Skip to main content
T
t-low
Inspiring
October 21, 2013
Answered

CC for Teams deployment / credentials on multi-user workstations

  • October 21, 2013
  • 2 replies
  • 2322 views

Hi,

i have got a serious problem in a "graphics lab" with multiple workstations. It is a computer room where students are enabled to get to know and work with Adobe Creative Cloud software. Every student can log on to the workstations with their own credentials using a central Microsoft Active Directory Server and a local Apple Open Directory Server. As recommended by Adobe telephone support we purchased CC for Teams licenses (EDU, 20+). We want to map the licenses we got to the workstations instead of single users as the mapping to users might lead to more than two active licenses of the same Adobe ID. Currently I am unable to get this to work and we cannot rely on the students not abusing the logins if we gave them the credentials.

Has Adobe or anyone here got a solution to that problem?

Workstation hardware: Apple iMac Late 2012

Operating System: Mac OS X 10.8.5

License: Adobe Creative Cloud for Teams (EDU) 20+ licenses

Problem: Logging in with user 'X' on any computer 'C1', 'C2' etc. launching the Creative Cloud applications with the credentials of Adobe ID 'Y1', 'Y2', ... which is mapped to the computers 'Cx'

Thanks!

This topic has been closed for replies.
Correct answer t-low

This is the solution I have come up with after a while. There may be other solutions...

Why and what does it do? (or replace the "it" with "I")
The problem is I could not find any way to manage the Adobe CC credentials from the server by distributing plists or any other kind of file. I would have to give every student the CC credentials if they wanted to work with the programs. I tried copying user folders, settings, looked into the keychain but found no hint. So I had to go another way.

I manage the computers by configuring a master machine as far as possible. Afterwards I use DeployStudio to create an image of this machine which I distribute to my other computers. If I use the System Imaging Tool, the credentials are deleted so I would have to go to every machine and store the credentials manually over and over again...

I noticed that Adobe CC stores the credentials for every user that logs on instead of machine-wide. That gave me the idea to create a bunch of users on my master machine that could be "pawns" to execute CC and therefore load their credentials instead those of the user currently logging on. This required a change in the sudoers' file and a login hook. Another way could be a desktop shortcut. But I wanted it to launch automatically. The script I wrote below runs at max 10 seconds to kill any Adobe process and relaunch with the credentials of the cc users mapped to the machine. I execute several scripts at login time, the Adobe Script runs in the background to not delay the login process.

  1. This step is as proposed by Romsinha. I created multiple Adobe IDs with email addresses like
    student1@somewhere.com
    student2@somewhere.com
    ....
  2. I created the corresponding users on my iMac that serves as the master image for my other machines. So then I have the users
    ccstudent1, ccstudent2, ...
  3. Log in as each of the users and log in to their corresponding Adobe ID via Creative Cloud (student1@... = ccstudent1 etc.). This will store the credentials in each local account of the CC users. I did not find any kind of .conf or .plist file that contained the credentials so I could just copy it somehow.
  4. Open up a terminal, type
    sudo visudo
  5. Add the following lines to the corresponding places or keep the order at least:
    # User alias specification - these are the users allowed to execute Adobe CC as another user later on - mine come from an Active Directory
    User_Alias MACUSERS = %everyone

    # Cmnd alias specification - the application that shall be executed as another user
    Cmnd_Alias ADOBECC = /Applications/Utilities/Adobe\ Creative\ Cloud/ACC/Creative\ Cloud.app/Contents/MacOS/Creative\ Cloud

    # Runas alias specification
    Runas_Alias CCUSERS = ccstudent1,ccstudent2,ccstudent3,ccstudent4,ccstudent5,ccstudent6,ccstudent7,ccstudent8,ccstudent9,ccstudent10,ccstudent11,ccstudent12,ccstudent13,ccstudent14,ccstudent15,ccstudent16

    # allow Adobe CC to be executed as a user from CCUSERS by any user specified in MACUSERS without password prompt
    MACUSERS ALL=(CCUSERS) NOPASSWD: ADOBECC
  6. Add a login hook to execute the following script. This will kill any Adobe process and launch Adobe CC as the ccstudent?? mapped to the current computer. One could have written it more elegantly, but the number of machines I have to manage is small enough to use a simple case construct. For my case the script is stored in the admin user's folder and another login-hook stored on my Open Directory server executes this script.

