├── .gitignore
├── LICENSE
├── README.md
├── launchd
├── LaunchAgents
│ └── open-onedrive
│ │ ├── com.jacobfgrant.open-onedrive.plist
│ │ └── open-onedrive.sh
└── README.md
├── nopkgs
├── EnableFirewall-1.0
├── EnablePrinterAdmins-1.0
├── README.md
├── RemovePrinters-1.0
└── RunANTS-1.0
├── packages
├── README.md
├── ard-setup
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── scripts
│ │ └── postinstall
├── chrome-enable-autoupdates
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ │ └── usr
│ │ └── local
│ │ └── outset
│ │ └── login-privileged-once
│ │ └── chrome-enable-autoupdates.py
├── chrome-extension-https-everywhere
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ │ └── Library
│ │ └── Application Support
│ │ └── Google
│ │ └── Chrome
│ │ └── External Extensions
│ │ └── gcbommkclmclpchllfjekcdonpmejbdp.json
├── chrome-extension-lastpass
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ │ └── Library
│ │ └── Application Support
│ │ └── Google
│ │ └── Chrome
│ │ └── External Extensions
│ │ └── hdokiejnpimakedhajhdlcegeplioahd.json
├── chrome-extension-ublock-origin
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ │ └── Library
│ │ └── Application Support
│ │ └── Google
│ │ └── Chrome
│ │ └── External Extensions
│ │ └── cjpalhdlnbpafiamejdnhcphjbkeiagm.json
├── chrome-first-run
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ │ └── usr
│ │ └── local
│ │ └── outset
│ │ └── login-once
│ │ └── chrome-first-run.sh
├── cloudfront-middleware
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ │ ├── usr
│ │ └── local
│ │ │ └── munki
│ │ │ └── middleware_cloudfront.py
│ │ └── var
│ │ └── root
│ │ └── Library
│ │ └── Preferences
│ │ └── com.github.aaronburchfield.cloudfront.plist
├── dock-setup
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ │ └── usr
│ │ └── local
│ │ └── outset
│ │ └── login-once
│ │ └── dock-setup.sh
├── duti
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ │ └── usr
│ │ └── local
│ │ ├── bin
│ │ └── duti
│ │ └── share
│ │ └── man
│ │ └── man1
│ │ └── duti.1
├── finder-setup
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ │ └── usr
│ │ └── local
│ │ └── outset
│ │ └── login-once
│ │ └── finder-sidebar.sh
├── firewall-setup
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── scripts
│ │ └── postinstall
├── msoffice-setup-user
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ │ └── usr
│ │ └── local
│ │ └── outset
│ │ └── login-once
│ │ └── msoffice-setup-user-info.sh
├── munki-bootstrap
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ ├── payload
│ │ └── usr
│ │ │ └── local
│ │ │ └── outset
│ │ │ └── boot-once
│ │ │ └── munki-bootstrap.sh
│ └── scripts
│ │ └── postinstall
├── munki-startup
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ │ └── usr
│ │ └── local
│ │ └── outset
│ │ └── boot-every
│ │ └── munki-startup.sh
├── open-onedrive
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ │ └── usr
│ │ └── local
│ │ └── outset
│ │ └── login-every
│ │ └── open-onedrive.sh
└── set-outlook-default
│ ├── .gitignore
│ ├── Bom.txt
│ ├── build-info.plist
│ └── payload
│ └── usr
│ └── local
│ └── outset
│ └── login-every
│ └── set-outlook.sh
├── profiles
├── AppleSoftwareUpdate.mobileconfig
├── ChromeDefaultBrowser.mobileconfig
├── ChromeExtensionPolicy.mobileconfig
├── ChromeInstallExtensions.mobileconfig
├── ChromeManagedBookmarks.mobileconfig
├── ChromePreferences.mobileconfig
├── ChromeURLBlacklist.mobileconfig
├── DiagnosticSettings.mobileconfig
├── DisableAppResume.mobileconfig
├── DisableSiri.mobileconfig
├── DisableWifi.mobileconfig
├── DisableiCloudDesktopDocuments.mobileconfig
├── FastUserSwitching.mobileconfig
├── Finder.mobileconfig
├── ManagedInstalls.mobileconfig
├── Munkireport.mobileconfig
├── Office365.mobileconfig
├── Office365Excel.mobileconfig
├── Office365OneDrive.mobileconfig
├── Office365OneNote.mobileconfig
├── Office365Outlook.mobileconfig
├── Office365PowerPoint.mobileconfig
├── Office365Skype.mobileconfig
├── Office365Word.mobileconfig
├── README.md
├── Safari.mobileconfig
├── Sal.mobileconfig
├── SkipSiriSetup.mobileconfig
└── SkipiCloudSetup.mobileconfig
└── scripts
├── README.md
├── buildLaunchDPkg.py
├── buildMunkiPkg.py
├── munki_setup.sh
└── munkireport_setup.sh
/.gitignore:
--------------------------------------------------------------------------------
1 | #.gitignore file for /jacobfgrant/mac-admin
2 |
3 | # Certificates
4 | *.pem
5 |
6 | #.DS_Store files
7 | .DS_Store
8 |
9 | # MacOS Package files
10 | *.pkg
11 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "{}"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright {yyyy} {name of copyright owner}
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Mac Admin
2 |
3 | A collection of tools, scripts, and profiles for administering Macs.
4 |
5 |
6 | ## launchd
7 |
8 | A collection of LaunchDaemons/LaunchAgents. These can be built into packages using the buildLaunchDPkg.py script.
9 |
10 |
11 | ## Nopkgs
12 |
13 | Munki nopkgs (pkginfo files with no pkg or app payload) used for running scripts through munki.
14 |
15 |
16 | ## Packages
17 |
18 | Packages (.pkg files) to be built using Greg Neagle's [munkipkg tool](https://github.com/munki/munki-pkg).
19 |
20 |
21 | ## Profiles
22 |
23 | Configuration profiles (.mobileconfig files) used to configure macOS and iOS.
24 |
25 |
26 | ## Scripts
27 |
28 | Scripts used to set up or configure services in a Mac Admin's environment or to interact with other parts of this repository.
29 |
--------------------------------------------------------------------------------
/launchd/LaunchAgents/open-onedrive/com.jacobfgrant.open-onedrive.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Label
6 | com.jacobfgrant.open-onedrive
7 | Program
8 | /usr/local/launchd/open-onedrive.sh
9 | RunAtLoad
10 |
11 | StartInterval
12 | 3600
13 |
14 |
--------------------------------------------------------------------------------
/launchd/LaunchAgents/open-onedrive/open-onedrive.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # open-onedrive.sh
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Created: 08/04/17
9 | # Updated: 11/30/17
10 | #
11 |
12 | if
13 | [ -d "/Applications/OneDrive.app" ] &&
14 | [ -d /Users/$USER/OneDrive* ] ||
15 | [ -d /Users/$USER/Documents/OneDrive* ]
16 | then
17 | open "/Applications/OneDrive.app" -g
18 | fi
19 |
--------------------------------------------------------------------------------
/launchd/README.md:
--------------------------------------------------------------------------------
1 | # launchd
2 |
3 | A collection of LaunchDaemons/LaunchAgents.
4 |
5 | The files can be packaged into a pkg installer using the provided buildLaunchDPkg.py script.
6 |
7 |
8 | ## LaunchAgents
9 |
10 | * **open-onedrive** – Opens Microsoft OneDrive app in the background periodically if installed and a OneDrive folder is present in the User's home or Documents folder. This ensures OneDrive sync is enabled.
11 |
12 |
13 | ## LaunchDaemons
14 |
15 |
--------------------------------------------------------------------------------
/nopkgs/EnableFirewall-1.0:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | autoremove
6 |
7 | catalogs
8 |
9 | testing
10 |
11 | category
12 | Security
13 | description
14 | Enable and configure the macOS firewall.
15 | developer
16 | Jacob F. Grant
17 | display_name
18 | Enable Firewall
19 | installcheck_script
20 | #!/bin/bash
21 |
22 | # Set defaults location
23 | DEFAULTS="/usr/bin/defaults"
24 |
25 | # Firewall status
26 | if [[ `$DEFAULTS read /Library/Preferences/com.apple.alf globalstate` -ne 1 ]]
27 | then
28 | exit 0
29 | fi
30 |
31 | # Built-in software status
32 | if [[ `$DEFAULTS read /Library/Preferences/com.apple.alf allowsignedenabled` -ne 1 ]]
33 | then
34 | exit 0
35 | fi
36 |
37 | # Signed software status
38 | if [[ `$DEFAULTS read /Library/Preferences/com.apple.alf allowdownloadsignedenabled` -ne 1 ]]
39 | then
40 | exit 0
41 | fi
42 |
43 | # Stealth Mode status
44 | if [[ `$DEFAULTS read /Library/Preferences/com.apple.alf stealthenabled` -ne 0 ]]
45 | then
46 | exit 0
47 | fi
48 |
49 | exit 1
50 |
51 | installer_type
52 | nopkg
53 | minimum_os_version
54 | 10.4.0
55 | name
56 | EnableFirewall
57 | postinstall_script
58 | #!/bin/bash
59 |
60 | # Set defaults location
61 | DEFAULTS="/usr/bin/defaults"
62 |
63 | # Enable firewall
64 | $DEFAULTS write /Library/Preferences/com.apple.alf globalstate -int 1
65 |
66 | # Allow built-in software to recieve connections
67 | $DEFAULTS write /Library/Preferences/com.apple.alf allowsignedenabled -int 1
68 |
69 | # Allow signed software to recieve connections
70 | $DEFAULTS write /Library/Preferences/com.apple.alf allowdownloadsignedenabled -int 1
71 |
72 | # Disable Stealth Mode
73 | $DEFAULTS write /Library/Preferences/com.apple.alf stealthenabled -int 0
74 | unattended_install
75 |
76 | unattended_uninstall
77 |
78 | uninstall_method
79 | uninstall_script
80 | uninstallable
81 |
82 | version
83 | 1.0
84 |
85 |
86 |
--------------------------------------------------------------------------------
/nopkgs/EnablePrinterAdmins-1.0:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | autoremove
6 |
7 | catalogs
8 |
9 | testing
10 | production
11 |
12 | category
13 | Printers
14 | description
15 | Adds all users to the printer administrator group to enable users to add/remove printers without admin credentials.
16 | developer
17 | Jacob F. Grant
18 | display_name
19 | Enable Printer Admins
20 | installcheck_script
21 | #!/bin/bash
22 |
23 | # List members of group
24 | function group_members {
25 | for u in $(dscl . list /users)
26 | do [[ $(id -nG "$u" | grep "$1") ]] && echo "$u"
27 | done
28 | }
29 |
30 | # Check if staff == _lpadmin
31 | if [[ `group_members staff` == `group_members _lpadmin` ]]
32 | then
33 | # staff != _lpadmin
34 | exit 1
35 | else
36 | # staff == _lpadmin
37 | exit 0
38 | fi
39 | installer_type
40 | nopkg
41 | minimum_os_version
42 | 10.4.0
43 | name
44 | EnablePrinterAdmins
45 | postinstall_script
46 | #!/bin/bash
47 |
48 | # Add staff users to _lpadmin group
49 | dseditgroup -o edit -t group -a staff _lpadmin
50 | unattended_install
51 |
52 | unattended_uninstall
53 |
54 | uninstall_method
55 | uninstall_script
56 | uninstall_script
57 | #!/bin/bash
58 |
59 | # Delete staff users from _lpadmin group
60 | dseditgroup -o edit -t group -d staff _lpadmin
61 | uninstallable
62 |
63 | version
64 | 1.0
65 |
66 |
67 |
--------------------------------------------------------------------------------
/nopkgs/README.md:
--------------------------------------------------------------------------------
1 | ## Nopkgs
2 |
3 | Munki nopkgs (pkginfo files with no pkg or app payload) used for running scripts through munki.
4 |
5 |
6 | * **EnableFirewall** – Enable and configure the macOS firewall.
7 |
8 | * **EnablePrinterAdmins** – Adds all users to the printer administrator group to enable users to add/remove printers without admin credentials.
9 |
10 | * **RemovePrinters** – Removes all printers from machine. (On Demand)
11 |
12 | * **RunANTS** – Runs ANTS, a framework to manage and apply configurations using Ansible Pull. (On Demand)
13 |
--------------------------------------------------------------------------------
/nopkgs/RemovePrinters-1.0:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | OnDemand
6 |
7 | autoremove
8 |
9 | catalogs
10 |
11 | testing
12 |
13 | category
14 | Printers
15 | description
16 | Removes all printers from this machine.
17 | developer
18 | Jacob F. Grant
19 | display_name
20 | Remove Printers
21 | installer_type
22 | nopkg
23 | minimum_os_version
24 | 10.4.0
25 | name
26 | RemovePrinters
27 | postinstall_script
28 | #!/bin/bash
29 | lpstat -p | awk '{print $2}' | while read printer
30 | do
31 | lpadmin -x $printer
32 | done
33 | unattended_install
34 |
35 | unattended_uninstall
36 |
37 | uninstall_method
38 | uninstall_script
39 | uninstallable
40 |
41 | version
42 | 1.0
43 |
44 |
45 |
--------------------------------------------------------------------------------
/nopkgs/RunANTS-1.0:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | OnDemand
6 |
7 | autoremove
8 |
9 | catalogs
10 |
11 | testing
12 |
13 | category
14 | Configuration
15 | description
16 | Runs ANTS, a framework to manage and apply configurations using Ansible Pull.
