[knowmad]

…. Mine took without issue…..
What am I doing wrong that is making it work?

[knowmad]

Chops,
I figured I would weigh in with an opinion. Though I too am working on a first time boot script, much of what you are looking to do I have found it easier to do in the build (my opinion). I cannot stress enough the wonderful world of MCX records.
Learn em, use em, enjoy….

I think a good rule of thumb is that if the item needs to be set the same for all computers, set it (if you can) during build. If it needs to be specific to each machine, use a first boot script.

Addendum: If the setting should be never changed, use an MCX record (the exception being firewall, long story short, the MCX records load too late to set that at boot).

There are very few items in your list that cant be done ahead of time in your build.
If all root accounts will have the same password, you can enable it in the build.
The hostname item pretty much needs to be done after boot. The hiding of sub 500 users can be done ahead of boot BUT if you do that, you wont be able to add the admin account to the ARD list. So its a trade off.
The airport can be disabled through MCX, same with handling printer selection. The root removed from ssh, lso during build….

Below is my non-comprehensive list of items I play with using defaults write during the build…. the list of items I play with using MCX is growing rapidly and not easy to display right now….

[code]Defaults Write
#No .ds-store on network shares
defaults write com.apple.desktopservices DSDontWriteNetworkStores true

#turn off time machine
defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool YES

#disable time machine in general
defaults write /Library/Preferences/com.apple.TimeMachine AutoBackup 0

#disable time machine new disk requests
defaults write com.apple.TimeMachine DoNotOfferNewDisksForBackup 1

#Adds Recents Things Stack to dock
defaults write com.apple.dock persistent-others -array-add ‘{ “tile-data” = { “list-type” = 1; }; “tile-type” = “recents-tile”; }’

#Hide sub 500UID users
defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE

#Hide SPecific users from the fast user and login window lists (Replace $USERNAME with users name)
defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array $USERNAME

#Hide the Other user from login etc.
defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE

#change status of the firewall: 0=off 1=on for specific services and 2=on for essential services
sudo defaults write /Library/Preferences/com.apple.alf globalstate -int 1

#Globaly set the large print dialouge box
defaults write /Library/Preferences/.GlobalPreferences PMPrintingExpandedStateForPrint -bool TRUE

#use expanded save dialouges
defaults write -g NSNavPanelExpandedStateForSaveMode -bool TRUE

#use short name as default for logging into network shares
defaults write /Library/Preferences/com.apple.NetworkAuthorization UseDefaultName -bool NO
defaults write /Library/Preferences/com.apple.NetworkAuthorization UseShortName -bool YES

#set screen capture file format
defaults write com.apple.screencapture type pdf

#set the clock to display seconds
defaults write com.apple.MenuBarClock DisplaySeconds 1

#disable itunes update checking
defaults write com.apple.iTunes disableCheckForUpdates -bool YES

#remove itunes store links (bandwith)
defaults write com.apple.iTunes show-store-arrow-links -bool FALSE

#Change Login Window Background (I set a custom logon background pic)
defaults write $3/Library/Preferences/com.apple.loginwindow DesktopPicture /Library/LoginManagement/Login.jpg

#launch the login script (I use a login hook to display a security warning that must be agreed to)
defaults write $3/Library/Preferences/com.apple.loginwindow LoginHook /Library/LoginManagement/warning.sh

#these items can only be done after startup
#systemsetup use cannot address non-boot volume, so these are commented out
#systemsetup -settimezone America/Los_Angeles
#systemsetup -setusingnetworktime on
#systemsetup -setcomputersleep 180
#systemsetup -setdisplaysleep 30
#systemsetup -setcomputername NCI-Image-M

#Configure ARD – after startup
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -restart -agent -menu
[/code]

more when I have more time…. ie, never

[knowmad]

Where/how are you storing your asset tags?

[knowmad]

OUCH, ok I guess I was not as helpful as I thought I was.
Either that, or I am flat out wrong (always possible).

Ok, last in first out: AaronWyatt, your on the right track as far as I am concerned to figure this out, but your gonna kill yourself doing it the long way. Easiest way to check your setup is to run instadmg again, using the cached base os image (to shorten build time, this happens automatically assuming you make no changes to the source disk image or the choices file) and the only custom packages you should run are your createuser package and the clearreg.

Boot something from the resulting image and see if you get a fully loaded home folder.

If it works, its one of your other packages. If it does not work, I am wrong.

Now, for what Chops was saying…… um….. I got no good answer. I can tell you that all I am doing to the create user script is making a password hash and editing the userdata section. It works for me (though you have made me curious and I will be making new image tomorrow night to check). None of that helps you and is not what you wanted to hear. BUT going back to what I always tell my team/friends/family/clients/etc… start from the basic and go from there. Rebuild once more, but keep only one instance of the createuser and see what you get.

here, for the fun of it, is one of my USERDATA files:
[code]
#replace these values with your own. Comment out to use defaults
shortname=localadmin
longname=”LocalAdministrator”

#leave blank for next available uid
uid=499

#leave blank for 20
gid=20

#leave blank for /bin/bash
#shell=”/bin/bash”

#leave blank for /Library/User Pictures/Nature/Zen.tif
#pic=”/Library/User Pictures/Nature/Zen.tif”

#uncomment to set password (not recommended since password is clear text)
#if blank, it will use password hash file “password_hash”
#password=”mypassword”

#guid, leave blank for auto gen
#GUID=D4F8BFC9-8EC8-4645-A739-516F59571A2E

#admin
#1 – add to admin group
#0 – don’t add to admin group
admin=1[/code]
I hope that helps, and we can all compare notes in a few days with further testing.

and as a final item, Aaronwyatt, check that your not writing defaults to the user’s prefs folder… thats the one that got me when I started.

[knowmad]

for the record, I use create user, and the only changes I made were to scripts OTHER than create user, and I no longer have the half created user issue.

[knowmad]

Ah, the joy of having made a mistake and being able to help others avoid it(or at least recover from it).
I ran into this issue myself some time ago.
I was convinced I had done everything just so, and was still getting incomplete new user accounts.
Then I did some heavy reading (would have been much easier if I had searched these forums or the macosxhints.com forums, but instead I read apple white papers, knowledge base, manuals, etc… yuck).

The problem (just to be clear): After creating a new user via a script, you log into that account to find it does not match the default user setup you created in /System/Library/User Tempalte/English.lproj, and in fact is missing folder/files.

The reason: The OS will only populate a new user account if it is actually empty when it finds it the first time. While this may have many useful and logical reasons for being the default behavior, it is n this case annoying. How could this be the cause of ‘my’ issues? ‘I’ did not put anything into the new user account, this is the first time ‘I’ am logging in!
Well, yes BUT… In my case i found the answer in a few of my other installer packages, and scripts. I was writing stuff to the preferences folder of my new user. This created a library/preferences folder and several plist files. The OS then refused to overwrite those, and in fact wrote nothing new from the default setup, creating my half setup wierdo account.

The Answer: VERY carefully go through your scripts and installers and see what gets added to the user folder.
Reroute everything that can be rerouted to the default profile in english.lproj, and postpone the rest until after first login.

Simple but annoying.

I hope this helps.

[knowmad]

OK the more I think on it the more I realize that what I sent in the last post was mostly useless.
I know you have tried a dozen things, but… try a vanilla setup…
Ie, grab a fresh copy of instadmg, unpack it in a folder marked ‘test’
Make no changes to it other than putting the image of the installer dvd into the base folder.
Then run it.
If that gets you a working cache, start with that. Although you could use that to figure out what you did to the other setup, my guess is that its not worth it.
Starting from this and making changes one at a time, with a super basic (I know, its still 45 minutes each round) build in between will tell you what you did wrong OR you can forget about tracking it down and work with this build, adding the rest of your build train/stream/list/whatever to it minus the changes to the script directly.

i know, of limited help. Sorry, Im swamped, nothing jumps at me so you get … this.

[knowmad]

at what line numbers did you change those?
(stupid question but ….)

If I understand correctly you edited line 70 which originally read (including line 69 here)
[code]# This string is the root filesystem name for the ASR image.
ASR_FILESYSTEM_NAME=”InstaDMG”[/code]

and then line 140 which read:
[code]CURRENT_OS_INSTALL_MOUNT=”” # the location where the primary installer disk is mounted[/code]

I understand why you hardcoded line 70… why line 140?
and no, I am not certain this has anything to do with the issue your seeing

here are the pertinent lines from a succesful NON-cache (from cd into a cache file) build for comparison:
[code]
13:07:08 ######InstaDMG build initiated######
13:07:08 ######Mounting Mac OS X installer image######
Mounting a support disk from ./InstallerFiles/BaseOS/./InstallerFiles/BaseOS/Applications Install Disc.dmg
Mounting the main OS Installer Disk from: ./InstallerFiles/BaseOS/Mac OS X Install DVD.dmg at: /tmp/instaDMGMount.GVPRSq
Mac OS X installer image mounted
13:10:17 ######Creating intermediary disk image######
created: /tmp/instaDMGTemp.2Kq1ke.sparseimage
Image mounted at /dev/disk7
Running on Intel Platform: Setting format to GPT
Started erase on disk disk7
Creating partition map
Formatting disk7s2 as Mac OS Extended (Journaled) with name 1B7CB9D1-C77D-44E3-A610-E932C8374F97

