Overview
When you create a deployment policy in the CrashPlan console, the process generates user-detection scripts and arguments for CrashPlan app install commands. This article provides details about the scripts for Windows, Mac, and Linux devices.
Need help?
For assistance, contact your Customer Success Manager (CSM) to engage the CrashPlan Professional Services team. If you don't know who your CSM is, contact our technical support team.
Considerations
About user detection scripts
CrashPlan relies on usernames having an email format, for instance, firstname.lastname@example.com. A user detection script detects the usernames in another system, such as a directory service, and transforms them to a username format that CrashPlan can use. When you create a user detection script, you must customize it for the system where you need to detect usernames.
To make it easier to create a user detection script that's right for your situation, we provide example scripts for Windows and Mac systems. You can use these examples as a starting place when creating your own user detection script.
Windows
msiexec /i CrashPlan_n.n.n_Win64.msi
CP_ARGS="DEPLOYMENT_URL=https://.host
&DEPLOYMENT_POLICY_TOKEN=0fb12341-246b-448d-b07f-c6573ad5ad02
&PROXY_URL=http://.host/fname.pac"
CP_SILENT=true DEVICE_CLOAKED=false /norestart /qn
- To install for one user only, sign in as that user, and append the following three parameters to the command:
- ALLUSERS=2
- MSIINSTALLPERUSER=1
- INSTALL_PER_USER=1
Here are the individual parts of a command:
Elements | Description |
---|---|
msiexec /i | Windows command to install a product. |
CrashPlan_n.n.n_Win64.msi |
Name of CrashPlan app installer file, version n.n.n. You must update the filename and version number to match the version being deployed. |
CP_ARGS=" | Start of the installation properties copied from the deployment policy. |
DEPLOYMENT_URL= https://.host |
The address of your CrashPlan console. The CrashPlan app requests its deployment policy from this address. |
DEPLOYMENT_POLICY_TOKEN= | A unique ID string identifies each deployment policy. |
PROXY_URL= http://.host/fname.pac |
This argument is only present when your policy configuration says Use Org Proxy URL: Yes. If the argument is present, but has no value, the policy says use proxy: yes, but the organization has no proxy addresses defined. |
" | The value of CP_ARGS begins and ends with quote marks. |
CP_SILENT=true or false |
|
DEVICE_CLOAKED=true or false |
The Client Visibility setting for this organization.
This argument only affects client visibility during initial deployment. Future changes to the Client Visibility setting in the CrashPlan console are automatically pushed to the device. |
/norestart | The Windows operating system does not restart after the CrashPlan app installs. |
/qn | Quiet: The Windows installer does not open a console and does not prompt the user. |
/l* filename | CrashPlan app writes installation logs to filename. |
ALLUSERS=2 MSIINSTALLPERUSER=1 INSTALL_PER_USER=1 |
Add these three parameters if you wish to install the CrashPlan app for only the currently signed-in user, not all users of the device. |
ARPNOREMOVE= |
Optional) Add this parameter to prevent users from uninstalling the CrashPlan app from the Start menu and Add/Remove programs in the Control Panel. |
Example Windows user detection scripts
Following are example user detection scripts for the Windows platform. For help with these scripts, contact your Customer Success Manager (CSM) to engage the Professional Services team.
General usage:
- Replace "domain.com" with your domain name.
- Add users you want to exclude from processing to the denylist in each script (look for "ExcludedUsers" or "Excluded Users"). This helps IT teams ensure that the CrashPlan installation is set up for the correct end users, and not the support staff setting up the Windows computers for the first time.
Domain-joined username detection
Professional Services filename: Win_Azure_ADSI_Combined_Userdetect.bat
This script detects users running explorer.exe and determines their email addresses from the directory. This script is the default Windows user detection script used by the CrashPlan Professional Services team. For Entra, the script looks at one of two registry keys. This script requires an active connection to a Windows domain and requires Powershell v.4.0 or later.
<# : batch script
@echo off
setlocal
cd %~dp0
powershell -executionpolicy bypass -Command "Invoke-Expression $([System.IO.File]::ReadAllText('%~f0'))"
endlocal
goto:eof
#>
#Add users to this list that CrashPlan should not register with
$ExcludedUsers = @(
'user1'
'user2'
'user3'
'admin'
'Administrator'
'admin-*'
)
function Find-User {
Write-Log "Starting user detection..."
if (Check-Excluded-Users $username $AGENT_USERNAME) {
Write-Log "Trying to grab the username from hybrid Azure reg key..."
$username = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI | Select-Object -ExpandProperty LastLoggedOnDisplayName)
Write-Log "Display name found: ($username)"
$AGENT_USERNAME = (Get-ItemProperty HKLM:SOFTWARE\Microsoft\IdentityStore\LogonCache\*\Name2Sid\* | Where-Object {$_.DisplayName -eq $username} | Select-Object -Unique -ExpandProperty identityName)
Write-Log "Username found via hybrid Azure reg key: ($AGENT_USERNAME)"
}
if (Check-Excluded-Users $username $AGENT_USERNAME) {
Write-Log "Trying to find username from Azure Identity..."
