- This topic has 14 replies, 8 voices, and was last updated 15 years, 7 months ago by
ewhite.
-
AuthorPosts
-
May 15, 2008 at 1:11 pm #372737ewhiteParticipant
I’m building an image for the IT dept at a college where the management’s main goal is that this image is as similar (in terms of user experience) as possible to previous versions (which could have been Tiger or Leopard depending on the user). So, settings are pretty important.
I’m not sure I’ll figure out how to package everything I need to for this go-around on the image, and will probably end up with a workflow that combines InstaDMG + “the old way” of imaging. But, I’d like to put as much as possible into the InstaDMG half of the workflow. So, my question:
Has anyone been adjusting system preferences or finder preferences in an InstaDMG workflow?
I’ve had moderate success finding examples of how to use defaults and systemsetup to modify system prefs, but I haven’t found a good/comprehensive reference on how to edit specific values (other than just reading the plists and trying to figure out what’s there).
So far, I’ve figured out that I’ll want to use:
[code]defaults write com.apple.screencapture type pdf
defaults write com.apple.MenuBarClock DisplaySeconds 1
defaults write com.apple.TimeMachine DoNotOfferNewDisksForBackup 1
defaults write /Library/Preferences/com.apple.TimeMachine AutoBackup 0
systemsetup -settimezone America/New_York
systemsetup -setusingnetworktime on
systemsetup -setnetworktimeserver time.nist.gov
systemsetup -setcomputersleep 60
systemsetup -setdisplaysleep 15
systemsetup -setcomputername 1053_FCAPMaster[/code]
But I’d also like to change the following System Prefs:Appearance: change highlight color
Spaces: enable and add to menu bar
International: enable character palette and show input menu in menu bar
Security: disable auto-login, set a master password, and turn on the firewall
Bluetooth: turn off and enable Bluetooth status in menu bar
Accounts: display login window as name and password
TimeMachine: do not show menu bar item
Universal Access: enable flash screen when an alert sound occursAnd I want to adjust a few settings for the Finder (what appears in the sidebar, arrange by name, always open in icon view)
I’m also trying to think about how these changes should fit in, should I write a bash script and call it from instadmg.bash after the call to install_custom?
Any ideas or advice are appreciated!
Esther
May 15, 2008 at 4:06 pm #372744Rusty MyersParticipantThanks for posting the mods you have figured out so far. I haven’t made it to the interface customization yet, but If you can keep posting what you find, I’d appreciate it. Thanks!
May 15, 2008 at 4:30 pm #372747Patrick FergusParticipantI may have asked you this before, but do you have OS X Server providing any sort of client management? Most of this can be done, but handling it via the clients respecting policy dictated by OS X Server will prevent you from chasing down already deployed machines and re-baking your image each time someone dictates a new change they want to see.
However, if you are going to bake your settings into the image, you’ll want to use a payload-free package in your CustomPKG folder. What it is is a package that doesn’t actually install anything (anything useful, at least, you might need to install a dummy file into /private/tmp so the installer doesn’t hork when trying to install) and runs your desired script as a postflight script.
However, some of those settings you’ve listed live in the user’s account. Without policy, you’re going to be scripting something like the following so the settings are written into the User Template and will affect all new user accounts:
[code]/usr/bin/defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.Safari IncludeDebugMenu 1[/code]
If you’re digging for what settings and what files are modified by each of your settings of interest, you can grab your favorite change-tracking tool (LogGen, fseventer, etc) and use it to figure out what file is getting manipulated. Then compare the before and after of the file while toggling the setting and figure out what defaults command you need to write. I can dig the settings up if you want me to, but it is [i]really[/i] a good exercise to learn how to find them. You’ll eventually hit some setting that isn’t documented or widely used (Office 2008 WYSIWYG menus, I’m looking at [b][i]you[/i][/b]) and then you’ll have the experience and toolkit to find them.
– Patrick
May 15, 2008 at 4:36 pm #372748ewhiteParticipant@Patrick
I’m not using OS X Server or any other client management once the machines are deployed. And since it’s an academic setting, that’s been working alright (once a computer is on a faculty member’s desk, they think they “own” it and can do pretty much whatever they want — so new settings only need to be implemented on machines that are getting imaged, whether they are faculty or lab computers). We do use ARD for lab computers, but leave desk machines alone except for troubleshooting.Thank you for the post-flight package tip, that makes a lot more sense than what I had in mind.
