- Jamf Nation Community
- Products
- Jamf Pro
- Re: User template deployment problem
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-30-2014 08:30 AM
Hi Folks,
I'm making progress working up to replacing our monolithic DeployStudio imaging with Casper. I'm having trouble with our custom User Template. In 10.9.3 the user template (for English speakers) is located at:
/System/Library/User Template/English.lproj/
Once I do all the customizations I drag the template from the Finder (while logged into the GUI as root) to the left side of Composer and build as PKG and deploy. The problem is, the User Template does not get deployed to the path above, it seems to get deployed to the top of the target hard drive, which is useless and leaves locked folders there that should not be there such as Desktop, Movies, Music and Pictures. I suppose the stuff in Library/Application Support and Library/Preferences ends up in the main Library folder which is also incorrect.
I'm probably creating this the package the wrong way because I'm new here. If you are not falling over laughing please set me straight. ;)
Thanks.
Jim
Solved! Go to Solution.
Labels:
- Labels:
-
Tips & Tricks
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-30-2014 09:25 AM
My first suggestion: don't do it via the User Template. You only get one chance to apply settings from the User Template, and that's on creation of the account. It won't work for network accounts, either, or anything that doesn't use the User Template as its basis. It also won't allow you to make changes to existing accounts, so you'll still need another mechanism in place in order to push out changes later. Rather than having two mechanisms to make changes to users, it's better to have one that works for both. It's less fragile and you end up having to do less work in the end.
Second suggestion: A lot of what you want to do can be done via MCX / Profiles. For example:
- show hard disks and connected servers on the desktop
Check out my Finder profile here that does that: https://github.com/nmcspadden/Profiles/blob/master/Finder.mobileconfig
- set the desktop background
Unfortunately this can no longer be profiled, but there are other instructions for how to do this:
http://derflounder.wordpress.com/2013/10/26/mavericks-desktop-background-picture-settings-moved-from...
The short version is that you need to have a script that runs at login for the users to enforce the background being set. This can be done with a LaunchAgent, or by using something like outset https://github.com/chilcote/outset.
- set the default screen saver
Although I don't manage it, I believe it's set in com.apple.screensaver:
https://github.com/nmcspadden/Profiles/blob/master/ScreenSaverPasswordOff.mobileconfig
- have three servers as favourites (Canadian spelling there)
That's managed in com.apple.sidebarlists, I believe. I don't currently have a profile that manages it, but it's relatively easy to make one to add favorites.
- have several bookmarks in Safari, Chrome and Firefox
This is unfortunately the hard one, because there are three separate mechanisms you need to manage Safari, Chrome, and Firefox. Safari is easiest:
https://github.com/nmcspadden/Profiles/blob/master/Safari.mobileconfig
Chrome can be *mostly* managed by profile:
https://github.com/nmcspadden/Profiles/blob/master/Chrome.mobileconfig
There's a few extra steps when it comes to skipping the first run UI and such, but I don't think there's any blog posts about the whole process. That may be something I have to write up.
Firefox is done via the CCK2:
http://mike.kaply.com/2014/03/03/new-features-for-cck2/
https://addons.mozilla.org/en-US/firefox/addon/cck2wizard/
I don't have Office 2011 so I can't help with that specifically.
My overall suggestion is to use the Apple-approved and recommended methods for managing this information, which is basically through MCX/Profiles. Creating profiles is relatively easy, with Casper, with Profile Manager, or other tools like mcxToProfile. "defaults write" is essentially a way to change a preference setting, and a profile is essentially a way to enforce that preference setting.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-30-2014 08:43 AM
I should also mention that my goals for the user template are as follows:
- show hard disks and connected servers on the desktop
- set the desktop background
- set the default screen saver
- have three servers as favourites (Canadian spelling there)
- have several bookmarks in Safari, Chrome and Firefox
- have the user name for Microsoft Office 2011 set the way I want it
- have the font cache for Microsoft Office 2011 set so it doesn't recreate it on every new AD login
I've seen some "defaults write" commands which purport to do some of the above but not all of the above.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-30-2014 09:25 AM
My first suggestion: don't do it via the User Template. You only get one chance to apply settings from the User Template, and that's on creation of the account. It won't work for network accounts, either, or anything that doesn't use the User Template as its basis. It also won't allow you to make changes to existing accounts, so you'll still need another mechanism in place in order to push out changes later. Rather than having two mechanisms to make changes to users, it's better to have one that works for both. It's less fragile and you end up having to do less work in the end.
Second suggestion: A lot of what you want to do can be done via MCX / Profiles. For example:
- show hard disks and connected servers on the desktop
Check out my Finder profile here that does that: https://github.com/nmcspadden/Profiles/blob/master/Finder.mobileconfig
- set the desktop background
Unfortunately this can no longer be profiled, but there are other instructions for how to do this:
http://derflounder.wordpress.com/2013/10/26/mavericks-desktop-background-picture-settings-moved-from...
The short version is that you need to have a script that runs at login for the users to enforce the background being set. This can be done with a LaunchAgent, or by using something like outset https://github.com/chilcote/outset.
- set the default screen saver
Although I don't manage it, I believe it's set in com.apple.screensaver:
https://github.com/nmcspadden/Profiles/blob/master/ScreenSaverPasswordOff.mobileconfig
- have three servers as favourites (Canadian spelling there)
That's managed in com.apple.sidebarlists, I believe. I don't currently have a profile that manages it, but it's relatively easy to make one to add favorites.
- have several bookmarks in Safari, Chrome and Firefox
This is unfortunately the hard one, because there are three separate mechanisms you need to manage Safari, Chrome, and Firefox. Safari is easiest:
https://github.com/nmcspadden/Profiles/blob/master/Safari.mobileconfig
Chrome can be *mostly* managed by profile:
https://github.com/nmcspadden/Profiles/blob/master/Chrome.mobileconfig
There's a few extra steps when it comes to skipping the first run UI and such, but I don't think there's any blog posts about the whole process. That may be something I have to write up.
Firefox is done via the CCK2:
http://mike.kaply.com/2014/03/03/new-features-for-cck2/
https://addons.mozilla.org/en-US/firefox/addon/cck2wizard/
I don't have Office 2011 so I can't help with that specifically.
My overall suggestion is to use the Apple-approved and recommended methods for managing this information, which is basically through MCX/Profiles. Creating profiles is relatively easy, with Casper, with Profile Manager, or other tools like mcxToProfile. "defaults write" is essentially a way to change a preference setting, and a profile is essentially a way to enforce that preference setting.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-30-2014 11:51 AM
Thanks, nmcspadden, that's all good information. If anyone has suggestions on the Office 2011 font cache and user name, please let me know. The reason why I didn't go with profiles in the past is I don't want to manage these preferences for the users other than to have them as the defaults when they first log in. After that, they are in control of their own preferences. Active Directory users logging in do get a copy of the user template on first login, or at least they do with our setup. Since these are desktop computer labs (both iMac and Mac Pro) we don't enable mobile accounts, which haven't work properly since 10.6.8 as far as I can tell, though I haven't tested 10.9.3 yet.
