michael/MacAdmin
1
0
Fork 0
mirror of https://github.com/MLBZ521/MacAdmin.git synced 2026-03-06 10:22:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

v1.0 = First Production Version

Browse Source 
v2.0 = Forked original LoginScript.sh and repurposed as an Enrollment Configuration Script.
v2.1 = Added Munki support for Apple Software Updates.
v2.2 = Forking from here to point to specific Munki Manifests.  Configured for Staff Manifest.
This commit is contained in:
Zack T
2015-11-05 22:09:39 -07:00
parent 2f796b6fa5
commit 3d4bd16c9d
1 changed files with 51 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
System Configs/Config_Staff.sh
View File

@@ -1,63 +1,68 @@
#!/bin/sh
###########################################################
# Script Name: LoginScript.sh
# Script Name: Config_Staff.sh
# By: Zack Thompson / Created: 5/14/2015
# Version: 1.0 / Updated: 6/1/2015 / By: ZT
# Version: 2.2 / Updated: 8/20/2015 / By: ZT
#
# Description: This is the login script for Macs.
# Description: This is an configuration script to configure existing Macs in the environment.
#
###########################################################
# ==================================================
# Define Variables
# ==================================================
user=$(logname)
userHome=$(eval echo ~$(echo $user))
# ==================================================
# Script Body
# ==================================================
# Clear ARD Settings
Echo "Clearing ARD Settings..."
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -uninstall -settings -prefs -configure -privs -none -computerinfo -set1 -1 "" -computerinfo -set2 -2 "" -computerinfo -set3 -3 "" -computerinfo -set4 -4 "" -clientopts -setreqperm -reqperm no -clientopts -setvnclegacy -vnclegacy no -restart -agent
# Configure ARD Settings
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users -ard_admin -allowAccessFor -specifiedUsers -clientopts -setdirlogins -dirlogins yes -setvnclegacy -vnclegacy yes -setvncpw -vncpw "VNCPassword!" -restart -agent
Echo "Configuring ARD Settings..."
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users ard_admin -allowAccessFor -specifiedUsers -clientopts -setdirlogins -dirlogins yes -setvnclegacy -vnclegacy yes -setvncpw -vncpw 'VNCPassword!' -restart -agent
# Added Domain Admins AD Group to local admin Group.
# Add Domain Admins AD Group to local admin Group.
Echo "Adding Domain Admins AD Group to local admin Group..."
sudo dseditgroup -o edit -a "Domain Admins" -t group admin
# Added Domain Users AD Group to local lpadmin Group -- this is the "Print Admin" group.
# Add Domain Users AD Group to local lpadmin Group -- this is the "Print Admin" group.
Echo "Adding Domain Users AD Group to local lpadmin Group..."
sudo dseditgroup -o edit -a "Domain Users" -t group lpadmin
# Connect to currently logged in (console) user with VNC.
Echo "Setting VNC option to connect to currently logged in (console) user..."
sudo defaults write /Library/Preferences/com.apple.RemoteManagement VNCAlwaysStartOnConsole -bool true
# Turn off DS_Store file creation on network volumes
Echo "Turnning off DS_Store file creation on network volumes..."
sudo defaults write /Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores true
sudo defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores true
# Disable default file sharing for guest
Echo "Disabling file sharing for guest..."
sudo defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool false
# Disable “Application Downloaded from the internet” for the particular applications below
sudo xattr -d -r com.apple.quarantine /Applications/ADPassMon.app
# Configure Settings for ADPassMon
sudo defaults write /Library/Preferences/org.pmbuko.ADPassMon selectedBehaviour -int 2
sudo defaults write /Library/Preferences/org.pmbuko.ADPassMon enableKeychainLockCheck -bool true
sudo defaults write /Library/Preferences/org.pmbuko.ADPassMon enableNotifications -bool true
sudo defaults write /Library/Preferences/org.pmbuko.ADPassMon warningDays -int 14
sudo defaults write /Library/Preferences/org.pmbuko.ADPassMon prefsLocked true
