Automate Yourself Out of a Job

hello everybody my name’s Graham I’m the lead engineer IT consultant see we called pebble IT and today I’m going to talk about how you cannot make yourself out of a job so don’t worry about taking notes decides to be a pro provide at the end if you have any questions just shout out laid it out give your mic but please hold your questions and during the demos because they’re all recorded because I’m bitter worse not to do in life so I’ve tried to keep it quite brief so we’ve got loads of time for Q&A Q&A at the end and I’m gonna be skimming over several topics at quite quick pace at a high level so just think this is a jumping-off point on your journey into automating yourself into Nirvana whatever okay so as you may have guessed in the accent I’m from England so here’s my legal obligation turn a picture of the Queen so I’ve been a waste anyone’s time so I wanna be very upfront about what I’m not going to be talking about today I’m not talking about monkey not talking about puppet I’m not talking about to police to do I’m not talking about water package I’m not talking about Casper on this with my far away if I’m not talking about absolute manage so you might be sat there thinking well earth is he going to be talking about then only talking about the basic concept you’re gonna need to be armed with to effectively use any of those tools you don’t have to get very far at all without using known about launch statements launch agents some basic scripting profiles some packaging and how to shove it all into an image so no leaving good stuff right so I’m sure you’ve all seen this screen hundreds if not thousands of times it’s a blank canvas it’s waiting to be customized by an exciting new Mac user when they get home they’re set in a lap or an office environment any time spent doing that customization is wasting someone’s time our clients have slightly different needs they want apps in the dark they want short cuts to file servers on the desktop they want the corporate logos to wallpaper they want the environment ready to go the minute someone logged in any time spent connecting to servers or finding out is valuable teaching time wasted or money lost so what are options to get us going when I first started out doing this I did and got knock out the box sight they’re feeding disks in then I sell the user I’ve changed wallpaper I put mail Safari meeting maker in the dark I copy shortcuts to the file server on to the desktop and if you’re only looking after a small number of machines that don’t get new users very often that might be all you need right so I came here when I was looking after very small businesses I’ve maybe saying up the new machine once a month then I went in house for a couple years it’s at that job that I saw this list hit and I started off doing it all by hand again and it was okay then I got busy I’ll see it up near machines every day so I’ve gone to the Google to see how everyone else was doing it and it seemed like they’re all using the default user template so for those who don’t know the thief Obi’s the template is how the operating system creates new users place the default doc wallpaper etc etc and it turned out I could put my own stuff in there and it appeared on every new user I created it was absolutely amazing and on the face of it it looks like quite a good option really I mean it’s really easy you just click around South the user than you’re done and you just need to get on the google for like a couple of lines to stick in the terminal to set the permissions correctly and near their John’s awesome isn’t it not so fast there are a couple of caveats you need to be aware of default is the template it’s only used when a new user is created if you’re working environments where you’re only setting defaults for your users and you don’t really care what they do afterwards that might not be a problem of course that is until you need to change something maybe you need to deploy a shortcut to new file server or you just want to create a cloud you need to stick the apps on the dock good luck doing that the user template your bats walking around to each machine by hand or praying that a RDS decides to work properly for a change and I cannot stress this enough flash system is Apple’s directory unlike any other partly operating system there is no warranty on what happens oh they can do whatever they damn well please any changes you make may be changed or modified without any notice at all you might just find four months worth of updates and then you install that one OS update that nukes you’re lovingly crafted user template so if we can’t use the default user template reliably we need to change our approach this is the only place that the operate system looks for configuring new home directories so our vector of attack needs to change so depending what you’re trying to change you’ve got a few options for triggering them once themes are going to run a script or command at any point even the login window is route like run on schedule or they can look for a fastest-moving so I fired exchangers do this as I said they run rate so they can do anything

so I’d use and perform changes like binding to ad or setting the time zone that kind of stuff so this is launch statement it’s going to run use a local Mac Naima Naima when the map boots and it’s gonna run again every 10 sec ten minutes he’s feeling that confused but up I know I was my first little ‘m so if you’re more comfortable using GUI there’s nothing on X do you make sure you get the version directly from the app there developer though because the ones from the App Store really limit them well they can do so launch agents are very similar to launch neighbors but instead of running his route they’re honest to current user which means they’re very useful for running commands that modify the current users environment setting wallpapers modifying files and users home directory this is going to be our primary tool for today you can stick launch agents in slash library launch agents which will affect all users or if you own affect one user you can stick them in the home directory and as login and logout books they’re really basic their scripts at run his route every time the user logs in logs out there’s nothing else to them they there’s no scheduling there’s no other options they do have a have