Skip to main content

Mac OS X "SOE" Day 7

Page Redirection > continued from day 6...

In summary, here is my method for creating a Mac OS X 10.7.3 Standard Operating Environment "SOE" Image.


  • Overview
    The goal is to create a "MASTER" non-booted SOE that can be used with multiple models and it multiple sites with different local requirements.

    My intention is to use this "MASTER" image in a manual restore procedure due to the fact netboot facilities cannot be made available to all the sites I support however the DMG files are netboot compatible.

  • Requirements
    1. Lion Recovery Disk Assistant v1.0
    2. "TARGET" workstation. A compatible workstation that will be used to install Mac OS X 10.7.3 and capture a DMG image(s).
    3. "ADMIN" workstation. A workstation with Disk Utility that you will use to capture your DMG image(s).
    4. External storage such as a USB HARD DISK.
  • Setup
    1. Downloaded the Lion Recovery Disk Assistant v1.0 and followed the instructions to setup an external Recovery Disk on an externally attached USB disk. Used a Shintaro Hard Drive Docker and multiple disks for convenience when building images.
    2. Booted the "TARGET" workstation from the Recovery Disk and installed Mac OS X 10.7 using a custom install. Depending on your environment it may not make sense to "Install nearby printers" as your LAN may not allow access to other sites so the installer won't be able to see what other printers are on your network(s) anyway. I deploy specific printer drivers using my software deployment system rather than adding them to my image(s) as I support many sites.
    3. Once the install completed, rebooted the "TARGET" workstation into TARGET DISK mode, mounted it on the "ADMIN" workstation and captured a DMG. Labelled this DMG OSX_10.7_VANILLA.DMG, I can now restore this to a DMG to a disk and skip steps 1-3 when starting new images in the future.

      (If your "TARGET" workstation isn't capable of booting into TARGET DISK mode you will need to capture your DMG whilst booted from the Recovery Disk. You may need to plugin additional storage such as a USB or FIREWIRE hard disk so you have somewhere to store the DMG image.)
    4. With the "TARGET" workstation still in TARGET DISK mode and mounted on the "ADMIN" workstation, I downloaded the 10.7.3 combo updater to the "ADMIN" workstation and applied it to the "TARGET" workstation. Using a combo updater will allow me to use the DMG image on multiple models and essentially use the image as a "MASTER".
    5. Once the combo updater install completed, applied Apple specific Software Updates that can target a non-booted volume then I captured another image (I only apply the latest Java update). I labelled the DMG OSX_10.7.3_VANILLA.DMG, I can now restore this to a DMG to a disk and skip steps 1-5 when starting new images in the future. 
    6. With the "TARGET" workstation still in TARGET DISK mode and mounted on the "ADMIN" workstation, copied the build.sh script to /var/root/build.sh on the "TARGET" workstation.
    7. With the "TARGET" workstation still in TARGET DISK mode and mounted on the "ADMIN" workstation, copied Apple Software Updates that require a boot volume into /var/root/Updates on the "TARGET" workstation. (I only apply Safari 5.1.5 and iTunes 10.6.1).
    8. Rebooted the "TARGET" workstation into SINGLE USER mode and executed /var/root/build.sh
    9. Rebooted the "TARGET" workstation into TARGET DISK mode, mounted it on the "ADMIN" workstation and captured a DMG. Labelled the DMG OSX_10.7.3_BUILD.DMG, I can now restore this to a DMG to a disk and skip steps 1-9 when starting new images in the future.
    10. With the "TARGET" workstation still in TARGET DISK mode and mounted on the "ADMIN" workstation, copied boot.sh and localise.sh scripts into /var/root on the "TARGET" workstation and captured a DMG. Labelled the DMG OSX_10.7.3_SOEvXXX.DMG, I can now restore this to a DMG to a disk and skip steps 1-10 when starting new images in the future.
  • Scripts
    • build.sh 
      #* build.sh
#+ Phase 1 of 3
#+ Run this script via single user mode to prep a Mac OS X 10.7.3 install.

#* PLIST BUDDY
PB="/usr/libexec/PlistBuddy"

#* Mount volume for writing.
/sbin/mount -uw /

#* Load Open Directory
launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist

#* Avoid Setup Wizard.
sudo /usr/bin/touch "/private/var/db/.AppleSetupDone"
sudo /usr/sbin/chown root:wheel "/private/var/db/.AppleSetupDone"

#* Avoid Registration Wizard.
sudo /usr/bin/touch "/Library/Receipts/.SetupRegComplete"
sudo /usr/sbin/chown root:wheel "/Library/Receipts/.SetupRegComplete"