17 |
18 | https://github.com/ANTS-Framework/ants
19 | developer
20 | Jacob F. Grant
21 | display_name
22 | Run ANTS
23 | installer_type
24 | nopkg
25 | minimum_os_version
26 | 10.4.0
27 | name
28 | RunANTS
29 | postinstall_script
30 | #!/bin/bash
31 |
32 | /Library/ANTS-Framework/bin/ants
33 | unattended_install
34 |
35 | unattended_uninstall
36 |
37 | uninstall_method
38 | uninstall_script
39 | uninstallable
40 |
41 | version
42 | 1.0
43 |
44 |
45 |
--------------------------------------------------------------------------------
/packages/README.md:
--------------------------------------------------------------------------------
1 | ## Packages
2 |
3 | Packages (.pkg files) to be built using Greg Neagle's [munkipkg tool](https://github.com/munki/munki-pkg).
4 |
5 |
6 | * **ard-setup** – Runs a post-install script to enable ARD (Remote Management) for the specified user(s)
7 |
8 | * **chrome-enable-autoupdates** – Installs [Hannes Juutilainen's](https://github.com/hjuutilainen) [chrome-enable-autoupdates](https://github.com/hjuutilainen/adminscripts/blob/master/chrome-enable-autoupdates.py) script in the `outset/login-privileged-once` folder to ensure Google Chrome autoupdates for all users (requires [outset](https://github.com/chilcote/outset))
9 |
10 | * **chrome-extension-https-everywhere** – Installs the HTTPS Everywhere Chrome extension (requires [outset](https://github.com/chilcote/outset)) [DEPRECATED]
11 |
12 | * **chrome-extension-lastpass** – Installs the LastPass Chrome extension (requires [outset](https://github.com/chilcote/outset)) [DEPRECATED]
13 |
14 | * **chrome-extension-ublock-origin** – Installs the uBlock Origin Chrome extension (requires [outset](https://github.com/chilcote/outset)) [DEPRECATED]
15 |
16 | * **chrome-first-run** – Installs a script in `outset/login-every` to bypass Google Chrome's first-run setup (requires [outset](https://github.com/chilcote/outset))
17 |
18 | * **cloudfront-middleware** – Installs [Aaron Burchfield's](https://github.com/AaronBurchfield) AWS [CloudFront Middleware](https://github.com/AaronBurchfield/CloudFront-Middleware) script for munki, along with the necessary preference file and certificate, to allow munki to be used with an AWS CloudFront distribution with restrictions enabled.
19 |
20 | * **dock-setup** – Installs a script in `outset/login-once` to configure the Dock (requires [dockutil](https://github.com/kcrawford/dockutil), [outset](https://github.com/chilcote/outset))
21 |
22 | * **duti** – Installs the compiled [duti](https://github.com/moretension/duti) binary and man page from homebrew (v1.5.3)
23 |
24 | * **finder-setup** – Installs a script in `outset/login-once` to configure the Finder sidebar (requires [mysides](https://github.com/mosen/mysides), [outset](https://github.com/chilcote/outset))
25 |
26 | * **firewall-setup** – Runs a post-install script to enable the MacOS firewall and allow built-in and signed software to recieve connections (10.12 and up)
27 |
28 | * **msoffice-setup-user** – Installs a script in `outset/login-every` to personalize Microsoft Office 2016 for the user (requires [outset](https://github.com/chilcote/outset))
29 |
30 | * **munki-bootstrap** – Installs a script to `outset/boot-once` and runs a post-install script to bootstrap munki after re-imaging a Mac (requires [outset](https://github.com/chilcote/outset))
31 |
32 | * **munki-startup** – Installs a script in `outset/login-every` to run munki at the login screen on startup (requires [outset](https://github.com/chilcote/outset))
33 |
34 | * **open-onedrive** – Installs a script in `outset/login-every` to open the Microsoft OneDrive app at login if installed and the user has a OneDrive folder in their home or Documents folder (requires [outset](https://github.com/chilcote/outset))
35 |
36 | * **set-outlook-default** – Installs a script in `outset/login-every` to set Microsoft Outlook as the default mail client (requires [duti](https://github.com/moretension/duti), [outset](https://github.com/chilcote/outset))
37 |
--------------------------------------------------------------------------------
/packages/ard-setup/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/ard-setup/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 |
--------------------------------------------------------------------------------
/packages/ard-setup/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.ard-setup
9 | install_location
10 | /
11 | name
12 | ard-setup-${version}.pkg
13 | postinstall_action
14 | none
15 | version
16 | 1.0
17 |
18 |
19 |
--------------------------------------------------------------------------------
/packages/ard-setup/scripts/postinstall:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # ard-setup.sh
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Created: 02/10/17
9 | # Updated: 08/28/17
10 | #
11 |
12 | # Set kickstart location
13 | KICKSTART="/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart"
14 |
15 |
16 | # Turn on Remote Desktop Sharing, allow access for specified users
17 | $KICKSTART -activate -configure -allowAccessFor -specifiedUsers
18 |
19 |
20 | # Give user mac-admin access to ARD and allow access to all services
21 | $KICKSTART -configure -users mac-admin -access -on -privs -all
22 |
23 |
24 | # Restart the ARD Agent and helper
25 | $KICKSTART -restart -agent
26 |
--------------------------------------------------------------------------------
/packages/chrome-enable-autoupdates/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/chrome-enable-autoupdates/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./usr 40755 0/0
3 | ./usr/local 40755 0/0
4 | ./usr/local/outset 40755 0/0
5 | ./usr/local/outset/login-privileged-once 40755 0/0
6 | ./usr/local/outset/login-privileged-once/chrome-enable-autoupdates.py 100755 0/80 5847 2577123095
7 |
--------------------------------------------------------------------------------
/packages/chrome-enable-autoupdates/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.chrome-enable-autoupdates
9 | install_location
10 | /
11 | name
12 | chrome-enable-autoupdates-${version}.pkg
13 | ownership
14 | preserve
15 | postinstall_action
16 | none
17 | version
18 | 1.0
19 |
20 |
21 |
--------------------------------------------------------------------------------
/packages/chrome-enable-autoupdates/payload/usr/local/outset/login-privileged-once/chrome-enable-autoupdates.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # encoding: utf-8
3 | """
4 | chrome-enable-autoupdates.py
5 |
6 | This script enables system wide automatic updates for Google Chrome.
7 | It should work for Chrome versions 18 and later. No configuration needed
8 | as this is originally intended as a munki postinstall script.
9 |
10 | Created by Hannes Juutilainen, hjuutilainen@mac.com
11 |
12 | History:
13 | --------
14 |
15 | 2017-05-13, Jacob F. Grant
16 | - Tested on Chrome 58
17 |
18 | 2016-09-25, Jacob F. Grant
19 | - Tested on Chrome 55/56, added to workflow
20 |
21 | --------
22 |
23 | 2015-09-25, Niklas Blomdalen
24 | - Modifications to include old KeystoneRegistration installation (python version)
25 |
26 | 2014-11-20, Hannes Juutilainen
27 | - Modifications for Chrome 39
28 |
29 | 2012-08-31, Hannes Juutilainen
30 | - Added --force flag to keystoneInstall as suggested by Riley Shott
31 |
32 | 2012-05-29, Hannes Juutilainen
33 | - Added more error checking
34 |
35 | 2012-05-25, Hannes Juutilainen
36 | - Added some error checking in main
37 |
38 | 2012-05-24, Hannes Juutilainen
39 | - First version
40 |
41 | """
42 |
43 | import sys
44 | import os
45 | import getopt
46 | import subprocess
47 | import plistlib
48 |
49 | chromePath = "/Applications/Google Chrome.app"
50 | infoPlistPath = os.path.realpath(os.path.join(chromePath, 'Contents/Info.plist'))
51 | brandPath = "/Library/Google/Google Chrome Brand.plist"
52 | brandKey = "KSBrandID"
53 | tagPath = infoPlistPath
54 | tagKey = "KSChannelID"
55 | versionPath = infoPlistPath
56 | versionKey = "KSVersion"
57 |
58 |
59 | class Usage(Exception):
60 | def __init__(self, msg):
61 | self.msg = msg
62 |
63 |
64 | def chromeIsInstalled():
65 | """Check if Chrome is installed"""
66 | if os.path.exists(chromePath):
67 | return True
68 | else:
69 | return False
70 |
71 |
72 | def chromeVersion():
73 | """Returns Chrome version"""
74 | infoPlist = plistlib.readPlist(infoPlistPath)
75 | bundleShortVersion = infoPlist["CFBundleShortVersionString"]
76 | return bundleShortVersion
77 |
78 |
79 | def chromeKSUpdateURL():
80 | """Returns KSUpdateURL from Chrome Info.plist"""
81 | infoPlist = plistlib.readPlist(infoPlistPath)
82 | KSUpdateURL = infoPlist["KSUpdateURL"]
83 | return KSUpdateURL
84 |
85 |
86 | def chromeKSProductID():
87 | """Returns KSProductID from Chrome Info.plist"""
88 | infoPlist = plistlib.readPlist(infoPlistPath)
89 | KSProductID = infoPlist["KSProductID"]
90 | return KSProductID
91 |
92 |
93 | def keystoneRegistrationFrameworkPath():
94 | """Returns KeystoneRegistration.framework path"""
95 | keystoneRegistration = os.path.join(chromePath, 'Contents/Versions')
96 | keystoneRegistration = os.path.join(keystoneRegistration, chromeVersion())
97 | keystoneRegistration = os.path.join(keystoneRegistration, 'Google Chrome Framework.framework')
98 | keystoneRegistration = os.path.join(keystoneRegistration, 'Frameworks/KeystoneRegistration.framework')
99 | return keystoneRegistration
100 |
101 |
102 | def keystoneInstall():
103 | """Install the current Keystone"""
104 | installScript = os.path.join(keystoneRegistrationFrameworkPath(), 'Resources/ksinstall')
105 | if not os.path.exists(installScript):
106 | installScript = os.path.join(keystoneRegistrationFrameworkPath(), 'Resources/install.py')
107 | keystonePayload = os.path.join(keystoneRegistrationFrameworkPath(), 'Resources/Keystone.tbz')
108 | if os.path.exists(installScript) and os.path.exists(keystonePayload):
109 | retcode = subprocess.call([installScript, '--install', keystonePayload, '--force'])
110 | if retcode == 0:
111 | return True
112 | else:
113 | return False
114 | else:
115 | print >> sys.stderr, "Error: KeystoneRegistration.framework not found"
116 | return False
117 |
118 |
119 | def removeChromeFromKeystone():
120 | """Removes Chrome from Keystone"""
121 | ksadmin = "/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin"
122 | ksadminProcess = [ ksadmin, '--delete', '--productid', chromeKSProductID()]
123 | retcode = subprocess.call(ksadminProcess)
124 | if retcode == 0:
125 | return True
126 | else:
127 | return False
128 |
129 |
130 | def registerChromeWithKeystone():
131 | """Registers Chrome with Keystone"""
132 | ksadmin = "/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin"
133 | if os.path.exists(ksadmin):
134 | ksadminProcess = [ksadmin,
135 | '--register',
136 | '--preserve-tttoken',
137 | '--productid', chromeKSProductID(),
138 | '--version', chromeVersion(),
139 | '--xcpath', chromePath,
140 | '--url', chromeKSUpdateURL(),
141 | '--tag-path', tagPath,
142 | '--tag-key', tagKey,
143 | '--brand-path', brandPath,
144 | '--brand-key', brandKey,
145 | '--version-path', versionPath,
146 | '--version-key', versionKey]
147 | retcode = subprocess.call(ksadminProcess)
148 | if retcode == 0:
149 | return True
150 | else:
151 | return False
152 | else:
153 | print >> sys.stderr, "Error: %s doesn't exist" % ksadmin
154 | return False
155 |
156 |
157 | def main(argv=None):
158 | if argv is None:
159 | argv = sys.argv
160 | try:
161 | # Check for root
162 | if os.geteuid() != 0:
163 | print >> sys.stderr, "This script must be run as root"
164 | return 1
165 |
166 | if not chromeIsInstalled():
167 | print >> sys.stderr, "Error: Chrome is not installed on this computer"
168 | return 1
169 | if keystoneInstall():
170 | print "Keystone installed"
171 | else:
172 | print >> sys.stderr, "Error: Keystone install failed"
173 | return 1
174 | if registerChromeWithKeystone():
175 | print "Registered Chrome with Keystone"
176 | return 0
177 | else:
178 | print >> sys.stderr, "Error: Failed to register Chrome with Keystone"
179 | return 1
180 |
181 | except Usage, err:
182 | print >>sys.stderr, err.msg
183 | print >>sys.stderr, "for help use --help"
184 | return 2
185 |
186 |
187 | if __name__ == "__main__":
188 | sys.exit(main())
189 |
--------------------------------------------------------------------------------
/packages/chrome-extension-https-everywhere/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/chrome-extension-https-everywhere/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./Library 40755 0/0
3 | ./Library/Application Support 40755 0/80
4 | ./Library/Application Support/Google 40755 0/80
5 | ./Library/Application Support/Google/Chrome 40755 0/80
6 | ./Library/Application Support/Google/Chrome/External Extensions 40755 0/80
7 | ./Library/Application Support/Google/Chrome/External Extensions/gcbommkclmclpchllfjekcdonpmejbdp.json 100644 0/0 79 2343193069
8 |
--------------------------------------------------------------------------------
/packages/chrome-extension-https-everywhere/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.chrome-extension-https-everywhere
9 | install_location
10 | /
11 | name
12 | chrome-extension-https-everywhere-${version}.pkg
13 | ownership
14 | preserve
15 | postinstall_action
16 | none
17 | version
18 | 1.0
19 |
20 |
21 |
--------------------------------------------------------------------------------
/packages/chrome-extension-https-everywhere/payload/Library/Application Support/Google/Chrome/External Extensions/gcbommkclmclpchllfjekcdonpmejbdp.json:
--------------------------------------------------------------------------------
1 | {"external_update_url":"https:\/\/clients2.google.com\/service\/update2\/crx"}
2 |
--------------------------------------------------------------------------------