Now all I’ve got to do is convince my manager that I really *do* need that dedicated package-building machine…
Esther
May 15, 2008 at 4:58 pm #372752Greg NeagleParticipantWith Leopard, I’m of the opinion that there is no excuse now to NOT use Apple’s client management tools, AKA MCX, or policy, or whatever. Even if you don’t have a directory server, you can use the local DS to store policy settings.
There may be configuration changes that still require running systemsetup or networksetup, or other tools, but just about anything that you’re currently using the defaults tool to manage can be managed with MCX records.
This is a huge win for Mac OS X admins, as now ALL admins can take advantage of MCX, no matter what your infrastructure is.
For some ideas on how to use MCX in the local DS, see
https://www.afp548.com/article.php?story=using-mcx-in-the-dslocal-domain
and
http://managingosx.wordpress.com/2008/02/07/mcx-dslocal-and-leopard/Since these settings are now stored as plist files in /private/var/dslocal/nodes/Default, you can capture them into a package (or packages) and make them part of an InstaDMG workflow.
May 15, 2008 at 5:06 pm #372753knowmadParticipant[quote]Appearance: change highlight color
Spaces: enable and add to menu bar
International: enable character palette and show input menu in menu bar
Security: disable auto-login, set a master password, and turn on the firewall
Bluetooth: turn off and enable Bluetooth status in menu bar
Accounts: display login window as name and password
TimeMachine: do not show menu bar item
Universal Access: enable flash screen when an alert sound occurs[/quote]OK, a lot of this stuff (and some of the other stuff you have talked about) is easier done through MCX records. This topic has been covered elsewhere many times (links to come when I get the chance) and is worth looking up. It all depends on how tightly you want to control this. If you download Server Admin and use the WorkGroup Admin tool (names of tools are approximate, I have a bad habit of using a shorthand for my own thoughts that then eclipses the actual name in my mind)to set policy for a guest computer and add that to your image… a lot of it can be done that way easily and semi-permanently.
Setting the login window to User/Pass, disabling autologin, disabling bluetooth, time machien not in bar, Universal access, turn on firewall… these are most easily set through MCX/workgroup admin.
The other thing you can do is set up a ‘new user’ exactly how you want it to be, then copy that profile into the English.lproj folder (/System/Library/User\ Template/English.lproj) of your image. Then all new users will have those settings as default. Does not work for system level settings such as MasterPassword.
I hope this was helpful.
May 15, 2008 at 6:56 pm #372763ewhiteParticipant@gneagle
Thanks for the links to MCX tutorials for local directory services, I didn’t realize that I could use this without running an OS X Server.
@knowmad
Thank you for the tips as well. My current workflow involves customizing a user then copying English.lproj, and it’s working pretty well, but I want to get this all as stream-lined as possible. The way we’re doing it now (which was all setup before I started this job), you have to setup a model computer/account from scratch to rebuild the image — every time! So, with a deadline on this image approaching quickly, I will probably end up combining InstaDMG with this “old” way of imaging using a customized English.lproj.If you think of links/resources other than the ones mentioned by gneagle, let me know!
May 16, 2008 at 2:19 pm #372783knowmadParticipantheh, I posted without seeing gneagle’s post… we basically said the same thing ‘use MCX’ but he did a better job of pointing to resources. Good on you!
To answer, I don’t think I have any other MCX how-tos, but I will check.
July 15, 2008 at 3:20 pm #373399eric_csmParticipant[quote]International: enable character palette and show input menu in menu bar[/quote]
Hi Knowmad,
which item should I add in WM to gain access to the international settings? I tried adding /S/L/CS/ManagedClient but no luck with that one…
tried also with “/S/L/CS/Language Chooser” but WM is not allowing me to add it
Eric
July 15, 2008 at 4:08 pm #373401knowmadParticipant[quote]International: enable character palette and show input menu in menu bar
Hi Knowmad,
which item should I add in WM to gain access to the international settings? I tried adding /S/L/CS/ManagedClient but no luck with that one…
tried also with “/S/L/CS/Language Chooser” but WM is not allowing me to add it
Eric
[/quote]
Eric,
ok, well…… I have no idea. a couple of days after my last post I left my job and moved across country. I have literally not been near a mac for two months. I will be doing a lot of work on this for my new job, but not until next week when I get my new build station. At that time I will look into answering your question.
