Skip to main content

Mac OS X "SOE" Day 6

Page Redirection > continued from day 5...

Continuing on from the "firstboot" phase setup we need to script our "localiser" options.

I previously set my build phase to autologin and run the firstboot script, the localiser phase essentially sits there and waits for you to run it.

In my case I have an applescript GUI wrapper that requests some info to use in the localisation. I request a TAG number which is an organisational internal number and I also request a user name that will be set as the OWNER.

NOTE : I ordered these specifically...not just because it makes sense logically but also technically. For example, setting the Language actually zaps a plist file (.GlobalPreferences) which you need to write to for Locale and Country info.

This stuff is going to be totally dependant on your environment, as an example here is what I do.

So what's the minimum we need in the "localiser" phase? Depends on how many sites you support, I support over 50 sites in over 30 countries so need to cater for everything.
  • Set the HOSTNAME, COMPUTERNAME, LOCALHOSTNAME
  • Set the Language
  • Set the Locale
  • Set the Country
  • Set the Measurements/Metric Units
  • Set the keyboard input (System, Loginwindow)
  • Set the Network Time Server
  • Set the Timezone
  • Set the Energy Saver Defaults
  • Customise /etc/authorization settings
  • Set the Loginwindow Banner
  • Bind to Active Directory
  • Disable Autologin
  • Set the LoginHook
  • Maybe a few other nice things.


Set the HOSTNAME, COMPUTERNAME, LOCALHOSTNAME where ${HOST} is your workstation identifier. They don't have to be the same but it makes sense if they are.
# Computer name
sudo /usr/sbin/scutil --set ComputerName "${HOST}"

# Local Host Name
sudo /usr/sbin/scutil --set LocalHostName "${HOST}"

# Hostname
sudo /usr/sbin/scutil --set HostName "${HOST}"
sudo /bin/hostname "${HOST}"

# Netbios Name
sudo /usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName "${HOST}"


Set the Language, make sure to try languagesetup manual so you can check the acceptable values. Refer to the xxx.lproj User Template folders as a quick guide (where xxx is the ${language} string). So for english it would be languagesetup -langspec "English" but for Portuguese it would be languagesetup -langspec "pt"
#* Language
sudo /usr/sbin/languagesetup -langspec "${language}"


Set the Locale, values consist of Language and Country in the format xx_xx, refer to /usr/share/locale for acceptable values.
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences AppleLocale -string "${locale}"


Set the Country, refer to /usr/share/locale for acceptable values.
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences Country -string "${country}"


Set the Measurements/Metric Units. Metric is either TRUE or FALSE and Measurement Units is either Inches or Centimeters.
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences AppleMeasurementUnits -string "${applemeasurementunits}"
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences AppleMetricUnits -string "${applemetricunits}"


Set the keyboard input (System, Loginwindow). Note the permissions are important otherwise it won't work. I haven't found a reliable source of values anywhere, had to do this manually for each location to capture the values the first time.
#* Set System Input Keyboard Layout
sudo plistbuddy -c "Add :AppleCurrentKeyboardLayoutInputSourceID string com.apple.keylayout.${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleCurrentKeyboardLayoutInputSourceID com.apple.keylayout.${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Delete :AppleDefaultAsciiInputSource" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleDefaultAsciiInputSource:InputSourceKind string Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleDefaultAsciiInputSource:InputSourceKind Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleDefaultAsciiInputSource:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleDefaultAsciiInputSource:KeyboardLayout\ ID ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleDefaultAsciiInputSource:KeyboardLayout\ Name string ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleDefaultAsciiInputSource:KeyboardLayout\ Name ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Delete :AppleEnabledInputSources" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleEnabledInputSources:0 dict" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleEnabledInputSources:0:InputSourceKind string Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleEnabledInputSources:0:InputSourceKind Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleEnabledInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleEnabledInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleEnabledInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleEnabledInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Delete :AppleSelectedInputSources" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleSelectedInputSources:0 dict" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleSelectedInputSources:0:InputSourceKind string Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleSelectedInputSources:0:InputSourceKind Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleSelectedInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleSelectedInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Add :AppleSelectedInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo plistbuddy -c "Set :AppleSelectedInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo chown root:admin "/Library/Preferences/com.apple.HIToolbox.plist"
sudo chmod 644 "/Library/Preferences/com.apple.HIToolbox.plist"

#* Set LoginWindow Input Keyboard Layout
sudo plistbuddy -c "Add :AppleCurrentKeyboardLayoutInputSourceID string com.apple.keylayout.${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :AppleCurrentKeyboardLayoutInputSourceID com.apple.keylayout.${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox dict" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Delete :com.apple.HIToolbox:AppleDefaultAsciiInputSource" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource array" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource:InputSourceKind string Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleDefaultAsciiInputSource:InputSourceKind Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ ID ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ Name string ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ Name ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Delete :com.apple.HIToolbox:AppleEnabledInputSources" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleEnabledInputSources array" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0 dict" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0:InputSourceKind string Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleEnabledInputSources:0:InputSourceKind Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Delete :com.apple.HIToolbox:AppleSelectedInputSources" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleSelectedInputSources array" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0 dict" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0:InputSourceKind string Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleSelectedInputSources:0:InputSourceKind Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo plistbuddy -c "Set :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"

#* Set Visibility Input Keyboard Layout Menu in Loginwindow
sudo defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool "TRUE"
sudo defaults write /var/ard/Library/Preferences/com.apple.menuextra.textinput ModeNameVisible -bool "TRUE"
sudo chmod 777 /Library/Preferences/com.apple.loginwindow.plist