$username = (Get-Process -IncludeUserName -Name explorer | Select-Object -ExpandProperty UserName).Split('\')[1]
Write-Log "Username found: ($username)"
$AGENT_USERNAME = (Get-ItemProperty HKLM:SOFTWARE\Microsoft\IdentityStore\Cache\*\IdentityCache\* | Where-Object {$_.SAMName -eq $username} | Select-Object -Unique -ExpandProperty UserName)
Write-Log "Email found in registry via Azure identity: ($AGENT_USERNAME)"
}
if (Check-Excluded-Users $username $AGENT_USERNAME) {
Write-Log "Trying to grab the username from ADSI domain lookup key..."
$username = (Get-Process -IncludeUserName -Name explorer | Select-Object -ExpandProperty UserName).Split('\')[1]
Write-Log "Local username found ($username)"
$searcher = [adsisearcher]"(samaccountname=$username)"
## Change attribute to userprincipalname, if required
$AGENT_USERNAME = ($searcher.FindOne().Properties.mail)
Write-Log "Username found via ADSI domain lookup: ($AGENT_USERNAME)"
}
if (Check-Excluded-Users $username $AGENT_USERNAME) {
Write-Log "Excluded or null email address detected ($username). Will retry user detection in 60 minutes, or when reboot occurs."
Write-Output "Excluded or null email address detected ($username). Will retry user detection in 60 minutes, or when reboot occurs."
exit
}
$ExplorerUser = (Get-Process -IncludeUserName -Name explorer | Select-Object -ExpandProperty UserName).Split('\')[1]
$wmiuser = Get-CimInstance Win32_UserAccount -Filter "Name = '$ExplorerUser'"
$AGENT_USER_HOME = Get-CimInstance Win32_UserProfile -Filter "SID = '$($wmiuser.SID)'" | Select-Object -ExpandProperty LocalPath
if (!$AGENT_USER_HOME) {
Write-Log "User home query from WMI failed. Using fallback home detection method"
$AGENT_USER_HOME = "$env:HOMEDRIVE\Users\$ExplorerUser"
Write-Log "User home set by appending $ExplorerUser to home path ($AGENT_USER_HOME)"
} ELSE {
Write-Log "User home queried from WMI successfully ($AGENT_USER_HOME)"
}
Write-Log "Returning AGENT_USERNAME: $AGENT_USERNAME"
Write-Log "Returning AGENT_USER_HOME: $AGENT_USER_HOME"
Write-Host AGENT_USERNAME=$AGENT_USERNAME
Write-Host AGENT_USER_HOME=$AGENT_USER_HOME
}
<# Helper functions below this point.#>
$PROC_LOG = "$env:HOMEDRIVE\ProgramData\CrashPlan\log\userDetect_Result.log"
function Check-Excluded-Users {
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true, Position=0)]
[AllowNull()]
[AllowEmptyString()]
[string]$username,
[Parameter(Mandatory=$true, Position=1)]
[AllowNull()]
[AllowEmptyString()]
[string]$AGENT_USERNAME
)
$ExcludedUsers | ForEach-Object { if ([string]::IsNullOrEmpty($AGENT_USERNAME) -or $username -like $_ -or [string]::IsNullOrEmpty($username) -or $AGENT_USERNAME -like $_) {
return $true
}
}
return $false
}
function Write-Log {
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true, Position=0)]
[string]$LogMessage
)
write-output $LogMessage
Add-Content -Path $PROC_LOG -Value (Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage))
}
Find-User
Explorer.exe script
Professional Services filename: UserDetect_Explorer_AppendDomain.bat
The following script detects users running explorer.exe and appends the domain of the email address. The script sets the home directory by adding the username to the \Users directory path in Windows. This script requires PowerShell v.4.0 or later.
<# : batch script
@echo off
setlocal
cd %~dp0
powershell -executionpolicy bypass -Command "Invoke-Expression $([System.IO.File]::ReadAllText('%~f0'))"
endlocal
goto:eof
#>
function Find-User {
Write-Log "Starting user detection..."
$username = (Get-Process -IncludeUserName -Name explorer | Select-Object -ExpandProperty UserName).Split('\')[-1].Split('@')[0]
Write-Log "User name found ($username)"
$AGENT_USERNAME = $username + '@domain.com'
Write-Log "Email assembled by appending domain ($AGENT_USERNAME)"
$ExcludedUsers = @(
'user1'
'user2'
'user3'
'admin'
'Administrator'
'admin-*'
)
$ExcludedUsers | ForEach-Object { if ([string]::IsNullOrEmpty($username) -or $username -like $_) {
Write-Log "Excluded or null email address detected ($username). Will retry user detection in 60 minutes, or when reboot occurs."
Write-Output "Excluded or null email address detected ($username). Will retry user detection in 60 minutes, or when reboot occurs."
exit
}
}
$wmiuser = Get-CimInstance Win32_UserAccount -Filter "Name = '$username'"
$AGENT_USER_HOME = Get-CimInstance Win32_UserProfile -Filter "SID = '$($wmiuser.SID)'" | Select-Object -ExpandProperty LocalPath
if (!$AGENT_USER_HOME) {
Write-Log "User home query from WMI failed. Using fallback home detection method"
$AGENT_USER_HOME = "$env:HOMEDRIVE\Users\$username"
Write-Log "User home set by appending $username to home path ($AGENT_USER_HOME)"
} ELSE {
Write-Log "User home queried from WMI successfully ($AGENT_USER_HOME)"
}
Write-Log "Returning AGENT_USERNAME: $AGENT_USERNAME"
Write-Log "Returning AGENT_USER_HOME: $AGENT_USER_HOME"
Write-Host AGENT_USERNAME=$AGENT_USERNAME
Write-Host AGENT_USER_HOME=$AGENT_USER_HOME
}
<# Helper functions below this point. Most likely these will not need to be edited. #>
$PROC_LOG = "$env:HOMEDRIVE\ProgramData\CrashPlan\log\userDetect_Result.log"
function Write-Log {
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true, Position=0)]
[string]$LogMessage
)
Add-Content -Path $PROC_LOG -Value (Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage))
}
Find-User
First name and last name script
Professional Services filename: UserDetect_FirstLastname_LastLoggedOnDisplayName.bat
The following script detects the locally logged-in users' first and last names and edits the string to create a username of firstname.lastname.
<# : batch script
@echo off
setlocal
cd %~dp0
powershell -executionpolicy bypass -Command "Invoke-Expression $([System.IO.File]::ReadAllText('%~f0'))"
endlocal
goto:eof
#>
function Find-User {
Write-Log "Starting user detection..."
$username = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI | Select-Object -ExpandProperty LastLoggedOnUser).Split('\')[-1].Split('@')[0]
$displayname = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI | Select-Object -ExpandProperty LastLoggedOnDisplayName)
#Remove and start and end spaces on the string and force lowercase
$displayname= $($displayname.Trim()).ToLower()
if([string]::IsNullOrEmpty($displayname) -or $displayname -like ""){
Write-log "Regkey LastLoggedOnDisplayName not found or empty. Will retry user detection in 60 minutes, or when reboot occurs."
exit
}
Write-Log "User name found ($username)"
Write-Log "DisplayName found ($displayname)"
#Check for firstname lastname or lastname, firstname in the regkey LastLoggedOnDisplayName
if($displayname -like "*,*"){
Write-Log "Lastname, Firstname Mode"
$namearray= $displayname.Split(",")
$lastname= $($namearray[0].Trim()).Trim(",")
Write-Log "ln: ($lastname)"
$firstname= $namearray[1].Trim()
Write-Log "fn: ($firstname)"
}
else{
Write-Log "Firstname Lastname Mode"
$namearray= $displayname.Split(" ")
$lastname= $namearray[1].Trim()
Write-Log "ln: ($lastname)"
$firstname= $namearray[0].Trim()
Write-Log "fn: ($firstname)"
}
$AGENT_USERNAME = $firstname + "." + $lastname + '@domain.com'
Write-Log "Email assembled by appending domain ($AGENT_USERNAME)"
$ExcludedUsers = @(
'user1'
'user2'
'user3'
'admin'
'Administrator'
'admin-*'
)
$ExcludedUsers | ForEach-Object { if ([string]::IsNullOrEmpty($username) -or $username -like $_) {
Write-Log "Excluded or null email address detected ($username). Will retry user detection in 60 minutes, or when reboot occurs."
Write-Output "Excluded or null email address detected ($username). Will retry user detection in 60 minutes, or when reboot occurs."
exit
}
}
$wmiuser = Get-CimInstance Win32_UserAccount -Filter "Name = '$username'"
$AGENT_USER_HOME = Get-CimInstance Win32_UserProfile -Filter "SID = '$($wmiuser.SID)'" | Select-Object -ExpandProperty LocalPath
if (!$AGENT_USER_HOME) {
Write-Log "User home query from WMI failed. Using fallback home detection method"
$AGENT_USER_HOME = "$env:HOMEDRIVE\Users\$username"
Write-Log "User home set by appending $username to home path ($AGENT_USER_HOME)"
} ELSE {
Write-Log "User home queried from WMI successfully ($AGENT_USER_HOME)"
}
Write-Log "Returning AGENT_USERNAME: $AGENT_USERNAME"
Write-Log "Returning AGENT_USER_HOME: $AGENT_USER_HOME"
Write-Host AGENT_USERNAME=$AGENT_USERNAME
Write-Host AGENT_USER_HOME=$AGENT_USER_HOME
}
<# Helper functions below this point. Most likely these will not need to be edited. #>
$PROC_LOG = "$env:HOMEDRIVE\ProgramData\CrashPlan\log\userDetect_Result.log"
function Write-Log {
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true, Position=0)]
[string]$LogMessage
)
Add-Content -Path $PROC_LOG -Value (Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage))
}
Find-User
Local account script
Professional Services filename: UserDetect_FirstLastName_NoActiveDirectory.bat
The following script retrieves names from a local account, joins the first name to the last name to create a username of firstname.lastname, and appends the domain of the email address. This script needs the Full Name field for a local account to be populated with a user's first name and last name separated by a space. This script requires PowerShell v4.0 or later.
