Jamf Nation Community

jyoung · ‎04-15-2014

Hi All,

I am REALLY new to scripting and bash scripts. I just wrote my first one and can execute it from Terminal on a test machine. I have set the .sh file to be executable as well. I have copied it over to Casper Admin and applied it to run at reboot. The settings from the script are not set. We only have the imaging suite (not the whole suite with self service). We are using Casper Admin 8.72. Thanks for any help! Any suggestions on what I am doing wrong?

#!/bin/bash

#This script is to set the initial settings of OS X machines.

#Enable Remote Destkop
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -agent -menu

#Set All Users and User Permissions sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -allUsers -privs -DeleteFiles -ControlObserve -TextMessages -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings -restart -agent -menu

#Enable Remote Login/SSH
sudo systemsetup -setremotelogin on

#Set Time Zone sudo systemsetup -settimezone America/New_York

#Set Using Network Time
sudo systemsetup -setusingnetworktime on

#Set Wake on LAN
sudo systemsetup -setwakeonnetworkaccess on

#Set Start After Power Failure
sudo systemsetup -setrestartpowerfailure on

#Set Disable Gatekeeper
sudo spctl --master-disable

#Set Disable Natural Scrolling
defaults write NSGlobalDomain com.apple.swipescrolldirection -bool false

#Set New Finder Window to home folder defaults write com.apple.finder NewWindowTarget PfHm

#Set Show Mounted Servers on Desktop defaults write com.apple.finder ShowMountedServersOnDesktop -bool true

#Set Show Hard Disks On Desktop
defaults write com.apple.finder ShowHardDrivesOnDesktop -bool true

#Set Show External Disks On Desktop
defaults write com.apple.finder ShowExternalHardDrivesOnDesktop -bool true

#Set Show Removable Media on Desktop
defaults write com.apple.finder ShowRemovableMediaOnDesktop -bool true

Jeff

rmanly · ‎04-21-2014

check out Rich Trouton's github for ways to deal with user template issues. His firstboot scripts deal with the iCloud login stuff but the same techniques apply.

View solution in original post

jcompton · ‎04-15-2014

There are several issues.

First - the script will run as root anyway, so you can remove all the "sudo's"
Second - defaults will be writing to the root user's home folder. Because you are not specifying a specific user domain, and the script is running as root. Those preferences are user level preferences, so if you want them to stick to all users who have not yet logged in - then each defaults should be "/usr/bin/defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder ShowRemovableMediaOnDesktop -bool true" as an example.

But perhaps the best thing you can do is wrap your entire script into a function, and then direct the whole function to a test log file - just while you are testing.

So - change your script to ------------------------------------

#!/bin/bash

myFuntion ()
{
<< Now erase this entire line including arrows and replace with your script here >>
}

myFunction > /Library/Logs/myTestLog.log 2>&1

jcompton · ‎04-15-2014

what this will do is create a log file at /Library/Logs. the "2>&1" tells the script to write all standard output and standard error to the log file.

This will help you debug and figure out where things are going wrong.

jcompton · ‎04-15-2014

A long time ago, I was in your exact spot. So GOOD LUCK.

gachowski · ‎04-15-2014

Jeff,

I hate to give you even more bad news, I think some of the setting can't be set that way any more... please see

http://managingosx.wordpress.com http://gregneagle.github.io/mtc2013_python/

Also, I think you can and should configure casper to enable SSH .....

in your JSS go to : Computer Management Framework Settings/startup item

I know this goes against the norm, but take a some time and think about why and what setting you really most set, for example "Show Hard Disks On Desktop" ..... We had this on for the longest time and final I asked why, it's not Apple default why are we changing it? Most users are used to the Apple default now with no disk on the desktop..... It's a tricky question and there is no "right" answer, but why make more work for your self : ) I think of it focus on the security setting and truly required changes.

Good Luck!!

C

jhbush · ‎04-15-2014

@gachowski

for example "Show Hard Disks On Desktop" ..... We had this on for the longest time and final I asked why, it's not Apple default why are we changing it?

I just went thought this...glad I'm not the only one.

acdesigntech · ‎04-16-2014

enabling ssh is also not Apple default... just sayin ;)

jhalvorson · ‎04-16-2014

I asked our help desk team if I should stop making all of the old school changes to Finder preferences. They requested to continue showing the hard drive on the desktop, hiding "All My Files", show Status bar, display scroll bars, etc. Their reasoning is it so much easier to navigate the user over the phone when they call for help.

acdesigntech · ‎04-16-2014

@jhalvorson : my thoughts exactly. Since our drive names are also the Macs name, it is easy to direct a user to the computer name. The path bars help for navigation and if we need to get a screen shot of the finder location where they're having xyz issue. There are a multitude of reasons for keeping these "old school" settings. Just because Apple wants people to forget about the filesystem doesn't mean we should in the support world.

