10.10 Firstboot scripts

jwojda
Valued Contributor II

Assuming this doesn't interfere with NDA - With 10.10 release soon upon us, has anybody got any first boot scripts to share or find things that don't work that previously did?

32 REPLIES 32

chisox1
New Contributor

I am curious how everyone is handling the login screen.. Normally we would customize it to our companies logo and legal talk, not sure how we are going to handle that yet.

jwojda
Valued Contributor II

there's a security banner you can do, added a logo and the disclaimer, that still seems to be working just fine.

chisox1
New Contributor

Ya we used that one back in Lion. Kills me to revert back to the old ways haha.

drheiner
New Contributor III

This is mine for LS&Co. Our company cannot leverage Configuration Profiles due to our firewall settings blocking Apple's AVPN network, so I rely on a master script at the end of our imaging process. Keep in mind, use this at your own risk, I am still tweaking a lot of settings from our old 10.9 script. I have a few settings turned off and on (Gatekeeper off the top of my head) for debugging purposes, until the final release. One thing I did I find that I'm not able to set the trackpad settings correctly via Script. I have cleared out a few settings I wish not share (Security)

#!/bin/bash
# 25-LS-Corporate-Config-Script-OSX-10.10DP8_v7
# Daniel Rheiner # Date of Compile: X/XX/2014
# Should have last priority After Casper Reboot
# Version 7
# OS X 10.10 Beta

# ** Items are Disabled in this script for BETA Testing **
# Remove Applications, SMB 2&3 Disable

#Scripts executed through the Casper Suite will automatically receive the first three variables in the following order:
# $1 = Mount point of the target drive
# $2 = Computer name
# $3 = Username when executed as a login or logout policy

# Define variables
awk="/usr/bin/awk"
consoleuser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
cp="/bin/cp"
dscl="/usr/bin/dscl"
dsconfigad="/usr/sbin/dsconfigad"
dseditgroup="/usr/sbin/dseditgroup"
echo="/bin/echo"
find="/usr/bin/find"
grep="/usr/bin/grep"
ipconfig="/usr/sbin/ipconfig"
JAMF='/usr/sbin/jamf'
kickstart="/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart"
killall="/usr/bin/killall"
launchctl="/bin/launchctl"
ln="/bin/ln"
logdir="/Library/Logs"
mkdir="/bin/mkdir"
mv="/bin/mv"
networksetup="/usr/sbin/networksetup"
OS=$(/usr/bin/defaults read /System/Library/CoreServices/SystemVersion ProductVersion | /usr/bin/awk '{print substr($1,1,4)}')
perl="/usr/bin/perl"
sleep="/bin/sleep"
systemsetup="/usr/sbin/systemsetup"
perl="/usr/bin/perl"
plistbuddy="/usr/libexec/PlistBuddy"
rm="/bin/rm"
touch="/usr/bin/touch"
uuid=$(/usr/sbin/ioreg -rd1 -c IOPlatformExpertDevice | /usr/bin/grep -i "UUID" | /usr/bin/cut -c27-62)

#####################################################
# # # Network, VPN, Active Directory & Time Services #
# #
#####################################################

killall cfprefsd
sudo killall cupsd
sudo launchctl unload /System/Library/LaunchDaemons/org.cups.cupsd.plist
sudo launchctl load /System/Library/LaunchDaemons/org.cups.cupsd.plist
sudo update_dyld_shared_cache -root /

# Refresh Network Adapters
networksetup -detectnewhardware

#Default search domains
SearchDomains="levi.com"

# Set the time zone
/usr/sbin/systemsetup -settimezone $TimeZone

# Primary Time server
TimeServer1=XXXXXXX

# Secondary Time server
TimeServer2=XXXXXXX

# Tertiary Time Server for Levi Strauss Macs, used outside of Levi's network
TimeServer3=time.apple.com

# Activate the primary time server. Set the primary network server with systemsetup
/usr/sbin/systemsetup -setnetworktimeserver $TimeServer1

# Add the secondary time server
echo "server $TimeServer2" >> /etc/ntp.conf

# Add the tertiary time server
echo "server $TimeServer3" >> /etc/ntp.conf

# Enables the OS X to set its clock using the network time server
/usr/sbin/systemsetup -setusingnetworktime on

# Turns off SMB2 & SMB3 network protocol and forces OS X 10.10 to use SMB1 for legacy Netapp servers
# echo "[default]" >> ~/Library/Preferences/nsmb.conf; echo "smb_neg=smb1_only" >> ~/Library/Preferences/nsmb.conf