Finished erase on disk disk7
Finished partitioning on disk disk7
/dev/disk7 GUID_partition_scheme
/dev/disk7s1 EFI
/dev/disk7s2 Apple_HFS /tmp/instaDMGMount.vV1Qcy
Intimediary image creation complete
13:10:49 ######Beginning Installation from /tmp/instaDMGMount.GVPRSq######
I’m running on Leopard or later. Checking for InstallerChoices.xml file
InstallerChoices.xml file found. Applying Choices
installer: Package name is Mac OS X
installer: choices changes file ‘./InstallerFiles/BaseOS/InstallerChoices.xml’ applied [/code]

and then

[code] installer: The install was successful.
Base OS installed
Compacting and saving cached image to: ./Caches/BaseImageCache/3D76E122:1574b2a41d626bd7eaf9d8d518a22521ec3ac29d.dmg
“disk7” unmounted.
“disk7” ejected.
Remounting the image with a shadow file (/tmp/instaDMGTemp.2Kq1ke.sparseimage)
/dev/disk7 GUID_partition_scheme
/dev/disk7s1 EFI
/dev/disk7s2 Apple_HFS /tmp/instaDMGMount.vV1Qcy
13:43:27 ######Beginning Update Installs from ./InstallerFiles/BaseUpdates######
13:43:27 ######Beginning Update Installs from ./InstallerFiles/CustomPKG######
13:43:27 ######Correcting some generic installer errors######
[/code]

[knowmad]

Can you give us more details? A log maybe?
Do your images work minus the cache?
Have you changed your script at all?
Caching should just work… its only supposed to NOT work if you specifically comment it out.

[knowmad]

more dumb questions (i am good at those, and you should always stick with what your good at….)
10.5.5…. huh…. well, it SHOULDN’T make a difference (especially as it was working before) but… They (apple) did something to 10.5.5 that screwed up certain complex scripting actions. This is easiest to see by running the Office 08 installer script in 10.5.4, 10.5.5 and 10.5.6. You’ll see no error in 4 and 6 but 5 will give you an odd scripting error that stops everything until you hit ok, even in CL mode.
Does that mean its affecting your issue? no. Is it shotgun repair work (fix everything just to get the one item included)? yes, so I suggest it as a last straw.

How exactly are you running the newer instadmg? here is what I suggest.
Make a brand new folder somewhere innocuous, like on your desktop. Call it 43. Move the InstaDMG1.43 script into there. Then move the newer script into the location where the 1.43 WAS. Change NOTHING else.
run it

My guess is that something in the new set of folders you have for the new script is just slightly not right.
Maybe its a flag? a short cut? a bad image?
no clue…. but the easiest way to see if its IN the script vs in the folders/image/environment is to do as stated above.

and when that doesn’t work, try 10.5.6
😉

[knowmad]

Im confused… why the 10.5.3 combo update and not the 10.5.6?

[knowmad]

1) did you change the name of the OSX installer disc Image?
2) Do you have have enough free space?
3) Are you running under sudo?
(not trying to be insulting, just running the basics past you to see if you are doing something odd out of habit that does not apply to a default setup).
4) do you have spaces in the name of your drive or dmg image name? (i vaugley remember some people having issues with this)
5) what OS is your build station at?
All the details you can give us will help….

[knowmad]

I have also not seen any issues but I will now go look directly at what your pointing too…… I will point out that the underscore in the file name you are pointing to may be related to the issue brought up in the ‘[url]https://www.afp548.com/forum/viewtopic.php?showtopic=23887[/url]’ repair permissions thread by AllenMarcus
That does not help right now, but maybe check to see if its a simlink/alias and maybe fix it?
just a wild suggestion.

[knowmad]

check these forums (i usually do it and drop a link, but have no time right now) this issue was posted by someone, the fix was (I think) posted as well and was not obvious…. I think.

[knowmad]

[QUOTE][u]Quote by: MacTroll[/u][p]Manage root as best as possible. However, I’d protect your rear by stashing an admin account in either a secondary local directory or some other obfuscation so you can always get back into the box.

At that point the root account is sacrificial and just serves to distract away from the admin account that you actually care about.

Even this is a hack at best and you’re just rearranging deck chairs though.[/p][/QUOTE]

but they are such lovely deck chairs, and put them in the right order and things look so nice….

Back to reality, security through obscurity ON ITS OWN is not good security. As part of a larger and more comprehensive whole, it has its place.
Hidden Admin account (both by sub-500 number AND by location): Check
Individualized password for admin/root account and master password specific to each machine: Check
Disabling root as much as possible: Check
Locked Single User Mode (apple suggests against it, but its useful): Check
Firmware Password: No, it gets in the way of too many things, so good idea though it is…. not for me.
Disabled Guest account (need to figure that one out better): Check
DIsabled File sharing: Check
Disabled internet sharing: Check
Bluetooth not discoverable by default: Check
Other nebulous security measures: Check (no coffee today, brain on fritz, cant think of what else we do).

Open to new suggestions: Check…. what’s your favorite security measure that reduces ‘accidental’ or ‘well-meaning’ problems but maintains machine usefulness?

[Author]

Posts