JPDyson · ‎04-16-2014

This isn't exactly what you asked for, but we actually create and package a default user template, rather than scripting stuff like this. Depends on how you want to do the work.

jyoung · ‎04-17-2014

Thanks for the responses. Personally, I would love to get rid of the Finder prefs. However, its is easier for our Help Desk to walk our users through navigating to folders.

We used to set all these settings on the OS X image and build them out monolithically. Being as I was the only one doing this it was time consuming. I have moved to making the OS X portion of the image with AutoDMG and adding to the workflow in Casper Admin. It has really completely reduced the amount of time it takes me to make our images. I have spend the last two years working nonstop on images from mid July to late August. I would love to spend my summer not being image boy :)

Forgot to add our machines are not bound to OD or AD. All of our faculty and staff are local admins. Our lab machines have a single "lab user" log in but are not admins.

JPDyson · ‎04-17-2014

I feel you; if it wasn't clear, our template package is separate from our OS package, and I haven't updated it since 10.8, so it's still quite modular and consistent with thin imaging practices. To each his own; the script is a nice way to go about it.

jyoung · ‎04-17-2014

@JPDyson can you point me in the direction of your template package? I removed the sudo from the commands. Everything works down down to the natural scrolling. Thats when it stops working now. After talking to our help desk they have more things they want more Finder settings brought back to the image. For some reason not having a scroll bar and natural scrolling causes havoc for our users.

bentoms · ‎04-18-2014

Why not use MCX to set the Finders prefs?

rmanly · ‎04-21-2014

check out Rich Trouton's github for ways to deal with user template issues. His firstboot scripts deal with the iCloud login stuff but the same techniques apply.

jyoung · ‎04-24-2014

Thanks everyone! I got what I needed with the Finder issues figured out.

ahambidge · ‎04-25-2014

@jyoung, I don't know if you still need any scripting stuff, but I figured I'd post my preferences script in case you have a use for any of the settings I've been setting over the (gasp, I feel old!) years. :)

#!/bin/sh
#Declare Variables
OSVer=`sw_vers -productVersion`
HWType=`/usr/sbin/system_profiler SPHardwareDataType | grep "Model Identifier" | grep "Book"`

#This sets the login window and screen saver preferences.
defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "You are accessing a [redacted] computer network for authorized users only. Use of the network constitutes consent to all [redacted] IT policies. For further information regarding those policies, refer to [silly, unclickable web url]."
defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool YES
defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES
defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array ardamin
defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabledWhileLoggedIn -bool NO
defaults write /Library/Preferences/com.apple.loginwindow RestartDisabledWhileLoggedIn -bool NO
defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo -string 'DSStatus'
defautls write /Library/Preferences/com.apple.loginwindow showInputMenu -bool YES
echo "Loginwindow settings configured."

#Disables Bluetooth.
#defaults write /Library/Preferences/com.apple.MCXBluetooth DisableBluetooth -dict state -string 'always' -bool YES
#defaults write /Library/Preferences/com.apple.Bluetooth.plist ControllerPowerState -int 0
#echo "Bluetooth preferences configured."

#Removes Bluetooth and Time Machine from the Menu Bar.
defaults -currentHost write "/System/Library/User Template/English.lproj/Library/Preferences/ByHost/com.apple.systemuiserver" dontAutoLoad -array -string "/System/Library/CoreServices/Menu Extras/TimeMachine.menu" -string "/System/Library/CoreServices/Menu Extras/Bluetooth.menu"
echo "Removed Bluetooth and Time Machine from the Menu Bar."

# This script disables fast user switching.
defaults write /Library/Preferences/.GlobalPreferences MultipleSessionEnabled -bool NO
echo "Fast user switching disabled."

#Use encrypted virtual memory
defaults write /Library/Preferences/com.apple.virtualMemory UseEncryptedSwap -bool YES
echo "Virtual memory secured."

# Set Safari Preferences.
defaults write /Library/Preferences/com.apple.Safari HomePage "http://www.unf.edu/"
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.Safari" ShowStatusBar -bool YES
echo "Safari Settings configured."

# NO .ds-store files on Network Shares
defaults write /Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores -bool YES
echo "DS store files disabled."

# Set Apple Mouse button 1 to Primary click and button 2 to Secondary click.
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.driver.AppleHIDMouse" Button1 -integer 1
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.driver.AppleHIDMouse" Button2 -integer 2
echo "Apple Mouse settings configured."

# Set Apple Magic Mouse button 1 to Primary click and button 2 to Secondary click.
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.mouse" MouseButtonMode -string TwoButton
echo "Magic Mouse settings configured."

