Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #
- # The Getty "First-Boot" script, ©2013 David Koff
- # Allow technicians to input data, set prefs on a new Mac,
- # pre-set several variables & then email the ITSLab of a new deployment
- #
- # Created: 3.5.13
- # Last Updated: 6.1.13
- # ---------------------------------------------------------
- # variables & directories (updated Feb2013)
- # ---------------------------------------------------------
- #--- assignments
- SCRIPTNAME=$0
- delivasset=$4
- removeasset=$5
- firstname=$6
- lastname=$7
- locationcode=$8
- #--- Set Logging
- exec >> "/Library/Logs/Getty Installations.log" 2>&1
- #--- directories
- login="/Library/Preferences/com.apple.loginwindow"
- RepoURL="http://xserve-timcook.getty.edu:8088/content/catalogs/others"
- MS="/Library/Fonts/Microsoft/"
- xProtect_MetaPlist="$3/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist"
- xProtect_Plist="$3/System/Library/LaunchDaemons/com.apple.xprotectupdater.plist"
- #--- executables
- mail="/usr/sbin/postfix"
- kickstart="/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart"
- PlistBuddy="/usr/libexec/PlistBuddy"
- #--- computationals
- date=`date "+%A %m/%d/%Y"`
- time=`systemsetup -gettime`
- over500=`dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }'`
- admins=`dscl . -read /groups/admin GroupMembership`
- firstinitial=`echo $firstname | cut -c1`
- hwCheck=`system_profiler | grep "Model Name" | awk '{ print $3 }'`
- hwVers=`system_profiler | grep "Model Name" | awk '{ print $3, $4, $5 }'`
- osCheck=`sw_vers -productVersion | awk -F . '{print $2}'`
- OS=`sw_vers | grep ProductVersion | awk '{ print $2 }'`
- ip=`ifconfig | grep "inet 153" | cut -d ' ' -f 2`
- serial=`system_profiler | grep "Serial Number (system)" | cut -c 31-43`
- enet=`networksetup -listallnetworkservices | grep Ethernet`
- USER=`defaults read $login lastUserName`
- #--- UUID capture
- if [[ `ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-50` == "00000000-0000-1000-8000-" ]]; then
- MAC_UUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c51-62 | awk {'print tolower()'}`
- elif [[ `ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-50` != "00000000-0000-1000-8000-" ]]; then
- MAC_UUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-62`
- fi
- #----------------------------------------------------------
- # Timestamp
- #----------------------------------------------------------
- echo " "
- echo "###################################"
- echo "##### $SCRIPTNAME"
- echo "##### `date "+%A %m/%d/%Y %H:%M"`"
- echo "###################################"
- echo " "
- echo "
- # ---------------------------------------------------------
- # ---------------------- FIXES --------------------------
- # ---------------------------------------------------------"
- echo ""
- echo ">>>>>>>> PREVENT iCLOUD WIZARD FROM RUNNING"
- # in any user account
- for i in $over500
- do
- defaults write /Users/$i/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
- defaults write /Users/$i/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion -string '10.8'
- chown "${i}":staff /Users/$i/Library/Preferences/com.apple.SetupAssistant.plist
- echo "iCloud wizard removed from the $i account..."
- done
- #in the user template
- for USER_TEMPLATE in "/System/Library/User Template"/*
- do
- defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.loginwindow -dict ” #creates a blank file if none exists
- defaults write "${USER_TEMPLATE}"/Library/Preferences/loginwindow -dict ” #creates a blank file if none exists
- defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
- defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion -string '10.8'
- echo "com.apple.SetupAssistant for the $USER_TEMPLATE now won't propmpt for iCloud..."
- done
- echo ""
- echo ">>>>>>>> DISABLE XPROTECT"
- if [ -f $LaunchDaemons/com.apple.xprotectupdater.plist ]; then
- echo "x-Protect has been found in $LaunchDaemons and will now be edited and unloaded:"
- $PlistBuddy -c "Delete :JavaWebComponentVersionMinimum" "$xProtect_MetaPlist"
- echo " Minimum Java Component removed from x-Protect."
- $launchctl unload -w "$xProtect_Plist"
- echo " x-Protect has been unloaded via launchctl."
- if [ ! -d $LaunchDaemonsDisabled ]; then
- echo ""
- echo "Now creating: $LaunchDaemonsDisabled to store xProtect plist:"
- mkdir -v $LaunchDaemonsDisabled
- else
- echo ""
- echo "$LaunchDaemonsDisabled:"
- echo " Directory found & emptied."
- echo " x-Protect moved into that directory:"
- rm -fv $LaunchDaemonsDisabled/*
- mv -v $LaunchDaemons/com.apple.xprotectupdater.plist $LaunchDaemonsDisabled
- fi
- else
- echo "x-Protect hasn't been found in: ${LaunchDaemons}"
- if [ -f $LaunchDaemonsDisabled/com.apple.xprotectupdater.plist ]; then
- echo "It has already been moved to: ${LaunchDaemonsDisabled}"
- fi
- fi
- echo ""
- echo ">>>>>>>> FIX ADOBE SUPPORT FOLDER"
- for i in $over500
- do
- chmod -R 775 /Users/$i/Library/Application\ Support/Adobe
- echo "Fixed Adobe permissions on the $i account..."