/packages/chrome-extension-lastpass/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/chrome-extension-lastpass/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./Library 40755 0/0
3 | ./Library/Application Support 40755 0/80
4 | ./Library/Application Support/Google 40755 0/80
5 | ./Library/Application Support/Google/Chrome 40755 0/80
6 | ./Library/Application Support/Google/Chrome/External Extensions 40755 0/80
7 | ./Library/Application Support/Google/Chrome/External Extensions/hdokiejnpimakedhajhdlcegeplioahd.json 100644 0/0 79 2343193069
8 |
--------------------------------------------------------------------------------
/packages/chrome-extension-lastpass/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.chrome-extension-lastpass
9 | install_location
10 | /
11 | name
12 | chrome-extension-lastpass-${version}.pkg
13 | ownership
14 | preserve
15 | postinstall_action
16 | none
17 | version
18 | 1.0
19 |
20 |
21 |
--------------------------------------------------------------------------------
/packages/chrome-extension-lastpass/payload/Library/Application Support/Google/Chrome/External Extensions/hdokiejnpimakedhajhdlcegeplioahd.json:
--------------------------------------------------------------------------------
1 | {"external_update_url":"https:\/\/clients2.google.com\/service\/update2\/crx"}
2 |
--------------------------------------------------------------------------------
/packages/chrome-extension-ublock-origin/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/chrome-extension-ublock-origin/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./Library 40755 0/0
3 | ./Library/Application Support 40755 0/80
4 | ./Library/Application Support/Google 40755 0/80
5 | ./Library/Application Support/Google/Chrome 40755 0/80
6 | ./Library/Application Support/Google/Chrome/External Extensions 40755 0/80
7 | ./Library/Application Support/Google/Chrome/External Extensions/cjpalhdlnbpafiamejdnhcphjbkeiagm.json 100644 0/0 79 2343193069
8 |
--------------------------------------------------------------------------------
/packages/chrome-extension-ublock-origin/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.chrome-extension-ublock-origin
9 | install_location
10 | /
11 | name
12 | chrome-extension-ublock-origin-${version}.pkg
13 | ownership
14 | preserve
15 | postinstall_action
16 | none
17 | version
18 | 1.0
19 |
20 |
21 |
--------------------------------------------------------------------------------
/packages/chrome-extension-ublock-origin/payload/Library/Application Support/Google/Chrome/External Extensions/cjpalhdlnbpafiamejdnhcphjbkeiagm.json:
--------------------------------------------------------------------------------
1 | {"external_update_url":"https:\/\/clients2.google.com\/service\/update2\/crx"}
2 |
--------------------------------------------------------------------------------
/packages/chrome-first-run/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./usr 40755 0/0
3 | ./usr/local 40755 0/0
4 | ./usr/local/outset 40755 0/0
5 | ./usr/local/outset/login-once 40755 0/0
6 | ./usr/local/outset/login-once/chrome-first-run.sh 100755 0/0 506 1437312201
7 |
--------------------------------------------------------------------------------
/packages/chrome-first-run/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.chrome-first-run
9 | install_location
10 | /
11 | name
12 | chrome-first-run-${version}.pkg
13 | ownership
14 | preserve
15 | postinstall_action
16 | none
17 | version
18 | 1.0
19 |
20 |
21 |
--------------------------------------------------------------------------------
/packages/chrome-first-run/payload/usr/local/outset/login-once/chrome-first-run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # chrome-first-run.sh
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Created: 08/27/17
9 | #
10 |
11 | # Check if Google Chrome is installed
12 |
13 | if [[ ! -d "/Applications/Google Chrome.app" ]]
14 | then
15 | exit 0
16 | fi
17 |
18 |
19 | # Create user Library Chrome directory and First Run file
20 |
21 | if [[ ! -d "/Users/$USER/Library/Application Support/Google/Chrome" ]]
22 | then
23 | mkdir -p "/Users/$USER/Library/Application Support/Google/Chrome"
24 | fi
25 |
26 | touch "/Users/$USER/Library/Application Support/Google/Chrome/First Run"
27 |
--------------------------------------------------------------------------------
/packages/cloudfront-middleware/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/cloudfront-middleware/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./usr 40755 0/0
3 | ./usr/local 40755 0/0
4 | ./usr/local/munki 40755 0/0
5 | ./usr/local/munki/middleware_cloudfront.py 100600 0/0 2373 1837537193
6 | ./usr/local/munki/munkiaccess.pem 100400 0/0 64 1181520792
7 | ./var 40755 0/0
8 | ./var/root 40755 0/0
9 | ./var/root/Library 40755 0/0
10 | ./var/root/Library/Preferences 40755 0/0
11 | ./var/root/Library/Preferences/com.github.aaronburchfield.cloudfront.plist 100600 0/0 320 1437987033
12 |
--------------------------------------------------------------------------------
/packages/cloudfront-middleware/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.cloudfront-middleware
9 | install_location
10 | /
11 | name
12 | cloudfront-middleware-${version}.pkg
13 | postinstall_action
14 | none
15 | version
16 | 1.0
17 |
18 |
19 |
--------------------------------------------------------------------------------
/packages/cloudfront-middleware/payload/usr/local/munki/middleware_cloudfront.py:
--------------------------------------------------------------------------------
1 | """Munki middleware provider to generate signed CloudFront requests."""
2 |
3 | import os
4 | import time
5 | import json
6 | import base64
7 | from string import maketrans
8 | from OpenSSL.crypto import FILETYPE_PEM
9 | from OpenSSL.crypto import load_privatekey
10 | from OpenSSL.crypto import sign
11 | from Foundation import CFPreferencesCopyAppValue
12 |
13 | __version__ = '1.0'
14 |
15 | BUNDLE = 'com.github.aaronburchfield.cloudfront'
16 | KEYFILENAME = 'munkiaccess.pem'
17 | KEYFILEPATH = os.path.abspath(os.path.join(os.path.dirname(__file__),
18 | KEYFILENAME))
19 |
20 |
21 | def read_preference(key, bundle):
22 | """Read a preference key from a preference domain."""
23 | value = CFPreferencesCopyAppValue(key, bundle)
24 | return value
25 |
26 |
27 | def assemble_cloudfront_request(resource, key, access_id, expires):
28 | """Assemble a CloudFront request."""
29 | # Format a request policy for the resource
30 | request_policy = {
31 | "Statement": [{"Resource": resource, "Condition": {"DateLessThan":
32 | {"AWS:EpochTime": expires}}}]
33 | }
34 | request_policy = json.dumps(request_policy).replace(' ', '')
35 | # Sign and encode request policy
36 | signature = base64.b64encode(sign(key, request_policy, 'RSA-SHA1'))
37 | # Replace unsafe characters
38 | signature = signature.translate(maketrans('+=/', '-_~'))
39 | # Format the final request URL
40 | cloudfront_request = ("{0}?Expires={1}&Signature={2}&Key-Pair-Id={3}"
41 | .format(resource, expires, signature, access_id))
42 | return cloudfront_request
43 |
44 |
45 | def generate_cloudfront_url(url):
46 | """Read the required components to build a CloudFront request."""
47 | # Read our CloudFront key from file
48 | key = load_privatekey(FILETYPE_PEM, open(KEYFILEPATH, 'r').read())
49 | # Read CloudFront access key id and resource expiration from preference
50 | access_id = read_preference('access_id', BUNDLE)
51 | expire_after = read_preference('expire_after', BUNDLE) or 60
52 | expires = int(time.time()) + 60 * int(expire_after)
53 | cloudfront_url = assemble_cloudfront_request(url, key, access_id, expires)
54 | return cloudfront_url
55 |
56 |
57 | def process_request_options(options):
58 | """Return a signed request for CloudFront resources."""
59 | domain_name = read_preference('domain_name', BUNDLE) or 'cloudfront.net'
60 | if domain_name in options['url']:
61 | options['url'] = generate_cloudfront_url(options['url'])
62 | return options
63 |
--------------------------------------------------------------------------------
/packages/cloudfront-middleware/payload/var/root/Library/Preferences/com.github.aaronburchfield.cloudfront.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | access_id
6 |
7 | domain_name
8 |
9 | expire_after
10 | 30
11 |
12 |
13 |
--------------------------------------------------------------------------------
/packages/dock-setup/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/dock-setup/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./usr 40755 0/0
3 | ./usr/local 40755 0/0
4 | ./usr/local/outset 40755 0/0
5 | ./usr/local/outset/login-once 40755 0/0
6 | ./usr/local/outset/login-once/dock-setup.sh 100755 0/0 1254 994446624
7 |
--------------------------------------------------------------------------------
/packages/dock-setup/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.dock-setup
9 | install_location
10 | /
11 | name
12 | dock-setup-${version}.pkg
13 | postinstall_action
14 | none
15 | version
16 | 1.0
17 |
18 |
19 |
--------------------------------------------------------------------------------
/packages/dock-setup/payload/usr/local/outset/login-once/dock-setup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # dock-setup.sh
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Created: 02/09/17
9 | #
10 | # Requires docutil: https://github.com/kcrawford/dockutil
11 | #
12 |
13 | # Set path of DOCKUTIL
14 | DOCKUTIL=/usr/local/bin/dockutil
15 |
16 |
17 | # Delete everything from the dock and replace it with custom dock
18 | $DOCKUTIL --remove all --no-restart
19 |
20 | sleep 2 # Delay gives the dock time to inialize the removal
21 |
22 | $DOCKUTIL --add '/Applications/Launchpad.app' --no-restart
23 |
24 | $DOCKUTIL --add '/Applications/Google Chrome.app' --no-restart
25 |
26 | $DOCKUTIL --add '/Applications/Microsoft Outlook.app' --no-restart
27 |
28 | $DOCKUTIL --add '/Applications/Microsoft Excel.app' --no-restart
29 |
30 | $DOCKUTIL --add '/Applications/Microsoft Word.app' --no-restart
31 |
32 | $DOCKUTIL --add '/Applications/Calendar.app' --no-restart
33 |
34 | $DOCKUTIL --add '/Applications/Contacts.app' --no-restart
35 |
36 | $DOCKUTIL --add '/Applications/LastPass.app' --no-restart
37 |
38 | $DOCKUTIL --add '/Applications/Utilities/Managed Software Update.app' --no-restart
39 |
40 | #$DOCKUTIL --add '/Applications/App Store.app' --no-restart
41 |
42 | $DOCKUTIL --add '/Applications/System Preferences.app' --no-restart
43 |
44 | $DOCKUTIL --add '~/' --view grid --display folder --sort name --no-restart
45 |
46 | $DOCKUTIL --add '~/Downloads' --view fan --display stack --sort dateadded --no-restart
47 |
48 | killall Dock
49 |
--------------------------------------------------------------------------------
/packages/duti/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/duti/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./usr 40755 0/0
3 | ./usr/local 40755 0/0
4 | ./usr/local/bin 40755 0/0
5 | ./usr/local/bin/duti 100755 0/80 31512 3816189399
6 | ./usr/local/share 40755 0/0
7 | ./usr/local/share/man 40755 0/0
8 | ./usr/local/share/man/man1 40755 0/0
9 | ./usr/local/share/man/man1/duti.1 100755 0/80 6383 4137208867
10 |
--------------------------------------------------------------------------------
/packages/duti/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.duti
9 | install_location
10 | /
11 | name
12 | duti-${version}.pkg
13 | ownership
14 | preserve
15 | postinstall_action
16 | none
17 | version
18 | 1.5.3
19 |
20 |
21 |
--------------------------------------------------------------------------------
/packages/duti/payload/usr/local/bin/duti:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jacobfgrant/mac-admin/2a0b77e572b44e761caab2ef3e87d02174659119/packages/duti/payload/usr/local/bin/duti
--------------------------------------------------------------------------------
/packages/duti/payload/usr/local/share/man/man1/duti.1:
--------------------------------------------------------------------------------
1 | .TH duti "1" "_DUTI_BUILD_DATE" "Andrew Mortensen" "User Commands"
2 | .SH NAME
3 | .B duti
4 | \- set default document and URL handlers
5 | .SH SYNOPSIS
6 | .B duti
7 | [
8 | .BI \-hVv
9 | ] [
10 | .BI \-d\ uti
11 | ] [
12 | .BI \-l\ uti
13 | ] [
14 | .I settings_path
15 | ]
16 | .sp
17 | .B duti
18 | .BI \-s
19 | .I bundle_id
20 | {
21 | .I uti
22 | |
23 | .I url_scheme
24 | |
25 | .I extension
26 | |
27 | .I MIME_type
28 | }
29 | [
30 | .I role
31 | ]
32 | .sp
33 | .B duti
34 | .BI \-x\ extension
35 | .sp
36 | .SH DESCRIPTION
37 | .B duti
38 | sets applications as default handlers for Apple's Uniform Type Identifiers,
39 | for URL schemes, filename extensions, and MIME types.
40 | If
41 | .I settings_path
42 | is not given on the command line,
43 | .B duti
44 | reads settings lines from stdin. If
45 | .I settings_path
46 | is a directory,
47 | .B duti
48 | applies settings from the files in
49 | .IR settings_path .
50 | .sp
51 | The
52 | .BI \-s
53 | flag tells
54 | .B duti
55 | to set a handler based on arguments from the command line. Two arguments
56 | following
57 | .BI \-s
58 | means that
59 | .B duti
60 | will set the handler for a URL scheme. Three arguments means
61 | .B duti
62 | will set the handler for a UTI, an extension or a MIME type, depending on
63 | the formatting of the second argument.
64 | .B duti
65 | treats an argument beginning with a dot as an extension. If the argument
66 | contains no dots,
67 | .B duti
68 | also considers the argument a filename extension, unless it contains a slash,
69 | in which case
70 | .B duti
71 | treats the argument as a MIME type. In all other cases,
72 | .B duti
73 | treats the second argument as a UTI.
74 | .sp
75 | .B duti
76 | .BI \-x
77 | retrieves and prints out information describing the default application
78 | for files with the extension
79 | .IR extension .