Set the Network Time Server where the value is an ipaddress or dns entry. (if bound to AD you would probably use your DOMAIN).
sudo /usr/sbin/systemsetup -setusingnetworktime "on"
sudo /usr/sbin/systemsetup -setnetworktimeserver "${networktimeserver}"


Set the Timezone, refer to /usr/sbin/systemsetup -listtimezones for acceptable values.
sudo /usr/sbin/systemsetup -settimezone "${timezone}"


Set the Energy Saver Defaults, obviously different depending on what you want. Refer to systemsetup for acceptable options.
sudo /usr/sbin/systemsetup -setallowpowerbuttontosleepcomputer "off"
sudo /usr/sbin/systemsetup -setcomputersleep "60"
sudo /usr/sbin/systemsetup -setdisplaysleep "45"
sudo /usr/sbin/systemsetup -setharddisksleep "off"
sudo /usr/sbin/systemsetup -setrestartpowerfailure "off"
sudo /usr/sbin/systemsetup -setwakeonnetworkaccess "on"


Customise /etc/authorization settings
# Backup Original
sudo /bin/cp -f /etc/authorization{,.original}
# Allow date & time preference pane access.
sudo plistbuddy -c "set rights:system.preferences.datetime:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences.datetime:shared" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences.datetime:group" "/etc/authorization"
# Allow DVD region setting rights
sudo plistbuddy -c "add rights:system.device.dvd.setregion.change dict" "/etc/authorization"
sudo plistbuddy -c "add rights:system.device.dvd.setregion.change:class string" "/etc/authorization"
sudo plistbuddy -c "set rights:system.device.dvd.setregion.change:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.device.dvd.setregion.change:shared" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.device.dvd.setregion.change:group" "/etc/authorization"
# Allow DVD region initial setting rights
sudo plistbuddy -c "set rights:system.device.dvd.setregion.initial:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.device.dvd.setregion.initial:shared" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.device.dvd.setregion.initial:group" "/etc/authorization"
# Allow network preference pane access
sudo plistbuddy -c "set rights:system.preferences.network:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences.network:shared" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences.network:group" "/etc/authorization"
# Change /etc/authorization to allow all users to open preference panes
sudo plistbuddy -c "set rights:system.preferences.printing:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences.printing:shared" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences.printing:group" "/etc/authorization"
# Allow preference panes
sudo plistbuddy -c "set rights:system.preferences:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences:shared" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.preferences:group" "/etc/authorization"
# Allow print admin rights
sudo plistbuddy -c "set rights:system.print.admin:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.print.admin:group" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.print.admin:shared" "/etc/authorization"
# Allow printing manager rights
sudo plistbuddy -c "set rights:system.printingmanager:class allow" "/etc/authorization"
sudo plistbuddy -c "delete rights:system.printingmanager:rule" "/etc/authorization"
# Permissions
sudo chown root:wheel "/etc/authorization"
sudo chmod 644 "/etc/authorization"


Set the Loginwindow
#* Add a banner
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText -string "$LoginWindowText"
#* Username and Password fields instead of user badges
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool "TRUE"
#* Show host info
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo "DSStatus"


Disable Autologin
sudo /bin/rm -f /var/ard/Library/Keychains/login.keychain
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser ""


Set the LoginHook
sudo /usr/bin/defaults write "/var/root/Library/Preferences/com.apple.loginwindow" LoginHook -string "${GlobalLoginHook}"


Some other stuff to consider....maybe set your NIC speed?
sudo /usr/sbin/networksetup -setMedia en0 ${networkspeed} full-duplex

or 

sudo /usr/sbin/networksetup -setMedia en0 autoselect


#* Require admin password for comp-to-comp wifi
sudo /usr/libexec/airportd en1 prefs RequireAdminIBSS=YES


Delay login window? I had to use this because of some machines that were slow to get DHCP leases so macs were always using cached Actived Directory credentials.
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow StartupDelay -int 13


Disable font protection?
sudo /usr/bin/atsutil fontprotection -off

Going to do AD binding as a separate post as there can be a lot to it.

Stay tuned....

Popular posts from this blog

Mac OS X "SOE" Day 7

Page Redirection > continued from day 6... In summary, here is my method for creating a Mac OS X 10.7.3 Standard Operating Environment "SOE" Image. Overview The goal is to create a "MASTER" non-booted SOE that can be used with multiple models and it multiple sites with different local requirements. My intention is to use this "MASTER" image in a manual restore procedure due to the fact netboot facilities cannot be made available to all the sites I support however the DMG files are netboot compatible. Requirements Lion Recovery Disk Assistant v1.0 "TARGET" workstation. A compatible workstation that will be used to install Mac OS X 10.7.3 and capture a DMG image(s). "ADMIN" workstation. A workstation with Disk Utility that you will use to capture your DMG image(s). External storage such as a USB HARD DISK. Setup Downloaded the Lion Recovery Disk Assi...

Mac OS X key-based ssh login

To set up key-based SSH, you must generate the keys the two computers will use to establish and validate the identity of each other. To do this run, the following commands in Terminal: Check to see whether a .ssh folder exists in your home directory by running the command ls -ld ~/.ssh. If .ssh is listed in the output, move to step 2. If .ssh is not listed in the output, run mkdir ~/.ssh and continue to step 2. Run: cd ~/.ssh Run: ssh-keygen -b 1024 -t dsa -f id_dsa -P '' This command generates the public and private keys. The -b flag sets the length of the keys to 1,024-bits, -t indicates to use the DSA hashing algorithm, -f sets the file name as id_dsa, and -P '' sets the private key password to be null. The null private key password allows for automated SSH connections. Run: touch authorized_keys2 Run: cat id_dsa.pub >> authorized_keys2 Run: chmod 400 id_dsa The permissions on the private key must be set so that the file is not world readable. Run...