How to build  the perfect OS X Image for stability.

Posted on 2007-09-29
Last Modified: 2013-11-24
I am a windows network guy that has been tasked with creating the perfect Mac image for deployment. This image is going to be using Open Directory to connect to Active Directory for authentication. One of my main questions is it better to leave the image blank with just the basic OS X junk then install all the 3rd party software off that image? Or do I install all the 3rd party stuff on with the image?  Any advice on the best route to take on this journey would be  much appreciated. My main goal is stability of the image.
Question by:Rockcreektaylor
    LVL 16

    Accepted Solution

    Mac imaging. You've come to the right place. My personal approach, which has worked very well for deploying hundreds of clone systems:

    -- Install OS X and all updates
    -- Install all software
    -- Configure 'temp' user account as I want the default user environment to appear
    -- Copy the 'temp' user folder to the User Template/English.lproj folder
    -- Set login hook to the script from ( - once configured, this will bind your machine to your AD for authentication
    -- Dump image using NetRestore Helper (
    -- Create/Configure NetInstall set using NetRestore Helper
    -- Add the NetInstall set to my OS X NetBoot server
    -- Add name-table information to the NetInstall.dmg to permit naming of machines automatically at time of imaging
    -- Deploy the finished clients and Go Crazy.

    See Mike Bombich's workshop on deploying cloned OS X systems (

    My experiences with this method have always been positive, and the images produced have been stable. The creation of the image should be done using the install disc that came with the most recently released piece of hardware you have, to insure compatibility with all available hardware. The images made this way can be used on any Mac of the same processor type, with the exception of the Santa Rosa MacBook Pros and the new Metallic iMacs - those both require their own separate image.

    Also - they way you described your OD/AD setup is a little fuzzy. The client Macs must be bound directly to AD to get AD logins - they can't be part of an OD, and rely on the OD server to turn to AD to process AD logins. OD is a wonderful tool to manage the workstation environment, but if you're stacking on top of an AD setup, both the server and the clients need to be bound to AD (hence the bind-to-AD login script above).

    How do you think all of this will fit your environment? Is there anything you're still curious about that I haven't touched on?

    For information from an authority of an unmatched level, visit Mike Bombich's page at To give you a bit of perspective on Mike, he wrote the NetRestore software that drives deployment of OS X systems in (I'm venturing an educated guess) the near majority of mass-Mac environments. Second to none.

    Author Comment

    Gave me a great overview on everything that i needed to know. How i am going to work the OD and AD stuff is even fuzzy to me! Ha. I just have to make it happen. I was going to bind the computer to AD and let it be done like that but i think putting up OD will help out in the long run. Thanks for all your help. I

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    The /etc/authorization file in Mac OS X 10.x can be used to control access to the various panes of the System Preferences amongst other things. It’s used by some of us Mac Sys Admin’s to give Standard Users access to System Prefs panes that only adm…
    Syslogd is a utility that traps and logs messages sent by running processes. It is configured with the syslog.conf file, which consists of lines containing a pair of fields: "the selector field which specifies the types of messages and priorities to…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now