their users I have a logout hook that deletes a student’s home directory in a lab setting like you’re probably I can use them very often and the club don’t use cron it’s that case by Apple it could go away at any point don’t bother using it alright slow dance business our first job is going to be to set the wallpaper so before we start let’s review our goals this needs to work with 10 9 rajaiah t’v methods you’ll find on the Internet will only work with 10 8 lower some of our users using that books you’re just using the internal screen some on that produce with free experience we need to handle all of those any change we make must be applied to new and existing users there’s no point to doing all of this work and then having to walk around and change your existing machines but we’re not going to enforce a change we’re gonna do it if we could if wanted to but we’re gonna let our users change their desktop to a pitcher like Carol what if they want so you might be sat there thinking you have absolutely no idea how you start to tackle this problem I mean it’s not like we’re gonna walk around set it by hand is it so the best way to start thinking about automating any process when I was 10 is to find a way to do on the command line once you find a way to do it on the command line your most of the way there already the terminal is about to come your best friend in the whole world so used to be able to use mcx or profiles set the wallpaper as the preferences just stored in the palest in Mavericks these settings moved to a secret database so we have the fun choice of modifying the database directly which I’m not going to do or we can use Apple’s approve method to use apple’s built-in api’s they can be quite complex so i’ve written the script I’ll wrap this around for you you just need to tell set best docs desktops where your image is and it will set all of the attached screens to your chosen image so I’m who knows what the backslash at the end of the first line marries fantastic yes it’s just telling the terminal we’re wrapping the tree to all is the same line so that’s all when we’re looking good but we need to turn this into a script we can actually use so today we’re going to primarily use bash which at its simplest allows us to see exactly the same would if we were typing manly into the terminal so the first line is telling the operating system which interpreters to use there are several available in ours 10 as well as Basterds Python this Ruby and there’s more but they’re all about scope for today’s talk so we can sleep with bash so set desktops is a Python script and we are specifying which particular Python barn we’re going to run it with this isn’t strictly required because the operating system will generate will normally do the right thing with it however the person writing the script might not specify which version of Python that script needs to use or you could be looking after a developer who has completely screwed up with a Python they could have 15 version different versions of Python on there so we’re just specifying we want to use the system 1 then we give the full path to our script lives on the file system and we pass the path argument to set the value of that to any image date on the file system that could be anything used in system preferences so it might be wondering how we’re going to run this script on user actually looks in we’re gonna use a tool called trip Runner it’s written by Nate walk it’s quite straightforward you point it towards two folders one that contains scripts you want to run every login and one folder you want H one just once and this is the launch agent for script Runner so we’ve told it to run when the user logs in the run upload section and we’re going to run it once because we’re not scheduled

how often should run we passed two directories as arguments to the script where we are once and every scriptural live and the actual script run the script has been to slash user local bin how it gets there is something we’ll cover a bit later on and for comparison this is what that launch agent will look like when you open it in League One X so the basic rule of law in statements on launch agents is when you put spaces on the command line it goes between its own string tags so we only want the scripture on one for each user so it’s can be installed in someone’s directory and I have appended the date on to in the name of the script this is because script runner keeps track of each script it’s run by its name so if we wants it over update this script and run it again we need to change the name of the file this also gives us the added bonus of having the flexibility available to modify the script and not affect existing users or just keep the same name like that’s the wallpaper is relatively painless so I’m time for the doc doc util was made by Carl Crawford and it’s a tool which is able to add or remove specific items from evil one particular doc or all of the users Doc’s on a system so style for removing everything from the default doc there’s loads of stuff in there and spilling sad bit of a moving target Apple seems to shoving more and more in there every single release of verse 10 so it’s get rid of it all now we start adding our individual items you can it’s best for like specify a location if you like but by default it’s just going to pop it into the right-hand engine doc but Patil will restart the doc after adding an item to make it show up but we’re going to be adding loads of items products so we want it not to restart if we didn’t do this our script would still work but it’ll take a bit longer to run and people might get bit motion sickness because the doc goes up and down up in high nothing down there are the self on script the first line should be familiar and then we’re looking at our first variable we’ve done this because we’re using the path to doc util over and over and over again so we save a bit of typing because the manual labor is option rubbish and if the path to talk still ever changes our scripts lazy to fix so we get rid of all items in the dock we had our apps in then finally stick the Downloads folder backing because we took everything out and allow the doctor restart and we’re rattling through so that’s our wallpaper on top sorted so now we’re going to give up users access to some file servers there are things called ASP lock files when you double-click them they just mount the file server and they just appear list and despite the name they can be used to connect to any kind of server SMB your NFS as well as AFP so let’s have a quick look at some making so I start off with only the defaults right in the terminal when it’s best fight where it should go and point it towards our file server then I’m going to get info on the file because we need to change file extension from peerless to AFP lock and I could leave it at this and it’ll work you could double click on it easier to get to file servers because all of our users are flouncy creative types they make things look pretty so in slash systems that’s library such call services you will find a file called core types bundle you go in there find loads of icons and because I’m bit old-school when we choose neck surf guess we all got later loads left go get info on that get in front of a feedlot file and you just drag the icon over and it looks pretty and praise me it actually works as well for us ok so that’s net P dot file now we need to actually get it onto users desktops so we’re not going to copy over by hand obviously so we can use the CP command for that it’s exactly the same as copy it in the finder but there’s significantly less legwork involved so it’s syntax it’s simply CP your source file and then your destination so that’s how we’re going to copy into place how we actually even get all of our scripts and this stuff onto the machines in the first place but we’re going to use packages so why do you want to use packaged packages have several benefits over any other method of getting files onto your Mac’s first off they explicitly put it where it needs to be there’s no faffing about and you get a guarantee sorry did some things but did something sneak past the British – American

Translation sorry messing alright right right um hey we’ll take a moment calm down okay so you didn’t guarantee that files got the correct ownership and permissions as well packages can be used by anyone no training its double-click on it I mean it’s about as easy as it gets and so they can be used with virtually any management system and something is simple – is a are they to monkey or Casper if you really wanted to for me though the biggest bonus of putting your configuration – packages is the flexibility it gives you you put your settings in your image or if you get a new Mac with weird I’ll build on it you can layer your packages over the top of that clean operating system and you’ll support new models from day zero or using the same packages so let’s have a look at some options for making packages back in the day Apple recommends use a package maker to make your packages I wouldn’t recommend it but there there’s I spoke that’s free one from the same people there’s packages and if you need the paid full version there’s composer but I don’t use any of those I prefer to talk up the luggage this is the heart of the luggage to make file we’re essentially just describing what you do on the command line should get your files there and it’s going to convert it into a package for you so why on earth would you want to use this weird archaic system over the pretty geary apps that I just mentioned every time you make a package with a luggage you are going to get the same output from the same input you’re describing in a text file exactly what needs to happen you’re not directing a weird fleshy thing us where to click every there is a tool built-in to make packages on a stem that’s what the luggage uses underneath the hood but the luggage gives us a lot of functionality free that we’d have to recreate if we use package building so get the luggage installed is actually quite straightforward so first off we’re gonna open up a terminal window and we type in git because we do not have the command line tools installed it’s gonna offer to install them click the button read the Euler very carefully don’t skip it and it stuff gets in store and thanks the wonders of video editing is sped up ever so slightly note so we don’t go back to our terminal and we’re gonna use git to clone a repository from github don’t worry if knowing that means we literally just downloading some files of github if we’re not done we’re gonna move into the directory we’ve just created and it’s going to type in make bootstrap underscore files going to ask for your admin password because it needs to move stuff around your system and as long as you don’t see any errors you’re done that is all there is to get there like going with luggage and stuff so making a package for the luggage is quite straightforward if you’re using a pre-existing make file so don’t worry if you don’t understand everything you see here right now I’m gonna point you toward some tutorials at the end this is the make file that we’re going to use to create an installer for script run we’ve set the title of the Installer window named in a package to identifying the version all the you has to do that and whatever tool you used more interesting parts of us is the payload section we have to payloads the first is reference later on in the script but to install the launch agent that lives in the same directory as I make file we just use that one line the luggage knows about loads of common locations to install things on a Mac so I just need to give it that one line to type and it all set set the ownership permissions and drop it in the right place for us so I’m underneath that we’re going to actually install scripts on them so we’ve already seen it’s a one-liner to get something off get and sorry something sorry I thought you had yonder okay so we see it’s one liner to get something from gates so we’ve and we’ve already seen they it’s really quite straightforward to run stuff in the luggage so we can get this to do it on its own we we could clone by hand if we really wanted to but that’s the manual step and if that’s a really dull and tedious sewing to get the robots to do it for us so line by line don’t get clone the repository we copy the file script owner to use a local pen set your permissions we clean up after ourselves so if we were using packaged bills or most of the other GUI tools I’ve just mentioned not only would we need to manually close the repository but we’d also need to manage the creation of slash user slash local strip in because as I said the luggage knows about all the common locations on line 13 we’ve just inherited that so now I’m

