Check and Set Computer Settings (OS X)
Brett Renfer edited this page Aug 26, 2014
·
1 revision
These are scripts that can be used to check if a machine is set up properly for installation and to setup the correct settings for deployment. They are tested for OSX 10.7 only.
- SSH into the machine
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw mypasswd -restart -agent -privs -all
- If ssh is not enabled, proceed with the next entry
- Select the machine and open Manage -> Change Client Settings; then click "Continue"
- Check "Set Remote Desktop startup preference: Enabled"; Check "Should the Remote Desktop menu be shown? Show status in the menu bar"; then click "Continue"
- Check "Yes, create users" and click "Continue"
- Add user and click "Continue" (e.g., Name [all lowercase]: cec ; Short Name [all lowercase]: cec)
- Check "Set Remote Desktop access mode: Allow access for all local users"; click Privileges...; Check all options EXCEPT "Show when being observed"; click "OK"; Check "Yes, specify access privileges"; click "Continue"
- Select your new user and click "Edit"; Check "Set Remote Desktop access for this user: Allow incoming access"; Check "Set privileges to allow this user to:" and make sure everything is check EXCEPT "Show when being observed"; click "OK"; click "Continue"
- Check "Set request permission option: Allowed"; Check "Set VNC viewer access: Allowed"; click "Continue"
- Don't select any "Set field" options, just click "Continue"
- Select "Run this task from: This application"; click "Change"
$ dscl . list /Users | grep -v "^_"
$ dscl . list /Users | grep SPECIFIC_USER
$ dscl . delete /Users/USER_TO_DELETE
$ rm -rf /Users/USER_TO_DELETE
FOURTH STEP: Reboot the machine in case the user you just deleted was the logged-in user (run as root)
$ shutdown -r now
$ softwareupdate --schedule
$ softwareupdate --schedule off
$ scutil --get HostName
$ scutil --get LocalHostName
$ scutil --get ComputerName
$ scutil --set HostName new_hostname
$ scutil --set LocalHostName new_hostname
$ scutil --set ComputerName new_hostname
$ defaults write /Library/Preferences/com.apple.Bluetooth.plist ControllerPowerState -bool NO
$ killall blued
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.blued.plist
Just make sure the Bluetooth services can't be found
$ sudo mkdir -p /System/Library/Extensions-Disabled
$ sudo mv /System/Library/Extensions/IOBluetooth* /System/Library/Extensions-Disabled/
$ sudo launchctl load -wF /System/Library/LaunchDaemons/com.apple.blued.plist
$ sudo mv /System/Library/Extensions-Disabled/* /System/Library/Extensions/
$ networksetup -setairportpower airport off
$ networksetup -setairportpower airport on
$ systemsetup -getsleep
$ systemsetup -getwakeonnetworkaccess
$ systemsetup -setsleep Never
$ systemsetup -setdisplaysleep Never
$ systemsetup -setharddisksleep Never
$ systemsetup -setwakeonnetworkaccess on
$ systemsetup -getallowpowerbuttontosleepcomputer
$ systemsetup -getrestartpowerfailure
$ systemsetup -setallowpowerbuttontosleepcomputer off
$ systemsetup -setrestartpowerfailure on
$ pmset -g sched
Set up a recurring event format (note that this overwrites any previous repeating settings, so if you want a shutdown and a startup, you need to specify both of those within ONE pmset command [see EXAMPLE 3 below])
$ pmset repeat TYPE DAYS TIME
$ pmset repeat wakeorpoweron MTWRFSU 06:00:00
$ pmset repeat shutdown MTWRFSU 00:00:00
$ pmset repeat shutdown MTWRFSU 00:00:00 wakeorpoweron MTWRFSU 05:00:00
$ pmset repeat cancel
For more information on power cycling: http://www.macos.utah.edu/documentation/administration/pmset.html#three
####To force shutdown (not allow applications to hang shutdown) set up a cron or launchd job:
####launchd: $ sudo vim /Library/LaunchAgents/me.adenine.forceshutdown.plist and paste in the following code to shutdown everyday at 11pm
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>me.adenine.forceshutdown</string>
<key>ProgramArguments</key>
<array>
<string>shutdown</string>
<string>-h</string>
<string>now</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>23</integer>
<key>Minute</key>
<integer>0</integer>
</dict>
</dict>
</plist>
make sure the file has root privileges:
$ sudo chown root /Library/LaunchAgents/me.adenine.forceshutdown.plist
and then load it into launchd:
$ sudo launchctl load /Library/LaunchAgents/me.adenine.forceshutdown.plist
####cron job: $ sudo crontab -e and append the following to the file:
00 23 * * * /sbin/shutdown -h now
force shutdown information gleaned from: http://apple.stackexchange.com/questions/25001/how-can-i-forcibly-shut-down-my-mac-at-an-appointed-time
$ defaults read /Library/Preferences/com.apple.loginwindow
$ defaults write /Library/Preferences/com.apple.loginwindow "autoLoginUser" "username"
This also requires the password for the autologin user to be obfuscated and stored in /private/etc/kcpassword. See the basecamp page for Mountain View for instructions on how to use the python script that was uploaded there for obfuscating the password.
$ osascript -e 'tell application "System Events" to get the name of every login item'
$ osascript -e 'tell application "System Events" to make login item at end with properties {path:"/path/to/itemname", hidden:false}'
$ osascript -e 'tell application "System Events" to delete login item "itemname"'
$ defaults write com.google.Keystone.Agent checkInterval 0
$ defaults write com.google.Keystone.Agent checkInterval 18000
$ defaults write com.apple.CrashReporter DialogType none
$ defaults write com.apple.CrashReporter DialogType crashreport
$ defaults read com.apple.dock mcx-expose-disabled
$ defaults write com.apple.dock mcx-expose-disabled -bool true
$ killall Dock
$ defaults read com.apple.dock autohide
$ defaults write com.apple.dock autohide -bool YES
$ killall Dock
$ defaults read com.apple.dashboard mcx-disabled
$ defaults write com.apple.dashboard mcx-disabled -boolean YES
$ defaults -currentHost read com.apple.screensaver idleTime
$ defaults -currentHost write com.apple.screensaver idleTime 0
$ systemsetup -getremotelogin
$ systemsetup -setremotelogin on
$ systemsetup -getremoteappleevents
$ systemsetup -setremoteappleevents on
$ defaults read com.apple.finder ShowHardDrivesOnDesktop
$ defaults read com.apple.finder ShowRemovableMediaOnDesktop
$ defaults read com.apple.finder ShowExternalHardDrivesOnDesktop
$ defaults write com.apple.finder ShowHardDrivesOnDesktop -bool NO
$ defaults write com.apple.finder ShowRemovableMediaOnDesktop -bool NO
$ defaults write com.apple.finder ShowExternalHardDrivesOnDesktop -bool NO
$ killall Finder
$ sudo defaults read /System/Library/LaunchAgents/com.apple.notificationcenterui
$ sudo defaults write /System/Library/LaunchAgents/com.apple.notificationcenterui KeepAlive -bool false
$ killall NotificationCenter
Restart to take effect