#* Default user preferences.
#+ Modifies /System/Library/User Template
#+ Note : com.apple.dock.plist, com.apple.LaunchServices.plist and com.apple.sidebarlists.plist are a bit complex to write them with plistbuddy so I supply them as payload items instead, which reduces code.
#+ Be careful with com.apple.sidebarlists.com, make sure to remove the useritems dictionary as its not dynamic. 
#+ Note : I set these prior to creating my local admin user accounts to that I can test them, you may not want to in case they are buggy.
for USER_TEMPLATE in `sudo ls /System/Library/User\ Template`
do
 if [ -r "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences" ]; then
  /bin/echo "Modifying /System/Library/User Template/${USER_TEMPLATE}/Library/Preferences"
  #+ com.apple.ATS.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.ATS" ATSAutoActivation -string ATSAutoActivationDisable
  #+ com.apple.desktop.plist
  sudo $PB -c 'Add Background:default:BackgroundColor array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktop.plist" 
  sudo $PB -c 'Add Background:default:BackgroundColor:0 real 0' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktop.plist"
  sudo $PB -c 'Add Background:default:BackgroundColor:1 real 0' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktop.plist"
  sudo $PB -c 'Add Background:default:BackgroundColor:2 real 0' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktop.plist"
  sudo $PB -c 'Add Background:default:DrawBackgroundColor bool true' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktop.plist"
  sudo $PB -c 'Add Background:default:ImageFilePath string /Library/RDA/FWDrop/Desktop/RDA/Midnight.peg.png' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktop.plist"
  #+ com.apple.desktopservices.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktopservices" DSDontWriteNetworkStores -bool TRUE
  #+ com.apple.dock.plist (ugly to and complex for defaults or plistbuddy so supplying payload)
  sudo /bin/cp -f "/var/root/com.apple.dock.plist" "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.dock.plist"
  #+ com.apple.DiskUtility.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.DiskUtility" advanced-image-options -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.DiskUtility" DUDebugMenuEnabled -bool YES
  #+ com.apple.finder.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" _FXShowPosixPathInTitle -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" FXDefaultSearchScope -string SCcf
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" FXPreferredViewStyle -string Nlsv
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" NewWindowTarget -string PfHm
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" ShowHardDrivesOnDesktop -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" ShowMountedServersOnDesktop -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" ShowRemovableMediaOnDesktop -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" ShowPathbar -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" ShowStatusBar -bool YES
  #+ com.apple.FontBook.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.FontBook" FBValidateFontsBeforeInstalling -bool NO
  #+ com.apple.iTunes.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disableCheckForUpdates -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disableGeniusSidebar -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disableGetAlbumArtwork -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disablePing -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disablePingSidebar -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disablePodcasts -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disableRadio -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disableSharedMusic -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" dontAutomaticallySyncIPods -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" lookForSharedMusic -bool NO
  #+ com.apple.LaunchServices.plist (ugly and complex for defaults or plistbuddy so supplying payload)
  sudo /bin/cp -f "/var/root/com.apple.LaunchServices.plist" "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.LaunchServices.plist"
  #+ com.apple.NetworkBrowser.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.NetworkBrowser" BrowseAllInterfaces -bool NO
  #+ come.apple.Preview.plist
  #+ NOTE : Changed my mind, not touching this stuff till I play with some more scenarios.
  #sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Preview" ApplePersistenceIgnoreState YES
  #+ com.apple.Safari.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" ApplePersistenceIgnoreState YES
  # or...
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" NSQuitAlwaysKeepsWindows -int 0
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" AutoFillFromAddressBook -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" AutoFillMiscellaneousForms -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" AutoFillPasswords -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" IncludeDebugMenu 1
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" LastDisplayedWelcomePageVersionString -string 4.0
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" NewWindowBehaviour 0
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" RestoreSessionAtLaunch -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" WebKitJavaScriptCanOpenWindowsAutomatically -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" ShowStatusBar -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" HomePage "http://intranet.rdigest.com"
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.internetconfigpriv" WWWHomePage "http://intranet.rdigest.com"
  #+ com.apple.SetupAssistant.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.SetupAssistant" DidSeeCloudSetup -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.SetupAssistant" GestureMovieSeen none
  #+ com.apple.sidebarlists.plist (ugly and complex for defaults or plistbuddy so supplying payload)
  sudo /bin/cp -f "/var/root/com.apple.sidebarlists.plist" "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.sidebarlists.plist"
  #+ com.apple.systempreferences.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systempreferences" HiddenPreferencePanes -array "com.apple.preference.startupdisk" "com.apple.prefs.backup" "com.apple.preferences.softwareupdate" "com.apple.preferences.parentalcontrols" "com.apple.preference.internet" "com.apple.preferences.internetaccounts" "com.apple.preferences.icloud" "com.apple.preferences.sharing" "com.apple.preference.desktopscreeneffect" "com.apple.preference.security" "com.apple.preference.engerysaver"
  #+ com.apple.symbolichotkeys.plist (Disable Dashboard and Mission Control Keys so they are default Fn keys)
  sudo $PB -c "Add :AppleSymbolicHotKeys:32:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:32:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:33:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:33:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:34:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:34:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:35:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:35:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:36:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:36:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:37:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:37:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:52:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:52:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:59:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:59:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:62:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:62:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:63:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:63:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:64:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:64:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:65:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:65:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:73:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:73:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  #+ com.apple.TextEdit.plist
  #+ NOTE : Changed my mind, not touching this stuff till I play with some more scenarios. This plist setting isn't consistent across enough apps yet. ApplePersistenceIgnoreState is dangerous, if set to YES TextEdit will not prompt to save a NEW document when the user quits! Also Apple... which is it? ApplePersistenceIgnoreState or NSQuitAlwaysKeepsWindows
  #sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.TextEdit" ApplePersistenceIgnoreState YES
  #sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.TextEdit" NSQuitAlwaysKeepsWindows -int 0
  #+ com.apple.TimeMachine.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.TimeMachine" DoNotOfferNewDisksForBackup -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.TimeMachine" AutoBackup -bool NO
  #+ com.apple.universalaccess.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.universalaccess" voiceOverOnOffKey -bool NO
  #+ .GlobalPreferences
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" AppleKeyboardUIMode -int 2
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" AppleMiniaturizeOnDoubleClick -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" AppleShowAllExtensions -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" AppleShowScrollBars -string "Always"
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" NSAutomaticSpellingCorrectionEnabled -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" NSAutomaticWindowAnimationsEnabled -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" NSNavPanelExpandedStateForSaveMode -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" NSQuitAlwaysKeepsWindows -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" PMPrintingExpandedStateForPrint -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" com.apple.swipescrolldirection -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" com.apple.keyboard.fnState -bool YES
 fi
done

#* Create LOCAL ADMIN ACCOUNT.
#+ Note : Redirecting home directory to /var so regular end users don't see the local admin home directory at all.
#+ Note : Consider UniqueID in regard to the Hide500Users value for /Library/Preferences/com.apple.loginwindow
#+ Note : kcpassword cannot be scripted, you must supply it.
#+ Note : You may want to consider creating more than one local ADMIN account. For example, one full admin and one with ARD permissions.
#+ Note : The password is set via plain text, you could supply a pre-made hash file to be more secure. Each user has their own shadow file, with each shadow file stored under a .plist file located in /var/db/dslocal/nodes/Default/users/. The associated hash contains the users GUID which can be found by running dscl localhost -read /Search/Users/ | grep GeneratedUID | cut -c15-