    #!/bin/bash
    # Thilo Enters, Hochschule Karlsruhe 2013
    # Version 1.0

    USER=$(whoami)
    LOG="/var/log/LoginHookHska.log"

    COMPUTER=$( scutil --get ComputerName )
    CCUSER=""
    TIME_LIMIT=10

    case "$COMPUTER" in
      "iwi-mki-og-01")
        CCUSER="ccstudent1"
        ;;
      "iwi-mki-og-02")
        CCUSER="ccstudent2"
        ;;
      "iwi-mki-og-03")
        CCUSER="ccstudent3"
        ;;
      "iwi-mki-og-04")
        CCUSER="ccstudent4"
        ;;
      "iwi-mki-og-05")
        CCUSER="ccstudent5"
        ;;
      "iwi-mki-og-06")
        CCUSER="ccstudent6"
        ;;
      "iwi-mki-og-07")
        CCUSER="ccstudent7"
        ;;
      "iwi-mki-og-08")
        CCUSER="ccstudent8"
        ;;
      "iwi-mki-og-09")
        CCUSER="ccstudent9"
        ;;
      "iwi-mki-og-10")
        CCUSER="ccstudent10"
        ;;
      "iwi-mki-og-11")
        CCUSER="ccstudent11"
        ;;
      "iwi-mki-og-12")
        CCUSER="ccstudent12"
        ;;
      "iwi-mki-og-13")
        CCUSER="ccstudent13"
        ;;
      "iwi-mki-og-14")
        CCUSER="ccstudent14"
        ;;
      "iwi-mki-og-15")
        CCUSER="ccstudent15"
        ;;
      "iwi-mki-og-16")
        CCUSER="ccstudent16"
        ;;
    esac

    echo "Running Adobe CC from $USER as $CCUSER on PC $COMPUTER" >> $LOG

    STARTTIME=`date +%s`
    ENDTIME=`date +%s`
    RUNTIME=$((ENDTIME-STARTTIME))
    ADOBE_ALIVE=1

    while [[ $RUNTIME -le $TIME_LIMIT ]] && [[ $ADOBE_ALIVE -ne 0 ]]; do
      ENDTIME=`date +%s`
      RUNTIME=$((ENDTIME-STARTTIME))
     
      killall -KILL "CEPServiceManager" >/dev/null 2>&1
      killall -KILL "Core Sync"         >/dev/null 2>&1
      killall -KILL "Adobe CEF Helper"  >/dev/null 2>&1
     
      if killall -KILL "Creative Cloud" >/dev/null 2>&1; then
        ADOBE_ALIVE=0
      fi
    done

    echo "Adobe was alive $ADOBE_ALIVE and the runtime was $RUNTIME" >> $LOG

    sudo -b -u "$CCUSER" /Applications/Utilities/Adobe\ Creative\ Cloud/ACC/Creative\ Cloud.app/Contents/MacOS/Creative\ Cloud

2 replies

T
t-lowAuthorCorrect answer
Inspiring
March 3, 2014

This is the solution I have come up with after a while. There may be other solutions...

Why and what does it do? (or replace the "it" with "I")
The problem is I could not find any way to manage the Adobe CC credentials from the server by distributing plists or any other kind of file. I would have to give every student the CC credentials if they wanted to work with the programs. I tried copying user folders, settings, looked into the keychain but found no hint. So I had to go another way.

I manage the computers by configuring a master machine as far as possible. Afterwards I use DeployStudio to create an image of this machine which I distribute to my other computers. If I use the System Imaging Tool, the credentials are deleted so I would have to go to every machine and store the credentials manually over and over again...

I noticed that Adobe CC stores the credentials for every user that logs on instead of machine-wide. That gave me the idea to create a bunch of users on my master machine that could be "pawns" to execute CC and therefore load their credentials instead those of the user currently logging on. This required a change in the sudoers' file and a login hook. Another way could be a desktop shortcut. But I wanted it to launch automatically. The script I wrote below runs at max 10 seconds to kill any Adobe process and relaunch with the credentials of the cc users mapped to the machine. I execute several scripts at login time, the Adobe Script runs in the background to not delay the login process.

  1. This step is as proposed by Romsinha. I created multiple Adobe IDs with email addresses like
    student1@somewhere.com
    student2@somewhere.com
    ....
  2. I created the corresponding users on my iMac that serves as the master image for my other machines. So then I have the users
    ccstudent1, ccstudent2, ...
  3. Log in as each of the users and log in to their corresponding Adobe ID via Creative Cloud (student1@... = ccstudent1 etc.). This will store the credentials in each local account of the CC users. I did not find any kind of .conf or .plist file that contained the credentials so I could just copy it somehow.
  4. Open up a terminal, type
    sudo visudo
  5. Add the following lines to the corresponding places or keep the order at least:
    # User alias specification - these are the users allowed to execute Adobe CC as another user later on - mine come from an Active Directory
    User_Alias MACUSERS = %everyone

    # Cmnd alias specification - the application that shall be executed as another user
    Cmnd_Alias ADOBECC = /Applications/Utilities/Adobe\ Creative\ Cloud/ACC/Creative\ Cloud.app/Contents/MacOS/Creative\ Cloud

    # Runas alias specification
    Runas_Alias CCUSERS = ccstudent1,ccstudent2,ccstudent3,ccstudent4,ccstudent5,ccstudent6,ccstudent7,ccstudent8,ccstudent9,ccstudent10,ccstudent11,ccstudent12,ccstudent13,ccstudent14,ccstudent15,ccstudent16

    # allow Adobe CC to be executed as a user from CCUSERS by any user specified in MACUSERS without password prompt
    MACUSERS ALL=(CCUSERS) NOPASSWD: ADOBECC
  6. Add a login hook to execute the following script. This will kill any Adobe process and launch Adobe CC as the ccstudent?? mapped to the current computer. One could have written it more elegantly, but the number of machines I have to manage is small enough to use a simple case construct. For my case the script is stored in the admin user's folder and another login-hook stored on my Open Directory server executes this script.