In the mean time, anyone else want to take stab at it?
(sorry)
knowmad
(edited because i can’t count)July 15, 2008 at 5:20 pm #373402Patrick FergusParticipant[b]Input Menu (a.k.a. the International Menu Extra):[/b]
Start Workgroup Manager, go to the Preferences section, and click on the “Details” tab. Click the plus button. Navigate to:
/System/Library/CoreServices/ManagedClient
and click “Add”. You now should have a bunch of managed preferences, including one named “Menu Extras”. Edit “Menu Extras” and turn down the triangle for “Once” or “Always”, depending on how lenient you want to be with your users. Click “New Key” and where it says “New Item”, click it and select “International Menu Extra”. It will magically become a boolean key, and check to make sure it’s set to “true”. Click “Apply Now”.
[b]Character palette:[/b]
Add the character palette to the Input Menu via the International Preference Pane. Examine the following file:
~/Library/Preferences/ByHost/com.apple.HIToolBox.MACADDRESS.plist
You’re interested the following keys (on Leopard):
AppleDefaultAsciiInputSource
AppleEnabledInputSources
AppleSelectedInputSourcesat least, that’s what works for us. You might wish to enable and disable a few different keyboard layouts, input sources, etc, to determine exactly what out of those keys is needed. Import that into WGM’s Detailed Preferences as a ByHost preference and set them as “Often” (since I don’t think they understand “Always”).
– Patrick
July 17, 2008 at 1:34 pm #373421ewhiteParticipantIn the end, on this project, I used dslocal & WGM to set all these preferences only to find that we couldn’t use WGM in my environment because of issues with the way that WGM deals with computer names and a crunch for time. This time around, I ended up making a “half-way” image with InstaDMG then had to restore a machine, make some tweaks, and capture using NetRestore for the final product.
As a reference for others: I used fseventer [url]http://fernlightning.com/doku.php?id=software:fseventer:start[/url] to figure out where changes were made, which was very helpful.
July 18, 2008 at 5:00 pm #373435cooperkevindParticipantQuestion about moving the .plist files to the new machine… In both Nigels post on AFP and Greg Neagels post on word press they show a script to add the MAC address to the the newly added dscl files….. But I can’t get either to work. How are other people managing this?
thanks in advance
Kevin
July 18, 2008 at 5:42 pm #373436thomasbParticipant[QUOTE][u]Quote by: ewhite[/u][p]As a reference for others: I used fseventer [url]http://fernlightning.com/doku.php?id=software:fseventer:start[/url] to figure out where changes were made, which was very helpful.[/p][/QUOTE]
Thanks a lot for the tip!Awesome little app 🙂
July 21, 2008 at 12:39 pm #373455ewhiteParticipant[QUOTE][u]Quote by: cooperkevind[/u][p]Question about moving the .plist files to the new machine… In both Nigels post on AFP and Greg Neagels post on word press they show a script to add the MAC address to the the newly added dscl files….. But I can’t get either to work. How are other people managing this? [/p][/QUOTE]
Kevin —
When I was experimenting with MCX, I ended up getting the MAC address into the dscl files using the following loginhook:
[code]
#!/bin/shstoredMacAddress=`/usr/bin/dscl . -read /Computers/localhost ENetAddress | cut -f2 -d ” “`
macAddress=`/sbin/ifconfig en0 | /usr/bin/grep ‘ether’ | /usr/bin/sed “s/^[[:space:]]ether //” | cut -f1 -d ” “`
if [ “$storedMacAddress” != “$macAddress” ] ; then
sudo dscl . -create /Computers/localhost ENetAddress $(ifconfig en0 |grep ether | awk ‘{print $2}’)
fi[/code]
The loginhook is installed by a package in the NetRestore post-actions folder. It’s turned on by the following script, which is also run as a NetRestore post-action:
[code]#!/bin/bash# adds login hook to com.apple.loginwindow
defaults write “$1″/var/root/Library/Preferences/com.apple.loginwindow LoginHook /etc/login.hook[/code]At first, I was concerned that this was adding an un-necessary loginhook to my systems, but realized that for my environment, running this check at startup could actually be helpful — because if I decide to change the MCX settings on a machine (which is not managed by a server, only by these local settings) I can simply swap out the dscl plist(s) and upon reboot the preferences are set the way I want them.
-
AuthorPosts
- You must be logged in to reply to this topic.
Comments are closed