<# : batch script
@echo off
setlocal
cd %~dp0
powershell -executionpolicy bypass -Command "Invoke-Expression $([System.IO.File]::ReadAllText('%~f0'))"
endlocal
goto:eof
#>
function Find-User {
Write-Log "Starting user detection..."
$username = (Get-Process -IncludeUserName -Name explorer | Select-Object -ExpandProperty UserName).Split('\')[-1].Split('@')[0]
Write-Log "User name found ($username)"
$fullname = (Get-CimInstance -Class Win32_UserAccount -Filter "LocalAccount='True'" | Where-Object -Property Name -like $username).FullName
Write-Log "Full name found ($fullname)"
$AGENT_USERNAME = ($fullname -replace " ",".") + '@domain.com'
Write-Log "Email assembled from full name ($AGENT_USERNAME)"
$ExcludedUsers = @(
'user1'
'user2'
'user3'
'admin'
'Administrator'
'admin-*'
)
$ExcludedUsers | ForEach-Object { if ([string]::IsNullOrEmpty($username) -or $username -like $_) {
Write-Log "Excluded or null email address detected ($username). Will retry user detection in 60 minutes, or when reboot occurs."
Write-Output "Excluded or null email address detected ($username). Will retry user detection in 60 minutes, or when reboot occurs."
exit
}
}
$wmiuser = Get-CimInstance Win32_UserAccount -Filter "Name = '$username'"
$AGENT_USER_HOME = Get-CimInstance Win32_UserProfile -Filter "SID = '$($wmiuser.SID)'" | Select-Object -ExpandProperty LocalPath
if (!$AGENT_USER_HOME) {
Write-Log "User home query from WMI failed. Using fallback home detection method"
$AGENT_USER_HOME = "$env:HOMEDRIVE\Users\$username"
Write-Log "User home set by appending $username to home path ($AGENT_USER_HOME)"
} ELSE {
Write-Log "User home queried from WMI successfully ($AGENT_USER_HOME)"
}
Write-Log "Returning AGENT_USERNAME: $AGENT_USERNAME"
Write-Log "Returning AGENT_USER_HOME: $AGENT_USER_HOME"
Write-Host AGENT_USERNAME=$AGENT_USERNAME
Write-Host AGENT_USER_HOME=$AGENT_USER_HOME
}
<# Helper functions below this point. Most likely these will not need to be edited. #>
$PROC_LOG = "$env:HOMEDRIVE\ProgramData\CrashPlan\log\userDetect_Result.log"
function Write-Log {
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true, Position=0)]
[string]$LogMessage
)
Add-Content -Path $PROC_LOG -Value (Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage))
}
Find-User
Text file script
Professional Services filename: UserDetect_ReadFromFile_User.bat
The following script reads a text file (default location C:\Temp\AGENT_User.txt) for the user email addresses, and sets the home directory by adding the username to the \Users directory path in Windows. This script requires PowerShell v4.0 or later.
<# : batch script
@echo off
setlocal
cd %~dp0
powershell -executionpolicy bypass -Command "Invoke-Expression $([System.IO.File]::ReadAllText('%~f0'))"
endlocal
goto:eof
#>
function Find-User {
Write-Log "Starting user detection..."
$username = (Get-Process -IncludeUserName -Name explorer | Select-Object -ExpandProperty UserName).Split('\')[-1].Split('@')[0]
Write-Log "User name found ($username)"
$AGENT_USERNAME = Get-Content $env:HOMEDRIVE\temp\AGENT_User.txt
Write-Log "Email read from file ($AGENT_USERNAME)"
$ExcludedUsers = @(
'user1'
'user2'
'user3'
'admin'
'Administrator'
'admin-*'
)
$ExcludedUsers | ForEach-Object { if ([string]::IsNullOrEmpty($AGENT_USERNAME) -or $username -like $_) {
Write-Log "Excluded or null email address detected ($username). Will retry user detection in 60 minutes, or when reboot occurs."