actually making the package get back into your best friend the terminal change into the directory that has on mate file I’m just typing mate package stick your password him and the robot makes the package way you don’t care about any output because it’s just happening in the background and there’s no package so the point to the luggage is that we can reliably make the same package every single time if we need to make a change but can compare the two mate files side-by-side an app like kaleidoscope we can easily see what’s changed we can use source control if we want to we can start thinking about packages like hope so during a conference you might have heard people talk about in TX that’s how we used to configure our necks and yes it does still work but Apple says you shouldn’t be using anymore so we’re gonna do what the free company tells us to so we can use profiles you have a couple of options making profiles let’s profile manager it’s not just directly for managing your Apple devices I don’t use it for that at all but it can also make profiles for you it can download using other methods very straightforward Sam profile manager um I have a 10-9 server in a VM on this machine just for generating profiles and profile manager and if you’re gonna want to modify the contents of a profile outside of profile manager because they’re just plain text files don’t sign them you just have to hope you can open up in the text text editor once that’s on ticked so after you’ve made your profile download it it’s really cryptic how you have to download it so I thought about highlighting there’s also an texture profile it’s a tool creative watch app called Tim Sutton it can take existing and check settings or as we’re gonna use it for a preference file to create a profile so here’s I use it let’s say you configured office 2011 not to auto update you’ve gone through all the windows and you tip the boxes and all looks lovely you can run in texture profile against the pillar so that generated specify your new card enter 5 for your profile and you’re going to be given a profile you can check out to your clients this profile is going to manage your Cerato preferences for office 2011 often this means the preference will be set at least every login often more this is there are lots of apps which weren’t written fantastically well which can’t take always preferences so this allows you to get around that problem and the profiles in charge of just pay lists that said they’re easy to read it just pack them into a text editor once you’ve got your profile and you’re off see gonna need to install it to install profile use in the command line we’re going to use the profiles come on it’s give it the install flag and tell it we’re installing from the file you can also drop your profiles in this directory it’s delete a file in this directory called dot profile setup done which lives sitting that’s in the same directory and any profile that’s in that can be installed next time that boot up so we’ve got methods to install profiles when the max on and when it’s turned off we can put this all together in a package that’s gonna handle both cases for us mate profile package was also built by Tim Sutton I actually have no idea how it’s got any time left after you makes all this stuff all you need to do is partial profile to the script and it’s can spit out a package that you can throw at your clients so we’ve got apps configured with managing the dark and we’ve got our desktop and wallpaper configured and that’s my if I use a level configuration done its needs change in system settings now so sometimes we only want to run script once a good example of this is where we find tracts of directory or if we set the system’s time zone in time server a payload three packages as the name suggests a package that doesn’t actually install anything just runs commands containing this post install script so the first thing we’re going to do is set the time zone if you run through as 10 setup wizard obviously that’s gonna be done for you but if you skip the setup wizard for example if you’re deploying an image you can need to set it yourself so it’s pretty straightforward to set your map to the correct time zone I see this was not for here but yeah makes me real rights for being a hope so and we season easier to make this into a script we can stick into our payload free package just pick the bash me on the top and this is a luggage made for for building at this payload free package we literally just need to tell it about the post install script it’s gonna do everything else for us we don’t need to worry about anything else bin says everyone excited I love princes a grey on but fortunately once you finally found a working driver and got that driver installed it’s actually not that difficult to set them up this probably

looks like an absolutely massive script you but you just need to edit the first few lines at the top set the system name for the printer the GUI display location the funding display name for it sticking the IP address and tell the OS where it can find the driver you’re done it’s actually easy SSH is quite useful if there are therefore dice which obviously never happens SSH gives you another way into your Mac’s we can use system setup again you will find yourself using this binary loads when you start automating more and more parts of your configuration and they are they are most reliable friend fortunately is still quite useful each Mac has a tool called kickstart on it which you can use to set up ard access here’s the really tiny quick commands you need to use to set up ard access obviously there’s hundreds of options on it and I have linked to a decent page on Apple’s website to get this set up at the end so everyone knows what a welcome was it is a series of screens you have to go through in the max first butas that’s it did your email address trouble second send you lots of lovely emails well that’s what’s done well I got time for that so the Welcome wizard will only run if this file is not on the system so this clearly is not technically a payload free package I mean we are actually creating a file but it’s only a blank file so as long as the file exists whatever the contents the Welcome is is going to