What are you building the package in?

In general, Apple Installer packages have three choices for install authorization: No Authorization Required, Admin Authorization, and Root Authorization. If you look at the Info.plist for an already build package, you’ll see it listed under the “IFPkgFlagAuthorizationAction” key.

I know that Iceberg does allow you to select this in the package options; I’m not as familiar with PackageMaker, but I’d hope it would offer similar options. As long as you select Root Authorization for your package, no matter if you use it within InstaDMG or running it by itself, it’ll allow full rights to the entire file system, including the /System/Library/User Template directories.

(Metapackages — .mpkg files — will default to the most permissive choice of the packages within, I’m fairly certain. If the permission level is either not specified at all at the .mpkg level, or doesn’t match that “most permissive level,” Installer will throw a warning into the install logs.)

[QUOTE][u]What I’m trying to do right now though, is add a default login item of Keychain Minder to my instaDMG image. I used PackageMaker to build a package to deploy Keychain Minder, and then I figured I’d add the loginitems.plist to /System/Library/User Template/English.lproj/Library/Preferences/ so any new user account automatically had Keychain Minder as a login item, to assist with the messy password expiration rules.[/p][/QUOTE]

You’d be better off adding this as a global login item to /Library/Preferences/loginwindow.plist; or even better, using MCX.

Adding it to the Template doesn’t affect network users, nor existing users (including those moved over using the Migration Assistant.)

-Greg