API tools faq
paste
Advertisement
themacdweeb

1stBoot-instaDMG.sh

themacdweeb
Oct 16th, 2013
168
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 10.96 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. #
  3. # The Getty instaDMG "First-Boot" script, ©2013 David Koff
  4. # Thanks to various folks including ideas from the formidable Rich Trouton:
  5. # https://github.com/rtrouton/rtrouton_scripts/blob/master/rtrouton_scripts/first_boot/10.8/first_boot.sh
  6. #
  7. # Created: 5.5.13
  8. # Last Updated: 6.14.13
  9.  
  10.  
  11. # ---------------------------------------------------------
  12. # variables & directories  (updated May2013)
  13. # ---------------------------------------------------------
  14. #--- assignments
  15. SCRIPTNAME=$0
  16. user501=fieldtech
  17. user405=ard
  18.  
  19. #--- Set Logging
  20. exec >> "/Library/Logs/Getty Installations.log" 2>&1
  21.  
  22. #--- directories
  23. login="/Library/Preferences/com.apple.loginwindow"
  24. RepoURL="http://xserve-timcook.getty.edu:8088/content/catalogs/others"
  25. LOG="/Library/Logs/Getty Installations.log"
  26. xProtect_Plist="/System/Library/LaunchDaemons/com.apple.xprotectupdater.plist"
  27. LaunchDaemons="/System/Library/LaunchDaemons"
  28. LaunchDaemonsDisabled="/System/Library/LaunchDaemonsDisabled"
  29. RootPrefs="/private/var/root/Library/Preferences"
  30.  
  31. #--- executables
  32. kickstart="/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart"
  33. systemsetup="/usr/sbin/systemsetup"
  34. networksetup="/usr/sbin/networksetup"
  35. ssh=`systemsetup -getremotelogin | awk '{ print $3 }'`
  36.  
  37. #--- computationals
  38. over500=`dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }'`
  39. hwVers=`system_profiler | grep "Model Name" | awk '{ print $3, $4, $5 }'`
  40. interfaces=( Ethernet\ 1 Ethernet\ 2 Wi-fi )
  41. IS_LAPTOP=`/usr/sbin/system_profiler SPHardwareDataType | grep "Model Identifier" | grep "Book"`
  42.  
  43.  
  44.  
  45. #----------------------------------------------------------
  46. #  Timestamp
  47. #----------------------------------------------------------
  48. echo "                                   "
  49. echo "###################################"
  50. echo "##### $SCRIPTNAME"
  51. echo "##### `date "+%A %m/%d/%Y %H:%M"`"
  52. echo "###################################"
  53. echo "                                   "
  54.  
  55.  
  56. echo "
  57. # ---------------------------------------------------------
  58. #  ---------------- ADMINISTRATIVE PREFS -----------------
  59. # ---------------------------------------------------------"
  60.  
  61. echo ""
  62. echo ">>>>>>>>  UNLOAD LOGIN WINDOW UNTIL FURTHER NOTICE"
  63. launchctl unload /System/Library/LaunchDaemons/com.apple.loginwindow.plist
  64.  
  65.  
  66. echo ""
  67. echo ">>>>>>>>  DISABLE TIME MACHINE POP-UP WINDOW"
  68. defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true
  69.  
  70.  
  71. echo ""
  72. echo ">>>>>>>>  SET PROPER SCROLL DIRECTION"
  73. defaults write NSGlobalDomain com.apple.swipescrolldirection -bool false
  74.  
  75. echo ""
  76. echo ">>>>>>>>  TURN ON FAST USER SWITCHING"
  77. defaults write /Library/Preferences/.GlobalPreferences MultipleSessionEnabled -bool YES
  78.  
  79.  
  80. echo ""
  81. echo ">>>>>>>>  SET ARD PREFS"
  82. $kickstart -activate
  83. $kickstart -configure -users ard -access -on -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutdown -SendFiles -ChangeSettings -clientopts -setmenuextra -menuextra no -setreqperm -reqperm yes
  84. echo "Getty Standard ARD access prefs are set..."
  85.  
  86.  
  87. echo ""
  88. echo ">>>>>>>>  SETTING REPOSADO PREFS"
  89. case `sw_vers -productVersion | awk -F . '{print $2}'` in
  90.   4) URL="${RepoURL}/index-1_production.sucatalog" ;;  
  91.   5) URL="${RepoURL}/index-leopard.merged-1_production.sucatalog" ;;      
  92.   6) URL="${RepoURL}/index-leopard-snowleopard.merged-1_production.sucatalog" ;;  
  93.   7) URL="${RepoURL}/index-lion-snowleopard-leopard.merged-1_production.sucatalog" ;;
  94.   8) URL="${RepoURL}/index-mountainlion-lion-snowleopard-leopard.merged-1_production.sucatalog" ;;  
  95.   *) echo "Unsupported client OS"; exit 1 ;;
  96. esac
  97. defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL "${URL}"
  98. echo "Software Update Server set to PRODUCTION branch at: $URL"
  99.  
