├── Mac-AD-Unbind.sh ├── Mac-Add-LPD-Network-Printer.sh ├── Mac-Admin-to-Standard-Account.sh ├── Mac-Battery-Health.sh ├── Mac-Block-Monterey.sh ├── Mac-Check-Cache-Size.sh ├── Mac-Check-Log-Size.sh ├── Mac-Check-Prohibited-App-Running.sh ├── Mac-Check-Rosetta2.sh ├── Mac-Check-Wifi-Connection.sh ├── Mac-Clean-up-downloads.sh ├── Mac-Create-APFS-Snapshot.sh ├── Mac-Current-User-to-Admin-Account.sh ├── Mac-Current-User-to-Standard-Account.sh ├── Mac-Disable-Python-2-Warning.sh ├── Mac-Disable-Remote-Login.sh ├── Mac-Enable-Remote-Login.sh ├── Mac-File-Aging.sh ├── Mac-Folder-Cleanup.sh ├── Mac-Force-O365-Update.sh ├── Mac-Install-Command-Line-Tools.sh ├── Mac-Install-Latest-PowerShell.sh ├── Mac-Install-Nudge.sh ├── Mac-Install-PKG-from-URL.sh ├── Mac-Install-SentinelOne.sh ├── Mac-Installed-Applications-List.sh ├── Mac-Launch-URL.sh ├── Mac-List-Printers.sh ├── Mac-Local-or-AD-User.sh ├── Mac-MAU-Use-Local-Cache.sh ├── Mac-Pending-Update-Check.sh ├── Mac-Remove-Installomator.sh ├── Mac-Reset-0365-Activation-Email.sh ├── Mac-Reset-Print-System.sh ├── Mac-Reset-TCC.sh ├── Mac-Reset-Timezone.sh ├── Mac-Restricted-Developers.sh ├── Mac-Routine-Maintenance.sh ├── Mac-SIP-Check.sh ├── Mac-Security-Hardware-Check.sh ├── Mac-Set-Hostname-NetBIOS-Name.sh ├── Mac-Software-Updates.sh ├── Mac-Standard-to-Admin-Account.sh ├── Mac-Start-Time-Machine.sh ├── Mac-Stop-Disable-Time-Machine.sh ├── Mac-Streaming-Warning.sh ├── Mac-Task-Quit-Prohibited-App.sh ├── Mac-Thermal-Pressure.sh ├── Mac-Thin-Local-Snapshots.sh ├── Mac-Time-Machine-Status.sh ├── Mac-Unblock-Monterey.sh ├── Mac-WFH-ISP-Info.sh ├── Mac-WFH-speed-test.sh ├── N-Central-No-Touch-Install ├── Scripts │ ├── include.sh │ └── postinstall ├── include.sh ├── postinstall ├── readme.md └── sample-installer.pkg ├── README.md └── onboarding-starter.sh /Mac-AD-Unbind.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | # Forces the Mac to unbind from the current Active Directory domain. Fails if the 8 | # computer is not bound to AD. 9 | 10 | if dsconfigad -remove -username "-" -password "-" -force 11 | then 12 | echo "Successfully unbound." 13 | else 14 | echo "This computer is not Bound to Active Directory." 15 | exit 1001 16 | fi 17 | -------------------------------------------------------------------------------- /Mac-Add-LPD-Network-Printer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Add a network printer with LPD protocol and generic printer driver. 7 | 8 | PRINTERNAME=[UNIQUE-NAME] 9 | LOCATIONSTRING=["eg, Floor, Building, Room number"] 10 | LPDADDRESS=[lpd://IP.ADDRESS.OR.DNS.NAME] 11 | 12 | lpadmin -p $PRINTERNAME -L $LOCATIONSTRING -E -v $LPDADDRESS -m drv:///sample.drv/generic.ppd -o printer-is-shared=false 13 | -------------------------------------------------------------------------------- /Mac-Admin-to-Standard-Account.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Check your privilege 7 | if [ $(whoami) != "root" ]; then 8 | echo "This script must be run with root/sudo privileges." 9 | exit 1002 10 | fi 11 | 12 | convertAccount="$1" 13 | 14 | if ! id "$convertAccount" 2> /dev/null || [ -z "$1" ] 15 | then 16 | echo "[ERROR] No such user: $convertAccount" 17 | exit 1001 18 | fi 19 | 20 | if /usr/bin/dscl . -read "/groups/admin" GroupMembership | /usr/bin/grep -q "$convertAccount" 21 | then 22 | if /usr/sbin/dseditgroup -o edit -d "$convertAccount" admin 23 | then 24 | echo "$convertAccount admin privileges removed." 25 | else 26 | echo "[ERROR] Could not remove administrator privileges from $convertAccount." 27 | exit 1003 28 | fi 29 | else 30 | echo "$convertAccount is not an administrator." 31 | fi 32 | -------------------------------------------------------------------------------- /Mac-Battery-Health.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | 8 | # This script will return the number of cycles recorded for a Mac laptop's battery. 9 | # For desktop Macs, the result is 0. 10 | 11 | # With an optional number as parameter, the script will alert if the battery cycles 12 | # exceed that maximum value. 13 | 14 | 15 | batteryCycles=$(/usr/sbin/system_profiler SPPowerDataType | grep "Cycle Count") 16 | 17 | if [ -n "$batteryCycles" ] 18 | then 19 | batteryCycles=$(echo "$batteryCycles" | cut -d":" -f2 | xargs) 20 | else 21 | batteryCycles=0 22 | echo "N/A" 23 | exit 0 24 | fi 25 | 26 | if [ -n "$1" ] && [ "$batteryCycles" -gt "$1" ] 27 | then 28 | echo "[NOTICE] Battery cycles exceeds ${1}: ${batteryCycles}" 29 | exit 1001 30 | else 31 | echo "Battery Cycles: ${batteryCycles}" 32 | 33 | fi 34 | -------------------------------------------------------------------------------- /Mac-Block-Monterey.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Download the Monterey Blocker package from github: 7 | curl -sSL -f -o /tmp/montereyblocker.pkg https://github.com/Theile/montereyblocker/releases/download/v20210611/montereyblocker-20210611.pkg 8 | 9 | if [ "$?" == "0" ]; then 10 | # Install the PKG 11 | installer -pkg /tmp/montereyblocker.pkg -target / 12 | fi 13 | -------------------------------------------------------------------------------- /Mac-Check-Cache-Size.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | # 7 | # In the normal operation of a Mac, many applications and system services use a local 8 | # cache to speed up operations. Maintenance routines will periodically expire or remove 9 | # older cache files, but sometimes they fail. Cached files that are no longer necessary, 10 | # or for apps that have been removed, will remain and clutter the cache folders. 11 | # Ultimately, this will fill up the drive if left unchecked. 12 | # 13 | # This script checks common cache folders in each user's home directory, as well as 14 | # the system, to determine if they are larger than an optional maximum parameter 15 | # (default 2 gigabytes). 16 | # 17 | 18 | exitCode=1000 19 | 20 | MaxCacheSize=$1 21 | 22 | if [ -z "$MaxCacheSize" ] 23 | then 24 | MaxCacheSize=2048 # default max size 2gig 25 | fi 26 | 27 | # list all Users' home directories (uses dscl in the rare instance they're not in /Users/*) 28 | UserHomes=$(dscl /Local/Default -list /Users NFSHomeDirectory | awk '$2 ~ /^\/Users/ { print $2 }' ) 29 | 30 | for UserHome in ${UserHomes} 31 | do 32 | # Does the home folder have a Caches folder? 33 | if [ -d "${UserHome}/Library/Caches" ] 34 | then 35 | 36 | CacheSizeMegs="$(du -mc ${UserHome}/Library/Caches 2> /dev/null | tail -1 | cut -f1)" 37 | echo "\n[ ${UserHome} Caches ]: ${CacheSizeMegs} megabytes" 38 | 39 | if [ $CacheSizeMegs -ne 0 ] 40 | then 41 | echo "Top items:" 42 | du -h ${UserHome}/Library/Caches/* 2> /dev/null | sort -hr | head -10 43 | if [ $CacheSizeMegs -gt $MaxCacheSize ] 44 | then 45 | ((exitCode++)) 46 | fi 47 | fi 48 | 49 | fi 50 | 51 | done 52 | 53 | 54 | sysCacheSizeMegs="$(du -mc /Library/Caches | tail -1 | cut -f1)" 55 | echo "\n[ System Caches ]: ${sysCacheSizeMegs} megabytes" 56 | 57 | if [ $sysCacheSizeMegs -ne 0 ] 58 | then 59 | echo "Top items:" 60 | du -h /Library/Caches/* | sort -hr | head -10 61 | if [ $sysCacheSizeMegs -gt $MaxCacheSize ] 62 | then 63 | ((exitCode++)) 64 | fi 65 | fi 66 | 67 | exit "$exitCode" 68 | -------------------------------------------------------------------------------- /Mac-Check-Log-Size.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | # 7 | # When applications start having problems, often the first sign is that the error log 8 | # for that application fills up with messages. This can also lead to slower performance 9 | # overall, as the system is spending its time writing out errors to increasingly large 10 | # log files. Ultimately, this will fill up the drive if left unchecked. 11 | # 12 | # To detect this situation, an easy check to run is the size of the log files on the 13 | # machine. This script checks the log folders in each user's home directory, as well as 14 | # the system, to determine if they are larger than an optional maximum parameter 15 | # (default 500 Megs). 16 | # 17 | 18 | exitCode=1000 19 | 20 | MaxLogSize=$1 21 | 22 | if [ -z "$MaxLogSize" ] 23 | then 24 | MaxLogSize=500 # default max size 500M 25 | fi 26 | 27 | 28 | 29 | # list all Users' home directories (uses dscl in the rare instance they're not in /Users/*) 30 | UserHomes=$(dscl /Local/Default -list /Users NFSHomeDirectory | awk '$2 ~ /^\/Users/ { print $2 }' ) 31 | 32 | for UserHome in ${UserHomes} 33 | do 34 | # Does the home folder have a Logs folder? 35 | if [ -d "${UserHome}/Library/Logs" ] 36 | then 37 | 38 | logSizeMegs="$(du -mc ${UserHome}/Library/Logs | tail -1 | cut -f1)" 39 | echo "\n[ ${UserHome} Logs ]: ${logSizeMegs} megabytes" 40 | 41 | if [ $logSizeMegs -ne 0 ] 42 | then 43 | echo "Top items:" 44 | du -h ${UserHome}/Library/Logs/* | sort -hr | head -10 45 | if [ $logSizeMegs -gt $MaxLogSize ] 46 | then 47 | ((exitCode++)) 48 | fi 49 | fi 50 | 51 | fi 52 | 53 | done 54 | 55 | 56 | syslogSizeMegs="$(du -mc /Library/Logs | tail -1 | cut -f1)" 57 | echo "\n[ System Logs ]: ${syslogSizeMegs} megabytes" 58 | 59 | if [ $syslogSizeMegs -ne 0 ] 60 | then 61 | echo "Top items:" 62 | du -h /Library/Logs/* | sort -hr | head -10 63 | if [ $syslogSizeMegs -gt $MaxLogSize ] 64 | then 65 | ((exitCode++)) 66 | fi 67 | fi 68 | 69 | varlogSizeMegs="$(du -mc /var/log | tail -1 | cut -f1)" 70 | echo "\n[ /var/log ]: ${varlogSizeMegs} megabytes" 71 | 72 | if [ $varlogSizeMegs -ne 0 ] 73 | then 74 | echo "Top items:" 75 | du -h /var/log/* | sort -hr | head -10 76 | if [ $varlogSizeMegs -gt $MaxLogSize ] 77 | then 78 | ((exitCode++)) 79 | fi 80 | fi 81 | 82 | exit "$exitCode" 83 | -------------------------------------------------------------------------------- /Mac-Check-Prohibited-App-Running.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | # This script will attempt to determine if a particular app or process is running. If so, 8 | # the script will exit in a failed state, so you can trigger a task to quit the process if needed. 9 | 10 | AppToKill=$1 11 | 12 | if [ -n "$AppToKill" ] 13 | then 14 | echo "[NOTICE] This script requires the name of an app or process." 15 | exit 0 # exit quietly without triggering an alert. 16 | fi 17 | 18 | currentUser=$(stat -f "%S"u /dev/console) 19 | currentUID=$(/usr/bin/id -u "$currentUser") 20 | 21 | if [ "$currentUser" == "LoginWindow" ] 22 | then 23 | echo "[NOTICE] No logged in user." 24 | exit 0 # exit quietly without triggering an alert. 25 | 26 | else 27 | # is the specified application or process running? 28 | if [ $(pgrep -ilf "$AppToKill") ] || [ $(pgrep -ilf "$AppToKill".app) ] 29 | then 30 | echo "Found $AppToKill." 31 | /bin/launchctl asuser "$currentUID" /usr/bin/osascript -e "tell application \"${AppToKill}\" to quit" 32 | 33 | exit 1001 # exit and alert/fail. Trigger the "force quit prohibited app" task. 34 | 35 | fi 36 | 37 | fi 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /Mac-Check-Rosetta2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # Checks and optionally installs Rosetta 2 on Apple Silicon (M1) Macs. 8 | 9 | # Usage: run with option "true" to install Rosetta 2 on M1 devices that do not already 10 | # have it installed. Otherwise, with no options to just run the check. 11 | 12 | 13 | if [ "$(sysctl -in hw.optional.arm64)" != "1" ] 14 | then 15 | # Not running on Apple ARM Silicon 16 | echo "Error: This Mac is not running an Apple Silicon (M1) CPU." 17 | exit 1 18 | else 19 | if arch -x86_64 /usr/bin/true 2> /dev/null 20 | then 21 | # Running Intel code on ARM, so Rosetta2 already installed. 22 | echo "Error: Rosetta 2 is already installed and running." 23 | exit 0 24 | elif [ "$1" = "true" ] 25 | then 26 | # install Rosetta2 27 | echo "Installing Rosetta 2:" 28 | /usr/sbin/softwareupdate --install-rosetta --agree-to-license 29 | else 30 | echo "Rosetta 2 not installed. Exiting." 31 | exit 0 32 | fi 33 | fi 34 | 35 | -------------------------------------------------------------------------------- /Mac-Check-Wifi-Connection.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I 8 | 9 | -------------------------------------------------------------------------------- /Mac-Clean-up-downloads.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # For each local user on the Mac, move any files that have not been accessed in more than 7 | # n days (default 14) to a separate "CLEANUP" folder for them to delete or archive. 8 | # 9 | # You can alternately deposit old files in the user's Trash. 10 | # *** Only use this option after suitably warning your users *** 11 | 12 | 13 | 14 | DESTINATION="Downloads/CLEANUP" 15 | # DESTINATION=".Trash/CLEANUP" 16 | 17 | 18 | # requires a number of days, otherwise defaults to 14 19 | if [ -n "$1" ] && [ "$1" -eq "$1" ] 2>/dev/null 20 | then 21 | echo "RANGE = ${1} DAYS" 22 | DAYS="$1" 23 | else 24 | echo "DEFAULT RANGE = 14 DAYS" 25 | DAYS=14 26 | fi 27 | 28 | 29 | # list all Users' home directories (uses dscl in the rare instance they're not in /Users/*) 30 | USERHOMES=$(dscl /Local/Default -list /Users NFSHomeDirectory | awk '$2 ~ /^\/Users/ { print $2 }' ) 31 | 32 | for USERHOME in ${USERHOMES} 33 | do 34 | # Does the home folder have a Downloads folder? 35 | if [ -d "${USERHOME}/Downloads" ] 36 | then 37 | 38 | # Whose downloads? 39 | USERNAME=$(stat -f %Su "${USERHOME}") 40 | echo "Doing Downloads cleanup for $USERNAME" 41 | 42 | # Create a "CLEANUP" folder if one doesn't already exist 43 | if [ ! -d "${USERHOME}/${DESTINATION}" ] 44 | then 45 | echo "Creating CLEANUP directory for $USERNAME" 46 | 47 | mkdir "${USERHOME}/${DESTINATION}" 48 | 49 | chown "${USERNAME}" "${USERHOME}/${DESTINATION}" 50 | 51 | echo "Setting CLEANUP directory owner to $USERNAME" 52 | 53 | fi 54 | 55 | 56 | 57 | # Move any files in Downloads that have not been accessed in > 14 days to the CLEANUP folder. 58 | find "${USERHOME}/Downloads" -atime +${DAYS}d -depth 1 -type f -exec mv {} "${USERHOME}/${DESTINATION}" \; 59 | 60 | 61 | # Count how many were moved, and how much disk space they take up 62 | CLEANUPFILES=$(find "${USERHOME}/${DESTINATION}" -maxdepth 1 -type f | wc -l) 63 | CLEANUPSIZE=$(du -hs "${USERHOME}/${DESTINATION}" | awk -F ' ' '{print $1}') 64 | echo "${USERNAME} can save ${CLEANUPSIZE} by deleting ${CLEANUPFILES} files in their ${DESTINATION} folder." 65 | echo "--" 66 | 67 | fi 68 | 69 | 70 | done 71 | 72 | -------------------------------------------------------------------------------- /Mac-Create-APFS-Snapshot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # Create APFS snapshot of current drive state, in order to "roll back" or restore 8 | # the drive state later. This requires MacOS High Sierra (10.13) or later, and an SSD 9 | # system drive formatted APFS. Uses tmutil but does not require Time Machine to be 10 | # enabled. 11 | 12 | # To restore from this snapshot later, or to recover previous versions of files as stored 13 | # in the snapshot, list the available snapshots with "sudo tmutil listlocalsnapshots" then 14 | 15 | # sudo mkdir /tmp/SNAPSHOT 16 | # sudo mount_apfs -s [SNAPSHOT NAME] / /tmp/SNAPSHOT 17 | 18 | tmutil localsnapshot 19 | -------------------------------------------------------------------------------- /Mac-Current-User-to-Admin-Account.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | # Converts current logged-in standard user to an admin account. 8 | 9 | 10 | # Check your privilege 11 | if [ $(whoami) != "root" ]; then 12 | echo "This script must be run with root/sudo privileges." 13 | exit 1002 14 | fi 15 | 16 | currentUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ { print $3 }') 17 | 18 | if [ "$currentUser" == "LoginWindow" ] 19 | then 20 | echo "No current user." 21 | exit 1001 22 | fi 23 | 24 | if /usr/bin/dscl . -read "/groups/admin" GroupMembership | /usr/bin/grep -q "$currentUser" 25 | then 26 | echo "$currentUser is already an administrator." 