# Create a LaunchAgent for ADPassMon
sudo defaults write /Library/LaunchAgents/org.domain.ADPassMon.plist KeepAlive -bool true
sudo defaults write /Library/LaunchAgents/org.domain.ADPassMon.plist SuccessfulExit -bool false
sudo defaults write /Library/LaunchAgents/org.domain.ADPassMon.plist Label -string ADPassMon
sudo defaults write /Library/LaunchAgents/org.domain.ADPassMon.plist ProgramArguments -array /Applications/ADPassMon.app/Contents/MacOS/ADPassMon
sudo defaults write /Library/LaunchAgents/org.domain.ADPassMon.plist RunAtLoad -bool true
# Copy over Desktop Shortcuts for Existing Users
osascript -e 'mount volume "smb://server/share"'
cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Intranet.webloc ~/Desktop
cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Kronos\ Workforce\ Central.webloc ~/Desktop
cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Support.webloc ~/Desktop
cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Website 1.webloc ~/Desktop
cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Website 2.webloc ~/Desktop
umount /Volumes/share
Echo "Copying over Desktop Shortcuts for current user..."
Echo "Mounting Share"
sudo -u $user osascript -e 'mount volume "smb://server/share"'
Echo "Share Mounted, copying over shortcuts..."
sudo -u $user cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Intranet.webloc $userHome/Desktop
sudo -u $user cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Kronos\ Workforce\ Central.webloc $userHome/Desktop
sudo -u $user cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Support.webloc $userHome/Desktop
sudo -u $user cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Website 1.webloc $userHome/Desktop
sudo -u $user cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Website 2.webloc $userHome/Desktop
Echo "Unmounting sharing..."
sudo -u $user umount /Volumes/share
# Copy over Desktop Shortcuts for New Users
Echo "Copying over Desktop Shortcuts for new users..."
sudo osascript -e 'mount volume "smb://server/share"'
sudo cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Intranet.webloc /System/Library/User\ Template/English.lproj/Desktop/
sudo cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Kronos\ Workforce\ Central.webloc /System/Library/User\ Template/English.lproj/Desktop/
@@ -67,6 +72,7 @@ sudo cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Website 2.webloc /System/Libra
sudo umount /Volumes/share
# Disable iCloud & Apple Assistant Popup for new user creation
Echo "Disabling iCloud & Apple Assistant popup for new user creation..."
sudo defaults write /System/Library/User\ Template/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
sudo defaults write /System/Library/User\ Template/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none
sudo defaults write /System/Library/User\ Template/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion 10.10
@@ -74,6 +80,21 @@ sudo mv /System/Library/CoreServices/Setup\ Assistant.app/Contents/SharedSupport
sudo defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.finder.plist ProhibitGoToiDisk -bool YES
# Disable Time Machine's & pop-up message whenever an external drive is plugged in
Echo "Disabling Time Machine's pop-up message whenever an external drive is plugged in..."
sudo defaults write /System/Library/User\ Template/Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true
sudo defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true
# sudo defaults write /Library/Preferences/com.apple.TimeMachine AutoBackup -boolean NO
# Configure Munki Repo
Echo "Configuring Munki Repo..."
sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "https://osxserver.domain.org/Munki_Repo"
sudo defaults write /Library/Preferences/ManagedInstalls ClientIdentifier "Staff"
sudo defaults write /Library/Preferences/ManagedInstalls InstallAppleSoftwareUpdates -bool True
# sudo defaults write /Library/Preferences/ManagedInstalls SoftwareUpdateServerURL ""
# Bootstrap Munki; creates file that the Munki deamon checks to see if it exits on start and if it does, will check the repo for software updates.
Echo "Bootstraping Munki..."
touch /Users/Shared/.com.googlecode.munki.checkandinstallatstartup
Echo "Configuration Complete!"
exit 0