Sysprep techniques for OS X machines

It is possible to deploy OS X with different tools, for larger over the network deployments it is preferable to use DeployStudio or Apple’s NetInstall software. DeployStudio is the most preferable option because you have a truckload of customization option. In a future blogpost I want to discuss these options. For now I want to look at some OS X sysprep techniques you can use for small scale sneakernet deployments.

The first thing you want to do is choosing an OS X machine that will function as image builder. Keep in mind when you choose your hardware you cannot deploy the created image on a newer generation of hardware. So when you have an image build on a 2009 iMac you cannot use this image on a 2012 iMac. This will most likely not work at all and if the system boots it will be unstable or you cannot use some features. In contrary, if you use an 2012 iMac for building the image you will be able to deploy this image on 2009 iMacs.

When you have chosen a machine you make a clean OS X installation. After the installation you apply updates and install all software you want to include in the image. When you are ready to create the image there are some sysprep techniques that can be used.

The first technique is not really a sysprep one but this can still be very useful!

Making an hidden admin account:

sudo defaults write /Library/Preferences/ HiddenUsersList -array-add %user%

Before applying the command you need the create the admin account in OS X. With this command the user sees his own account at login where he only needs the enter his password. Next to the users account a separate login window is displayed where both the username and password needs to be entered.

Reactivate the startup wizard at reboot:

sudo rm -rf /var/db/.AppleSetupDone

With this command the first time wizard will reappear after rebooting the machine. When you have deployed the image and the system is rebooted it will show the wizard where the user can enter his own password, information and settings.

Delete swapfiles: 

rm /private/var/vm/swapfile*

This says it all, it deletes the swapfile.

Clean up caches and temp data:

rm -rf /Library/Caches/*
rm -rf /System/Library/Caches/*
rm -rf /Users/Shared/*
rm -f /private/etc/ssh_host*

With these commands you clean-up the system caches and temporary data.

Clean up log files:

rm /private/var/log/%specifylog%
touch /private/var/log/%specifylog%

There are a lot of different log files in OS X. I will give you some examples:

  • /alf.log
  • /cups/access_log
  • /cups/error_log
  • /cups/page_log
  • /ftp.log*
  • /httpd/*
  • /lastlog
  • /mail.log*
  • /secure.log
  • /system.log*

It is important to use the touch command after each removal because syslog will not recreate a missing log on his own.

After you have used the above commands to create a clean image the system can be rebooted. You can now start from an external disk and use the disk utility to create an image from the system disk.