Jamf Nation Community

I used the Create OS X Installer to make a deployable PKG that included a first boot script, as well as Java 2013-005. I just put this in Self Service, and allowed a few of my test users to install it. The only thing I modified in the policy was a "shutdown -r now" at the end. I am considering adding in a fdesetup authrestart, but not sure if it would work, or if it really is necessary, since the end user is in front of their computer at self service, but could have other uses.

My disable iCloud is from @rtrouton, and the only thing I modified was where it says "10.8", changed to "10.9", but I know that he is working on an update for 10.9, which will be more definitive than my hack :)

@jwojda

I haven't done a full Self Service style upgrade yet. This was just done by installing it manually on top of a managed test box, and ssh'ing into the Mac afterwards and running the above commands. I then did not get the iCloud setup screen.

As for rolling it into the Self Service upgrade, I haven't given it much thought, but maybe something like a one time LaunchDaemon that runs a script which you can deploy along with the Self Service upgrade? Not sure, but I'll play around with it.

For now, if you'd like a script that will write the above settings in to all of the localization folders, I tested this and seems to work. I would only try this on a test machine of course (also needs to run as root obviously)

#!/bin/bash

OSvers=$( sw_vers -productVersion )
OSbuild=$( sw_vers -buildVersion )

Plist="Library/Preferences/com.apple.SetupAssistant.plist"

for DIR in $( ls "/System/Library/User Template/" | grep "lproj" ); do
    /usr/bin/defaults write "/System/Library/User Template/$DIR/$Plist" DidSeeCloudSetup -bool true
    /usr/bin/defaults write "/System/Library/User Template/$DIR/$Plist" LastSeenCloudProductVersion $OSvers
    /usr/bin/defaults write "/System/Library/User Template/$DIR/$Plist" LastPreLoginTasksPerformedVersion $OSvers
    /usr/bin/defaults write "/System/Library/User Template/$DIR/$Plist" LastPreLoginTasksPerformedBuild $OSbuild
done

I suppose the old FUT method might also work, but again, haven't really tested anything further than the above.

I've updated my iCloud pop-up disabling script so that it should now be able to handle 10.7.x - 10.9.x. Feedback welcomed:

https://github.com/rtrouton/rtrouton_scripts/blob/master/rtrouton_scripts/disable_icloud_pop_up/disa...

Update 10-30-2013 - I noticed I was setting a couple of values that didn't need to be set. It looks like setting the following values are not needed to block the iCloud pop-up:

LastPreLoginTasksPerformedVersion
LastPreLoginTasksPerformedBuild

I’ve updated the script to remove the parts that referenced setting those values.

#!/bin/sh

# Determine OS version
osvers=$(sw_vers -productVersion | awk -F. '{print $2}')
sw_vers=$(sw_vers -productVersion)

# Checks first to see if the Mac is running 10.7.0 or higher. 
# If so, the script checks the system default user template
# for the presence of the Library/Preferences directory.
#
# If the directory is not found, it is created and then the
# iCloud pop-up settings are set to be disabled.

if [[ ${osvers} -ge 7 ]]; then

 for USER_TEMPLATE in "/System/Library/User Template"/*
  do
    defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
    defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none
    defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion "${sw_vers}"
  done

 # Checks first to see if the Mac is running 10.7.0 or higher.
 # If so, the script checks the existing user folders in /Users
 # for the presence of the Library/Preferences directory.
 #
 # If the directory is not found, it is created and then the
 # iCloud pop-up settings are set to be disabled.

 for USER_HOME in /Users/*
  do
    USER_UID=`basename "${USER_HOME}"`
    if [ ! "${USER_UID}" = "Shared" ] 
    then 
      if [ ! -d "${USER_HOME}"/Library/Preferences ]
      then
        mkdir -p "${USER_HOME}"/Library/Preferences
        chown "${USER_UID}" "${USER_HOME}"/Library
        chown "${USER_UID}" "${USER_HOME}"/Library/Preferences
      fi
      if [ -d "${USER_HOME}"/Library/Preferences ]
      then
        defaults write "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
        defaults write "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none
        defaults write "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion "${sw_vers}"
        chown "${USER_UID}" "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant.plist
      fi
    fi
  done
fi

Thank you Rich!