80 | .sp
81 | See
82 | .B EXAMPLES
83 | below for usage cases.
84 | .sp
85 | .SH SETTINGS FILE
86 | A settings file is made up of lines with the following format:
87 | .sp
88 | .br
89 | app_id UTI role
90 | .br
91 | .sp
92 | The
93 | .I app_id
94 | is a bundle ID representing the application that will act as the
95 | handler for documents associated with
96 | .IR UTI .
97 | For example:
98 | .sp
99 | .br
100 | com.apple.Safari public.html all
101 | .br
102 | .sp
103 | would cause
104 | .B duti
105 | to set Safari as the default handler in all situations for HTML documents.
106 | A settings file can also contain lines with this format:
107 | .sp
108 | .br
109 | app_id url_scheme
110 | .br
111 | .sp
112 | In this case,
113 | .I app_id
114 | is again a bundle ID, this time for the application that will act as the
115 | default handler for
116 | .IR url_scheme .
117 | For example:
118 | .sp
119 | .br
120 | org.mozilla.Firefox ftp
121 | .br
122 | .sp
123 | would cause
124 | .B duti
125 | to set Firefox as the handler for "ftp://" URLs.
126 | .SH SETTINGS PLIST
127 | If the extension of the file given to
128 | .B duti
129 | is
130 | .IR \.plist ,
131 | .B duti
132 | treats the file as an XML property list (plist).
133 | The plist must contain a key-value pair, in which the key is "DUTISettings"
134 | and the value is an array of dictionaries. Each dictionary in the array
135 | contains three key-value pairs representing the application's bundle ID,
136 | the UTI and the role, respectively. Alternatively, a dictionary in the array
137 | may contain two key-value pairs representing the application's bundle ID,
138 | and the URL scheme. A simple plist designed to set Safari as the default
139 | handler of HTML files, and Firefox as the default handler for "ftp://" URLs,
140 | would look like this:
141 | .sp
142 | .br
143 |
144 | .br
145 |
146 | .br
147 |
148 | .br
149 |
150 | .br
151 | DUTISettings
152 | .br
153 |
154 | .br
155 |
156 | .br
157 | DUTIBundleIdentifier
158 | .br
159 | com.apple.Safari
160 | .br
161 | DUTIUniformTypeIdentifier
162 | .br
163 | public.html
164 | .br
165 | DUTIRole
166 | .br
167 | all
168 | .br
169 |
170 | .br
171 |
172 | .br
173 | DUTIBundleIdentifier
174 | .br
175 | org.mozilla.Firefox
176 | .br
177 | DUTIURLScheme
178 | .br
179 | ftp
180 | .br
181 |
182 | .br
183 |
184 | .br
185 |
186 | .br
187 |
188 | .br
189 | .sp
190 | .SH ROLES
191 | Valid roles are defined as follows:
192 | .sp
193 | .TP 19
194 | .B all
195 | application handles all roles for the given UTI.
196 | .TP 19
197 | .B viewer
198 | application handles reading and displaying documents with the given UTI.
199 | .TP 19
200 | .B editor
201 | application can manipulate and save the item. Implies viewer.
202 | .TP 19
203 | .B shell
204 | application can execute the item.
205 | .TP 19
206 | .B none
207 | application cannot open the item, but provides an icon for the given UTI.
208 | .SH EXAMPLES
209 | Running
210 | .B duti
211 | with
212 | .BI \-s
213 | :
214 | .sp
215 | .br
216 | # Set Safari as the default handler for HTML documents
217 | .br
218 | duti -s com.apple.Safari public.html all
219 | .br
220 | .sp
221 | # Set Finder as the default handler for the ftp:// URL scheme
222 | .br
223 | duti -s com.apple.Finder ftp
224 | .sp
225 |
226 | Retrieving default application information for an extension:
227 | .sp
228 | .br
229 | # default application information for .html files
230 | .br
231 | % duti -x html
232 | .br
233 | Safari
234 | .br
235 | /Applications/Safari.app
236 | .br
237 | com.apple.Safari
238 | .br
239 | .sp
240 |
241 | The following examples can be used by passing them to
242 | .B duti
243 | on stdin or as lines in a .duti file.
244 | .sp
245 | Set TextEdit as the default viewer for Microsoft Word documents:
246 | .sp
247 | .br
248 | com.apple.TextEdit com.microsoft.word.doc viewer
249 | .br
250 | .sp
251 | Set VLC as the default viewer for files with .m4v extensions:
252 | .sp
253 | .br
254 | org.videolan.vlc m4v viewer
255 | .br
256 | .sp
257 | Set iHook as the default executor of shell scripts:
258 | .sp
259 | .br
260 | edu.umich.iHook public.shell-script shell
261 | .br
262 | .sp
263 | Set Xcode as the default editor for C source files:
264 | .sp
265 | .br
266 | com.apple.Xcode public.c-source editor
267 | .br
268 | .sp
269 | .SH OPTIONS
270 | .TP 19
271 | .BI \-d\ uti
272 | display the default handler for
273 | .I uti
274 | and exit.
275 | .TP 19
276 | .B \-h
277 | print usage and exit.
278 | .TP 19
279 | .BI \-l\ uti
280 | display all handlers for
281 | .I uti
282 | and exit.
283 | .TP 19
284 | .BI \-s
285 | set the handler from data provided on the command line.
286 | .TP 19
287 | .B \-V
288 | print version number and exit.
289 | .TP 19
290 | .B \-v
291 | verbose output.
292 | .TP 19
293 | .BI \-x\ ext
294 | print information describing the default application for extension
295 | .IR ext .
296 | .sp
297 | .SH EXIT STATUS
298 | .TP 5
299 | 0
300 | All settings applied or displayed successfully.
301 | .TP 5
302 | 1
303 | Settings could not be applied, or the UTI has no handler.
304 | .TP 5
305 | >1
306 | Error.
307 | .sp
308 | .SH MORE INFO
309 | Mac OS X ships with a number of UTIs already defined. Most third-party
310 | software is responsible for defining its own UTIs. Apple documents UTIs
311 | in the Apple Developer Connection Library at:
312 | .sp
313 | .br
314 | http://developer.apple.com/referencelibrary/
315 | .br
316 | .sp
317 | More technical information, including APIs, can be found at:
318 | .sp
319 | .br
320 | http://developer.apple.com/macosx/uniformtypeidentifiers.html
321 | .br
322 | .sp
323 | To get a list of UTIs on your system, you can use the following command line:
324 | .sp
325 | .br
326 | \`locate lsregister\` -dump | grep '[[:space:]]uti:' \\
327 | .br
328 | | awk '{ print $2 }' | sort | uniq
329 | .sp
330 | .SH SEE ALSO
331 | plutil(1), plist(5)
332 |
--------------------------------------------------------------------------------
/packages/finder-setup/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/finder-setup/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./usr 40755 0/0
3 | ./usr/local 40755 0/0
4 | ./usr/local/outset 40755 0/0
5 | ./usr/local/outset/login-once 40755 0/0
6 | ./usr/local/outset/login-once/finder-sidebar.sh 100755 0/0 764 4103746928
7 |
--------------------------------------------------------------------------------
/packages/finder-setup/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.finder-setup
9 | install_location
10 | /
11 | name
12 | finder-setup-${version}.pkg
13 | postinstall_action
14 | none
15 | version
16 | 1.0
17 |
18 |
19 |
--------------------------------------------------------------------------------
/packages/finder-setup/payload/usr/local/outset/login-once/finder-sidebar.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # finder-sidebar.sh
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Created: 02/13/17
9 | #
10 | # Requires mysides: https://github.com/mosen/mysides
11 | #
12 |
13 | # Set path of MYSIDES
14 | MYSIDES=/usr/local/bin/mysides
15 |
16 |
17 | # Remove unwanted items from sidebar
18 | $MYSIDES remove "All My Files" && sleep 2
19 | $MYSIDES remove "iCloud" && sleep 2
20 | $MYSIDES remove domain-AirDrop && sleep 2
21 |
22 |
23 | # Add items to sidebar
24 | $MYSIDES add $USER file:///Users/$USER
25 | $MYSIDES add Applications file:///Applications
26 | $MYSIDES add Desktop file:///Users/$USER/Desktop
27 | $MYSIDES add Documents file:///Users/$USER/Documents
28 | $MYSIDES add Downloads file:///Users/$USER/Downloads
29 | #$MYSIDES add Movies file:///Users/$USER/Movies
30 | #$MYSIDES add Music file:///Users/$USER/Music
31 | #$MYSIDES add Pictures file:///Users/$USER/Pictures
32 |
--------------------------------------------------------------------------------
/packages/firewall-setup/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/firewall-setup/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 |
--------------------------------------------------------------------------------
/packages/firewall-setup/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.firewall-setup
9 | install_location
10 | /
11 | name
12 | firewall-setup-${version}.pkg
13 | postinstall_action
14 | none
15 | version
16 | 1.0
17 |
18 |
19 |
--------------------------------------------------------------------------------
/packages/firewall-setup/scripts/postinstall:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # firewall-setup.sh
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Created: 11/28/17
9 | # Updated: 11/28/17
10 | #
11 |
12 | # Set defaults location
13 | DEFAULTS="/usr/bin/defaults"
14 |
15 |
16 | # Enable firewall
17 | $DEFAULTS write /Library/Preferences/com.apple.alf globalstate -int 1
18 |
19 |
20 | # Allow built-in software to recieve connections
21 | $DEFAULTS write /Library/Preferences/com.apple.alf allowsignedenabled -int 1
22 |
23 |
24 | # Allow signed software to recieve connections
25 | $DEFAULTS write /Library/Preferences/com.apple.alf allowdownloadsignedenabled -int 1
26 |
27 |
28 | # Disable Stealth Mode
29 | $DEFAULTS write /Library/Preferences/com.apple.alf stealthenabled -int 0
--------------------------------------------------------------------------------
/packages/msoffice-setup-user/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/msoffice-setup-user/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./usr 40755 0/0
3 | ./usr/local 40755 0/0
4 | ./usr/local/outset 40755 0/0
5 | ./usr/local/outset/login-once 40755 0/0
6 | ./usr/local/outset/login-once/msoffice-setup-user-info.sh 100755 0/0 1698 3384779848
7 |
--------------------------------------------------------------------------------
/packages/msoffice-setup-user/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.msoffice-setup-user
9 | install_location
10 | /
11 | name
12 | msoffice-setup-user-${version}.pkg
13 | postinstall_action
14 | none
15 | version
16 | 1.0
17 |
18 |
19 |
--------------------------------------------------------------------------------
/packages/msoffice-setup-user/payload/usr/local/outset/login-once/msoffice-setup-user-info.sh:
--------------------------------------------------------------------------------
1 | # !/bin/bash
2 | # PATH=/bin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/libexec
3 | # Source - http://maclovin.org/blog-native/2015/office-2016-where-is-the-name-of-the-user-stored-
4 | export PATH
5 |
6 | FullScriptName=$(basename "$0") # Variable used to store the file name of this script
7 |
8 | DsclSearchPath="/Local/Default" # Variable used to store the search path used by the dscl command.
9 |
10 | # Get the username of the person currently running the script.
11 | username=$(id -un)
12 |
13 | echo "$FullScriptName -- Personalizing Office 2016 for $username"
14 |
15 | # Lookup the user's name from the local directory
16 | firstname=$(dscl "$DsclSearchPath" -read /Users/$username RealName | tr -d '\n' | awk '{print $2}')
17 | lastname=$(dscl "$DsclSearchPath" -read /Users/$username RealName | tr -d '\n' | awk '{print $3}')
18 |
19 | # Get the first letter for the initial
20 | firstInitial=${firstname:0:1}
21 |
22 | # Get the first letter for the initial
23 | lastInitial=${lastname:0:1}
24 |
25 | # Concatenate the initials together into one variable.
26 | UserInitials="$(echo $firstInitial$lastInitial)"
27 |
28 | # Concatenate the full name together into one variable.
29 | UserFullName="$(echo $firstname $lastname)"
30 |
31 | # Remove any leading or trailing whitepace
32 | UserFullName="$(echo -e "${UserFullName}" | sed -e 's/^[[:space:]]//' -e 's/[[:space:]]$//')"
33 | UserInitials="$(echo -e "${UserInitials}" | sed -e 's/^[[:space:]]//' -e 's/[[:space:]]$//')"
34 |
35 | defaults write "/Users/$username/Library/Group Containers/UBF8T346G9.Office/MeContact.plist" Name "$UserFullName"
36 |
37 | defaults write "/Users/$username/Library/Group Containers/UBF8T346G9.Office/MeContact.plist" Initials "$UserInitials"
38 |
39 | echo "$FullScriptName -- Completed personalizing Office 2016 for $username"
40 |
41 | # Quit the script without errors.
