`
xitong
  • 浏览: 6158237 次
文章分类
社区版块
存档分类
最新评论

OS X:实用脚本程序系列-18

 
阅读更多

下面的脚本主要提供了好多配置OS X 10.7系统的途径,仅供参考。


From:http://chrisgerke.tumblr.com/post/22875358548/mac-os-x-10-7-4-soe

#* build.sh
#+ Phase 1 of 3
#+ Run this script via single user mode to prep a Mac OS X 10.7.3 install.

#* PLIST BUDDY
PB="/usr/libexec/PlistBuddy"

#* Mount volume for writing.
/sbin/mount -uw /

#* Load Open Directory
launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist

#* Avoid Setup Wizard.
sudo /usr/bin/touch "/private/var/db/.AppleSetupDone"
sudo /usr/sbin/chown root:wheel "/private/var/db/.AppleSetupDone"

#* Avoid Registration Wizard.
sudo /usr/bin/touch "/Library/Receipts/.SetupRegComplete"
sudo /usr/sbin/chown root:wheel "/Library/Receipts/.SetupRegComplete"

#* Default user preferences.
#+ Modifies /System/Library/User Template
#+ Note : com.apple.dock.plist, com.apple.LaunchServices.plist and com.apple.sidebarlists.plist are a bit complex and I'm too lazy to write them with plistbuddy so I supply them as payload items instead.
#+ Be careful with com.apple.sidebarlists.com, make sure to remove the useritems dictionary as its not dynamic. 
#+ Note : I set these prior to creating my local admin user accounts to that I can test them, you may not want to in case they are buggy.
for USER_TEMPLATE in `sudo ls /System/Library/User\ Template`
do
 if [ -r "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences" ]; then
  /bin/echo "Modifying /System/Library/User Template/${USER_TEMPLATE}/Library/Preferences"
  #+ com.apple.ATS.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.ATS" ATSAutoActivation -string ATSAutoActivationDisable
  #+ com.apple.desktop.plist
  sudo $PB -c 'Add Background:default:BackgroundColor array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktop.plist" 
  sudo $PB -c 'Add Background:default:BackgroundColor:0 real 0' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktop.plist"
  sudo $PB -c 'Add Background:default:BackgroundColor:1 real 0' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktop.plist"
  sudo $PB -c 'Add Background:default:BackgroundColor:2 real 0' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktop.plist"
  sudo $PB -c 'Add Background:default:DrawBackgroundColor bool true' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktop.plist"
  sudo $PB -c 'Add Background:default:ImageFilePath string /Library/RDA/FWDrop/Desktop/RDA/Midnight.peg.png' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktop.plist"
  #+ com.apple.desktopservices.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.desktopservices" DSDontWriteNetworkStores -bool TRUE
  #+ com.apple.dock.plist (ugly but too complex for defaults or plistbuddy and I'm lazy)
  sudo /bin/cp -f "/var/root/com.apple.dock.plist" "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.dock.plist"
  #+ com.apple.DiskUtility.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.DiskUtility" advanced-image-options -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.DiskUtility" DUDebugMenuEnabled -bool YES
  #+ com.apple.finder.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" _FXShowPosixPathInTitle -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" FXDefaultSearchScope -string SCcf
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" FXPreferredViewStyle -string Nlsv
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" NewWindowTarget -string PfHm
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" ShowHardDrivesOnDesktop -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" ShowMountedServersOnDesktop -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" ShowRemovableMediaOnDesktop -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" ShowPathbar -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.finder" ShowStatusBar -bool YES
  #+ com.apple.FontBook.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.FontBook" FBValidateFontsBeforeInstalling -bool NO
  #+ com.apple.iTunes.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disableCheckForUpdates -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disableGeniusSidebar -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disableGetAlbumArtwork -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disablePing -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disablePingSidebar -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disablePodcasts -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disableRadio -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" disableSharedMusic -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" dontAutomaticallySyncIPods -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.iTunes" lookForSharedMusic -bool NO
  #+ com.apple.LaunchServices.plist (ugly but too complex for defaults or plistbuddy and I'm lazy)
  sudo /bin/cp -f "/var/root/com.apple.LaunchServices.plist" "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.LaunchServices.plist"
  #+ com.apple.NetworkBrowser.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.NetworkBrowser" BrowseAllInterfaces -bool NO
  #+ come.apple.Preview.plist
  #+ NOTE : Changed my mind, not touching this stuff till I play with some more scenarios.
  #sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Preview" ApplePersistenceIgnoreState YES
  #+ com.apple.Safari.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" ApplePersistenceIgnoreState YES
  # or...
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" NSQuitAlwaysKeepsWindows -int 0
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" AutoFillFromAddressBook -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" AutoFillMiscellaneousForms -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" AutoFillPasswords -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" IncludeDebugMenu 1
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" LastDisplayedWelcomePageVersionString -string 4.0
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" NewWindowBehaviour 0
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" RestoreSessionAtLaunch -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" WebKitJavaScriptCanOpenWindowsAutomatically -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" ShowStatusBar -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" HomePage "http://intranet.rdigest.com"
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.internetconfigpriv" WWWHomePage "http://intranet.rdigest.com"
  #+ com.apple.SetupAssistant.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.SetupAssistant" DidSeeCloudSetup -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.SetupAssistant" GestureMovieSeen none
  #+ com.apple.sidebarlists.plist (ugly but too complex for defaults or plistbuddy and I'm lazy)
  sudo /bin/cp -f "/var/root/com.apple.sidebarlists.plist" "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.sidebarlists.plist"
  #+ com.apple.systempreferences.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systempreferences" HiddenPreferencePanes -array "com.apple.preference.startupdisk" "com.apple.prefs.backup" "com.apple.preferences.softwareupdate" "com.apple.preferences.parentalcontrols" "com.apple.preference.internet" "com.apple.preferences.internetaccounts" "com.apple.preferences.icloud" "com.apple.preferences.sharing" "com.apple.preference.desktopscreeneffect" "com.apple.preference.security" "com.apple.preference.engerysaver"
  #+ com.apple.symbolichotkeys.plist (Disable Dashboard and Mission Control Keys so they are default Fn keys)
  sudo $PB -c "Add :AppleSymbolicHotKeys:32:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:32:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:33:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:33:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:34:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:34:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:35:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:35:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:36:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:36:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:37:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:37:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:52:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:52:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:59:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:59:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:62:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:62:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:63:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:63:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:64:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:64:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:65:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:65:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Add :AppleSymbolicHotKeys:73:enabled bool NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  sudo $PB -c "Set :AppleSymbolicHotKeys:73:enabled NO" /System/Library/User\ Template/${USER_TEMPLATE}/Library/Preferences/com.apple.symbolichotkeys.plist
  #+ com.apple.TextEdit.plist
  #+ NOTE : Changed my mind, not touching this stuff yet
  #sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.TextEdit" ApplePersistenceIgnoreState YES
  #sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.TextEdit" NSQuitAlwaysKeepsWindows -int 0
  #+ com.apple.TimeMachine.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.TimeMachine" DoNotOfferNewDisksForBackup -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.TimeMachine" AutoBackup -bool NO
  #+ com.apple.universalaccess.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.universalaccess" voiceOverOnOffKey -bool NO
  #+ .GlobalPreferences
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" AppleKeyboardUIMode -int 2
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" AppleMiniaturizeOnDoubleClick -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" AppleShowAllExtensions -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" AppleShowScrollBars -string "Always"
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" NSAutomaticSpellingCorrectionEnabled -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" NSAutomaticWindowAnimationsEnabled -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" NSNavPanelExpandedStateForSaveMode -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" NSQuitAlwaysKeepsWindows -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" PMPrintingExpandedStateForPrint -bool YES
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" com.apple.swipescrolldirection -bool NO
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/.GlobalPreferences" com.apple.keyboard.fnState -bool YES
 fi
done

