Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #
- # The Getty instaDMG "First-Boot" script, ©2013 David Koff
- # Thanks to various folks including ideas from the formidable Rich Trouton:
- # https://github.com/rtrouton/rtrouton_scripts/blob/master/rtrouton_scripts/first_boot/10.8/first_boot.sh
- #
- # Created: 5.5.13
- # Last Updated: 6.14.13
- # ---------------------------------------------------------
- # variables & directories (updated May2013)
- # ---------------------------------------------------------
- #--- assignments
- SCRIPTNAME=$0
- user501=fieldtech
- user405=ard
- #--- Set Logging
- exec >> "/Library/Logs/Getty Installations.log" 2>&1
- #--- directories
- login="/Library/Preferences/com.apple.loginwindow"
- RepoURL="http://xserve-timcook.getty.edu:8088/content/catalogs/others"
- LOG="/Library/Logs/Getty Installations.log"
- xProtect_Plist="/System/Library/LaunchDaemons/com.apple.xprotectupdater.plist"
- LaunchDaemons="/System/Library/LaunchDaemons"
- LaunchDaemonsDisabled="/System/Library/LaunchDaemonsDisabled"
- RootPrefs="/private/var/root/Library/Preferences"
- #--- executables
- kickstart="/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart"
- systemsetup="/usr/sbin/systemsetup"
- networksetup="/usr/sbin/networksetup"
- ssh=`systemsetup -getremotelogin | awk '{ print $3 }'`
- #--- computationals
- over500=`dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }'`
- hwVers=`system_profiler | grep "Model Name" | awk '{ print $3, $4, $5 }'`
- interfaces=( Ethernet\ 1 Ethernet\ 2 Wi-fi )
- IS_LAPTOP=`/usr/sbin/system_profiler SPHardwareDataType | grep "Model Identifier" | grep "Book"`
- #----------------------------------------------------------
- # Timestamp
- #----------------------------------------------------------
- echo " "
- echo "###################################"
- echo "##### $SCRIPTNAME"
- echo "##### `date "+%A %m/%d/%Y %H:%M"`"
- echo "###################################"
- echo " "
- echo "
- # ---------------------------------------------------------
- # ---------------- ADMINISTRATIVE PREFS -----------------
- # ---------------------------------------------------------"
- echo ""
- echo ">>>>>>>> UNLOAD LOGIN WINDOW UNTIL FURTHER NOTICE"
- launchctl unload /System/Library/LaunchDaemons/com.apple.loginwindow.plist
- echo ""
- echo ">>>>>>>> DISABLE TIME MACHINE POP-UP WINDOW"
- defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true
- echo ""
- echo ">>>>>>>> SET PROPER SCROLL DIRECTION"
- defaults write NSGlobalDomain com.apple.swipescrolldirection -bool false
- echo ""
- echo ">>>>>>>> TURN ON FAST USER SWITCHING"
- defaults write /Library/Preferences/.GlobalPreferences MultipleSessionEnabled -bool YES
- echo ""
- echo ">>>>>>>> SET ARD PREFS"
- $kickstart -activate
- $kickstart -configure -users ard -access -on -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutdown -SendFiles -ChangeSettings -clientopts -setmenuextra -menuextra no -setreqperm -reqperm yes
- echo "Getty Standard ARD access prefs are set..."