42 | exit 0
43 |
--------------------------------------------------------------------------------
/packages/munki-bootstrap/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/munki-bootstrap/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./usr 40755 0/0
3 | ./usr/local 40755 0/0
4 | ./usr/local/outset 40755 0/0
5 | ./usr/local/outset/boot-once 40755 0/0
6 | ./usr/local/outset/boot-once/munki-bootstrap.sh 100755 0/80 434 1068029098
7 |
--------------------------------------------------------------------------------
/packages/munki-bootstrap/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.munki-bootstrap
9 | install_location
10 | /
11 | name
12 | munki-bootstrap-${version}.pkg
13 | ownership
14 | preserve
15 | postinstall_action
16 | none
17 | version
18 | 1.0
19 |
20 |
21 |
--------------------------------------------------------------------------------
/packages/munki-bootstrap/payload/usr/local/outset/boot-once/munki-bootstrap.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # munki-bootstrap.sh
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Created: 12/15/16
9 | # Updated: 08/28/17
10 | #
11 |
12 | # Set Munki repo URL
13 | MUNKI_REPO_URL='http://munki-server/munki_repo/'
14 |
15 |
16 | if [ -f /Library/Preferences/ManagedInstalls.plist ]
17 | then
18 | rm -f /usr/local/outset/boot-once/munki_bootstrap.sh
19 | exit 0
20 | fi
21 |
22 | defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL $MUNKI_REPO_URL
23 |
24 | touch /Users/Shared/.com.googlecode.munki.checkandinstallatstartup
25 |
26 | shutdown -r
27 |
--------------------------------------------------------------------------------
/packages/munki-bootstrap/scripts/postinstall:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # munki-bootstrap-postscript.sh
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Created: 12/15/16
9 | # Updated: 08/28/17
10 | #
11 |
12 | touch "$3"/var/db/.AppleSetupDone
13 |
14 | touch /Library/Receipts/.SetupRegComplete
15 |
16 | exit 0
17 |
--------------------------------------------------------------------------------
/packages/munki-startup/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/munki-startup/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./usr 40755 0/0
3 | ./usr/local 40755 0/0
4 | ./usr/local/outset 40755 0/0
5 | ./usr/local/outset/boot-every 40755 0/0
6 | ./usr/local/outset/boot-every/munki-startup.sh 100755 0/0 158 3594510004
7 |
--------------------------------------------------------------------------------
/packages/munki-startup/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.munki-startup
9 | install_location
10 | /
11 | name
12 | munki-startup.pkg
13 | postinstall_action
14 | none
15 | version
16 | 1.0
17 |
18 |
19 |
--------------------------------------------------------------------------------
/packages/munki-startup/payload/usr/local/outset/boot-every/munki-startup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # munki-startup.sh
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Created: 8/29/17
9 | #
10 |
11 | touch /Users/Shared/.com.googlecode.munki.checkandinstallatstartup
12 |
--------------------------------------------------------------------------------
/packages/open-onedrive/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/open-onedrive/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./usr 40755 0/0
3 | ./usr/local 40755 0/0
4 | ./usr/local/outset 40755 0/0
5 | ./usr/local/outset/login-every 40755 0/0
6 | ./usr/local/outset/login-every/open-onedrive.sh 100755 0/0 254 2018352875
7 |
--------------------------------------------------------------------------------
/packages/open-onedrive/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.open-onedrive
9 | install_location
10 | /
11 | name
12 | open-onedrive-${version}.pkg
13 | ownership
14 | preserve
15 | postinstall_action
16 | none
17 | version
18 | 1.0
19 |
20 |
21 |
--------------------------------------------------------------------------------
/packages/open-onedrive/payload/usr/local/outset/login-every/open-onedrive.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # open-onedrive.sh
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Created: 08/04/17
9 | # Updated: 08/28/17
10 | #
11 |
12 | if
13 | [ -d "/Applications/OneDrive.app" ] &&
14 | [ -d /Users/$USER/OneDrive* ] ||
15 | [ -d /Users/$USER/Documents/OneDrive* ]
16 | then
17 | open "/Applications/OneDrive.app"
18 | fi
19 |
--------------------------------------------------------------------------------
/packages/set-outlook-default/.gitignore:
--------------------------------------------------------------------------------
1 | # .DS_Store files!
2 | .DS_Store
3 |
4 | # our build directory
5 | build/
6 |
--------------------------------------------------------------------------------
/packages/set-outlook-default/Bom.txt:
--------------------------------------------------------------------------------
1 | . 40755 0/0
2 | ./usr 40755 0/0
3 | ./usr/local 40755 0/0
4 | ./usr/local/outset 40755 0/0
5 | ./usr/local/outset/login-every 40755 0/0
6 | ./usr/local/outset/login-every/set-outlook.sh 100755 0/0 183 740192140
7 |
--------------------------------------------------------------------------------
/packages/set-outlook-default/build-info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | distribution_style
6 |
7 | identifier
8 | com.jacobfgrant.pkg.set-outlook-default
9 | install_location
10 | /
11 | name
12 | set-outlook-default-${version}.pkg
13 | postinstall_action
14 | none
15 | version
16 | 1.0
17 |
18 |
19 |
--------------------------------------------------------------------------------
/packages/set-outlook-default/payload/usr/local/outset/login-every/set-outlook.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # set-outlook.sh
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Created: 04/20/17
9 | #
10 | # Requires duti
11 | #
12 |
13 | # Set path of DUTI
14 | DUTI=/usr/local/bin/duti
15 |
16 | $DUTI -s com.microsoft.outlook mailto
17 |
--------------------------------------------------------------------------------
/profiles/AppleSoftwareUpdate.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Apple Software Update
7 | PayloadDisplayName
8 | Apple Software Update
9 | PayloadIdentifier
10 | com.jacobfgrant.applesoftwareupdate
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 43A9AD65-BA5B-4AC0-9AF7-4A39B6C99990
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Apple Software Update
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.B99552DF-3E91-43B9-93E3-BA70925C3F3A
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | B99552DF-3E91-43B9-93E3-BA70925C3F3A
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.apple.SoftwareUpdate
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | AutomaticCheckEnabled
48 |
49 | AutomaticDownload
50 |
51 | CriticalUpdateInstall
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
--------------------------------------------------------------------------------
/profiles/ChromeDefaultBrowser.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Sets Google Chrome as the default web browser
7 | PayloadDisplayName
8 | Chrome Default Browser
9 | PayloadIdentifier
10 | com.jacobfgrant.chrome.defaultbrowser
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 615F7A17-BA99-4AEA-A5CB-F813CD7A4428
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Chrome Default Browser
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.86803521-7735-45F8-8192-DD3EB8B68987
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 86803521-7735-45F8-8192-DD3EB8B68987
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.apple.LaunchServices
41 |
42 | Set-Once
43 |
44 |
45 | mcx_preference_settings
46 |
47 | LSHandlers
48 |
49 |
50 | LSHandlerURLScheme
51 | http
52 | LSHandlerRoleAll
53 | com.google.chrome
54 |
55 |
56 | LSHandlerURLScheme
57 | https
58 | LSHandlerRoleAll
59 | com.google.chrome
60 |
61 |
62 | LSHandlerContentType
63 | public.html
64 | LSHandlerRoleAll
65 | com.google.chrome
66 |
67 |
68 | LSHandlerContentType
69 | public.url
70 | LSHandlerRoleViewer
71 | com.google.chrome
72 |
73 |
74 | LSHandlerContentType
75 | public.xhtml
76 | LSHandlerRoleAll
77 | com.google.chrome
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
--------------------------------------------------------------------------------
/profiles/ChromeExtensionPolicy.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Google Chrome extension policy
7 | PayloadDisplayName
8 | Chrome Extension Policy
9 | PayloadIdentifier
10 | com.jacobfgrant.chrome.extensionpolicy
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 42CD5C9B-7ED5-45C8-9242-A86F65FABFB3
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Chrome Extension Policy
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.C937E8EF-98AB-4FC9-8D81-1817A84BD8B0
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | C937E8EF-98AB-4FC9-8D81-1817A84BD8B0
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.google.Chrome
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | ExtensionInstallSources
48 |
49 | https://*.google.*
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
--------------------------------------------------------------------------------
/profiles/ChromeInstallExtensions.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Installs Google Chrome extensions
7 | PayloadDisplayName
8 | Chrome Install Extensions
9 | PayloadIdentifier
10 | com.jacobfgrant.chrome.installextensions
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | B129D16B-E906-4A59-85CC-08C04470B01F
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Chrome Install Extensions
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.1D808EA3-FBE8-48C1-8DF4-55EE706DD548
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 1D808EA3-FBE8-48C1-8DF4-55EE706DD548
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.google.Chrome
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | ExtensionInstallForcelist
48 |
49 | cjpalhdlnbpafiamejdnhcphjbkeiagm;http://clients2.google.com/service/update2/crx
50 | gcbommkclmclpchllfjekcdonpmejbdp;http://clients2.google.com/service/update2/crx
51 | hdokiejnpimakedhajhdlcegeplioahd;http://clients2.google.com/service/update2/crx
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
--------------------------------------------------------------------------------
/profiles/ChromeManagedBookmarks.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Installs Google Chrome managed bookmarks
7 | PayloadDisplayName
8 | Chrome Managed Bookmarks
9 | PayloadIdentifier
10 | com.jacobfgrant.chrome.managedbookmarks
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | FDC498E6-0838-42BF-975B-82A64619719E
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Chrome Install Extensions
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.32691C1F-B935-47E5-9775-F3A157FCAC7A
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 32691C1F-B935-47E5-9775-F3A157FCAC7A
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.google.Chrome
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | ManagedBookmarks
48 |
49 |
50 | toplevel_name
51 | Mac Admin Managed Bookmarks
52 |
53 |
54 | name
55 | Google
56 | url
57 | google.com
58 |
59 |
60 | name
61 | Youtube
62 | url
63 | youtube.com
64 |
65 |
66 | children
67 |
68 |
69 | name
70 | Chromium
71 | url
72 | chromium.org
73 |
74 |
75 | name
76 | Chromium Developers
77 | url
78 | dev.chromium.org
79 |
80 |
81 | name
82 | Chromium bookmarks
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
--------------------------------------------------------------------------------
/profiles/ChromePreferences.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Google Chrome preferences
7 | PayloadDisplayName
8 | Chrome Preferences
9 | PayloadIdentifier
10 | com.jacobfgrant.chrome.preferences
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 9F5F94DD-BEF8-44EC-A077-A59B7512C94E
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Chrome Preferences
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.71112BD6-8224-48B4-9E4E-BA3A3742F46D
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 71112BD6-8224-48B4-9E4E-BA3A3742F46D
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.google.Chrome
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | AutoFillEnabled
48 |
49 | DefaultBrowserSettingEnabled
50 |
51 | BookmarkBarEnabled
52 |
53 | HideWebStorePromo
54 |
55 | HomepageIsNewTabPage
56 |
57 | HomepageLocation
58 |
59 | PasswordManagerEnabled
60 |
61 | RestoreOnStartup
62 | 0
63 | ShowHomeButton
64 |
65 | SitePerProcess
66 |
67 | SyncDisabled
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
--------------------------------------------------------------------------------
/profiles/ChromeURLBlacklist.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Google Chrome URL blacklist
7 | PayloadDisplayName
8 | Chrome URL Blacklist
9 | PayloadIdentifier
10 | com.jacobfgrant.chrome.urlblacklist
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 177B0446-DC83-4382-A8D9-2A76261B79C0
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Chrome URL Blacklist
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.96D4D16C-BE8D-4CA3-87A4-836190F98B64
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 96D4D16C-BE8D-4CA3-87A4-836190F98B64
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.google.Chrome
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | URLBlacklist
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
--------------------------------------------------------------------------------
/profiles/DiagnosticSettings.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Diagnostic & Usage settings
7 | PayloadDisplayName
8 | Diagnostic & Usage Settings
9 | PayloadIdentifier
10 | com.jacobfgrant.diagnosticsettings
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 0EC5ECCD-E01E-44CE-BB98-5D0BA8115EA2
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Security & Privacy Settings
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.D3DEEE4F-D5E7-4413-8076-C5F22801599D
32 | PayloadType
33 | com.apple.SubmitDiagInfo
34 | PayloadUUID
35 | D3DEEE4F-D5E7-4413-8076-C5F22801599D
36 | PayloadVersion
37 | 1
38 | AutoSubmit
39 |
40 |
41 |
42 | PayloadDisplayName
43 | Security & Privacy Settings
44 | PayloadEnabled
45 |
46 | PayloadIdentifier
47 | com.jacobfgrant.profiles.56CDE7B2-DA06-4520-9EE5-8E42C7714798
48 | PayloadType
49 | com.apple.applicationaccess
50 | PayloadUUID
51 | 56CDE7B2-DA06-4520-9EE5-8E42C7714798
52 | PayloadVersion
53 | 1
54 | allowDiagnosticSubmission
55 |
56 |
57 |
58 |
59 |
60 |
--------------------------------------------------------------------------------
/profiles/DisableAppResume.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Disables automatically resuming applications on login
7 | PayloadDisplayName
8 | Disable App Resume
9 | PayloadIdentifier
10 | com.jacobfgrant.appresume
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 6EF28A49-9EEC-4BFC-ABC6-25F3A6166604
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Disable App Resume
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.A920370A-E706-49F0-9722-BDDAAAC80BC7
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | A920370A-E706-49F0-9722-BDDAAAC80BC7
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.apple.loginwindow
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | TALLogoutSavesState
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
--------------------------------------------------------------------------------
/profiles/DisableSiri.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Disables Siri and removes it from the menu bar
7 | PayloadDisplayName
8 | Disable Siri
9 | PayloadIdentifier
10 | com.jacobfgrant.siri
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | FD86AD0C-62D2-4D0B-A41E-D042D5BBE623
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Disable Siri
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.B280BC85-EA90-47D7-9A39-C40319D56B60
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | B280BC85-EA90-47D7-9A39-C40319D56B60
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.apple.assistant.support
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | Assistant Enabled
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 | PayloadDisplayName
57 | Disable Siri Menu Bar
58 | PayloadEnabled
59 |
60 | PayloadIdentifier
61 | com.jacobfgrant.profiles.7F6A2902-D520-4CA8-A961-C057210C74E7
62 | PayloadType
63 | com.apple.ManagedClient.preferences
64 | PayloadUUID
65 | 7F6A2902-D520-4CA8-A961-C057210C74E7
66 | PayloadVersion
67 | 1
68 | PayloadContent
69 |
70 | com.apple.Siri
71 |
72 | Forced
73 |
74 |
75 | mcx_preference_settings
