Firstboot Script Commands

From AFP548 Wiki
Jump to: navigation, search

NOTE: You most likely do NOT want to perform all of these actions on your image - please only include the things applicable for your environment, and do not use 'as-is' without reviewing what will happen! No warranty granted or implied!

# First Boot script that is used along with a launchd item.  Delets both itself and the launchd item after completion.
# Define 'kickstart' and'systemsetup' variables, built in OS X script that activates and sets options for ARD.
# Define 'networksetup'.
# Defines the location of the generic.ppd in OS X 10.6
# determine the disk size
MYDISK=`df -H | awk '{print $2}' | sed -n '2p'`
# Set the name for the boot volume accordingly
$diskutil renameVolume / "Mac"$MYDISK"B"
# Delete iMovie (Previous Version) Directory if it exists, because we don't need it.  Use when installing iLife using the original installers with InstaDMG.
rm -R /Applications/iMovie\ \(previous\ version\).localized/
# Check for network interfaces (on some models you might end up with no network connection otherwise)
$networksetup -detectnewhardware
# ARD Configuration
#Enable ARD for localadmin
$kickstart -configure -allowAccessFor -specifiedUsers
$kickstart -activate -configure -access -on -users "localadmin" -privs -all -restart -agent
# Set time zone and time server.
$systemsetup -setusingnetworktime on
$systemsetup -settimezone America/New_York -setnetworktimeserver
# Allow all local users to add/remove printers, as part of the lpadmin group, substitute localadmin for you admin's short username
dseditgroup -o edit -u localadmin –t group -a staff _lpadmin
# - This only works because the staff(all local users) group ID is hard-coded, SUBJECT TO CHANGE w/ OS UPDATES!
dscl . -append /Groups/lpadmin NestedGroups ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000014
# Allow user to set DVD region once upon first insertion of disc
"$3"/usr/libexec/PlistBuddy -c "Set :rights:system.device.dvd.setregion.initial:class allow" "$3"/etc/authorization
# Allow user to change time zone, as documented:
"$3"/usr/libexec/PlistBuddy -c "Add :rights:system.preferences.dateandtime.changetimezone dict" "$3"/etc/authorization
"$3"/usr/libexec/PlistBuddy -c "Add :rights:system.preferences.dateandtime.changetimezone:class string allow" "$3"/etc/authorization
"$3"/usr/libexec/PlistBuddy -c "Add :rights:system.preferences.dateandtime.changetimezone:comment string 'This right is used by DateAndTime preference to allow any user to change the system timezone.'" "$3"/etc/authorization
"$3"/usr/libexec/PlistBuddy -c "Add :rights:system.preferences.dateandtime.changetimezone:shared bool true" "$3"/etc/authorization
#Turn off iCloud SysPrefPane AutoLaunch
defaults write /System/Library/User\ Template/Non_localized/Library/Preferences/ DidSeeCloudSetup -bool TRUE
#Update NTP
ntpdate -bvs
# turn ipv6 off for both Ethernet and Airport - if MacPro, service names are different(since that is required form of option for -setipv6off flag)
$networksetup -setv6off Ethernet
$networksetup -setv6off Ethernet\ 1
$networksetup -setv6off Ethernet\ 2
$networksetup -setv6off Airport    # Snow Leopard and earlier version
$networksetup -setv6off Wi-Fi	   # Lion version
# ensure AirPort is turned off - if this is a MacBookAir or (non-CTO) MacPro, this will have no effect, since its specifying 'hardware port' or BSD device (not service name) en1
$networksetup -setairportpower en1 off
# Disable Airport, another version
$networksetup -setnetworkserviceenabled AirPort off
#OR disable airport only in a specific model. In this case on any iMac
if [ "`/usr/sbin/ioreg | grep iMac`" != "" ]; then
 	$networksetup -setnetworkserviceenabled AirPort off
# make FireWire networking inactive
$networksetup -setnetworkserviceenabled FireWire off
# Activate WakeOnLAN.
$systemsetup -setwakeonnetworkaccess on
#Kerberos-Enabled SSH Authentication.  Also specifies which specific groups are allowed to ssh.
echo KerberosAuthentication yes >> /etc/sshd_config
echo KerberosOrLocalPasswd yes >> /etc/sshd_config
echo AllowGroups domaingroup admin >> /etc/sshd_config
#Firewall Settings | 0 = Off | 1 = On For Specific Services | 2 = On For Essential Services
defaults write /Library/Preferences/ globalstate -int 0
#Set System Sleep Preferences | 0 = Off | 15 = 15 Min | 20 = 20 Min | etc | 
pmset sleep 0
# set bonjour, host and sharing names based on patch level and en0 (ethernet) mac address
LAST6_ENETADDY=`ifconfig en0 | grep ether | awk '{print $2}' | sed 's/://g' | cut -c 7-12 | tr [:lower:] [:upper:]`
PATCHLVL=`/usr/bin/defaults read "/System/Library/CoreServices/SystemVersion" ProductVersion | sed 's/[.]/-/g'`
$scutil --set LocalHostName "Imaged-$PATCHLVL-$LAST6_ENETADDY.local"
$scutil --set ComputerName "Imaged-$PATCHLVL-$LAST6_ENETADDY"
$scutil --set HostName "Imaged-$PATCHLVL-$LAST6_ENETADDY"
# IF DeployStudio Sets HostName+LocalHostName, all you need is:
#$scutil --set HostName $(scutil --get LocalHostName)
# Adds Printers
lpadmin -p "Printer Name" -L "Printer Location" -D "Printer Description" -E -v lpd://server/printqueue -P $genericppd -o printer-is-shared=false
# Removes Time Machine from the menu
defaults write DoNotOfferNewDisksForBackup 1
# Creating a new local account with guest properties but different name. 
# The user gets a warning that all data will be deleted on log out
dscl . -create /Users/visitor
dscl . -create /Users/visitor UserShell /bin/bash
dscl . -create /Users/visitor RealName "Visitor"
dscl . -create /Users/visitor UniqueID 201
dscl . -create /Users/visitor PrimaryGroupID 201
dscl . -create /Users/visitor NFSHomeDirectory /Users/Visitor
dscl . -create /Users/visitor RecordType dsRecTypeStandard:Users
dscl . -create /Users/visitor dsAttrTypeNative:_defaultLanguage en
dscl . -create /Users/visitor dsAttrTypeNative:_guest true
dscl . -create /Users/visitor dsAttrTypeNative:_writers__defaultLanguage visitor
dscl . -create /Users/visitor dsAttrTypeNative:_writers_jpegphoto visitor
dscl . -create /Users/visitor dsAttrTypeNative:_writers_LinkedIdentity visitor
dscl . -create /Users/visitor dsAttrTypeNative:_writers_picture visitor
dscl . -create /Users/visitor dsAttrTypeNative:_writers_UserCertificate visitor
dscl . -passwd /Users/visitor ''
# Reboot in 1 minute
sleep 60
# Delete the script and the launchd item.
srm /Library/LaunchDaemons/
srm "$0"