#* Create LOCAL ADMIN ACCOUNT.
#+ Note : Redirecting home directory to /var so regular end users don't see the local admin home directory at all.
#+ Note : Consider UniqueID in regard to the Hide500Users value for /Library/Preferences/com.apple.loginwindow
#+ Note : kcpassword cannot be scripted, you must supply it.
#+ Note : You may want to consider creating more than one local ADMIN account. For example, one full admin and one with ARD permissions.
#+ Note : The password is set via plain text, you could supply a pre-made hash file to be more secure. Each user has their own shadow file, with each shadow file stored under a .plist file located in /var/db/dslocal/nodes/Default/users/. The associated hash contains the users GUID which can be found by running dscl localhost -read /Search/Users/ | grep GeneratedUID | cut -c15-

#+ Create the user.
sudo /usr/bin/dscl . -create /Users/${SHORTNAME}
sudo /usr/bin/dscl . -create /Users/${SHORTNAME} UserShell /bin/bash
sudo /usr/bin/dscl . -create /Users/${SHORTNAME} RealName "${SHORTNAME}"
sudo /usr/bin/dscl . -create /Users/${SHORTNAME} UniqueID 444
sudo /usr/bin/dscl . -create /Users/${SHORTNAME} PrimaryGroupID 80
sudo /usr/bin/dscl . -create /Users/${SHORTNAME} NFSHomeDirectory "/var/${SHORTNAME}"
sudo /usr/bin/dscl . -passwd /Users/${SHORTNAME} "${PASSWORD}"
sudo /usr/bin/dscl . -append /Groups/admin GroupMembership "${SHORTNAME}"
sudo /bin/cp -Rfv /System/Library/User\ Template/English.lproj "/var/${SHORTNAME}"
#+ Permissions.
sudo /usr/sbin/chown -R ${SHORTNAME}:admin "/var/${SHORTNAME}"
#+ Hide the user from the loginwindow.
sudo /usr/bin/defaults write "/Library/Preferences/com.apple.loginwindow" HiddenUsersList -array-add ${SHORTNAME}

#* Enable autoLoginUser for this user so "boot" phase is seamless.
sudo /usr/bin/defaults write "/Library/Preferences/com.apple.loginwindow" autoLoginUser -string "${SHORTNAME}"
#+ kcpassword payload
sudo /bin/cp -f "/var/root/kcpassword" "/etc/kcpassword"
sudo /bin/rm -Rf "/etc/kcpassword.disabled"
#+ kcpassword special permissions.
sudo /usr/sbin/chown root:wheel "/etc/kcpassword"
sudo /bin/chmod 600 "/etc/kcpassword"

