[Casper] after image, first time run scripts

Ryan Harter ryan.harter at uwsp.edu
Mon Dec 15 14:31:17 PST 2008 

Not to hijack the thread, but I just have a quick question about some  
of what you guys are talking about.

I do a lot of scripting and I'm not sure what you mean by "securely"  
delete.  Is there something you run besides 'rm' to delete your files?


Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

On Dec 15, 2008, at 2:32 PM, Jeremy Matthews wrote:

> Well,
>
> I suppose running a script only once is not a problem, since you can  
> have it issue a command to securely delete itself after complete.
>
> You can create a user-specific launchd item, so you're covered there  
> as well. Since I haven't tried to do using this method I suppose if  
> you wanted to run something only at first login, you could create a  
> loginhook which executes said scripts, and then create a logouthook  
> which deletes the loginhook and the logout hook.
>
> Would that work?
>
> -j
>
> On Dec 15, 2008, at 3:21 PM, Thomas Larkin wrote:
>
>> That is pretty much exactly what I want to do.   I am familiar with  
>> all the commands since I already have scripts that do all of this.   
>> However, I am looking for a script that only runs for the local  
>> admin account and only runs at first log in.  We image behind  
>> routers at times and these routers run NAT so it doesn't always hit  
>> the JSS since I don't have FQDN set up and all the forwarding, etc  
>> on each router.  We also run CompuTrace which is MAC address  
>> sensitive which is why I have the NIC and Airport turned off in the  
>> master image.
>>
>> I found really when mass imaging machines block copying performs  
>> faster than package based deployment and I never image one to 4  
>> machines at a time.  I always image over 10 at a time if I can, if  
>> not more than that even.  So, I like to block copy and have all the  
>> basics in the main image.
>>
>> So when someone from my department images a machine they just log  
>> in as local admin once, it runs all it needs to do, then it shuts  
>> down the machine.  So they can log in and walk away and when they  
>> come back they can toss it in a laptop cart.
>>
>> Overall, not a huge deal but it wold definitely make our lives like  
>> 1 or 2 percent easier.
>>
>> thanks,
>>
>> >>> Jeremy Matthews <jeremymatthews at mac.com> 12/15/08 2:08 PM >>>
>> We actually do this in a few spots.
>>
>> We have several packages and scripts that run after a machine is
>> booted for the first time via LaunchDaemon (some after someone first
>> logs in) - this does a number of things, including:
>>
>> 1) Renaming the system volume so our scripts actually work!
>> 2) installing casper and creating a casper-only service account
>> 3) creating a new hidden admin account (and removing the temporary  
>> one)
>> 4) installing computrace
>> 5) creating a loginhook for all users
>> 6) naming the machine
>> 7) setting ARD access
>> 8) Installing certs and binding to our OD Server via SSL
>> 9) Cleaning up caches
>> 10) Fixing permissions
>> ....etc
>>
>> ....then the script securely deletes each item, including the
>> LaunchDaemon, while securely deleting itself last.
>> Works great!
>>
>> -jeremy
>
> <ATT00001.txt>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081215/c5b4c08c/attachment.html

More information about the Casper mailing list