, which is a standard best practice in the Unix world. However, on OS X the "root" user is disabled by default, and best practice for OS X is to do everything with another local administrative user instead of enabling or using root.
So, whose best practice do you use? This script furthers OS X best practices by granting a local administrative user SuperUser rights in ZAC without permanently enabling root or requiring manual intervention. Once the local admin has SuperUser rights to ZAC, any other ZAC user changes can be done by this administrator and we never have to think about "root" again.
The script works by temporarily enabling root using OS X's "dsenableroot" command, using "Expect" to SSH into the workstation from itself, running the appropriate ZAC commands to grant privileges, and ends by running dsenableroot again -- this time to DISable the root user (including wiping root's temporary password).
Script syntax is very simple:
/path/to/script/zacosxadmin.expect adminusername adminuserpassword newrootpassword
and the script is suitable for deploying from Terminal, ZENWorks itself, Apple Remote Desktop, or whatever other non-Novell Mac deployment system you are going to be replacing with ZEN :) .
More documentation is in the script's own comments. I have tested it on OS X 10.5, and it should be thoroughly forward-compatible. Please let me know what your experience is with it, whether you find it useful, and how it might be improved.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.