#+ Create the user.
sudo /usr/bin/dscl . -create /Users/${SHORTNAME}
sudo /usr/bin/dscl . -create /Users/${SHORTNAME} UserShell /bin/bash
sudo /usr/bin/dscl . -create /Users/${SHORTNAME} RealName "${SHORTNAME}"
sudo /usr/bin/dscl . -create /Users/${SHORTNAME} UniqueID 444
sudo /usr/bin/dscl . -create /Users/${SHORTNAME} PrimaryGroupID 80
sudo /usr/bin/dscl . -create /Users/${SHORTNAME} NFSHomeDirectory "/var/${SHORTNAME}"
sudo /usr/bin/dscl . -passwd /Users/${SHORTNAME} "${PASSWORD}"
sudo /usr/bin/dscl . -append /Groups/admin GroupMembership "${SHORTNAME}"
sudo /bin/cp -Rfv /System/Library/User\ Template/English.lproj "/var/${SHORTNAME}"
#+ Permissions.
sudo /usr/sbin/chown -R ${SHORTNAME}:admin "/var/${SHORTNAME}"
#+ Hide the user from the loginwindow.
sudo /usr/bin/defaults write "/Library/Preferences/com.apple.loginwindow" HiddenUsersList -array-add ${SHORTNAME}

#* Enable autoLoginUser for this user so "boot" phase is seamless.
sudo /usr/bin/defaults write "/Library/Preferences/com.apple.loginwindow" autoLoginUser -string "${SHORTNAME}"
#+ kcpassword payload
sudo /bin/cp -f "/var/root/kcpassword" "/etc/kcpassword"
sudo /bin/rm -Rf "/etc/kcpassword.disabled"
#+ kcpassword special permissions.
sudo /usr/sbin/chown root:wheel "/etc/kcpassword"
sudo /bin/chmod 600 "/etc/kcpassword"

#* VNC password
ENCVNCPASSWD=$(/bin/echo "${PASSWORD}" | perl -we 'BEGIN { @k = unpack "C*", pack "H*", "1734516E8BA8C5E2FF1C39567390ADCA"}; $_ = <>; chomp; s/^(.{8}).*/$1/; @p = unpack "C*", $_; foreach (@k) { printf "%02X", $_ ^ (shift @p || 0) }; print "\n"')
sudo /bin/echo "${ENCVNCPASSWD}" > "/Library/Preferences/com.apple.VNCSettings.txt"
#+ com.apple.VNCSettings.txt special permissions.
sudo /usr/sbin/chown -R root:wheel "/Library/Preferences/com.apple.VNCSettings.txt"
sudo /bin/chmod -R 600 "/Library/Preferences/com.apple.VNCSettings.txt"

#* Enable SSH
sudo /usr/bin/defaults delete "/System/Library/LaunchDaemons/ssh" "Disabled"
#+ SSH daemon special permissions.
sudo /usr/sbin/chown root:wheel "/System/Library/LaunchDaemons/ssh.plist"
sudo /bin/chmod 644 "/System/Library/LaunchDaemons/ssh.plist"
#+ SSH MOTD banner.
sudo /bin/echo " " > "/etc/motd"
sudo /bin/echo "Unauthorized access to these resources is prohibited." >> "/etc/motd"
sudo /bin/echo " " >> "/etc/motd"
#+ SSH MOTD special permissions.
sudo /bin/chmod 755 "/etc/motd"
sudo /usr/sbin/chown root:wheel "/etc/motd"

#* Enable Apple Remote Desktop
#+ Note : Check kickstart options, you can make it more secure by using -allowAccessFor -specifiedUsers
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -allUsers -access -on -privs -all -clientopts -setvnclegacy -vnclegacy yes

#* Disable softwareupdate schedule with a daemon.
#+ NOTE : softwareupdate plist is machine specific, I do it this way so any future user that logs in has it disabled.
sudo /usr/bin/defaults write /Library/LaunchDaemons/org.softwareupdate Label org.softwareupdate
sudo /usr/bin/defaults write /Library/LaunchDaemons/org.softwareupdate LaunchOnlyOnce -bool TRUE
sudo /usr/bin/defaults write /Library/LaunchDaemons/org.softwareupdate Program "/usr/sbin/softwareupdate"
sudo /usr/bin/defaults write /Library/LaunchDaemons/org.softwareupdate RunAtLoad -bool TRUE
sudo /usr/bin/defaults write /Library/LaunchDaemons/org.softwareupdate ProgramArguments -array "/usr/sbin/softwareupdate" "--schedule" "off"
#+ softwareupdate Launch Daemon special permissions.
sudo /usr/sbin/chown root:wheel "/Library/LaunchDaemons/org.softwareupdate.plist"
sudo /bin/chmod 644 "/Library/LaunchDaemons/org.softwareupdate.plist"

#* Remove dockfixup, most end users don't require any of the iLife apps for work purposes.
sudo /bin/mv -f /Library/Preferences/com.apple.dockfixup.plist{,.BACKUP}

#* Disable /Library/Printers/PPDs
#+ NOTE : This is a legacy setting I used to do as Quark populates its print dialog with every PPD. Will go away soon.
sudo /bin/cp -R /Library/Printers/PPDs/Contents/Resources /Library/PrintersPPDsDisabled
sudo /bin/rm -R /Library/Printers/PPDs/Contents/Resources/*.*

#* Disable /System/Library/Printers/PPDs
#+ NOTE : This is a legacy setting I used to do as Quark populates its print dialog with every PPD. Will go away soon.
sudo /bin/cp -R /System/Library/Printers/PPDs/Contents/Resources /System/Library/PrintersPPDsDisabled
sudo /bin/rm -R /System/Library/Printers/PPDs/Contents/Resources/*.*