76 |
77 | StatusMenuVisible
78 |
79 | UserHasDeclinedEnable
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
--------------------------------------------------------------------------------
/profiles/DisableWifi.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Disables WiFi on device
7 | PayloadDisplayName
8 | Disable WiFi
9 | PayloadIdentifier
10 | com.jacobfgrant.wifi.disable
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 9650F9BA-2995-479F-84D6-47EE8F4FF5D7
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Disables WiFi
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.9FF0DFC5-3292-4E99-818A-3F6C58B807C6
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 9FF0DFC5-3292-4E99-818A-3F6C58B807C6
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.apple.MCXAirPort
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | DisableAirPort
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
--------------------------------------------------------------------------------
/profiles/DisableiCloudDesktopDocuments.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Disables iCloud Desktop & Documents folder sync
7 | PayloadDisplayName
8 | Disable iCloud Desktop & Documents
9 | PayloadEnabled
10 |
11 | PayloadIdentifier
12 | com.jacobfgrant.disableiclouddesktopdocuments
13 | PayloadOrganization
14 |
15 | PayloadRemovalDisallowed
16 |
17 | PayloadScope
18 | System
19 | PayloadType
20 | Configuration
21 | PayloadUUID
22 | 2E840DA1-8C52-4015-A9F8-6F25717AE8DA
23 | PayloadVersion
24 | 1
25 | PayloadContent
26 |
27 |
28 | PayloadDisplayName
29 | Disable iCloud Desktop & Documents
30 | PayloadEnabled
31 |
32 | PayloadIdentifier
33 | com.jacobfgrant.profiles.7DD88E99-8460-44EA-A830-DC1C7585603D
34 | PayloadType
35 | com.apple.applicationaccess
36 | PayloadUUID
37 | 7DD88E99-8460-44EA-A830-DC1C7585603D
38 | PayloadVersion
39 | 1
40 | allowCloudDesktopAndDocuments
41 |
42 |
43 |
44 |
45 |
46 |
--------------------------------------------------------------------------------
/profiles/FastUserSwitching.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Enables fast user switching
7 | PayloadDisplayName
8 | Fast User Switching
9 | PayloadIdentifier
10 | ccom.jacobfgrant.fastuserswitching
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 174CF2E3-2767-46F8-AD3F-04886E232D52
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadEnabled
27 |
28 | PayloadIdentifier
29 | com.jacobfgrant.profiles.FC2CEF09-EC38-42EE-94FF-C4A34B4357EE
30 | PayloadType
31 | com.apple.ManagedClient.preferences
32 | PayloadUUID
33 | FC2CEF09-EC38-42EE-94FF-C4A34B4357EE
34 | PayloadVersion
35 | 1
36 | PayloadContent
37 |
38 | .GlobalPreferences
39 |
40 | Forced
41 |
42 |
43 | mcx_preference_settings
44 |
45 | MultipleSessionEnabled
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
--------------------------------------------------------------------------------
/profiles/Finder.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Finder preferences
7 | PayloadDisplayName
8 | Finder
9 | PayloadIdentifier
10 | com.jacobfgrant.finder
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | ABF9A276-E31F-4362-9C95-E6C571783B96
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Finder Preferences
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.102FC240-25FB-46CB-A8CC-5E07D75E35D9
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 102FC240-25FB-46CB-A8CC-5E07D75E35D9
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.apple.finder
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | FinderSpawnTab
48 |
49 | NewWindowTarget
50 | PfHm
51 | ShowExternalHardDrivesOnDesktop
52 |
53 | ShowHardDrivesOnDesktop
54 |
55 | ShowMountedServersOnDesktop
56 |
57 | ShowRemovableMediaOnDesktop
58 |
59 | ShowSidebar
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
--------------------------------------------------------------------------------
/profiles/ManagedInstalls.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures the Managed Installs preferences for Munki
7 | PayloadDisplayName
8 | Munki - Managed Installs
9 | PayloadIdentifier
10 | com.jacobfgrant.munki.managedinstalls
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | FEEA99B9-2A3E-4D26-AE8A-C1350912F8F9
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Managed Installs Preferences
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.6514EB77-197D-4225-A9F8-7744DF2F3817
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 6514EB77-197D-4225-A9F8-7744DF2F3817
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | ManagedInstalls
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | AdditionalHttpHeaders
48 |
49 | AppleSoftwareUpdatesOnly
50 |
51 | CatalogURL
52 |
53 | ClientCertificatePath
54 |
55 | ClientIdentifier
56 |
57 | ClientKeyPath
58 |
59 | ClientResourceURL
60 |
61 | ClientResourcesFilename
62 |
63 | DaysBetweenNotifications
64 | 1
65 | FollowHTTPRedirects
66 | https
67 | HelpURL
68 |
69 | IconURL
70 |
71 | IgnoreSystemProxies
72 |
73 | InstallAppleSoftwareUpdates
74 |
75 | InstallRequiresLogout
76 |
77 | LocalOnlyManifest
78 |
79 | LogFile
80 |
81 | LogToSyslog
82 |
83 | LoggingLevel
84 | 1
85 | MSUDebugLogEnabled
86 |
87 | MSULogEnabled
88 |
89 | ManagedInstallDir
90 |
91 | ManifestURL
92 |
93 | PackageURL
94 |
95 | PackageVerificationMode
96 | hash
97 | PerformAuthRestarts
98 |
99 | RecoveryKeyFile
100 |
101 | ShowRemovalDetail
102 |
103 | SoftwareRepoCACertificate
104 |
105 | SoftwareRepoCAPath
106 |
107 | SoftwareRepoURL
108 |
109 | SuppressAutoInstall
110 |
111 | SuppressLoginwindowInstall
112 |
113 | SuppressStopButtonOnInstall
114 |
115 | SuppressUserNotification
116 |
117 | UnattendedAppleUpdates
118 |
119 | UseClientCertificate
120 |
121 | UseClientCertificateCNAsClientIdentifier
122 |
123 | UseNotificationCenterDays
124 | 3
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
--------------------------------------------------------------------------------
/profiles/Munkireport.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures MunkiReport preferences
7 | PayloadDisplayName
8 | MunkiReport
9 | PayloadIdentifier
10 | com.jacobfgrant.munkireport
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | D54DD745-9A6A-4045-868D-99CEB3424B43
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | MunkiReport Passphrase
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.45DAD9F2-0088-4111-9F66-96AE0C5F08DB
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 45DAD9F2-0088-4111-9F66-96AE0C5F08DB
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | MunkiReport
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | Passphrase
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
--------------------------------------------------------------------------------
/profiles/Office365.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Office 365 preferences
7 | PayloadDisplayName
8 | Office 365
9 | PayloadIdentifier
10 | com.jacobfgrant.office365
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 51F37965-B402-4D80-A7CB-DFE05E6A04E6
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Office 365 AutoUpdate Preferences
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.2986A041-C8CC-4582-BCA0-FF71857F0BE9
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 2986A041-C8CC-4582-BCA0-FF71857F0BE9
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.microsoft.autoupdate2
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | ChannelName
48 | Production
49 | HowToCheck
50 | Manual
51 | LastUpdate
52 | 2001-01-01T00:00:00Z
53 | SendAllTelemetryEnabled
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 | PayloadDisplayName
63 | Office 365 Error Reporting Preferences
64 | PayloadEnabled
65 |
66 | PayloadIdentifier
67 | com.jacobfgrant.profiles.FDAC1572-424F-4742-87A9-8B37A547A1C3
68 | PayloadType
69 | com.apple.ManagedClient.preferences
70 | PayloadUUID
71 | FDAC1572-424F-4742-87A9-8B37A547A1C3
72 | PayloadVersion
73 | 1
74 | PayloadContent
75 |
76 | com.microsoft.errorreporting
77 |
78 | Forced
79 |
80 |
81 | mcx_preference_settings
82 |
83 | IsAttachedEnabled
84 |
85 | IsStoreLastCrashEnabled
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 | PayloadDisplayName
95 | Office 365 Office Preferences
96 | PayloadEnabled
97 |
98 | PayloadIdentifier
99 | com.jacobfgrant.profiles.E2044FF3-2EEF-4980-9F55-403E32607B22
100 | PayloadType
101 | com.apple.ManagedClient.preferences
102 | PayloadUUID
103 | E2044FF3-2EEF-4980-9F55-403E32607B22
104 | PayloadVersion
105 | 1
106 | PayloadContent
107 |
108 | com.microsoft.office
109 |
110 | Forced
111 |
112 |
113 | mcx_preference_settings
114 |
115 | kCUIThemePreferencesThemeKeyPath
116 | 0
117 | DefaultsToLocalOpenSave
118 |
119 | ShowWhatsNewOnLaunch
120 |
121 | VisualBasicMacroExecutionState
122 | DisabledWithWarnings
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 | PayloadDisplayName
131 | Office 365 Other Preferences
132 | PayloadEnabled
133 |
134 | PayloadIdentifier
135 | com.jacobfgrant.profiles.325245DD-295C-4023-BC2B-26210C19129B
136 | PayloadType
137 | com.apple.ManagedClient.preferences
138 | PayloadUUID
139 | 325245DD-295C-4023-BC2B-26210C19129B
140 | PayloadVersion
141 | 1
142 | PayloadContent
143 |
144 | com.microsoft.Office365ServiceV2
145 |
146 | Forced
147 |
148 |
149 | mcx_preference_settings
150 |
151 | SendAllTelemetryEnabled
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 | PayloadDisplayName
161 | Office 365 Other Preferences
162 | PayloadEnabled
163 |
164 | PayloadIdentifier
165 | com.jacobfgrant.profiles.24666744-354C-4BEF-A5B2-E3555EBA6CD4
166 | PayloadType
167 | com.apple.ManagedClient.preferences
168 | PayloadUUID
169 | 24666744-354C-4BEF-A5B2-E3555EBA6CD4
170 | PayloadVersion
171 | 1
172 | PayloadContent
173 |
174 | com.microsoft.autoupdate.fba
175 |
176 | Forced
177 |
178 |
179 | mcx_preference_settings
180 |
181 | SendAllTelemetryEnabled
182 |
183 |
184 |
185 |
186 |
187 |
188 |
189 |
190 |
191 |
--------------------------------------------------------------------------------
/profiles/Office365Excel.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Office 365 Excel preferences
7 | PayloadDisplayName
8 | Office 365 - Excel
9 | PayloadIdentifier
10 | com.jacobfgrant.office365.excel
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 4BC565AB-7E6E-46A7-9AF5-933179C743F8
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Office 365 Excel Preferences
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.6CF12333-746C-4B89-9389-52E4702695E9
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 6CF12333-746C-4B89-9389-52E4702695E9
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.microsoft.Excel
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | SendAllTelemetryEnabled
48 |
49 | SendASmileEnabled
50 |
51 | kSubUIAppCompletedFirstRunSetup1507
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
--------------------------------------------------------------------------------
/profiles/Office365OneDrive.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Office 365 OneDrive preferences
7 | PayloadDisplayName
8 | Office 365 - OneDrive
9 | PayloadIdentifier
10 | com.jacobfgrant.office365.onedrive
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | DAF99019-0E17-4AA8-9ACC-22CED44714B6
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Office 365 OneDrive Preferences
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.3B583F4A-FF4B-4B02-882E-1E87A942F1F2
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 3B583F4A-FF4B-4B02-882E-1E87A942F1F2
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.microsoft.OneDrive
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | DefaultToBusinessFRE
48 |
49 | DisablePersonalSync
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
--------------------------------------------------------------------------------
/profiles/Office365OneNote.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Office 365 OneNote preferences
7 | PayloadDisplayName
8 | Office 365 - OneNote
9 | PayloadIdentifier
10 | com.jacobfgrant.office365.onenote
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 8B8F644B-5729-4701-B8FC-0A45A62C95B6
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Office 365 OneNote Preferences
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.ADF91419-8D5E-400C-8707-4A8FCA56AE9F
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | ADF91419-8D5E-400C-8707-4A8FCA56AE9F
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.microsoft.onenote.mac
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | SendAllTelemetryEnabled
48 |
49 | SendASmileEnabled
50 |
51 | kSubUIAppCompletedFirstRunSetup1507
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
--------------------------------------------------------------------------------
/profiles/Office365Outlook.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Office 365 Outlook preferences
7 | PayloadDisplayName
8 | Office 365 - Outlook
9 | PayloadIdentifier
10 | com.jacobfgrant.office365.outlook
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | EEE64641-BFBB-4338-B11A-065F757A3ADD
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Office 365 Outlook Preferences
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.6875826B-3291-4D09-82F5-91F3681C550A
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 6875826B-3291-4D09-82F5-91F3681C550A
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.microsoft.Outlook
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | FirstRunExperienceCompletedO15
48 |
49 | SendAllTelemetryEnabled
50 |
51 | SendASmileEnabled
52 |
53 | kSubUIAppCompletedFirstRunSetup1507
54 |
55 | TrustO365AutodiscoverRedirect
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/profiles/Office365PowerPoint.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Office 365 PowerPoint preferences
7 | PayloadDisplayName
8 | Office 365 - PowerPoint
9 | PayloadIdentifier
10 | com.jacobfgrant.office365.powerpoint
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 02BC8DC9-EF9D-466B-A6C6-5E9A7FB22A90
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Office 365 PowerPoint Preferences
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.561EBB1A-06DF-454D-9818-CDBA7D5A019C
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 561EBB1A-06DF-454D-9818-CDBA7D5A019C
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.microsoft.Powerpoint
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | SendAllTelemetryEnabled
48 |
49 | SendASmileEnabled
50 |
51 | kSubUIAppCompletedFirstRunSetup1507
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
--------------------------------------------------------------------------------
/profiles/Office365Skype.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Office 365 Skype preferences
7 | PayloadDisplayName
8 | Office 365 - Skype
9 | PayloadIdentifier
10 | com.jacobfgrant.office365.skype
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 494E2213-1F3D-47A4-87C4-2AC037183403
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Office 365 Skype Preferences
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.EA23187E-C74A-4B67-A91D-F7B4ACC6249F
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | EA23187E-C74A-4B67-A91D-F7B4ACC6249F
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.microsoft.skype
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | SKAllowStealthUpgrade
48 |
49 | SKSilentUpgradeNoticeShown
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
--------------------------------------------------------------------------------
/profiles/Office365Word.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Office 365 Word preferences
7 | PayloadDisplayName
8 | Office 365 - Word
9 | PayloadIdentifier
10 | com.jacobfgrant.office365.word
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 1778DEAA-D8BA-4DCC-B07A-09ADE46A3342
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Office 365 Word Preferences
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.64F676A2-DFA9-4D3D-820E-991635D0F28D
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | 64F676A2-DFA9-4D3D-820E-991635D0F28D
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.microsoft.Word
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | SendAllTelemetryEnabled
48 |
49 | SendASmileEnabled
50 |
51 | kSubUIAppCompletedFirstRunSetup1507
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
--------------------------------------------------------------------------------
/profiles/README.md:
--------------------------------------------------------------------------------
1 | ## Profiles
2 |
3 | Configuration profiles (.mobileconfig files) used to configure macOS and iOS.
