Create a Custom Default User Profile for OS X 10.7/10.8/10.9/10.10
Create a default user profile for Mac OS X 10.7/10.8/10.9/10.10
Create a user account on OS X that will be a template for every other user of that computer. I usually call it “profile” and make it an administrator account for the time being.
1. Install and configure all applications as desired. It is important to run each program under the profile account. This will skip many of the annoying first-run prompts users will see with things like iCloud and Mozilla Firefox. Be patient with this step and take as much time as it needs.
At this point, a substantial amount of work has been invested in the Mac. I take some time to backup the work and create a disk image of the hard drive.
2. Make the “Profile” account the default profile for all users on the Mac.
3. While logged-in as “Profile”, empty the trash and delete the application caches. Delete the “Login” keychain.
4. Enable the built-in root user account, from the Directory Services console.
5. Log in as the root user (Be very careful while using the root user account).
6. Show all files in the Finder ( Terminal.app / sudo defaults write com.apple.Finder AppleShowAllFiles YES ).
7. Also from the terminal, make a backup copy of the existing default user profile ( cp -R /System/Library/User\ Template/English.lproj/ /System/Library/User\ Template/English.orig ).
8. Remove the current contents of the default user profile ( sudo rm -rf /System/Library/User\ Template/English.lproj/* ).
9. Copy “Profile’s” profile to the default ( sudo cp -R /Users/profile/ /System/Library/User\ Template/English.lproj/ ).
10. Reboot and try logging on as a user that does not already have an existing user profile. There should be no prompts for iCloud, or for a keychain password.
Since there is a decent amount of work as root and in sensitive areas of the operating system, I encourage the practice of making disk images during various steps of the process. A wrong tick or command, here, can render OS X unstable at best.
Update for Mavericks (7/21/14): There may be issues with the “Local Items” keychain, whereas new users are prompted for that keychain’s password. Before copying over the customized profile to the default, it is a great idea to delete that profile user’s local keychain from within the Keychain application. However, the different “Local Items” keychain might still prompt for a password (the profile user’s password) to new users logging into the Mac. If that happens, a workaround that I have used successfully is to rename the “Local Items” keychain (/Library/Keychains/apsd.keychain) before copying the profile over to the default. This will cause OS X to recreate both the login keychain and the “Local Items” keychain at log on, with no prompts.
Update for Yosemite (11/11/14): I ran an upgrade from a configured copy of Mavericks to Yosemite. The profile customizations were largely kept in place. I had to redo the profile customizations for the keychain issues that have plagued this process from the beginning. Also, the run-once command that prompts the user to log in to iCLoud also had to be suppressed. Simply answering the prompts with the desired response was enough to suppress their appearance for future users. A reader, Matt, was kind enough to post his take on how to modify and produce a custom user profile for a fresh install of Yosemite, something I have yet to do. Here are his comments:
Remove old default profile:
rm -rf /System/Library/User\ Template/English.lproj/*
Add custom profile from user [Profile]:
rsync -av /Users/[Profile]/* /System/Library/User\ Templates/English.lproj/
chown profile to root:
chown -R root /System/Library/User\ Templates/English.lproj/
rm -r /System/Library/User\ Templates/English.lproj/Library/Keychains/*
IMPORTANT: Repair Permissions:
diskutil repairPermissions /
Reboot and enjoy.
Thanks Matt! Note: to be careful with the rm commands. Anything they remove is permenant. Backups throughout this process and at critical stages is a good idea.