- echo ""
- echo ">>>>>>>> SETTING REPOSADO PREFS"
- case `sw_vers -productVersion | awk -F . '{print $2}'` in
- 4) URL="${RepoURL}/index-1_production.sucatalog" ;;
- 5) URL="${RepoURL}/index-leopard.merged-1_production.sucatalog" ;;
- 6) URL="${RepoURL}/index-leopard-snowleopard.merged-1_production.sucatalog" ;;
- 7) URL="${RepoURL}/index-lion-snowleopard-leopard.merged-1_production.sucatalog" ;;
- 8) URL="${RepoURL}/index-mountainlion-lion-snowleopard-leopard.merged-1_production.sucatalog" ;;
- *) echo "Unsupported client OS"; exit 1 ;;
- esac
- defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL "${URL}"
- echo "Software Update Server set to PRODUCTION branch at: $URL"
- echo "
- # ---------------------------------------------------------
- # ----------------------- FIXES -------------------------
- # ---------------------------------------------------------"
- echo ""
- echo ">>>>>>>> PREVENT iCLOUD WIZARD FROM RUNNING"
- #in the user template
- for USER_TEMPLATE in "/System/Library/User Template"/*
- do
- defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.loginwindow -dict ”
- defaults write "${USER_TEMPLATE}"/Library/Preferences/loginwindow -dict ”
- defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
- defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none
- defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion 10.8.3
- echo "The iCloud wizard in the $USER_TEMPLATE is disabled..."
- done
- #in the root account
- defaults write "${RootPrefs}"/com.apple.loginwindow -dict ”
- defaults write "${RootPrefs}"/loginwindow -dict ”
- defaults write "${RootPrefs}"/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
- defaults write "${RootPrefs}"/com.apple.SetupAssistant GestureMovieSeen none
- defaults write "${RootPrefs}"/com.apple.SetupAssistant LastSeenCloudProductVersion 10.8.3
- echo "com.apple.SetupAssistant for the root account now won't propmpt for iCloud..."
- echo ""
- echo ">>>>>>>> PREVENT DS_STORE CREATION ON NETWORK VOLUMES"
- for USER_TEMPLATE in "/System/Library/User Template"/*
- do
- defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores true
- echo "DS_STORE files in the $USER_TEMPLATE now won't write to network volumes..."
- done
- echo ""
- echo ">>>>>>>> DISABLE XPROTECT"
- if [ -f $xProtect_Plist ]; then
- echo "x-Protect has been found in $LaunchDaemons!"
- launchctl unload -w "$xProtect_Plist"
- echo " x-Protect has been unloaded via launchctl."
- mkdir -v $LaunchDaemonsDisabled
- mv $xProtect_Plist $LaunchDaemonsDisabled
- echo " The xProtect.plist has been moved to: $LaunchDaemonsDisabled" >> LOG
- else
- echo "x-Protect hasn't been found in: $LaunchDaemons"
- if [ -f $LaunchDaemonsDisabled/com.apple.xprotectupdater.plist ]; then
- echo "It has already been moved to: $LaunchDaemonsDisabled"
- fi
- fi
- echo "
- # ---------------------------------------------------------
- # ---------------- NETWORK & SYSTEM PREFS ---------------
- # ---------------------------------------------------------"
- echo ""
- echo ">>>>>>>> SETTING NETWORK PREFS"
- $networksetup -createlocation Getty populate
- sleep 1
- $networksetup -switchtolocation Getty
- sleep 1
- $networksetup -deletelocation Automatic
- sleep 1
- $networksetup -setnetworkserviceenabled FireWire Off
- sleep 1
- $networksetup -setnetworkserviceenabled "Bluetooth DUN" Off
- sleep 1
- $networksetup -setv6off "${interfaces[@]}"
- sleep 1
- $networksetup -setcomputername NewlyImaged-NotYetNamed
- echo "'Getty' network location created & made active."
- echo "Default location 'Automatic' deleted."
- echo "FireWire and Bluetooth DUN are disabled."
- echo "IPv6 is disabled on all Ethernet ports."
- echo "Temp name assigned to Mac."
- echo ""
- echo ">>>>>>>> SETTING SYSTEM PREFERENCES"
- $systemsetup -setusingnetworktime on
- $systemsetup -settimezone America/Los_Angeles
- $systemsetup -setnetworktimeserver time.getty.edu
- echo "time server settings have been set."