Any recommendations on how to incorporate this into the Self Service upgrade path?

If you're using a first boot script, you could incorporate it into that. I recently added a 10.9 first boot script to my GitHub repo and included this functionality:

https://github.com/rtrouton/rtrouton_scripts/blob/master/rtrouton_scripts/first_boot/10.9/initialset...

Is a "First Boot" script the same thing as having a policy that runs a script with the Trigger set to Startup?

by the way, thanks for sharing the scripts :)

@rtrouton - kind of an OT question, but I tweaked your script to incl 2 time servers, but only 1 seems to get applied. have you noticed that? It seemed to work fine in your 10.8 script (thank you for that one too by the way).

#Primary Time server for Company Macs

TimeServer1=<corporate time server>

#Secondary Time server for Company Macs

TimeServer2=time.apple.com

# Set the primary network server with systemsetup -setnetworktimeserver
# Using this command will clear /etc/ntp.conf of existing entries and
# add the primary time server as the first line.

/usr/sbin/systemsetup -setnetworktimeserver $TimeServer1

# Add the secondary time server as the second line in /etc/ntp.conf

echo "server $TimeServer2" >> /etc/ntp.conf 

# Add the tertiary time server as the third line in /etc/ntp.conf

# echo "server $TimeServer3" >> /etc/ntp.conf

# Enables the Mac to set its clock using the network time server(s) 

/usr/sbin/systemsetup -setusingnetworktime on

@gajones saw nobody responded - figured I would. A firstboot script is a script that runs after you image a machine, but before the user logs in. It's typically done to set system settings.

@jwojda][/url

Over here: https://jamfnation.jamfsoftware.com/discussion.html?id=6857

It appears the ntp.conf file is now in /private/etc/ntp.conf

Try changing that path and try again. I'm guessing the /etc/ntp.conf file is just being ignored.

[-- edit --] I'm wrong, they have scripts for both over there, they also suggested a comma-separated list. I'd try opening up that topic again.

@jwojda][/url,

Not sure, the script works fine as is for me. When you edited the script, did you use TextEdit? I've noticed that can introduce issues for scripts by changing line endings and munging other bits.

Graphical editors and my more Macized colleagues drive me nuts. If you want to do scripting, learn vi people :)

@nessts

+1

Or use BBEdit. Editing files correctly since 1991.
(TextWrangler (same company) is free)

@rtrouton - used text wrangler. I will mess with it s'more and see what I can see (read: flop and twitch like a fish out of water)

@nessts you're right, but I'm really bad at scripting, but am slowly picking it up. don't knock my crutch :) But I'm glad to help drive you nuts. I'll even throw some cashews in for good measure.

vi vs pico vs nano....FOOD FIGHT!!!

+1 for vi...gets the job done (and shoved down our throats by *nix admins in the 90's).

+1 for BBEdit...I never have a Mac without it. :)

pico and nano are the same editor on OS X. Wouldn't be fair to gang up on vi like that.

vi clearly wins, it solves mazes for goodness sake!

http://www.flystrip.com/~corby/vi/solve_maze.html

And I've been shoving vi down people's throats since the late 80's! ;-)

@jwojda thanks for the reply. So is there any way to get such a script to run after a Self Service upgrade?

/url][/url">@gajones][/url][/url you could leverage this:
[http://derflounder.wordpress.com/2013/05/13/first-boot-package-install-pkg/
using a PKG that runs whatever commands you like as a postinstall script.
Then bake it into the OS installer using createOSXinstallPkg

BTW, @rtrouton][/url][/url, @gregneagle][/url][/url thanks for everything you're doing. I love you.

@Chris thanks!

i noticed that after I did the createOSXInstall w/ the afore mentioned first boot package install that while the system upgraded and did it's thing, I was removed from the sudoers file. My account page showed I was an admin, but whenever I tried to do sudo through terminal it said I wasn't part of it.

Anybody else run into that?

Anyone figure out how to skip the iCloud setup when upgrading via Self Service? (and get java installed)

I understand the First Boot script idea which works great for a full image. But is there any equivalent when done via Self Service?

