disable iCloud popup aftere OX X.9 & X.10 upgrade not working

tcandela
Valued Contributor II

I am using the script provided by at this location
https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/disable_apple_icloud_and_diagnostic_pop_ups
(I changed the upper part to include Non_localized/)
it is part of a policy that installs a cached OS X.9 installedesd.dmg. The script in the policy is set to run AFTER everything else, but when logging in (after the upgrade is complete) the iCloud popup is present.

I assume the script is not installing at the correct time, here is the log of a computer that completed the upgrade. It should be installing sometime after the OS is upgraded and when it reboots, is this not happening?

Executing Policy Install Cached Upgrade to OS X Mavericks...
[STEP 1 of 3]
Mounting MAC Software to /Volumes/CasperShare...
[STEP 2 of 3]
Installing SNHS-Install OS X Mavericks InstallESD.dmg...
Preparing for in-place OS upgrade...
Closing package...
[STEP 3 of 3]
Running script SNHS-DisableiCloudPopUp.sh...
Script exit code: 0
Script result:
Blessing in-place OS upgrade directory...
Creating Reboot Script...

1 ACCEPTED SOLUTION

merps
Contributor III

You can make it all happen with the same Casper policy, but we only found it to work properly during the upgrade procedure when installing it to the local machine using a Package. The package contains first_boot.sh and com.company.initialsetup.plist (both found here: rtrouton first_boot github)

I use Packages for creating the installer that drops the files in place.

In the "Payload" tab of Packages, you need to place 2 files.

The plist file lives in /Library/LaunchDaemons
The script "first_boot.sh" lives wherever you want, commonly /Library/Scripts -- this location is referenced inside the plist file, just make sure you define the path accordingly.

As long as you have the "Upgrade to Yosemite" policy install the package created using the Packages application, the LaunchDaemon will load the script referenced inside the plist during the first boot after the upgrade has completed. Any actions run by the script will also get applied. We left it pretty much stock, but commented out line 39 (read the warnings about FileVault 2 inside the script) & added our Wireless configuration info so the machines would connect to the network and pick up with the rest of our Casper deployment sequence. Make sure you read through the script to verify that you want everything to get applied, and modify whatever values need to be changed from Rich's defaults.

To answer the questions at the bottom of your post:
1 - first_boot.sh is in the package we create (Yosemite_Upgrade_First_Boot.pkg) using Packages.
2 - It is created separately, but is installed into /Library/Scripts as part of the "Upgrade to Yosemite" policy by Casper.
3 - Casper doesn't create it, but does put it in place when installing Yosemite_Upgrade_First_Boot.pkg.
4 - Only our build sequence and upgrade policy get first_boot.sh

Hope this helps!

-Mike

View solution in original post

14 REPLIES 14

rtrouton
Release Candidate Programs Tester

Based on the log, it looks like the following actions are happening:

  1. The OS X installer is cached
  2. The OS X upgrade process is prepared
  3. The script runs (which means that the pre-upgrade OS version info is being written by the SNHS-DisableiCloudPopUp.sh script.)
  4. The Mac reboots to begin the OS upgrade process.

If my understanding is accurate, the iCloud disablement is not happening because the iCloud pop-up window sees that it was disabled for $previousOS, not $upgradedOS.

tcandela
Valued Contributor II

@rtrouton - so you're saying the script is running, but not at the right time? its running and executing on the currently installed OS?

's there a way from within this policy that I can have the script run AFTER the OS upgrade? or do i have to create some other second policy that runs afterwards that would run the script?

(i changed the user_template portion of the script to include Non_localized/ in the path)

merps
Contributor III

We created a package that is installed by the policy that kicks off the "Install Cached Yosemite" item. This package drops down a LaunchDaemon and a modified version of first_boot.sh that includes the iCloud and Diagnostics disablement script.

Once the files are in place, the LaunchDaemon calls the script at first boot after the OS upgrade - which sets the flags to hide the iCloud & Diags pieces, then cleans up after itself.

tcandela
Valued Contributor II

so there is no way, within that same policy to have the disable icloud script to run after the upgrade completes and reboots?

based on the current upgrade policy, it looks like the upgrade process begins processing, reboots, at this reboot it is probably when the disableicloud scrip runs, then the yosemite upgrade installs. Completely negating the script.

were is this first_boot.sh ? when is it created? casper creates it ? all policies get this first_boot.sh ?

merps
Contributor III

You can make it all happen with the same Casper policy, but we only found it to work properly during the upgrade procedure when installing it to the local machine using a Package. The package contains first_boot.sh and com.company.initialsetup.plist (both found here: rtrouton first_boot github)

I use Packages for creating the installer that drops the files in place.

In the "Payload" tab of Packages, you need to place 2 files.

The plist file lives in /Library/LaunchDaemons
The script "first_boot.sh" lives wherever you want, commonly /Library/Scripts -- this location is referenced inside the plist file, just make sure you define the path accordingly.

As long as you have the "Upgrade to Yosemite" policy install the package created using the Packages application, the LaunchDaemon will load the script referenced inside the plist during the first boot after the upgrade has completed. Any actions run by the script will also get applied. We left it pretty much stock, but commented out line 39 (read the warnings about FileVault 2 inside the script) & added our Wireless configuration info so the machines would connect to the network and pick up with the rest of our Casper deployment sequence. Make sure you read through the script to verify that you want everything to get applied, and modify whatever values need to be changed from Rich's defaults.

