Scripts can be fun but they can also be a never-ending nightmare. A friend recently asked me to share my BYOD setup script that I use in my environment. It may be a little rough and in some spots quite specific however I thought I would share it. I utilise Jamf’s Casper suite (can’t recommend them enough!) so some parts of the script do reference their tools.

I use this script on BYOD devices. It sets up some basic things: ntp servers, gatekeeper, it also installs some additional packages. The script also creates some hidden management accounts on the device. This is not a copy/paste script, you will need to change it to suit your environment.

If there is enough interest I’m happy to write a generic setup script. If you have any suggestions or request you can reach me @jacobcurulli

#!/bin/bash
# BYOD Setup script - now with popups!
# J.Curulli - 20th November 2015
# Updated 03 December 2015 - Fixed computer naming section, updated to standalone for BYOD USB deployment
# Also now logs to the /var/log/jamf_imaging.log file
invitationid="yourInvitationIdHere"
##################################
# Check is jamf_imaging.log file exists, if not then create it and let us write to it
log="/var/log/jamf_imaging.log"
if [ ! -f "$log" ]; then
touch $log
chmod 777 $log
echo "$(date +"%a %b %d %H:%M:%S") - Created jamf_imaging.log file just now" >> /var/log/jamf_imaging.log
fi
# Turn off Gatekeeper because it's icky
spctl --master-disable
# Install some important packages
installer -pkg /private/var/.temp/agent-setup-2.47.23-unmanaged -target /
installer -pkg /private/var/.temp/Certificates.pkg -target /
# Remove the packages
rm -rf /private/var/.temp/agent-setup-2.47.23-unmanaged.mpkg
rm -rf /private/var/.temp/Certificates.pkg
# Setup the login window to display some additional information
#
# Computer name
# Version of OS X installed
# IP address
# clicking on the time will show the next item
defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
# Configure time settings
# Set the time zone
/usr/sbin/systemsetup -settimezone Australia/Perth
# Set the primary network server using systemsetup -setnetworktimeserver
# This will clear any current ntp settings
# add the first time server as the first line.
/usr/sbin/systemsetup -setnetworktimeserver ntp.yourtimeserver
# Add the second time server as the second line in /etc/ntp.conf
echo "server ntp.yourdomain.local" >> /etc/ntp.conf
# Add the third time server as the third line in /etc/ntp.conf
# I use time.apple.com just incase all else fails
echo "server time.apple.com" >> /etc/ntp.conf
# Sets the Mac to get the time from the network
/usr/sbin/systemsetup -setusingnetworktime on
# Do a sync now
ntpdate -u ntp.yourserver
# Disable Time Machine's pop-up message whenever an external drive is plugged in because it's annoying
defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true
# This part of the script can be removed if not needed. It gets the students details in order to correctly name their laptop.
# This part could be edited to enable account creation for the BYOD student
# Get some details to correctly name the laptop
# prompt and get firstname
function getfirstname() {
osascript <<EOT
tell app "System Events"
text returned of (display dialog "$1" default answer "$2" default button 2 with title "$(basename $0)")
end tell
EOT
}
firstname="$(getfirstname 'Please enter the students first name:' '')"
# prompt and get lastname
function getlastname() {
osascript <<EOT
tell app "System Events"
text returned of (display dialog "$1" default answer "$2" default button 2 with title "$(basename $0)")
end tell
EOT
}
lastname="$(getlastname 'Please enter the students last name:' '')"
# prompt and get username
function getusername() {
osascript <<EOT
tell app "System Events"
text returned of (display dialog "$1" default answer "$2" default button 2 with title "$(basename $0)")
end tell
EOT
}
username="$(getusername 'Please enter the students school username:' '')"
# The school username is so we can enroll them in Capser and have the device assigned to them
# prompt and get cohort
# This is the students graduating year and is picked up by Casper to use with smart groups
function getcohort() {
osascript <<EOT
tell app "System Events"
text returned of (display dialog "$1" default answer "$2" default button 2 with title "$(basename $0)")
end tell
EOT
}
cohort="$(getcohort 'Please enter the students cohort:' '')"
# Create Computer Name and Local Host name
computername="$firstname $lastname``'s Macbook"
localhostname="$firstname"-"$lastname"-"Macbook"
# Set computer name but first log the current name for records
echo "$(date +"%a %b %d %H:%M:%S") - Getting ready to update computer name, current name is $CurrentName" >> /var/log/jamf_imaging.log
# This line can be used if you utilise the Casper suite from Jamf
jamf setComputerName -target / -name "$computername"
# Set the computer name
/usr/sbin/scutil --set ComputerName "$computername"
/usr/sbin/scutil --set HostName "$computername"
/usr/sbin/scutil --set LocalHostName $localhostname
echo "$(date +"%a %b %d %H:%M:%S") - Name has now been updated to: $CurrentName" >> /var/log/jamf_imaging.log
# Set BYOD to yes
byod="Yes"
# Check if /var/.temp exists if it doens't then create it
dir="/var/.temp"
if [ ! -d $dir ]; then
mkdir $dir
fi
# Write to the text files to be picked up by the recon
# These variables are picked up by the extension attributes in Casper for smart groups
echo "$computername" > /var/.temp/computerName.txt
echo "$cohort" > /var/.temp/department.txt
echo "Yes" > /var/.temp/BYOD.txt
# Create the management account
# I like to hide the user home folders so students don't get curious
mkdir /var/.admin
dscl . -create /Users/admin
dscl . -create /Users/admin UserShell /bin/bash
dscl . -create /Users/teacher RealName "Administrator"
dscl . -create /Users/admin UniqueID 404
dscl . -create /Users/admin Picture /Library/User\ Pictures/Sports/Hockey.tif
dscl . -create /Users/admin PrimaryGroupID 20
dscl . -create /Users/admin NFSHomeDirectory /var/.admin
dscl . -passwd /Users/admin yourpasswordhere
cp -R /System/Library/User\ Template/English.lproj /var/.admin
chown -R admin:staff /var/.admin
dscl . -append /Groups/admin GroupMembership admin
# Also create the tech admin account for repairs
mkdir /var/.tech
dscl . -create /Users/tech
dscl . -create /Users/tech UserShell /bin/bash
dscl . -create /Users/tech RealName "Tech User"
dscl . -create /Users/tech UniqueID 407
dscl . -create /Users/tech Picture /Library/User\ Pictures/Sports/Hockey.tif
dscl . -create /Users/tech PrimaryGroupID 20
dscl . -create /Users/tech NFSHomeDirectory /var/.tech
dscl . -passwd /Users/tech yourpasswordhere
cp -R /System/Library/User\ Template/English.lproj /var/.tech
chown -R tech:staff /var/.tech
sudo dscl . -append /Groups/admin GroupMembership tech
# Hide service accounts from users and groups
defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE
Display a popup
osascript -e `display notification "Created service accounts" with title "Attention"`
# recon with username and enroll if needed
jamf recon -endUsername $username
jamf enroll -invitation $ivitationid
exit 0