Mac OS X "SOE" Day 6

Page Redirection > continued from day 5...

Continuing on from the "firstboot" phase setup we need to script our "localiser" options.

I previously set my build phase to autologin and run the firstboot script, the localiser phase essentially sits there and waits for you to run it.

In my case I have an applescript GUI wrapper that requests some info to use in the localisation. I request a TAG number which is an organisational internal number and I also request a user name that will be set as the OWNER.

NOTE : I ordered these specifically...not just because it makes sense logically but also technically. For example, setting the Language actually zaps a plist file (.GlobalPreferences) which you need to write to for Locale and Country info.

This stuff is going to be totally dependant on your environment, as an example here is what I do.

So what's the minimum we need in the "localiser" phase? Depends on how many sites you support, I support over 50 sites in over 30 countries so need to cater for everything.

Set the HOSTNAME, COMPUTERNAME, LOCALHOSTNAME
Set the Language
Set the Locale
Set the Country
Set the Measurements/Metric Units
Set the keyboard input (System, Loginwindow)
Set the Network Time Server
Set the Timezone
Set the Energy Saver Defaults
Customise /etc/authorization settings
Set the Loginwindow Banner
Bind to Active Directory
Disable Autologin
Set the LoginHook
Maybe a few other nice things.

Set the HOSTNAME, COMPUTERNAME, LOCALHOSTNAME where ${HOST} is your workstation identifier. They don't have to be the same but it makes sense if they are.

# Computer name
sudo /usr/sbin/scutil --set ComputerName "${HOST}"

# Local Host Name
sudo /usr/sbin/scutil --set LocalHostName "${HOST}"

# Hostname
sudo /usr/sbin/scutil --set HostName "${HOST}"
sudo /bin/hostname "${HOST}"

# Netbios Name
sudo /usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName "${HOST}"

Set the Language, make sure to try languagesetup manual so you can check the acceptable values. Refer to the xxx.lproj User Template folders as a quick guide (where xxx is the ${language} string). So for english it would be languagesetup -langspec "English" but for Portuguese it would be languagesetup -langspec "pt"

#* Language
sudo /usr/sbin/languagesetup -langspec "${language}"

Set the Locale, values consist of Language and Country in the format xx_xx, refer to /usr/share/locale for acceptable values.

sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences AppleLocale -string "${locale}"

Set the Country, refer to /usr/share/locale for acceptable values.

sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences Country -string "${country}"

Set the Measurements/Metric Units. Metric is either TRUE or FALSE and Measurement Units is either Inches or Centimeters.

sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences AppleMeasurementUnits -string "${applemeasurementunits}"
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences AppleMetricUnits -string "${applemetricunits}"

Set the keyboard input (System, Loginwindow). Note the permissions are important otherwise it won't work. I haven't found a reliable source of values anywhere, had to do this manually for each location to capture the values the first time.

#* Set System Input Keyboard Layout
sudo plistbuddy -c "Add :AppleCurrentKeyboardLayoutInputSourceID string com.apple.keylayout.${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleCurrentKeyboardLayoutInputSourceID com.apple.keylayout.${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Delete :AppleDefaultAsciiInputSource" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleDefaultAsciiInputSource:InputSourceKind string Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleDefaultAsciiInputSource:InputSourceKind Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleDefaultAsciiInputSource:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleDefaultAsciiInputSource:KeyboardLayout\ ID ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleDefaultAsciiInputSource:KeyboardLayout\ Name string ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleDefaultAsciiInputSource:KeyboardLayout\ Name ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Delete :AppleEnabledInputSources" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleEnabledInputSources:0 dict" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleEnabledInputSources:0:InputSourceKind string Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleEnabledInputSources:0:InputSourceKind Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleEnabledInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleEnabledInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleEnabledInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleEnabledInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Delete :AppleSelectedInputSources" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleSelectedInputSources:0 dict" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleSelectedInputSources:0:InputSourceKind string Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleSelectedInputSources:0:InputSourceKind Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleSelectedInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleSelectedInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleSelectedInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleSelectedInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo chown root:admin "/Library/Preferences/com.apple.HIToolbox.plist"
sudo chmod 644 "/Library/Preferences/com.apple.HIToolbox.plist"

#* Set LoginWindow Input Keyboard Layout
sudo plistbuddy -c "Add :AppleCurrentKeyboardLayoutInputSourceID string com.apple.keylayout.${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :AppleCurrentKeyboardLayoutInputSourceID com.apple.keylayout.${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox dict" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Delete :com.apple.HIToolbox:AppleDefaultAsciiInputSource" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource array" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource:InputSourceKind string Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleDefaultAsciiInputSource:InputSourceKind Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ ID ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ Name string ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ Name ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Delete :com.apple.HIToolbox:AppleEnabledInputSources" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleEnabledInputSources array" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0 dict" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0:InputSourceKind string Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleEnabledInputSources:0:InputSourceKind Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Delete :com.apple.HIToolbox:AppleSelectedInputSources" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleSelectedInputSources array" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0 dict" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0:InputSourceKind string Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleSelectedInputSources:0:InputSourceKind Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"