# Disable Time Machine Offers & Auto Backup
defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool YES
defaults write /Library/Preferences/com.apple.TimeMachine AutoBackup 0
echo "Time Machine settings complete."

#Disable iCloud
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion -string $OSVer
defaults write /System/Library/User Template/English.lproj/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool YES
echo "iCloud disabled."

#Configures Office AutoUpdate
defaults write /Library/Preferences/com.microsoft.autoupdate2 HowToCheck -string Manual
defaults write /Library/Preferences/com.microsoft.autoupdate2 LastUpdate -date '2001-01-01T00:00:00Z'
echo "Office Autoupdate set to manual."

#Configures Office Error Reporting
defaults write /Library/Preferences/com.microsoft.error_reporting SQMReportsEnabled -bool NO
defaults write /Library/Preferences/com.microsoft.error_reporting ShipAssertEnabled -bool NO
echo "Office Error Reporting set."

#Configure Office Setup
defaults write /Library/Preferences/com.microsoft.office "14UserInfoUserOrganiation" -string 'University of North Florida'
defaults write /Library/Preferences/com.microsoft.office "14FirstRunSetupComplete" -int 1
defaults write /Library/Preferences/com.microsoft.office "14UserInfoUserName" -string 'Information Technology Services'
echo "Office Setup configured."

#Hides Office Welcome Windows
defaults write /Library/Preferences/com.microsoft.Excel "14Microsoft ExcelHide Welcome Window" -int 1
defaults write /Library/Preferences/com.microsoft.Outlook FirstRunExperienceCompleted -bool YES
defaults write /Library/Preferences/com.microsoft.PowerPoint "14OptionsOptionsHide Welcome Dialog" -int 1
defaults write /Library/Preferences/com.microsoft.Word "14OptionsHide Welcome Dialog" -int 1
echo "Office Welcome Windows disabled."

#Hides Document Galleries
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.microsoft.office" "14File New StateFNXCEL" -int 0
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.microsoft.office" "14File New StateFNPPT3" -int 0
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.microsoft.office" "14File New StateFNMSWD" -int 0
echo "Office Galleries disabled."

#Sets Finder Preferences
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder.plist" ShowMountedServersOnDesktop -bool YES
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder.plist" ShowHardDrivesOnDesktop -bool YES
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder.plist" ShowRemovableMediaonDesktop -bool YES
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder.plist" ShowExternalHardDrivesOnDesktop -bool YES
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder.plist" ProhibitGoToiDisk -bool YES
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder.plist" ShowStatusBar -bool YES
echo "Finder Settings complete."

#Disables Location Services
defaults write /Library/Preferences/com.apple.MCX DisableLocationServices -bool YES
echo "Location Services disabled."

#iWork Registration Removal
defaults write /Library/Preferences/com.apple.iWork09 RegistrationHasBeenSent -bool YES
echo "iWork Settings complete."

#Sets Screensaver lock settings
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.screensaver" askForPasswordDelay -string 1800
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.screensaver" askForPassword -int 1
echo "Screensaver Settings complete."

if [[ "$OSVer" = "10.9"* ]]; then
if [ -n "$HWType" ]; then
    defaults write /Library/Preferences/com.apple.mdmclient BypassPreLoginCheck -bool YES
fi
fi

sean · ‎04-28-2014

@ahambidge

Does this work set as a string instead of an integer?

#Sets Screensaver lock settings
defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.screensaver" askForPasswordDelay -string 1800

cbrewer · ‎12-03-2014

@ahambidge

Thanks for posting your script. You might take a look at the following line. It's missing the Z in organization.

defaults write /Library/Preferences/com.microsoft.office "14UserInfoUserOrganiation" -string 'University of North Florida'

bentoms · ‎01-04-2015

Just chiming in with what we do.

System things like enabling ARD we do as part of a "Postflight Policy" that is run as part of our imaging workflow: https://macmule.com/2014/12/21/my-casper-imaging-workflow/

Settings that we wish to set, we use the following in order of preference:

Config Profile (user or computer, payload dependent).
Managed Preferences (although not 10.10.x).
A script that runs via a Launch Agent (so at user login).
A plist captured via Composer & deployed using FEU or FUT as appropriate.

However, we're now mostly just using profiles.

Chris_Hafner · ‎01-05-2015

MCX is dead/dying. Run away from it with all haste! Otherwise, I love defaults command for this. I tend to modify the default User Template as is described in a variety of posts here though I am one of those @$$#°|@$ that still hand modifies my base OS packages and so I manually configure my user templates and not with my first run script. As has also been mentioned, profiles will work for a lot of these as well and may give you a bit more flexibility.

Jamf Nation Community

Help with script at imaging