# Turn off DS_Store file creation on network volumes
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores true

# Disable external accounts (i.e. accounts stored on drives other than the boot drive.)
defaults write /Library/Preferences/com.apple.loginwindow EnableExternalAccounts -bool false

# Clear text passwords in AFP
/usr/bin/defaults write com.apple.AppleShareClient "afp_cleartext_allow" 1

# Bypass updating Managed Settings Message
defaults write /Library/Preferences/com.apple.mdmclient BypassPreLoginCheck -bool YES

# Disable the save window state at logout
/usr/bin/defaults write com.apple.loginwindow 'TALLogoutSavesState' -bool false

# Remove the loginwindow delay by loading the com.apple.loginwindow
launchctl load /System/Library/LaunchDaemons/com.apple.loginwindow.plist

# Set Shutdown and Logoff timers to 1 second (No Delay)
sudo defaults write /System/Library/LaunchDaemons/com.apple.coreservices.appleevents ExitTimeOut -int 1
sudo defaults write /System/Library/LaunchDaemons/com.apple.securityd ExitTimeOut -int 1
sudo defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder ExitTimeOut -int 1
sudo defaults write /System/Library/LaunchDaemons/com.apple.diskarbitrationd ExitTimeOut -int 1

# Disable default file sharing for guest
defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool false

# Enable ARD, Remote Management, and Remote Login (SSH) - 1. Removes Administrators Group from Remote login, 2 & 3. Creates xxxxxxxxx Membership, 4 & 5. Adds xxxxxxxxx User to Remotelogin then activates.
sudo dseditgroup -o edit -d admin -t group com.apple.access_ssh
sudo dscl . append /Groups/com.apple.access_ssh user xxxxxxxxx
sudo dscl . append /Groups/com.apple.access_ssh GroupMembership XXXXXX
sudo dscl . append /Groups/com.apple.access_ssh groupmembers `dscl . read /Users/xxxxxxxxx GeneratedUID | cut -d " " -f 2`
sudo systemsetup -setremotelogin on
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users xxxxxxxxx -access -on -privs -all
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -activate -restart -console

#####################################################
# # # Baseline initial System Setup #
# #
#####################################################

# Rename boot drive to Macintosh HD
diskutil rename / "Macintosh HD"

# Disable Hibernation Services
sudo pmset -a hibernatemode 0

# Disable OS X OS Prerelease downloads for all users sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AllowPreReleaseInstallation -bool false

# Set the login window to name and password
defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool true

# Enable Fast User Switching option
defaults write /Library/Preferences/.GlobalPreferences MultipleSessionEnabled -bool 'YES'

# Disable iCloud & Apple Assistant Popup for new user creation
for USER_TEMPLATE in "/System/Library/User Template"/* do defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion 10.10 done
mv /System/Library/CoreServices/Setup Assistant.app/Contents/SharedSupport/MiniLauncher /System/Library/CoreServices/Setup Assistant.app/Contents/SharedSupport/MiniLauncher.backup
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder.plist" ProhibitGoToiDisk -bool YES

# Remove Setup LaunchDaemon item
srm /Library/LaunchDaemons/com.company.initialsetup.plist

# Disable Time Machine's & pop-up message whenever an external drive is plugged in
for USER_TEMPLATE in "/System/Library/User Template"/* do defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true done
defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true
defaults write /Library/Preferences/com.apple.TimeMachine AutoBackup -boolean NO

# Disable Time Machine snapshots on local disk
sudo tmutil disablelocal

# Expand save panel by default
defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode -bool true
defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode2 -bool true

# Expand print panel by default
defaults write NSGlobalDomain PMPrintingExpandedStateForPrint -bool true
defaults write NSGlobalDomain PMPrintingExpandedStateForPrint2 -bool true

# Turn off Gatekeeper Message
spctl --master-disable

# Turn off Automatic updates
sudo softwareupdate --schedule off

# Disable the crash reporter
defaults write com.apple.CrashReporter DialogType -string "none"

# Disable disk image verification
defaults write com.apple.frameworks.diskimages skip-verify -bool true
defaults write com.apple.frameworks.diskimages skip-verify-locked -bool true
defaults write com.apple.frameworks.diskimages skip-verify-remote -bool true

