Obsolete
There are a bunch of things that need to be done to make a Mac "lab worthy". Hers is a list:
It is currently in the processes of being revised.
- Disable Bluetooth
- Turn off Bluetooth
- Hide status from the menu bar
- Uncheck all Bluetooth settings
- Turn off all sharing
- Disable Airport
- Hide status from the menu bar
- Turn off Airport
- Prevent non-administrators from turning on Airport
- Remove Airport / wireless from the list of network services
- Remove all but "Built-In Ethernet" from the Network Port Configuration
- Make sure ethernet is set for dhcp address lookup
- Turn IPV6 "off"
- make sure there is no manual DNS address - it will override the desired dhcp seting
- Disable automatic/periodic Apple Software Updates
- Disable remote control infrared receiver
- Disable automatic login
- Require password to unlock each system preference
- Energy Saving
- If we put client machine to sleep ARD admin thinks it is offline
- uncheck "Put hard disk(s) to sleep if poossible"
- set "Put the computer to sleep when inactive" to never
- schedule start up or wake or shutdown or sleep ??
- set "Restart automatically after power failure"
- Remove/Disable undesired software
- Quicken
- iLife and components - iPhoto, iMovie HD, iDVD, Garage Band, iWeb
- to remove these items from the dock (avoid "?" appearing in the Dock) you have to edit /System/Library/CoreServices/Dock.app/Contents/Resources/English.lproj
- MS Office eval
- iWork eval
- Big Bang Board Games
- Internet Connect
- Network Utility
- Enable Remote Desktop Control
- Enable Directory Access Services - Bonjour(obsolete@Leopard), LDAPv3 (but not configured), SMB/CIFS(obsolete@Leopard)
- Disable Directory Access Services - Active Directory (configured after install)(obsolete@Leopard, off by defaut), Apple Talk(obsolete@Leopard), {BSD Flat File, Netinfo} ((obsolete@Leopard - both are locked on, but Netinfo is now local directory), SLP(obsolete@Leopard). The Directory Utility is found under /System/Library/CoreServices/Directory Utility/Contents/MacOS.
- Install X11(obsolete@Leopard - installed by default) default X11 does not work. Need to install Xquartz
- Install Xcode (note, for Leopard, buried within optional installs). Xcode is now an sandboxed App and not in Developers directory
- Use a local NTP server
- Customize the ssh_config file
- set ForwardX11Trusted yes
- set ForwardX11 yes
- set GssapiAuthentication yes
- set GssapiDelegateCredentials yes
- set-up the kerberos options?? - not required
- Set-up appropriate defaults for Thunderbird and Firefox
- Disable auto-updates on the clients (push them from golden image instead)
- Set mail server defaults, etc??
- Fix automount ST#64553
- Using Lingon - under System Daemons - com.apple.automountd, "un-tick" Enabled
- as root, edit /etc/auto_master, and "hash out" so it looks like:
#/net -hosts -nobrowse,nosuid
#/home auto_home -nobrowse
#/Network/Servers -fstab
- Configure snmp ST#64089: get standard /etc/snmp/snmpd.conf, fix ownership, and make sure service is running (Lingon)
- Fix "Open Mail Relay" using Lingon - as in MacStandardInstall ST#63833
- Provide standard xhbin and Shells
- Install NHR package (Network Home Redirector) and NHRUW Scripts from empire using ARD from Ian's machine; fix permissions on scripts - still needed even though Leopard Open Directory is doing the redirecting of ~/Library/Caches
- the NHR package "enables" login/logout hooks (MacLoginLogoutHooks), and copies an initial version of the scripts that are the "Target" of the hooks; the scripts are then replaceable; the scripts are heavily documented, with a chronological summary at the beginning, and details where specifically required
- Install Symantec Anti-Virus, there is now a 10.2.x for Leopard
- Suppress scanning ALL network drives
- Customize /etc/openldap/ldap.conf for Leopard ST#64465 TLS_REQCERT = never
--
JasonTestart - 21 Mar 2006
-- Main.iturner - 27 Aug 2009 - Sept 2009