Install Tiger Xserve as KVM/console server
------------------------------------------

Follow 'OSX Server - New server setup' doc

Set Preferences > Display to 1024x768 (or whatever is appropriate for the connected screen)

Configure the firewall:
-----------------------
Run Server Admin and connect to the server you're setting up.
Click 'Firewall' in the left column
Select the settings pane
click the '+' to add a new IP Address group
   IP Address Group Name: Administrative Nets
   Addresses in group: 141.211.67.0/24
                       141.211.211.0/24
Delete the 10-net and 192.168-net entries

Back in the main firewall settings window:
Click on the Services tab.
  Allow only traffic for "Any Network" on these ports:
      TCP (established)
      UDP outbound and responses
      TCP (outgoing)
   Allow only traffic for "Administrative Nets" on these ports:
      ICMP - all messages
      SSH - Secure Shell [22]
      Server Admin SSL, also Web-ASIP [311]
      Remote Directory Access [625]
      Server Admin via Server Admin App [687]
      ARD 2.0 [3283,5900]
    Click 'Save'
  In the 'Advanced' tab, check the box to Enable Stealth Mode for TCP
  Click 'Save' again
Click the 'Start Service' button at the top to start the firewall

Sync groups from other servers:
------------------------
mkdir /private/var/tmp/acct-rep
chmod 777 /private/var/tmp/acct-rep
sudo mkdir -p /usr/local/bin
scp dpugh@lsa-mac-console-eh.lsa.umich.edu:/usr/local/bin/acct-rep-in /tmp
scp dpugh@lsa-mac-console-eh.lsa.umich.edu:/usr/local/bin/fix-sacls /tmp
sudo mv /tmp/acct-rep-in /usr/local/bin
sudo mv /tmp/fix-sacls /usr/local/bin
sudo chown root:wheel /usr/local/bin/*

#Perform an account replication (must do it as macroot):
ssh dpugh@lsa-sni-eh.lsa.umich.edu
sudo vi /usr/local/bin/acct-rep-out
sudo /usr/bin/nidump -r /groups . > /tmp/groups.ni
scp /tmp/groups.ni macroot@NEWSERVER:/private/var/tmp/acct-rep
exit # from lsa-sni-eh

# back on the new server:

sudo /usr/local/bin/acct-rep-in




Configure LDAP bindings:
------------------------
Follow directions in 'Tiger LDAP setup for UMOD'


#   - Make a home directory for yourself
sudo mkdir /Users/yourUsername
sudo chown yourUsername /Users/yourUsername

Verify you can login via ssh and the console

Configure Service ACLs
----------------------
In 'Server Admin', click on the hostname of the server in the left pane
Click the 'Settings' tab at the bottom
Click the 'Access' tab at the top
Uncheck 'Use same access for all services'
Select 'SSH', and 'Allow only users and groups' of group 'DSAs'

Install Kerberos.pkg
Install Kerberized-Console.pkg
Install K2Client.mpkg
Install MacOSXHooks.pkg
Install UberHomeDirs.pkg  (no extra configuration needed for this use)
Install OpenAFS.pkg
Install OpenAFS-changes.pkg
Install internet.pkg
Install date.pkg
Install screensaver.pkg
Install mail-no-chache.pkg
Install UMwebCA.pkg
Install MS Office pkg
Install Fugu.pkg



Enable fast-user-switching

Add Apple Remote Desktop admin utility
Launch ARD util, enter serial number

Set Dock to contain apps that make sense on this machine

sudo cp Library/Preferences/com.apple.dock.plist /System/Library/User\ Template/English.lproj/Library/Preferences