Tools needed:
- Install OS X Mavericks.app
- createOSXinstallPkg
- First Boot Package Install.pkg
- Java for OS X 2013-005
- Script to disable iCloud (and set whatever other prefs you like), wrapped in a .pkg

-> Stuff Java and your script (as a .pkg) into First Boot Package Install.pkg
-> run

sudo ./createOSXinstallPkg --source /path/to/Install OS X Mavericks.app --pkg /path/to/First Boot Package Install.pkg

-> upload resulting PKG to Casper
-> cache resulting PKG on clients
-> create Self Service policy that installs cached PKG, add

shutdown -r now

to the "run command" field in your Self Service policy
-> boom, done!

So ok let me resumerize and see if I understand.

Collect all the things I need and a First Boot Package from an imaged machine pre-boot?

Make 1 package with those.

Then make a huge package with those and the 10.9 installer.

Do all the policy stuff to cache it and stuff. Then add shutdown -r now command to the actual install policy.

I take it this will boot into a First Run package and install Mavericks behind the scenes?

If you follow exactly what @Chris posted above you will have a working Policy to install 10.9 in self service with Java, First Boot, and Disable iCloud. Should be a solution on this thread.

Edit. I missed stuff way above. So I think I'm good.

We did this the very easy non-scripted way, Two policies, first one caches the installer and then calls the second to run the install. User can see the progress whilst it downloads then will be down for just over an hour whilst it upgrades and wont be prompted with any questions.

1) Download installer from the App store 2) Upload whole downloaded installer from Applications in to casper admin (dont run it just upload it)

3) Create 1st policy to cache the install. ie add the installer with cache set only rather than install, set it to also run a command "sudo jamf policy -trigger cachedmavericks" , make it available as a self service option to whoever you need , with whatever warnings you need.

4) Create 2nd policy to install the cached installer, untick all triggers except other with name "cachedmavericks", set to reboot immediately. This one doesnt need to be available in self service, although teh scope needs to be the same as the first.

utilizing @rtrouton 's script, I want to add a line to turn on the firewall, but i'm not seeing what the command is in my 10.8 script, maybe I'm not looking for the right thing - anybody got it off the top of their head?

also, I noticed on his website and mentioned in his script he has the com.company.initialsetup.plist file - is that required? if so, do i just copy it, modify what needs modifying and use a DMG to put the plist and fb script down in the proper locations? Or do I remove those from the FB script and just use the script I U/L to casper and run that?

This is what I'm using to enable the firewall, with logging enabled and stealth mode disabled

# Enable Application Firewall
defaults write /Library/Preferences/com.apple.alf globalstate -int 1
defaults write /Library/Preferences/com.apple.alf loggingenabled -int 1
defaults write /Library/Preferences/com.apple.alf stealthenabled -int 0

@wyip thank you! that works perfectly!

as far as the firstboot script from the 2nd part of my question. I got it working by putting them into a dmg file and then putting them down on the box. however it seems to interrupt the adobeinstall from Casper... is that expected behavior?

I'm getting this error when testing deployment of a package I created using the instructions @Chris posted:

Installing InstallOSX_10.9_13A598_custom.pkg.zip...
Installation failed. The installer reported: installer: Package name is OS X installer: Installing at base path / installer: The install failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.)

All I've put into the First Boot Package Install is Java.

Have you tried installing the PKG manually, without Casper?
Any clues in /var/log/install.log?

Apparently there's a bug in installing pkg.zip files over 4gb

I'm stuck also because of that. If I manually install it, it works. But installing via casper self service policy, no luck.

Just hit the same issue. I'm going to wrap my pkg in a dmg, cache it and install via JAMF's installpkgfromdmg script a la my CS6 deployment.

Any luck doing it with the installpkgfromdmg?

Plenty! Works a treat!

Works so well one of the 2nd line started deploying it before I'd finished my own testing ...

Initial testing under 9.21 seems to resolve the pkg.zip file issue in 9.2.

From Support:

We had filed a defect on this behavior - in 9.2 and below we used Apple's built in zip utility to compress and decompress files, and noticed that it has a hard time with bigger files like Adobe Installs - in 9.21 we switched to the built in ditto utility which handles these files much better.

@jwojda Did you have to re-zip your packages? It seems like packages that were zipped with the built-in Apple utility would still be broken under 9.21, and you would have to re-zip under 9.21 in order to get a working package that was zipped with ditto.