  100.  
  101.  
  102. echo "
  103. # ---------------------------------------------------------
  104. #  ----------------------- FIXES -------------------------
  105. # ---------------------------------------------------------"
  106.  
  107. echo ""
  108. echo ">>>>>>>>  PREVENT iCLOUD WIZARD FROM RUNNING"
  109. #in the user template
  110. for USER_TEMPLATE in "/System/Library/User Template"/*
  111. do
  112.     defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.loginwindow -dict
  113.     defaults write "${USER_TEMPLATE}"/Library/Preferences/loginwindow -dict
  114.     defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
  115.     defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none
  116.     defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion 10.8.3
  117.     echo "The iCloud wizard in the $USER_TEMPLATE is disabled..."
  118. done
  119.  
  120. #in the root account
  121. defaults write "${RootPrefs}"/com.apple.loginwindow -dict
  122. defaults write "${RootPrefs}"/loginwindow -dict
  123. defaults write "${RootPrefs}"/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
  124. defaults write "${RootPrefs}"/com.apple.SetupAssistant GestureMovieSeen none
  125. defaults write "${RootPrefs}"/com.apple.SetupAssistant LastSeenCloudProductVersion 10.8.3
  126. echo "com.apple.SetupAssistant for the root account now won't propmpt for iCloud..."
  127.  
  128.  
  129.  
  130. echo ""
  131. echo ">>>>>>>>  PREVENT DS_STORE CREATION ON NETWORK VOLUMES"
  132. for USER_TEMPLATE in "/System/Library/User Template"/*
  133. do
  134.     defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores true
  135.     echo "DS_STORE files in the $USER_TEMPLATE now won't write to network volumes..."
  136. done
  137.  
  138.  
  139.  
  140. echo ""
  141. echo ">>>>>>>>  DISABLE XPROTECT"
  142. if [ -f $xProtect_Plist ]; then
  143.     echo "x-Protect has been found in $LaunchDaemons!"
  144.     launchctl unload -w "$xProtect_Plist"
  145.     echo "     x-Protect has been unloaded via launchctl."
  146.     mkdir -v $LaunchDaemonsDisabled
  147.     mv $xProtect_Plist $LaunchDaemonsDisabled
  148.     echo "     The xProtect.plist has been moved to: $LaunchDaemonsDisabled" >> LOG
  149. else
  150.     echo "x-Protect hasn't been found in: $LaunchDaemons"
  151.     if [ -f $LaunchDaemonsDisabled/com.apple.xprotectupdater.plist ]; then
  152.         echo "It has already been moved to: $LaunchDaemonsDisabled"
  153.     fi
  154. fi
  155.  
  156.  
  157.  
  158.  
  159. echo "
  160. # ---------------------------------------------------------
  161. #  ---------------- NETWORK & SYSTEM PREFS ---------------
  162. # ---------------------------------------------------------"
  163.  
  164. echo ""
  165. echo ">>>>>>>>  SETTING NETWORK PREFS"
  166. $networksetup -createlocation Getty populate
  167. sleep 1
  168. $networksetup -switchtolocation Getty
  169. sleep 1
  170. $networksetup -deletelocation Automatic
  171. sleep 1
  172. $networksetup -setnetworkserviceenabled FireWire Off
  173. sleep 1
  174. $networksetup -setnetworkserviceenabled "Bluetooth DUN" Off
  175. sleep 1
  176. $networksetup -setv6off "${interfaces[@]}"
  177. sleep 1
  178. $networksetup -setcomputername NewlyImaged-NotYetNamed
  179. echo "'Getty' network location created & made active."
  180. echo "Default location 'Automatic' deleted."
  181. echo "FireWire and Bluetooth DUN are disabled."
  182. echo "IPv6 is disabled on all Ethernet ports."
  183. echo "Temp name assigned to Mac."
  184.  
  185. echo ""
  186. echo ">>>>>>>>  SETTING SYSTEM PREFERENCES"
  187. $systemsetup -setusingnetworktime on
  188. $systemsetup -settimezone America/Los_Angeles
  189. $systemsetup -setnetworktimeserver time.getty.edu
  190. echo "time server settings have been set."
  191. $systemsetup -setremotelogin on
  192. sleep 1
  193. echo "SSH service is now turned: $ssh"
  194.  
