• Disable Bluetooth
  • Turn off Bluetooth
  • Hide status from the menu bar
  • Uncheck all Bluetooth settings
  • Turn off all sharing
• Disable Airport
  • Hide status from the menu bar
  • Turn off Airport
  • Prevent non-administrators from turning on Airport
  • Remove Airport / wireless from the list of network services

• Remove all but "Built-In Ethernet" from the Network Port Configuration
• Make sure ethernet is set for dhcp address lookup
  • Turn IPV6 "off"
  • make sure there is no manual DNS address - it will override the desired dhcp seting
• Disable automatic/periodic Apple Software Updates
• Disable remote control infrared receiver
• Disable automatic login
• Require password to unlock each system preference
• Energy Saving
  • If we put client machine to sleep ARD admin thinks it is offline
    • uncheck "Put hard disk(s) to sleep if poossible"
    • set "Put the computer to sleep when inactive" to never
    • schedule start up or wake or shutdown or sleep ??
  • set "Restart automatically after power failure"
• Remove/Disable undesired software
  • Quicken
  • iLife and components - iPhoto, iMovie HD, iDVD, Garage Band, iWeb
    • to remove these items from the dock (avoid "?" appearing in the Dock) you have to edit /System/Library/CoreServices/Dock.app/Contents/Resources/English.lproj
  • MS Office eval
  • iWork eval
  • Big Bang Board Games
  • Internet Connect
  • Network Utility
• Enable Remote Desktop Control
• Enable Directory Access Services - Bonjour(obsolete@Leopard), LDAPv3 (but not configured), SMB/CIFS(obsolete@Leopard)
• Disable Directory Access Services - Active Directory (configured after install)(obsolete@Leopard, off by defaut), Apple Talk(obsolete@Leopard), {BSD Flat File, Netinfo} ((obsolete@Leopard - both are locked on, but Netinfo is now local directory), SLP(obsolete@Leopard). The Directory Utility is found under /System/Library/CoreServices/Directory Utility/Contents/MacOS.
• Install X11(obsolete@Leopard - installed by default) default X11 does not work. Need to install Xquartz
• Install Xcode (note, for Leopard, buried within optional installs). Xcode is now an sandboxed App and not in Developers directory
• Use a local NTP server
• Customize the ssh_config file
  • set ForwardX11Trusted yes
  • set ForwardX11 yes
  • set GssapiAuthentication yes
  • set GssapiDelegateCredentials yes
  • set-up the kerberos options?? - not required
• Set-up appropriate defaults for Thunderbird and Firefox
  • Disable auto-updates on the clients (push them from golden image instead)
  • Set mail server defaults, etc??
• Fix automount ST#64553
  • Using Lingon - under System Daemons - com.apple.automountd, "un-tick" Enabled
  • as root, edit /etc/auto_master, and "hash out" so it looks like:

         #/net -hosts -nobrowse,nosuid
         #/home auto_home -nobrowse
         #/Network/Servers -fstab

• Configure snmp ST#64089: get standard /etc/snmp/snmpd.conf, fix ownership, and make sure service is running (Lingon)
• Fix "Open Mail Relay" using Lingon - as in MacStandardInstall ST#63833
• Provide standard xhbin and Shells
• Install NHR package (Network Home Redirector) and NHRUW Scripts from empire using ARD from Ian's machine; fix permissions on scripts - still needed even though Leopard Open Directory is doing the redirecting of ~/Library/Caches
  • the NHR package "enables" login/logout hooks (MacLoginLogoutHooks), and copies an initial version of the scripts that are the "Target" of the hooks; the scripts are then replaceable; the scripts are heavily documented, with a chronological summary at the beginning, and details where specifically required
• Install Symantec Anti-Virus, there is now a 10.2.x for Leopard
  • Suppress scanning ALL network drives
• Customize /etc/openldap/ldap.conf for Leopard ST#64465 TLS_REQCERT = never

-- JasonTestart - 21 Mar 2006

-- Main.iturner - 27 Aug 2009 - Sept 2009