Skip to main content

Posts

Showing posts from March, 2012

Mac OS X Keychain Annoyances

No time today to work on my Mac SOE more on Monday. Just a quick snippet (which I actually use in my Mac SOE image).

We use Active Directory, we have our accounts set to expire after a certain period of time. For one reason or another when the Mac end user changes their AD their Keychain password gets out of sync.

This causes any app that had the password saved in keychain to prompt the user to unlock keychain every time they open the app.

I could show them how to manually open the Keychain assistant and reset the password (and I have on many many many occasions) but this is too hard for most of them ;) I give them this little applescript to kill it.

Not the best solution as they lose their keychain passwords, but its the simplest. Here's the applescript.
set FDATE to do shell script ("/bin/date '+%Y-%m-%d-%H%M%S'") try set status to display dialog "Clear Keychain." & return & return & "What you are about to do is potentially destruct…

Mac OS X "SOE" Day 6

Page Redirection> continued from day 5...

Continuing on from the "firstboot" phase setup we need to script our "localiser" options.

I previously set my build phase to autologin and run the firstboot script, the localiser phase essentially sits there and waits for you to run it.

In my case I have an applescript GUI wrapper that requests some info to use in the localisation. I request a TAG number which is an organisational internal number and I also request a user name that will be set as the OWNER.

NOTE : I ordered these specifically...not just because it makes sense logically but also technically. For example, setting the Language actually zaps a plist file (.GlobalPreferences) which you need to write to for Locale and Country info.

This stuff is going to be totally dependant on your environment, as an example here is what I do.

So what's the minimum we need in the "localiser" phase? Depends on how many sites you support, I support over 50 si…

Mac OS X "SOE" Day 5

Page Redirection> continued from day 4...

Continuing on from the "build" phase setup we need to script our "firstboot" options. The last step in the build phase set our "firstboot" script as "/var/root/firstboot.sh".

So what's the minimum we need in the "firstboot" phase? There isn't really a minimum for this phase as you can do most of this stuff at localisation phase. The main things I do here relate to writing prefs that a machine specific ie, contain UUID or MACADDRESS
Setting default screensaverSetting default menu extrasRun Apple Software updates that require a booted OSSet the initial HOSTNAME, LOCALHOSTNAME and COMPUTERNAMESet the initial Energy Saver settingsDisable some Network Services (firewire, bluetooth)Set the initial Network Services OrderDisable IPv6
Couple things you will need to know for this stage, how to get the UUID and/or the MACADDRESS. Post 2010 macs seem to use the UUID instead of the MACADDRESS but …

Mac OS X "SOE" Day 4

Page Redirection> continued from day 3...

Now that the essential stuff has been done for the "build" phase you could add some other nice things. Here's some of the stuff I'm doing.
User Templates preferences.Disable the Registration Wizard.Enable Access for Assistive DevicesDisable DockfixupCleanup default PPDsSymlink for Directory UtilitySymlink for Printer UtilitySymlink for Screen Sharing
Obviously there is an infinite number of things you can do, these are just the things I do :)

Modify default user template preference.

NOTE : You may want to do prior to STEP 3 in the build phase so that a) your locally created admin accounts get the same prefs and b) so you can use your locally created admin accounts to test the prefs settings.
#* Default preferences. #+ Modifies /System/Library/User Template #+ Note : I copy com.apple.dock.plist and com.apple.sidebarlists.plist as they are too messy to write. for USER_TEMPLATE in `sudo ls /System/Library/User\ Template` do …

Mac OS X "SOE" Day 3

Page Redirection> continued from day 2...

Ready to copy my scripts over, as previously mentioned I am thinking of having 3 phases;
build - preps the image for dmg capture.firstboot - runs anything I can't do in build ie, writing to byhost files etc that require UUID or Macaddress. Basically machine/model specific settings.localise - runs localisation scripts such as language, locale etc etc. Basically a set of dynamic scripts in case you are an admin for multiple offices, multiple countries.
So what's the minimum we need in the "build" phase?
Disable the Setup Wizard.Disable the Registration Wizard.Create a local admin user(s) and set autologin for the firstboot phase.Enable root (set the password).Enable SSH AccessEnable VNC AccessEnable ARD AccessDisable softwareupdate automatic updates "schedule"Cleanup/Minimise the dmg where possible.Set a firstboot loginhook for the second phase.
What are some other nice things you may want? (I'm doing the followi…

Mac OS X "SOE" Day 2

Page Redirectioncontinued ...

Started by purchasing Lion 10.7.3 from the app store.Installed it to a mac to be used as my "admin" machine.Created a external Lion Recovery disk using the Lion Recovery Disk assistant http://support.apple.com/kb/HT4848Booted an iMac 11,2 from the new recovery disk.Installed a full "vanilla" Lion Install.
(The only consideration for different environments is whether you want to do a custom install and modify the printer drivers. I just installed everything).Rebooted the  iMac 11,2  into TARGET DISK mode prior to any setup or registration wizards running.Captured a dmg of the iMac 11,2  that I will call OSX_10.7.3_VANILLA.dmg that I can use later to begin image capturing so I don't  need to go through the entire install all over again.I'm ready to copy my "build" scripts to the disk now.
My only other considerations (that will requiring future testing) are;
is the app store smart? ie, is the installer I downloaded, model…

Mac OS X "SOE" Day 1

Page Redirection Getting Started on this today, goal is to build a set of easily customisable scripts that will allow me to; build a MASTER SOE image (one image that will work for all models), easily update the image.

*** TARGET - a mac that is booted in TARGET DISK mode, also the mac that I am using to capture a DMG image.

Thinking of starting as follows.

1. Boot a TARGET mac from an Apple USB Recovery disk.
2. Install 10.7.3
3. Reboot into TARGET DISK mode.
4. Capture a "vanilla" FMG for use later.
5. Drop a set of scripts onto the TARGET DISK that I can use in single user mode.
6. Boot into single user mode, run the scripts.
7. Reboot into TARGET DISK mode.
8. Capture the standard SOE.

For the scripts I mention in step 5 I am planning to have 3 phases; single user scripts (a.k.a "build" scripts), "first boot" scripts and "localiser" scripts.

"build" scripts (at a minimum);
- enable root, set root password
- create local admin accou…