    #!/bin/bash
    # Thilo Enters, Hochschule Karlsruhe 2013
    # Version 1.0

    USER=$(whoami)
    LOG="/var/log/LoginHookHska.log"

    COMPUTER=$( scutil --get ComputerName )
    CCUSER=""
    TIME_LIMIT=10

    case "$COMPUTER" in
      "iwi-mki-og-01")
        CCUSER="ccstudent1"
        ;;
      "iwi-mki-og-02")
        CCUSER="ccstudent2"
        ;;
      "iwi-mki-og-03")
        CCUSER="ccstudent3"
        ;;
      "iwi-mki-og-04")
        CCUSER="ccstudent4"
        ;;
      "iwi-mki-og-05")
        CCUSER="ccstudent5"
        ;;
      "iwi-mki-og-06")
        CCUSER="ccstudent6"
        ;;
      "iwi-mki-og-07")
        CCUSER="ccstudent7"
        ;;
      "iwi-mki-og-08")
        CCUSER="ccstudent8"
        ;;
      "iwi-mki-og-09")
        CCUSER="ccstudent9"
        ;;
      "iwi-mki-og-10")
        CCUSER="ccstudent10"
        ;;
      "iwi-mki-og-11")
        CCUSER="ccstudent11"
        ;;
      "iwi-mki-og-12")
        CCUSER="ccstudent12"
        ;;
      "iwi-mki-og-13")
        CCUSER="ccstudent13"
        ;;
      "iwi-mki-og-14")
        CCUSER="ccstudent14"
        ;;
      "iwi-mki-og-15")
        CCUSER="ccstudent15"
        ;;
      "iwi-mki-og-16")
        CCUSER="ccstudent16"
        ;;
    esac

    echo "Running Adobe CC from $USER as $CCUSER on PC $COMPUTER" >> $LOG

    STARTTIME=`date +%s`
    ENDTIME=`date +%s`
    RUNTIME=$((ENDTIME-STARTTIME))
    ADOBE_ALIVE=1

    while [[ $RUNTIME -le $TIME_LIMIT ]] && [[ $ADOBE_ALIVE -ne 0 ]]; do
      ENDTIME=`date +%s`
      RUNTIME=$((ENDTIME-STARTTIME))
     
      killall -KILL "CEPServiceManager" >/dev/null 2>&1
      killall -KILL "Core Sync"         >/dev/null 2>&1
      killall -KILL "Adobe CEF Helper"  >/dev/null 2>&1
     
      if killall -KILL "Creative Cloud" >/dev/null 2>&1; then
        ADOBE_ALIVE=0
      fi
    done

    echo "Adobe was alive $ADOBE_ALIVE and the runtime was $RUNTIME" >> $LOG

    sudo -b -u "$CCUSER" /Applications/Utilities/Adobe\ Creative\ Cloud/ACC/Creative\ Cloud.app/Contents/MacOS/Creative\ Cloud
MoovIT Jan
MoovIT Jan
Participating Frequently
March 3, 2014

Wow, thanks a lot sharing this! I will take my time to go throuh this... Thx again

Romsinha-9KMEUt
Adobe Employee
Romsinha-9KMEUt
Adobe Employee
October 23, 2013

Hi t-low,

In this scenario you can create dummy adobe id and activate the license on your lab machines.

For example if you purchased 20 license for your school and do not want to assign it to any student email and your school name is abcy then you can create adobe id as:

student1@abcy.edu

student2@abcy.edu ...

and actiavte the software on the lab machine.

Note: Please make sure that the number of user should not exceed the number of licenses purchased. If you have 30 users then you need to purchase 30 licenses.

Regards,

Romit Sinha

T
t-lowAuthor
Inspiring
October 23, 2013

Hi Romit,

thank you for this proposal, but I already tried this way. The problem is that new users will authenticate with their credentials on the OS X machines, so when they launch Creative Cloud it will not find any Adobe credentials. As i could not find any local file where the Adobe credentials are stored so I could at least distribute this file the only solution is to sudo Creative Cloud as another user (sub-optimal, currently not working), hand over the credentials to the students (bad) or allow login via users on the local machine only and not via network users (bad).

I have attached an overview over the processes when Creative Cloud is launched via spotlight / applications folder and when it is launched via script.

Regards

T-Low

Edit: Running CC with three different users is not intended - it is meant to be just one.

T
t-lowAuthor
Inspiring
December 13, 2013

Apparently my diagrams above contain an error, but nevertheless I have found a solution to this problem. It's a bit ugly but I'm going to post it soon, maybe someone else has a similar problem but did not reply here yet.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices