Posted on 05-12-2014 05:48 PM
Using AutoDMG to come up with a clean 10.9.2 base OS. Also using CreateUserPkg to create the machine's local administrator - big fan of both except for one issue. After machine is imaged I am unable to allow access under Remote Management for my local administrator. When I click on the + sign it only gives me access to users, nothing for administrators.
Posted on 05-12-2014 06:09 PM
Did you set your user as hidden uid below 500?
Posted on 05-12-2014 06:55 PM
have you tried using the ard kickstart command to specify the user?
Posted on 05-12-2014 07:50 PM
Thanks for replying. I have now changed the uid to 501. However now when I re-image and login the permissions for the localadmin are incorrect, and won't even let me open the localadmin home. Think I am on the right track, what am I missing for the permissions end? Thanks!
Posted on 05-12-2014 08:12 PM
Make sure you are running the latest versions of auto dang and create user. I think that was fixed in one of the versions. Also you can try 502 to be safe.
Posted on 05-14-2014 10:33 AM
I tried the 502, re-downloaded AutoDMG and CreateUserPkg, and basically started over from scratch with a different computer and Mavericks download. Still had the same issue each and every. At this point I am using AutoDMG without a user, and imaging using Disk Utility and FireWire, running setup on the new Mac for my user, and grabbing that OS using Composer for my base OS. Was really hoping to go completely modular, but keep finding dead-ends.
Posted on 05-14-2014 10:51 AM
I have now changed the uid to 501. However now when I re-image and login the permissions for the localadmin are incorrect, and won't even let me open the localadmin home.
How are you creating the localadmin home? What owner, group and mode does it have?
CreateUserPkg itself does not create the local home. If you do nothing, the OS creates an empty home at first login. Perhaps you have a package that is creating this home?
Posted on 05-15-2014 08:35 AM
After I did the restore using Disk Utility and FireWire I had to go through and initial computer setup, and create a local administrator - there was no option to skip that step. So I used AutoDMG without a user package. Interesting to know though about not creating a local home. So which step did I miss for creating a local home?
Posted on 05-15-2014 08:45 AM
I've seen this problem a number of times.
If you create a user package with something like CreateUserPkg, the home isn't created until first login.
If you create a user with UID less than 500, one of the things you can't do is use the Sharing pane of the System Preferences to give it ARD privileges. That won't show any accounts below 500.
If you change the UID to something, you'll need to change ownership on the home directory as well:
sudo chown -R user:group /Users/user
For example, if this is your local admin account:
sudo chown -R admin:staff /Users/admin
If you want to forcefully mandate ARD privileges for the local admin account named "admin", I use these kickstart commands as part of my deployment workflow:
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users "admin" -privs -all -restart -agent
I put this into a payload-free package that just runs this script.
Hope that helps some.
Posted on 05-15-2014 05:52 PM
Thanks Nicholas - I will give it a try. Are you creating your payload-free package with PackageMaker? Are you running that on the initial image?
Posted on 05-15-2014 06:40 PM
You can use Apple Remote Desktop Admin to help with the kickstart options. I have a post on how to do that available here:
If you need a tool to create a payload-free package, I've built a tool to help with this. It's available from here:
https://github.com/rtrouton/Payload-Free-Package-Creator
I have a post on this tool available here:
http://derflounder.wordpress.com/2014/03/08/payload-free-package-creator-app/