Sysprep for Mac OS X

I admit it, for the last fifteen years or so I’ve been almost exclusively Windows-centric.  I’m sure there’s a Mac-specific term for this but I haven’t found it yet.  So, I’ll use sysprep for now.

What do I mean?  In Windows there’s a set of tools available that lets you build a reference computer with all the latest updates, pre-installed drivers and software and your own configurations.  Then you strip out all the bits that make it a unique computer such as user profiles and their associated passwords, unique computer identifiers and so on.  At the end of this you have a reference install of Windows that you can take an image of and deploy to other computers.  The first time you boot on a new computer it goes through some basic setup stuff and away you go.

Because I run a computer business that sells (and services) Apple computers I’ve been looking for a way to achieve the same sort of thing.  What follows in this article is the results of a some in-depth research and putting together bits and pieces from various sources.

My result is a disk image (.dmg) file that I can use to restore on any current version of Mac hardware (laptop and desktop – although untested on a Mac Pro) that will have a user environment I’ve already configured and with additional software that I’d like available.  It hasn’t got any pre-existing users created but runs the standard Apple welcome/setup process when first booted up instead – that way you get to create a new user profile for the new owner of the computer.

So, the process…

1. Create a default install of Mac OS X:

Using a current Apple system create a new install – if it’s a brand new (never used) computer, feel free to use that – of Snow Leopard.  When you get to the Welcome screens set up an admin user (for the purposes of this article, I’ll call this user tismyadmin).

Don’t skip out on setting a password for this user, it’s easier to make some of the later steps work if this user has a password set.  However, keep this password nice and short, by the time you’re done, you’ll be deleting this user again anyway so good security isn’t a necessity here.

2. System Updates:

After the system is logged in, apply all available updates from Apple.  Keep checking until you’ve got all updates (sometimes this might require a restart then checking for more updates).  Also, remember that if you later install other software from a CD or DVD that you may then need to download updates for this software as well.  If you’re doing this a lot you might prefer to manually download Combo updates.

3. Install Software:

Install any additional software you want to be included in your standard Snow Leopard install (e.g. Adium, Skype, VLC, Handbrake, etc).  This is basically just any software that you want to be available to a person using the computer.  Don’t worry about configuring any of this software yet, just get it all installed.

4. Create a New User:

Add a new user to the system (I’ll call this user defaultuser).  Make sure they’re an Administrator for the system.  As with your other user account, set a simple password for this user.

As with tismyadmin, you’re not particularly concerned with top security on this one.  By the time you’re done, this user also gets deleted.

5. Configure the User Account:

Restart and log in as defaultuser.

Go through System Preferences and set everything the way you want it.

Start each program, particularly if they’ve been downloaded from the Internet, and make sure the start up normally and with no warnings.  Unless you have specific configurations that you want to be defaults for an application (e.g. web browser download directory) don’t set configurations in applications.

DO NOT enter any usernames and passwords for programs – ultimately, they’ll end up saved as a default user profile and be available to every user on every computer you deploy this image to (i.e. this is a bad thing™).  If you have programs that you want to load on startup/login, set them here also.

6. Clean Up:

Clear caches on the defaultuser account – using Finder go to /Users/defaultuser/Library/Caches and delete the contents.  Make sure you empty the Trash (this might require you to restart and log in again as defaultuser).

Run Keychain Access (Applications/Utilities), select “login” and delete (from File menu).

Clear histories (Apple symbol -> Recent Items -> Clear Menu).

7. Set Up System-wide Default User Account:

Restart the computer and log in as tismyadmin.

Run Terminal (Applications/Utilities) and type “sudo -s” and enter your password for tismyadmin when prompted.

NOTE:  This is now a root shell, tread carefully!  You can do serious damage messing around at this level if you’re not sure what you’re doing.

Clear out the existing system-wide default account:

rm -rf /System/Library/User Template/English.lproj/*

(I found this sometimes didn’t work as expected and I needed to remove each individual sub-folder separately, check that English.lproj is empty after this step and delete anything left as needed.)

Copy your new default account to the system default account:

cp -R /Users/defaultuser/* /System/Library/User Template/English.lproj

At this point, you’ve now got the start of a system-wide default user profile – this is what gets used every time a new user is created on the system, including the first user when you go through the Apple Welcome process on a new computer.

Type “exit” to get out of the root shell and then close Terminal and reboot the computer.

Log in again as tismyadmin.

8. System Cleanup:

Run Disk Utility (Applications/Utilities), select the hard drive and, under the First Aid tab, run “Repair Disk Permissions“.  If you got things right to this point you’ll see a whole stack of information where this fixes permissions for the system-wide default user profile you’ve just copied.  If you miss this step, permissions issues may get in the way when you create a new user later.  Once you’re done, close Disk Utility.

At this point, you can now delete your defaultuser account.  You won’t need it any further.

9. System Cleanup – Part Two (Single User Mode):

Doing this needs you to spend some time using low-level tools in Snow Leopard.  This can have dire consequences if not done right.  You have been warned!

Reboot the computer into single user mode by holding down COMMAND and S while rebooting.  If you’ve done it right, you’ll end up with a black screen that has white writing on it.  There’s no graphical user interface for this, it’s all typing.

Once you’ve got a command prompt, enter the following commands and WATCH to make sure you don’t get any errors – if you get errors, time to figure out what went wrong and fix it before you go any further.

fsck -fy
mount -uw /
launchctl load /System/Library/LaunchDaemons/ &
dscl . -delete /Users/tismyadmin
rm -rf /Users/tismyadmin
rm -rf /var/db/.AppleSetupDone
shutdown -h now

What does this do?  Basically, it gets rid of your tismyadmin user account in an operating system compliant way (no loose ends) and resets the computer to run the Welcome process again.  At the end of this, you tell the computer to shut down because this is safer than letting it try and reboot and missing your chance to do the last step for some reason.

10. Create Your Disk Image:

At this point, you’ve got a computer that’s turned off and is ready to start as a new computer with no existing users but all your configurations and software installs ready to go.

From here, you need to create a disk image of the computer’s hard drive so you can deploy this build to another computer.  For that you’ll need an external hard drive that’s been set up so you can boot from it (there are plenty of references for that out there – I’ll write one myself some day).

Boot from your external hard drive.

Run Disk Utility (Applications/Utilities – although I have this in the dock on the install on my external hard drive).

Select the internal hard drive on the computer and click the “New Image” button.  Give your disk image a name and select somewhere on your external hard drive to save the disk image.  When you’re done, hit the “Save” button and wait for the disk image to create.  This may take quite a bit of time if you’ve installed a lot of software.

When this is done, you’ve now got a disk image of your fresh-minted Snow Leopard install.  In order to make this disk image useable, you also need one final step.  In Disk Utility, go to the “Restore” tab and load your new disk image in the “Source” box.  Then go up to the “Image” menu and select “Scan Image for Restore“.  Again, this process can take a little time but once it’s done, you have a disk image that you can use.

(Note: If you prefer to use Carbon Copy Cloner you can skip this step, I have done it either way but found that Disk Utility gives me a faster overall restore from disk image and, ultimately, in a commercial workshop, time is money so I’ve gone with the faster method.)

11. Using Your Disk Image:

Easy!  Boot from your external hard drive (the same one you have your disk image saved on) and run up Disk Utility.  Select the internal hard drive on the computer you want to build, select the “Restore” tab and then load your disk image in the “Source” box.  Drag and drop the internal hard drive to “Destination” and hit the “Restore” button – away you go.  Some time later you can restart the computer from the internal hard drive and start a normal setup process including the Apple Welcome screens.

(Note: At some point, I’ll add more detailed step-by-step guides for some of this stuff including screen grabs – for now I wanted to record the whole process while it’s fresh in my mind.)