- $systemsetup -setremotelogin on
- sleep 1
- echo "SSH service is now turned: $ssh"
- $systemsetup -setrestartpowerfailure on
- #$systemsetup -setwaitforstartupafterpowerfailure 60 ### only for x-serves with LOM
- $systemsetup -setwakeonnetworkaccess on
- if [ "$IS_LAPTOP" != "" ]; then
- echo "This is a Mac laptop. Now setting both battery and AC power settings..."
- # battery, then AC power settings for laptops
- pmset -b sleep 15 disksleep 15 displaysleep 15 halfdim 1
- pmset -c sleep 0 disksleep 0 displaysleep 30 halfdim 1
- else
- echo "This is a Mac desktop. Now setting AC power settings..."
- # AC power settings for desktops
- pmset -c sleep 0 disksleep 0 displaysleep 60 halfdim 1
- fi
- echo "Sleep/wake/power mgmt settings have been set based on hardware profile."
- echo "
- # ---------------------------------------------------------
- # ------------------ INSTALLATIONS ----------------------
- # ---------------------------------------------------------"
- echo ""
- echo ">>>>>>>> INSTALL ALL SUS PATCHES"
- softwareupdate -ia
- echo "
- # ---------------------------------------------------------
- # ----------------- ACCOUNT CREATION --------------------
- # ---------------------------------------------------------"
- # passwords ARE CLEARTEXT as a policy changes them in subsequent boots
- # create ONE ADMIN account
- dscl . -create /Users/$user501
- dscl . -create /Users/$user501 realname "${user501}"
- dscl . -create /Users/$user501 NFSHomeDirectory /Users/$user501
- dscl . -passwd /Users/$user501 getty ### temp password gets changed on next boot
- dscl . -create /Users/$user501 PrimaryGroupID 501
- dscl . -create /Users/$user501 UniqueID 501
- dscl . -create /Users/$user501 shell /bin/bash
- dscl . -append /Groups/admin GroupMembership $user501 ### this makes the account admin
- dscl . -create /Users/$user501 picture "/Library/User Pictures/Getty/fieldtech.jpg"
- echo "The $user501 account has been created and setup."
- # create ADMIN & HIDDEN account
- mkdir /private/var/$user405
- dscl . -create /Users/$user405
- dscl . -create /Users/$user405 realname "${user405}"
- dscl . -create /Users/$user405 NFSHomeDirectory /private/var/$user405
- dscl . -passwd /Users/$user405 ma5ter ### temp password gets changed on next boot
- dscl . -create /Users/$user405 PrimaryGroupID 405
- dscl . -create /Users/$user405 UniqueID 405
- dscl . -create /Users/$user405 shell /bin/bash
- dscl . -append /Groups/admin GroupMembership $user405
- chown -R $user405:wheel /private/var/$user405 ### can't chown until the account is admin
- sudo defaults write $login Hide500Users -bool TRUE ### hides this user from user list and user switching
- sudo defaults write $login HiddenUsersList -array add $user405 ### hides this user from login screen
- echo "The $user405 account has been created, setup & hidden."
- # enable root user by setting temp password via here statement
- passwd root <<end
- topofhill
- topofhill
- end
- mkdir /private/var/root/Documents
- mkdir /private/var/root/Downloads
- echo "
- # ---------------------------------------------------------
- # ----------------- CLEAN-UP & DELETE -------------------
- # ---------------------------------------------------------"
- echo ""
- echo ">>>>>>>> CALL CUSTOM JAMF TRIGGER"
- jamf policy -trigger instaSupplimental
- echo ""
- echo ">>>>>>>> RESTATE LOGIN WINDOW"
- launchctl load /System/Library/LaunchDaemons/com.apple.loginwindow.plist
- echo ""
- echo ">>>>>>>> REMOVING LAUNCHD ITEMS"
- srm /Library/LaunchDaemons/com.getty.NewOS1stBoot.plist
- srm $0
- echo "$0 has now been deleted."
- echo " "
- echo "###################################"
- echo "##### End Log"
- echo "##### `date "+%A %m/%d/%Y %H:%M"`"
- echo "###################################"
- echo " "
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement