¿Cómo puedo automatizar el aprovisionamiento de un nuevo sistema con scripts en Mac OS X 10.6?

I've been working on this for days but simply cannot find the correct references to make it work.

The idea is to have a script that will baseline newly purchased Macs that comes into the company with basic stuffs like set autologin to off, create a new admin user (for remote admins to access for support, set password to unlock screensaver and etc) .

Sample list for baseline that admins have to do on each new machine:

  • Click the Login Options button Set Automatic Login: OFF
  • Check: Show the Restart, Sleep, and Shutdown buttons
  • Uncheck: Show input menu in login window
  • Uncheck: Show password hints
  • Uncheck: Use voice over in the login window
  • Check: Show fast user switching menu as Short Name

    (note: this is only part of a long list to do on each machine)

I've managed to find some references to make some parts work. Like autologin can be unset with:

defaults write /Library/Preferences/.GlobalPreferences com.apple.userspref.DisableAutoLogin -bool TRUE

and I've kinda found ways to muscle in a new user creation (including prompts) with AppleScript and shell commands.

But generally its tough finding ways to do somewhat simple things like turn on password to get out of screensaver or to allow fast user switching. References are either too limited or just no where to be seen (e.g. I can unset autologin via cli but the very next setting on the system preference "show restart, sleep and shutdown buttons" is somewhere else and I can't find any command line to make it set)

Does anyone have any ideas on a list, document, reference or anything of where each setting on the system resides so that I can be pointed to make it work? or maybe sample scripts for the above example...

My thanks for reading thus far—a huge thank you for whoever that has any info on the above.

preguntado el 09 de enero de 11 a las 06:01

2 Respuestas

In general, the location of various settings tends not to be documented, but usually isn't too hard to figure out.

One way to do this is to change the setting and watch what file(s) get modified. fseventer is good for this, or if you have Xcode installed you can use Packagemaker (start a snapshot package, change the setting, then stop recording and see what files are listed as changed in the snapshot), or just run sudo fs_usage -ew (and sort through its copious output).

Once you've found the relevant file(s), change the setting back & forth to see how they change. If the files are .plists, you can use defaults to dump them before & after and compare, or use plutil -convert xml1 to switch them from binary into the human-readable XML format, and compare by eye. Note that there are sometimes multiple change to make; for example, when disabling autologin, you really should delete the autoLoginUser key from /Library/Preferences/com.apple.loginwindow.plist, and also delete the file /etc/kcpassword.

Another way to find configurable settings is to take advantage of Apple's server-based preference tool, Workgroup Manager. You can install Apple's server admin tools on a non-server, and play around with it locally:

  • run /Applications/Server/Workgroup Manager.app
  • when it asks to connect to a server, select the Server > View Directories menu option instead
  • authenticate as an admin (padlock button near top right)
  • select the Computer account list (the rectangle icon in the row of small tabs near the top left)
  • create a dummy computer account (New Computer button in the toolbar)
  • swap over to the prefs management section (Preferences button in toolbar)
  • there'll be a bunch of categories of manageable preferences (most of the ones you mentioned would be in the Login section); make whatever selections you're interested in
  • switch to the Details tab and you'll be able to see what preference domain (essentially, the .plist filename) and preference keys are being controlled.

You can also get additional settings (beyond those in the Overview tab) for applications that include a preference manifest: under Details, click the "+" button, select an application, then open the relevant preference domain and try adding keys to the various sections; if the app had a manifest, clicking on the preference key name will give you a pop-up menu of available keys, and selecting one will autofill the value type, default value, and a description of what it does. The manifest for /System/Library/CoreServices/ManagedClient.app has some really interesting options; check it out.

Some settings are per-user, meaning that if you want to apply them to existing accounts, you'll have to script changing /Users/*/Library/Preferences/lo que, and may also want to edit the user template (/System/Library/User Template/English.lproj/Library/Preferences/lo que) so subsequently-created accounts will get the settings. Also, some settings are both per-user y per-computer; these get stored in ~/Library/Preferences/ByHost, with a computer ID (either ethernet MAC address or a hardware UUID) in the filename; use defaults -currentHost to set these.

If you're making a bunch of changes to one file (e.g. the loginwindow prefs), it may be easier to simply copy a pre-tweaked settings file rather than modifying the existing file.

For better ways to script account creation, see esta pregunta del servidor and/or take a look at the createUser package script included with instadmg.

If you're deploying a lot of similar computers, it might be worth looking into imaging them rather than setting each one up individually. Take a look at Apple's System Image Utility, DeployStudio, and the various discussions & tools at afp548. There's also an Apple training class on deployment (statement of bias: I'm one of the trainers for this class, so I think todo el mundo should attend it), or you can buy the class reference book por separado.

Edit: I forgot to mention the systemsetup y configuración de la red commands -- for the settings they cover, they're the best way to go.

Respondido 13 Abr '17, 15:04

Gee that covers almost everything that is needed for the job at hand. Thank you thank you. I've started a UI Scripting path on this but it seems a tad too variant going from machine to machine. Railroading the steps is a lot harder especially when there are small differences on the machines (eg. admin played around with some things and it gets unset get the script goes in and does it work). Just needed to explore the avenue - I am returning to the shell script path as it seems to be a lot more reliable and consistent. - deeviate

@deeviate UI and shell scripting aren't mutually exclusive; you can use do shell script to run shell code from an AppleScript, or osascript to run AppleScript from shell. For example: response="$(osascript -e 'tell application "System Events"' -e 'activate' -e 'display dialog "There are system updates that need to be installed on your computer; plaease log out for a while." buttons { "Cancel", "OK, I'"'"'ll log out" } giving up after (300)' -e 'end tell' 2>&1)" - Gordon Davisson

yup after delving into UI scripting, I found joy in making it work in harmony with shell scripts. One thing I am trying to do (if you dont mind me piggy backing this topic) is if there is a way to "detect" if a checkbox or radio button is already checked and moving on to the next step if it is? - deeviate

@deeviate I haven't played with scripting control of other programs' UI, but as I understand it the critical thing is to enable access for assistive devices. See this MacRumors discussion, especially the last post, for details. - Gordon Davisson

You deserve a lot more points for your great explanation and link collection included with it - great, thank you very much! - deucalion

I dont know where to find authoritative docs... perhaps on developer.apple.com or in one of the system admin certification study guides. However i can tell you that input menu and password hin are in in the domain /Library/Preferences/com.apple.loginwindow with the keys showInputMenu (boolean - false or no key for off) and retriesUntilHint (integer, >=1 is on, 0 or non-existant is off) respectively.

siempre puedes usar defaults domain to list all the available defaults domains and then try and reason out which domin you think something would be in. Or you could try defaults find <somestring> but sometimes setting are obscure so just doing a dump of a suspected domain would be easier. Ofcourse if the default value is to be tuned off the key wont even exsits most likely... so if you have to use this approach... turn everything on first so the key gets set.

Respondido el 09 de enero de 11 a las 11:01

thanks for that tip! defaults read did return a load of information but need to breakout the grep to filter down whatever's relevant. Least its a step in the right direction - cheers! - deeviate

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.