- done
- echo ""
- echo ">>>>>>>> FIX FIREFOX BOOKMARKS"
- for i in $over500
- do
- cd /Users/$i/Library/Application\ Support/Firefox/Profiles/*/
- mv places.sqlite places.sqlite.old
- mv places.sqlite-journal places.sqlite-journal.old
- echo "Firefox bookmarks error is corrected in the $i account..."
- done
- echo ""
- echo ">>>>>>>> FIX DYLD ERRORS"
- if [ $osCheck = "6" ]; then
- echo " "
- echo "This Mac is running Snow Leopard & requires updating dyld cache...."
- sudo update_dyld_shared_cache -force
- fi
- echo "
- # ---------------------------------------------------------
- # --------------- INITIAL IMAGING SET UPS ---------------
- # ---------------------------------------------------------"
- echo ""
- echo ">>>>>>>> SET COMPUTER NAMES"
- scutil --set LocalHostName GT$delivasset-$firstname-$lastname
- scutil --set ComputerName GT$delivasset-$firstname-$lastname
- scutil --set HostName GT$delivasset-$firstname-$lastname.getty.edu
- echo "Computer Name now set to: GT$delivasset-$firstname-$lastname"
- echo ""
- echo ">>>>>>>> SET ACCOUNT LONG NAME"
- if [ $firstname = "SHARED" ]; then
- firstname=workstation
- dscl . -create /Users/workstation RealName $firstname
- echo " "
- echo "Workstation account long name has been set to '$firstname'"
- else
- dscl . -create /Users/workstation RealName $firstinitial$lastname
- echo " "
- echo "Workstation account long name has been set to '$firstinitial$lastname'"
- fi
- echo ""
- echo ">>>>>>>> SETTING NETWORK PREFS"
- networksetup -createlocation Getty populate
- networksetup -switchtolocation Getty
- networksetup -deletelocation Automatic
- networksetup -setnetworkserviceenabled FireWire Off
- networksetup -setnetworkserviceenabled "Bluetooth DUN" Off
- networksetup -setv6off $enet
- echo " "
- echo "'Getty' network location created & made active."
- echo "Default location 'Automatic' deleted."
- echo "FireWire and Bluetooth DUN are disabled."
- echo "IPv6 is disabled on all Ethernet ports."
- echo ""
- echo ">>>>>>>> SETTING ARD FIELDS & SERVICE"
- $kickstart -activate -configure -computerinfo -set1 -1 $serial -set2 -2 GT$delivasset -set3 -3 $firstname\ $lastname -set4 -4 $locationcode
- echo "ARD fields populated..."
- $kickstart -activate
- $kickstart -configure -users ard -access -on -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutdown -SendFiles -ChangeSettings -clientopts -setmenuextra -menuextra no -setreqperm -reqperm yes
- echo "Getty Standard ARD access prefs are set..."
- echo ""
- echo ">>>>>>>> SETTING TIME SERVER"
- systemsetup -setusingnetworktime on
- systemsetup -settimezone America/Los_Angeles
- systemsetup -setnetworktimeserver time.getty.edu
- echo "time server set to time.getty.edu"
- echo ""
- echo ">>>>>>>> SETTING SSH"
- systemsetup -setremotelogin on
- echo "SSH has been turned on."
- echo ""
- echo ">>>>>>>> SETTING SUS TO REPOSADO"
- case `sw_vers -productVersion | awk -F . '{print $2}'` in
- 4) URL="${RepoURL}/index-1_production.sucatalog" ;;
- 5) URL="${RepoURL}/index-leopard.merged-1_production.sucatalog" ;;
- 6) URL="${RepoURL}/index-leopard-snowleopard.merged-1_production.sucatalog" ;;
- 7) URL="${RepoURL}/index-lion-snowleopard-leopard.merged-1_production.sucatalog" ;;
- 8) URL="${RepoURL}/index-mountainlion-lion-snowleopard-leopard.merged-1_production.sucatalog" ;;
- *) echo "Unsupported client OS"; exit 1 ;;
- esac
- defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL "${URL}"
- echo "Software Update Server set to PRODUCTION branch at: $URL"
- echo ""
- echo ">>>>>>>> SET ALL >500 USERS AS ADMIN"
- for i in $over500
- do
- echo $admins | grep $i
- if [ $? -ne 0 ]; then
- dscl . -append /groups/admin users $i
- echo "The $i account WASN'T administrative but now IS."
- else
- echo "The $i account was already administrative."
- fi
- done
- echo "Members of the admin group include:"
- dscl . -read /groups/admin GroupMembership
- echo ""
- echo ">>>>>>>> SET ALL >500 USERS TO ENABLE JAVA WEB PLUG-INS"
- for i in $over500
- do
- rm -f /Users/$i/Library/Preferences/ByHost/com.apple.java.JavaPreferences.*
- echo "JavaPrefs plist has been deleted from: $i account"
- echo "The Mac UUID has been set to: $MAC_UUID"
- ### ----- Set the "Enable applet plug-in" setting in the Java Preferences for the current user.
