Admin the Mac: Cloning Tips and Tricks
Having a consistent user environment for the majority of your end users is a fairly obvious concept as an administrator of an institution. Documentation for achieving this for Windows users is fairly abundant on the Internet even if it is not typically geared toward the interests of an academic admin. However, Macintosh documentation, to my experience, has been wholly lacking with only some recent articles and posts filling in the void.
This post, along with the others in the series, is an attempt to enable the efforts of admins new to Macintosh deployment in seeing Mac OS X as a viable if not superior platform for deployment within your institution … that is if you have the cash for the original hardware : ) Following are a variety of necessary and/or recommended customizations you’ll likely need as an admin for your institution. Please feel free to suggest alternatives and most definitely, corrections.
Change the Log-in Background
One of the nicer finishes to a custom computer build is the really among the simplest … Change its background! In doing so, all users of this image will see the branding you want them to see, the legalese you want them to accept, and most important of all, they’ll feel like you really know what you’re doing even though all you did was change its background. The ability to change the log-in background is damn-near godlike for typical academic end-user and they’ll respect you even if they have no idea what you did. Ahhh! Taste sweet delicious ‘job security.’
Apple is currently shipping its Leopard OS with the default background of an aurora borealis which, while beautiful, does not make your machine standout. Some practical considerations here: If you plan on using you Mac within a lab environment, you’ll want them to perhaps include an acceptable use policy, instructions on how to log on and, of course, your institution’s logo, mascot, or other such branding. First, this lends itself to increased professionalism and has the added benefit of making it fairly distinctive. With this is mind:
- Create your backgrounds using a program such as Photoshop or The GIMP for the various aspect ratios you expect to find. 4:3 for standard monitors, 16:10 for modern LCDs
- Create layers in these master files that will be visible when you save for the log-in background and not visible when saving for the user’s profile background
- Save all of these to your /Library/Desktop Pictures folder so that when you image this machine they’ll be available no matter what machine you cast it upon
Once you have all of these ready as JPEGs or PNGs, go ahead a drop them into the /Library/Desktop Pictures folder so that they’ll be available to all of the machine’s users. However, since these are your pictures (ie. you own them) that just so happen to be sitting in a system-wide folder, we need to correct their permissions so that other users (as well as the system itself) will be able to read these files. Assuming our files begin with ‘Background’:
sudo chown root:admin "/Library/Desktop Pictures/Background*" sudo chmod 664 "/Library/Desktop Pictures/Background*"
Now we need to tell the system to use our new log-in background instead of the its default image of the aurora borealis. This is controlled by a plist file /Library/Preferences/com.apple.loginwindow.plist. If you have the Xcode tools installed then you can use its Property List Editor but for simplicity’s sake, simply run this in your Terminal app:
sudo defaults write /Library/Preferences/com.apple.loginwindow DesktopPicture "/Library/Desktop Pictures/Background 4x3.jpg"
Now, if all is well, you should be able to log out and see that the default background has been replaced with your customized background.
Change the Default User Profile
Once you’ve spent all your time getting the model profile just the way that you like it, the next logical question is how to make it the default profile used no matter who logs in. First, however, remember that the state that this profile is in will be saved in its entirety and used by each new user till the end of time. I always recommend doing a sort of pre-flight checklist:
- Clear your browser(s) history, passwords, cache, bookmarks, etc.
- Clear your Finder’s Recent Items list (Apple > Recent Items > Clear Items)
- Check the profile’s Downloads, Pictures, and Document folders
- Physically delete Keychains from Keychain Access (Users/Model Profile/Library/Keychains)
- Make certain all of your programs have been initialized (launched) and set the way you like
- Finally, empty the Trash
Now we need to use this model profile to replace the factory default profile that the machine steps out with. Open your Terminal app and run the following:
sudo cp -r "/System/Library/User Template/English.lproj" "/System/Library/User Template/English.lproj.old" sudo cp -r ~/* "/System/Library/User Template/English.lproj" sudo chown -R root:wheel "/System/Library/User Template/English.lproj"
Change/Remove License Strings
Applications such as Microsoft Office 2008 do not like it when you duplicate a license from one machine to another. Something about EULA, pirating (see ‘softlifting’), capitalism blah de blah, blah… Anyway, it behooves you as an admin to start taking precautions beyond the standard ritual sacrifice to Cthulhu to ward off license compliance auditors.
If you are planning on a large scale deployment, you need to talk to your software vendor to be certain you are acquiring a volume license string suited to the size of your deployment, else you might find yourself physically visiting 100+ machines well into the wee hours of the night manually entering strings for everything you’ve installed. However, for smaller deployments it’s probably best to install the app with one string but wipe it before taking your master image. Here’s how to handle this with Office 2008:
Microsoft Office 2008
Before launching any office app you’ll need to change the license string (or as Microsoft calls it: Product ID) to a unique string specific to this machine. Microsoft keeps this string in two locations:
rm ~/Library/Preferences/Microsoft/Office 2008/Microsoft Office 2008 Settings.plist sudo rm /Applications/Microsoft Office 2008/Office/OfficePID.plist
Cut and paste the new string on top of the old one or simply delete both files to make Office think this is a new installation.
Reinitialize Apple Setup Assistant
Say, for example, that you want to be able to clone a machine with your specialized image but you still want your end user to go through the same process that any other new Mac owner would go through if they had just got it out of the box: user name, password, address etc. Basically, you want to trick your Mac into thinking that it is brand spanking new. Well, when a Mac boots up it looks for a certain hidden file. If present it will boot up normally. If it is not there, it assumes that the machine has not been setup yet and will launch its setup wizard. Long story short: Delete this file.
sudo rm /var/db/.AppleSetupDone
Only do this, however, when you are completely finished with the machine and the next user is going to be its owner. It is important to note that this will not wipe out your admin account but it will allow the next user to be become the default administrator for the machine.
- Peachpit’s Sample Chapter from Apple Training Series: Mac OS X Deployment v10.5
- Apple’s System Imaging and Software Update Administration Guide
- Microsoft’s Mactopia for IT Professionals
Trackback from your site.