Write-Output "Excluded or null email address detected ($username). Will retry user detection in 60 minutes, or when reboot occurs."
exit
}
}
$wmiuser = Get-CimInstance Win32_UserAccount -Filter "Name = '$username'"
$AGENT_USER_HOME = Get-CimInstance Win32_UserProfile -Filter "SID = '$($wmiuser.SID)'" | Select-Object -ExpandProperty LocalPath
if (!$AGENT_USER_HOME) {
Write-Log "User home query from WMI failed. Using fallback home detection method"
$AGENT_USER_HOME = "$env:HOMEDRIVE\Users\$username"
Write-Log "User home set by appending $username to home path ($AGENT_USER_HOME)"
} ELSE {
Write-Log "User home queried from WMI successfully ($AGENT_USER_HOME)"
}
Write-Log "Returning AGENT_USERNAME: $AGENT_USERNAME"
Write-Log "Returning AGENT_USER_HOME: $AGENT_USER_HOME"
Write-Host AGENT_USERNAME=$AGENT_USERNAME
Write-Host AGENT_USER_HOME=$AGENT_USER_HOME
}
<# Helper functions below this point. Most likely these will not need to be edited. #>
$PROC_LOG = "$env:HOMEDRIVE\ProgramData\CrashPlan\log\userDetect_Result.log"
function Write-Log {
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true, Position=0)]
[string]$LogMessage
)
Add-Content -Path $PROC_LOG -Value (Write-Output ("{0} - {1}" -f (Get-Date), $LogMessage))
}
Find-User
Last logged on user script
Professional Services filename: UserDetect_Registry_AppendDomain.bat
The following script detects which user last logged in using the LastLoggedOnUser registry value in HKLM, and appends the domain of the email address. The script sets the home directory by adding the username to the \Users directory path in Windows.
Mac
hdiutil attach CrashPlan_n.n.n_Mac.dmg
installer -package "/Volumes/CrashPlan/Install CrashPlan.pkg"
-target LocalSystem
hdiutil detach /Volumes/CrashPlan
-
To install for one user only, sign in as that user and use
targetCurrentUserHomeDirectory
.
Individual parts of the commands are as follows:
Elements | Description |
---|---|
hdiutil attach CrashPlan_n.n.n_Mac.dmg |
Mount the CrashPlan app disk image. You must update the name of the installer file to match the exact name and version number being deployed. |
installer -package "/Volumes/CrashPlan/Install CrashPlan.pkg" |
Run the install program. |
-target LocalSystem -target CurrentUserHomeDirectory |
Install the CrashPlan app for all users of the device. Or, install for only the current user. |
hdiutil detach /Volumes/CrashPlan |
Unmount the CrashPlan app disk image. |
Mac deploy.properties file
The typical deploy.properties file reads like this:
DEPLOYMENT_URL=https://.host
DEPLOYMENT_POLICY_TOKEN=0fb12341-246b-448d-b07f-c6573ad5ad02
CP_SILENT=true
DEVICE_CLOAKED=false
PROXY_URL=http://.host/fname.pac
Individual parts of that file are as follows:
Elements | Description |
---|---|
DEPLOYMENT_URL= https://.host |
The address of your CrashPlan console. The CrashPlan app requests its deployment policy from this address. |
DEPLOYMENT_POLICY_TOKEN= | A unique ID string identifies each deployment policy. |
CP_SILENT=true or false |
|
DEVICE_CLOAKED=true or false |
The Client Visibility setting for this organization.
This argument only affects client visibility during initial deployment. Future changes to the Client Visibility setting in the CrashPlan console are automatically pushed to the device. |
PROXY_URL= http://.host/fname.pac |
The address of a proxy auto-config file. The file tells a CrashPlan app how to communicate with CrashPlan through a proxy server. This argument is only present when your policy configuration says Use Org Proxy URL: Yes. If the argument is present, but has no value, the policy says use proxy: yes, but the organization has no proxy addresses defined. |
Mac deploy.properties file location
When the CrashPlan app installer runs on Mac, it looks for the deploy.properties file in three locations, in the following order:
-
(Best practice) In the directory /Library/Application Support/CrashPlan
Installations for a single user use ~/Library rather than /Library. - In the disk image, typically in:
/Volumes/CrashPlan - In a Jamf Pro temp directory:
/tmp/mountpt/CrashPlan
Store in /Library
For most software management tools, the best location is the first option:
/Library/Application Support/CrashPlan
Location 1, Application Support (best practice)
For deployment with most software management tools, including Jamf Pro, store the file here:
/Library/Application Support/CrashPlan/deploy.properties
To install for a single user, rather than all users of a device, use ~/Library rather than /Library.
To create the directory and write the file, run a bash script like the following where you replace <deploy.properties>
with the text from your deploy.properties file:
#!/bin/bash
mkdir -p /Library/Application\ Support/CrashPlan
echo "<deploy.properties>" > /Library/Application\ Support/CrashPlan/deploy.properties
Location 2, the disk image
Adding deploy.properties to the installer disk image is best for users starting an install manually, by clicking on the *.dmg file.
