Hi guys
I managed to get this working, not the Casper imaging splash screen but to
disallow users to login until after the FistRun script completed and the
machine reboots
To prevent users from logging in I opened Apples Work group manager and in
my test group under the Login and access preference I added a group called
Domain_Users. This is a group we have in our Active Directory environment
which everyone is a member of.
I then rebooted my test machine a couple of times and managed to copy the
/Library/Preferences/com.apple.loginwindow.plist
I then looked inside it with Xcode and noticed there was a AllowList and
DenyList arrays. Under the DenyList was an Item 0 string with a long number.
I was able to package up with Composer this com.apple.loginwindow.plist and
put it in my build configuration.
At the very end of my FirstRun scripts I have something called Z.Cleanup.sh
to make sure it will run as the very last thing.
In the script it clears up some other things from my other scripts but the
vital thing is this
#!/bin/bash
# Remove the JAMF FirstRun script
rm -rf /System/Library/StartupItems/FirstRun/
# Removing the login window keys restricting domain users to login.
sudo /usr/libexec/PlistBuddy -c 'Delete:AllowList'
/Library/Preferences/com.apple.loginwindow.plist
sudo /usr/libexec/PlistBuddy -c 'Delete:DenyList'
/Library/Preferences//com.apple.loginwindow.plist
# Reboot Machine
shutdown -r now
Hope this helps someone trying to do something similar