27 | else 28 | /usr/bin/dscl . -append "/groups/admin" GroupMembership "$currentUser" 29 | echo "$currentUser now has administrator privileges." 30 | fi 31 | -------------------------------------------------------------------------------- /Mac-Current-User-to-Standard-Account.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Converts current logged-in admin user to a standard account. 7 | 8 | 9 | # Check your privilege 10 | if [ $(whoami) != "root" ]; then 11 | echo "This script must be run with root/sudo privileges." 12 | exit 1002 13 | fi 14 | 15 | currentUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ { print $3 }') 16 | 17 | if [ "$currentUser" == "LoginWindow" ] 18 | then 19 | echo "No current user." 20 | exit 1001 21 | fi 22 | 23 | if /usr/bin/dscl . -read "/groups/admin" GroupMembership | /usr/bin/grep -q "$currentUser" 24 | then 25 | /usr/sbin/dseditgroup -o edit -d "$currentUser" admin 26 | echo "$currentUser admin privileges removed." 27 | else 28 | echo "$currentUser is not an administrator." 29 | fi 30 | -------------------------------------------------------------------------------- /Mac-Disable-Python-2-Warning.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # This prevents a warning popup in MacOS Big Sur and Monterey intended to let the user 8 | # know that outdated python scripts will stop working in a future version of MacOS. 9 | # The trouble is, many applications use python behind the scenes, and there's nothing 10 | # the user can do about it, except keep seeing the warning whenever they open that app. 11 | 12 | defaults write com.apple.python DisablePythonAlert true 13 | -------------------------------------------------------------------------------- /Mac-Disable-Remote-Login.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # This *disables* remote login to the Mac via ssh. 8 | 9 | # In order to connect to the remote Mac with ssh, create and run a task for the script 10 | # "Mac-Enable-Remote-Login" first to enable ssh login. 11 | 12 | 13 | systemsetup -f -setremotelogin off 14 | -------------------------------------------------------------------------------- /Mac-Enable-Remote-Login.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # This enables remote login to the Mac via ssh. 8 | # When you are finished with your ssh session, use the script "Mac-Disable-Remote-Login" 9 | # to disable ssh login. 10 | 11 | 12 | systemsetup -f -setremotelogin on 13 | -------------------------------------------------------------------------------- /Mac-File-Aging.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | # Mac File Aging - Takes a path and number as arguments. If the file or directory at the 8 | # specified path is OLDER than the specified number in DAYS, the script check fails. 9 | 10 | if [ -n "$2" ] 11 | then 12 | maxDays=$2 13 | 14 | if [ -e "$1" ] 15 | then 16 | ageInDays=$((($(date +%s) - $(stat -t %s -f %m -- "$1")) / 86400)) 17 | if [ "$ageInDays" -gt "$maxDays" ] 18 | then 19 | echo "[WARNING] $1 last modified $ageInDays days ago." 20 | exit 1001 21 | else 22 | echo "$1 last modified $ageInDays days ago." 23 | exit 0 24 | fi 25 | else 26 | echo "[ERROR] The path specified at $1 does not exist." 27 | exit 1001 28 | fi 29 | 30 | else 31 | echo "[ERROR] This script requires two parameters. A path and a number of days." 32 | exit 1001 33 | fi 34 | 35 | 36 | -------------------------------------------------------------------------------- /Mac-Folder-Cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Organizes a directory of files with different extensions into separate folders, one 7 | # for each extension. e.g. all PNG files into a folder named "PNG", JPEGs into a folder 8 | # named "JPEG" etc. All new directories are created in UPPER case, to avoid case 9 | # sensitive confusion between file.ext and file.EXT 10 | 11 | # command line parameter: path to folder to organize 12 | CLEANUPPATH=$1 13 | 14 | echo "Cleaning up $CLEANUPPATH" 15 | 16 | if [ -n "$CLEANUPPATH" ]; then 17 | 18 | FILECOUNT=0 19 | # For each file in the provided directory 20 | for FILENAME in $CLEANUPPATH/*.* 21 | 22 | do 23 | # get the extension (everything after the last .) 24 | ((FILECOUNT++)) 25 | # Set the EXT variable to the extension 26 | EXT=${FILENAME##*.} 27 | 28 | EXT=${EXT:u} # optional: makes the extension all UPPER case 29 | 30 | # If a directory with that extension does not already exist 31 | if ! test -d "$CLEANUPPATH/$EXT"; then 32 | mkdir "$CLEANUPPATH/$EXT" 33 | (($?)) && echo "Unable to create $CLEANUPPATH/$EXT." && exit 2 34 | fi 35 | 36 | mv "$FILENAME" "$CLEANUPPATH/$EXT" 37 | (($?)) && echo "Unable to move $FILENAME to $CLEANUPPATH/$EXT." && exit 3 38 | 39 | done 40 | 41 | echo "$FILECOUNT files organized." 42 | exit 0 43 | 44 | else 45 | 46 | echo "Please provide the path for a folder to organize. (e.g. ~/Desktop/)" 47 | exit 1 48 | 49 | fi 50 | -------------------------------------------------------------------------------- /Mac-Force-O365-Update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Force a full Microsoft 365 update. Useful for doing downloads on your schedule, instead of waiting for the automatic update 7 | 8 | # remove the "last updated" time, so the agent thinks it's never been run 9 | defaults delete com.microsoft.autoupdate2 LastUpdate 10 | 11 | # kick off the automatic update agent 12 | launchctl start com.microsoft.update.agent 13 | 14 | -------------------------------------------------------------------------------- /Mac-Install-Command-Line-Tools.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Installs the XCode Command Line Tools from developer.apple.com 7 | # These developer tools are required for many command-line applications, and include 8 | # version control tools, compilers, and libraries for a number of programming languages 9 | # not present on a default system. 10 | 11 | # Check your privilege 12 | if [ "$(whoami)" != "root" ]; then 13 | echo "This script must be run with root/sudo privileges." 14 | exit 1 15 | fi 16 | 17 | 18 | OSVERSION=$(defaults read /System/Library/CoreServices/SystemVersion ProductVersion | awk '{print $1}') 19 | 20 | OSMAJOR=$(echo "${OSVERSION}" | cut -d . -f1) 21 | OSMINOR=$(echo "${OSVERSION}" | cut -d . -f2) 22 | 23 | if [[ $OSMAJOR -lt 11 ]] && [[ $OSMINOR -lt 13 ]] 24 | then 25 | echo "Requires MacOS 10.13 or higher." 26 | exit 1 27 | else 28 | 29 | # creates a temporary file to allow swupdate to list and install the command line tools 30 | TMPFILE="/tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress" 31 | touch ${TMPFILE} 32 | 33 | echo "Checking availability of Command Line Tools." 34 | CLTAVAILABLE=$(/usr/sbin/softwareupdate -l | grep -B 1 -E 'Command Line Tools' | awk -F'*' '/^ *\\*/ {print $2}' | sed -e 's/^ *Label: //' -e 's/^ *//' | sort -V | tail -n1) 35 | 36 | if [[ -n ${CLTAVAILABLE} ]] 37 | then 38 | echo "Installing ${CLTAVAILABLE}" 39 | 40 | /usr/sbin/softwareupdate -i "${CLTAVAILABLE}" 41 | 42 | rm -f ${TMPFILE} 43 | 44 | /usr/bin/xcode-select --switch /Library/Developer/CommandLineTools 45 | 46 | else 47 | echo "Command Line Tools already installed and up to date." 48 | exit 0 49 | fi 50 | 51 | fi 52 | -------------------------------------------------------------------------------- /Mac-Install-Latest-PowerShell.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # Download and install the latest version of Microsoft PowerShell from GitHub 8 | # by querying the repo releases for the latest stable version, and grabbing the 9 | # proper PKG file to install. Other methods require developer tools (eg, homebrew) but 10 | # the installer has no prerequisites. 11 | 12 | # Note: if the last curl step fails, it may be due to the PowerShell developers changing 13 | # the naming scheme of their releases. 14 | 15 | 16 | # call the GitHub API to look up the latest stable release version 17 | LATESTVERSION="$(curl -s -H 'Accept: application/vnd.github.v3+json' https://api.github.com/repos/powershell/powershell/releases/latest | grep -i tag_name | cut -d v -f 2 | tr -d '",')" 18 | 19 | # determine the CPU architecture of the Mac 20 | UNAME_MACHINE="$(/usr/bin/uname -m)" 21 | 22 | # download x64 version by default 23 | ARCH="x64" 24 | 25 | # unless on Apple Silicon 26 | if [[ "${UNAME_MACHINE}" == "arm64" ]] 27 | then 28 | # download ARM/Apple Silicon version 29 | ARCH="arm64" 30 | fi 31 | 32 | # build the download URL for the latest version, proper architecture 33 | PKGURL=$(printf "https://github.com/PowerShell/PowerShell/releases/download/v%s/powershell-%s-osx-%s.pkg" {$LATESTVERSION,$LATESTVERSION,$ARCH}) 34 | 35 | echo "Downloading version ${LATESTVERSION} of PowerShell from ${PKGURL}" 36 | 37 | # make a temp folder for the installer 38 | PKGDIR="/tmp/PowerShell-${LATESTVERSION}/" 39 | 40 | mkdir -p "${PKGDIR}" 41 | 42 | # download, output error on failure. 43 | curl -L -o "${PKGDIR}/install.pkg" "${PKGURL}" && installer -pkg "${PKGDIR}/install.pkg" -target / || echo "ERROR downloading PowerShell. Check the URL."; exit 1 44 | -------------------------------------------------------------------------------- /Mac-Install-Nudge.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | # Original source: https://github.com/rs1278/macOSinstallers/tree/main/Installers/Nudge 8 | 9 | # This script determines the latest version of the Nudge installer, downloads and 10 | # installs it. The optional LaunchAgent is also installed. The intent is to trigger Nudge 11 | # by use of a scheduled task or script check. See the Getting Started guide for more info: 12 | # https://github.com/macadmins/nudge/wiki/Getting-Started 13 | 14 | # For ADM deployment, install the profile "Nudge-configuration.mobileconfig" as well. 15 | 16 | # Variables 17 | nudgeLatestURL="https://github.com/macadmins/nudge/releases/latest/" 18 | versionUrl=$(curl "${nudgeLatestURL}" -s -L -I -o /dev/null -w '%{url_effective}') 19 | versionNumber=$(printf "%s" "${versionUrl[@]}" | sed 's@.*/@@' | sed 's/%20/-/g') 20 | versionNumber=${versionNumber:1} 21 | 22 | downloadUrl="https://github.com/macadmins/nudge/releases/download/v$versionNumber/Nudge-$versionNumber.pkg" 23 | #header="$(curl -sI "$downloadUrl" | tr -d '\r')" 24 | pkgName=$(printf "%s" "${downloadUrl[@]}" | sed 's@.*/@@' | sed 's/%20/-/g') 25 | pkgPath="/tmp/$pkgName" 26 | 27 | downloadUrl2="https://github.com/macadmins/nudge/releases/download/v$versionNumber/Nudge_LaunchAgent-1.0.0.pkg" 28 | pkgName2=$(printf "%s" "${downloadUrl2[@]}" | sed 's@.*/@@' | sed 's/%20/-/g') 29 | pkgPath2="/tmp/$pkgName2" 30 | 31 | # Download files 32 | /usr/bin/curl -sL -o "$pkgPath" "$downloadUrl" 33 | /usr/bin/curl -sL -o "$pkgPath2" "$downloadUrl2" 34 | 35 | # Install PKGs 36 | installer -pkg "$pkgPath" -target / 37 | installer -pkg "$pkgPath2" -target / 38 | 39 | # Delete PKGs 40 | /bin/rm "$pkgPath" 41 | /bin/rm "$pkgPath2" 42 | 43 | exit 0 44 | 45 | -------------------------------------------------------------------------------- /Mac-Install-PKG-from-URL.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # Most Mac applications can be installed from the command line via .pkg file. This script 8 | # requires the location of a .pkg (either as http://, https://, ftp:// or a local file:// 9 | # URL), then downloads it and installs it. 10 | 11 | # To create your own payloads to install in this way, see 12 | # https://autopkg.github.io/autopkg and https://github.com/lindegroup/autopkgr 13 | 14 | 15 | 16 | # Required parameter: 17 | PKGTOINSTALL=$1 18 | 19 | # This looks for a valid URL to a .pkg 20 | # This is an example of how regular expressions can be either beautiful or hideous. Or both. 21 | URLregex='^(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]\.[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[\.pkg|\.PKG]$' 22 | 23 | PKGPath=$(date "+%Y%m%d.%H%M") 24 | 25 | if [ $# -gt 1 ] 26 | then 27 | echo "[Error] Too many arguments. This script can only process one URL at a time." 28 | exit 1 29 | elif [ -n "$PKGTOINSTALL" ] 30 | then 31 | if ! [[ $PKGTOINSTALL =~ $URLregex ]] 32 | then 33 | 34 | echo "[Error] The value you entered is not a valid URL." 35 | echo " - Make sure to include the protocol (\"http://\" \"https://\" or \"ftp://\")" 36 | echo " - URL must point to a .pkg file." 37 | else 38 | echo "Downloading $PKGTOINSTALL to /tmp/$PKGPath/" 39 | 40 | mkdir "/tmp/${PKGPath}/" 41 | cd "/tmp/${PKGPath}/" || exit 2 42 | 43 | PKGFile=$(curl -sSL -f -O "${PKGTOINSTALL}" -w %{filename_effective}) 44 | 45 | echo "Installing ${PKGFile}" 46 | 47 | installer -pkg "/tmp/${PKGPath}/${PKGFile}" -target / 48 | 49 | fi 50 | else 51 | 52 | echo "[Error] This script requires one argument: the URL of a PKG file to install." 53 | exit 1 54 | fi 55 | -------------------------------------------------------------------------------- /Mac-Install-SentinelOne.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | PKGPATH=[PATH_TO_PKG] 7 | TOKEN=["Your Site Token"] 8 | 9 | # Install SentinelOne from a downloaded PKG file. 10 | /usr/sbin/installer -pkg $PKGPATH -target / 11 | sleep 3 12 | 13 | # Registers SentinelOne with your product token 14 | /usr/local/bin/sentinelctl set registration-token -- $TOKEN 15 | 16 | -------------------------------------------------------------------------------- /Mac-Installed-Applications-List.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | system_profiler SPApplicationsDataType 7 | 8 | -------------------------------------------------------------------------------- /Mac-Launch-URL.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # Open a URL in the default web browser, as the current logged-in user. 8 | # (eg, to enforce a compliance issue, ask user to log into SSO, etc) 9 | 10 | currentUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ { print $3 }' ) 11 | 12 | echo "Running as ${currentUser}" 13 | 14 | if [ "$currentUser" == "loginwindow" ] 15 | then 16 | echo "[Error] No logged in user." 17 | exit 1 18 | fi 19 | 20 | # Required parameter: 21 | URL=$1 22 | 23 | # This looks for a valid URL in the form http://example.tld 24 | URLregex='^(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]\.[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]$' 25 | 26 | if [ $# -eq 0 ] || [ $# -gt 2 ] 27 | then 28 | echo "[Error] Wrong number of arguments. This script requires the URL to open, and optionally the name of the browser to open it with." 29 | exit 1 30 | 31 | else 32 | 33 | if ! [[ $URL =~ $URLregex ]] 34 | then 35 | echo "[Error] The value you entered is not a valid URL." 36 | echo " - Make sure to include the protocol (\"http://\" \"https://\" or \"ftp://\")" 37 | else 38 | 39 | if [ -n "$2" ] 40 | then 41 | sudo -u "$currentUser" open -a "${2}" "${URL}" &>/dev/null && echo "Launching ${URL} with browser ${2}" || echo "[Error] Something went wrong. Check the name of the app \"${2}\""; exit 1 42 | else 43 | sudo -u "$currentUser" open "${URL}" && echo "Launching ${URL} with default browser" || echo "[Error] Something went wrong."; exit 1 44 | fi 45 | fi 46 | fi 47 | -------------------------------------------------------------------------------- /Mac-List-Printers.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | # Mac Printer List - Returns a list of the printers configured on the computer, with the 8 | # printer name and PPD for each 9 | 10 | system_profiler SPPrintersDataType | grep -E ':$|PPD' 11 | -------------------------------------------------------------------------------- /Mac-Local-or-AD-User.