diff --git a/System Configs/Config_Staff.sh b/System Configs/Config_Staff.sh index 2e18a73..86f7916 100644 --- a/System Configs/Config_Staff.sh +++ b/System Configs/Config_Staff.sh @@ -1,63 +1,68 @@ #!/bin/sh ########################################################### -# Script Name: LoginScript.sh +# Script Name: Config_Staff.sh # By: Zack Thompson / Created: 5/14/2015 -# Version: 1.0 / Updated: 6/1/2015 / By: ZT +# Version: 2.2 / Updated: 8/20/2015 / By: ZT # -# Description: This is the login script for Macs. +# Description: This is an configuration script to configure existing Macs in the environment. # ########################################################### +# ================================================== +# Define Variables +# ================================================== +user=$(logname) +userHome=$(eval echo ~$(echo $user)) + +# ================================================== +# Script Body +# ================================================== + # Clear ARD Settings +Echo "Clearing ARD Settings..." sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -uninstall -settings -prefs -configure -privs -none -computerinfo -set1 -1 "" -computerinfo -set2 -2 "" -computerinfo -set3 -3 "" -computerinfo -set4 -4 "" -clientopts -setreqperm -reqperm no -clientopts -setvnclegacy -vnclegacy no -restart -agent # Configure ARD Settings -sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users -ard_admin -allowAccessFor -specifiedUsers -clientopts -setdirlogins -dirlogins yes -setvnclegacy -vnclegacy yes -setvncpw -vncpw "VNCPassword!" -restart -agent +Echo "Configuring ARD Settings..." +sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users ard_admin -allowAccessFor -specifiedUsers -clientopts -setdirlogins -dirlogins yes -setvnclegacy -vnclegacy yes -setvncpw -vncpw 'VNCPassword!' -restart -agent -# Added Domain Admins AD Group to local admin Group. +# Add Domain Admins AD Group to local admin Group. +Echo "Adding Domain Admins AD Group to local admin Group..." sudo dseditgroup -o edit -a "Domain Admins" -t group admin -# Added Domain Users AD Group to local lpadmin Group -- this is the "Print Admin" group. +# Add Domain Users AD Group to local lpadmin Group -- this is the "Print Admin" group. +Echo "Adding Domain Users AD Group to local lpadmin Group..." sudo dseditgroup -o edit -a "Domain Users" -t group lpadmin # Connect to currently logged in (console) user with VNC. +Echo "Setting VNC option to connect to currently logged in (console) user..." sudo defaults write /Library/Preferences/com.apple.RemoteManagement VNCAlwaysStartOnConsole -bool true # Turn off DS_Store file creation on network volumes +Echo "Turnning off DS_Store file creation on network volumes..." sudo defaults write /Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores true sudo defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores true # Disable default file sharing for guest +Echo "Disabling file sharing for guest..." sudo defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool false -# Disable “Application Downloaded from the internet” for the particular applications below -sudo xattr -d -r com.apple.quarantine /Applications/ADPassMon.app - -# Configure Settings for ADPassMon -sudo defaults write /Library/Preferences/org.pmbuko.ADPassMon selectedBehaviour -int 2 -sudo defaults write /Library/Preferences/org.pmbuko.ADPassMon enableKeychainLockCheck -bool true -sudo defaults write /Library/Preferences/org.pmbuko.ADPassMon enableNotifications -bool true -sudo defaults write /Library/Preferences/org.pmbuko.ADPassMon warningDays -int 14 -sudo defaults write /Library/Preferences/org.pmbuko.ADPassMon prefsLocked true - -# Create a LaunchAgent for ADPassMon -sudo defaults write /Library/LaunchAgents/org.domain.ADPassMon.plist KeepAlive -bool true -sudo defaults write /Library/LaunchAgents/org.domain.ADPassMon.plist SuccessfulExit -bool false -sudo defaults write /Library/LaunchAgents/org.domain.ADPassMon.plist Label -string ADPassMon -sudo defaults write /Library/LaunchAgents/org.domain.ADPassMon.plist ProgramArguments -array /Applications/ADPassMon.app/Contents/MacOS/ADPassMon -sudo defaults write /Library/LaunchAgents/org.domain.ADPassMon.plist RunAtLoad -bool true - # Copy over Desktop Shortcuts for Existing Users -osascript -e 'mount volume "smb://server/share"' -cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Intranet.webloc ~/Desktop -cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Kronos\ Workforce\ Central.webloc ~/Desktop -cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Support.webloc ~/Desktop -cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Website 1.webloc ~/Desktop -cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Website 2.webloc ~/Desktop -umount /Volumes/share +Echo "Copying over Desktop Shortcuts for current user..." +Echo "Mounting Share" +sudo -u $user osascript -e 'mount volume "smb://server/share"' +Echo "Share Mounted, copying over shortcuts..." +sudo -u $user cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Intranet.webloc $userHome/Desktop +sudo -u $user cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Kronos\ Workforce\ Central.webloc $userHome/Desktop +sudo -u $user cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Support.webloc $userHome/Desktop +sudo -u $user cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Website 1.webloc $userHome/Desktop +sudo -u $user cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Website 2.webloc $userHome/Desktop +Echo "Unmounting sharing..." +sudo -u $user umount /Volumes/share # Copy over Desktop Shortcuts for New Users +Echo "Copying over Desktop Shortcuts for new users..." sudo osascript -e 'mount volume "smb://server/share"' sudo cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Intranet.webloc /System/Library/User\ Template/English.lproj/Desktop/ sudo cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Kronos\ Workforce\ Central.webloc /System/Library/User\ Template/English.lproj/Desktop/ @@ -67,6 +72,7 @@ sudo cp /Volumes/share/GPO\ Files/Shortcut\ Icons/Website 2.webloc /System/Libra sudo umount /Volumes/share # Disable iCloud & Apple Assistant Popup for new user creation +Echo "Disabling iCloud & Apple Assistant popup for new user creation..." sudo defaults write /System/Library/User\ Template/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE sudo defaults write /System/Library/User\ Template/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none sudo defaults write /System/Library/User\ Template/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion 10.10 @@ -74,6 +80,21 @@ sudo mv /System/Library/CoreServices/Setup\ Assistant.app/Contents/SharedSupport sudo defaults write /System/Library/User\ Template/English.lproj/Library/Preferences/com.apple.finder.plist ProhibitGoToiDisk -bool YES # Disable Time Machine's & pop-up message whenever an external drive is plugged in +Echo "Disabling Time Machine's pop-up message whenever an external drive is plugged in..." sudo defaults write /System/Library/User\ Template/Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true sudo defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true # sudo defaults write /Library/Preferences/com.apple.TimeMachine AutoBackup -boolean NO + +# Configure Munki Repo +Echo "Configuring Munki Repo..." +sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL "https://osxserver.domain.org/Munki_Repo" +sudo defaults write /Library/Preferences/ManagedInstalls ClientIdentifier "Staff" +sudo defaults write /Library/Preferences/ManagedInstalls InstallAppleSoftwareUpdates -bool True +# sudo defaults write /Library/Preferences/ManagedInstalls SoftwareUpdateServerURL "" + +# Bootstrap Munki; creates file that the Munki deamon checks to see if it exits on start and if it does, will check the repo for software updates. +Echo "Bootstraping Munki..." +touch /Users/Shared/.com.googlecode.munki.checkandinstallatstartup + +Echo "Configuration Complete!" +exit 0 \ No newline at end of file