be skipped so we’re making the directories we need to exist and we’re just using the touch command to create a blank file and we also don’t want it news to be prompted up there iCloud accounts when they first log in I mean these are our machines and all this skip the iCloud set up we’re going to use a profile it’s the most important part of the profile we’re setting a preference for a combo Apple dot setup assistant one sort of date last year so it’s gonna be applied immediately and just once we’re also setting a couple of keys to say we’ve seen the cloud setup screen and what OS version we’ve seen at home so some packages like pair three packages which may previously can only be installed on the currently buton machine this doesn’t mean we can’t put them in an image though so I’ve built a tool that will install any package at first boot and as I clearly have a slightly weird thing for automation you can store your options in a P list as well this is our settings P list we’ve got an array of package locations the name of the final package the identifying package version and to make the package we just need to sell a script where to find our settings I mean obviously yes we could pass all of these options on the command line but once again we’re trying to save ourselves a bit of work so now having seen all these command line tools you’re probably thinking I’m some sort of with auntie GUI obsessive so it’s time to see some GUI tools are useful only in our new workflow you’ll notice so far we have not made an admin user Olufsen made create user package just for this task and it’s clearly really difficult to use you just fill in the boxes that’s it click Save to get a package nothing more to it but we still need a way of getting software into packages we can use in our new workflow some software does come nicely packaged that some is distributed a Gans or perhaps some light flash that comes into something a lot a lot stranger we could patch things up with the luggage but there is a much easier way that lets someone else do all of the work I know I said I want to talk about also package about I lied there we go auto package is thanks to actor of Greg and Tim like along with many other people have created recipes to packaging various pieces of software we don’t use it anything for too complicated today we can see how straightforward it is to package a common dragon drop app like Chrome so just download your auto package from github and it install it it’s pro straightforward so once you’ve got all three packets installed you can start off making packages so we need to add some recipes first on the add the peel team recipes first and it’s going to get them off github and once I’ve added the repo I can list all the recipes to see what I’ve gotten what I can do with it if you don’t find what you need you can do a search to find other repos fortunately one we need is in there so I’m gonna run this for both of these so you can see exactly what’s happening and please bear in mind this is real time so it’s gonna take a couple of seconds but I just want you to see how quick it is to make a package and we can do this repeatedly as well or two packages smart enough and not to keep downloading it’ll let us know if there’s a new version let the robot do all of the work well we are here looking at very interesting green text on black

window has any questions the question was did I know that I could just bring 10 999 I I haven’t used a them I do that pop anyway okay so it’s told us it’s download Chrome it’s got a package tell us where to find it we did very little work no manual labor whatsoever sorry sometimes and that needs to be white and cleans OS install donut somehow our users have managed to completely destroy the machine I know what they did but is now smoking done work for those times there’s auto damage it’s also know VIPRE Olufsen so why use auto damage and don’t ask me why it’s called also damaged goods I don’t know so why do you want to use this over your traditional gold master method of making images auto damage takes packages as it input which means the same packages we’ve already married we that we can use with ARP or installer monkey and also going to also damage images bullets wait have never been booted which means you don’t have to worry about clearing out the machine specific rubbish that’s left behind let’s click the build button dope so who makes call master images here I’m sure it’s what okay phrase we’re all friends we’ll have a love it offers great how long does that take do you delegate out to someone else how do you know it’s perfect every single time what happens when us OS comes out do you spend the whole day building your ear again this is what we’ve been working towards away being sorry Joe we can support a new operating system as soon as it’s been downloaded and we’ve cut out the single thing that is most likely to ruin our image us sorry let’s take a look at building an image of also damaged drag on your iOS 10 installer app drop on all the packages we made click build tell about you save it thicken your admin password and off you go so as well as everything we’ve already seen I’ve got British drivers going in here because princess struggled with our pinch drivers and I’ve got copy of keno off to 2011 and an update for office 2011 this should have been quicker that is totally real-time – no that was probably about 15 minutes so we need to get this we’ve got an image now it’s great perfect but we need to get out there we could use target this mode I mean using Disk Utility faraway lightning something like that really fast thunderbolt SSD SSD it’s really quick but you can only do one Mac at a time if you want image lots of Mac’s at once you’re probably going to need to use net restore so net restore images are creating using system image utility that lives in the system folder and every Mac there’s weirdness though if you open it directly so open if I server app I don’t know why it doesn’t work them it doesn’t make sure your auto damaged volume selected choose net restore hit continue give you this good name if you want to read ela very carefully agree to it and choose about to save it yes correct yes thank you Thanks I’ve missed my whole demo now the one thing I said not today where are we okay so all right well we’ve made our net restore now it’s crash day for it and now we’re actually going to that boot so once again this is obviously completely real-time we’re gonna restore our image that’s going to be and we’ll start destroying our first boot packages and it goes through two more and we’ll notice someone fails that’s because I’m Steven didn’t specify the order correctly