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | # Logs to output whether the current logged-in user is a local user on the device, 8 | # or an Active Directory domain user. Fails if there is no logged in user. 9 | 10 | 11 | currentUser=$(stat -f "%S"u /dev/console ) 12 | 13 | if [ "$currentUser" == "LoginWindow" ] 14 | then 15 | echo "No logged in user." 16 | exit 1001 17 | else 18 | if dscl . -read "/Users/$currentUser" OriginalNodeName 2>&1 | grep -q "No such key" 19 | then 20 | accountType="Local User" 21 | else 22 | accountType="Domain User" 23 | fi 24 | 25 | echo "$currentUser account type: $accountType" 26 | 27 | fi 28 | 29 | -------------------------------------------------------------------------------- /Mac-MAU-Use-Local-Cache.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Point Microsoft 365 automatic update process to download installers from local cache. Allows admins to manage which updates are available to install, and reduces bandwidth use. 7 | # Requires a web server to act as the MAU Cache Server. See https://macadmins.software/docs/MAU_CachingServer.pdf for instructions 8 | 9 | # URL should end with / 10 | CACHESERVER=[YOUR SERVER URL INCLUDING HTTP://] 11 | 12 | defaults write com.microsoft.autoupdate2 UpdateCache -string '$CACHESERVER' 13 | -------------------------------------------------------------------------------- /Mac-Pending-Update-Check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | # Script check to alert on Apple updates marked "pending". 8 | 9 | OSVERSION=$(defaults read /System/Library/CoreServices/SystemVersion ProductVersion | awk '{print $1}') 10 | 11 | OSMAJOR=$(echo "${OSVERSION}" | cut -d . -f1) 12 | #OSMINOR=$(echo "${OSVERSION}" | cut -d . -f2) 13 | 14 | # check pending updates 15 | if [[ $OSMAJOR -lt 11 ]] 16 | then 17 | # 10x 18 | pendingUpdates=$(defaults read /Library/Updates/index.plist InstallAtLogout | grep -c "[A-Za-z0-9]") 19 | else 20 | # >10 - number of assets downloaded 21 | pendingUpdates=$(find /System/Library/AssetsV2/com_apple_MobileAsset_MacSoftwareUpdate/ -type d -d 1 | grep -c -i "asset") 22 | fi 23 | 24 | if [[ $pendingUpdates -gt 0 ]] 25 | then 26 | echo "There are $pendingUpdates updates pending." 27 | exit 1001 28 | else 29 | echo "No updates pending." 30 | exit 0 31 | fi 32 | 33 | -------------------------------------------------------------------------------- /Mac-Remove-Installomator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # Removes Installomator. 8 | 9 | # For more information, see: 10 | # https://scriptingosx.com/2020/05/introducing-installomator/ 11 | 12 | # This script based on: 13 | # https://github.com/Installomator/Installomator/blob/dev/MDM/RemoveInstallomator.sh 14 | 15 | pkgutil --forget "com.scriptingosx.Installomator" 16 | rm /usr/local/Installomator/Installomator.sh 17 | rmdir /usr/local/Installomator 18 | -------------------------------------------------------------------------------- /Mac-Reset-0365-Activation-Email.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Reset Office365 activation email address. Useful when installation fails, or user's SSO email changes. 7 | 8 | defaults delete com.microsoft.office OfficeActivationEmailAddress 9 | -------------------------------------------------------------------------------- /Mac-Reset-Print-System.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # Occasionally, a job in the print queue on the Mac will get stuck, and nothing will 8 | # print until it's either deleted or fixed. Print jobs will pile up behind it, and 9 | # memory and drive space start getting eaten up. The easiest way to fix this situation 10 | # is by resetting the print queue. Note: In versions of MacOS prior to Catalina (10.15) 11 | # this requires the GUI. 12 | 13 | OSVERSION=$(defaults read /System/Library/CoreServices/SystemVersion ProductVersion | awk '{print $1}') 14 | 15 | OSMAJOR=$(echo "${OSVERSION}" | cut -d . -f1) 16 | OSMINOR=$(echo "${OSVERSION}" | cut -d . -f2) 17 | 18 | if [[ $OSMAJOR -lt 11 ]] && [[ $OSMINOR -lt 15 ]] 19 | then 20 | echo "Requires MacOS Catalina 10.15 or higher." 21 | exit 1 22 | else 23 | /System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool --reset -f 24 | fi 25 | -------------------------------------------------------------------------------- /Mac-Reset-TCC.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | UsersList=$(dscl /Local/Default -list /Users | egrep -v '^_.+|root') 8 | 9 | for UserName in ${=UsersList} 10 | do 11 | if dseditgroup -o checkmember -m "$UserName" "staff" 1>/dev/null 12 | then 13 | StaffList=$(printf "%s %s" "$StaffList" "$UserName") 14 | fi 15 | done 16 | 17 | 18 | 19 | 20 | # This will reset the user-approved or -denied PPPC settings for the system. It will not 21 | # affect MDM overridden TCC profiles. 22 | 23 | # The following service names are available to reset with TCC Utility: 24 | 25 | # All 26 | # Accessibility 27 | # AddressBook 28 | # AlwaysAllowedService.AppleEvents 29 | # AppleEvents 30 | # BluetoothAlways 31 | # BluetoothPeripheral 32 | # BluetoothWhileInUse 33 | # Calendar 34 | # Calls 35 | # Camera 36 | # ContactsFull 37 | # ContactsLimited 38 | # DeveloperTool 39 | # ExposureNotification 40 | # ExposureNotificationRegion 41 | # FaceID 42 | # Facebook 43 | # FallDetection 44 | # FileProviderDomain 45 | # FileProviderPresence 46 | # FocusStatus 47 | # GameCenterFriends 48 | # KeyboardNetwork 49 | # LinkedIn 50 | # ListenEvent 51 | # Liverpool 52 | # MSO 53 | # MediaLibrary 54 | # Microphone 55 | # Motion 56 | # NearbyInteraction 57 | # Photos 58 | # PhotosAdd 59 | # PostEvent 60 | # Prototype3Rights 61 | # Prototype4Rights 62 | # Reminders 63 | # ScreenCapture 64 | # SensorKitAmbientLightSensor 65 | # SensorKitBedSensing 66 | # SensorKitBedSensingWriting 67 | # SensorKitDeviceUsage 68 | # SensorKitElevation 69 | # SensorKitFacialMetrics 70 | # SensorKitForegroundAppCategory 71 | # SensorKitKeyboardMetrics 72 | # SensorKitLocationMetrics 73 | # SensorKitMessageUsage 74 | # SensorKitMotion 75 | # SensorKitMotionHeartRate 76 | # SensorKitOdometer 77 | # SensorKitPedometer 78 | # SensorKitPhoneUsage 79 | # SensorKitSoundDetection 80 | # SensorKitSpeechMetrics 81 | # SensorKitStrideCalibration 82 | # SensorKitWatchAmbientLightSensor 83 | # SensorKitWatchFallStats 84 | # SensorKitWatchForegroundAppCategory 85 | # SensorKitWatchHeartRate 86 | # SensorKitWatchMotion 87 | # SensorKitWatchOnWristState 88 | # SensorKitWatchPedometer 89 | # SensorKitWatchSpeechMetrics 90 | # ShareKit 91 | # SinaWeibo 92 | # Siri 93 | # SpeechRecognition 94 | # SystemPolicyAllFiles 95 | # SystemPolicyDesktopFolder 96 | # SystemPolicyDeveloperFiles 97 | # SystemPolicyDocumentsFolder 98 | # SystemPolicyDownloadsFolder 99 | # SystemPolicyNetworkVolumes 100 | # SystemPolicyRemovableVolumes 101 | # SystemPolicySysAdminFiles 102 | # TencentWeibo 103 | # Twitter 104 | # Ubiquity 105 | # UserAvailability 106 | # UserTracking 107 | # WebKitIntelligentTrackingPrevention 108 | # Willow 109 | 110 | ServiceNames="All Accessibility AddressBook AlwaysAllowedService.AppleEvents AppleEvents BluetoothAlways BluetoothPeripheral BluetoothWhileInUse Calendar Calls Camera ContactsFull ContactsLimited DeveloperTool ExposureNotification ExposureNotificationRegion FaceID Facebook FallDetection FileProviderDomain FileProviderPresence FocusStatus GameCenterFriends KeyboardNetwork LinkedIn ListenEvent Liverpool MSO MediaLibrary Microphone Motion NearbyInteraction Photos PhotosAdd PostEvent Prototype3Rights Prototype4Rights Reminders ScreenCapture SensorKitAmbientLightSensor SensorKitBedSensing SensorKitBedSensingWriting SensorKitDeviceUsage SensorKitElevation SensorKitFacialMetrics SensorKitForegroundAppCategory SensorKitKeyboardMetrics SensorKitLocationMetrics SensorKitMessageUsage SensorKitMotion SensorKitMotionHeartRate SensorKitOdometer SensorKitPedometer SensorKitPhoneUsage SensorKitSoundDetection SensorKitSpeechMetrics SensorKitStrideCalibration SensorKitWatchAmbientLightSensor SensorKitWatchFallStats SensorKitWatchForegroundAppCategory SensorKitWatchHeartRate SensorKitWatchMotion SensorKitWatchOnWristState SensorKitWatchPedometer SensorKitWatchSpeechMetrics ShareKit SinaWeibo Siri SpeechRecognition SystemPolicyAllFiles SystemPolicyDesktopFolder SystemPolicyDeveloperFiles SystemPolicyDocumentsFolder SystemPolicyDownloadsFolder SystemPolicyNetworkVolumes SystemPolicyRemovableVolumes SystemPolicySysAdminFiles TencentWeibo Twitter Ubiquity UserAvailability UserTracking WebKitIntelligentTrackingPrevention Willow" 111 | 112 | if [ -z "$1" ] 113 | then 114 | echo "Service name or \"All\" required. Note: Service name is case sensitive." 115 | exit 1 116 | fi 117 | 118 | if [[ $ServiceNames =~ "$1" ]] 119 | then 120 | if [ -z "$2" ] 121 | then 122 | # resets the TCC database for $service 123 | tccutil reset "$1" 124 | for LocalUser in ${=StaffList} 125 | do 126 | sudo -u "$LocalUser" tccutil reset "$1" > /dev/null 127 | done 128 | else 129 | tccutil reset "$1" "$2" 130 | for LocalUser in ${=StaffList} 131 | do 132 | sudo -u "$LocalUser" tccutil reset "$1" "$2" > /dev/null 133 | done 134 | fi 135 | else 136 | echo "Unrecognized service name: $1" 137 | exit 1 138 | fi 139 | -------------------------------------------------------------------------------- /Mac-Reset-Timezone.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Set a custom NTP server, and set the Mac to sync the clock automatically. Useful if the default NTP server (time.apple.com) is unreachable due to firewall rules. 7 | NTPSERVER=[NTP SERVER ADDRESS] 8 | 9 | # Set clock timezone, regardless of location. Useful when MacOS changes timezone based on VPN IP address. 10 | TIMEZONE=[SELECT A TIMEZONE ENTRY] 11 | 12 | # Valid settings for timezone entry: 13 | # Africa/Abidjan 14 | # Africa/Accra 15 | # Africa/Addis_Ababa 16 | # Africa/Algiers 17 | # Africa/Asmara 18 | # Africa/Bamako 19 | # Africa/Bangui 20 | # Africa/Banjul 21 | # Africa/Bissau 22 | # Africa/Blantyre 23 | # Africa/Brazzaville 24 | # Africa/Bujumbura 25 | # Africa/Cairo 26 | # Africa/Casablanca 27 | # Africa/Ceuta 28 | # Africa/Conakry 29 | # Africa/Dakar 30 | # Africa/Dar_es_Salaam 31 | # Africa/Djibouti 32 | # Africa/Douala 33 | # Africa/El_Aaiun 34 | # Africa/Freetown 35 | # Africa/Gaborone 36 | # Africa/Harare 37 | # Africa/Johannesburg 38 | # Africa/Juba 39 | # Africa/Kampala 40 | # Africa/Khartoum 41 | # Africa/Kigali 42 | # Africa/Kinshasa 43 | # Africa/Lagos 44 | # Africa/Libreville 45 | # Africa/Lome 46 | # Africa/Luanda 47 | # Africa/Lubumbashi 48 | # Africa/Lusaka 49 | # Africa/Malabo 50 | # Africa/Maputo 51 | # Africa/Maseru 52 | # Africa/Mbabane 53 | # Africa/Mogadishu 54 | # Africa/Monrovia 55 | # Africa/Nairobi 56 | # Africa/Ndjamena 57 | # Africa/Niamey 58 | # Africa/Nouakchott 59 | # Africa/Ouagadougou 60 | # Africa/Porto-Novo 61 | # Africa/Sao_Tome 62 | # Africa/Tripoli 63 | # Africa/Tunis 64 | # Africa/Windhoek 65 | # America/Adak 66 | # America/Anchorage 67 | # America/Anguilla 68 | # America/Antigua 69 | # America/Araguaina 70 | # America/Argentina/Buenos_Aires 71 | # America/Argentina/Catamarca 72 | # America/Argentina/Cordoba 73 | # America/Argentina/Jujuy 74 | # America/Argentina/La_Rioja 75 | # America/Argentina/Mendoza 76 | # America/Argentina/Rio_Gallegos 77 | # America/Argentina/Salta 78 | # America/Argentina/San_Juan 79 | # America/Argentina/San_Luis 80 | # America/Argentina/Tucuman 81 | # America/Argentina/Ushuaia 82 | # America/Aruba 83 | # America/Asuncion 84 | # America/Atikokan 85 | # America/Bahia 86 | # America/Bahia_Banderas 87 | # America/Barbados 88 | # America/Belem 89 | # America/Belize 90 | # America/Blanc-Sablon 91 | # America/Boa_Vista 92 | # America/Bogota 93 | # America/Boise 94 | # America/Cambridge_Bay 95 | # America/Campo_Grande 96 | # America/Cancun 97 | # America/Caracas 98 | # America/Cayenne 99 | # America/Cayman 100 | # America/Chicago 101 | # America/Chihuahua 102 | # America/Costa_Rica 103 | # America/Creston 104 | # America/Cuiaba 105 | # America/Curacao 106 | # America/Danmarkshavn 107 | # America/Dawson 108 | # America/Dawson_Creek 109 | # America/Denver 110 | # America/Detroit 111 | # America/Dominica 112 | # America/Edmonton 113 | # America/Eirunepe 114 | # America/El_Salvador 115 | # America/Fort_Nelson 116 | # America/Fortaleza 117 | # America/Glace_Bay 118 | # America/Godthab 119 | # America/Goose_Bay 120 | # America/Grand_Turk 121 | # America/Grenada 122 | # America/Guadeloupe 123 | # America/Guatemala 124 | # America/Guayaquil 125 | # America/Guyana 126 | # America/Halifax 127 | # America/Havana 128 | # America/Hermosillo 129 | # America/Indiana/Indianapolis 130 | # America/Indiana/Knox 131 | # America/Indiana/Marengo 132 | # America/Indiana/Petersburg 133 | # America/Indiana/Tell_City 134 | # America/Indiana/Vevay 135 | # America/Indiana/Vincennes 136 | # America/Indiana/Winamac 137 | # America/Inuvik 138 | # America/Iqaluit 139 | # America/Jamaica 140 | # America/Juneau 141 | # America/Kentucky/Louisville 142 | # America/Kentucky/Monticello 143 | # America/Kralendijk 144 | # America/La_Paz 145 | # America/Lima 146 | # America/Los_Angeles 147 | # America/Lower_Princes 148 | # America/Maceio 149 | # America/Managua 150 | # America/Manaus 151 | # America/Marigot 152 | # America/Martinique 153 | # America/Matamoros 154 | # America/Mazatlan 155 | # America/Menominee 156 | # America/Merida 157 | # America/Metlakatla 158 | # America/Mexico_City 159 | # America/Miquelon 160 | # America/Moncton 161 | # America/Monterrey 162 | # America/Montevideo 163 | # America/Montreal 164 | # America/Montserrat 165 | # America/Nassau 166 | # America/New_York 167 | # America/Nipigon 168 | # America/Nome 169 | # America/Noronha 170 | # America/North_Dakota/Beulah 171 | # America/North_Dakota/Center 172 | # America/North_Dakota/New_Salem 173 | # America/Nuuk 174 | # America/Ojinaga 175 | # America/Panama 176 | # America/Pangnirtung 177 | # America/Paramaribo 178 | # America/Phoenix 179 | # America/Port-au-Prince 180 | # America/Port_of_Spain 181 | # America/Porto_Velho 182 | # America/Puerto_Rico 183 | # America/Punta_Arenas 184 | # America/Rainy_River 185 | # America/Rankin_Inlet 186 | # America/Recife 187 | # America/Regina 188 | # America/Resolute 189 | # America/Rio_Branco 190 | # America/Santa_Isabel 191 | # America/Santarem 192 | # America/Santiago 193 | # America/Santo_Domingo 194 | # America/Sao_Paulo 195 | # America/Scoresbysund 196 | # America/Shiprock 197 | # America/Sitka 198 | # America/St_Barthelemy 199 | # America/St_Johns 200 | # America/St_Kitts 201 | # America/St_Lucia 202 | # America/St_Thomas 203 | # America/St_Vincent 204 | # America/Swift_Current 205 | # America/Tegucigalpa 206 | # America/Thule 207 | # America/Thunder_Bay 208 | # America/Tijuana 209 | # America/Toronto 210 | # America/Tortola 211 | # America/Vancouver 212 | # America/Whitehorse 213 | # America/Winnipeg 214 | # America/Yakutat 215 | # America/Yellowknife 216 | # Antarctica/Casey 217 | # Antarctica/Davis 218 | # Antarctica/DumontDUrville 219 | # Antarctica/Macquarie 220 | # Antarctica/Mawson 221 | # Antarctica/McMurdo 222 | # Antarctica/Palmer 223 | # Antarctica/Rothera 224 | # Antarctica/South_Pole 225 | # Antarctica/Syowa 226 | # Antarctica/Troll 227 | # Antarctica/Vostok 228 | # Arctic/Longyearbyen 229 | # Asia/Aden 230 | # Asia/Almaty 231 | # Asia/Amman 232 | # Asia/Anadyr 233 | # Asia/Aqtau 234 | # Asia/Aqtobe 235 | # Asia/Ashgabat 236 | # Asia/Atyrau 237 | # Asia/Baghdad 238 | # Asia/Bahrain 239 | # Asia/Baku 240 | # Asia/Bangkok 241 | # Asia/Barnaul 242 | # Asia/Beirut 243 | # Asia/Bishkek 244 | # Asia/Brunei 245 | # Asia/Calcutta 246 | # Asia/Chita 247 | # Asia/Choibalsan 248 | # Asia/Chongqing 249 | # Asia/Colombo 250 | # Asia/Damascus 251 | # Asia/Dhaka 252 | # Asia/Dili 253 | # Asia/Dubai 254 | # Asia/Dushanbe 255 | # Asia/Famagusta 256 | # Asia/Gaza 257 | # Asia/Harbin 258 | # Asia/Hebron 259 | # Asia/Ho_Chi_Minh 260 | # Asia/Hong_Kong 261 | # Asia/Hovd 262 | # Asia/Irkutsk 263 | # Asia/Jakarta 264 | # Asia/Jayapura 265 | # Asia/Jerusalem 266 | # Asia/Kabul 267 | # Asia/Kamchatka 268 | # Asia/Karachi 269 | # Asia/Kashgar 270 | # Asia/Kathmandu 271 | # Asia/Katmandu 272 | # Asia/Khandyga 273 | # Asia/Krasnoyarsk 274 | # Asia/Kuala_Lumpur 275 | # Asia/Kuching 276 | # Asia/Kuwait 277 | # Asia/Macau 278 | # Asia/Magadan 279 | # Asia/Makassar 280 | # Asia/Manila 281 | # Asia/Muscat 282 | # Asia/Nicosia 283 | # Asia/Novokuznetsk 284 | # Asia/Novosibirsk 285 | # Asia/Omsk 286 | # Asia/Oral 287 | # Asia/Phnom_Penh 288 | # Asia/Pontianak 289 | # Asia/Pyongyang 290 | # Asia/Qatar 291 | # Asia/Qostanay 292 | # Asia/Qyzylorda 293 | # Asia/Rangoon 294 | # Asia/Riyadh 295 | # Asia/Sakhalin 296 | # Asia/Samarkand 297 | # Asia/Seoul 298 | # Asia/Shanghai 299 | # Asia/Singapore 300 | # Asia/Srednekolymsk 301 | # Asia/Taipei 302 | # Asia/Tashkent 303 | # Asia/Tbilisi 304 | # Asia/Tehran 305 | # Asia/Thimphu 306 | # Asia/Tokyo 307 | # Asia/Tomsk 308 | # Asia/Ulaanbaatar 309 | # Asia/Urumqi 310 | # Asia/Ust-Nera 311 | # Asia/Vientiane 312 | # Asia/Vladivostok 313 | # Asia/Yakutsk 314 | # Asia/Yangon 315 | # Asia/Yekaterinburg 316 | # Asia/Yerevan 317 | # Atlantic/Azores 318 | # Atlantic/Bermuda 319 | # Atlantic/Canary 320 | # Atlantic/Cape_Verde 321 | # Atlantic/Faroe 322 | # Atlantic/Madeira 323 | # Atlantic/Reykjavik 324 | # Atlantic/South_Georgia 325 | # Atlantic/St_Helena 326 | # Atlantic/Stanley 327 | # Australia/Adelaide 328 | # Australia/Brisbane 329 | # Australia/Broken_Hill 330 | # Australia/Currie 331 | # Australia/Darwin 332 | # Australia/Eucla 333 | # Australia/Hobart 334 | # Australia/Lindeman 335 | # Australia/Lord_Howe 336 | # Australia/Melbourne 337 | # Australia/Perth 338 | # Australia/Sydney 339 | # Europe/Amsterdam 340 | # Europe/Andorra 341 | # Europe/Astrakhan 342 | # Europe/Athens 343 | # Europe/Belgrade 344 | # Europe/Berlin 345 | # Europe/Bratislava 346 | # Europe/Brussels 347 | # Europe/Bucharest 348 | # Europe/Budapest 349 | # Europe/Busingen 350 | # Europe/Chisinau 351 | # Europe/Copenhagen 352 | # Europe/Dublin 353 | # Europe/Gibraltar 354 | # Europe/Guernsey 355 | # Europe/Helsinki 356 | # Europe/Isle_of_Man 357 | # Europe/Istanbul 358 | # Europe/Jersey 359 | # Europe/Kaliningrad 360 | # Europe/Kiev 361 | # Europe/Kirov 362 | # Europe/Lisbon 363 | # Europe/Ljubljana 364 | # Europe/London 365 | # Europe/Luxembourg 366 | # Europe/Madrid 367 | # Europe/Malta 368 | # Europe/Mariehamn 369 | # Europe/Minsk 370 | # Europe/Monaco 371 | # Europe/Moscow 372 | # Europe/Oslo 373 | # Europe/Paris 374 | # Europe/Podgorica 375 | # Europe/Prague 376 | # Europe/Riga 377 | # Europe/Rome 378 | # Europe/Samara 379 | # Europe/San_Marino 380 | # Europe/Sarajevo 381 | # Europe/Saratov 382 | # Europe/Simferopol 383 | # Europe/Skopje 384 | # Europe/Sofia 385 | # Europe/Stockholm 386 | # Europe/Tallinn 387 | # Europe/Tirane 388 | # Europe/Ulyanovsk 389 | # Europe/Uzhgorod 390 | # Europe/Vaduz 391 | # Europe/Vatican 392 | # Europe/Vienna 393 | # Europe/Vilnius 394 | # Europe/Volgograd 395 | # Europe/Warsaw 396 | # Europe/Zagreb 397 | # Europe/Zaporozhye 398 | # Europe/Zurich 399 | # GMT 400 | # Indian/Antananarivo 401 | # Indian/Chagos 402 | # Indian/Christmas 403 | # Indian/Cocos 404 | # Indian/Comoro 405 | # Indian/Kerguelen 406 | # Indian/Mahe 407 | # Indian/Maldives 408 | # Indian/Mauritius 409 | # Indian/Mayotte 410 | # Indian/Reunion 411 | # Pacific/Apia 412 | # Pacific/Auckland 413 | # Pacific/Bougainville 414 | # Pacific/Chatham 415 | # Pacific/Chuuk 416 | # Pacific/Easter 417 | # Pacific/Efate 418 | # Pacific/Enderbury 419 | # Pacific/Fakaofo 420 | # Pacific/Fiji 421 | # Pacific/Funafuti 422 | # Pacific/Galapagos 423 | # Pacific/Gambier 424 | # Pacific/Guadalcanal 425 | # Pacific/Guam 426 | # Pacific/Honolulu 427 | # Pacific/Johnston 428 | # Pacific/Kiritimati 429 | # Pacific/Kosrae 430 | # Pacific/Kwajalein 431 | # Pacific/Majuro 432 | # Pacific/Marquesas 433 | # Pacific/Midway 434 | # Pacific/Nauru 435 | # Pacific/Niue 436 | # Pacific/Norfolk 437 | # Pacific/Noumea 438 | # Pacific/Pago_Pago 439 | # Pacific/Palau 440 | # Pacific/Pitcairn 441 | # Pacific/Pohnpei 442 | # Pacific/Ponape 443 | # Pacific/Port_Moresby 444 | # Pacific/Rarotonga 445 | # Pacific/Saipan 446 | # Pacific/Tahiti 447 | # Pacific/Tarawa 448 | # Pacific/Tongatapu 449 | # Pacific/Truk 450 | # Pacific/Wake 451 | # Pacific/Wallis 452 | 453 | 454 | # Set clock timezone, regardless of location. Useful when MacOS changes timezone based on VPN IP address. 455 | systemsetup -settimezone $TIMEZONE 456 | 457 | # set Mac to use specified server 458 | systemsetup -setnetworktimeserver $NTPSERVER 459 | 460 | # set Mac to sync time to server automatically 461 | systemsetup -setusingnetworktime on 462 | 463 | # sync time now 464 | sntp -sS $NTPSERVER 465 | -------------------------------------------------------------------------------- /Mac-Restricted-Developers.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | # Every app installed on the Mac should be signed by its developer in order to run. 8 | # And each developer or software vendor has a unique Developer ID, with which all of 9 | # their apps are signed. Occasionally, a developer will be found to have been breached 10 | # or their apps found to be malicious or otherwise insecure. Apple will usually pull 11 | # the affected apps from the App Store, or add them to an exclusion list in Gatekeeper 12 | # or XProtect. This often takes some time, and may not effectively block or remove 13 | # installers distributed outside the App Store. 14 | 15 | # This script identifies all the apps currently installed on a Mac, and checks their 16 | # Developer IDs agains a list of developers that have been identified as potentially 17 | # malicious. The default list is inspired by this article: 18 | # https://privacyis1st.medium.com/abuse-of-the-mac-appstore-investigation-6151114bb10e 19 | 20 | # You can research and add your own exclusions by downloading ane examining an installer 21 | # PKG or DMG or an already-installed app with this command: 22 | # codesign -d -v path/to/pkg/or/app 23 | 24 | # Example, to block multiplayer games published on Steam: 25 | # Steam.app, by Valve Corporation: MXGJJ98X76 26 | 27 | # Add the ID MXGJJ98X76 to the list "RestrictedDevs" 28 | 29 | 30 | RestrictedDevs=(WJMTXR4JNU 6N53BTGWL7 QL99V46A4M B2MV8Q5A9K 33CT73RPKY 9ZXZ48W276) 31 | 32 | 33 | 34 | exitcode=0 35 | 36 | # identify apps installed on system 37 | AllApps=$(system_profiler SPApplicationsDataType) 38 | 39 | old_ifs="$IFS" 40 | IFS=$'\n' 41 | 42 | # for each, get the teamidentifier for the signing developer 43 | 44 | while read -r TeamID 45 | do 46 | # compare to list of "suspicious" teamids 47 | 48 | if [[ "${RestrictedDevs[*]}" =~ ${TeamID} ]] 49 | then 50 | echo "$AllApps" | grep -E "$TeamID" -A 1 51 | ((exitcode++)) 52 | fi 53 | 54 | 55 | done <<< "$(echo "$AllApps" | grep -E 'Signed.+\(.+\)' | awk -F'[()]' '{print $2 "\n"}')" 56 | 57 | IFS="$old_ifs" 58 | 59 | exit "$exitcode" 60 | -------------------------------------------------------------------------------- /Mac-Routine-Maintenance.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | 8 | # This script will determine if it is necessary to run the Mac's built-in maintenance 9 | # scripts. These normally run every day, week, and month - but sometimes are prevented 10 | # or delayed. If the daily scripts haven't run in 2 days, the weekly in 8 days, or the 11 | # monthly in 33 days, then the script triggers them automatically. 12 | 13 | # Alternately, set the first command line parameter to "true" to force the maintenance 14 | # routines to run immediately, regardless of when they were last run. 15 | 16 | # For more detail about the periodic maintenance scripts, see: 17 | # https://www.unix.com/man-page/mojave/8/PERIODIC/ 18 | 19 | forceRun="$1" 20 | 21 | # if daily.out is older than 2 days 22 | if [ -f "/var/log/daily.out" ] 23 | then 24 | dailyOutAge=$((($(date +%s) - $(stat -t %s -f %m -- "/var/log/daily.out")) / 86400)) 25 | else 26 | dailyOutAge=99 27 | fi 28 | echo "Daily last run ${dailyOutAge} days ago." 29 | 30 | # weekly.out older than 1 week 31 | if [ -f "/var/log/weekly.out" ] 32 | then 33 | weeklyOutAge=$((($(date +%s) - $(stat -t %s -f %m -- "/var/log/weekly.out")) / 86400)) 34 | else 35 | weeklyOutAge=99 36 | fi 37 | echo "Weekly last run ${weeklyOutAge} days ago." 38 | 39 | # monthly.out older than 1m 40 | if [ -f "/var/log/monthly.out" ] 41 | then 42 | monthlyOutAge=$((($(date +%s) - $(stat -t %s -f %m -- "/var/log/monthly.out")) / 86400)) 43 | else 44 | monthlyOutAge=99 45 | fi 46 | echo "Monthly last run ${monthlyOutAge} days ago." 47 | 48 | 49 | if [ $dailyOutAge -gt 2 ] || [[ "${forceRun:l}" == "true" ]] 50 | then 51 | echo "Running daily maintenance." 52 | periodic daily 53 | fi 54 | 55 | if [ $weeklyOutAge -gt 8 ] || [[ "${forceRun:l}" == "true" ]] 56 | then 57 | echo "Running weekly maintenance." 58 | periodic weekly 59 | fi 60 | 61 | if [ $monthlyOutAge -gt 33 ] || [[ "${forceRun:l}" == "true" ]] 62 | then 63 | echo "Running monthly maintenance." 64 | periodic monthly 65 | fi 66 | -------------------------------------------------------------------------------- /Mac-SIP-Check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | 8 | # System Integrity Protection (SIP) is integral to the security of macOS. The system 9 | # prevents unauthorized tampering with protected files in various locations on the boot 10 | # volume. Disabling SIP is not recommended, and requires physical access to the machine 11 | # and specific intent to remove the security it provides. It's not something that can be 12 | # done accidentally. 13 | # 14 | # https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection 15 | # 16 | # This script will alert if SIP has been disabled on the Mac, and immediately enable it, 17 | # which requires rebooting. Use with caution, as a sudden reboot can result in the user 18 | # losing any unsaved work. 19 | 20 | # Thanks to Mike Lambert from the MacAdmins Slack for the inspiration and collaboration. 21 | 22 | 23 | 24 | OSVERSION=$(defaults read /System/Library/CoreServices/SystemVersion ProductVersion | awk '{print $1}') 25 | 26 | OSMAJOR=$(echo "${OSVERSION}" | cut -d . -f1) 27 | OSMINOR=$(echo "${OSVERSION}" | cut -d . -f2) 28 | 29 | if [[ $OSMAJOR -lt 11 ]] && [[ $OSMINOR -lt 11 ]] # don't run on anything less than 10.11 30 | then 31 | echo "[ERROR] SIP is only compatible with El Capitan (macOS 10.11) and newer." 32 | exit 1002 33 | fi 34 | 35 | 36 | 37 | RestartTimeout=30 38 | 39 | SIPResult=$(csrutil status | awk '{ print $5 }' | tr -d '.') 40 | 41 | if [[ "$SIPResult" == "enabled" ]]; then 42 | echo "SIP is already enabled. Nothing to do." 43 | exit 0 44 | 45 | else 46 | 47 | echo "[WARNING]: SIP has been disabled. Enabling SIP and restarting now." 48 | /usr/bin/csrutil clear 49 | # functionally the same as csrutil enable, but shouldn't require booting into Recovery mode. 50 | 51 | osascript < "$ListOfSoftwareUpdates" 2>&1 35 | 36 | } 37 | 38 | # is the list already there? 39 | if [ -f $ListOfSoftwareUpdates ] 40 | then 41 | # echo "$ListOfSoftwareUpdates exists." 42 | # if it's there, how old is it? 43 | 44 | ListAge=$((($(date +%s) - $(date -r "$ListOfSoftwareUpdates" +%s))/60 )) 45 | # echo "$ListAge minutes old." 46 | 47 | if [ $ListAge -ge 60 ] 48 | then 49 | # older than an hour 50 | echo "Older than 1 hour, checking for updates again." 51 | checkForSoftwareUpdates 52 | fi 53 | 54 | else 55 | # doesn't exist 56 | echo "$ListOfSoftwareUpdates does not exist. Checking for updates." 57 | checkForSoftwareUpdates 58 | fi 59 | 60 | # check the list for updates requiring restart 61 | RestartRequired=$(grep -B1 -i restart "$ListOfSoftwareUpdates") # updates requiring restart 62 | echo "NOTICE: There are updates that require a restart. These will not be installed:" 63 | printf "%s\n\n" "$RestartRequired" 64 | 65 | # if not empty, then strip out "Restart required" leaving only "Recommended" updates. Otherwise, just get the list of updates that are "recommended" 66 | if [[ $RestartRequired ]] 67 | then 68 | AllUpdates=$(grep -B1 -i recommended "$ListOfSoftwareUpdates" | grep -v -F "$RestartRequired") 69 | else 70 | AllUpdates=$(grep -B1 -i recommended "$ListOfSoftwareUpdates") 71 | fi 72 | 73 | if [ -n "$AllUpdates" ] 74 | then 75 | # finally, remove the information lines and the "label" text, leaving only the list of update packages to install 76 | UpdatesNoRestart=$(echo "$AllUpdates" | grep -v -e "--" | grep -B1 -i recommended | grep -i "Label" | cut -d : -f 2 ) 77 | # send this to softwareupdate -i 78 | 79 | # trims whitespace 80 | UpdatesNoRestart=$(echo "$UpdatesNoRestart" | xargs) 81 | 82 | 83 | # needs quotes, since some updates have spaces in name. 84 | echo "The following updates are available to install:" 85 | echo "$UpdatesNoRestart" 86 | else 87 | echo "No updates available." 88 | exit 0 89 | fi 90 | 91 | 92 | if [[ $1 =~ ["true"|"True"] ]] 93 | then 94 | 95 | echo "Installing updates." 96 | /usr/sbin/softwareupdate -i --verbose "$UpdatesNoRestart" 97 | 98 | fi 99 | -------------------------------------------------------------------------------- /Mac-Standard-to-Admin-Account.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Check your privilege 7 | if [ $(whoami) != "root" ]; then 8 | echo "This script must be run with root/sudo privileges." 9 | exit 1002 10 | fi 11 | 12 | convertAccount="$1" 13 | 14 | if ! id "$convertAccount" 2> /dev/null || [ -z "$1" ] 15 | then 16 | echo "[ERROR] No such user: $convertAccount" 17 | exit 1001 18 | fi 19 | 20 | if /usr/bin/dscl . -read "/groups/admin" GroupMembership | /usr/bin/grep -q "$convertAccount" 21 | then 22 | echo "$convertAccount is already an administrator." 23 | else 24 | if /usr/bin/dscl . -append "/groups/admin" GroupMembership "$convertAccount" 25 | then 26 | echo "$convertAccount now has administrator privileges." 27 | else 28 | echo "[ERROR] Could not grant user $convertAccount administrator privileges." 29 | exit 1003 30 | fi 31 | fi 32 | -------------------------------------------------------------------------------- /Mac-Start-Time-Machine.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # Enable Time Machine, in case it has been disabled by the user or some other process 8 | tmutil enable 9 | 10 | # Start the backup 11 | tmutil startbackup 12 | 13 | -------------------------------------------------------------------------------- /Mac-Stop-Disable-Time-Machine.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # Stop any running backup before disabling Time Machine 8 | tmutil stopbackup 9 | 10 | # Disable Time Machine - prevents new backups and stops the schedule until started manually 11 | tmutil disable 12 | -------------------------------------------------------------------------------- /Mac-Streaming-Warning.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Warns user if they are running bandwidth-hungry apps (eg, Spotify, Pandora, Soundcloud) with a system dialog box. 7 | 8 | # search process list 9 | pgrep -q [RESTRICTED APP NAME]; if [[ $? -eq 0 ]]; then 10 | # display warning if present 11 | osascript -e 'display dialog "Streaming music apps are restricted while connected to this network. Please quit [APPLICATION NAME]" buttons {"I Understand"} default button 1 with icon caution' 12 | fi 13 | -------------------------------------------------------------------------------- /Mac-Task-Quit-Prohibited-App.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | # This script will attempt to gracefully quit a running app. If unsuccessful after a 8 | # set timeout (default 60 seconds) the application will be more forcefully quit. 9 | # 10 | # Note: If the user has unsaved changes or open documents in the prohibited app, this will 11 | # cause them to potentially be corrupted or lost. Use with caution. 