I admit it, for the last fifteen years or so I’ve been almost exclusively Windows-centric. I’m sure there’s a Mac-specific term for this but I haven’t found it yet. So, I’ll use <strong><em>sysprep</em></strong> for now.

What do I mean? In Windows there’s a <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=3E90DC91-AC56-4665-949B-BEDA3080E0F6&amp;displaylang=en" target="_blank">set of tools</a> available that lets you build a reference computer with all the latest updates, pre-installed drivers and software and your own configurations. Then you strip out all the bits that make it a unique computer such as user profiles and their associated passwords, unique computer identifiers and so on. At the end of this you have a reference install of Windows that you can take an image of and deploy to other computers. The first time you boot on a new computer it goes through some basic setup stuff and away you go.

Because I run a computer business that sells (and services) Apple computers I’ve been looking for a way to achieve the same sort of thing. What follows in this article is the results of a some in-depth research and putting together bits and pieces from various sources.

My result is a disk image (.dmg) file that I can use to restore on any current version of Mac hardware (laptop and desktop – although untested on a Mac Pro) that will have a user environment I’ve already configured and with additional software that I’d like available. It hasn’t got any pre-existing users created but runs the standard Apple welcome/setup process when first booted up instead – that way you get to create a new user profile for the new owner of the computer.

So, the process…
<h2>1. Create a default install of Mac OS X</h2>
Using a current Apple system create a new install – if it’s a brand new (never used) computer, feel free to use that – of Snow Leopard. When you get to the Welcome screens set up an admin user (for the purposes of this article, I’ll call this user <em>tismyadmin</em>).

Don’t skip out on setting a password for this user, it’s easier to make some of the later steps work if this user has a password set. However, keep this password nice and short, by the time you’re done, you’ll be deleting this user again anyway so good security isn’t a necessity here.
<h2>2. System Updates</h2>
After the system is logged in, apply all available <a href="http://www.apple.com/softwareupdate/" target="_blank">updates from Apple</a>. Keep checking until you’ve got all updates (sometimes this might require a restart then checking for more updates). Also, remember that if you later install other software from a CD or DVD that you may then need to download updates for this software as well. If you’re doing this a lot you might prefer to manually download <a href="http://support.apple.com/downloads/" target="_blank">combo updates.</a>
<h2>3. Install Software</h2>
Install any additional software you want to be included in your standard Snow Leopard install (e.g. Adium, Skype, VLC, Handbrake, etc). This is basically just any software that you want to be available to a person using the computer. Don’t worry about configuring any of this software yet, just get it all installed.
<h2>4. Create a New User</h2>
<a href="http://docs.info.apple.com/article.html?path=Mac/10.6/en/8235.html" target="_blank">Add a new user to the system</a> (I’ll call this user <strong><em>defaultuser</em></strong>). Make sure they’re an Administrator for the system. As with your other user account, set a simple password for this user.

As with <strong><em>tismyadmin</em></strong>, you’re not particularly concerned with top security on this one. By the time you’re done, this user also gets deleted.
<h2>5. Configure the User Account</h2>
Restart and log in as <strong><em>defaultuser</em></strong>.

Go through System Preferences and set everything the way you want it.

Start each program, particularly if they’ve been downloaded from the Internet, and make sure the start up normally and with no warnings. Unless you have specific configurations that you want to be defaults for an application (e.g. web browser download directory) don’t set configurations in applications.

<strong>DO NOT enter any usernames and passwords for programs</strong> – ultimately, they’ll end up saved as a default user profile and be available to every user on every computer you deploy this image to (i.e. this is a bad thing™). If you have programs that you want to load on startup/login, set them here also.
<h2>6. Clean Up</h2>
Clear caches on the <strong><em>defaultuser</em></strong> account – using Finder go to <em>/Users/<strong>defaultuser</strong>/Library/Caches</em> and delete the contents. Make sure you empty the Trash (this might require you to restart and log in again as defaultuser).

Run <strong>Keychain Access</strong> <em>(Applications/Utilities)</em>, select <em>“login”</em> and <em>delete</em> (from <em>File</em> menu).

Clear histories <em>(Apple symbol -&gt; Recent Items -&gt; Clear Menu)</em>.
<h2>7. Set Up System-wide Default User Account</h2>
Restart the computer and log in as <strong><em>tismyadmin</em></strong>.

Run <strong>Terminal</strong> <em>(Applications/Utilities)</em> and type <em>“sudo -s”</em> and enter your password for <strong><em>tismyadmin</em></strong> when prompted.
<h4>NOTE: This is now a root shell, tread carefully! You can do serious damage messing around at this level if you’re not sure what you’re doing.</h4>
Clear out the existing system-wide default account:
<pre>rm -rf /System/Library/User Template/English.lproj/*</pre>
(I found this sometimes didn’t work as expected and I needed to remove each individual sub-folder separately, check that English.lproj is empty after this step and delete anything left as needed.)

Copy your new default account to the system default account:
<pre>cp -R /Users/defaultuser/* /System/Library/User Template/English.lproj</pre>
At this point, you’ve now got the start of a system-wide default user profile – this is what gets used every time a new user is created on the system, including the first user when you go through the Apple Welcome process on a new computer.

Type <em>“exit”</em> to get out of the root shell and then close <strong>Terminal</strong> and reboot the computer.

Log in again as <strong><em>tismyadmin</em></strong>.
<h2>8. System Cleanup</h2>
Run <strong>Disk Utility</strong> <em>(Applications/Utilities)</em>, select the hard drive and, under the First Aid tab, run <em>“Repair Disk Permissions“</em>. If you got things right to this point you’ll see a whole stack of information where this fixes permissions for the system-wide default user profile you’ve just copied. If you miss this step, permissions issues may get in the way when you create a new user later. Once you’re done, close <strong>Disk Utility.</strong>

At this point, you can now delete your <strong><em>defaultuser</em></strong> account. You won’t need it any further.
<h2>9. System Cleanup – Part Two (Single User Mode)</h2>
<h4>Doing this needs you to spend some time using low-level tools in Snow Leopard. This can have dire consequences if not done right. You have been warned!</h4>
Reboot the computer into single user mode by holding down COMMAND and S while rebooting. If you’ve done it right, you’ll end up with a black screen that has white writing on it. There’s no graphical user interface for this, it’s all typing.

Once you’ve got a command prompt, enter the following commands and <strong>WATCH</strong> to make sure you don’t get any errors – <strong>if you get errors, time to figure out what went wrong and fix it before you go any further.</strong>
<pre>fsck -fy
mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist &amp;
dscl . -delete /Users/tismyadmin
rm -rf /Users/tismyadmin
rm -rf /var/db/.AppleSetupDone
shutdown -h now</pre>
What does this do? Basically, it gets rid of your <strong><em>tismyadmin</em></strong> user account in an operating system compliant way (no loose ends) and resets the computer to run the Welcome process again. At the end of this, you tell the computer to shut down because this is safer than letting it try and reboot and missing your chance to do the last step for some reason.
<h2>10. Create Your Disk Image</h2>
At this point, you’ve got a computer that’s turned off and is ready to start as a new computer with no existing users but all your configurations and software installs ready to go.

From here, you need to create a disk image of the computer’s hard drive so you can deploy this build to another computer. For that you’ll need an external hard drive that’s been set up so you can boot from it (there are plenty of references for that out there – I’ll write one myself some day).

Boot from your external hard drive.

Run<strong> Disk Utility</strong> (<em>Applications/Utilities</em> – although I have this in the dock on the install on my external hard drive).

Select the internal hard drive on the computer and click the <em>“New Image”</em> button. Give your disk image a name and select somewhere on your external hard drive to save the disk image. When you’re done, hit the <em>“Save” </em>button and wait for the disk image to create. This may take quite a bit of time if you’ve installed a lot of software.

When this is done, you’ve now got a disk image of your fresh-minted Snow Leopard install. In order to make this disk image useable, you also need one final step. In <strong>Disk Utility</strong>, go to the <em>“Restore”</em> tab and load your new disk image in the <em>“Source”</em> box. Then go up to the <em>“Image” </em>menu and select <em>“Scan Image for Restore“</em>. Again, this process can take a little time but once it’s done, you have a disk image that you can use.

(Note: If you prefer to use Carbon Copy Cloner you can skip this step, I have done it either way but found that Disk Utility gives me a faster overall restore from disk image and, ultimately, in a commercial workshop, time is money so I’ve gone with the faster method.)
<h2>11. Using Your Disk Image</h2>
Easy! Boot from your external hard drive (the same one you have your disk image saved on) and run up <strong>Disk Utility</strong>. Select the internal hard drive on the computer you want to build, select the <em>“Restore”</em> tab and then load your disk image in the <em>“Source”</em> box. Drag and drop the internal hard drive to <em>“Destination”</em> and hit the <em>“Restore”</em> button – away you go. Some time later you can restart the computer from the internal hard drive and start a normal setup process including the Apple Welcome screens.

Great article, it is great to see this in laymans terms! I am sure I will use this in the future!

We use basically this process here at my work. It's definitely a time saver - and is great for staff who don't have a lot of Mac experience.

"we all should be moving away from this type of image-building anyway, and toward something like InstaDMG or at least something that uses the same principals…" - Greg Neagle, Mac Sysadmin at Disney.

That said, a shell script for cleaning up a machine prior to imaging it has been here
Image cleanup script Managing OS X
for quite a while. But you will need to modify it and test it.
Dont forget to make it executable with

Code:

chmod +x nameofscript.sh

Also hang out at Home (MacEnterprise) and AFP548 - Changing the world one server at a time. to get loads more tips.
For people interested in this kind of stuff, search the 'net for InstaDMG, Iceberg, radmind, JAMF, AbsoluteManage, FileWave and so on.
There are tools for managing OSX. Tell your boss!

I used to use this method, but it's really hard to be consistent, especially as you start adding more software. For getting proper consistency in your images, you really want to go with something like InstaDMG instadmg - Project Hosting on Google Code - it automates the whole process.

There's a little up-front setup for instadmg, but once you have the your workflow setup, generating a new master image is as simple as running 1 command and waiting for the process to finish - and the generated images will be 100% consistent from run to run.

A gold mine of information! Thanks for writing it all down for the rest of us.

I'd be interested in the deep differences between this method and the Deep Freeze product from Faronics (who have lots of cool 'enterprise' stuff, pardon the pun), obviously Deep Freeze restores the preferred state on restart, but is it as thorough? There's even an Australian link.

I just used this method to create a Mac OS X Leopard 10.5 PowerPC installation . Most of the Intel code is removed, it's about 3GB smaller than a standard OS X Leopard install and it's a lot quicker on G4 hardware. There were a few minor hiccups with this method in Leopard as opposed to Snow Leopard, in that I had to copy the defaultuser to the User Template via Finder because the Terminal command just wouldn't work, but ultimately the resulting installation works fine.

I just wish I hadn't forgotten to add a couple of things before imaging. I can go back and add them, but it will take a bit longer in recreating the defaultuser, updating it, copying it back to the template... etc.

Either way, nice method, works a treat.

Hi,

I've also been looking for something that mirrors sysprep, but I'm looking for the mini-setup front end that Sysprep provides post-imaging. That is, I need a tool that, after imaging is complete, allows me the chance to name the computer and do a trusted bind to my Open Directory server, and then perhaps set some other information (customisable, preferably). I imagine I could do this all with AppleScript, but I'm wondering if anyone has heard of something that does something like this automatically? I know DeployStudio has some Open Directory binding options, but I've never really played around with them.

-John