obviously our office update kind of small office is installed but it’s gonna they’re about to do on the second go anyway so I’ve always a reasonable failure to leave it once our first food packages are installed we can log in via super secure password of password and it’s we’re all going to have a rd set up our prince is gonna be that SSH is gonna be turned on our apps are there you can fit things on the desktop our wallpaper is going to change and our dot is wonderful and perfect okay so we’ve barely scratched the surface of automating your processes there are a few technologies you should be looking at once you’ve mastered the techniques we’ve covered here you mentioned the order was not correct in your first boot scripted yep doesn’t the package or sorry the auto damage install that already or is that auto damaged creating the first boot script the first baby package is put into auto damage that’s to get away with the weirdness that’s in the office installer because it it tends to fail so we’re installing that first boot into the image don’t but you still had dropped in office and no office was within the first view package okay good okay so a few things you should be looking at once you master everything we’ve talked about today seriously just look at monkey is the best way of getting your max full of lovely software there’s nothing better save your life just do it if you have to image hundreds of machines you’re probably going to have more than one built to deploy which means and that restore probably is not going to work for you deploy steer can help you manage your builds create workflows to customize your builds get me quite useful and what you’ve seen today is only also packaged at its most basic once you get into monkey you’ll quickly see how you can quickly build your whole update workflow around auto package I don’t import software updates manually into monkey also package just checks for me in the robot does the work for me go you have questions please say someone has questions sorry can we get the microphone down here please regarding scripting I see a lot of times scripts start with when you set the path dollar sign three can you explain a little bit what that is and when your shirt and when you shouldn’t use that with that specifically when you’re putting a post install script into your package so that refers to the volume that you’re installing it onto so if you are making a post install script that may be installed to a volume other than the boot volume you should use dollar three so just a statement to reinforce the office not being installed as part of a lot of damage Noel Alonso in Saudi Arabia by way of Spain came out with a fixer for the office installer so that would work in the pre boot context just like adding dollar sign three as a variable used in a package installer there are a list of those of how it refers to itself as the script with the directory it’s running from those are well defined within how the environment that a script is Ryan in office and microsoft deemed not to make that a priority and so they assume a running volume and had men installing it not being at the login window so now I’ll also put something on his site he fixed it for a service pack 3 the techniques did not change because Microsoft did not change them in Service Pack 4 so they do still work and I use that to install office as part of my auto damage workflow ok I’ll put links to that at the end anyone else lover I do exercise um is there a reason if you aren’t imaging tons and tons of machines to have deploy studio because it looks like there’s so much you could do on just sitting on configurations through monkey and through those packages you do get some cool things for free with deploy studio like binding to ad that’s what stuff but if you’re just installing software and I only have one image and everything going goes free monkey doing puppet it depends what you’re more comfortable

with if you’re happy using monkey and using all your configurations than that ya don’t need it let’s get you right yeah there’s another pack right the thing about deploy studio and system image utility is it’s a good thing to inspect you can look at how they’re accomplishing certain things the play studio has recently gone to Objective C for all of its little modules it’s little nixon’s of what pre-canned workflows they have but it’s good to just act use it as a reference to say okay how are they accomplishing the same task you can then look and say how would I achieve this outside of that tool if you can get things to mostly work inside of a patch management system that can therefore be almost self-service definitely do so it feels like a heavier operation to have to netboot and or find some way to get the runtime going for deploy studio it’s just my own advice pardon me for not on the microphone absolutely my ID bond script is mostly stolen from deploys do do the system image utility also on the profile installation that they recommend as part of their workflow number one is inspectable because they’re still in bash inside of there but number two it tells you that they actually have a cleanup process to make sure that you can do that on next boot apply all these profiles like that if it’s a system profile have you found have you found any problems changing your MC x2 profiles not really we haven’t been heavy on sex users to be honest most of it we just create recreated our profiles we haven’t done much conversion but if you are using just profile manager you are going to have problems because profile manager is incredibly limited however if you’re building your profiles by hand or using insects profile the script they’re roughly similar how you handling your icons on the menu bar like their Wi-Fi icon and necktie machine I don’t you don’t a fool that he use at her user you would have an action occur that’s how he did that one there is also managing the menu extras yeah but now if you’re if there’s only if you’re using an open directory right no so how you can already that into profiles enforced by a directory service doesn’t need to be open directory or but though they’re using the word manager there’s a digital options within their four years that you can add from system library for services for management yeah so a lot of things are available if they’re in the library preferences folded if they’re elsewhere on the file system you may need to MacGyver just a quick question about your Python script in the beginning do you have the option for setting something to only run once how are you what are you actually doing when it runs once is it creating a file somewhere on the system that we have done checks or you mean they set those slots running once that some script run that’s how you specifying should run once this the set desktop script actually hasn’t like bit you can keep running it over and over again script run off will create a peer list in the users home directory with the scriptures from so just a quick question I’m making some never booted images but I need to install a custom certificate into them for lots of fun reasons and I’m having real issues with security and you really don’t necessarily have first boot you know installer to run in that environment so have you dealt with any

of that or does anybody dealt with any of that how does that I would do it fast bait okay oh so just if you’re knitting it just let it run first boot every time it runs and redo it every time yeah well your first baby packages can do that for you because want some machines up it up right and that will only run the one I’ll only run one time so on this literally its first boot but I don’t know if anyone else has any way yeah because even if you’re even if you’re lab you can’t point it to another volume with security I found that out even though there’s a switch and so at least in tins for I can’t get that that’s the point the first page script is running on the booted volume yeah okay yeah yeah I know I could do all that it’s just that that’s I’m actually using that as a net boot image so I didn’t know if that was gonna be a problem invented Barbara thank you you showed that you’re using doc util if we’re a doc stuff you can also do dark stuff and profile manager you can with profiles so are you using it doc you so instead of the profiles because of like your ability to control it more or what’s the reason their doctor tell it’s not an all-or-nothing proposition I mean yes in this case we are removing everything and managing it first time but let’s say I was going cs6 to CC I could specify to take out all the cs6 after and replace them with their cc equivalents so it’s a lot more configurable I could do are there certain packages or scripts that should be set into the image as opposed to later on like we’re just talking my first boot as opposed to being baked into the image so that’s how much should always be put into the image you say oh yeah yeah like like they were talking about the Microsoft installer my preference if I was like first off I can we just put monkey in there and pop it and that’s it and let it let those two tools do everything else but if you are putting stuff in the image if it works put it in there I mean it’s gonna be a lot quicker so you can you know putting final cut on there or something’s pretty junky it’s quicker to do a block copy on when you’re restoring it than it is to install the package but the first boot package exists because not all packages are created equally basically so if it can if it can be put it in your image but it’s up to you is so you can be flexible once you’ve got it in a package that’s the main bit then you can do whatever you want with it I’m gonna ask a question that I know the answer to but I think other people are thinking this question how do you know the difference how do you know which packages are gonna work baked into the image and which packages are going to need to be postponed to first food try them it’s what I would say yeah and yeah I’m not going to I thought enough I already today I’m probably gonna get in trouble I know this is just a comment of me certificates I’ve been putting my certificates into profiles and installing the profiles and it seems much more reliable because then the system handles installing the certificate and doing all this stuff so anyone looks doing that it seems a little more stable yes that what – I’ll repeat the question the question was if you modify unsigned profile because sign profiles are encrypted you get a warning saying it’s an unsigned profile doesn’t matter you get red text if you can live with the red text okay close your eyes I was paranoid about that and Gregg point for me to go to post someone who found a way of signing the search just like you would sign a package I’m assuming is it’s a similar mechanism under the covers that lets you make it so that it’s supposed to be trusted there’s a way to protect it and and make

it so that you’re you have a nice day off I know plenty of time I shouldn’t take your level this life all right cats since there are many smarter people in the room than me I would like in a lab environment to have all my bookmarks come across everybody yeah and if we’re not touching the machine how can you make that as a package um you can you’ve done this recently Avenue yeah do you want as well so we just why don’t you just stick this on last and I’m told to stick this on so script runner like he said because this is a gram show and not mine is a way of saying per user I’d like to do something I have a script that says hey have bookmarks been created if they’ve not let’s copy this template over the default bookmarks file from that point on end users can customize their bookmarks because I really don’t mind it’s more about like you know Auto completing the URL so it doesn’t try to do a Google search for intranet but that is something that my boss laid down Chrome and Firefox Chrome is even more of a pain and in the fact that you can manage it with m CX / profiles but it doesn’t respect the only thing that I wanted of it out of its management which is the bookmark the the home page was the one thing I couldn’t get with Chrome plus MCX Firefox there is a great post nic McSpadden who’s here in spirit about using a firefox extension to perform all those customizations i even include a certificate in there because firefox has to maintain a separate certificate store because they’re special that works just fine by the way like since it’s my show again why doc you tell somebody had asked versus profiles doc you tell just does have the flash but it doesn’t have the sometimes on first boot hitch of taking a reboot slash logout to apply sometimes when you’re applying MCX it requires a reboot before it kicks in that makes people feel they don’t get warm fuzzies from that I feel like a this is I’m enforcing it yes yet it takes a reboot or something so doc util is a way to to know that it’s enforced because as long as it runs it’s gonna cut the mustard thank you yes I’ll put the slides on my side on the iCloud setup routine is if you run that on a machine is it gonna be true for multiple users on a machine I raise this because I administer an X and with 22 clients and dozens of network users who move from machine to machine and every time they log on the first time on a machine that you know that will pop up and so I’m trying to eradicate it for all the yes it will be gone it goes the way that the profile is set to apply I think will be across the system I’m sure what you guys don’t want brownies out of here no no one last thing so mr. remar yeah rhymer thank you pardon me I should have been in your session then I wouldn’t um he might have the record so who makes really large images in here really really really really large how many gigabytes 238 you got bigger that’s why you get the front-row seat so

so what’s that right definitely demonstrably that’s a lot um my answer to like what what you should include an image what you shouldn’t is you got bandwidth how fast is it going to move if I have to update it all the Goffstown time because they come up I’m not gonna put Firefox in a nice down image there’s just no reason to do so plus it’s in the megabyte range if you’re talking about the gigabit rein gigabyte range you might want to hold off but uh did you cover that as part of your presentation yeah and then there were three yeah so understand that I’m trying to make my image thinner than the 80-odd gig payload it is my total payload is about a hundred and ten and so things like the sounds and loops and instruments in Logic Pro for example those are perfect for an image because they rarely change of course they did change in the last year and a half but these are things that they’re slow to deploy and so if you have a slow network or you have a huge payload as as those things increase you consider should those be in the image am i you know the first thing that’s come you know I used to do try to do almost everything but Firefox flash all those things don’t go in my image right I I tend to use I would use I haven’t gotten to monkey yet that’s certainly my goal but that I would use deploy studio the package installers and tell it to do it on first boot which was also accomplished the same way the first boot package that Graham was talking about so for me it’s how much now can I take out of my image that that I can leave or run as first it how much I guess it’s not you can take out of energy how much can I run it first boot as a poet and then it’s the hefty stuff that I leave in my image right now and so I’m going to still you’d be using images for a while yeah exactly actually you’re right you’re right so far yeah so you know I have Epson photographic printers and Xerox color lasers those you know those two gigs get dropped into into my image because they’re you know I have enough space and then I use a a script to create the printers in you know in a first first boot situation just wanted to add to this conversation it’s kind of the same point that’s about user templates versus scripting something if you add something to the image and then you also add the same package to monkey or to something then you have to maintain it twice so if you change something you’ve got a a change in the monkey and all your current users are getting so you gotta change it to place today and then if something’s now working right in one place or worse than the other then you know something went wrong so I at least we try to put everything possible into one place which is monkey in that way anything you could run it first foot stuff like changing the wallpaper in the dock if you put those packages into monkey then you only have to maintain them in one place and do as little as possible in the image itself obviously you know really big packages take a lot of bandwidth are probably good for images absolutely so do you have any experience setting up the monkey server on a VM as opposed to like a hard physical Mac Mini server I actually have done yeah um it’s yes but we don’t use physical machines at all my monkey repository is actually an Amazon yeah it’s fine it’s just follow the instructions of the same I’m a monkey work if this it tells you how to set stuff up it’s just a website monkey is web server if you can install Apache on a Linux box it’ll work it works really well yes so it was up you always talk about I was tell you know it what air works well I mean it is really it’s all the intelligence on the monkey climb

so that’s the webserver is really low low powered anyway it doesn’t take much more power tool to run it it’s just happy how much they cheat shopping trucking through it to the judge thank you just a comment on updating if you were to build things in with Auto damage and then realize that what are your package changes just as long as you maintain quick versioning if you were to add it to a monkey repository you know and continue with the same naming and you know keep going up in your versioning you kiddin post you know post flight post play update it and not have to worry about beating your auto damage so if it’s if it’s small stuff it’s not a big deal yes as long as you haven’t broken monkey up there else get me back are you just pushing profiles out with monkey or are you using some II’s puppet but but I wouldn’t it’s not the easiest thing to get started with so I’m I did do a talk on it last year we’re just on YouTube and I do cover and swilling profiles with that but yes you can use monkey with a post like script to install it using this the make from a profile package thank you anywhere else okay then last chance okay all these components that I have used in this talk is up on github now I’ll see everything apart from efficient