Help

Leopard Core OS build

milesleacy
Valued Contributor

Posted on ‎04-16-2008 01:33 PM

Hello all,

I think it would be beneficial for us all to share what we feel needs to be
done to the core OS image for Leopard and why. I'll start.

  1. Install on newest hardware in production, in my case MacBookPro4,1 ­ long accepted best practice, gives most compatibility with Mac models
  2. Erase & install ­ long accepted best practice, cleans out the hard drive of any junk before installing a system
  3. Custom install, uncheck all optional components ­ keeping it lean and keeping it modular
  4. Create admin account(s) for IT staff & casper tools ­ needed to perform admin tasks and manage via casper
  5. Set a computer name that will be recognizable as an unconfigured machine ­ easily spot problem machines on the network
  6. Disable the guest account ­ security consideration
  7. Disable automatic login, password hints, display login window as name & password ­ security considerations
  8. Require password to unlock each system preference pane ­ security consideration
  9. Turn off Bluetooth ­ security consideration
  10. Turn off Software Update checking ­ to keep this under control of casper policies
  11. Turn off Time Machine status icon ­ In my environment, we don't use Time Machine
  12. Set default energy saver settings for power adapter ­ keep machines from sleeping or spinning down hard disks while plugged in
  13. Run critical software updates, OS, security ­ security consideration, OS comes out of the gate as up to date and patched as possible without waiting for a policy to run.

Several of the above items could be accomplished with scripts, policies,
packaged plists, etc.. I choose to set them in the core OS package since
these are the values we want, they have to be set to something, and if we
change our minds later, its easy enough to change them with policies.

-- Miles Leacy
Senior Macintosh Technician
Polo Ralph Lauren
212-318-7603
miles.leacy at poloralphlauren.com

0 Kudos
Reply
2 REPLIES 2

winkelhe
New Contributor

Posted on ‎04-16-2008 01:49 PM

defaults write com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool YES

Stops time machine from barking when you connect an external disk. I also kill all the unnecessary fonts.

--
Eric Winkelhake | Technology Services ? Mundocom | Re:Sources IT
35 West Wacker Drive, Suite 3000 | Chicago, IL 60601
Office: 312-220-1669 | Mobile: 312-519-5632
Email: Eric.Winkelhake at us-resources.com
Open a Service Desk Ticket | Navigating IT | Training Now

0 Kudos
Reply

milesleacy
Valued Contributor

Posted on ‎04-16-2008 02:00 PM

Cool.

I have the 'time machine nag killer' as a script, largely because when
something requires CLI, I generally use scripts. The settings I incorporate
in the core build are clicks in System Preferences.

Have you got a listing of the necessary fonts in Leopard? I have weeded out
fonts in my Tiger builds, but I don't have a definitive list of necessary
Leopard fonts.

Thanks,

-- Miles Leacy
Senior Macintosh Technician
Polo Ralph Lauren
212-318-7603
miles.leacy at poloralphlauren.com

On 4/16/08 4:49 PM, "Eric Winkelhake" <eric.winkelhake at us-resources.com> wrote:

defaults write com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool YES

Stops time machine from barking when you connect an external disk. I also kill all the unnecessary fonts.

-- Eric Winkelhake | Technology Services ­ Mundocom | Re:Sources IT 35 West Wacker Drive, Suite 3000 | Chicago, IL 60601 Office: 312-220-1669 | Mobile: 312-519-5632 Email: Eric.Winkelhake at us-resources.com <mailto:eric.winkelhake at us-resources.com> Open a Service Desk Ticket <http://sdexpress.publicisgroupe.net/ServicePages> | Navigating IT <http://computer-ed.publicisgroupe.com/navigating_IT/index.html> | Training Now <http://computer-ed.publicisgroupe.com/>

<http://www.itmarketing.publicisgroupe.com/redirect.html>

"Leacy, Miles" <Miles.Leacy at PoloRalphLauren.com> Sent by: casper-bounces at list.jamfsoftware.com04/16/08 03:33 PM To casper list <casper at list.jamfsoftware.com> cc Subject [Casper] Leopard Core OS build

Hello all,

I think it would be beneficial for us all to share what we feel needs to be done to the core OS image for Leopard and why. I'll start.

  1. Install on newest hardware in production, in my case MacBookPro4,1 ­ long accepted best practice, gives most compatibility with Mac models
  2. Erase & install ­ long accepted best practice, cleans out the hard drive of any junk before installing a system
  3. Custom install, uncheck all optional components ­ keeping it lean and keeping it modular
  4. Create admin account(s) for IT staff & casper tools ­ needed to perform admin tasks and manage via casper
  5. Set a computer name that will be recognizable as an unconfigured machine ­ easily spot problem machines on the network
  6. Disable the guest account ­ security consideration
  7. Disable automatic login, password hints, display login window as name & password ­ security considerations
  8. Require password to unlock each system preference pane ­ security consideration
  9. Turn off Bluetooth ­ security consideration
  10. Turn off Software Update checking ­ to keep this under control of casper policies
  11. Turn off Time Machine status icon ­ In my environment, we don't use Time Machine
  12. Set default energy saver settings for power adapter ­ keep machines from sleeping or spinning down hard disks while plugged in

  13. Run critical software updates, OS, security ­ security
    consideration, OS comes out of the gate as up to date and patched as possible
    without waiting for a policy to run.

    Several of the above items could be accomplished with scripts, policies,
    packaged plists, etc.. I choose to set them in the core OS package since
    these are the values we want, they have to be set to something, and if we
    change our minds later, its easy enough to change them with policies.

0 Kudos
Reply