Skip to main content
Question

Delay Login Window

  • October 10, 2012
  • 7 replies
  • 9 views
F
Forum|alt.badge.img+9

I'm trying to delay the appearance of the login window at startup in 10.8.2 I've tried

defaults write /Library/Preferences/com.apple.loginwindow StartupDelay -int 60

And I've messed with the time but it doesn't really seem to work. I have some scripts that I want run before that login window shows up and I'd also like to make sure my network accounts are ready before my users try to login. Delaying it for a minute or two seems like the best solution.

Has anyone got a working solution?

Thanks,
Chuck

    7 replies

    stevewood
    Forum|alt.badge.img+38
    • stevewood
    • Hall of Fame
    • October 10, 2012

    Could unload the loginwindow LaunchDaemon and the reload it:

    launchctl unload /System/Library/LaunchDaemons/com.apple.loginwindow.plist

launchctl load /System/Library/LaunchDaemons/com.apple.loginwindow.plist

    Throw that into a launch agent of your own that simply delays 2 minutes and then loads it back up.

    F
    Forum|alt.badge.img+9
    • FastGM3
    • Author
    • Contributor
    • October 10, 2012

    Thanks Steve,

    I've done some testing with unload and loading as well, however since my launchd script has some other variables, that doesn't work real well either. In fact I had to do a "killall loginwindow" and then a "launchctl start /System/Library/LaunchDaemons/com.apple.loginwindow.plist" in my launchd scrtipt just to keep then window fro appearing during the script. But the delay from re-starting doesn't seem to keep the loginwindow from starting to soon. Which is why I'm looking for alternatives.

    N
    Forum|alt.badge.img+18
    • nessts
    • Valued Contributor
    • October 10, 2012

    unload the loginwindow instead of killall, launchd restarts it for you if you use killall

    launchctl unload /System/Library/LaunchDaemons/com.apple.loginwindow.plist
    then load when ready for it

    N
    Forum|alt.badge.img+18
    • nessts
    • Valued Contributor
    • October 10, 2012

    space is getting eaten and just like @stevewood said, unload it then load when done.

    F
    Forum|alt.badge.img+9
    • FastGM3
    • Author
    • Contributor
    • October 10, 2012

    Well what I found using that method was the loginwindow wasn't reloading in my "else" statement if my network wasn't found. I have computers getting imaged off site I need these computers joined to AD when they get brought back to our district. So the script looks to see if it's on the network before attempting to join AD.

    Here's the script.

    #!/bin/bash

    computerid=/usr/sbin/scutil --get LocalHostName

    # Standard parameters
    domain="xxx.xxxxxxx.xxx" # fully qualified DNS name of Active Directory Domain
    udn="xxxxxx" # username of a privileged network user
    password="xxxxxx" # password of a privileged network user
    ou="OU=MacOS,DC=xxx,DC=xxxxxxx,DC=xxx" # Distinguished name of container for the computer

    # Advanced options
    alldomains="enable" # 'enable' or 'disable' automatic multi-domain authentication
    localhome="enable" # 'enable' or 'disable' force home directory to local drive
    protocol="smb" # 'afp' or 'smb' change how home is mounted from server
    mobile="enable" # 'enable' or 'disable' mobile account support for offline logon
    mobileconfirm="disable" # 'enable' or 'disable' warn the user that a mobile acct will be created
    useuncpath="enable" # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
    user_shell="/bin/bash" # e.g., /bin/bash or "none"
    preferred="-preferred xxx.xxxxxx.xxx" # Use the specified server for all Directory lookups and authentication
    # (e.g. "-nopreferred" or "-preferred ad.server.edu")
    admingroups="xxxdomain admins,xxxenterprise admins,xxx eacher98,xxxADManagement - Computers,xxxadmin employees" # These comma-separated AD groups may administer the machine (e.g. "" or "APPLEmac admins")

    ### End of configuration

    # Delay the login window by unloading the com.apple.loginwindow
    # LaunchDaemon in /System/Library/LaunchDaemons/

    launchctl unload -w /System/Library/LaunchDaemons/com.apple.loginwindow.plist

    ## Wait until all network services are up.
    sleep 10

    # Check to see if we're in the district
    if ping -c 1 xxx.xxx.x.x > /dev/null; then

    #make sure time is set correctly ntpdate -u time.xxxxxxx.xxx

    # Activate the AD plugin defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active" plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist sleep 5

    # Remove computer from OU dsconfigad -f -r -u xxxxxx -p xxxxxx sleep 5

    # Bind to AD dsconfigad -f -a $computerid -domain $domain -u $udn -p "$password" -ou "$ou"

    # Configure advanced AD plugin options if [ "$admingroups" = "" ]; then dsconfigad -nogroups else dsconfigad -groups "$admingroups" fi

    dsconfigad -alldomains $alldomains -localhome $localhome -protocol $protocol -mobile $mobile -mobileconfirm $mobileconfirm -useuncpath $useuncpath -shell $user_shell $preferred

    # Restart DirectoryService (necessary to reload AD plugin activation settings) killall DirectoryService

    # Add the AD node to the search path if [ "$alldomains" = "enable" ]; then csp="/Active Directory/All Domains" else csp="/Active Directory/$domain" fi

    # This works in a pinch if the above code does not defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains" defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 4 defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains" defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Policy" -int 4

    plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist

    ## Remove the script and launchd job. Be sure to delete the script. rm /Library/LaunchDaemons/com.xxxx.adbind.plist rm /usr/local/bin/adbind.bash launchctl unload -w /Library/LaunchDaemons/com.xxxx.adbind.plist

    # Remove the loginwindow delay by loading the com.apple.loginwindow # LaunchDaemon in /System/Library/LaunchDaemons/

    launchctl load -wF /System/Library/LaunchDaemons/com.apple.loginwindow.plist

    exit 0

    else

    echo "District not Available Quitting"

    # Remove the loginwindow delay by loading the com.apple.loginwindow # LaunchDaemon in /System/Library/LaunchDaemons/

    launchctl load -wF /System/Library/LaunchDaemons/com.apple.loginwindow.plist

    fi

    exit 1
    Thanks for any suggestions!

    R
    Forum|alt.badge.img+12
    • rmanly
    • Contributor
    • October 11, 2012

    Just a thought but why not have a Smart group for unbound machines that are also in a certain building or on a certain network segment that then runs "jamf policy -trigger adbind" or similar and then recons.

    *shrug*

    I am a huge fan of bash scripting but an even bigger fan of Smart groups :)

    F
    Forum|alt.badge.img+9
    • FastGM3
    • Author
    • Contributor
    • October 11, 2012

    @rmanly That would be nice if I could get the networking team to punch a hole in the firewall for the JSS. So far their last two attempts have failed and time is running out. So unfortunately these computers won't be getting Casper installed either. Therefore a Smart Group won't work. :-(

    The quickadd.pkg will be installed by the same script once computers are returned to our district.

    FYI Our district typically images everything in house so normally we don't have to deal with this. Because of a large volume purchase, someone thought it would be a great idea to have Apple do the imaging for us by a 3rd party contractor UGH

    Terms & ConditionsCookie settingsAccessibility statement