#* Enable Access for Assistive Devices.
#+ NOTE : Enabling this for applescripts that need to manipulate the GUI.
sudo touch /private/var/db/.AccessibilityAPIEnabled

#* Link to Directory Utility.
#+ NOTE : Because its more convenient than 5 clicks!
sudo /bin/ln -s "/System/Library/CoreServices/Directory Utility.app" "/Applications/Utilities/Directory Utility.app"

#* Turn down default volume
#+ NOTE : So the "boot" phase doesn't surprise anyone :)
sudo /usr/bin/osascript -e "set Volume 2"

#* Disable QuickLook Daemon
#+ Rather than constantly clearing /Users/USER/Library/Caches/com.apple.QuickLookDaemon
/usr/bin/defaults write "/System/Library/LaunchAgents/com.apple.quicklook" Disabled -bool true

#* Remove Alex and save 450mb, smaller DMG size.
sudo /bin/rm -Rf "/System/Library/Speech/Voices/Alex.SpeechVoice"

#* Remove any sleepimage, smaller DMG size.
#+ NOTE : Only do this if you understand what its doing. Google it.
sudo /bin/rm -Rf "/private/var/vm/sleepimage"

#* Remove any swapfile, smaller DMG size.
sudo /bin/rm -Rf "/private/var/vm/swapfile0"

#* Remove caches just-in-case there is anything machine specific.
sudo /bin/rm -Rf ~/Library/Caches/*
sudo /bin/rm -Rf /Library/Caches/*
sudo /bin/rm -Rf /System/Library/Caches/*

#* Remove preferences just-in-case there is anything machine specific.
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/CaptiveNetworkSupport/Settings.plist
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/com.apple.Boot.plist
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/com.apple.network.identification.plist
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/com.apple.PowerManagement.plist
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/NetworkInterfaces.plist
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/preferences.plist

#* Set "boot" phase LoginHook.
#+ Use to run scripts that cannot be added to the "build" phase.
sudo /usr/bin/defaults write "/var/root/Library/Preferences/com.apple.loginwindow" LoginHook -string "/var/root/boot.sh"
    • boot.sh 
      #* boot.sh
#+ Phase 2 of 3
#+ This script runs as a LoginHook to prep a Mac OS X 10.7.3 prior to the localise phase.

#* PLIST BUDDY
PB="/usr/libexec/PlistBuddy"

#* Serial number.
SERIAL=$(/usr/sbin/ioreg -c IOPlatformExpertDevice | /usr/bin/sed -E -n -e '/IOPlatformSerialNumber/{s/^.*[[:space:]]"IOPlatformSerialNumber" = "(.+)"$/\1/p;q;}')

#* Mac address.
MACADDRESS=$(/usr/sbin/networksetup -getMACADDRESS en0 | /usr/bin/awk '{print $3}' | /usr/bin/sed s/://g)

#* Model.
MODEL=$(sudo /usr/sbin/ioreg -rd1 -c IOPlatformExpertDevice | /usr/bin/grep -E model | /usr/bin/awk '{print $3}' | /usr/bin/sed 's/\<\"//' | sed 's/\"\>//')

#* Set Computer name,Local Host Name, Hostname, Netbios name.
#+ NOTE : I do this so the machine is easily identifiable during first boot via Apple Remote Desktop Administrator client. I support sites remotely.
sudo /usr/sbin/scutil --set ComputerName "${SERIAL}-${MACADDRESS}"
sudo /usr/sbin/scutil --set LocalHostName "${SERIAL}-${MACADDRESS}"
sudo /usr/sbin/scutil --set HostName "${SERIAL}-${MACADDRESS}"
sudo /bin/hostname "${SERIAL}-${MACADDRESS}"
sudo /usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName "${SERIAL}"

#* Set info2 field in ARD.
#+ NOTE : I do this simply so I can quickly see machine models via ARD (so I know which macs can/can't be upgraded to the latest OS. I don't buy upgrades, I simply create images for the OS that the mac ships with.
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -computerinfo -set2 -2 "${MODEL}"

#* Set Computer sleep idle time, Display sleep idle time, Disable hard disk sleep.
#+ NOTE : So the hard disk doesn't go to sleep on me while supporting remotely.
sudo /usr/sbin/systemsetup -setcomputersleep "60"
sudo /usr/sbin/systemsetup -setdisplaysleep "15"
sudo /usr/sbin/systemsetup -setharddisksleep off

#* Disable ipv6.
#+ NOTE : Issues have been reported regarding Binding to AD if IPv6 is enabled so I turn it off. (don't use IPv6 yet anyway)
sudo /usr/sbin/networksetup -setv6off "Airport"
sudo /usr/sbin/networksetup -setv6off "Bluetooth Dun"
sudo /usr/sbin/networksetup -setv6off "Bluetooth Pan"
sudo /usr/sbin/networksetup -setv6off "Ethernet"
sudo /usr/sbin/networksetup -setv6off "FireWire"
sudo /usr/sbin/networksetup -setv6off "Wi-Fi"

#* Order Services.
#+ NOTE : Issues have been reported with certain VPN profile setups if services don't have priority. Won't explain here, too detailed. Email me if you want details.
sudo /usr/sbin/networksetup -ordernetworkservices "Ethernet" "Wi-Fi" "FireWire"
sudo /usr/sbin/networksetup -ordernetworkservices "Ethernet" "Wi-Fi" "FireWire" "Bluetooth DUN"
sudo /usr/sbin/networksetup -ordernetworkservices "Ethernet" "Wi-Fi" "FireWire" "Bluetooth DUN" "Bluetooth PAN"
sudo /usr/sbin/networksetup -ordernetworkservices "Ethernet" "Airport" "FireWire"
sudo /usr/sbin/networksetup -ordernetworkservices "Ethernet" "Airport" "FireWire" "Bluetooth DUN"
sudo /usr/sbin/networksetup -ordernetworkservices "Ethernet" "Airport" "FireWire" "Bluetooth DUN" "Bluetooth PAN"

#* Disable Un-necessary network services.
sudo sudo /usr/sbin/networksetup -setnetworkserviceenabled "Bluetooth DUN" "off"
sudo sudo /usr/sbin/networksetup -setnetworkserviceenabled "Bluetooth PAN" "off"
sudo /usr/sbin/networksetup -setnetworkserviceenabled "FireWire" "off"

#* Disable Airport Power
#+ NOTE : Mainly to reduce LAN noise. You could limit this to non-laptops.
sudo /usr/sbin/networksetup -setairportpower "en1" "off"

#* Default preferences.
#+ Modifies /System/Library/User Template
#+ Note : Must do during first boot as plist files contain UUID or MACADDRESS
#+ Note : At some point Apple changed certain modesl from using MACADDRESS and instead now use UUID. I can't be bothered figuring it out so just writing one of each.
for USER_TEMPLATE in `sudo ls /System/Library/User\ Template`
do
 if [ -r "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences" ]; then
  /bin/echo "Modifying /System/Library/User Template/${USER_TEMPLATE}/Library/Preferences"
  # Ensure ByHost is there
  sudo /bin/mkdir -p "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost"
  # com.apple.screensaver.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.screensaver" askForPassword -int 1
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.screensaver" askForPasswordDelay -int 5
  # com.apple.screensaver.UUID.plist
  sudo $PB -c 'Add :CleanExit string YES' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  sudo $PB -c 'Add :idleTime integer 900' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  sudo $PB -c 'Add :moduleDict dict' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  sudo $PB -c 'Add :moduleDict:iLifeMediaGroupType integer 0' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  sudo $PB -c 'Add :moduleDict:moduleName string ${YOURSCREENSAVER}' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  sudo $PB -c 'Add :moduleDict:path string /Library/Screen\ Savers/${YOURSCREENSAVER}.slideSaver' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  sudo $PB -c 'Add :moduleDict:type integer 4' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  # com.apple.screensaver.MACADDRESS.plist
  sudo $PB -c 'Add :CleanExit string YES' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  sudo $PB -c 'Add :idleTime integer 900' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  sudo $PB -c 'Add :moduleDict dict' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  sudo $PB -c 'Add :moduleDict:iLifeMediaGroupType integer 0' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  sudo $PB -c 'Add :moduleDict:moduleName string ${YOURSCREENSAVER}' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  sudo $PB -c 'Add :moduleDict:path string /Library/Screen\ Savers/${YOURSCREENSAVER}.slideSaver' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  sudo $PB -c 'Add :moduleDict:type integer 4' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  # Laptop?
  ioreg -rd1 -c IOPlatformExpertDevice | grep -E model | awk '{print $3}' | sed s/\<\"// | sed s/\"\>// | grep iMac
  if [ "$?" == "1" ]; then
   # com.apple.systemuiserver.plist for laptop
   sudo $PB -c 'Delete menuExtras' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist" 
   sudo $PB -c 'Add menuExtras array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist" 
   sudo $PB -c 'Add menuExtras:0 string /Applications/Utilities/Keychain\ Access.app/Contents/Resources/Keychain.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:1 string /System/Library/CoreServices/Menu\ Extras/AirPort.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:2 string /System/Library/CoreServices/Menu\ Extras/VPN.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:3 string /System/Library/CoreServices/Menu\ Extras/Bluetooth.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:4 string /System/Library/CoreServices/Menu\ Extras/TextInput.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:5 string /System/Library/CoreServices/Menu\ Extras/Volume.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:6 string /System/Library/CoreServices/Menu\ Extras/Displays.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:7 string /System/Library/CoreServices/Menu\ Extras/RemoteDesktop.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:8 string /System/Library/CoreServices/Menu\ Extras/Battery.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   # com.apple.systemuiserver.${UUID}.plist (do not load) for laptop
   sudo $PB -c 'Delete dontAutoLoad' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist" 
   sudo $PB -c 'Add dontAutoLoad array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist" 
   sudo $PB -c 'Add dontAutoLoad:0 string /System/Library/CoreServices/Menu\ Extras/TimeMachine.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist"
   # com.apple.systemuiserver.${MACADDRESS}.plist (do not load) for laptop
   sudo $PB -c 'Delete dontAutoLoad' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist" 
   sudo $PB -c 'Add dontAutoLoad array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist" 
   sudo $PB -c 'Add dontAutoLoad:0 string /System/Library/CoreServices/Menu\ Extras/TimeMachine.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist"
  else
   # com.apple.systemuiserver.plist for non-laptop
   sudo $PB -c 'Add menuExtras array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist" 
   sudo $PB -c 'Add menuExtras:0 string /Applications/Utilities/Keychain\ Access.app/Contents/Resources/Keychain.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:1 string /System/Library/CoreServices/Menu\ Extras/Bluetooth.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:2 string /System/Library/CoreServices/Menu\ Extras/TextInput.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:3 string /System/Library/CoreServices/Menu\ Extras/Volume.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:4 string /System/Library/CoreServices/Menu\ Extras/Displays.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:5 string /System/Library/CoreServices/Menu\ Extras/RemoteDesktop.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   # com.apple.systemuiserver.${UUID}.plist (do not load) for non-laptop
   sudo $PB -c 'Add dontAutoLoad array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist" 
   sudo $PB -c 'Add dontAutoLoad:0 string /System/Library/CoreServices/Menu\ Extras/AirPort.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist"
   sudo $PB -c 'Add dontAutoLoad:1 string /System/Library/CoreServices/Menu\ Extras/VPN.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist"
   sudo $PB -c 'Add dontAutoLoad:2 string /System/Library/CoreServices/Menu\ Extras/TimeMachine.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist"
   sudo $PB -c 'Add dontAutoLoad:3 string /System/Library/CoreServices/Menu\ Extras/Battery.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist"
   # com.apple.systemuiserver.${MACADDRESS}.plist (do not load) for non-laptop
   sudo $PB -c 'Add dontAutoLoad array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist" 
   sudo $PB -c 'Add dontAutoLoad:0 string /System/Library/CoreServices/Menu\ Extras/AirPort.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist"
   sudo $PB -c 'Add dontAutoLoad:1 string /System/Library/CoreServices/Menu\ Extras/VPN.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist"
   sudo $PB -c 'Add dontAutoLoad:2 string /System/Library/CoreServices/Menu\ Extras/TimeMachine.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist"
   sudo $PB -c 'Add dontAutoLoad:3 string /System/Library/CoreServices/Menu\ Extras/Battery.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist"
  fi
 fi
done

#* Disable "boot" phase LoginHook
sudo /usr/bin/defaults delete "/var/root/Library/Preferences/com.apple.loginwindow" LoginHook

#* Installing Updates
#+ NOTE : This is for pkgs that require boot volume
#+ NOTE : You need to add relevant .pkgs to /var/root/Updates
find /var/root/Updates -name .DS_Store -exec rm {} \;
for i in `ls /var/root/Updates`
do
 /bin/echo "Installing $i"
 sudo installer -pkg /var/root/$i -target /
done
    • localise.sh 
      #* localise.sh
#+ Phase 3 of 3
#+ This script is run manually (I do it with an Applescript GUI wrapper). To be used for localisation as I support multiple sites (languages, locales, timezones etc etc)

#* PLIST BUDDY
PB="/usr/libexec/PlistBuddy"

#* Apple unique workstation UUID.
UUID=$(/usr/sbin/ioreg -rd1 -c IOPlatformExpertDevice | /usr/bin/perl -ne 'if (m/^.*\"IOPlatformUUID\" = \"(.*).*\"$/im) {print $1}')

#* Serial number.
SERIAL=$(/usr/sbin/ioreg -c IOPlatformExpertDevice | /usr/bin/sed -E -n -e '/IOPlatformSerialNumber/{s/^.*[[:space:]]"IOPlatformSerialNumber" = "(.+)"$/\1/p;q;}')

#* Mac address.
MACADDRESS=$(/usr/sbin/networksetup -getMACADDRESS en0 | /usr/bin/awk '{print $3}' | /usr/bin/sed s/://g)

# Model.
MODEL=$(sudo /usr/sbin/ioreg -rd1 -c IOPlatformExpertDevice | /usr/bin/grep -E model | /usr/bin/awk '{print $3}' | /usr/bin/sed 's/\<\"//' | sed 's/\"\>//')

#* OS
OS=`/usr/bin/sw_vers | grep ProductVersion | awk '{print $2}'`

#* RAM
RAM=`/usr/sbin/system_profiler SPHardwareDataType | grep "Memory" | awk '{print $2$3}'`

#* CPU
CPU=`/usr/sbin/system_profiler SPHardwareDataType | grep "Processor Name" | awk '{print $3$4$5$6$7$8$9}'`

#* Set the workstation ComputerName, LocalHostName,hostname and NetBIOSName
logger "POSTBUILD PHASE : ComputerName ${ComputerName}"
sudo /usr/sbin/scutil --set ComputerName "${ComputerName}"
logger "POSTBUILD PHASE : LocalHostName ${LocalHostName}"
sudo /usr/sbin/scutil --set LocalHostName "${LocalHostName}"
logger "POSTBUILD PHASE : hostname ${hostname}"
sudo /bin/hostname "${hostname}"
logger "POSTBUILD PHASE : HostName ${HostName}"
sudo /usr/sbin/scutil --set HostName "${HostName}"
logger "POSTBUILD PHASE : NetBIOSName ${NetBIOSName}"
sudo /usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName "${NetBIOSName}"

#* Set the default workstation language
#+ NOTE : Refer to the xxx.lproj User Template folders as a quick guide (where xxx is the ${language} string). So for english it would be languagesetup -langspec "English" but for Portuguese it would be languagesetup -langspec "pt"
#+ NOTE : languagesetup zaps /Library/Preferences/.GlobalPreferences so make sure you set the language early ;)
logger "POSTBUILD PHASE : Language ${language}"
sudo /usr/sbin/languagesetup -langspec "${language}"

#* Set the default workstation locale
#+ NOTE : Values consist of Language and Country in the format xx_xx, refer to /usr/share/locale for acceptable values.
logger "POSTBUILD PHASE : AppleLocale ${locale}"
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences AppleLocale -string "${locale}"

#* Set the default workstation country
#+ NOTE : Refer to /usr/share/locale for acceptable values.
logger "POSTBUILD PHASE : Country ${country}"
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences Country -string "${country}"

#* Set the default workstation measurement units
#+ NOTE : Metric is either TRUE or FALSE and Measurement Units is either Inches or Centimeters.
logger "POSTBUILD PHASE : AppleMeasurementUnits ${applemeasurementunits}"
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences AppleMeasurementUnits -string "${applemeasurementunits}"
logger "POSTBUILD PHASE : AppleMetricUnits ${applemetricunits}"
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences AppleMetricUnits -string "${applemetricunits}"

