So, here is my post image script in example format. Take what you want and run with it. Post any modifications that may help people here.
#!/bin/bash
########################################
# This is a post image script for student laptops
# This script will do post configurations
#
# This is for the 2011-12 school year
# Kansas City, KS Public schools
#
# By
#
# Thomas Larkin
#
#
#########################################
# set all variables here, these are hardcoded for the rest of the script
# will use echo for logging and debugging
#
# WARNING!!!!! THIS SCRIPT REQUIRES THE JAMF BINARY
#
# Local admin accounts
# only edit the variables of this script for future usage
# check for jamf binary
jamfcheck="/usr/sbin/jamf"
# now check if it exists
if [[ -e $jamfcheck ]]
then /bin/echo "Jamf binary present, continuing as planned..."
else /bin/echo "Jamf binary is not present, we need to halt"
exit 55
fi
# adding OS detection variable in case it is needed later on
OSversion=`/usr/bin/sw_vers | /usr/bin/awk '/ProductVersion:/ { print $2 }'`
# enable logging for debugging purposes. If script complete this file will be destroyed
# now proceed with local accounts
# set all desired names and passwords with in the quotes
admin1_long="Hidden Administrator"
admin1_short="hadmin"
admin1_passwd="password1"
# info for local admin account 2 to give to users who need ARD access
admin2_long="ARD Viewer"
admin2_short="ardview"
admin2_passwd="password2"
# local student acccount in case no one can log in during deployment
# this is a temporary account and highly managed, users should log into their accounts
local_student="student"
local_stushort="student"
local_stupasswd="password"
# if root accunt will be enabled, set password here
#root_passwd="rootpw"
# set the firmware password here
FirmWarePW="fwpasswd"
# create a list of post image apps you would want deleted maintain your list here
# just add the full path with in the ( ), the script will call for this later on
# it will simulate a user logging in so any files that creates upon first log in can also
# be wiped out
badfiles="/Library/Application Support/Bsecure/Splash.app"
# Now, use this to maintain a list of files/Apps you want moved from the default location this
# Will also be done when the script later logs in local_admin1 to configure some settings
# This is mainly used for folder level access control via MCX moving apps you want to restrict
# to folders you will restrict certain groups from using via MCX
app_list=(
/Applications/AppleScript/
/Applications/Microsoft AutoUpdate.app
/Applications/Automator.app
/Applications/Time Machine.app
)
###########################################################################################
# All variables, and user entered data should be stored above this line
# There is NO NEED to edit anything below this line
# This script assumes you are running DHCP on your network interfaces
# There is one point below for custom trigger policies you will have to edit those
# There is a sectin below to add custom trigger policies
##########################################################################################
#### end of variables #### starting the script
# now create accounts
/usr/sbin/jamf createAccount -username "$admin1_short" -realname "$admin1_long" -password "$admin1_passwd" –home /private/var/$admin1_short –shell “/bin/bash” -hiddenUser -admin
/bin/sleep 5 #allow some time between accounts to ensure they create properly
/usr/sbin/jamf createAccount -username "$admin2_short" -realname "$admin2_long" -password "$admin2_passwd" –home /private/var/$admin2_short –shell “/bin/bash” -hiddenUser -admin
/bin/sleep 5 #allow some time between accounts to ensure they create properly
/usr/sbin/jamf createAccount -username "$local_stushort" -realname "$local_student" -password "$local_stupasswd" –home /Users/$local_stushort –shell “/bin/bash”
/bin/sleep 5
# now enable root
/usr/sbin/dsenableroot -u $admin1_short -p $admin1_passwd -r $root_passwd
/bin/echo "done creating local accounts"
#
# Now set some network preferences
#
# require admin rights for ad_hoc creation
/usr/libexec/airportd en1 -ibss_admin 1
/bin/echo "adhoc networks require admin set"
# ensure that airport and ethernet are set to DHCP & set IPv6 off
/usr/sbin/networksetup -setv6off Ethernet
/usr/sbin/networksetup -setv6off Airport
/usr/sbin/networksetup -setdhcp Ethernet
/usr/sbin/networksetup -setdhcp Airport
# enable remote log in, ssh
/usr/sbin/systemsetup -setremotelogin on
# enforce clear text passwords in AFP
/usr/bin/defaults write com.apple.AppleShareClient "afp_cleartext_allow" 1
/bin/echo "network configuration complete"
#
# ensure remote desktop is enabled for our local admin accounts
#
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate
# now set access to remote desktop, refer to admin 1 and admin 2 from above
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users $admin1_short,$admin2_short -access -on -privs -all
/bin/echo "ARD client configured"
########################################
#
# bleow this point, put any custom trigger policies you want to be installed
#
#######################################
# add the web filter client
/usr/sbin/jamf policy -trigger addfilter
/bin/echo "Internet Filter is now installed..."