# Give all end-users permissions full access to "Print & Scan, Network, Time" Preference Pane
security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.datetime allow
security authorizationdb write system.preferences.network allow
security authorizationdb write system.services.systemconfiguration.network allow
security authorizationdb write system.preferences.printing allow
/usr/bin/security authorizationdb write system.print.operator allow
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin
/usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group _lpadmin
/usr/sbin/dseditgroup -o edit -n /Local/Default -a 'Domain Users' -t group lpadmin

# Power Settings for all Users (Display Sleep, Workstation Sleep, Wake for network access) (Pmset -a = All Power modes | Pmset -c = A/C Power | Pmset -b = Battery Power)
pmset -a halfdim 1 gpuswitch 2 hibernatemode 0 lidwake 1 sms 1
pmset -c sleep 180 displaysleep 30 disksleep 0 womp 1 networkoversleep 0 pmset -b sleep 20 displaysleep 15 disksleep 10

# Automatically illuminate built-in MacBook keyboard in low light and turn off in idle after 5 minutes
defaults write com.apple.BezelServices kDim -bool true
defaults write com.apple.BezelServices kDimTime -int 300

# Sets System Volume level to 50% osascript -e 'set volume output volume 50'

# Hide the following applications: Game Center, Time Machine, Boot Camp
sudo chflags hidden /Applications/Game Center.app/
sudo chflags hidden /Applications/Time Machine.app/
sudo chflags hidden /Applications/Utilities/Boot Camp Assistant.app/

# Make a shortcut links to Network Utility, Directory Utility, Screen Sharing, Raid Utility, and Archive Utility under "Utilities" Folder
ln -s /System/Library/CoreServices/Applications/Network Utility.app /Applications/Utilities/Network Utility.app
ln -s /System/Library/CoreServices/Applications/Directory Utility.app /Applications/Utilities/Directory Utility.app
ln -s /System/Library/CoreServices/Applications/Screen Sharing.app /Applications/Utilities/Screen Sharing.app
ln -s /System/Library/CoreServices/Applications/RAID Utility.app /Applications/Utilities/RAID Utility.app
ln -s /System/Library/CoreServices/Applications/Archive Utility.app /Applications/Utilities/Archive Utility.app

# Set the ability to view additional system info at the Login window & adds Levi Strauss & Co. disclosure
defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "You are attempting to enter a private computer system owned by Levi Strauss & Co. You are authorized to enter this system only if an authorized agent of LS&CO. has provided you with a User ID and password for accessing this system."

# Terminal command-line access warning
/usr/bin/touch /etc/motd
/bin/chmod 644 /etc/motd
/bin/echo "" >> /etc/motd
/bin/echo "This Apple Workstation, including all related equipment belongs to Levi Strauss & Co. Unauthorized access to this workstation is forbidden and will be prosecuted by law. By accessing this system, you agree that your actions may be monitored if unauthorized usage is suspected." >> /etc/motd
/bin/echo "" >> /etc/motd

#####################################################
# # # End-User Profile Settings & System Setup #
# #
#####################################################

# Remove info files on all rm -R /System/Library/User Template/Non_localized/Downloads/About Downloads.lpdf
rm -R /System/Library/User Template/Non_localized/Documents/About Stacks.lpdf

# Show the ~/Library folder
sudo chflags nohidden /System/Library/User Template/English.lproj/Library/
/usr/bin/chflags nohidden $HOME/Library
sudo chflags nohidden /Users/xxxxxxxxx/Library

# Expand “General”, “Open with”, and “Sharing & Permissions” in File Information
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder FXInfoPanesExpanded -dict General -bool true OpenWith -bool true Privileges -bool true

# Disable “Application Downloaded from the internet” message
sudo defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.LaunchServices LSQuarantine -bool NO
defaults write com.apple.LaunchServices LSQuarantine -bool NO

# Disable “Application Downloaded from the internet” for the particular applications below
sudo xattr -d -r com.apple.quarantine /Applications/Utilities/ADPassMon.app

# Disable the “Are you sure you want to open this application?” dialog
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.LaunchServices LSQuarantine -bool false

# Set Default Screen Saver (Display Computer Name)
mkdir /System/Library/User Template/English.lproj/Library/Preferences/ByHost
defaults write /System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$MAC_UUID "moduleName" -string "Message"
defaults write /System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$MAC_UUID "modulePath" -string "/System/Library/Screen Savers/FloatingMessage.saver"
defaults write /System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$MAC_UUID "idleTime" -int 600

# Enable Screensaver Password
defaults write /System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$MAC_UUID "askForPassword" -int 1
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.screensaver askForPassword -int 1
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.screensaver askForPasswordDelay -int 24