12 | 13 | 14 | AppToKill=$1 15 | KillTimeout=$2 16 | 17 | if [ -n "$AppToKill" ] 18 | then 19 | echo "[ERROR] This script requires the name of an app or process to quit." 20 | exit 1002 21 | fi 22 | 23 | if [ -n "$KillTimeout" ] 24 | then 25 | KillTimeout=60 # default 60s timeout 26 | fi 27 | 28 | currentUser=$(stat -f "%S"u /dev/console) 29 | currentUID=$(/usr/bin/id -u "$currentUser") 30 | 31 | if [ "$currentUser" == "LoginWindow" ] 32 | then 33 | echo "No logged in user." 34 | exit 1001 35 | else 36 | # is the application or process running? 37 | if [ $(pgrep -ilf "$AppToKill") ] || [ $(pgrep -ilf "$AppToKill".app) ] 38 | then 39 | echo "Found $AppToKill. Quitting it." 40 | /bin/launchctl asuser "$currentUID" /usr/bin/osascript -e "tell application \"${AppToKill}\" to quit" 41 | fi 42 | 43 | sleep "$KillTimeout" 44 | 45 | # is the application or process *still* running? 46 | if [ $(pgrep -ilf "$AppToKill") ] || [ $(pgrep -ilf "$AppToKill".app) ] 47 | then 48 | echo "$AppToKill still running. Force quitting it." 49 | /usr/bin/pkill -9 -ilf "$AppToKill" 50 | fi 51 | 52 | fi 53 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /Mac-Thermal-Pressure.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | # Mac Thermal Pressure - Instead of reporting specific temperatures and alerts, Apple's 8 | # APIs will return a "pressure" status message. From least to most thermal pressure: 9 | # 10 | # Nominal 11 | # Moderate 12 | # Heavy 13 | # Trapping 14 | # Sleeping 15 | 16 | ThermalPressure=$(powermetrics --samplers thermal -n1 | grep "Current pressure level" | awk 'NF>1{print $NF}') 17 | 18 | case $ThermalPressure in 19 | Nominal | Moderate) 20 | echo "Thermal pressure is $ThermalPressure" 21 | exit 0 22 | ;; 23 | 24 | Heavy | Trapping | Sleeping) 25 | echo "[WARNING] CPU temperature too high: Pressure $ThermalPressure" 26 | exit 1001 27 | ;; 28 | 29 | *) 30 | echo "[ERROR] Unknown error." 31 | exit 1002 32 | esac 33 | -------------------------------------------------------------------------------- /Mac-Thin-Local-Snapshots.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # In some situations, processes will show the system drive as too full to continue. 8 | # It's often the case that the space on the drive is taken up by local snapshots created 9 | # by Time Machine or another process. Deleting these can recover space, but APFS 10 | # snapshots are useful in recovering lost files. Instead of deleting them wholesale, 11 | # we opt to "thin" the oldest snapshots to make room. 12 | 13 | # This script uses the command tmutil to purge local APFS snapshots from the startup drive, 14 | # beginning with the oldest and continuing until no purgeable space remains, or 15 | # 10 gigabytes of space have been recovered, whichever comes first. 16 | 17 | tmutil thinlocalsnapshots / 10000000000000 1 18 | -------------------------------------------------------------------------------- /Mac-Time-Machine-Status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # If your Mac uses Time Machine to perform backups, this will tell you if the backup 8 | # process is idle or working, and if it's working, the percentage completed. 9 | 10 | 11 | if [ "$(defaults read /Library/Preferences/com.apple.TimeMachine AutoBackup)" -eq 0 ] 12 | then 13 | echo "Time Machine backups are disabled." 14 | exit 1 15 | fi 16 | 17 | tmutil latestbackup 18 | 19 | currentPhase="$(tmutil currentphase)" 20 | 21 | case "$currentPhase" in 22 | 23 | BackupNotRunning) 24 | echo "Time Machine is idle." 25 | exit 0 26 | ;; 27 | 28 | MountingBackupVol | MountingBackupVolForHealthCheck | DeletingOldBackups | ThinningPreBackup | Starting) 29 | echo "Time Machine is starting." 30 | exit 0 31 | ;; 32 | 33 | Copying) 34 | echo "Time Machine is copying files to backup." 35 | ;; 36 | 37 | Finishing | ThinningPostBackup) 38 | echo "Time Machine is finishing the backup process." 39 | exit 0 40 | ;; 41 | 42 | HealthCheckCopyHFSMeta | HealthCheckFsck) 43 | echo "Time Machine is verifying and checking your backups." 44 | exit 0 45 | ;; 46 | 47 | *) 48 | echo "An unknown error ocurred." 49 | echo "tmutil returned:" 50 | echo "$currentPhase" 51 | exit 1 52 | ;; 53 | esac 54 | 55 | # get status, look for "Percent=" line, strip anything non numerical or decimal point, truncate at decimal. 56 | percentComplete="$(tmutil status | grep -m1 Percent | tr -cd '0-9.' | cut -f1 -d '.')" 57 | 58 | # if empty, percent = 0 59 | [ "$percentComplete" ] || percentComplete=0 60 | 61 | 62 | echo "Percent Completed: $percentComplete%" 63 | -------------------------------------------------------------------------------- /Mac-Unblock-Monterey.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | # Removes the Monterey Blocker (see: https://github.com/Theile/montereyblocker) 7 | 8 | current_user_uid=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/UID :/ && ! /loginwindow/ { print $3 }' ) 9 | 10 | launchd_item_path="/Library/LaunchAgents/dk.envo-it.montereyblocker.plist" 11 | launchctl bootout gui/${current_user_uid} "${launchd_item_path}" 12 | 13 | rm -f /Library/LaunchAgents/dk.envo-it.montereyblocker.plist 14 | rm -f /usr/local/bin/montereyblocker 15 | 16 | pkgutil --forget dk.envo-it.montereyblocker 17 | -------------------------------------------------------------------------------- /Mac-WFH-ISP-Info.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script is provided AS IS without warranty of any kind. 3 | # https://github.com/Mac-Nerd/Mac-scripts 4 | # ----------------------------------------------------------- 5 | 6 | 7 | # Uses curl to query ipinfo.io API for additional information about the computer's 8 | # public IP address. This will typically provide the ISP name (as "org") as well as 9 | # geolocation information. This can often be helpful in troubleshooting remote users' 10 | # connections, or identify routing issues. 11 | 12 | curl -f https://ipinfo.io/json && printf "\nCOMPLETE." || printf "\nFAILED." 13 | -------------------------------------------------------------------------------- /Mac-WFH-speed-test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script is provided AS IS without warranty of any kind. 4 | # https://github.com/Mac-Nerd/Mac-scripts 5 | # ----------------------------------------------------------- 6 | 7 | 8 | 9 | if [ "$1" ] 10 | then 11 | minimumspeed="$1" 12 | else 13 | minimumspeed=5120 # default minimum ~5 megabits. 14 | fi 15 | 16 | 17 | # Runs a speed test via fast.com API. Takes one parameter of kilobytes per second. 18 | # If bandwidth reports less than that minimum, the check fails. 19 | 20 | tempFile="/tmp/speedcheck.txt" 21 | token=$(curl -s https://fast.com/app-ed402d.js | grep -E -om1 'token:"[^"]+' | cut -f2 -d'"') 22 | 23 | url=$(curl -s "https://api.fast.com/netflix/speedtest?https=true&token=$token&urlCount=1" | grep -E -o 'https[^"]+') 24 | 25 | testURL=${url/speedtest/speedtest\/range\/0-10000}; 26 | 27 | if curl -H 'Referer: https://fast.com/' -H 'Origin: https://fast.com' "$testURL" -o /dev/null 2>&1 | tr -u '\r' '\n' > $tempFile 28 | then 29 | averageDL=$(grep -E '^100' "$tempFile" | tr -u -s "[:space:]" | cut -d ' ' -f7) 30 | echo "Speed reported: $averageDL K/s" 31 | 32 | if [ "$averageDL" -lt "$minimumspeed" ] 33 | then 34 | echo "[WARNING] Bandwidth detected less than minimum $minimumspeed K/s" 35 | exit 1001 36 | else 37 | # echo "Bandwidth sufficient." 38 | exit 0 39 | fi 40 | 41 | else 42 | echo "[ERROR] Unable to reach fast.com" 43 | exit 1002 44 | fi 45 | -------------------------------------------------------------------------------- /N-Central-No-Touch-Install/Scripts/include.sh: -------------------------------------------------------------------------------- 1 | SERVERURL="ncentral.server.url" 2 | NCVERSION="2022.5.0.16" 3 | CUSTOMER_NAME="CASE SENSITIVE NAME" 4 | CUSTOMER_ID=0000 5 | REGISTRATION_TOKEN="" -------------------------------------------------------------------------------- /N-Central-No-Touch-Install/Scripts/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # version 15July2022 4 | 5 | cd "$(dirname "$0")" || return 6 | source "include.sh" 7 | 8 | echo "CUSTOMER NAME: $CUSTOMER_NAME" 9 | echo "REGISTRATION TOKEN: $REGISTRATION_TOKEN" 10 | echo "CUSTOMER ID: $CUSTOMER_ID" 11 | 12 | SECRET_VALUE="*****" 13 | SRC="MacAgentInstallation.dmg" 14 | 15 | #### No edits necessary below this line. #### 16 | 17 | 18 | 19 | # clean up server address if necessary 20 | SERVERURL=$( echo "${SERVERURL}" | awk -F "://" '{if($2) print $2; else print $1;}' ) 21 | SERVERURL=${SERVERURL%/} # strip trailing slash 22 | 23 | echo "SERVER URL: $SERVERURL" 24 | 25 | DMGURL=$(printf "https://%s/download/%s/macosx/N-central/MacAgentInstallation.dmg" "$SERVERURL" "$NCVERSION") 26 | 27 | echo "DMG URL: $DMGURL" 28 | 29 | 30 | if [ ! -d "/tmp/NCENTRAL/" ] ; 31 | then 32 | echo "Creating temp download directory." 33 | mkdir "/tmp/NCENTRAL/" 34 | fi 35 | 36 | 37 | # get the installer pieces 38 | if [ -f "/tmp/NCENTRAL/MacAgentInstallation.dmg" ]; 39 | then 40 | rm "/tmp/NCENTRAL/MacAgentInstallation.dmg" 41 | echo "Removing previous downloaded DMG." 42 | fi 43 | 44 | echo "Downloading DMG" 45 | 46 | 47 | 48 | if ! curl -o "/tmp/NCENTRAL/MacAgentInstallation.dmg" "$DMGURL" 49 | then 50 | echo "ERROR DOWNLOADING $DMGURL" 51 | exit 1 52 | fi 53 | 54 | 55 | 56 | # run the installer script 57 | cd /tmp/NCENTRAL/ || return 58 | 59 | 60 | if [[ ! -f ${SRC} ]]; then 61 | echo "[FATAL ERROR] Disk image ${SRC} does not exists" 62 | exit 1 63 | fi 64 | # Default Values for port and protocol 65 | 66 | SERVER="$SERVERURL" 67 | 68 | if [[ -z ${PORT} ]]; then 69 | PORT=443 70 | fi 71 | if [[ -z ${PROTOCOL} ]]; then 72 | PROTOCOL=https 73 | fi 74 | 75 | 76 | if [[ -z ${SERVER} || -z ${CUSTOMER_NAME} || -z ${CUSTOMER_ID} || -z ${REGISTRATION_TOKEN} ]]; then 77 | echo "[FATAL ERROR] Missing required information." 78 | exit 1 79 | fi 80 | 81 | hdiutil mount "${SRC}" 82 | if [[ ! -d /Applications/Mac_Agent.app ]]; then 83 | mkdir /Applications/Mac_Agent.app 84 | fi 85 | 86 | cp -fR "/Volumes/Mac Agent Installation/.Mac_Agent.app/Contents" /Applications/Mac_Agent.app/ 87 | hdiutil unmount "/Volumes/Mac Agent Installation" 88 | chown -R root /Applications/Mac_Agent.app/ 89 | chgrp -R wheel /Applications/Mac_Agent.app/ 90 | validate_path=/Applications/Mac_Agent.app/Contents/Daemon/usr/sbin/InitialValidate 91 | if [[ -n ${SERVER} && -n ${PORT} && -n ${PROTOCOL} ]]; then 92 | validate_command="sudo \"${validate_path}\" -s ${SERVER} -n ${PORT} -p ${PROTOCOL} " 93 | else 94 | echo "Not valid activation key" 95 | fi 96 | if [[ -n ${PROXY} ]]; then 97 | validate_command=${validate_command}"-x ${PROXY} " 98 | fi 99 | if [[ -n ${CUSTOMER_ID} && -n ${CUSTOMER_NAME} && -n ${REGISTRATION_TOKEN} ]]; then 100 | command_to_print_out=${validate_command}" -f /tmp/nagent.conf -i ${CUSTOMER_ID} -c \"${CUSTOMER_NAME}\" -t ${SECRET_VALUE} -l /tmp/nagent_install_log" 101 | validate_command=${validate_command}" -f /tmp/nagent.conf -i ${CUSTOMER_ID} -c \"${CUSTOMER_NAME}\" -t ${REGISTRATION_TOKEN} -l /tmp/nagent_install_log" 102 | elif [[ -n ${APPLIANCE} ]]; then 103 | command_to_print_out=${validate_command}" -f /tmp/nagent.conf -a ${APPLIANCE} -t ${SECRET_VALUE} -l /tmp/nagent_install_log" 104 | validate_command=${validate_command}" -f /tmp/nagent.conf -a ${APPLIANCE} -t ${REGISTRATION_TOKEN} -l /tmp/nagent_install_log" 105 | else 106 | echo "[FATAL ERROR] Required information incorrect." 107 | exit 1 108 | fi 109 | 110 | if [[ -n ${command_to_print_out} ]]; then 111 | echo "${command_to_print_out}" 112 | else 113 | echo "${validate_command}" 114 | fi 115 | 116 | # Cleanup 117 | rm -f /tmp/nagent.conf 118 | return_code=0 119 | 120 | # Run validate command and install upon success 121 | eval "${validate_command}" 122 | return_code=$? 123 | 124 | # On failure display error message 125 | if [[ ${return_code} -gt 0 ]]; then 126 | echo "Could not successfully self-register agent" 127 | case ${return_code} in 128 | 10) 129 | echo "Could not connect to N-central server" 130 | ;; 131 | 11) 132 | echo "Invalid Customer Name" 133 | ;; 134 | 12) 135 | echo "Invalid Customer ID" 136 | ;; 137 | 13) 138 | echo "Invalid Appliance ID" 139 | ;; 140 | 14) 141 | echo "Local Asset Discovery failed, check /tmp/nagent_install_log for more details" 142 | ;; 143 | 15) 144 | echo "The N-central server cannot register the agent" 145 | ;; 146 | 16) 147 | echo "Unable to create Configuration file" 148 | ;; 149 | 17) 150 | echo "Unable to create log file" 151 | ;; 152 | *) 153 | usage 154 | echo "Unknown Error occurred, check /tmp/nagent_install_log for more details" 155 | ;; 156 | esac 157 | /Applications/Mac_Agent.app/Contents/Daemon/usr/sbin/uninstall-nagent y -remain_mspa 158 | exit 1 159 | fi 160 | 161 | echo "Update nagent.conf" 162 | cat <> /tmp/nagent.conf 163 | logfilename=/var/log/N-able/N-agent/nagent.log 164 | loglevel=3 165 | homedir=/Applications/Mac_Agent.app/Contents/Daemon/home/nagent/ 166 | thread_limitation=50 167 | poll_delay=1 168 | datablock_size=20 169 | EOF 170 | 171 | # add error checking here 172 | cp -f /tmp/nagent.conf /Applications/Mac_Agent.app/Contents/Daemon/etc/ 173 | rm -f /tmp/nagent.conf 174 | cp -f /Applications/Mac_Agent.app/Contents/Daemon/etc/*.plist /Library/LaunchDaemons/ 175 | 176 | launchctl unload /Library/LaunchDaemons/com.n-able.agent-macosx.plist 177 | launchctl unload /Library/LaunchDaemons/com.n-able.agent-macosx.logrotate-daily.plist 178 | 179 | 180 | launchctl load -w /Library/LaunchDaemons/com.n-able.agent-macosx.plist 181 | launchctl load -w /Library/LaunchDaemons/com.n-able.agent-macosx.logrotate-daily.plist 182 | 183 | echo "The install was successful." 184 | -------------------------------------------------------------------------------- /N-Central-No-Touch-Install/include.sh: -------------------------------------------------------------------------------- 1 | SERVERURL="ncentral.server.url" 2 | NCVERSION="2022.5.0.16" 3 | CUSTOMER_NAME="CASE SENSITIVE NAME" 4 | CUSTOMER_ID=0000 5 | REGISTRATION_TOKEN="" -------------------------------------------------------------------------------- /N-Central-No-Touch-Install/postinstall: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # version 15July2022 4 | 5 | cd "$(dirname "$0")" || return 6 | source "include.sh" 7 | 8 | echo "CUSTOMER NAME: $CUSTOMER_NAME" 9 | echo "REGISTRATION TOKEN: $REGISTRATION_TOKEN" 10 | echo "CUSTOMER ID: $CUSTOMER_ID" 11 | 12 | SECRET_VALUE="*****" 13 | SRC="MacAgentInstallation.dmg" 14 | 15 | #### No edits necessary below this line. #### 16 | 17 | 18 | 19 | # clean up server address if necessary 20 | SERVERURL=$( echo "${SERVERURL}" | awk -F "://" '{if($2) print $2; else print $1;}' ) 21 | SERVERURL=${SERVERURL%/} # strip trailing slash 22 | 23 | echo "SERVER URL: $SERVERURL" 24 | 25 | DMGURL=$(printf "https://%s/download/%s/macosx/N-central/MacAgentInstallation.dmg" "$SERVERURL" "$NCVERSION") 26 | 27 | echo "DMG URL: $DMGURL" 28 | 29 | 30 | if [ ! -d "/tmp/NCENTRAL/" ] ; 31 | then 32 | echo "Creating temp download directory." 33 | mkdir "/tmp/NCENTRAL/" 34 | fi 35 | 36 | 37 | # get the installer pieces 38 | if [ -f "/tmp/NCENTRAL/MacAgentInstallation.dmg" ]; 39 | then 40 | rm "/tmp/NCENTRAL/MacAgentInstallation.dmg" 41 | echo "Removing previous downloaded DMG." 42 | fi 43 | 44 | echo "Downloading DMG" 45 | 46 | 47 | 48 | if ! curl -o "/tmp/NCENTRAL/MacAgentInstallation.dmg" "$DMGURL" 49 | then 50 | echo "ERROR DOWNLOADING $DMGURL" 51 | exit 1 52 | fi 53 | 54 | 55 | 56 | # run the installer script 57 | cd /tmp/NCENTRAL/ || return 58 | 59 | 60 | if [[ ! -f ${SRC} ]]; then 61 | echo "[FATAL ERROR] Disk image ${SRC} does not exists" 62 | exit 1 63 | fi 64 | # Default Values for port and protocol 65 | 66 | SERVER="$SERVERURL" 67 | 68 | if [[ -z ${PORT} ]]; then 69 | PORT=443 70 | fi 71 | if [[ -z ${PROTOCOL} ]]; then 72 | PROTOCOL=https 73 | fi 74 | 75 | 76 | if [[ -z ${SERVER} || -z ${CUSTOMER_NAME} || -z ${CUSTOMER_ID} || -z ${REGISTRATION_TOKEN} ]]; then 77 | echo "[FATAL ERROR] Missing required information." 