/
first_boot.sh
executable file
·264 lines (200 loc) · 10.3 KB
/
first_boot.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
#!/bin/sh
#
# Initial setup script for Mac OS X 10.9.x
# Rich Trouton, created August 15, 2013
# Last modified 10-25-2013
#
# Adapted from Initial setup script for Mac OS X 10.8.x
# Rich Trouton, created July 4, 2012
# Last modified 7-10-2012
#
#
# Delay the login window by unloading the com.apple.loginwindow
# LaunchDaemon in /System/Library/LaunchDaemons/
launchctl unload /System/Library/LaunchDaemons/com.apple.loginwindow.plist
# Sleeping for 30 seconds to allow the new default User Template folder to be moved into place
sleep 30
# Get the system's UUID to set ByHost prefs
if [[ `ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-50` == "00000000-0000-1000-8000-" ]]; then
MAC_UUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c51-62 | awk {'print tolower()'}`
elif [[ `ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-50` != "00000000-0000-1000-8000-" ]]; then
MAC_UUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-62`
fi
# Disable Time Machine's pop-up message whenever an external drive is plugged in
defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true
# Set default screensaver settings
mkdir /System/Library/User\ Template/English.lproj/Library/Preferences/ByHost
# Disabling screensaver password requirement by commenting out this line - can be re-enabled later.
#
# defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$MAC_UUID "askForPassword" -int 1
#
defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$MAC_UUID "idleTime" -int 900
defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$MAC_UUID "moduleName" -string "Flurry"
defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/ByHost/com.apple.screensaver.$MAC_UUID "modulePath" -string "/System/Library/Screen Savers/Flurry.saver"
# Turn off DS_Store file creation on network volumes
defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores true
# Configure Finder to use Column View
defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.finder "AlwaysOpenWindowsInColumnView" -bool true
# Disable root login by setting root's shell to /usr/bin/false
# Note: Setting this value has been known to cause issues seen
# by others when they used Casper's FileVault 2 management.
# If you are running Casper and see problems encrypting, the
# original UserShell value is as follows:
#
# /bin/sh
#
# To revert it back to /bin/sh, run the following command:
# dscl . -change /Users/root UserShell /usr/bin/false /bin/sh
dscl . -create /Users/root UserShell /usr/bin/false
# Make a symbolic link from /System/Library/CoreServices/Directory Utility.app
# to /Applications/Utilities so that Directory Utility.app is easier to access.
ln -s /System/Library/CoreServices/Directory\ Utility.app /Applications/Utilities/Directory\ Utility.app
# Make a symbolic link from /System/Library/CoreServices/Applications/Network Utility.app
# to /Applications/Utilities so that Network Utility.app is easier to access.
ln -s /System/Library/CoreServices/Applications/Network\ Utility.app /Applications/Utilities/Network\ Utility.app
# Make a symbolic link from /System/Library/CoreServices/Screen Sharing.app
# to /Applications/Utilities so that Screen Sharing.app is easier to access.
ln -s /System/Library/CoreServices/Screen\ Sharing.app /Applications/Utilities/Screen\ Sharing.app
# Set separate power management settings for desktops and laptops
# If it's a laptop, the power management settings for "Battery" are set to have the computer sleep in 15 minutes, disk will spin down
# in 10 minutes, the display will sleep in 5 minutes and the display itslef will dim to half-brightness before sleeping. While plugged
# into the AC adapter, the power management settings for "Charger" are set to have the computer never sleep, the disk doesn't spin down,
# the display sleeps after 30 minutes and the display dims before sleeping.
#
# If it's not a laptop (i.e. a desktop), the power management settings are set to have the computer never sleep, the disk doesn't spin down, the display
# sleeps after 30 minutes and the display dims before sleeping.
#
# Detects if this Mac is a laptop or not by checking the model ID for the word "Book" in the name.
IS_LAPTOP=`/usr/sbin/system_profiler SPHardwareDataType | grep "Model Identifier" | grep "Book"`
if [ "$IS_LAPTOP" != "" ]; then
pmset -b sleep 15 disksleep 10 displaysleep 5 halfdim 1
pmset -c sleep 0 disksleep 0 displaysleep 30 halfdim 1
else
pmset sleep 0 disksleep 0 displaysleep 30 halfdim 1
fi
# Set the login window to name and password
defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool true
# Disable external accounts (i.e. accounts stored on drives other than the boot drive.)
defaults write /Library/Preferences/com.apple.loginwindow EnableExternalAccounts -bool false