Test this option:
Not all deployment software mounts the disk image in the same location, making deploy.properties in the disk image hard to find.
Add deploy.properties to the disk image as follows:
- Make a writable copy of the disk image.
- Mount the writable copy.
- Copy deploy.properties to the new image's root directory.
- Unmount the image.
- Return the image to the read-only state.
The following example shows the commands needed to add the deploy.properties file to the disk image.
hdiutil convert -format UDRW CrashPlan_n.n.n_Mac.dmg -o AGENT_n.n.n_w.dmg
hdiutil attach AGENT_n.n.n_w.dmg
cp deploy.properties /Volumes/CrashPlan/deploy.properties
hdiutil detach /Volumes/CrashPlan
hdiutil convert -format UDRO AGENT_n.n.n_w.dmg -o AGENT_n.n.n_ro.dmg
Location 3, Jamf Pro tmp
: /tmp/mountpt/CrashPlan
This location is unique to the Jamf Pro device management tool.
Example Mac user detection scripts
Following are example user detection scripts for the Mac platform. For help with these scripts, contact your Customer Success Manager (CSM) to engage the Professional Services team.
General usage:
- Replace "domain.com" with your domain name.
- Add users you want to exclude from processing to the denylist in each script (look for "admin1|admin2|admin3"). This helps IT teams ensure that the CrashPlan installation is set up for the correct users, and not the support staff setting up the Mac computers for the first time.
Prompt for email script
Professional Services filename: Email_prompt_for_email.sh
The following script creates a pop-up notification at CrashPlan app installation time prompting users to input their email address, which automatically registers the users in CrashPlan and starts backup. This script provides an alternative when no other scripts work and you want the end user to manually input their email address.
function main () {
writeLog "Starting user detection..."
local user=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }')
writeLog "User name found ($user)"
if [[ "$user" =~ ^(admin1|admin2|admin3)$ ]] || [[ -z "$user" ]]; then
writeLog "Excluded or null username detected ($user). Will retry user detection in 60 minutes, or when reboot occurs."
exit
else
local AGENT_USERNAME=$(ask 'CRASHPLAN BACKUP - Please fill in your email address to continue: ')
writeLog "Email found from user input ($AGENT_USERNAME)"
local AGENT_USER_HOME=$(dscl . -read "/users/${user}" NFSHomeDirectory | cut -d ' ' -f 2)
writeLog "Home directory read from dscl ($AGENT_USER_HOME)"
writeLog "Returning AGENT_USERNAME=$AGENT_USERNAME"
writeLog "Returning AGENT_USER_HOME=$AGENT_USER_HOME"
echo "AGENT_USERNAME=$AGENT_USERNAME"
echo "AGENT_USER_HOME=$AGENT_USER_HOME"
fi
}
function writeLog () {
echo "$(date) - $@" >> /Library/Logs/CrashPlan/userDetect_Result.log
}
function ask () {
osascript <<EOF - 2/dev/null
tell application "CrashPlan"
activate
text returned of (display dialog "$1" default answer "")
end tell
EOF
}
main "$@"
First initial and last name script
Professional Services filename: UserDetect_and_modify_firstinitial_dot_lastname.sh
The following script detects the locally logged-in users' first and last names and edits the string to create a username of firstinitial.lastname.
function main() {
writeLog "Starting user detection..."
local user=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }')
writeLog "User name found ($user)"
if [[ "$user" =~ ^(admin1|admin2|admin3)$ ]] || [[ -z "$user" ]]; then
writeLog "Excluded or null username detected ($user). Will retry user detection in 60 minutes, or when reboot occurs."
exit
else
realname="$(dscl . -read /Users/$user RealName | cut -d: -f2)"
if [[ ($realname =~ ',') ]]; then
writeLog "Real name contains a comma, assuming last, first format."
realname="$(echo $realname | sed -e 's/[[:space:]]*//g' | grep -v "^$" | tr '[:upper:]' '[:lower:]' | awk -F , '{print substr($2,1,1) "." $1}')"
else
realname="$(echo $realname | sed -e 's/^[[:space:]]*//; s/[[:space:]]*$//; s/^\(.\)[^ ]* /\1./' | grep -v "^$" | tr '[:upper:]' '[:lower:]')"
fi
local AGENT_USERNAME="$realname@domain.com"
writeLog "Email assembled from real name: $AGENT_USERNAME"
local AGENT_USER_HOME=$(dscl . -read "/users/${user}" NFSHomeDirectory | cut -d ' ' -f 2)
writeLog "Home directory read from dscl ($AGENT_USER_HOME)"
writeLog "Returning AGENT_USERNAME=$AGENT_USERNAME"
writeLog "Returning AGENT_USER_HOME=$AGENT_USER_HOME"
echo "AGENT_USERNAME=$AGENT_USERNAME"
echo "AGENT_USER_HOME=$AGENT_USER_HOME"
fi
}
function writeLog () {
echo "$(date) - $@" >> /Library/Logs/CrashPlan/userDetect_Result.log
}
main "$@"
First name and last name script
Professional Services filename: UserDetect_and_modify_firstname_dot_lastname.sh
The following script detects the locally logged-in users' first and last names and edits the string to create a username of firstname.lastname.