78 | exit 1 79 | fi 80 | 81 | hdiutil mount "${SRC}" 82 | if [[ ! -d /Applications/Mac_Agent.app ]]; then 83 | mkdir /Applications/Mac_Agent.app 84 | fi 85 | 86 | cp -fR "/Volumes/Mac Agent Installation/.Mac_Agent.app/Contents" /Applications/Mac_Agent.app/ 87 | hdiutil unmount "/Volumes/Mac Agent Installation" 88 | chown -R root /Applications/Mac_Agent.app/ 89 | chgrp -R wheel /Applications/Mac_Agent.app/ 90 | validate_path=/Applications/Mac_Agent.app/Contents/Daemon/usr/sbin/InitialValidate 91 | if [[ -n ${SERVER} && -n ${PORT} && -n ${PROTOCOL} ]]; then 92 | validate_command="sudo \"${validate_path}\" -s ${SERVER} -n ${PORT} -p ${PROTOCOL} " 93 | else 94 | echo "Not valid activation key" 95 | fi 96 | if [[ -n ${PROXY} ]]; then 97 | validate_command=${validate_command}"-x ${PROXY} " 98 | fi 99 | if [[ -n ${CUSTOMER_ID} && -n ${CUSTOMER_NAME} && -n ${REGISTRATION_TOKEN} ]]; then 100 | command_to_print_out=${validate_command}" -f /tmp/nagent.conf -i ${CUSTOMER_ID} -c \"${CUSTOMER_NAME}\" -t ${SECRET_VALUE} -l /tmp/nagent_install_log" 101 | validate_command=${validate_command}" -f /tmp/nagent.conf -i ${CUSTOMER_ID} -c \"${CUSTOMER_NAME}\" -t ${REGISTRATION_TOKEN} -l /tmp/nagent_install_log" 102 | elif [[ -n ${APPLIANCE} ]]; then 103 | command_to_print_out=${validate_command}" -f /tmp/nagent.conf -a ${APPLIANCE} -t ${SECRET_VALUE} -l /tmp/nagent_install_log" 104 | validate_command=${validate_command}" -f /tmp/nagent.conf -a ${APPLIANCE} -t ${REGISTRATION_TOKEN} -l /tmp/nagent_install_log" 105 | else 106 | echo "[FATAL ERROR] Required information incorrect." 107 | exit 1 108 | fi 109 | 110 | if [[ -n ${command_to_print_out} ]]; then 111 | echo "${command_to_print_out}" 112 | else 113 | echo "${validate_command}" 114 | fi 115 | 116 | # Cleanup 117 | rm -f /tmp/nagent.conf 118 | return_code=0 119 | 120 | # Run validate command and install upon success 121 | eval "${validate_command}" 122 | return_code=$? 123 | 124 | # On failure display error message 125 | if [[ ${return_code} -gt 0 ]]; then 126 | echo "Could not successfully self-register agent" 127 | case ${return_code} in 128 | 10) 129 | echo "Could not connect to N-central server" 130 | ;; 131 | 11) 132 | echo "Invalid Customer Name" 133 | ;; 134 | 12) 135 | echo "Invalid Customer ID" 136 | ;; 137 | 13) 138 | echo "Invalid Appliance ID" 139 | ;; 140 | 14) 141 | echo "Local Asset Discovery failed, check /tmp/nagent_install_log for more details" 142 | ;; 143 | 15) 144 | echo "The N-central server cannot register the agent" 145 | ;; 146 | 16) 147 | echo "Unable to create Configuration file" 148 | ;; 149 | 17) 150 | echo "Unable to create log file" 151 | ;; 152 | *) 153 | usage 154 | echo "Unknown Error occurred, check /tmp/nagent_install_log for more details" 155 | ;; 156 | esac 157 | /Applications/Mac_Agent.app/Contents/Daemon/usr/sbin/uninstall-nagent y -remain_mspa 158 | exit 1 159 | fi 160 | 161 | echo "Update nagent.conf" 162 | cat <> /tmp/nagent.conf 163 | logfilename=/var/log/N-able/N-agent/nagent.log 164 | loglevel=3 165 | homedir=/Applications/Mac_Agent.app/Contents/Daemon/home/nagent/ 166 | thread_limitation=50 167 | poll_delay=1 168 | datablock_size=20 169 | EOF 170 | 171 | # add error checking here 172 | cp -f /tmp/nagent.conf /Applications/Mac_Agent.app/Contents/Daemon/etc/ 173 | rm -f /tmp/nagent.conf 174 | cp -f /Applications/Mac_Agent.app/Contents/Daemon/etc/*.plist /Library/LaunchDaemons/ 175 | 176 | launchctl unload /Library/LaunchDaemons/com.n-able.agent-macosx.plist 177 | launchctl unload /Library/LaunchDaemons/com.n-able.agent-macosx.logrotate-daily.plist 178 | 179 | 180 | launchctl load -w /Library/LaunchDaemons/com.n-able.agent-macosx.plist 181 | launchctl load -w /Library/LaunchDaemons/com.n-able.agent-macosx.logrotate-daily.plist 182 | 183 | echo "The install was successful." 184 | -------------------------------------------------------------------------------- /N-Central-No-Touch-Install/readme.md: -------------------------------------------------------------------------------- 1 | Create a folder "Scripts" and copy "postinstall" and "include.sh" into it. 2 | 3 | Be sure they are set executable: 4 | `chmod -R a+x Scripts` 5 | 6 | Edit "include.sh" with correct values for the server, version, customer name, and token information. 7 | 8 | Build a no-payload installer PKG 9 | `pkgbuild --nopayload --scripts Scripts --identifier com.option8.ncentral --version 2024.01.08 sample-installer.pkg` 10 | 11 | Upload to Intune or MDM of choice, and deploy as a normal installer PKG. 12 | 13 | -------------------------------------------------------------------------------- /N-Central-No-Touch-Install/sample-installer.pkg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Mac-Nerd/Mac-scripts/78dd0d6f172d4a089a742e760acb65153c449a25/N-Central-No-Touch-Install/sample-installer.pkg -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Mac Automation Scripts 2 | Scripts to use in managing, automating, and troubleshooting Macs. 3 | 4 | ## See Also 5 | I've started breaking out individual tools that deserve special attention into their own repositories. 6 | - [TCC Tool](https://github.com/Mac-Nerd/tcctool) Build a report of current TCC permissions 7 | - [Patchomator](https://github.com/Mac-Nerd/patchomator) A mangement tool for [Installomator](https://github.com/Installomator/Installomator) 8 | -------------------------------------------------------------------------------- /onboarding-starter.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This and all scripts in this repository are provided 4 | # without warranties, guarantees, or manatees. All credit goes 5 | # to Charles Mangin. You have only yourself to blame. 6 | # https://oldbytes.space/@option8 7 | 8 | # Source: https://github.com/Mac-Nerd/Mac-scripts 9 | # ----------------------------------------------------------- 10 | 11 | # Treat this like a sourdough starter. Feed it, use it, share it. 12 | # Last updated March, 2023. 13 | 14 | # Comment out or uncomment lines as needed below. 15 | # Search for lines with "EDIT THIS" for specific recommended edit points. 16 | 17 | # Where applicable, original URL sources are listed for various sections of this script. 18 | 19 | 20 | ##################### 21 | # 1. SETUP # 22 | ##################### 23 | # Some of these items can take a while to complete. Caffeinate makes sure the computer 24 | # doesn't go to sleep while this is running. 25 | /usr/bin/caffeinate -d -i -m -u & 26 | caffeinatepid=$! 27 | caffexit () { 28 | kill "$caffeinatepid" 29 | pkill caffeinate 30 | exit $1 31 | } 32 | # Count errors 33 | errorCount=0 34 | 35 | 36 | 37 | ##################### 38 | # 1. DESKTOP # 39 | ##################### 40 | # Set the default desktop background. Use a file that already exists on the Mac, or 41 | # use curl to download your own. 42 | # DesktopPicturePath="/Library/Desktop Pictures/Custom/default.jpg" # adjust to fit file format 43 | # mkdir -p $(dirname "$DesktopPicturePath") 44 | # curl -o "$DesktopPicturePath" http://URL-TO-YOUR-DESKTOP-IMAGE 45 | 46 | # EDIT THIS 47 | osascript -e 'tell application "Finder" 48 | set desktop picture to POSIX file "/Library/Desktop Pictures/Solid Colors/Solid Gray Dark.png" 49 | end tell' 50 | 51 | 52 | ##################### 53 | # 2. INSTALL APPS # 54 | ##################### 55 | # Use Installomator to install a list of standard items: 56 | # source: 57 | # https://github.com/Installomator/Installomator/blob/main/MDM/App-loop%20script.sh 58 | 59 | # Enter the software labels to install separated with spaces 60 | # list of available software: https://github.com/Installomator/Installomator/blob/main/Labels.txt 61 | 62 | # EDIT THIS 63 | whatList="microsoftteams firefox bravebrowser cyberduck vlc signal" 64 | 65 | 66 | LOGO="appstore" 67 | parameters="BLOCKING_PROCESS_ACTION=tell_user NOTIFY=all" 68 | 69 | # Verify that Installomator has been installed 70 | destFile="/usr/local/Installomator/Installomator.sh" 71 | if [ ! -e "${destFile}" ]; then 72 | 73 | # Download the Installomator release PKG from github. 74 | downloadURL="https://github.com/Installomator/Installomator/releases/download/v10.3/Installomator-10.3.pkg" ;\ 75 | downloadTarget="Installomator-10.3.pkg" ;\ 76 | 77 | # On successful download, install the PKG 78 | if curl -SsL -f -o /tmp/"${downloadTarget}" "${downloadURL}" 79 | then 80 | # Install the PKG 81 | echo "Installing ${downloadTarget}" 82 | installer -pkg /tmp/${downloadTarget} -target / 83 | else 84 | echo "ERROR downloading ${downloadURL}" 85 | (( errorCount++ )) 86 | fi 87 | 88 | fi 89 | 90 | for what in $whatList; do 91 | #echo $what 92 | # Install software using Installomator 93 | cmdOutput="$(${destFile} ${what} LOGO=$LOGO $parameters LOGGING=WARN || true)" 94 | # Check result 95 | exitStatus="$( echo "${cmdOutput}" | grep --binary-files=text -i "exit" | tail -1 | sed -E 's/.*exit code ([0-9]).*/\1/g' || true )" 96 | if [[ ${exitStatus} -ne 0 ]] ; then 97 | echo -e "Error installing ${what}. Exit code ${exitStatus}" 98 | #echo "$cmdOutput" 99 | errorOutput="$( echo "${cmdOutput}" | grep --binary-files=text -i "error" || true )" 100 | echo "$errorOutput" 101 | (( errorCount++ )) 102 | fi 103 | done 104 | 105 | 106 | ##################### 107 | # 3. CONFIGURE # 108 | ##################### 109 | 110 | # Main source: 111 | # https://mths.be/macos 112 | # 113 | # see also: 114 | # https://github.com/CodelyTV/dotfiles/blob/master/mac/configs/mac-os.sh 115 | # https://github.com/carloscuesta/dotfiles/blob/master/osx/osx-preferences.sh 116 | 117 | # Close any open System Preferences panes, to prevent them from overriding 118 | # settings we’re about to change 119 | 120 | osascript -e 'tell application "System Preferences" to quit' 121 | 122 | ############################################################################### 123 | # General UI/UX # 124 | ############################################################################### 125 | 126 | # Set computer name (as done via System Preferences → Sharing) 127 | #sudo scutil --set ComputerName "0x6D746873" 128 | #sudo scutil --set HostName "0x6D746873" 129 | #sudo scutil --set LocalHostName "0x6D746873" 130 | #sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName -string "0x6D746873" 131 | 132 | # Disable the sound effects on boot 133 | # sudo nvram SystemAudioVolume=" " 134 | 135 | # Disable transparency in the menu bar and elsewhere on Yosemite 136 | defaults write com.apple.universalaccess reduceTransparency -bool true 137 | 138 | # Set highlight color to green 139 | # defaults write NSGlobalDomain AppleHighlightColor -string "0.764700 0.976500 0.568600" 140 | 141 | # Set sidebar icon size to medium 142 | defaults write NSGlobalDomain NSTableViewDefaultSizeMode -int 2 143 | 144 | # Always show scrollbars 145 | defaults write NSGlobalDomain AppleShowScrollBars -string "Always" 146 | # Possible values: `WhenScrolling`, `Automatic` and `Always` 147 | 148 | # Disable the over-the-top focus ring animation 149 | defaults write NSGlobalDomain NSUseAnimatedFocusRing -bool false 150 | 151 | # Adjust toolbar title rollover delay 152 | defaults write NSGlobalDomain NSToolbarTitleViewRolloverDelay -float 0 153 | 154 | # Disable smooth scrolling 155 | # (Uncomment if you’re on an older Mac that messes up the animation) 156 | #defaults write NSGlobalDomain NSScrollAnimationEnabled -bool false 157 | 158 | # Increase window resize speed for Cocoa applications 159 | defaults write NSGlobalDomain NSWindowResizeTime -float 0.001 160 | 161 | # Expand save panel by default 162 | defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode -bool true 163 | defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode2 -bool true 164 | 165 | # Expand print panel by default 166 | defaults write NSGlobalDomain PMPrintingExpandedStateForPrint -bool true 167 | defaults write NSGlobalDomain PMPrintingExpandedStateForPrint2 -bool true 168 | 169 | # Save to disk (not to iCloud) by default 170 | defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false 171 | 172 | # Automatically quit printer app once the print jobs complete 173 | defaults write com.apple.print.PrintingPrefs "Quit When Finished" -bool true 174 | 175 | # Disable the “Are you sure you want to open this application?” dialog 176 | # defaults write com.apple.LaunchServices LSQuarantine -bool false 177 | 178 | # Remove duplicates in the “Open With” menu (also see `lscleanup` alias) 179 | /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -kill -r -domain local -domain system -domain user 180 | 181 | # Display ASCII control characters using caret notation in standard text views 182 | # Try e.g. `cd /tmp; unidecode "\x{0000}" > cc.txt; open -e cc.txt` 183 | # defaults write NSGlobalDomain NSTextShowsControlCharacters -bool true 184 | 185 | # Disable Resume system-wide 186 | # defaults write com.apple.systempreferences NSQuitAlwaysKeepsWindows -bool false 187 | 188 | # Disable automatic termination of inactive apps 189 | # defaults write NSGlobalDomain NSDisableAutomaticTermination -bool true 190 | 191 | # Disable the crash reporter 192 | #defaults write com.apple.CrashReporter DialogType -string "none" 193 | 194 | # Set Help Viewer windows to non-floating mode 195 | defaults write com.apple.helpviewer DevMode -bool true 196 | 197 | # Fix for the ancient UTF-8 bug in QuickLook (https://mths.be/bbo) 198 | # Commented out, as this is known to cause problems in various Adobe apps :( 199 | # See https://github.com/mathiasbynens/dotfiles/issues/237 200 | #echo "0x08000100:0" > ~/.CFUserTextEncoding 201 | 202 | # Reveal IP address, hostname, OS version, etc. when clicking the clock 203 | # in the login window 204 | sudo defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName 205 | 206 | # Disable Notification Center and remove the menu bar icon 207 | # launchctl unload -w /System/Library/LaunchAgents/com.apple.notificationcenterui.plist 2> /dev/null 208 | 209 | # Disable automatic capitalization as it’s annoying when typing code 210 | defaults write NSGlobalDomain NSAutomaticCapitalizationEnabled -bool false 211 | 212 | # Disable smart dashes as they’re annoying when typing code 213 | defaults write NSGlobalDomain NSAutomaticDashSubstitutionEnabled -bool false 214 | 215 | # Disable automatic period substitution as it’s annoying when typing code 216 | defaults write NSGlobalDomain NSAutomaticPeriodSubstitutionEnabled -bool false 217 | 218 | # Disable smart quotes as they’re annoying when typing code 219 | defaults write NSGlobalDomain NSAutomaticQuoteSubstitutionEnabled -bool false 220 | 221 | # Disable auto-correct 222 | defaults write NSGlobalDomain NSAutomaticSpellingCorrectionEnabled -bool false 223 | 224 | 225 | ############################################################################### 226 | # Trackpad, mouse, keyboard, Bluetooth accessories, and input # 227 | ############################################################################### 228 | 229 | # Trackpad: enable tap to click for this user and for the login screen 230 | # defaults write com.apple.driver.AppleBluetoothMultitouch.trackpad Clicking -bool true 231 | # defaults -currentHost write NSGlobalDomain com.apple.mouse.tapBehavior -int 1 232 | # defaults write NSGlobalDomain com.apple.mouse.tapBehavior -int 1 233 | 234 | # Trackpad: map bottom right corner to right-click 235 | # defaults write com.apple.driver.AppleBluetoothMultitouch.trackpad TrackpadCornerSecondaryClick -int 2 236 | # defaults write com.apple.driver.AppleBluetoothMultitouch.trackpad TrackpadRightClick -bool true 237 | # defaults -currentHost write NSGlobalDomain com.apple.trackpad.trackpadCornerClickBehavior -int 1 238 | # defaults -currentHost write NSGlobalDomain com.apple.trackpad.enableSecondaryClick -bool true 239 | 240 | # Disable “natural” (Lion-style) scrolling 241 | # defaults write NSGlobalDomain com.apple.swipescrolldirection -bool false 242 | 243 | # Increase sound quality for Bluetooth headphones/headsets 244 | # defaults write com.apple.BluetoothAudioAgent "Apple Bitpool Min (editable)" -int 40 245 | 246 | # Enable full keyboard access for all controls 247 | # (e.g. enable Tab in modal dialogs) 248 | defaults write NSGlobalDomain AppleKeyboardUIMode -int 3 249 | 250 | # Use scroll gesture with the Ctrl (^) modifier key to zoom 251 | # defaults write com.apple.universalaccess closeViewScrollWheelToggle -bool true 252 | # defaults write com.apple.universalaccess HIDScrollZoomModifierMask -int 262144 253 | 254 | # Follow the keyboard focus while zoomed in 255 | # defaults write com.apple.universalaccess closeViewZoomFollowsFocus -bool true 256 | 257 | # Disable press-and-hold for keys in favor of key repeat 258 | # defaults write NSGlobalDomain ApplePressAndHoldEnabled -bool false 259 | 260 | # Set a blazingly fast keyboard repeat rate 261 | # defaults write NSGlobalDomain KeyRepeat -int 1 262 | # defaults write NSGlobalDomain InitialKeyRepeat -int 10 263 | 264 | # Set language and text formats 265 | # Note: if you’re in the US, replace `EUR` with `USD`, `Centimeters` with 266 | # `Inches`, `en_GB` with `en_US`, and `true` with `false`. 