#
# add computrace to all HS laptops
# commenting this out for the middle school script
/usr/sbin/jamf policy -trigger addcomputrace
/bin/echo "Comp-U-Trace installed!"
# install mcx for local student
/usr/sbin/jamf policy -trigger studentmcx
#
# now to set up system settings like time zone, time server, etc
# firmware passwords
#
# set the time zone to US/Central
/usr/sbin/systemsetup -settimezone America/Chicago
# set the time server to our internal time server
/usr/sbin/systemsetup -setusingnetworktime on
/usr/sbin/systemsetup -setnetworktimeserver 10.156.3.1
# set the firmware password
/usr/sbin/setregproptool -m command -p "$FirmWarePW" -o ${FirmWarePW}
/bin/echo "System settings now configured"
# Now that system settings have been set we will log in as local admin, and customize
# our pristine install. Move certain apps to restrict by file path for later MCX management
# For this part of the script we will use Apple Script
# commenting this out for now, no longer needed.
#/usr/bin/osascript <<AppleScript
# tell application "System Events"
# keystroke "$local_stushort"
# keystroke return
# delay 3.0
# keystroke "$local_stupasswd"
# delay 3.0
# keystroke tab
# keystroke return
# end tell
#AppleScript
# give it a few seconds to fully log in
/bin/sleep 25
# we also need to purge any unwanted files, the the filter client splash screen for example
# this should be done after all packages have been installed
# add any full path of a file you wish to get rid of inside the ( )
/bin/echo "Now proceeding to remove unwanted apps"
for file in "${badfiles[@]}" ; do
if [[ -e $file ]]
then /bin/rm -rf $file
else /bin/echo "$file is already destroyed"
fi
done
#
# Now we will move any applications we don't want users to have access to from
# the applications folder to /Applications/Utilties and have MCX disallow apps to
# run from /Applications/Utilies on managed user accounts
#
# put full app paths in here spaces are allowed if you stay inside the quotes
# see beginning of script to set these file paths
#
# now move those apps
for file in "${app_list[@]}" ; do
if [[ -e $file ]]
then /bin/mv $file /Applications/Utilities/
else /bin/echo "$file already moved"
fi
done
/bin/echo "done moving apps"
#########################################
#
# Put any custom trigger policies that require a user to be logged in here:
#
#######################################
# test to see if systemis running 10.6, if it is execute from command line, if not execute the add wifi pkg in Casper
case $OSversion in
10.5*) `/usr/sbin/jamf policy -trigger addwireless`;;
10.6*) `/usr/sbin/networksetup -addpreferredwirelessnetworkatindex Airport usd500_wpa 0 WPA2 mypasskey`;;
esac
#
# Now we must purge the system log to get rid of any passwords that may be in plain text
#
#
# now apply MCX settings to our local account
#
/bin/rm -rf /var/log/*
/bin/echo "purged logs"
# reset policies that need to run again
/usr/sbin/jamf FlushPolicyHistory
# rebooting system one more time so all mcx and updates and first run boot polices run through
/sbin/shutdown -h +1 &
exit 0Now things are commented out because at some point I used them, but I left them there in case I ever needed them again.