function main() {
writeLog "Starting user detection..."
local user=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }')
writeLog "User name found ($user)"
if [[ "$user" =~ ^(admin1|admin2|admin3)$ ]] || [[ -z "$user" ]]; then
writeLog "Excluded or null username detected ($user). Will retry user detection in 60 minutes, or when reboot occurs."
exit
else
realname="$(dscl . -read /Users/$user RealName | cut -d: -f2)"
if [[ ($realname =~ ',') ]]; then
writeLog "Real name contains a comma, assuming last, first format."
realname="$(echo $realname | sed -e 's/[[:space:]]*//g' | grep -v "^$" | tr '[:upper:]' '[:lower:]' | awk -F , '{print $2 "." $1}')"
else
realname="$(echo $realname | sed -e 's/^[[:space:]]*//; s/[[:space:]]*$//; s/ /./' | grep -v "^$" | tr '[:upper:]' '[:lower:]')"
fi
local AGENT_USERNAME="$realname@domain.com"
writeLog "Email assembled from real name: $AGENT_USERNAME"
local AGENT_USER_HOME=$(dscl . -read "/users/${user}" NFSHomeDirectory | cut -d ' ' -f 2)
writeLog "Home directory read from dscl ($AGENT_USER_HOME)"
writeLog "Returning AGENT_USERNAME=$AGENT_USERNAME"
writeLog "Returning AGENT_USER_HOME=$AGENT_USER_HOME"
echo "AGENT_USERNAME=$AGENT_USERNAME"
echo "AGENT_USER_HOME=$AGENT_USER_HOME"
fi
}
function writeLog () {
echo "$(date) - $@" >> /Library/Logs/CrashPlan/userDetect_Result.log
}
main "$@"
Text file script
Professional Services filename: UserDetect_from_text.sh
The following script reads the username from a text file (located by default at /tmp/CrashPlantest.txt). Use when no other logical way of finding the username can be determined and no user interaction is desired.
function main() {
writeLog "Starting user detection..."
local user=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }')
writeLog "User name found ($user)"
if [[ "$user" =~ ^(admin1|admin2|admin3)$ ]] || [[ -z "$user" ]]; then
writeLog "Excluded or null username detected ($user). Will retry user detection in 60 minutes, or when reboot occurs."
exit
else
local AGENT_USERNAME=$(cat /tmp/CrashPlantest.txt)
writeLog "Email read from file: $AGENT_USERNAME"
local AGENT_USER_HOME=$(dscl . -read "/users/${user}" NFSHomeDirectory | cut -d ' ' -f 2)
writeLog "Home directory read from dscl ($AGENT_USER_HOME)"
writeLog "Returning AGENT_USERNAME=$AGENT_USERNAME"
writeLog "Returning AGENT_USER_HOME=$AGENT_USER_HOME"
echo "AGENT_USERNAME=$AGENT_USERNAME"
echo "AGENT_USER_HOME=$AGENT_USER_HOME"
fi
}
function writeLog () {
echo "$(date) - $@" >> /Library/Logs/CrashPlan/userDetect_Result.log
}
main "$@"
Last logged on user script
Professional Services filename: UserDetect_last_plus_domain.sh
The following script checks the last known logged in users and narrows down the list to the currently logged-in user.
function main () {
writeLog "Starting user detection..."
local user=$(last | egrep 'console.*still' | egrep -v 'root|admin|reboot|shutdown|local|_mbsetupuser' | awk '{print $1}' | sort -u | head -n1)
writeLog "User name found ($user)"
if [[ "$user" =~ ^(admin1|admin2|admin3)$ ]] || [[ -z "$user" ]]; then
writeLog "Excluded or null username detected ($user). Will retry user detection in 60 minutes, or when reboot occurs."
exit
else
local AGENT_USERNAME="${user}@domain.com"
writeLog "Username assembled by appending domain ($AGENT_USERNAME)"
local AGENT_USER_HOME=$(dscl . -read "/users/${user}" NFSHomeDirectory | cut -d ' ' -f 2)
writeLog "Home directory read from dscl ($AGENT_USER_HOME)"
writeLog "Returning AGENT_USERNAME=$AGENT_USERNAME"
writeLog "Returning AGENT_USER_HOME=$AGENT_USER_HOME"
echo "AGENT_USERNAME=$AGENT_USERNAME"
echo "AGENT_USER_HOME=$AGENT_USER_HOME"
fi
}
function writeLog () {
echo "$(date) - $@" >> /Library/Logs/CrashPlan/userDetect_Result.log
}
main "$@"
Scutil script
Professional Services filename: UserDetect_scutil_user_plus_domain.sh
The following script uses the system configuration utility (scutil) to detect the logged-in user. The client's email domain needs to be appended to the resulting username to get a valid CrashPlan username.