#* VNC password
ENCVNCPASSWD=$(/bin/echo "${PASSWORD}" | perl -we 'BEGIN { @k = unpack "C*", pack "H*", "1734516E8BA8C5E2FF1C39567390ADCA"}; $_ = <>; chomp; s/^(.{8}).*/$1/; @p = unpack "C*", $_; foreach (@k) { printf "%02X", $_ ^ (shift @p || 0) }; print "\n"')
sudo /bin/echo "${ENCVNCPASSWD}" > "/Library/Preferences/com.apple.VNCSettings.txt"
#+ com.apple.VNCSettings.txt special permissions.
sudo /usr/sbin/chown -R root:wheel "/Library/Preferences/com.apple.VNCSettings.txt"
sudo /bin/chmod -R 600 "/Library/Preferences/com.apple.VNCSettings.txt"

#* Enable SSH
sudo /usr/bin/defaults delete "/System/Library/LaunchDaemons/ssh" "Disabled"
#+ SSH daemon special permissions.
sudo /usr/sbin/chown root:wheel "/System/Library/LaunchDaemons/ssh.plist"
sudo /bin/chmod 644 "/System/Library/LaunchDaemons/ssh.plist"
#+ SSH MOTD banner.
sudo /bin/echo " " > "/etc/motd"
sudo /bin/echo "Unauthorized access to these resources is prohibited." >> "/etc/motd"
sudo /bin/echo " " >> "/etc/motd"
#+ SSH MOTD special permissions.
sudo /bin/chmod 755 "/etc/motd"
sudo /usr/sbin/chown root:wheel "/etc/motd"

#* Enable Apple Remote Desktop
#+ Note : Check kickstart options, you can make it more secure by using -allowAccessFor -specifiedUsers
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -allUsers -access -on -privs -all -clientopts -setvnclegacy -vnclegacy yes

#* Disable softwareupdate schedule with a daemon.
#+ NOTE : softwareupdate plist is machine specific, I do it this way so any future user that logs in has it disabled.
sudo /usr/bin/defaults write /Library/LaunchDaemons/org.softwareupdate Label org.softwareupdate
sudo /usr/bin/defaults write /Library/LaunchDaemons/org.softwareupdate LaunchOnlyOnce -bool TRUE
sudo /usr/bin/defaults write /Library/LaunchDaemons/org.softwareupdate Program "/usr/sbin/softwareupdate"
sudo /usr/bin/defaults write /Library/LaunchDaemons/org.softwareupdate RunAtLoad -bool TRUE
sudo /usr/bin/defaults write /Library/LaunchDaemons/org.softwareupdate ProgramArguments -array "/usr/sbin/softwareupdate" "--schedule" "off"
#+ softwareupdate Launch Daemon special permissions.
sudo /usr/sbin/chown root:wheel "/Library/LaunchDaemons/org.softwareupdate.plist"
sudo /bin/chmod 644 "/Library/LaunchDaemons/org.softwareupdate.plist"

#* Remove dockfixup, most end users don't require any of the iLife apps for work purposes.
sudo /bin/mv -f /Library/Preferences/com.apple.dockfixup.plist{,.BACKUP}

#* Disable /Library/Printers/PPDs
#+ NOTE : This is a legacy setting I used to do as Quark populates its print dialog with every PPD. Will go away soon.
sudo /bin/cp -R /Library/Printers/PPDs/Contents/Resources /Library/PrintersPPDsDisabled
sudo /bin/rm -R /Library/Printers/PPDs/Contents/Resources/*.*

#* Disable /System/Library/Printers/PPDs
#+ NOTE : This is a legacy setting I used to do as Quark populates its print dialog with every PPD. Will go away soon.
sudo /bin/cp -R /System/Library/Printers/PPDs/Contents/Resources /System/Library/PrintersPPDsDisabled
sudo /bin/rm -R /System/Library/Printers/PPDs/Contents/Resources/*.*

#* Enable Access for Assistive Devices.
#+ NOTE : Enabling this for applescripts that need to manipulate the GUI.
sudo touch /private/var/db/.AccessibilityAPIEnabled

#* Link to Directory Utility.
#+ NOTE : Because its more convenient than 5 clicks!
sudo /bin/ln -s "/System/Library/CoreServices/Directory Utility.app" "/Applications/Utilities/Directory Utility.app"

#* Turn down default volume
#+ NOTE : So the "boot" phase doesn't surprise anyone :)
sudo /usr/bin/osascript -e "set Volume 2"

#* Disable QuickLook Daemon
#+ Rather than constantly clearing /Users/USER/Library/Caches/com.apple.QuickLookDaemon
/usr/bin/defaults write "/System/Library/LaunchAgents/com.apple.quicklook" Disabled -bool true

#* Remove Alex and save 450mb, smaller DMG size.
sudo /bin/rm -Rf "/System/Library/Speech/Voices/Alex.SpeechVoice"

#* Remove any sleepimage, smaller DMG size.
#+ NOTE : Only do this if you understand what its doing. Google it.
sudo /bin/rm -Rf "/private/var/vm/sleepimage"

#* Remove any swapfile, smaller DMG size.
sudo /bin/rm -Rf "/private/var/vm/swapfile0"

#* Remove caches just-in-case there is anything machine specific.
sudo /bin/rm -Rf ~/Library/Caches/*
sudo /bin/rm -Rf /Library/Caches/*
sudo /bin/rm -Rf /System/Library/Caches/*

#* Remove preferences just-in-case there is anything machine specific.
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/CaptiveNetworkSupport/Settings.plist
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/com.apple.Boot.plist
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/com.apple.network.identification.plist
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/com.apple.PowerManagement.plist
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/NetworkInterfaces.plist
sudo /bin/rm -Rf /Library/Preferences/SystemConfiguration/preferences.plist

#* Set "boot" phase LoginHook.
#+ Use to run scripts that cannot be added to the "build" phase.
sudo /usr/bin/defaults write "/var/root/Library/Preferences/com.apple.loginwindow" LoginHook -string "/var/root/boot.sh"



boot.sh #* boot.sh
#+ Phase 2 of 3
#+ This script runs as a LoginHook to prep a Mac OS X 10.7.3 prior to the localise phase.

#* PLIST BUDDY
PB="/usr/libexec/PlistBuddy"

#* Serial number.
SERIAL=$(/usr/sbin/ioreg -c IOPlatformExpertDevice | /usr/bin/sed -E -n -e '/IOPlatformSerialNumber/{s/^.*[[:space:]]"IOPlatformSerialNumber" = "(.+)"$/\1/p;q;}')

#* Mac address.
MACADDRESS=$(/usr/sbin/networksetup -getMACADDRESS en0 | /usr/bin/awk '{print $3}' | /usr/bin/sed s/://g)

#* Model.
MODEL=$(sudo /usr/sbin/ioreg -rd1 -c IOPlatformExpertDevice | /usr/bin/grep -E model | /usr/bin/awk '{print $3}' | /usr/bin/sed 's/\<\"//' | sed 's/\"\>//')

#* Set Computer name,Local Host Name, Hostname, Netbios name.
#+ NOTE : I do this so the machine is easily identifiable during first boot via Apple Remote Desktop Administrator client. I support sites remotely.
sudo /usr/sbin/scutil --set ComputerName "${SERIAL}-${MACADDRESS}"
sudo /usr/sbin/scutil --set LocalHostName "${SERIAL}-${MACADDRESS}"
sudo /usr/sbin/scutil --set HostName "${SERIAL}-${MACADDRESS}"
sudo /bin/hostname "${SERIAL}-${MACADDRESS}"
sudo /usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName "${SERIAL}"

#* Set info2 field in ARD.
#+ NOTE : I do this simply so I can quickly see machine models via ARD (so I know which macs can/can't be upgraded to the latest OS. I don't buy upgrades, I simply create images for the OS that the mac ships with.
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -computerinfo -set2 -2 "${MODEL}"

#* Set Computer sleep idle time, Display sleep idle time, Disable hard disk sleep.
#+ NOTE : So the hard disk doesn't go to sleep on me while supporting remotely.
sudo /usr/sbin/systemsetup -setcomputersleep "60"
sudo /usr/sbin/systemsetup -setdisplaysleep "15"
sudo /usr/sbin/systemsetup -setharddisksleep off

#* Disable ipv6.
#+ NOTE : Issues have been reported regarding Binding to AD if IPv6 is enabled so I turn it off. (don't use IPv6 yet anyway)
sudo /usr/sbin/networksetup -setv6off "Airport"
sudo /usr/sbin/networksetup -setv6off "Bluetooth Dun"
sudo /usr/sbin/networksetup -setv6off "Bluetooth Pan"
sudo /usr/sbin/networksetup -setv6off "Ethernet"
sudo /usr/sbin/networksetup -setv6off "FireWire"
sudo /usr/sbin/networksetup -setv6off "Wi-Fi"

#* Order Services.
#+ NOTE : Issues have been reported with certain VPN profile setups if services don't have priority. Won't explain here, too detailed. Email me if you want details.
sudo /usr/sbin/networksetup -ordernetworkservices "Ethernet" "Wi-Fi" "FireWire"
sudo /usr/sbin/networksetup -ordernetworkservices "Ethernet" "Wi-Fi" "FireWire" "Bluetooth DUN"
sudo /usr/sbin/networksetup -ordernetworkservices "Ethernet" "Wi-Fi" "FireWire" "Bluetooth DUN" "Bluetooth PAN"
sudo /usr/sbin/networksetup -ordernetworkservices "Ethernet" "Airport" "FireWire"
sudo /usr/sbin/networksetup -ordernetworkservices "Ethernet" "Airport" "FireWire" "Bluetooth DUN"
sudo /usr/sbin/networksetup -ordernetworkservices "Ethernet" "Airport" "FireWire" "Bluetooth DUN" "Bluetooth PAN"

#* Disable Un-necessary network services.
sudo sudo /usr/sbin/networksetup -setnetworkserviceenabled "Bluetooth DUN" "off"
sudo sudo /usr/sbin/networksetup -setnetworkserviceenabled "Bluetooth PAN" "off"
sudo /usr/sbin/networksetup -setnetworkserviceenabled "FireWire" "off"

#* Disable Airport Power
#+ NOTE : Mainly to reduce LAN noise. You could limit this to non-laptops.
sudo /usr/sbin/networksetup -setairportpower "en1" "off"

#* Default preferences.
#+ Modifies /System/Library/User Template
#+ Note : Must do during first boot as plist files contain UUID or MACADDRESS
#+ Note : At some point Apple changed certain modesl from using MACADDRESS and instead now use UUID. I can't be bothered figuring it out so just writing one of each.
for USER_TEMPLATE in `sudo ls /System/Library/User\ Template`
do
 if [ -r "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences" ]; then
  /bin/echo "Modifying /System/Library/User Template/${USER_TEMPLATE}/Library/Preferences"
  # Ensure ByHost is there
  sudo /bin/mkdir -p "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost"
  # com.apple.screensaver.plist
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.screensaver" askForPassword -int 1
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.screensaver" askForPasswordDelay -int 5
  # com.apple.screensaver.UUID.plist
  sudo $PB -c 'Add :CleanExit string YES' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  sudo $PB -c 'Add :idleTime integer 900' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  sudo $PB -c 'Add :moduleDict dict' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  sudo $PB -c 'Add :moduleDict:iLifeMediaGroupType integer 0' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  sudo $PB -c 'Add :moduleDict:moduleName string ${YOURSCREENSAVER}' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  sudo $PB -c 'Add :moduleDict:path string /Library/Screen\ Savers/${YOURSCREENSAVER}.slideSaver' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  sudo $PB -c 'Add :moduleDict:type integer 4' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${UUID}.plist"
  # com.apple.screensaver.MACADDRESS.plist
  sudo $PB -c 'Add :CleanExit string YES' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  sudo $PB -c 'Add :idleTime integer 900' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  sudo $PB -c 'Add :moduleDict dict' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  sudo $PB -c 'Add :moduleDict:iLifeMediaGroupType integer 0' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  sudo $PB -c 'Add :moduleDict:moduleName string ${YOURSCREENSAVER}' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  sudo $PB -c 'Add :moduleDict:path string /Library/Screen\ Savers/${YOURSCREENSAVER}.slideSaver' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  sudo $PB -c 'Add :moduleDict:type integer 4' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.screensaver.${MACADDRESS}.plist"
  # Laptop?
  ioreg -rd1 -c IOPlatformExpertDevice | grep -E model | awk '{print $3}' | sed s/\<\"// | sed s/\"\>// | grep iMac
  if [ "$?" == "1" ]; then
   # com.apple.systemuiserver.plist for laptop
   sudo $PB -c 'Delete menuExtras' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist" 
   sudo $PB -c 'Add menuExtras array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist" 
   sudo $PB -c 'Add menuExtras:0 string /Applications/Utilities/Keychain\ Access.app/Contents/Resources/Keychain.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:1 string /System/Library/CoreServices/Menu\ Extras/AirPort.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:2 string /System/Library/CoreServices/Menu\ Extras/VPN.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:3 string /System/Library/CoreServices/Menu\ Extras/Bluetooth.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:4 string /System/Library/CoreServices/Menu\ Extras/TextInput.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:5 string /System/Library/CoreServices/Menu\ Extras/Volume.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:6 string /System/Library/CoreServices/Menu\ Extras/Displays.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:7 string /System/Library/CoreServices/Menu\ Extras/RemoteDesktop.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:8 string /System/Library/CoreServices/Menu\ Extras/Battery.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   # com.apple.systemuiserver.${UUID}.plist (do not load) for laptop
   sudo $PB -c 'Delete dontAutoLoad' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist" 
   sudo $PB -c 'Add dontAutoLoad array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist" 
   sudo $PB -c 'Add dontAutoLoad:0 string /System/Library/CoreServices/Menu\ Extras/TimeMachine.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist"
   # com.apple.systemuiserver.${MACADDRESS}.plist (do not load) for laptop
   sudo $PB -c 'Delete dontAutoLoad' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist" 
   sudo $PB -c 'Add dontAutoLoad array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist" 
   sudo $PB -c 'Add dontAutoLoad:0 string /System/Library/CoreServices/Menu\ Extras/TimeMachine.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist"
  else
   # com.apple.systemuiserver.plist for non-laptop
   sudo $PB -c 'Add menuExtras array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist" 
   sudo $PB -c 'Add menuExtras:0 string /Applications/Utilities/Keychain\ Access.app/Contents/Resources/Keychain.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:1 string /System/Library/CoreServices/Menu\ Extras/Bluetooth.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:2 string /System/Library/CoreServices/Menu\ Extras/TextInput.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:3 string /System/Library/CoreServices/Menu\ Extras/Volume.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:4 string /System/Library/CoreServices/Menu\ Extras/Displays.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   sudo $PB -c 'Add menuExtras:5 string /System/Library/CoreServices/Menu\ Extras/RemoteDesktop.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.systemuiserver.plist"
   # com.apple.systemuiserver.${UUID}.plist (do not load) for non-laptop
   sudo $PB -c 'Add dontAutoLoad array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist" 
   sudo $PB -c 'Add dontAutoLoad:0 string /System/Library/CoreServices/Menu\ Extras/AirPort.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist"
   sudo $PB -c 'Add dontAutoLoad:1 string /System/Library/CoreServices/Menu\ Extras/VPN.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist"
   sudo $PB -c 'Add dontAutoLoad:2 string /System/Library/CoreServices/Menu\ Extras/TimeMachine.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist"
   sudo $PB -c 'Add dontAutoLoad:3 string /System/Library/CoreServices/Menu\ Extras/Battery.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${UUID}.plist"
   # com.apple.systemuiserver.${MACADDRESS}.plist (do not load) for non-laptop
   sudo $PB -c 'Add dontAutoLoad array' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist" 
   sudo $PB -c 'Add dontAutoLoad:0 string /System/Library/CoreServices/Menu\ Extras/AirPort.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist"
   sudo $PB -c 'Add dontAutoLoad:1 string /System/Library/CoreServices/Menu\ Extras/VPN.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist"
   sudo $PB -c 'Add dontAutoLoad:2 string /System/Library/CoreServices/Menu\ Extras/TimeMachine.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist"
   sudo $PB -c 'Add dontAutoLoad:3 string /System/Library/CoreServices/Menu\ Extras/Battery.menu' "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/ByHost/com.apple.systemuiserver.${MACADDRESS}.plist"
  fi
 fi
done

#* Disable "boot" phase LoginHook
sudo /usr/bin/defaults delete "/var/root/Library/Preferences/com.apple.loginwindow" LoginHook

#* Installing Updates
#+ NOTE : This is for pkgs that require boot volume
#+ NOTE : You need to add relevant .pkgs to /var/root/Updates
find /var/root/Updates -name .DS_Store -exec rm {} \;
for i in `ls /var/root/Updates`
do
 /bin/echo "Installing $i"
 sudo installer -pkg /var/root/$i -target /
done



localise.sh #* localise.sh
#+ Phase 3 of 3
#+ This script is run manually (I do it with an Applescript GUI wrapper). To be used for localisation as I support multiple sites (languages, locales, timezones etc etc)

#* PLIST BUDDY
PB="/usr/libexec/PlistBuddy"

#* Apple unique workstation UUID.
UUID=$(/usr/sbin/ioreg -rd1 -c IOPlatformExpertDevice | /usr/bin/perl -ne 'if (m/^.*\"IOPlatformUUID\" = \"(.*).*\"$/im) {print $1}')

#* Serial number.
SERIAL=$(/usr/sbin/ioreg -c IOPlatformExpertDevice | /usr/bin/sed -E -n -e '/IOPlatformSerialNumber/{s/^.*[[:space:]]"IOPlatformSerialNumber" = "(.+)"$/\1/p;q;}')

#* Mac address.
MACADDRESS=$(/usr/sbin/networksetup -getMACADDRESS en0 | /usr/bin/awk '{print $3}' | /usr/bin/sed s/://g)

# Model.
MODEL=$(sudo /usr/sbin/ioreg -rd1 -c IOPlatformExpertDevice | /usr/bin/grep -E model | /usr/bin/awk '{print $3}' | /usr/bin/sed 's/\<\"//' | sed 's/\"\>//')

#* OS
OS=`/usr/bin/sw_vers | grep ProductVersion | awk '{print $2}'`

#* RAM
RAM=`/usr/sbin/system_profiler SPHardwareDataType | grep "Memory" | awk '{print $2$3}'`

#* CPU
CPU=`/usr/sbin/system_profiler SPHardwareDataType | grep "Processor Name" | awk '{print $3$4$5$6$7$8$9}'`

#* Set the workstation ComputerName, LocalHostName,hostname and NetBIOSName
logger "POSTBUILD PHASE : ComputerName ${ComputerName}"
sudo /usr/sbin/scutil --set ComputerName "${ComputerName}"
logger "POSTBUILD PHASE : LocalHostName ${LocalHostName}"
sudo /usr/sbin/scutil --set LocalHostName "${LocalHostName}"
logger "POSTBUILD PHASE : hostname ${hostname}"
sudo /bin/hostname "${hostname}"
logger "POSTBUILD PHASE : HostName ${HostName}"
sudo /usr/sbin/scutil --set HostName "${HostName}"
logger "POSTBUILD PHASE : NetBIOSName ${NetBIOSName}"
sudo /usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName "${NetBIOSName}"

#* Set the default workstation language
#+ NOTE : Refer to the xxx.lproj User Template folders as a quick guide (where xxx is the ${language} string). So for english it would be languagesetup -langspec "English" but for Portuguese it would be languagesetup -langspec "pt"
#+ NOTE : languagesetup zaps /Library/Preferences/.GlobalPreferences so make sure you set the language early ;)
logger "POSTBUILD PHASE : Language ${language}"
sudo /usr/sbin/languagesetup -langspec "${language}"

#* Set the default workstation locale
#+ NOTE : Values consist of Language and Country in the format xx_xx, refer to /usr/share/locale for acceptable values.
logger "POSTBUILD PHASE : AppleLocale ${locale}"
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences AppleLocale -string "${locale}"

#* Set the default workstation country
#+ NOTE : Refer to /usr/share/locale for acceptable values.
logger "POSTBUILD PHASE : Country ${country}"
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences Country -string "${country}"

#* Set the default workstation measurement units
#+ NOTE : Metric is either TRUE or FALSE and Measurement Units is either Inches or Centimeters.
logger "POSTBUILD PHASE : AppleMeasurementUnits ${applemeasurementunits}"
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences AppleMeasurementUnits -string "${applemeasurementunits}"
logger "POSTBUILD PHASE : AppleMetricUnits ${applemetricunits}"
sudo /usr/bin/defaults write /Library/Preferences/.GlobalPreferences AppleMetricUnits -string "${applemetricunits}"

#* Set default workstation "System" Input Keyboard Layout
#+ NOTE : The permissions are important otherwise it won't work. I haven't found a reliable source of values anywhere, had to do this manually for each location to capture the values the first time.
logger "POSTBUILD PHASE - Input Keyboard Layout id : ${keyboardlayoutid}"
logger "POSTBUILD PHASE - Input Keyboard Layout name : ${keyboardlayoutname}"
sudo $PB -c "Add :AppleCurrentKeyboardLayoutInputSourceID string com.apple.keylayout.${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleCurrentKeyboardLayoutInputSourceID com.apple.keylayout.${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Delete :AppleDefaultAsciiInputSource" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleDefaultAsciiInputSource:InputSourceKind string Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleDefaultAsciiInputSource:InputSourceKind Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleDefaultAsciiInputSource:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleDefaultAsciiInputSource:KeyboardLayout\ ID ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleDefaultAsciiInputSource:KeyboardLayout\ Name string ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleDefaultAsciiInputSource:KeyboardLayout\ Name ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Delete :AppleEnabledInputSources" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleEnabledInputSources:0 dict" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleEnabledInputSources:0:InputSourceKind string Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleEnabledInputSources:0:InputSourceKind Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleEnabledInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleEnabledInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleEnabledInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleEnabledInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Delete :AppleSelectedInputSources" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleSelectedInputSources:0 dict" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleSelectedInputSources:0:InputSourceKind string Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleSelectedInputSources:0:InputSourceKind Keyboard\ Layout" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleSelectedInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleSelectedInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Add :AppleSelectedInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo $PB -c "Set :AppleSelectedInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/Library/Preferences/com.apple.HIToolbox.plist"
sudo chown root:admin "/Library/Preferences/com.apple.HIToolbox.plist"
sudo chmod 644 "/Library/Preferences/com.apple.HIToolbox.plist"

#* Set default workstation "LoginWindow" Input Keyboard Layout
#+ NOTE : The permissions are important otherwise it won't work. 
logger "POSTBUILD PHASE - Loginwindow Keyboard Layout id : ${keyboardlayoutid}"
logger "POSTBUILD PHASE - Loginwindow Keyboard Layout name : ${keyboardlayoutname}"
sudo $PB -c "Add :AppleCurrentKeyboardLayoutInputSourceID string com.apple.keylayout.${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :AppleCurrentKeyboardLayoutInputSourceID com.apple.keylayout.${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox dict" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Delete :com.apple.HIToolbox:AppleDefaultAsciiInputSource" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource array" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource:InputSourceKind string Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleDefaultAsciiInputSource:InputSourceKind Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ ID ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ Name string ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleDefaultAsciiInputSource:KeyboardLayout\ Name ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Delete :com.apple.HIToolbox:AppleEnabledInputSources" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleEnabledInputSources array" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0 dict" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0:InputSourceKind string Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleEnabledInputSources:0:InputSourceKind Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleEnabledInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Delete :com.apple.HIToolbox:AppleSelectedInputSources" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleSelectedInputSources array" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0 dict" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0:InputSourceKind string Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleSelectedInputSources:0:InputSourceKind Keyboard\ Layout" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ ID integer ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ ID ${keyboardlayoutid}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Add :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ Name string ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo $PB -c "Set :com.apple.HIToolbox:AppleSelectedInputSources:0:KeyboardLayout\ Name ${keyboardlayoutname}" "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
# Special Explicit Permissions!!!
sudo chown securityagent:wheel "/var/tmp/com.apple.HIToolbox.loginwindow.plist"
sudo chmod 644 "/var/tmp/com.apple.HIToolbox.loginwindow.plist"

#* Set Visibility Input Keyboard Layout Menu in Loginwindow
logger "POSTBUILD PHASE - Loginwindow : showInputMenu"
sudo defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool "TRUE"
logger "POSTBUILD PHASE - Loginwindow : ModeNameVisible"
sudo defaults write /var/ard/Library/Preferences/com.apple.menuextra.textinput ModeNameVisible -bool "TRUE"
sudo chmod 777 /Library/Preferences/com.apple.loginwindow.plist

#* Set default workstation network time server
logger "POSTBUILD PHASE : setnetworktimeserver ${timeserver}"
sudo /usr/sbin/systemsetup -setusingnetworktime "on"
sudo /usr/sbin/systemsetup -setnetworktimeserver "${networktimeserver}"

#* Set default workstation timezone
#+ NOTE : Refer to /usr/sbin/systemsetup -listtimezones for acceptable values.
logger "POSTBUILD PHASE : settimezone ${timezone}"
sudo /usr/sbin/systemsetup -settimezone "${timezone}"

#* Energy Saver Defaults
logger "POSTBUILD PHASE : /Library/Preferences/com.apple.PowerManagement"
sudo /usr/sbin/systemsetup -setallowpowerbuttontosleepcomputer "off"
sudo /usr/sbin/systemsetup -setcomputersleep "60"
sudo /usr/sbin/systemsetup -setdisplaysleep "45"
sudo /usr/sbin/systemsetup -setharddisksleep "off"
sudo /usr/sbin/systemsetup -setrestartpowerfailure "off"
sudo /usr/sbin/systemsetup -setwakeonnetworkaccess "on"

#* Modify authorizations
#+ NOTE : if you don't know what this is you probably shouldn't mess with it ;) email me and I'll explain chris.gerke@gmail.com

