Creating custom Guest Account in Yosemite

Discussion started by EdTomBell, Nov 12, 2014.

  EdTomBell, Nov 12, 2014
    Last edited: Nov 13, 2014

    EdTomBell

    Nov 12, 2014
    We have Kiosks at our University that I created an image for that wouldn't require users to log in. To make this easy I just customized the guest account in Mavericks. Now I want to upgrade to Yosemite, but customizing the guest account is proving to be a bit more difficult.

    When I try to copy my customizations to the User Template as I did before it works just fine, but I get a message stating "The system was unable to unlock your login keychain" whenever I login to the customized guest account.

    I feel like the best thing to do here would be to just create a custom user, but I would like to include the feature of user data being wiped on logout, and a logout automatically rebooting the machine and logging back into that User.

    Does anyone know how I can create scripts to do this? Thanks.
  sjinsjca


    Oct 30, 2008
    Pinging this thread to give it some visibility. I'm interested in any answers too.
  KALLT

    Sep 23, 2008
    Out of curiosity, what do you mean with ‘copy my customizations to the User Template’? And shouldn’t the guest account just work like before when you upgrade your systems?

    Have you searched for solutions to this error? Perhaps your copying of the template overrides a password entry, thereby causing the prompt.
  EdTomBell

    Nov 12, 2014
    So I did end up figuring out how to correct my issues with customizing the guest account on Yosemite.

    To answer the question of "shouldn’t the guest account just work like before when you upgrade your systems?"

    When I upgraded from Mavericks to Yosemite it appears that the User Template (where the guest account gets its default settings once someone logs out or restarts from it, which wipes the user data) was recreated with default settings. Therefore requiring me to re-customize the Guest User.

    After putting some time in I was able to successfully customize the guest account on Yosemite, which I will describe how to do here.

    To customize I was following another forum post and used the steps and terminal commands they mentioned there:

    One thing to add here is that if you had anything on the desktop for guest, or saved pictures in the guest account to use as the desktop background (or saved anything outside of the library folder) you will need to copy those folders from the Guest directory into English.lproj of the User Template.

    The issue I ran into is that when I restarted my machine, which I set to auto-log in to the, is I got the message "The system was unable to unlock your login keychain."

    The way I found to remedy this was by going back into the admin account and navigating to /System/Library/User Template/English.lproj/Library/Keychain (you will need to be the root user in terminal to access this you can access the root user by typing the command 'sudo su -' and then typing the root password. If you have not set a root password look here for instructions on how to do so) and deleting everything in that folder. Delete absolutely everything, even the .f[followed by some random characters]. Next time you log out or restart in the guest account, you will not run into this keychain issue.

    I hope this helps and prevents anyone from having to spend hours solving this easily fixable error like me!
  martinb412

    Jan 30, 2015
    I tried this. At first I still got the keychain message on Guest login, but after a reboot I wasn't prompted. Everything was looking good until I started opening internet browsers and was promoted with a windows that read, "keychain not found. A keychain cannot be found to store [application name]"

    Anybody else run into this?
  martinb412

    Jan 30, 2015
  EdTomBell

    Nov 12, 2014
    That's odd. If I were you I would login to the admin side and try to create a new keychain manually to see if that solves it.
    • Spotlight search for Keychain Access and open it
    • Click File, followed by New Keychain..

    Let me know how that works.
  martinb412

    Jan 30, 2015
    Sorry for the delay,

    That reddit post actually didn't work. The next day I was prompted for keychain password. I didn't see your reply until yesterday when I tried something else, that didn't work either.

    When generating a new keychain, keychain access is prompting for a password. Doesn't the OS generate the Guest password randomly?
  martinb412

    Jan 30, 2015
    I generated a new keychain with a generic password and moved it to /System/Library/User\ Template/English.lproj/Library/Keychains/login.keychain

    First I forgot to reset the permissions on the file, when rebooted and logged into Guest I was promted to update the keychain password or create a new one.

    I realized the file was still owned by administrator, so re-created the keychain and set chown to root:wheel.

    When logged in I was prompted again with the same prompt. This time I entered the password I set when I created the keychain and it logged in. Sequential logins offered the same result.

    After logging into Guest and typing in the keychain password I tried copying the keychain from the guest folder to the user template and this didn't work either.
  EdTomBell

    Nov 12, 2014
    It wouldn't be the guest password it would be an admin password.

    The other option is to start from scratch. I suppose I should state that I initially had the custom guest login set up for Mavericks, then updated. All of the customizations I created were overwritten so I had to start from square one, but this may work different than starting from scratch on a fresh Yosemite install.
  martinb412

    Jan 30, 2015
    This computer was setup from a fresh Yosemite install using AutoDMG with 10.10.2 from the app store coupled with Deploy Studio for installation. This is the 3rd re-image of this machine in the last week. I didn't even push any apps with AutoDMG, just bare bone Yosemite.

    Thank for your help EdTomBell
  EdTomBell

    Nov 12, 2014
    Same thing was happening to our machines now. I believe this should fix it for you.

    • navigate to /Users/Guest/Library/Keychains in Finder as Admin
    • You should see a folder/folders in there and a file/files. These need to be completely deleted.
    • Open a terminal in order to do a recursive delete using the command 'sudo rm -R <folder or file path>' The easiest way to get the file path in there is to just click and drag the file into the terminal, this will populate it with the full path
    • Repeat this step for everything in that folder until it is empty
    • Reboot, and you should get no more Keychain prompt

    You may need to manually give your admin user read/write access to these files in order to do this. Hope this helps!
  KoolAid-Drink

    Sep 18, 2013
    How do you customize guest accounts in the first place and edit the 'template'? I'm a bit lost...
  EdTomBell

    Nov 12, 2014
    Are you customizing from a base Yosemite install? I lay out the steps in my second post on this thread, is there something in my language that is confusing or that you are having trouble with?
  martinb412

    Jan 30, 2015
    When a new user logs in, everything in /System/Library/User\ Template/English.proj/ gets copied over as their profile.

    It's so confusing when you see some people say there should be the machine keychain there, some say the login keychain should be there, and some say nothing should be there.

    I believe I found the solution to my problem, it seems like a deploystudio problem. This is what I found:

    I have restarted the image on a new machine and so far so good :)
  virtualruffy

    Feb 25, 2013
    one script to do it all

    When i dealt with this I went looking and found the following article (now page 5 and the current script is on pg 5) which details why to create a default profile and the stages he went through over the years since he started (thread began in 2011).
    The author, Carter, created and has updated the script for doing this. The full breakdown of commands can be seen in the Automator script which you can further customize. In mine I added an image to indicate the script was running and a voice announcement then at the scripts conclusion another image appears and again a voice announcement says you're done.

    One important difference I see from what the script does and what several people are doing is they are deleting the entire folder's contents while the script runs specific commands to delete specific things. I've never had permission or keychain issues using the script. By deleting the entire contents en masse you may be creating the problem. Try the script it is the best thing I've found. And thank Carter.
  casselli

    Aug 27, 2015