function main () {
writeLog "Starting user detection..."
local user=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }')
writeLog "User name found ($user)"
if [[ "$user" =~ ^(admin1|admin2|admin3)$ ]] || [[ -z "$user" ]]; then
writeLog "Excluded or null username detected ($user). Will retry user detection in 60 minutes, or when reboot occurs."
exit
else
local AGENT_USERNAME="${user}@domain.com"
writeLog "Username assembled by appending domain ($AGENT_USERNAME)"
local AGENT_USER_HOME=$(dscl . -read "/users/${user}" NFSHomeDirectory | cut -d ' ' -f 2)
writeLog "Home directory read from dscl ($AGENT_USER_HOME)"
writeLog "Returning AGENT_USERNAME=$AGENT_USERNAME"
writeLog "Returning AGENT_USER_HOME=$AGENT_USER_HOME"
echo "AGENT_USERNAME=$AGENT_USERNAME"
echo "AGENT_USER_HOME=$AGENT_USER_HOME"
fi
}
function writeLog () {
echo "$(date) - $@" >> /Library/Logs/CrashPlan/userDetect_Result.log
}
main "$@"
DSCL script
Professional Services filename: UserDetect_using_DSCL.sh
The following script obtains the user's email address from the domain records stored on the client using the Directory Service command line utility (DSCL). The Mac must be domain-bound.
function main() {
writeLog "Starting user detection..."
local user=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }')
writeLog "User name found ($user)"
if [[ "$user" =~ ^(admin1|admin2|admin3)$ ]] || [[ -z "$user" ]]; then
writeLog "Excluded or null username detected ($user). Will retry user detection in 60 minutes, or when reboot occurs."
exit
else
local AGENT_USERNAME=$(dscl . -read /Users/${user} EMailAddress | cut -d ' ' -f 2)
writeLog "Username read from dscl ($AGENT_USERNAME)"
local AGENT_USER_HOME=$(dscl . -read "/users/${user}" NFSHomeDirectory | cut -d ' ' -f 2)
writeLog "Home directory read from dscl ($AGENT_USER_HOME)"
writeLog "Returning AGENT_USERNAME=$AGENT_USERNAME"
writeLog "Returning AGENT_USER_HOME=$AGENT_USER_HOME"
echo "AGENT_USERNAME=$AGENT_USERNAME"
echo "AGENT_USER_HOME=$AGENT_USER_HOME"
fi
}
function writeLog () {
echo "$(date) - $@" >> /Library/Logs/CrashPlan/userDetect_Result.log
}
main "$@"
Jamf plist script
Professional Services filename: macuserdetection-plist.sh
The following script is helpful if you use Jamf for device management. The script places a plist on the local machine that is populated with the username associated with the device from Jamf. This script is a good option if you have a username associated with a specific device in JAMF, but you do not have assurance that the usernames on the local device match the username part of the email address. This script requires additional setup in Jamf.
function main () {
writeLog "Starting user detection..."
local user=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }')
writeLog "User name found ($user)"
if [[ "$user" =~ ^(admin1|admin2|admin3)$ ]] || [[ -z "$user" ]]; then
writeLog "Excluded or null username detected ($user). Will retry user detection in 60 minutes, or when reboot occurs."
exit
else
local AGENT_USERNAME=$(defaults read /Library/Managed\ Preferences/com.crashplan.email.plist crashplanActivationEmail)
writeLog "Username read from plist ($AGENT_USERNAME)"
local AGENT_USER_HOME=$(dscl . -read "/users/${user}" NFSHomeDirectory | cut -d ' ' -f 2)
writeLog "Home directory read from dscl ($AGENT_USER_HOME)"
writeLog "Returning AGENT_USERNAME=$AGENT_USERNAME"
writeLog "Returning AGENT_USER_HOME=$AGENT_USER_HOME"
echo "AGENT_USERNAME=$AGENT_USERNAME"
echo "AGENT_USER_HOME=$AGENT_USER_HOME"
fi
}
function writeLog () {
echo "$(date) - $@" >> /Library/Logs/CrashPlan/userDetect_Result.log
}
main "$@"
To use this script:
- Place the script into your deployment policy.
You may need to update the script depending on your Jamf version and configuration. Earlier versions of Jamf put the plist in~/Library/Preferences/
, but later versions put it in/Library/Managed Preferences/
. - In Jamf, create a new configuration profile or edit an existing one.
- Go to Custom Settings (or Application & Custom Settings, depending on your Jamf version), and upload the following com.crashplan.email file.
This is a sample plist file. If you prefer, you can create your own, as long as the EMAIL variable is present as a key that matches what the deployment policy is set up to read.