To answer the questions at the bottom of your post:
1 - first_boot.sh is in the package we create (Yosemite_Upgrade_First_Boot.pkg) using Packages.
2 - It is created separately, but is installed into /Library/Scripts as part of the "Upgrade to Yosemite" policy by Casper.
3 - Casper doesn't create it, but does put it in place when installing Yosemite_Upgrade_First_Boot.pkg.
4 - Only our build sequence and upgrade policy get first_boot.sh

Hope this helps!

-Mike

rtrouton
Release Candidate Programs Tester

@tcandela,

I'm using a createOSXInstallPkg-generated installer package for my OS upgrades:

https://github.com/munki/createOSXinstallPkgt

As part of creating it, I include a first boot package created by my First Boot Package Install Generator.app tool:

https://derflounder.wordpress.com/2014/10/19/first-boot-package-install-generator-app/

Among other things, the first boot package includes a payload-free package which runs the script to disable iCloud and the Diagnostics window:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/disable_apple_icloud_and_d...

The first boot package gets installed by the OS upgrade process, then kicks off and runs the installation process of the packages stored inside the first boot package once the OS upgrade is done and the Mac is booting off of the upgraded OS for the first time. That allows the iCloud and Diagnostics disablement script to be run at the right time (right after the upgrade) and on the right drive (the boot drive.)

bentoms
Release Candidate Programs Tester

Just run @rtrouton's script via a lauchDaemon so it updates the value on each boot.

That way, if Apple want to display the iCloud assistant again in another release.. It may get dismissed

tcandela
Valued Contributor II

@bentoms - so would i need to create a policy that drops a launchdaemon in /Library/LaunchDaemons and then drop the disableicloud.sh somewhere also?

tcandela
Valued Contributor II

@merps - so in your 'install cached yosemite" policy you have 2 packages (priority of 2nd package lower than 1st?)
1- install cached yosemite
2- place launchdaemon (/Library/LaunchDaemons) and the disableicloud.sh (where are you putting this?)

you have it runatload after upgrade completes. how do you have it clean up after itself so it runs just once?

tcandela
Valued Contributor II

@merps - I ended up using the packages program you mentioned. Here are the steps I did to create the .pkg that drops the launchdaemon and first boot.sh in place (/Library/LaunchDaemon) (/Library/Scripts). I believe this is the correct way to do this via packages application.

since this is for 10.9 I used rtrouton 10.9 first_boot.sh and com.company.initialsetup.plist
(not sure how 10.9 would react using the 10.10 files 'diagnostic popup'!!!)

1 - create a RAW project
2 - from Payload A - --> Library/LaunchDaemon --> added the com.snhs.initialsetup.plist , CHECKED 'keep owner and group, Absolut Path (named mine differently) B - --> Library/Scripts --> added the first_bootx9.sh CHECKED 'keep owner and group, Absolut Path (named mine differently) 3 - build package and DEBUG resulted in OK
4 - test the package on a OS x9 computer by running it and logging in with a first time user, no iCloud pop up appeared.

So i ended up adding this new pkg to the already existing 'Install Cached OS X Mavericks' policy, giving it a priority of 11 while os x9 installer is 10. So this policy now has 2 packages. I'll test this Self Service policy and let you know the iCloud pop up results.

bentoms
Release Candidate Programs Tester

@tcandela sorry, missed this.

Looks like you're sorted for the daemon, another thing would be a policy in the JSS that runs the script at every startup.

merps
Contributor III

@tcandela Seems like this plan should work out ok. If you have any issues, I'll dig back into my policies for verification of exactly what goes where.

tcandela
Valued Contributor II

@merps - its working perfectly with the PACKAGER application dropping the launchdaemon and disableicloud.sh script in place. No iCloud popup encountered on 2 systems I have upgraded to Mavericks so far.

only issue i see is that the policy does not run RECON as intended (policy has maintenance setup to Force computers to submit updated inventory information to the JSS)

to counter this not working i have since created a separate policy now that runs RECON daily for all computers i manage, just using the Maintenace payload with first checkbox checked)

here is a log of one of the completed upgrade

Executing Policy SNHS-Upgrade to OS X Mavericks...
[STEP 1 of 4]
Mounting MAC Software to /Volumes/CasperShare...
[STEP 2 of 4]
Installing SNHS-Install OS X Mavericks InstallESD.dmg...
Preparing for in-place OS upgrade...
Closing package...
[STEP 3 of 4]
Verifying package integrity...
Copying SNHS-OSX9UpgradeiCloudDisable.pkg...
Installing SNHS-OSX9UpgradeiCloudDisable.pkg...
Successfully installed SNHS-OSX9UpgradeiCloudDisable.pkg.
Blessing in-place OS upgrade directory...
Creating Reboot Script...

chad_fox
Contributor II

I've been using this script during imaging without issues for a few months now (disable_apple_icloud_and_diagnostic_pop_ups.sh).

I was looking through the policy logs and noticed the following:

Running script disable_apple_icloud_and_diagnostic_pop_ups.sh...
Script exit code: 0
Script result: chown: *: illegal user name

Any ideas?