ICT Documentation Apple MAC Tips & Tricks How to create a Default User Profile for Mac OS X (for use with Active Directory Login Authentication)

How to create a Default User Profile for Mac OS X (for use with Active Directory Login Authentication)

    Create a Custom Default User Profile for OS X 10.7/10.8/10.9

    Create a default user profile for Mac OS X 10.7/10.8/10.9

    Create a user account on OS X that will be a template for every other user of that computer. I usually call it “profile” and make it an administrator account for the time being.

    1. Install and configure all applications as desired. It is important to run each program under the profile account. This will skip many of the annoying first-run prompts users will see with things like iCloud and Mozilla Firefox. Be patient with this step and take as much time as it needs.

    At this point, a substantial amount of work has been invested in the Mac. I take some time to backup the work and create a disk image of the hard drive. 

    2. Make the “Profile” account the default profile for all users on the Mac.

    3. While logged-in as “Profile”, empty the trash and delete the application caches. Delete the "Login" keychain.

    4. Enable the built-in root user account, from the Directory Services console.

    5. Log in as the root user (Be very careful while using the root user account).

    6. Show all files in the Finder ( Terminal.app / sudo defaults write com.apple.Finder AppleShowAllFiles YES ).

    7. Also from the terminal, make a backup copy of the existing default user profile ( cp -R /System/Library/User\ Template/English.lproj/ /System/Library/User\ Template/English.orig ).

    8. Remove the current contents of the default user profile ( sudo rm -rf /System/Library/User\ Template/English.lproj/* ).

    9. Copy “Profile’s” profile to the default ( sudo cp -R /Users/profile/ /System/Library/User\ Template/English.lproj/ ).

    10. Reboot and try logging on as a user that does not already have an existing user profile. There should be no prompts for iCloud, or for a keychain password.

    Since there is a decent amount of work as root and in sensitive areas of the operating system, I encourage the practice of making disk images during various steps of the process. A wrong tick or command, here, can render OS X unstable at best.

    Update for Mavericks (7/21/14): There may be issues with the "Local Items" keychain, whereas new users are prompted for that keychain's password. Before copying over the customized profile to the default, it is a great idea to delete that profile user's local keychain from within the Keychain application. However, the different "Local Items" keychain might still prompt for a password (the profile user's password) to new users logging into the Mac. If that happens, a workaround that I have used successfully is to rename the "Local Items" keychain (/Library/Keychains/apsd.keychain) before copying the profile over to the default. This will cause OS X to recreate both the login keychain and the "Local Items" keychain at log on, with no prompts.


    Page last modified 11:21, 7 Aug 2014 by khtran


    You must login to post a comment.