#* Set Visibility Input Keyboard Layout Menu in Loginwindow
sudo defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool "TRUE"
sudo defaults write /var/ard/Library/Preferences/com.apple.menuextra.textinput ModeNameVisible -bool "TRUE"
sudo chmod 777 /Library/Preferences/com.apple.loginwindow.plist

Set the Network Time Server where the value is an ipaddress or dns entry. (if bound to AD you would probably use your DOMAIN).

sudo /usr/sbin/systemsetup -setusingnetworktime "on"
sudo /usr/sbin/systemsetup -setnetworktimeserver "${networktimeserver}"

Set the Timezone, refer to /usr/sbin/systemsetup -listtimezones for acceptable values.

sudo /usr/sbin/systemsetup -settimezone "${timezone}"

Set the Energy Saver Defaults, obviously different depending on what you want. Refer to systemsetup for acceptable options.

sudo /usr/sbin/systemsetup -setallowpowerbuttontosleepcomputer "off"
sudo /usr/sbin/systemsetup -setcomputersleep "60"
sudo /usr/sbin/systemsetup -setdisplaysleep "45"
sudo /usr/sbin/systemsetup -setharddisksleep "off"
sudo /usr/sbin/systemsetup -setrestartpowerfailure "off"
sudo /usr/sbin/systemsetup -setwakeonnetworkaccess "on"

Customise /etc/authorization settings

# Backup Original
sudo /bin/cp -f /etc/authorization{,.original}
# Allow date & time preference pane access.
sudo plistbuddy -c "set rights:system.preferences.datetime:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences.datetime:shared" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences.datetime:group" "/etc/authorization"
# Allow DVD region setting rights
sudo plistbuddy -c "add rights:system.device.dvd.setregion.change dict" "/etc/authorization"
sudo plistbuddy -c "add rights:system.device.dvd.setregion.change:class string" "/etc/authorization"
sudo plistbuddy -c "set rights:system.device.dvd.setregion.change:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.device.dvd.setregion.change:shared" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.device.dvd.setregion.change:group" "/etc/authorization"
# Allow DVD region initial setting rights
sudo plistbuddy -c "set rights:system.device.dvd.setregion.initial:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.device.dvd.setregion.initial:shared" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.device.dvd.setregion.initial:group" "/etc/authorization"
# Allow network preference pane access
sudo plistbuddy -c "set rights:system.preferences.network:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences.network:shared" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences.network:group" "/etc/authorization"
# Change /etc/authorization to allow all users to open preference panes
sudo plistbuddy -c "set rights:system.preferences.printing:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences.printing:shared" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences.printing:group" "/etc/authorization"
# Allow preference panes
sudo plistbuddy -c "set rights:system.preferences:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences:shared" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences:group" "/etc/authorization"
# Allow print admin rights
sudo plistbuddy -c "set rights:system.print.admin:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.print.admin:group" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.print.admin:shared" "/etc/authorization"
# Allow printing manager rights
sudo plistbuddy -c "set rights:system.printingmanager:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.printingmanager:rule" "/etc/authorization"
# Permissions
sudo chown root:wheel "/etc/authorization"
sudo chmod 644 "/etc/authorization"

Set the Loginwindow

#* Add a banner
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText -string "$LoginWindowText"
#* Username and Password fields instead of user badges
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool "TRUE"
#* Show host info
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo "DSStatus"

Disable Autologin

sudo /bin/rm -f /var/ard/Library/Keychains/login.keychain
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser ""

Set the LoginHook

sudo /usr/bin/defaults write "/var/root/Library/Preferences/com.apple.loginwindow" LoginHook -string "${GlobalLoginHook}"

Some other stuff to consider....maybe set your NIC speed?

sudo /usr/sbin/networksetup -setMedia en0 ${networkspeed} full-duplex

or 

sudo /usr/sbin/networksetup -setMedia en0 autoselect

#* Require admin password for comp-to-comp wifi

sudo /usr/libexec/airportd en1 prefs RequireAdminIBSS=YES

Delay login window? I had to use this because of some machines that were slow to get DHCP leases so macs were always using cached Actived Directory credentials.

sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow StartupDelay -int 13

Disable font protection?

sudo /usr/bin/atsutil fontprotection -off

Going to do AD binding as a separate post as there can be a lot to it.

Stay tuned....

another sysadmin blog

Search This Blog

Mac OS X "SOE" Day 6

Popular posts from this blog

Mac OS X "SOE" Day 7

Mac OS X "SOE" Day 5