4 |
5 |
6 | * **AppleSoftwareUpdate** – Disables Mac App Store automatic updates (useful when performing Apple updates through munki)
7 |
8 | * **ChromeDefaultBrowser** – Sets Google Chrome as the default web browser (does not appear to completely work in 10.12+)
9 |
10 | * **ChromeExtensionPolicy** – Sets policies governing installing Google Chrome extensions
11 |
12 | * **ChromeInstallExtensions** – Installs Google Chrome extensions (uBlock Origin, HTTPS Everywhere, and LastPass)
13 |
14 | * **ChromeManagedBookmarks** – Adds managed bookmarks to Google Chrome
15 |
16 | * **ChromePreferences** – Configures Google Chrome preferences
17 |
18 | * **ChromeURLBlacklist** – Blacklists URLs from Google Chrome
19 |
20 | * **DiagnosticSettings** – Disables sending diagnostics and usage data to Apple and app developers
21 |
22 | * **DisableAppResume** – Disables automatic app resume upon login on macOS
23 |
24 | * **DisableSiri** – Disables Siri
25 |
26 | * **DisableWifi** – Disables Wifi (Note: requires removal and restart to re-enable)
27 |
28 | * **DisableiCloudDesktopDocuments** – Disables Desktop and Documents folder iCloud sync
29 |
30 | * **FastUserSwitching** – Enables fast user switching
31 |
32 | * **Finder** – Configures settings for macOS Finder
33 |
34 | * **ManagedInstalls** – Configures the Managed Installs preferences for munki (Note: all preferences are present and set to either empty or default values. It is necessary to set or remove them.)
35 |
36 | * **Munkireport** – Sets [client passphrase](https://github.com/munkireport/munkireport-php/wiki/Client-passphrase) for [MunkiReport-PHP](https://github.com/munkireport/munkireport-php) clients
37 |
38 | * **Office365** – Disables various telemetry, macros, and various other settings for Office 365 services
39 |
40 | * **Office365Excel** – Disables telemetry and first-run setup for Microsoft Excel
41 |
42 | * **Office365OneDrive** – Configures OneDrive sync default settings
43 |
44 | * **Office365OneNote** – Disables telemetry and first-run setup for Microsoft OneNote
45 |
46 | * **Office365Outlook** – Disables telemetry and first-run setup for Microsoft Outlook
47 |
48 | * **Office365PowerPoint** – Disables telemetry and first-run setup for Microsoft PowerPoint
49 |
50 | * **Office365Skype** – Enables silent upgrades for Skype and disables associated notifications
51 |
52 | * **Office365Word** – Disables telemetry and first-run setup for Microsoft Word
53 |
54 | * **Safari** – Configures Safari preferences
55 |
56 | * **Sal** – Configures settings for [Sal](https://github.com/salopensource/sal) client
57 |
58 | * **SkipSiriSetup** – Skips Siri panel in Setup Assistant
59 |
60 | * **SkipiCloudSetup** – Skip iCloud account setup panel in Setup Assistant
61 |
--------------------------------------------------------------------------------
/profiles/Safari.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Safari preferences
7 | PayloadDisplayName
8 | Safari Preferences
9 | PayloadIdentifier
10 | com.jacobfgrant.safari
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | E1FA1147-3551-4508-B163-63CFA6F82313
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Safari Preferences
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.F4EE8233-6C56-460B-8B9D-07C848C45A09
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | F4EE8233-6C56-460B-8B9D-07C848C45A09
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.apple.Safari
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | AlwaysShowTabBar
48 |
49 | AutoFillCreditCardData
50 |
51 | AutoFillFromAddressBook
52 |
53 | AutoFillMiscellaneousForms
54 |
55 | AutoFillPasswords
56 |
57 | AutoOpenSafeDownloads
58 |
59 | BlockStoragePolicy
60 | 1
61 | DefaultBrowserPromptingState2
62 | 4
63 | HomePage
64 |
65 | NewTabBehavior
66 | 4
67 | NewWindowBehavior
68 | 4
69 | SafariGeolocationPermissionPolicy
70 | 2
71 | SendDoNotTrackHTTPHeader
72 |
73 | ShowFavoritesBar
74 |
75 | ShowFullURLInSmartSearchField
76 |
77 | WarnAboutFraudulentWebsites
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
--------------------------------------------------------------------------------
/profiles/Sal.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Configures Sal preferences
7 | PayloadDisplayName
8 | Sal
9 | PayloadIdentifier
10 | com.jacobfgrant.sal
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 83F755E6-F0B5-42F8-9669-5C6FFBF29986
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Sal Client Settings
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.D1B2167D-B736-43EC-BC19-9DD2FD24EC95
32 | PayloadType
33 | com.apple.ManagedClient.preferences
34 | PayloadUUID
35 | D1B2167D-B736-43EC-BC19-9DD2FD24EC95
36 | PayloadVersion
37 | 1
38 | PayloadContent
39 |
40 | com.github.salopensource.sal
41 |
42 | Forced
43 |
44 |
45 | mcx_preference_settings
46 |
47 | ServerURL
48 |
49 | key
50 |
51 | BasicAuth
52 |
53 | SyncScripts
54 |
55 | SkipFacts
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/profiles/SkipSiriSetup.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Skips Siri setup
7 | PayloadDisplayName
8 | Skip Siri Setup
9 | PayloadIdentifier
10 | com.jacobfgrant.skipsirisetup
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | BC42DAA5-07F8-409D-8D28-843C8CEBB879
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Skip Siri Setup
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.85A8A89C-2085-4D3F-B5CF-7559CCF2ACA1
32 | PayloadType
33 | com.apple.SetupAssistant.managed
34 | PayloadUUID
35 | 85A8A89C-2085-4D3F-B5CF-7559CCF2ACA1
36 | PayloadVersion
37 | 1
38 | SkipSiriSetup
39 |
40 |
41 |
42 |
43 |
44 |
--------------------------------------------------------------------------------
/profiles/SkipiCloudSetup.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadDescription
6 | Skips iCloud account setup
7 | PayloadDisplayName
8 | Skip iCloud Setup
9 | PayloadIdentifier
10 | com.jacobfgrant.skipicloudsetup
11 | PayloadOrganization
12 |
13 | PayloadRemovalDisallowed
14 |
15 | PayloadScope
16 | System
17 | PayloadType
18 | Configuration
19 | PayloadUUID
20 | 01DF1BCA-83C8-4349-8837-E6638557D0B7
21 | PayloadVersion
22 | 1
23 | PayloadContent
24 |
25 |
26 | PayloadDisplayName
27 | Skip iCloud Setup
28 | PayloadEnabled
29 |
30 | PayloadIdentifier
31 | com.jacobfgrant.profiles.470FBF92-A334-4F26-BAF6-DB447822674E
32 | PayloadType
33 | com.apple.SetupAssistant.managed
34 | PayloadUUID
35 | 470FBF92-A334-4F26-BAF6-DB447822674E
36 | PayloadVersion
37 | 1
38 | SkipCloudSetup
39 |
40 |
41 |
42 |
43 |
44 |
--------------------------------------------------------------------------------
/scripts/README.md:
--------------------------------------------------------------------------------
1 | # Scripts
2 |
3 | Scripts used to set up or configure services in a Mac Admin's environment or to interact with other parts of this repository.
4 |
5 |
6 | ## buildLaunchDPkg.py
7 |
8 | Builds an installer package for a LaunchDaemon/LaunchAgent using munkipkg.
9 |
10 |
11 | ## buildMunkiPkg.py
12 |
13 | Builds multiple packages at a time using munkipkg.
14 |
15 |
16 | ## munki_setup.sh
17 |
18 | Sets up a basic Munki server on Ubuntu 16.04.
19 |
20 |
21 | ## munkireport_setup.sh
22 |
23 | Sets up a basic MunkiReport-PHP server on Ubuntu 16.04.
24 |
--------------------------------------------------------------------------------
/scripts/buildLaunchDPkg.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # buildLaunchDPkg.py
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Written: 11/30/17
9 | # Updated: 12/01/17
10 | #
11 |
12 | """
13 | buildLaunchDPkg
14 |
15 | Packages a launchd LaunchDaemon/LaunchAgent into a
16 | pkg file using the munkipkg tool.
17 |
18 | https://github.com/munki/munki-pkg
19 |
20 | ---
21 | Arguments:
22 |
23 | -h, --help show the help message and exit
24 |
25 | -q, --quiet Suppress normal output messages. Errors will still be
26 | printed to stderr.
27 |
28 | -p PLIST, --plist PLIST
29 | The .plist file constituting the
30 | LaunchDaemon/LaunchAgent.
31 |
32 | -a (CURRENT LOCATION, INSTALL LOCATION), --additional_files (CURRENT LOCATION, INSTALL LOCATION)
33 | Additional files to be installed by the package. The
34 | first element should be the file's location; the
35 | second should be the location to be installed. You can
36 | use this argument multiple times to install multiple
37 | files.
38 |
39 | -t {agent,daemon}, --type {agent,daemon}
40 | Specifies whether the package should install a
41 | LaunchAgent or LaunchDaemon (defaults to
42 | LaunchDaemon).
43 |
44 | -v VERSION, --version VERSION
45 | The package version number (defaults to 1.0).
46 |
47 | -o OUTPUT, --output OUTPUT
48 | Output location (defaults to current directory).
49 | """
50 |
51 |
52 | # Import modules
53 |
54 | import os
55 | import time
56 | import plistlib
57 | import subprocess
58 | import argparse
59 | import shutil
60 | from random import randint
61 | from xml.parsers.expat import ExpatError
62 |
63 |
64 | # Functions
65 |
66 | def gather_launchdinfo(args):
67 | """Gathers info from input args"""
68 | launchdinfo = {}
69 |
70 | # Input info
71 | launchdinfo['type'] = args.type
72 | launchdinfo['version'] = args.version
73 | launchdinfo['plist'] = args.plist
74 |
75 | # Read plist
76 | try:
77 | launchdinfo['plistinfo'] = plistlib.readPlist(launchdinfo['plist'])
78 | except IOError:
79 | print 'ERROR: Plist file does not exist'
80 | exit()
81 | except ExpatError:
82 | print 'ERROR: Invalid .plist file'
83 | exit()
84 |
85 | # Name
86 | launchdinfo['name'] = launchdinfo['plistinfo']['Label']
87 |
88 | # Install location
89 | if launchdinfo['type'] == 'daemon':
90 | location = '/Library/LaunchDaemons/'
91 | else:
92 | location = '/Library/LaunchAgents/'
93 | launchdinfo['location'] = os.path.join(location, launchdinfo['name'])
94 |
95 | # Package name
96 | pkgname = launchdinfo['name'].split('.')[-1]
97 | launchdinfo['pkgname'] = pkgname + '-launch' + launchdinfo['type'] + '-${version}.pkg'
98 |
99 | # Package ID
100 | pkgid = launchdinfo['name'].split('.')