- $PlistBuddy -c "Delete :GeneralByTask:Any:WebComponentsEnabled" /Users/$USER/Library/Preferences/ByHost/com.apple.java.JavaPreferences.${MAC_UUID}.plist
- $PlistBuddy -c "Add :GeneralByTask:Any:WebComponentsEnabled bool true" /Users/$USER/Library/Preferences/ByHost/com.apple.java.JavaPreferences.${MAC_UUID}.plist
- $PlistBuddy -c "Delete :GeneralByTask:Any:WebComponentsLastUsed" /Users/$USER/Library/Preferences/ByHost/com.apple.java.JavaPreferences.${MAC_UUID}.plist
- $PlistBuddy -c "Add :GeneralByTask:Any:WebComponentsLastUsed real $(( $(date "+%s") - 978307200 ))" /Users/$USER/Library/Preferences/ByHost/com.apple.java.JavaPreferences.${MAC_UUID}.plist
- echo " "
- done
- echo "Java Web-Apps have been enabled for ALL 500+ users on this Mac."
- echo "
- # ---------------------------------------------------------
- # -------------------- DELETIONS ------------------------
- # ---------------------------------------------------------"
- rm -dr /Applications/Xerox
- rm -f /Envelope\ Index
- rm -f /10.5.9
- rm -f /ppdmgr
- ### ----- RESET SYNC SERVICES
- rm -dr /Users/workstation/Library/Application\ Support/SyncServices/Local
- ### ----- RESET FLASH
- rm -dr /Users/workstation/Library/Preferences/Macromedia
- ### ----- RESET M$ Fonts
- rm -f "$MS"/Arial.ttf
- rm -f "$MS"Arial\ Italic.ttf
- rm -f "$MS"Arial\ Bold.ttf
- rm -f "$MS"Arial\ Bold\ Italic.ttf
- rm -f "$MS"Brush\ Script.ttf
- rm -f "$MS"Times\ New\ Roman.ttf
- rm -f "$MS"Times\ New\ Roman\ Italic.ttf
- rm -f "$MS"Times\ New\ Roman\ Bold.ttf
- rm -f "$MS"Times\ New\ Roman\ Bold\ Italic.ttf
- rm -f "$MS"Verdana.ttf
- rm -f "$MS"Verdana\ Italic.ttf
- rm -f "$MS"Verdana\ Bold.ttf
- rm -f "$MS"Verdana\ Bold\ Italic.ttf
- rm -f "$MS"Wingdings.ttf
- rm -f "$MS"Wingdings\ 2.ttf
- rm -f "$MS"Wingdings\ 3.ttf
- echo " "
- echo "Conflicting items have been removed."
- echo "
- # ---------------------------------------------------------
- # ------------------ INSTALLATIONS ----------------------
- # ---------------------------------------------------------"
- echo ""
- echo ">>>>>>>> INSTALL ALL SUS PATCHES"
- softwareupdate -ia
- echo "--------------------------"
- echo ""
- echo ">>>>>>>> INSTALL MCAFEE AGENT"
- /usr/local/VSePO/ePO_keys/install.sh -i
- echo "McAfee agent has been installed..."
- echo "
- # ---------------------------------------------------------
- # --------------------- SEND MAIL -----------------------
- # ---------------------------------------------------------"
- if [ ! -d /Library/Server/Mail/Data/spool ]; then
- echo "Creating Unix mail folder hierarchy to enable sendmail..."
- mkdir -p /Library/Server/Mail/Data/spool
- $mail set-permissions
- $mail reload
- sleep 2
- fi
- if [ $firstname = "workstation" ]; then
- firstname=SHARED
- fi
- $mail start
- echo "A new Mac has been deployed. The computer information is as follows:
- Date: `date "+%m/%d/%Y"`
- Time: `date "+%H:%M"`
- Delivered: $delivasset
- Removed: $removeasset
- Name: GT$delivasset-$firstname-$lastname
- Type: $hwVers
- OS: $OS
- IP: $ip" | mail -s "New Mac Deployment: GT$delivasset-$firstname-$lastname" dkoff@getty.edu, cnorris@getty.edu
- $mail stop
- #----------------------------------------------------------
- # Wrap-Up
- #----------------------------------------------------------
- # Removes the launchd items and scripts
- echo "Pausing 2 seconds before deleting scripts & launch daemons..."
- sleep 2
- rm -f $0
- echo "$0 has now been deleted."
- rm -f /Library/LaunchAgents/org.getty.nointerrupt.plist
- echo "The jamfHelper LaunchDaemon has been deleted."
- killall -m jamfHelper
- echo " "
- echo "###################################"
- echo "##### End Log"
- echo "##### `date "+%A %m/%d/%Y %H:%M"`"
- echo "###################################"
- echo " "
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement