I've been working on this for days but simply cannot find the correct references to make it work.
The idea is to have a script that will baseline newly purchased Macs that comes into the company with basic stuffs like set autologin to off, create a new admin user (for remote admins to access for support, set password to unlock screensaver and etc) .
Sample list for baseline that admins have to do on each new machine:
- Click the Login Options button Set Automatic Login: OFF
- Check: Show the Restart, Sleep, and Shutdown buttons
- Uncheck: Show input menu in login window
- Uncheck: Show password hints
- Uncheck: Use voice over in the login window
Check: Show fast user switching menu as Short Name
(note: this is only part of a long list to do on each machine)
I've managed to find some references to make some parts work. Like autologin can be unset with:
defaults write /Library/Preferences/.GlobalPreferences com.apple.userspref.DisableAutoLogin -bool TRUE
and I've kinda found ways to muscle in a new user creation (including prompts) with AppleScript and shell commands.
But generally its tough finding ways to do somewhat simple things like turn on password to get out of screensaver or to allow fast user switching. References are either too limited or just no where to be seen (e.g. I can unset autologin via cli but the very next setting on the system preference "show restart, sleep and shutdown buttons" is somewhere else and I can't find any command line to make it set)
Does anyone have any ideas on a list, document, reference or anything of where each setting on the system resides so that I can be pointed to make it work? or maybe sample scripts for the above example...
My thanks for reading thus far—a huge thank you for whoever that has any info on the above.
preguntado el 09 de enero de 11 a las 06:01
In general, the location of various settings tends not to be documented, but usually isn't too hard to figure out.
One way to do this is to change the setting and watch what file(s) get modified. fseventer is good for this, or if you have Xcode installed you can use Packagemaker (start a snapshot package, change the setting, then stop recording and see what files are listed as changed in the snapshot), or just run
sudo fs_usage -ew (and sort through its copious output).
Once you've found the relevant file(s), change the setting back & forth to see how they change. If the files are .plists, you can use
defaults to dump them before & after and compare, or use
plutil -convert xml1 to switch them from binary into the human-readable XML format, and compare by eye. Note that there are sometimes multiple change to make; for example, when disabling autologin, you really should delete the autoLoginUser key from /Library/Preferences/com.apple.loginwindow.plist, and also delete the file /etc/kcpassword.
Another way to find configurable settings is to take advantage of Apple's server-based preference tool, Workgroup Manager. You can install Apple's server admin tools on a non-server, and play around with it locally:
- run /Applications/Server/Workgroup Manager.app
- when it asks to connect to a server, select the Server > View Directories menu option instead
- authenticate as an admin (padlock button near top right)
- select the Computer account list (the rectangle icon in the row of small tabs near the top left)
- create a dummy computer account (New Computer button in the toolbar)
- swap over to the prefs management section (Preferences button in toolbar)
- there'll be a bunch of categories of manageable preferences (most of the ones you mentioned would be in the Login section); make whatever selections you're interested in
- switch to the Details tab and you'll be able to see what preference domain (essentially, the .plist filename) and preference keys are being controlled.
You can also get additional settings (beyond those in the Overview tab) for applications that include a preference manifest: under Details, click the "+" button, select an application, then open the relevant preference domain and try adding keys to the various sections; if the app had a manifest, clicking on the preference key name will give you a pop-up menu of available keys, and selecting one will autofill the value type, default value, and a description of what it does. The manifest for /System/Library/CoreServices/ManagedClient.app has some really interesting options; check it out.
Some settings are per-user, meaning that if you want to apply them to existing accounts, you'll have to script changing /Users/*/Library/Preferences/lo que, and may also want to edit the user template (/System/Library/User Template/English.lproj/Library/Preferences/lo que) so subsequently-created accounts will get the settings. Also, some settings are both per-user y per-computer; these get stored in ~/Library/Preferences/ByHost, with a computer ID (either ethernet MAC address or a hardware UUID) in the filename; use
defaults -currentHost to set these.
If you're making a bunch of changes to one file (e.g. the loginwindow prefs), it may be easier to simply copy a pre-tweaked settings file rather than modifying the existing file.
If you're deploying a lot of similar computers, it might be worth looking into imaging them rather than setting each one up individually. Take a look at Apple's System Image Utility, DeployStudio, and the various discussions & tools at afp548. There's also an Apple training class on deployment (statement of bias: I'm one of the trainers for this class, so I think todo el mundo should attend it), or you can buy the class reference book por separado.
I dont know where to find authoritative docs... perhaps on developer.apple.com or in one of the system admin certification study guides. However i can tell you that input menu and password hin are in in the domain
/Library/Preferences/com.apple.loginwindow with the keys
showInputMenu (boolean - false or no key for off) and
retriesUntilHint (integer, >=1 is on, 0 or non-existant is off) respectively.
siempre puedes usar
defaults domain to list all the available defaults domains and then try and reason out which domin you think something would be in. Or you could try
defaults find <somestring> but sometimes setting are obscure so just doing a dump of a suspected domain would be easier. Ofcourse if the default value is to be tuned off the key wont even exsits most likely... so if you have to use this approach... turn everything on first so the key gets set.