# Show "Mounted Server Shares, External and Internal Hard Disks" on the main Finder Desktop
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder ShowMountedServersOnDesktop -bool true
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder ShowExternalHardDrivesOnDesktop -bool true
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder ShowHardDrivesOnDesktop -bool true
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder ShowRemovableMediaOnDesktop -bool true

# Expand the print window
defaults write /Library/Preferences/.GlobalPreferences PMPrintingExpandedStateForPrint2 -bool TRUE

# Configure Finder settings (List View, Show Status Bar, Show Path Bar)
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder "AlwaysOpenWindowsInListView" -bool true
defaults write com.apple.finder FXPreferredViewStyle -string "Nlsv"
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder ShowStatusBar -bool true
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder ShowPathbar -bool true

# Trackpad & Mouse: Map bottom right corner to right-click and secondary button for Mouse
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.trackpad TrackpadCornerSecondaryClick -int 2
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.trackpad TrackpadRightClick -bool true
defaults -currentHost write NSGlobalDomain com.apple.trackpad.trackpadCornerClickBehavior -int 1
defaults -currentHost write NSGlobalDomain com.apple.trackpad.enableSecondaryClick -bool true
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.mouse" MouseButtonMode -string TwoButton
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.driver.AppleHIDMouse" Button1 -integer 1
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.driver.AppleHIDMouse" Button2 -integer 2

#####################################################
# # # Cleanup & Maintenance #
# #
#####################################################

# Remove setup LaunchDaemon item
srm /Library/LaunchDaemons/com.company.initialsetup.plist

# Hide /Opt/ Folder under root drive
chflags hidden /opt/
chflags hidden /private/
chflags hidden /usr/

# Delete Built-in Applications
# sudo rm -rf /Applications/GarageBand.app
# sudo rm -rf /Applications/iMovie.app
# sudo rm -rf /Applications/Keynote.app
# sudo rm -rf /Applications/Numbers.app
# sudo rm -rf /Applications/Pages.app

# Delete Temp User & Folders
/usr/bin/dscl . -search /Users name Temp
sudo /usr/bin/dscl . -delete "/Users/temp"
rm -rf /Users/temp

# Turn on and enable SSH for JAMF Client
sudo JAMF startSSH
sudo systemsetup -setremotelogin on

# Run JAMF Recon sudo JAMF recon

# Flush Managed Policy (Group Policy)
sudo JAMF flushPolicyHistory
/usr/sbin/jamf mcx -verbose
sudo JAMF mcx
sudo jamf setHomePage -feu -fut -homepage http://threads
sudo JAMF updatePrebindings

# Repair Disk Permissions with Disk Utility command line diskutil repairPermissions /

# Run Built-in Unix Maintenance Scripts (Rotate & delete log files)
sudo periodic daily weekly monthly

# Purge System Log
/bin/rm -rf /var/log/system.log

lifelike
New Contributor

thanks for posting your script!

jwojda
Valued Contributor II

I've seen in a few different scripts (10.9 mostly and now 10.10) the send passwords as clear text, why is that? Seems like a security issue.

slapaglia
New Contributor

Any passwords we put into scripts we pass as a variable so they aren't in the actual script.

jwojda
Valued Contributor II

sorry, I meant AFP passwords...

# Clear text passwords in AFP /usr/bin/defaults write com.apple.AppleShareClient "afp_cleartext_allow" 1

drheiner
New Contributor III

Jwojda

This Command you mentioned
# Clear text passwords in AFP
/usr/bin/defaults write com.apple.AppleShareClient "afp_cleartext_allow" 1

I have enabled for debugging purposes, I think I mentioned this in my post above. No one in our environment is running OS X 10.10. Our team controls architectural design of our workstations, so I comfortable keeping that command in our test script as our team is the only one that has access to our POC OS X 10.10 image.

jwojda
Valued Contributor II

oh, testing only :) good point, yeah i missed that the first time. thank you.

c0n0r
Contributor

@drheiner , why can't you use profiles?
APNS is only one distribution method. You can still manually generate the profiles and deploy them via package (they are just .mobileconfig files, a profiles command in post flight will install them just fine), or even via policy (which is essentially the same trick).

