The project I’m working on mentioned in the post on Bluetooth preferences has presented a number of interesting OS X management challenges. We’re installing a number of large LCD and plasma screens, each connected to a Mac mini, which will display either QuickTime movies or PowerPoint presentations full-screen.
It is important that the “computer” disappear as much as possible, and that it require very little attention. Here are some configuration details:
- Energy Saver set to automatically restart after power failure.
- Energy Saver set not to sleep the display or machine ever
- Auto-login a predetermined user
- Script to play the current QuickTime movie or Keynote presentation fullscreen – this script should restart the movie/presentation if it get stopped or exits full screen
- AppleShare and SMB dropbox to upload new content
- Web interface to control what content is displayed
All of these things could be configured manually for each machine. But then you have to remember to do it, document it, and apply changes consistently. And if one of the Mac minis dies and you have to replace it, you have to remember to do all the configuration steps on the replacement machine.
So it’s better to encapsulate the configuration into a set of files and scripts to install – this way you get consistent results. And if you have a managment system like radmind at your disposal, all the better.
Let’s look at how to solve some of the configuration issues.
Energy Saver preferences
# configure EnergySaver:
# no display sleep, no disk sleep, no system sleep, auto restart after power failure
/usr/bin/pmset -c displaysleep 0 disksleep 0 sleep 0 autorestart 1 dps 0
Auto-login a predetermined user
defaults command to configure the login window. Set AUTOUSER to the short name of the user to autolog in, and UID to the UNIX UID number. This account must already exist. We can script the creation of the account, if needed.
/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser -string "$AUTOUSER";
/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow autoLoginUserUID -int "$UID"
There’s one more step needed, and one that’s not (easily) directly scriptable. The password for the autologin account is encrypted and kept in this file:
/private/etc/kcpassword. You’ll need to generate this file (the easiest way is to manually set a machine to autologin as this user, then make a copy of the file), then figure out a way to copy this file to the right place. I use radmind for this task, but it could be done other ways. You can’t easily use a script to generate this file directly unless you can figure out how to encyrpt it.
(In actuality, there is no need to auto-login a user in order to play QuickTime or Keynote content fullscreen. If you have a cron or launchd script that runs as root, you can launch QuickTime Player or Keynote while the machine is at the loginwindow! But this looks very strange, and could be a security risk, as when the machine is in the state, you can access System Preferences as root!)
I’ll cover more of the configuration in future posts.