Help

User Template Replacement for El Capitan

jakeobie
New Contributor II

Posted on ‎03-30-2016 11:07 AM

Hey all,

For making images, we often like to set up one user and apply all preferences to any user that may sign in with their AD account going forward. In the past, we've been applying the preferences to the User Template and it has worked beautifully. I understand, however, that El Capitan has issues with this relating to SIP.

I've looked into managed preferences and configuration profiles, but neither (from what I've read) would capture preferences from third-party programs. This is huge as we want a user to be able to log into a computer and get a consistent experience. Some of the computers we deploy are publicly accessed, and we set the browsers to not keep any history.

Any suggestions? Should I stick with user templates and try to work around SIP? Thanks!

0 Kudos
Reply
4 REPLIES 4

rhoward
Contributor

Posted on ‎03-30-2016 11:27 AM

What we do is just disable SIP since some of our computers are dual boot Wind/Mac 10.11.xx. You can do that from the recovery partition:

csrutil disable

As far as templates go, it depends on what you are configuring within the template. Lots of stuff can be automated using Casper and some simple bash scripting to make up for changing the user templates.

0 Kudos
Reply

jaharmi
Contributor

Posted on ‎03-30-2016 11:45 AM

El Capitan (last I checked) has an exception to SIP protections on the “User Template” folder. (See this thread, for example.)

I would personally recommend using configuration profiles or other means (such as scripts that run at login) to configure settings the way you want. Configuration profiles can deploy settings for third-party applications, but those applications may not honor those settings (depending on how they read preferences). The situation is similar but not necessarily identical to support for Managed Preferences, which are described in the Casper Suite Administrator Guide (p. 342 in the v9.82 guide).

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎03-30-2016 12:07 PM

@jakeobie SIP protects the "User Template" folder itself from deletion etc.

FUT's still works.

0 Kudos
Reply

kstrick
Contributor III

Posted on ‎03-30-2016 12:26 PM

+1 what @bentoms said

"User Templates" are not protected by SIP, and can still be seeded

0 Kudos
Reply