@jwojda , what functions were you specifically looking for in a "first boot" script. I would be interested in what needs set in such a manner these days. Assuming that the machine is under Casper management, on enrollment script have likely taken over "first boot".
We do have a package that we include in the "upgrade procedure" for each OS. If the receipt for that package isn't seen by Casper, it will push it, once. We then have a subset of those settings as a separate script that gets executed by Casper on recurring checkin.

I could post (or link to) either of those scripts, but they are customized for our environment. Hence my original question, I'd be interested in hearing what your needs are, if only to see how much they overlap with our own.

jwojda
Valued Contributor II

@c0n0r - it's just kind of the way we've always done it. We've dabbled in the thin imaging - even see some gaps that it fills, but even the nuke and pave with modular imaging is relatively fast (20min over gigabit to less than 1hr over 100mb), compared to our Windows deployments which can take upwards of 8hrs...

Anyway, our FB script does stuff like set multiple time servers, stop the iCloud prompts, set login/password for login screen, show the admin info on login screen... things like that.

Chriskmpruitt
Contributor

we are updating our 10.9.5 machines via self services. caching the ESD for 10.10 in a separate policy, then installing 10.10 through self services. After the reboot, the user logs in and get the icould window. How do i get rid of the icloud window and the diagnostics window? I was looking at this page.

https://derflounder.wordpress.com/2014/10/16/disabling-the-icloud-and-diagnostics-pop-up-windows-in-yosemite/

I have this script running at the end of install policy, but it does not seem to work.

davidacland
Honored Contributor II
Honored Contributor II

Most of the "standard" first boot script items we used in 10.9 are still working ok. We like to split ours into two (assuming we are imaging machines), one to create a local admin account and enable SSH so its available as soon as the machine first reboots, then the rest of the stuff along with the remaining postponed install items.

Putting a local admin account and SSH in first means you can definitely get to the Mac via SSH while postponed install items are running. Handy if you need to check the jam.log etc.

For 10.10 we're using the sysadminctl command to create the initial local admin account for early SSH access (partly because its new and we wanted to try it out!)

jonnydford
Contributor II

Having a few problems with some of my Yosemite first boot scripts

Firstly, com.apple.timezone.auto.plist seems to have been moved or removed - can't find it anymore. Anyone found a replacement or another way to auto update the timezone?

Secondly, does anyone know how I can set the following on Yosemite:

Date to be displayed as dd:mm:yy instead of mm:dd:yy it's currently defaulting to
Add website to Chrome pop-upblocker whitelist

wubbelsl
New Contributor II

I have a "com.apple.timezone.auto.plist" in "/Library/Preferences/" although the content is almost non-existent.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Active</key>
    <true/>
</dict>
</plist>

A better (slightly more future proof) way to set it would probably be to use script that runs "systemsetup -settimezone <timezone>". Use "systemsetup -listtimezones" to find the one you need.

mtward
New Contributor III

Has anyone been able to stop the iCloud/Diagnostic screens for a 10.10 upgrade via a script running after upgrade install? From reading around the forums, it looks like it can be done with a custom installer package using createOSXinstallPkg. Has anyone been able to disable the setup prompts using the stock 10.10 installer?

rtrouton
Release Candidate Programs Tester

I've got a post on how you can suppress the iCloud and Diagnostic screens with Casper available from here:

https://derflounder.wordpress.com/2014/11/18/automatically-suppressing-the-icloud-and-diagnostics-po...

You can also control which diagnostic info is sent back. I have a post on how to do that available from here:

https://derflounder.wordpress.com/2014/11/21/controlling-the-diagnostics-usage-report-settings-on-yo...

mtward
New Contributor III

Excellent, thank you! So the script needs to run at startup, but not until after the 10.10.1 upgrade has completed. Hmm..

A policy scoped to a smart group of 10.10 machines to kick off your script would work, but the machine won't fall into the smart group until a recon telling the JSS its on 10.10; which won't happen right away. Whats the best way to get your script to run immediately after the 10.10 upgrade?

This is all stemming from a bigger issue of having setup assistant run on upgraded AD bound Macs with no local/mobile user accounts at the time of upgrade. I started a thread (link below) for that, but this is all circling the same issues.

https://jamfnation.jamfsoftware.com/discussion.html?id=13081

pierogiobbi
New Contributor

Hi all,

I can't seems to bypass the initial setup at boot. My script ran fine up to 10.10.2 but now it don't. I cant figure out how, im pulling my hair!