  195. $systemsetup -setrestartpowerfailure on
  196. #$systemsetup -setwaitforstartupafterpowerfailure 60        ### only for x-serves with LOM
  197. $systemsetup -setwakeonnetworkaccess on
  198. if [ "$IS_LAPTOP" != "" ]; then
  199.     echo "This is a Mac laptop. Now setting both battery and AC power settings..."
  200.     # battery, then AC power settings for laptops
  201.     pmset -b sleep 15 disksleep 15 displaysleep 15 halfdim 1
  202.     pmset -c sleep 0 disksleep 0 displaysleep 30 halfdim 1
  203. else   
  204.     echo "This is a Mac desktop. Now setting AC power settings..."
  205.     # AC power settings for desktops
  206.     pmset -c sleep 0 disksleep 0 displaysleep 60 halfdim 1
  207. fi
  208. echo "Sleep/wake/power mgmt settings have been set based on hardware profile."
  209.  
  210.  
  211.  
  212.  
  213. echo "
  214. # ---------------------------------------------------------
  215. #  ------------------ INSTALLATIONS ----------------------
  216. # ---------------------------------------------------------"
  217.  
  218. echo ""
  219. echo ">>>>>>>>  INSTALL ALL SUS PATCHES"
  220. softwareupdate -ia
  221.  
  222.  
  223.  
  224. echo "
  225. # ---------------------------------------------------------
  226. #  ----------------- ACCOUNT CREATION --------------------
  227. # ---------------------------------------------------------"
  228.  
  229. # passwords ARE CLEARTEXT as a policy changes them in subsequent boots
  230.  
  231. # create ONE ADMIN account
  232. dscl . -create /Users/$user501
  233. dscl . -create /Users/$user501 realname "${user501}"
  234. dscl . -create /Users/$user501 NFSHomeDirectory /Users/$user501
  235. dscl . -passwd /Users/$user501 getty                             ### temp password gets changed on next boot
  236. dscl . -create /Users/$user501 PrimaryGroupID 501
  237. dscl . -create /Users/$user501 UniqueID 501
  238. dscl . -create /Users/$user501 shell /bin/bash
  239. dscl . -append /Groups/admin GroupMembership $user501            ### this makes the account admin
  240. dscl . -create /Users/$user501 picture "/Library/User Pictures/Getty/fieldtech.jpg"
  241. echo "The $user501 account has been created and setup."
  242.  
  243. # create ADMIN & HIDDEN account
  244. mkdir /private/var/$user405
  245. dscl . -create /Users/$user405
  246. dscl . -create /Users/$user405 realname "${user405}"
  247. dscl . -create /Users/$user405 NFSHomeDirectory /private/var/$user405
  248. dscl . -passwd /Users/$user405 ma5ter                             ### temp password gets changed on next boot
  249. dscl . -create /Users/$user405 PrimaryGroupID 405
  250. dscl . -create /Users/$user405 UniqueID 405
  251. dscl . -create /Users/$user405 shell /bin/bash
  252. dscl . -append /Groups/admin GroupMembership $user405
  253. chown -R $user405:wheel /private/var/$user405                     ### can't chown until the account is admin
  254. sudo defaults write $login Hide500Users -bool TRUE                ### hides this user from user list and user switching
  255. sudo defaults write $login HiddenUsersList -array add $user405    ### hides this user from login screen
  256. echo "The $user405 account has been created, setup & hidden."
  257.  
  258. # enable root user by setting temp password via here statement
  259. passwd root <<end
  260. topofhill
  261. topofhill
  262. end
  263. mkdir /private/var/root/Documents
  264. mkdir /private/var/root/Downloads
  265.  
  266.  
  267.  
  268. echo "
  269. # ---------------------------------------------------------
  270. #  ----------------- CLEAN-UP & DELETE -------------------
  271. # ---------------------------------------------------------"
  272.  
  273. echo ""
  274. echo ">>>>>>>>  CALL CUSTOM JAMF TRIGGER"
  275. jamf policy -trigger instaSupplimental
  276.  
  277. echo ""
  278. echo ">>>>>>>>  RESTATE LOGIN WINDOW"
  279. launchctl load /System/Library/LaunchDaemons/com.apple.loginwindow.plist
  280.  
  281. echo ""
  282. echo ">>>>>>>>  REMOVING LAUNCHD ITEMS"
  283. srm /Library/LaunchDaemons/com.getty.NewOS1stBoot.plist
  284. srm $0
  285. echo "$0 has now been deleted."
  286.  
  287.  
  288. echo "                                   "
  289. echo "###################################"
  290. echo "##### End Log"
  291. echo "##### `date "+%A %m/%d/%Y %H:%M"`"
  292. echo "###################################"
  293. echo "                                   "
  294.  
  295. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!