#* Set default workstation "System" Input Keyboard Layout
#+ NOTE : The permissions are important otherwise it won't work. I haven't found a reliable source of values anywhere, had to do this manually for each location to capture the values the first time.
logger "POSTBUILD PHASE - Input Keyboard Layout id : ${keyboardlayoutid}"
logger "POSTBUILD PHASE - Input Keyboard Layout name : ${keyboardlayoutname}"
sudo $PB -c "Add :AppleCurrentKeyboardLayoutInputSourceID string com.apple.keylayout.${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleCurrentKeyboardLayoutInputSourceID com.apple.keylayout.${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Delete :AppleDefaultAsciiInputSource" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleDefaultAsciiInputSource:InputSourceKind string Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleDefaultAsciiInputSource:InputSourceKind Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleDefaultAsciiInputSource:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleDefaultAsciiInputSource:KeyboardLayout\ ID ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleDefaultAsciiInputSource:KeyboardLayout\ Name string ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleDefaultAsciiInputSource:KeyboardLayout\ Name ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Delete :AppleEnabledInputSources" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleEnabledInputSources:0 dict" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleEnabledInputSources:0:InputSourceKind string Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleEnabledInputSources:0:InputSourceKind Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleEnabledInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleEnabledInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleEnabledInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleEnabledInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Delete :AppleSelectedInputSources" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleSelectedInputSources:0 dict" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleSelectedInputSources:0:InputSourceKind string Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleSelectedInputSources:0:InputSourceKind Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleSelectedInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleSelectedInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleSelectedInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleSelectedInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo chown root:admin "/Library/Preferences/com.apple.HIToolbox.plist"
sudo chmod 644 "/Library/Preferences/com.apple.HIToolbox.plist"

#* Set default workstation "LoginWindow" Input Keyboard Layout
#+ NOTE : The permissions are important otherwise it won't work. 
logger "POSTBUILD PHASE - Loginwindow Keyboard Layout id : ${keyboardlayoutid}"
logger "POSTBUILD PHASE - Loginwindow Keyboard Layout name : ${keyboardlayoutname}"
sudo $PB -c "Add :AppleCurrentKeyboardLayoutInputSourceID string com.apple.keylayout.${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :AppleCurrentKeyboardLayoutInputSourceID com.apple.keylayout.${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox dict" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Delete :com.apple.HIToolbox:AppleDefaultAsciiInputSource" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource array" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource:InputSourceKind string Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleDefaultAsciiInputSource:InputSourceKind Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ ID ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ Name string ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ Name ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Delete :com.apple.HIToolbox:AppleEnabledInputSources" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleEnabledInputSources array" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0 dict" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0:InputSourceKind string Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleEnabledInputSources:0:InputSourceKind Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Delete :com.apple.HIToolbox:AppleSelectedInputSources" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleSelectedInputSources array" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0 dict" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0:InputSourceKind string Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleSelectedInputSources:0:InputSourceKind Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
# Special Explicit Permissions!!!
sudo chown securityagent:wheel "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo chmod 644 "/var/tmp/com.apple.HIToolbox.loginwindow.plist"

#* Set Visibility Input Keyboard Layout Menu in Loginwindow
logger "POSTBUILD PHASE - Loginwindow : showInputMenu"
sudo defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool "TRUE"
logger "POSTBUILD PHASE - Loginwindow : ModeNameVisible"
sudo defaults write /var/ard/Library/Preferences/com.apple.menuextra.textinput ModeNameVisible -bool "TRUE"
sudo chmod 777 /Library/Preferences/com.apple.loginwindow.plist

#* Set default workstation network time server
logger "POSTBUILD PHASE : setnetworktimeserver ${timeserver}"
sudo /usr/sbin/systemsetup -setusingnetworktime "on"
sudo /usr/sbin/systemsetup -setnetworktimeserver "${networktimeserver}"

#* Set default workstation timezone
#+ NOTE : Refer to /usr/sbin/systemsetup -listtimezones for acceptable values.
logger "POSTBUILD PHASE : settimezone ${timezone}"
sudo /usr/sbin/systemsetup -settimezone "${timezone}"

#* Energy Saver Defaults
logger "POSTBUILD PHASE : /Library/Preferences/com.apple.PowerManagement"
sudo /usr/sbin/systemsetup -setallowpowerbuttontosleepcomputer "off"
sudo /usr/sbin/systemsetup -setcomputersleep "60"
sudo /usr/sbin/systemsetup -setdisplaysleep "45"
sudo /usr/sbin/systemsetup -setharddisksleep "off"
sudo /usr/sbin/systemsetup -setrestartpowerfailure "off"
sudo /usr/sbin/systemsetup -setwakeonnetworkaccess "on"

#* Modify authorizations
#+ NOTE : if you don't know what this is you probably shouldn't mess with it ;) email me and I'll explain chris.gerke@gmail.com

#+ Backup Original
logger "POSTBUILD PHASE : /etc/authorization"
sudo /bin/cp -f /etc/authorization{,.original}
#+ Allow date & time preference pane access.
sudo $PB -c "set rights:system.preferences.datetime:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences.datetime:shared" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences.datetime:group" "/etc/authorization"
#+ Allow DVD region setting rights
sudo $PB -c "add rights:system.device.dvd.setregion.change dict" "/etc/authorization"
sudo $PB -c "add rights:system.device.dvd.setregion.change:class string" "/etc/authorization"
sudo $PB -c "set rights:system.device.dvd.setregion.change:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.device.dvd.setregion.change:shared" "/etc/authorization"
sudo $PB -c "delete rights:system.device.dvd.setregion.change:group" "/etc/authorization"
#+ Allow DVD region initial setting rights
sudo $PB -c "set rights:system.device.dvd.setregion.initial:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.device.dvd.setregion.initial:shared" "/etc/authorization"
sudo $PB -c "delete rights:system.device.dvd.setregion.initial:group" "/etc/authorization"
#+ Allow network preference pane access
sudo $PB -c "set rights:system.preferences.network:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences.network:shared" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences.network:group" "/etc/authorization"
#+ Change /etc/authorization to allow all users to open preference panes
sudo $PB -c "set rights:system.preferences.printing:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences.printing:shared" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences.printing:group" "/etc/authorization"
#+ Allow preference panes
sudo $PB -c "set rights:system.preferences:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences:shared" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences:group" "/etc/authorization"
#+ Allow print admin rights
sudo $PB -c "set rights:system.print.admin:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.print.admin:group" "/etc/authorization"
sudo $PB -c "delete rights:system.print.admin:shared" "/etc/authorization"
#+ Allow printing manager rights
sudo $PB -c "set rights:system.printingmanager:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.printingmanager:rule" "/etc/authorization"
#+ Permissions
sudo chown root:wheel "/etc/authorization"
sudo chmod 644 "/etc/authorization"

#* Require admin password for comp-to-comp wifi
logger "POSTBUILD PHASE : RequireAdminIBSS"
sudo /usr/libexec/airportd en1 prefs RequireAdminIBSS=YES

#* Disable font protection because designers persist in using PS versions of system dfonts so we have to cusotmise it later!! arrgghhhh
logger "POSTBUILD PHASE : fontprotection -off"
sudo /usr/bin/atsutil fontprotection -off

#* Set default font server
logger "POSTBUILD PHASE : Setting ${fontserver}"
sudo echo "server.address=${fontserver}" > "/Library/Preferences/com.extensis.UniversalTypeClient.conf"
sudo echo "server.port=${fontport}" >> "/Library/Preferences/com.extensis.UniversalTypeClient.conf"

#* Default preferences.
#+ Modifies /System/Library/User Template
#+ I do it here because each site has a custom intranet page, for security reasons not adding the extra bits that set DNS but you get the idea....
for USER_TEMPLATE in `sudo ls /System/Library/User\ Template`
do
 if [ -r "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences" ]; then
  /bin/echo "Modifying /System/Library/User Template/${USER_TEMPLATE}/Library/Preferences"
  # Safari
  logger "POSTBUILD PHASE : Homepage $url"
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.internetconfigpriv" WWWHomePage $url
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" HomePage $url
 fi  
done

#* Setup the Login Window, add a banner.
logger "POSTBUILD PHASE : Loginwindow"
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText -string "$LoginWindowText"
#+ Username and Password fields instead of user badges
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool "TRUE"
#+ Show host info
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo "DSStatus"
#+ Hide the < UniqueID 500 users.
sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE
#+ Prevent "Other" from appearing in the loginwindow.
sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE
#+ Add a delay to avoid authentication issues on machines with slow DCHP leases
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow StartupDelay -int 13

#* Bind to AD.
#+ NOTE : This is done with ADMItMac, will be testing feasability of using built-in AD in the coming days, will post and update.
logger "POSTBUILD PHASE : ADMitMac Attempting bind to ${OU}"
sudo /sbin/amconfig -A -F -c ${hostname}
logger "POSTBUILD PHASE : ADMitMac Changing User Attribute RecordName to sAMAccountName (shortname for user directory)"
sudo $PB -c "Set :Record\ Type\ Map:dsRecTypeStandard\:Users:Attribute\ Type\ Map:dsAttrTypeStandard\:RecordName:AD\ Attributes:0 sAMAccountName" /Library/DirectoryServices/Plugins/CIFSPlugin.dsplug/Contents/Resources/LDAPConfig.plist
sudo $PB -c "Set :Record\ Type\ Map:dsRecTypeStandard\:Users:Attribute\ Type\ Map:dsAttrTypeStandard\:RecordName:AD\ Attributes:2 userPrincipalName" /Library/DirectoryServices/Plugins/CIFSPlugin.dsplug/Contents/Resources/LDAPConfig.plist
logger "POSTBUILD PHASE : ADMitMac Display Cached Creds Dialog false"
sudo /usr/bin/defaults write /Library/Preferences/com.thursby.tss_check_cifs "Display Cached Creds Dialog" "false"
sudo /usr/bin/defaults write /Library/Preferences/com.thursby.CIFSPlugin "LDAP Connect Timeout" 30

#* Set NIC speed for regions that may want hard setting
logger "POSTBUILD PHASE : NIC Speed"
sudo /usr/sbin/networksetup -setMedia en0 ${networkspeed} ${networkduplex}

#* Set LoginHook
logger "POSTBUILD PHASE : LoginHook"
sudo /usr/bin/defaults write "/var/root/Library/Preferences/com.apple.loginwindow" LoginHook -string "${GlobalLoginHook}"

#* Disable autologin
sudo /bin/rm -f /var/ard/Library/Keychains/login.keychain
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser ""

#* Repair Permissions (can't run in single user mode)
sudo /usr/sbin/diskutil repairPermissions /

#* Email workstation details to me, this is a perl script using smtp. Will add a copy in another post.
sudo /var/root/email.sh

That's all folks.

Probably not.... anyone that makes SOEs knows it never ever ends ;)

Will post any additions I make, the most important part now is test test test.

Popular posts from this blog

Mac OS X "SOE" Day 6

Page Redirection > continued from day 5... Continuing on from the "firstboot" phase setup we need to script our "localiser" options. I previously set my build phase to autologin and run the firstboot script, the localiser phase essentially sits there and waits for you to run it. In my case I have an applescript GUI wrapper that requests some info to use in the localisation. I request a TAG number which is an organisational internal number and I also request a user name that will be set as the OWNER. NOTE : I ordered these specifically...not just because it makes sense logically but also technically. For example, setting the Language actually zaps a plist file (.GlobalPreferences) which you need to write to for Locale and Country info. This stuff is going to be totally dependant on your environment, as an example here is what I do. So what's the minimum we need in the "localiser" phase? Depends on how many sites you support,
more...

Mac OS X "SOE" Day 5

Page Redirection > continued from day 4... Continuing on from the "build" phase setup we need to script our "firstboot" options. The last step in the build phase set our "firstboot" script as  "/var/root/firstboot.sh". So what's the minimum we need in the "firstboot" phase? There isn't really a minimum for this phase as you can do most of this stuff at localisation phase. The main things I do here relate to writing prefs that a machine specific ie, contain UUID or MACADDRESS Setting default screensaver Setting default menu extras Run Apple Software updates that require a booted OS Set the initial HOSTNAME, LOCALHOSTNAME and COMPUTERNAME Set the initial Energy Saver settings Disable some Network Services (firewire, bluetooth) Set the initial Network Services Order Disable IPv6 Couple things you will need to know for this stage, how to get the UUID and/or the MACADDRESS. Post 2010 macs seem to use t
more...