Disable iCloud & Apple Assistant Popup for new user creation

defaults write /Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE defaults write /Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none
defaults write /Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion 10.10
mv -v /System/Library/CoreServices/Setup Assistant.app/Contents/SharedSupport/MiniLauncher /System/Library/CoreServices/Setup Assistant.app/Contents/SharedSupport/MiniLauncher.backup
defaults write /Library/Preferences/com.apple.finder.plist ProhibitGoToiDisk -bool YES

Were are the parameters to bypass the startup configuration now?

Regards

p

elliot-p
New Contributor
 

elliotjordan
Contributor III

@drheiner Good script example, thanks for posting. And say hi to Eduardo over there. :-)

I've skipped first-run scripts lately in favor of good ol' every15 policies, because of the environments I work in often don't have a consistent worldwide imaging procedure. (Something I'm often helping to remedy.)

pblake
Contributor III

@pierogiobbi - Just throwing it out there. I dn't have my mac right now. But take a look at your /Library/Preferences/com.apple.SetupAssistant.plist. See if LastSeenCloudProductVersion is 10.10 and not 10.10.3.

That my be the thing. I remember this being an issue in 10.9 when going to 10.9.3 or 4.

pierogiobbi
New Contributor

Thanks for input pblake.

Sorry to say it looked right.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>DidSeeCloudSetup</key> <true/> <key>GestureMovieSeen</key> <string>none</string> <key>LastSeenCloudProductVersion</key> <string>10.10</string>
</dict>
</plist>

Compared it to my own 10.10.3 computer:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>DidOfferFMM</key> <true/> <key>DidSeeCloudSetup</key> <true/> <key>GestureMovieSeen</key> <string>none</string> <key>LastSeenCloudProductVersion</key> <string>10.10</string>
</dict>
</plist>

Even copied over my file to the computer via TB but it still wants to run the SetupAssistant.

Im starting to pull my hair on this one. Is this the only criteria to skip the SetupAssistant or are there more must-do-things? On startup im creating an admin on uid 499, everythings seems to run as it should, only thing is the SetupAssistant insisting to run..

Thx.

pblake
Contributor III

@pierogiobbi - https://derflounder.files.wordpress.com/2014/11/screen-shot-2014-11-18-at-9-34-03-am.png. Shows how you can put in the current version as last one seen.

pierogiobbi
New Contributor

Thanks for the input. It turned out to be much simpler.

touch ./var/db/.AppleSetupDone

: )
Have a great weekend all.

p

br0g
New Contributor

Did we figure out how to change the default desktop pic or login icon? Removing the symlink and reapplying it does not seem to work.

Not applicable

@br0g It's very different in Yosemite compared to Mavericks (which was, of course, more complicated than 10.8 and earlier) - simply create a .png with your own background, logo etc. Keep the center of the image clear so it doesn't obscure or interfere with the login icons or text dialogs.

Save as com.apple.desktop.admin.png in /Library/Caches/ and make sure you chmod 555 and chown root. In my testing yesterday I noticed significant lag at logout if the permissions weren't set properly.

More info here:

http://jacobsalmela.com/customize-os-x-yosemite-login-screen/

https://jamfnation.jamfsoftware.com/discussion.html?id=14407

bofh
New Contributor III

Hi there,
just a little comment because it stole some time here...
Apple limited the PrivateKeySize of any Connection to 4K.
This ofc only effects Safari, Chrome and co - Firefox comes with it's own settings.
Since we will have more then 4k long keys in the Future, I'd suggest the following setting which resolves it:

#!/bin/sh
# Enable Certificates with a Keysize of over 4K
defaults write /Library/Preferences/com.apple.security RSAMaxKeySize -int 32768

Credits: http://blog.shiz.me/post/67305143330/8192-bit-rsa-keys-in-os-x

KyleEricson
Valued Contributor II

I have never created a script before can someone help me. I just need to have it skip the whole first boot setup process. I have a Account already created for the local account via pkg file.
Settings for my area.

Time Zone: Central Daylight USA
English

Not sure of anything else.
Then how do I deploy this via System Image Utility.

Read My Blog: https://www.ericsontech.com

davidacland
Honored Contributor II
Honored Contributor II

Hi,

Here's a link to our first boot script blog that gives you an example and a full breakdown: http://www.amsys.co.uk/2015/01/creating-first-boot-script/

and a more recent one that swaps a lot of it for custom config profiles: http://www.amsys.co.uk/2015/02/creating-config-profiles-instead-first-boot-script/

gbourse
New Contributor

hi all,

i have a problem with a script for High Sierra
the script doesn't work but it working with Sierra
could you please help me ?

Gael