# Set the ability to view additional system info at the Login window
# The following will be reported when you click on the time display
# (click on the time again to proceed to the next item):
#
# Computer name
# Version of OS X installed
# IP address
# This will remain visible for 60 seconds.
defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
# Sets the "Show scroll bars" setting (in System Preferences: General)
# to "Always" in your Mac's default user template and for all existing users.
# Code adapted from DeployStudio's rc130 ds_finalize script, where it's
# disabling the iCloud and gestures demos
# Checks the system default user template for the presence of
# the Library/Preferences directory. If the directory is not found,
# it is created and then the "Show scroll bars" setting (in System
# Preferences: General) is set to "Always".
for USER_TEMPLATE in "/System/Library/User Template"/*
do
if [ ! -d "${USER_TEMPLATE}"/Library/Preferences ]
then
mkdir -p "${USER_TEMPLATE}"/Library/Preferences
fi
if [ ! -d "${USER_TEMPLATE}"/Library/Preferences/ByHost ]
then
mkdir -p "${USER_TEMPLATE}"/Library/Preferences/ByHost
fi
if [ -d "${USER_TEMPLATE}"/Library/Preferences/ByHost ]
then
defaults write "${USER_TEMPLATE}"/Library/Preferences/.GlobalPreferences AppleShowScrollBars -string Always
fi
done
# Checks the existing user folders in /Users for the presence of
# the Library/Preferences directory. If the directory is not found,
# it is created and then the "Show scroll bars" setting (in System
# Preferences: General) is set to "Always".
for USER_HOME in /Users/*
do
USER_UID=`basename "${USER_HOME}"`
if [ ! "${USER_UID}" = "Shared" ]
then
if [ ! -d "${USER_HOME}"/Library/Preferences ]
then
mkdir -p "${USER_HOME}"/Library/Preferences
chown "${USER_UID}" "${USER_HOME}"/Library
chown "${USER_UID}" "${USER_HOME}"/Library/Preferences
fi
if [ ! -d "${USER_HOME}"/Library/Preferences/ByHost ]
then
mkdir -p "${USER_HOME}"/Library/Preferences/ByHost
chown "${USER_UID}" "${USER_HOME}"/Library
chown "${USER_UID}" "${USER_HOME}"/Library/Preferences
chown "${USER_UID}" "${USER_HOME}"/Library/Preferences/ByHost
fi
if [ -d "${USER_HOME}"/Library/Preferences/ByHost ]
then
defaults write "${USER_HOME}"/Library/Preferences/.GlobalPreferences AppleShowScrollBars -string Always
chown "${USER_UID}" "${USER_HOME}"/Library/Preferences/.GlobalPreferences.*
fi
fi
done
# Determine OS version and build version
# as part of the following actions to
# disable the iCloud pop-up window
# Determine OS version
# Save current IFS state
OLDIFS=$IFS
IFS='.' read osvers_major osvers_minor osvers_dot_version <<< "$(/usr/bin/sw_vers -productVersion)"
# restore IFS to previous state
IFS=$OLDIFS
sw_vers=$(sw_vers -productVersion)
# Checks first to see if the Mac is running 10.7.0 or higher.
# If so, the script checks the system default user template
# for the presence of the Library/Preferences directory.
#
# If the directory is not found, it is created and then the
# iCloud pop-up settings are set to be disabled.
if [[ ( ${osvers_major} -eq 10 && ${osvers_minor} -ge 7 ) ]]; then
for USER_TEMPLATE in "/System/Library/User Template"/*
do
defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none
defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion "${sw_vers}"
done
# Checks first to see if the Mac is running 10.7.0 or higher.
# If so, the script checks the existing user folders in /Users
# for the presence of the Library/Preferences directory.
#
# If the directory is not found, it is created and then the
# iCloud pop-up settings are set to be disabled.
for USER_HOME in /Users/*
do
USER_UID=`basename "${USER_HOME}"`
if [ ! "${USER_UID}" = "Shared" ]
then
if [ ! -d "${USER_HOME}"/Library/Preferences ]
then
mkdir -p "${USER_HOME}"/Library/Preferences
chown "${USER_UID}" "${USER_HOME}"/Library
chown "${USER_UID}" "${USER_HOME}"/Library/Preferences
fi
if [ -d "${USER_HOME}"/Library/Preferences ]
then
defaults write "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
defaults write "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none
defaults write "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion "${sw_vers}"
chown "${USER_UID}" "${USER_HOME}"/Library/Preferences/com.apple.SetupAssistant.plist
fi
fi
done
fi
# Turn SSH on
systemsetup -setremotelogin on
# Turn off Gatekeeper
spctl --master-disable
# Remove the loginwindow delay by loading the com.apple.loginwindow
# LaunchDaemon in /System/Library/LaunchDaemons/
launchctl load /System/Library/LaunchDaemons/com.apple.loginwindow.plist
# Remove setup LaunchDaemon item
rm -rf /Library/LaunchDaemons/com.company.initialsetup.plist
# Make script self-destruct
rm -rf $0