267 | # defaults write NSGlobalDomain AppleLanguages -array "en" "nl" 268 | # defaults write NSGlobalDomain AppleLocale -string "en_GB@currency=EUR" 269 | # defaults write NSGlobalDomain AppleMeasurementUnits -string "Centimeters" 270 | # defaults write NSGlobalDomain AppleMetricUnits -bool true 271 | 272 | # Show language menu in the top right corner of the boot screen 273 | sudo defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool true 274 | 275 | # Set the timezone; see `sudo systemsetup -listtimezones` for other values 276 | # sudo systemsetup -settimezone "Europe/Brussels" > /dev/null 277 | 278 | # Stop iTunes from responding to the keyboard media keys 279 | #launchctl unload -w /System/Library/LaunchAgents/com.apple.rcd.plist 2> /dev/null 280 | 281 | ############################################################################### 282 | # Energy saving # 283 | ############################################################################### 284 | 285 | # Enable lid wakeup 286 | # sudo pmset -a lidwake 1 287 | 288 | # Restart automatically on power loss 289 | # sudo pmset -a autorestart 1 290 | 291 | # Restart automatically if the computer freezes 292 | # sudo systemsetup -setrestartfreeze on 293 | 294 | # Sleep the display after 15 minutes 295 | sudo pmset -a displaysleep 15 296 | 297 | # Disable machine sleep while charging 298 | # sudo pmset -c sleep 0 299 | 300 | # Set machine sleep to 5 minutes on battery 301 | # sudo pmset -b sleep 5 302 | 303 | # Set standby delay to 24 hours (default is 1 hour) 304 | # sudo pmset -a standbydelay 86400 305 | 306 | # Never go into computer sleep mode 307 | # sudo systemsetup -setcomputersleep Off > /dev/null 308 | 309 | # Hibernation mode 310 | # 0: Disable hibernation (speeds up entering sleep mode) 311 | # 3: Copy RAM to disk so the system state can still be restored in case of a 312 | # power failure. 313 | # sudo pmset -a hibernatemode 0 314 | 315 | # Remove the sleep image file to save disk space 316 | # sudo rm /private/var/vm/sleepimage 317 | # 318 | # Create a zero-byte file instead… 319 | # sudo touch /private/var/vm/sleepimage 320 | # 321 | # …and make sure it can’t be rewritten 322 | # sudo chflags uchg /private/var/vm/sleepimage 323 | 324 | ############################################################################### 325 | # Screen # 326 | ############################################################################### 327 | 328 | # Require password immediately after sleep or screen saver begins 329 | defaults write com.apple.screensaver askForPassword -int 1 330 | defaults write com.apple.screensaver askForPasswordDelay -int 0 331 | 332 | # Save screenshots to the desktop 333 | defaults write com.apple.screencapture location -string "${HOME}/Desktop" 334 | 335 | # Save screenshots in PNG format (other options: BMP, GIF, JPG, PDF, TIFF) 336 | defaults write com.apple.screencapture type -string "png" 337 | 338 | # Disable shadow in screenshots 339 | defaults write com.apple.screencapture disable-shadow -bool true 340 | 341 | # Enable subpixel font rendering on non-Apple LCDs 342 | # Reference: https://github.com/kevinSuttle/macOS-Defaults/issues/17#issuecomment-266633501 343 | defaults write NSGlobalDomain AppleFontSmoothing -int 1 344 | 345 | # Enable HiDPI display modes (requires restart) 346 | sudo defaults write /Library/Preferences/com.apple.windowserver DisplayResolutionEnabled -bool true 347 | 348 | ############################################################################### 349 | # Finder # 350 | ############################################################################### 351 | 352 | # Finder: allow quitting via ⌘ + Q; doing so will also hide desktop icons 353 | # defaults write com.apple.finder QuitMenuItem -bool true 354 | 355 | # Finder: disable window animations and Get Info animations 356 | # defaults write com.apple.finder DisableAllAnimations -bool true 357 | 358 | # Set Desktop as the default location for new Finder windows 359 | # For other paths, use `PfLo` and `file:///full/path/here/` 360 | defaults write com.apple.finder NewWindowTarget -string "PfDe" 361 | defaults write com.apple.finder NewWindowTargetPath -string "file://${HOME}/Desktop/" 362 | 363 | # Show icons for hard drives, servers, and removable media on the desktop 364 | defaults write com.apple.finder ShowExternalHardDrivesOnDesktop -bool true 365 | defaults write com.apple.finder ShowHardDrivesOnDesktop -bool true 366 | defaults write com.apple.finder ShowMountedServersOnDesktop -bool true 367 | defaults write com.apple.finder ShowRemovableMediaOnDesktop -bool true 368 | 369 | # Finder: show hidden files by default 370 | #defaults write com.apple.finder AppleShowAllFiles -bool true 371 | 372 | # Finder: show all filename extensions 373 | defaults write NSGlobalDomain AppleShowAllExtensions -bool true 374 | 375 | # Finder: show status bar 376 | defaults write com.apple.finder ShowStatusBar -bool true 377 | 378 | # Finder: show path bar 379 | defaults write com.apple.finder ShowPathbar -bool true 380 | 381 | # Display full POSIX path as Finder window title 382 | defaults write com.apple.finder _FXShowPosixPathInTitle -bool true 383 | 384 | # Keep folders on top when sorting by name 385 | defaults write com.apple.finder _FXSortFoldersFirst -bool true 386 | 387 | # When performing a search, search the current folder by default 388 | defaults write com.apple.finder FXDefaultSearchScope -string "SCcf" 389 | 390 | # Disable the warning when changing a file extension 391 | defaults write com.apple.finder FXEnableExtensionChangeWarning -bool false 392 | 393 | # Enable spring loading for directories 394 | defaults write NSGlobalDomain com.apple.springing.enabled -bool true 395 | 396 | # Remove the spring loading delay for directories 397 | defaults write NSGlobalDomain com.apple.springing.delay -float 0 398 | 399 | # Avoid creating .DS_Store files on network or USB volumes 400 | defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool true 401 | defaults write com.apple.desktopservices DSDontWriteUSBStores -bool true 402 | 403 | # Disable disk image verification 404 | # defaults write com.apple.frameworks.diskimages skip-verify -bool true 405 | # defaults write com.apple.frameworks.diskimages skip-verify-locked -bool true 406 | # defaults write com.apple.frameworks.diskimages skip-verify-remote -bool true 407 | 408 | # Automatically open a new Finder window when a volume is mounted 409 | defaults write com.apple.frameworks.diskimages auto-open-ro-root -bool true 410 | defaults write com.apple.frameworks.diskimages auto-open-rw-root -bool true 411 | defaults write com.apple.finder OpenWindowForNewRemovableDisk -bool true 412 | 413 | # Show item info near icons on the desktop and in other icon views 414 | /usr/libexec/PlistBuddy -c "Set :DesktopViewSettings:IconViewSettings:showItemInfo true" ~/Library/Preferences/com.apple.finder.plist 415 | /usr/libexec/PlistBuddy -c "Set :FK_StandardViewSettings:IconViewSettings:showItemInfo true" ~/Library/Preferences/com.apple.finder.plist 416 | /usr/libexec/PlistBuddy -c "Set :StandardViewSettings:IconViewSettings:showItemInfo true" ~/Library/Preferences/com.apple.finder.plist 417 | 418 | # Show item info to the right of the icons on the desktop 419 | /usr/libexec/PlistBuddy -c "Set DesktopViewSettings:IconViewSettings:labelOnBottom false" ~/Library/Preferences/com.apple.finder.plist 420 | 421 | # Enable snap-to-grid for icons on the desktop and in other icon views 422 | /usr/libexec/PlistBuddy -c "Set :DesktopViewSettings:IconViewSettings:arrangeBy grid" ~/Library/Preferences/com.apple.finder.plist 423 | /usr/libexec/PlistBuddy -c "Set :FK_StandardViewSettings:IconViewSettings:arrangeBy grid" ~/Library/Preferences/com.apple.finder.plist 424 | /usr/libexec/PlistBuddy -c "Set :StandardViewSettings:IconViewSettings:arrangeBy grid" ~/Library/Preferences/com.apple.finder.plist 425 | 426 | # Increase grid spacing for icons on the desktop and in other icon views 427 | /usr/libexec/PlistBuddy -c "Set :DesktopViewSettings:IconViewSettings:gridSpacing 100" ~/Library/Preferences/com.apple.finder.plist 428 | /usr/libexec/PlistBuddy -c "Set :FK_StandardViewSettings:IconViewSettings:gridSpacing 100" ~/Library/Preferences/com.apple.finder.plist 429 | /usr/libexec/PlistBuddy -c "Set :StandardViewSettings:IconViewSettings:gridSpacing 100" ~/Library/Preferences/com.apple.finder.plist 430 | 431 | # Increase the size of icons on the desktop and in other icon views 432 | /usr/libexec/PlistBuddy -c "Set :DesktopViewSettings:IconViewSettings:iconSize 80" ~/Library/Preferences/com.apple.finder.plist 433 | /usr/libexec/PlistBuddy -c "Set :FK_StandardViewSettings:IconViewSettings:iconSize 80" ~/Library/Preferences/com.apple.finder.plist 434 | /usr/libexec/PlistBuddy -c "Set :StandardViewSettings:IconViewSettings:iconSize 80" ~/Library/Preferences/com.apple.finder.plist 435 | 436 | # Use list view in all Finder windows by default 437 | # Four-letter codes for the other view modes: `icnv`, `clmv`, `glyv` 438 | defaults write com.apple.finder FXPreferredViewStyle -string "Nlsv" 439 | 440 | # Disable the warning before emptying the Trash 441 | #defaults write com.apple.finder WarnOnEmptyTrash -bool false 442 | 443 | # Enable AirDrop over Ethernet and on unsupported Macs running Lion 444 | defaults write com.apple.NetworkBrowser BrowseAllInterfaces -bool true 445 | 446 | # Show the ~/Library folder 447 | chflags nohidden ~/Library && xattr -d com.apple.FinderInfo ~/Library 448 | 449 | # Show the /Volumes folder 450 | sudo chflags nohidden /Volumes 451 | 452 | # Expand the following File Info panes: 453 | # “General”, “Open with”, and “Sharing & Permissions” 454 | defaults write com.apple.finder FXInfoPanesExpanded -dict \ 455 | General -bool true \ 456 | OpenWith -bool true \ 457 | Privileges -bool true 458 | 459 | ############################################################################### 460 | # Dock, Dashboard, and hot corners # 461 | ############################################################################### 462 | 463 | # Enable highlight hover effect for the grid view of a stack (Dock) 464 | defaults write com.apple.dock mouse-over-hilite-stack -bool true 465 | 466 | # Set the icon size of Dock items to 36 pixels 467 | defaults write com.apple.dock tilesize -int 36 468 | 469 | # Change minimize/maximize window effect 470 | defaults write com.apple.dock mineffect -string "scale" 471 | 472 | # Minimize windows into their application’s icon 473 | defaults write com.apple.dock minimize-to-application -bool true 474 | 475 | # Enable spring loading for all Dock items 476 | defaults write com.apple.dock enable-spring-load-actions-on-all-items -bool true 477 | 478 | # Show indicator lights for open applications in the Dock 479 | defaults write com.apple.dock show-process-indicators -bool true 480 | 481 | # Wipe all (default) app icons from the Dock 482 | # This is only really useful when setting up a new Mac, or if you don’t use 483 | # the Dock to launch apps. 484 | #defaults write com.apple.dock persistent-apps -array 485 | 486 | # Show only open applications in the Dock 487 | #defaults write com.apple.dock static-only -bool true 488 | 489 | # Don’t animate opening applications from the Dock 490 | defaults write com.apple.dock launchanim -bool false 491 | 492 | # Speed up Mission Control animations 493 | defaults write com.apple.dock expose-animation-duration -float 0.1 494 | 495 | # Don’t group windows by application in Mission Control 496 | # (i.e. use the old Exposé behavior instead) 497 | defaults write com.apple.dock expose-group-by-app -bool false 498 | 499 | # Disable Dashboard 500 | defaults write com.apple.dashboard mcx-disabled -bool true 501 | 502 | # Don’t show Dashboard as a Space 503 | defaults write com.apple.dock dashboard-in-overlay -bool true 504 | 505 | # Don’t automatically rearrange Spaces based on most recent use 506 | defaults write com.apple.dock mru-spaces -bool false 507 | 508 | # Remove the auto-hiding Dock delay 509 | defaults write com.apple.dock autohide-delay -float 0 510 | 511 | # Remove the animation when hiding/showing the Dock 512 | defaults write com.apple.dock autohide-time-modifier -float 0 513 | 514 | # Automatically hide and show the Dock 515 | defaults write com.apple.dock autohide -bool true 516 | 517 | # Make Dock icons of hidden applications translucent 518 | defaults write com.apple.dock showhidden -bool true 519 | 520 | # Don’t show recent applications in Dock 521 | defaults write com.apple.dock show-recents -bool false 522 | 523 | # Disable the Launchpad gesture (pinch with thumb and three fingers) 524 | #defaults write com.apple.dock showLaunchpadGestureEnabled -int 0 525 | 526 | # Reset Launchpad, but keep the desktop wallpaper intact 527 | find "${HOME}/Library/Application Support/Dock" -name "*-*.db" -maxdepth 1 -delete 528 | 529 | 530 | # Add a spacer to the left side of the Dock (where the applications are) 531 | #defaults write com.apple.dock persistent-apps -array-add '{tile-data={}; tile-type="spacer-tile";}' 532 | 533 | # Add a spacer to the right side of the Dock (where the Trash is) 534 | #defaults write com.apple.dock persistent-others -array-add '{tile-data={}; tile-type="spacer-tile";}' 535 | 536 | # Hot corners 537 | # Possible values: 538 | # 0: no-op 539 | # 2: Mission Control 540 | # 3: Show application windows 541 | # 4: Desktop 542 | # 5: Start screen saver 543 | # 6: Disable screen saver 544 | # 7: Dashboard 545 | # 10: Put display to sleep 546 | # 11: Launchpad 547 | # 12: Notification Center 548 | # 13: Lock Screen 549 | # Top left screen corner → Mission Control 550 | # defaults write com.apple.dock wvous-tl-corner -int 2 551 | # defaults write com.apple.dock wvous-tl-modifier -int 0 552 | 553 | # Top right screen corner → Desktop 554 | # defaults write com.apple.dock wvous-tr-corner -int 4 555 | # defaults write com.apple.dock wvous-tr-modifier -int 0 556 | 557 | # Bottom left screen corner → Start screen saver 558 | # defaults write com.apple.dock wvous-bl-corner -int 5 559 | # defaults write com.apple.dock wvous-bl-modifier -int 0 560 | 561 | ############################################################################### 562 | # Safari & WebKit # 563 | ############################################################################### 564 | 565 | # Privacy: don’t send search queries to Apple 566 | defaults write com.apple.Safari UniversalSearchEnabled -bool false 567 | defaults write com.apple.Safari SuppressSearchSuggestions -bool true 568 | 569 | # Press Tab to highlight each item on a web page 570 | defaults write com.apple.Safari WebKitTabToLinksPreferenceKey -bool true 571 | defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2TabsToLinks -bool true 572 | 573 | # Show the full URL in the address bar (note: this still hides the scheme) 574 | defaults write com.apple.Safari ShowFullURLInSmartSearchField -bool true 575 | 576 | # Set Safari’s home page to `about:blank` for faster loading 577 | defaults write com.apple.Safari HomePage -string "about:blank" 578 | 579 | # Prevent Safari from opening ‘safe’ files automatically after downloading 580 | defaults write com.apple.Safari AutoOpenSafeDownloads -bool false 581 | 582 | # Allow hitting the Backspace key to go to the previous page in history 583 | defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2BackspaceKeyNavigationEnabled -bool true 584 | 585 | # Hide Safari’s bookmarks bar by default 586 | defaults write com.apple.Safari ShowFavoritesBar -bool false 587 | 588 | # Hide Safari’s sidebar in Top Sites 589 | defaults write com.apple.Safari ShowSidebarInTopSites -bool false 590 | 591 | # Disable Safari’s thumbnail cache for History and Top Sites 592 | defaults write com.apple.Safari DebugSnapshotsUpdatePolicy -int 2 593 | 594 | # Enable Safari’s debug menu 595 | defaults write com.apple.Safari IncludeInternalDebugMenu -bool true 596 | 597 | # Make Safari’s search banners default to Contains instead of Starts With 598 | defaults write com.apple.Safari FindOnPageMatchesWordStartsOnly -bool false 599 | 600 | # Remove useless icons from Safari’s bookmarks bar 601 | defaults write com.apple.Safari ProxiesInBookmarksBar "()" 602 | 603 | # Enable the Develop menu and the Web Inspector in Safari 604 | defaults write com.apple.Safari IncludeDevelopMenu -bool true 605 | defaults write com.apple.Safari WebKitDeveloperExtrasEnabledPreferenceKey -bool true 606 | defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2DeveloperExtrasEnabled -bool true 607 | 608 | # Add a context menu item for showing the Web Inspector in web views 609 | defaults write NSGlobalDomain WebKitDeveloperExtras -bool true 610 | 611 | # Enable continuous spellchecking 612 | defaults write com.apple.Safari WebContinuousSpellCheckingEnabled -bool true 613 | # Disable auto-correct 614 | defaults write com.apple.Safari WebAutomaticSpellingCorrectionEnabled -bool false 615 | 616 | # Disable AutoFill 617 | defaults write com.apple.Safari AutoFillFromAddressBook -bool false 618 | defaults write com.apple.Safari AutoFillPasswords -bool false 619 | defaults write com.apple.Safari AutoFillCreditCardData -bool false 620 | defaults write com.apple.Safari AutoFillMiscellaneousForms -bool false 621 | 622 | # Warn about fraudulent websites 623 | defaults write com.apple.Safari WarnAboutFraudulentWebsites -bool true 624 | 625 | # Disable plug-ins 626 | defaults write com.apple.Safari WebKitPluginsEnabled -bool false 627 | defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2PluginsEnabled -bool false 628 | 629 | # Disable Java 630 | defaults write com.apple.Safari WebKitJavaEnabled -bool false 631 | defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabled -bool false 632 | defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabledForLocalFiles -bool false 633 | 634 | # Block pop-up windows 635 | defaults write com.apple.Safari WebKitJavaScriptCanOpenWindowsAutomatically -bool false 636 | defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptCanOpenWindowsAutomatically -bool false 637 | 638 | # Disable auto-playing video 639 | #defaults write com.apple.Safari WebKitMediaPlaybackAllowsInline -bool false 640 | #defaults write com.apple.SafariTechnologyPreview WebKitMediaPlaybackAllowsInline -bool false 641 | #defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2AllowsInlineMediaPlayback -bool false 642 | #defaults write com.apple.SafariTechnologyPreview com.apple.Safari.ContentPageGroupIdentifier.WebKit2AllowsInlineMediaPlayback -bool false 643 | 644 | # Enable “Do Not Track” 645 | defaults write com.apple.Safari SendDoNotTrackHTTPHeader -bool true 646 | 647 | # Update extensions automatically 648 | defaults write com.apple.Safari InstallExtensionUpdatesAutomatically -bool true 649 | 650 | ############################################################################### 651 | # Mail # 652 | ############################################################################### 653 | 654 | # Disable send and reply animations in Mail.app 655 | defaults write com.apple.mail DisableReplyAnimations -bool true 656 | defaults write com.apple.mail DisableSendAnimations -bool true 657 | 658 | # Copy email addresses as `foo@example.com` instead of `Foo Bar ` in Mail.app 659 | defaults write com.apple.mail AddressesIncludeNameOnPasteboard -bool false 660 | 661 | # Add the keyboard shortcut ⌘ + Enter to send an email in Mail.app 662 | defaults write com.apple.mail NSUserKeyEquivalents -dict-add "Send" "@\U21a9" 663 | 664 | # Display emails in threaded mode, sorted by date (oldest at the top) 665 | defaults write com.apple.mail DraftsViewerAttributes -dict-add "DisplayInThreadedMode" -string "yes" 666 | defaults write com.apple.mail DraftsViewerAttributes -dict-add "SortedDescending" -string "yes" 667 | defaults write com.apple.mail DraftsViewerAttributes -dict-add "SortOrder" -string "received-date" 668 | 669 | # Disable inline attachments (just show the icons) 670 | defaults write com.apple.mail DisableInlineAttachmentViewing -bool true 671 | 672 | # Disable automatic spell checking 673 | defaults write com.apple.mail SpellCheckingBehavior -string "NoSpellCheckingEnabled" 674 | 675 | ############################################################################### 676 | # Spotlight # 677 | ############################################################################### 678 | 679 | # Hide Spotlight tray-icon (and subsequent helper) 680 | #sudo chmod 600 /System/Library/CoreServices/Search.bundle/Contents/MacOS/Search 681 | 682 | # Disable Spotlight indexing for any volume that gets mounted and has not yet 683 | # been indexed before. 684 | # Use `sudo mdutil -i off "/Volumes/foo"` to stop indexing any volume. 685 | sudo defaults write /.Spotlight-V100/VolumeConfiguration Exclusions -array "/Volumes" 686 | 687 | # Change indexing order and disable some search results 688 | # defaults write com.apple.spotlight orderedItems -array \ 689 | # '{"enabled" = 1;"name" = "APPLICATIONS";}' \ 690 | # '{"enabled" = 1;"name" = "SYSTEM_PREFS";}' \ 691 | # '{"enabled" = 1;"name" = "DIRECTORIES";}' \ 692 | # '{"enabled" = 1;"name" = "PDF";}' \ 693 | # '{"enabled" = 1;"name" = "FONTS";}' \ 694 | # '{"enabled" = 0;"name" = "DOCUMENTS";}' \ 695 | # '{"enabled" = 0;"name" = "MESSAGES";}' \ 696 | # '{"enabled" = 0;"name" = "CONTACT";}' \ 697 | # '{"enabled" = 0;"name" = "EVENT_TODO";}' \ 698 | # '{"enabled" = 0;"name" = "IMAGES";}' \ 699 | # '{"enabled" = 0;"name" = "BOOKMARKS";}' \ 700 | # '{"enabled" = 0;"name" = "MUSIC";}' \ 701 | # '{"enabled" = 0;"name" = "MOVIES";}' \ 702 | # '{"enabled" = 0;"name" = "PRESENTATIONS";}' \ 703 | # '{"enabled" = 0;"name" = "SPREADSHEETS";}' \ 704 | # '{"enabled" = 0;"name" = "SOURCE";}' \ 705 | # '{"enabled" = 0;"name" = "MENU_DEFINITION";}' \ 706 | # '{"enabled" = 0;"name" = "MENU_OTHER";}' \ 707 | # '{"enabled" = 0;"name" = "MENU_CONVERSION";}' \ 708 | # '{"enabled" = 0;"name" = "MENU_EXPRESSION";}' \ 709 | # '{"enabled" = 0;"name" = "MENU_WEBSEARCH";}' \ 710 | # '{"enabled" = 0;"name" = "MENU_SPOTLIGHT_SUGGESTIONS";}' 711 | 712 | # Load new settings before rebuilding the index 713 | killall mds > /dev/null 2>&1 714 | # Make sure indexing is enabled for the main volume 715 | sudo mdutil -i on / > /dev/null 716 | # Rebuild the index from scratch 717 | sudo mdutil -E / > /dev/null 718 | 719 | ############################################################################### 720 | # Terminal # 721 | ############################################################################### 722 | 723 | # Only use UTF-8 in Terminal.app 724 | defaults write com.apple.terminal StringEncodings -array 4 725 | 726 | # Enable “focus follows mouse” for Terminal.app and all X11 apps 727 | # i.e. hover over a window and start typing in it without clicking first 728 | #defaults write com.apple.terminal FocusFollowsMouse -bool true 729 | #defaults write org.x.X11 wm_ffm -bool true 730 | 731 | # Enable Secure Keyboard Entry in Terminal.app 732 | # See: https://security.stackexchange.com/a/47786/8918 733 | defaults write com.apple.terminal SecureKeyboardEntry -bool true 734 | 735 | # Disable the annoying line marks 736 | defaults write com.apple.Terminal ShowLineMarks -int 0 737 | 738 | ############################################################################### 739 | # Time Machine # 740 | ############################################################################### 741 | 742 | # Prevent Time Machine from prompting to use new hard drives as backup volume 743 | defaults write com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true 744 | 745 | # Disable local Time Machine backups 746 | hash tmutil &> /dev/null && sudo tmutil disablelocal 747 | 748 | ############################################################################### 749 | # Activity Monitor # 750 | ############################################################################### 751 | 752 | # Show the main window when launching Activity Monitor 753 | defaults write com.apple.ActivityMonitor OpenMainWindow -bool true 754 | 755 | # Visualize CPU usage in the Activity Monitor Dock icon 756 | defaults write com.apple.ActivityMonitor IconType -int 5 757 | 758 | # Show all processes in Activity Monitor 759 | defaults write com.apple.ActivityMonitor ShowCategory -int 0 760 | 761 | # Sort Activity Monitor results by CPU usage 762 | defaults write com.apple.ActivityMonitor SortColumn -string "CPUUsage" 763 | defaults write com.apple.ActivityMonitor SortDirection -int 0 764 | 765 | ############################################################################### 766 | # Address Book, Dashboard, iCal, TextEdit, and Disk Utility # 767 | ############################################################################### 768 | 769 | # Enable the debug menu in Address Book 770 | defaults write com.apple.addressbook ABShowDebugMenu -bool true 771 | 772 | # Enable Dashboard dev mode (allows keeping widgets on the desktop) 773 | defaults write com.apple.dashboard devmode -bool true 774 | 775 | # Enable the debug menu in iCal (pre-10.8) 776 | defaults write com.apple.iCal IncludeDebugMenu -bool true 777 | 778 | # Use plain text mode for new TextEdit documents 779 | defaults write com.apple.TextEdit RichText -int 0 780 | # Open and save files as UTF-8 in TextEdit 781 | defaults write com.apple.TextEdit PlainTextEncoding -int 4 782 | defaults write com.apple.TextEdit PlainTextEncodingForWrite -int 4 783 | 784 | # Enable the debug menu in Disk Utility 785 | defaults write com.apple.DiskUtility DUDebugMenuEnabled -bool true 786 | defaults write com.apple.DiskUtility advanced-image-options -bool true 787 | 788 | # Auto-play videos when opened with QuickTime Player 789 | defaults write com.apple.QuickTimePlayerX MGPlayMovieOnOpen -bool true 790 | 791 | ############################################################################### 792 | # Mac App Store # 793 | ############################################################################### 794 | 795 | # Enable the WebKit Developer Tools in the Mac App Store 796 | defaults write com.apple.appstore WebKitDeveloperExtras -bool true 797 | 798 | # Enable Debug Menu in the Mac App Store 799 | defaults write com.apple.appstore ShowDebugMenu -bool true 800 | 801 | # Enable the automatic update check 802 | defaults write com.apple.SoftwareUpdate AutomaticCheckEnabled -bool true 803 | 804 | # Check for software updates daily, not just once per week 805 | defaults write com.apple.SoftwareUpdate ScheduleFrequency -int 1 806 | 807 | # Download newly available updates in background 808 | defaults write com.apple.SoftwareUpdate AutomaticDownload -int 1 809 | 810 | # Install System data files & security updates 811 | defaults write com.apple.SoftwareUpdate CriticalUpdateInstall -int 1 812 | 813 | # Automatically download apps purchased on other Macs 814 | defaults write com.apple.SoftwareUpdate ConfigDataInstall -int 1 815 | 816 | # Turn on app auto-update 817 | defaults write com.apple.commerce AutoUpdate -bool true 818 | 819 | # Allow the App Store to reboot machine on macOS updates 820 | defaults write com.apple.commerce AutoUpdateRestartRequired -bool true 821 | 822 | ############################################################################### 823 | # Photos # 824 | ############################################################################### 825 | 826 | # Prevent Photos from opening automatically when devices are plugged in 827 | defaults -currentHost write com.apple.ImageCapture disableHotPlug -bool true 828 | 829 | ############################################################################### 830 | # Messages # 831 | ############################################################################### 832 | 833 | # Disable automatic emoji substitution (i.e. use plain text smileys) 834 | defaults write com.apple.messageshelper.MessageController SOInputLineSettings -dict-add "automaticEmojiSubstitutionEnablediMessage" -bool false 835 | 836 | # Disable smart quotes as it’s annoying for messages that contain code 837 | defaults write com.apple.messageshelper.MessageController SOInputLineSettings -dict-add "automaticQuoteSubstitutionEnabled" -bool false 838 | 839 | # Disable continuous spell checking 840 | defaults write com.apple.messageshelper.MessageController SOInputLineSettings -dict-add "continuousSpellCheckingEnabled" -bool false 841 | 842 | ############################################################################### 843 | # Google Chrome & Google Chrome Canary # 844 | ############################################################################### 845 | 846 | # Disable the all too sensitive backswipe on trackpads 847 | defaults write com.google.Chrome AppleEnableSwipeNavigateWithScrolls -bool false 848 | defaults write com.google.Chrome.canary AppleEnableSwipeNavigateWithScrolls -bool false 849 | 850 | # Disable the all too sensitive backswipe on Magic Mouse 851 | defaults write com.google.Chrome AppleEnableMouseSwipeNavigateWithScrolls -bool false 852 | defaults write com.google.Chrome.canary AppleEnableMouseSwipeNavigateWithScrolls -bool false 853 | 854 | # Use the system-native print preview dialog 855 | defaults write com.google.Chrome DisablePrintPreview -bool true 856 | defaults write com.google.Chrome.canary DisablePrintPreview -bool true 857 | 858 | # Expand the print dialog by default 859 | defaults write com.google.Chrome PMPrintingExpandedStateForPrint2 -bool true 860 | defaults write com.google.Chrome.canary PMPrintingExpandedStateForPrint2 -bool true 861 | 862 | 863 | 864 | 865 | 866 | 867 | ##################### 868 | # CHECK ERRORS # 869 | ##################### 870 | 871 | echo 872 | echo "Errors: $errorCount" 873 | echo "[$(DATE)][LOG-END]" 874 | 875 | caffexit $errorCount 876 | --------------------------------------------------------------------------------