Well done Hiroto! Pat yourself on the back! You have successfully over analyzed a simple situation to the degree I only thought my wife was capable of. I'm going to 'answer the charges', not to satisfy you, but to legitimize myself for anyone who comes across this. I do corporate systems management and administration stuff and frequently want to do so in a quite automated fashion.
1. The script I want to auto launch and delete, simply prompts the user to rename the computer. This script will be preloaded into a local administrators account on my corporate disk image. When a new machines come in and gets imaged, the admin logs in and is immediately prompted to name the machine, the script disappears, nice and clean. Sorry, no voodoo there.
2. Have you ever migrated local user accounts to AD user accounts? Well, I do. It's easy to bind to AD and start authenticating via AD. In order to maintain the users old local home, you have to rename the local home to the users AD login name, and then chown the folders permissions. The only negative side effect of this is when the user logs in with the new credentials, Login Keychain pitches a fit. I was looking for a way to deal with that so that the user didn't have to. Wow, guess I was actually looking out for the innocent users on that one, Ehh?
3. The project I'm on now is to bring some normalcy to 300 unmanaged Macs in a corporate environment. Every Mac has a single administrative account that the user set up, and they're ALL different. It's a help desk nightmare. One of the goals is a uniform admin account on every machine, with ARD access enabled for that account. Trying to impact the user as little as possible, and hide the account so that the more able do not go deleting the account we've created.
Sorry to disappoint you in your quest to 'out' devious behavior. Better luck with your next target.
Darrin