#+ Backup Original
logger "POSTBUILD PHASE : /etc/authorization"
sudo /bin/cp -f /etc/authorization{,.original}
#+ Allow date & time preference pane access.
sudo $PB -c "set rights:system.preferences.datetime:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences.datetime:shared" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences.datetime:group" "/etc/authorization"
#+ Allow DVD region setting rights
sudo $PB -c "add rights:system.device.dvd.setregion.change dict" "/etc/authorization"
sudo $PB -c "add rights:system.device.dvd.setregion.change:class string" "/etc/authorization"
sudo $PB -c "set rights:system.device.dvd.setregion.change:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.device.dvd.setregion.change:shared" "/etc/authorization"
sudo $PB -c "delete rights:system.device.dvd.setregion.change:group" "/etc/authorization"
#+ Allow DVD region initial setting rights
sudo $PB -c "set rights:system.device.dvd.setregion.initial:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.device.dvd.setregion.initial:shared" "/etc/authorization"
sudo $PB -c "delete rights:system.device.dvd.setregion.initial:group" "/etc/authorization"
#+ Allow network preference pane access
sudo $PB -c "set rights:system.preferences.network:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences.network:shared" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences.network:group" "/etc/authorization"
#+ Change /etc/authorization to allow all users to open preference panes
sudo $PB -c "set rights:system.preferences.printing:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences.printing:shared" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences.printing:group" "/etc/authorization"
#+ Allow preference panes
sudo $PB -c "set rights:system.preferences:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences:shared" "/etc/authorization"
sudo $PB -c "delete rights:system.preferences:group" "/etc/authorization"
#+ Allow print admin rights
sudo $PB -c "set rights:system.print.admin:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.print.admin:group" "/etc/authorization"
sudo $PB -c "delete rights:system.print.admin:shared" "/etc/authorization"
#+ Allow printing manager rights
sudo $PB -c "set rights:system.printingmanager:class allow" "/etc/authorization"
sudo $PB -c "delete rights:system.printingmanager:rule" "/etc/authorization"
#+ Permissions
sudo chown root:wheel "/etc/authorization"
sudo chmod 644 "/etc/authorization"

#* Require admin password for comp-to-comp wifi
logger "POSTBUILD PHASE : RequireAdminIBSS"
sudo /usr/libexec/airportd en1 prefs RequireAdminIBSS=YES

#* Disable font protection because designers persist in using PS versions of system dfonts so we have to cusotmise it later!! arrgghhhh
logger "POSTBUILD PHASE : fontprotection -off"
sudo /usr/bin/atsutil fontprotection -off

#* Set default font server
logger "POSTBUILD PHASE : Setting ${fontserver}"
sudo echo "server.address=${fontserver}" > "/Library/Preferences/com.extensis.UniversalTypeClient.conf"
sudo echo "server.port=${fontport}" >> "/Library/Preferences/com.extensis.UniversalTypeClient.conf"

#* Default preferences.
#+ Modifies /System/Library/User Template
#+ I do it here because each site has a custom intranet page, for security reasons not adding the extra bits that set DNS but you get the idea....
for USER_TEMPLATE in `sudo ls /System/Library/User\ Template`
do
 if [ -r "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences" ]; then
  /bin/echo "Modifying /System/Library/User Template/${USER_TEMPLATE}/Library/Preferences"
  # Safari
  logger "POSTBUILD PHASE : Homepage $url"
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.internetconfigpriv" WWWHomePage $url
  sudo /usr/bin/defaults write "/System/Library/User Template/${USER_TEMPLATE}/Library/Preferences/com.apple.Safari" HomePage $url
 fi  
done

#* Setup the Login Window, add a banner.
logger "POSTBUILD PHASE : Loginwindow"
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText -string "$LoginWindowText"
#+ Username and Password fields instead of user badges
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool "TRUE"
#+ Show host info
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo "DSStatus"
#+ Hide the < UniqueID 500 users.
sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE
#+ Prevent "Other" from appearing in the loginwindow.
sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE
#+ Add a delay to avoid authentication issues on machines with slow DCHP leases
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow StartupDelay -int 13

#* Bind to AD.
#+ NOTE : This is done with ADMItMac, will be testing feasability of using built-in AD in the coming days, will post and update.
logger "POSTBUILD PHASE : ADMitMac Attempting bind to ${OU}"
sudo /sbin/amconfig -A -F -c ${hostname}
logger "POSTBUILD PHASE : ADMitMac Changing User Attribute RecordName to sAMAccountName (shortname for user directory)"
sudo $PB -c "Set :Record\ Type\ Map:dsRecTypeStandard\:Users:Attribute\ Type\ Map:dsAttrTypeStandard\:RecordName:AD\ Attributes:0 sAMAccountName" /Library/DirectoryServices/Plugins/CIFSPlugin.dsplug/Contents/Resources/LDAPConfig.plist
sudo $PB -c "Set :Record\ Type\ Map:dsRecTypeStandard\:Users:Attribute\ Type\ Map:dsAttrTypeStandard\:RecordName:AD\ Attributes:2 userPrincipalName" /Library/DirectoryServices/Plugins/CIFSPlugin.dsplug/Contents/Resources/LDAPConfig.plist
logger "POSTBUILD PHASE : ADMitMac Display Cached Creds Dialog false"
sudo /usr/bin/defaults write /Library/Preferences/com.thursby.tss_check_cifs "Display Cached Creds Dialog" "false"
sudo /usr/bin/defaults write /Library/Preferences/com.thursby.CIFSPlugin "LDAP Connect Timeout" 30

#* Set NIC speed for regions that may want hard setting
logger "POSTBUILD PHASE : NIC Speed"
sudo /usr/sbin/networksetup -setMedia en0 ${networkspeed} ${networkduplex}

#* Set LoginHook
logger "POSTBUILD PHASE : LoginHook"
sudo /usr/bin/defaults write "/var/root/Library/Preferences/com.apple.loginwindow" LoginHook -string "${GlobalLoginHook}"

#* Disable autologin
sudo /bin/rm -f /var/ard/Library/Keychains/login.keychain
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser ""

#* Repair Permissions (can't run in single user mode)
sudo /usr/sbin/diskutil repairPermissions /

#* Email workstation details to me, this is a perl script using smtp. Will add a copy in another post.
sudo /var/root/email.sh


分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics