Create a Custom Default User Profile for OS X 10.7/10.8/10.9/10.10

Create a default user profile for Mac OS X 10.7/10.8/10.9/10.10

Create a user account on OS X that will be a template for every other user of that computer. I usually call it “profile” and make it an administrator account for the time being.

1. Install and configure all applications as desired. It is important to run each program under the profile account. This will skip many of the annoying first-run prompts users will see with things like iCloud and Mozilla Firefox. Be patient with this step and take as much time as it needs.

At this point, a substantial amount of work has been invested in the Mac. I take some time to backup the work and create a disk image of the hard drive. 

2. Make the “Profile” account the default profile for all users on the Mac.

3. While logged-in as “Profile”, empty the trash and delete the application caches. Delete the "Login" keychain.

4. Enable the built-in root user account, from the Directory Services console.

5. Log in as the root user (Be very careful while using the root user account).

6. Show all files in the Finder ( Terminal.app / sudo defaults write com.apple.Finder AppleShowAllFiles YES ).

7. Also from the terminal, make a backup copy of the existing default user profile ( cp -R /System/Library/User\ Template/English.lproj/ /System/Library/User\ Template/English.orig ).

8. Remove the current contents of the default user profile ( sudo rm -rf /System/Library/User\ Template/English.lproj/* ).

9. Copy “Profile’s” profile to the default ( sudo cp -R /Users/profile/ /System/Library/User\ Template/English.lproj/ ).

10. Reboot and try logging on as a user that does not already have an existing user profile. There should be no prompts for iCloud, or for a keychain password.

Since there is a decent amount of work as root and in sensitive areas of the operating system, I encourage the practice of making disk images during various steps of the process. A wrong tick or command, here, can render OS X unstable at best.

Update for Mavericks (7/21/14): There may be issues with the "Local Items" keychain, whereas new users are prompted for that keychain's password. Before copying over the customized profile to the default, it is a great idea to delete that profile user's local keychain from within the Keychain application. However, the different "Local Items" keychain might still prompt for a password (the profile user's password) to new users logging into the Mac. If that happens, a workaround that I have used successfully is to rename the "Local Items" keychain (/Library/Keychains/apsd.keychain) before copying the profile over to the default. This will cause OS X to recreate both the login keychain and the "Local Items" keychain at log on, with no prompts.

Update for Yosemite (11/11/14): I ran an upgrade from a configured copy of Mavericks to Yosemite. The profile customizations were largely kept in place. I had to redo the profile customizations for the keychain issues that have plagued this process from the beginning. Also, the run-once command that prompts the user to log in to iCLoud also had to be suppressed. Simply answering the prompts with the desired response was enough to suppress their appearance for future users. A reader, Matt, was kind enough to post his take on how to modify and produce a custom user profile for a fresh install of Yosemite, something I have yet to do. Here are his comments:

Enter superuser:

sudo su

Remove old default profile:

rm -rf /System/Library/User\ Template/English.lproj/*

Add custom profile from user [Profile]:

rsync -av /Users/[Profile]/* /System/Library/User\ Templates/English.lproj/

chown profile to root:

chown -R root /System/Library/User\ Templates/English.lproj/

Remove Keychain:

rm -r  /System/Library/User\ Templates/English.lproj/Library/Keychains/*

IMPORTANT: Repair Permissions:

diskutil repairPermissions /

Reboot and enjoy.

Thanks Matt! Note: to be careful with the rm commands. Anything they remove is permenant. Backups throughout this process and at critical stages is a good idea.

Enjoy!

Comments

Glad to help

Glad to help

Keychains

I was able to get around the keychain issue by logging-in as the profile user, going in to the keychain utility and deleting the login keychain. Do that before copying the profile.

Depends

The answer there largely depends on the application. Generally speaking,  iwould say "no", but I could be wrong in some respects.

OS X has built-in support for

OS X has built-in support for Active Directory. One need not go through all of the steps above to facilitate that type of support.

Actually, yes, you can. OS X

Actually, yes, you can. OS X has built-in support for Active Directory authentication since 10.2. You just have to make sure you use the domain's DNS server before joining. To customize the default user profile, follow the steps in the article. Those steps modify the default so they apply to local, kerberos, or A.D.-based accounts.

Delete Keychain

Hi,

You need to delete your profile's login keychain before copying it over to the default.

Not tested

I haven't yet tested this with Mavericks.

Thomas, Glad to help and glad

Thomas,

Glad to help and glad the information worked for you. I'll try to make the "verbage" easier to understand, going forward.

Thanks for the info Matt!

Thanks for the info Matt! I'll give this a try and work it into a shell script.

Profile Permissions

Joel,

You could give "everyone" write permissions to the default user profile. This is a little dangerous because granting someone write access to a place where they wouldn't normally need it is not often wise. I haven't done alot of work with Adobe Creative Suite products. I am quite sure they are not licensed for the way we are trying ot use them. Maybe you can track down the settings file that points to the home directory and replace it with a variable?

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.