101 | pkgid.insert(-1, 'launch' + launchdinfo['type'])
102 | launchdinfo['pkgid'] = '.'.join(pkgid)
103 |
104 | # Additional payload files
105 | payload_files = args.additional_files
106 | launchdinfo['payload'] = []
107 | if payload_files is not None:
108 | for pfile in payload_files:
109 | payload_file_dict = {}
110 | payload_file_dict['file'] = pfile[0]
111 | payload_file_dict['name'] = os.path.basename(payload_file_dict['file'])
112 | payload_file_dict['location'] = pfile[1]
113 | launchdinfo['payload'].append(payload_file_dict)
114 |
115 | return launchdinfo
116 |
117 |
118 | def generate_postinstall_script(launchdinfo, pkg_directory):
119 | """Generate pkg postinstall script"""
120 | postinstall_payload = []
121 | for pfile in launchdinfo['payload']:
122 | postinstall_payload += [
123 | 'chmod 755 ',
124 | pfile['location'],
125 | '\n',
126 | 'chown root:wheel ',
127 | pfile['location'],
128 | '\n'
129 | ]
130 |
131 | if launchdinfo['type'] == 'agent':
132 | postinstall_unload_load = [
133 | '# Reload LaunchAgent\n'
134 | '\n',
135 | 'consoleuser=`/usr/bin/stat -f "%Su" /dev/console | /usr/bin/xargs /usr/bin/id -u`\n',
136 | '\n',
137 | 'if sudo -u \#$consoleuser bash -c "/bin/launchctl list | grep -Fq ',
138 | launchdinfo['name'],
139 | '"\n',
140 | 'then\n',
141 | ' /bin/launchctl bootout gui/$consoleuser ',
142 | launchdinfo['location'],
143 | '.plist\n',
144 | 'fi\n',
145 | '\n'
146 | 'if [ "$consoleuser" -eq 0 ]\n',
147 | 'then\n',
148 | ' exit 0\n',
149 | 'fi\n',
150 | '\n',
151 | '/bin/launchctl bootstrap gui/$consoleuser ',
152 | launchdinfo['location'],
153 | '.plist\n'
154 | ]
155 | else:
156 | postinstall_unload_load = [
157 | '# Reload LaunchDaemon\n'
158 | '\n',
159 | 'if launchctl list | grep -Fq "',
160 | launchdinfo['name'],
161 | '"\n',
162 | 'then\n',
163 | ' /bin/launchctl unload ',
164 | launchdinfo['location'],
165 | '.plist\n',
166 | 'fi\n',
167 | '\n'
168 | '/bin/launchctl load ',
169 | launchdinfo['location'],
170 | '.plist\n'
171 | ]
172 |
173 | postinstall_script = [
174 | '#!/bin/sh\n',
175 | '\n',
176 | '#\n',
177 | '# Postinstall script for ',
178 | launchdinfo['pkgid'],
179 | '\n',
180 | '#\n',
181 | '#\n',
182 | '# Generated using the buildLaunchDPkg\n',
183 | '# tool created by Jacob F. Grant\n',
184 | '#\n',
185 | '# https://github.com/jacobfgrant/mac-admin\n',
186 | '#\n',
187 | '# Created: ',
188 | time.strftime("%x"),
189 | '\n',
190 | '#\n',
191 | '\n',
192 | '\n',
193 | '# Set permissions\n'
194 | '\n',
195 | 'chmod 644 ',
196 | launchdinfo['location'],
197 | '.plist',
198 | '\n',
199 | 'chown root:wheel ',
200 | launchdinfo['location'],
201 | '.plist',
202 | '\n',
203 | '\n',
204 | ] + postinstall_payload + [
205 | '\n',
206 | '\n'
207 | ] + postinstall_unload_load
208 |
209 | output = os.path.join(pkg_directory, 'scripts', 'postinstall')
210 |
211 | with open(output, 'a') as script_file:
212 | for line in postinstall_script:
213 | script_file.write(line)
214 |
215 |
216 | def generate_buildinfo_plist(launchdinfo, pkg_directory):
217 | """Generate pkg build-info.plist"""
218 | buildinfo = {
219 | 'postinstall_action': 'none',
220 | 'name': launchdinfo['pkgname'],
221 | 'distribution_style': False,
222 | 'install_location': '/',
223 | 'version': launchdinfo['version'],
224 | 'identifier': launchdinfo['pkgid']
225 | }
226 | output = os.path.join(pkg_directory, 'build-info.plist')
227 |
228 | plistlib.writePlist(buildinfo, output)
229 |
230 |
231 | def create_pkg_directory(launchdinfo):
232 | """Creat package directory"""
233 | pkg_directory = (
234 | launchdinfo['name'].split('.')[-1] +
235 | '-' +
236 | ''.join(["%s" % randint(0, 9) for num in range(0, 5)])
237 | )
238 | pkg_directory = os.path.join('/tmp', pkg_directory)
239 |
240 | if os.path.exists(pkg_directory):
241 | create_pkg_directory(launchdinfo)
242 | else:
243 | os.makedirs(pkg_directory)
244 | os.makedirs(os.path.join(pkg_directory, 'scripts'))
245 | os.makedirs(os.path.join(
246 | pkg_directory,
247 | 'payload',
248 | os.path.dirname(launchdinfo['location']).lstrip('/')
249 | ))
250 | for pfile in launchdinfo['payload']:
251 | os.makedirs(os.path.join(
252 | pkg_directory,
253 | 'payload',
254 | os.path.dirname(pfile['location']).lstrip('/')
255 | ))
256 |
257 | return pkg_directory
258 |
259 |
260 | def build_pkg(pkg_directory, quiet):
261 | """Build pkg with munkipkg"""
262 | if quiet:
263 | return subprocess.call(['munkipkg', pkg_directory, '--quiet'])
264 | else:
265 | return subprocess.call(['munkipkg', pkg_directory])
266 |
267 |
268 | # Main Program
269 |
270 | def main():
271 | """Main function"""
272 | # Parse script arguments
273 | main_parser = argparse.ArgumentParser(
274 | description='Packages a launchd LaunchDaemon/LaunchAgent into a pkg file using the munkipkg tool.')
275 | main_parser.add_argument(
276 | '-q',
277 | '--quiet',
278 | action="store_true",
279 | help="Suppress normal output messages. Errors will still be printed to stderr.",
280 | )
281 | main_parser.add_argument(
282 | '-p',
283 | '--plist',
284 | help="The .plist file constituting the LaunchDaemon/LaunchAgent.",
285 | required=True
286 | )
287 | main_parser.add_argument(
288 | '-a',
289 | '--additional_files',
290 | metavar=('(CURRENT LOCATION,', 'INSTALL LOCATION)'),
291 | help="Additional files to be installed by the package. The first element should be the file's location; the second should be the location to be installed. You can use this argument multiple times to install multiple files.",
292 | action='append',
293 | nargs=2
294 | )
295 | main_parser.add_argument(
296 | '-t',
297 | '--type',
298 | choices=['agent', 'daemon'],
299 | help="Specifies whether the package should install a LaunchAgent or LaunchDaemon (defaults to LaunchDaemon).",
300 | default='daemon'
301 | )
302 | main_parser.add_argument(
303 | '-v',
304 | '--version',
305 | help="The package version number (defaults to 1.0).",
306 | default='1.0'
307 | )
308 | main_parser.add_argument(
309 | '-o',
310 | '--output',
311 | help="Output location (defaults to current directory).",
312 | default='.'
313 | )
314 | args = main_parser.parse_args()
315 | quiet = args.quiet
316 | output = args.output
317 |
318 | launchdinfo = gather_launchdinfo(args)
319 |
320 | pkg_directory = create_pkg_directory(launchdinfo)
321 | generate_postinstall_script(launchdinfo, pkg_directory)
322 | generate_buildinfo_plist(launchdinfo, pkg_directory)
323 | shutil.copy(
324 | launchdinfo['plist'],
325 | os.path.join(pkg_directory, 'payload', os.path.dirname(launchdinfo['location']).lstrip('/'))
326 | )
327 |
328 | for pfile in launchdinfo['payload']:
329 | shutil.copy(
330 | pfile['file'],
331 | os.path.join(pkg_directory, 'payload', os.path.dirname(pfile['location']).lstrip('/'))
332 | )
333 |
334 | build_pkg(pkg_directory, quiet)
335 |
336 | # Copy pkg file to output
337 | shutil.copy(
338 | os.path.join(
339 | pkg_directory,
340 | 'build',
341 | launchdinfo['pkgname'].replace('${version}', launchdinfo['version'])
342 | ),
343 | output
344 | )
345 |
346 |
347 | if __name__ == "__main__":
348 | main()
349 |
--------------------------------------------------------------------------------
/scripts/buildMunkiPkg.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # buildMunkiPkg.py
4 | #
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Written: 05/13/17
9 | # Updated: 08/28/17
10 | #
11 |
12 | """
13 | buildMunkiPkg
14 |
15 | A script to sync permissions and build all MacOS
16 | packages in a directory using the munkipkg tool.
17 |
18 | https://github.com/munki/munki-pkg
19 |
20 | Must be run with sudo.
21 | """
22 |
23 | import sys
24 | import os
25 | import subprocess
26 | import argparse
27 | import shutil
28 | import pwd
29 | import grp
30 |
31 |
32 | def inPath(exe):
33 | """Check PATH environment for executable."""
34 | for path in os.environ["PATH"].split(os.pathsep):
35 | path = path.strip('"')
36 | exe_path = os.path.join(path, exe)
37 | if os.path.isfile(exe_path):
38 | return exe_path
39 | return None
40 |
41 |
42 | def isPackage(pkgDir):
43 | """Check the contents of a directory for the files/directories required for munkipkg."""
44 | # Check for 'payload' or 'scripts' directories
45 | if not (os.path.isdir(os.path.join(pkgDir, 'payload')) or
46 | os.path.isdir(os.path.join(pkgDir, 'scripts'))
47 | ):
48 | print >> sys.stderr, "buildMunkiPkg:", pkgDir, "missing payload and scripts directories"
49 | return False
50 |
51 | # Check for 'Bom.txt'
52 | if not os.path.isfile(os.path.join(pkgDir, 'Bom.txt')):
53 | print >> sys.stderr, "buildMunkiPkg:", pkgDir, "missing Bom.txt"
54 | return False
55 |
56 | # Check for 'build-info[.plist][.json][.yml]'
57 | for ext in ['.plist', '.json', '.yml']:
58 | if os.path.isfile(os.path.join(pkgDir, ('build-info' + ext))):
59 | return True
60 |
61 | print >> sys.stderr, "buildMunkiPkg:", pkgDir, "missing build-info file"
62 | return False
63 |
64 |
65 | def syncPermissions(pkgDir, quiet=False):
66 | """Sync the permissions to files/directories from Bom.txt file."""
67 | if quiet:
68 | return subprocess.call(['munkipkg', '--sync', pkgDir, '--quiet'])
69 | else:
70 | return subprocess.call(['munkipkg', '--sync', pkgDir])
71 |
72 |
73 | def resetOwner(pkgDir, quiet=False):
74 | """Resets the ownership of package files/directories"""
75 | pkgUid = os.stat(pkgDir).st_uid
76 | pkgGid = os.stat(pkgDir).st_gid
77 | pkgName = pwd.getpwuid(pkgUid)[0]
78 | pkgGroup = grp.getgrgid(pkgGid)[0]
79 | if not quiet:
80 | print >> sys.stdout, "buildMunkiPkg: setting ownership of" + pkgDir + "to" + pkgName + ":" + pkgGroup
81 | for root, dirs, files in os.walk(pkgDir):
82 | for d in dirs:
83 | os.chown(os.path.join(root, d), pkgUid, pkgGid)
84 | for f in files:
85 | os.chown(os.path.join(root, f), pkgUid, pkgGid)
86 | return
87 |
88 |
89 | def makePackage(pkgDir, quiet=False):
90 | """Build munkipkg package."""
91 | if quiet:
92 | return subprocess.call(['munkipkg', pkgDir, '--quiet'])
93 | else:
94 | return subprocess.call(['munkipkg', pkgDir])
95 |
96 |
97 | def movePackage(buildLocation, pkgDir, quiet=False):
98 | """Move package file from munkipkg directory to central location."""
99 | # Check for build directory in pkgDir
100 | # Retun with error if does not exist
101 | pkgDirBuild = os.path.join(pkgDir, 'build')
102 | if not os.path.exists(pkgDirBuild):
103 | print >> sys.stderr, "buildMunkiPkg: no build directory in", pkgDir
104 | return
105 |
106 | pkgUid = os.stat(pkgDir).st_uid
107 | pkgGid = os.stat(pkgDir).st_gid
108 | pkgName = pwd.getpwuid(pkgUid)[0]
109 | pkgGroup = grp.getgrgid(pkgGid)[0]
110 |
111 | # Check for build directory in buildLocation
112 | # Create directory if does not exist
113 | buildLocationDir = os.path.join(buildLocation, 'build')
114 | if not os.path.exists(buildLocationDir):
115 | print >> sys.stdout, "buildMunkiPkg: creating ", buildLocationDir
116 | os.makedirs(buildLocationDir)
117 | os.chown(buildLocationDir, pkgUid, pkgGid)
118 |
119 | # Moves all files ending with '.pkg'
120 | # Deletes directory if empty
121 | isEmpty = False
122 | for pkg in os.listdir(pkgDirBuild):
123 | if pkg.endswith('.pkg'):
124 | oldPkg = os.path.join(pkgDirBuild, pkg)
125 | newPkg = os.path.join(buildLocationDir, pkg)
126 | os.rename(oldPkg, newPkg)
127 | os.chown(newPkg, pkgUid, pkgGid)
128 | if not quiet:
129 | print >> sys.stdout, "buildMunkiPkg:", pkg, "moved to", buildLocationDir
130 | else:
131 | isEmpty = True
132 | if not isEmpty:
133 | if not quiet:
134 | print >> sys.stdout, "buildMunkiPkg: removing empty directory", pkgDirBuild
135 | shutil.rmtree(pkgDirBuild)
136 | return
137 |
138 |
139 | def main():
140 | # Parse script arguments
141 | mainParser = argparse.ArgumentParser(
142 | description='Syncs permissions and builds multiple packages using the munkipkg tool.')
143 | mainParser.add_argument(
144 | '-q',
145 | '--quiet',
146 | action="store_true",
147 | help="Suppress normal output messages. Errors will still be printed to stderr."
148 | )
149 | mainParser.add_argument(
150 | '-o',
151 | '--owner',
152 | action="store_true",
153 | help=("Sets ownership of directories/files in packages to those specified in Bom.txt. "
154 | "If you do not include this option, files/directories will be reset to current owner.")
155 | )
156 | mainParser.add_argument(
157 | '-d',
158 | '--directory',
159 | help="Runs buildMunkiPkg.py on the given directory. Defaults to current directory.",
160 | default='.'
161 | )
162 | mainParser.add_argument(
163 | '-b',
164 | '--buildLocation',
165 | help="Location of directory with built packages. Defaults to current directory.",
166 | default='.'
167 | )
168 | args = mainParser.parse_args()
169 | quiet = args.quiet
170 | owner = args.owner
171 |
172 | # Check if script is running as root
173 | if os.geteuid() != 0:
174 | print >> sys.stderr, "This script must be run as root"
175 | return 1
176 |
177 | # Check if munkipkg executable is in PATH env
178 | exe_path = inPath('munkipkg')
179 | if not exe_path:
180 | print >> sys.stderr, "munkipkg not found in PATH"
181 | return 1
182 |
183 | # Check if given directories are really directories
184 | currentDir = args.directory
185 | buildLocation = args.buildLocation
186 | if not os.path.isdir(currentDir):
187 | print >> sys.stderr, currentDir, "is not a directory"
188 | return 1
189 | if not os.path.isdir(buildLocation):
190 | print >> sys.stderr, buildLocation, "is not a directory"
191 | return 1
192 |
193 | # Build packages
194 | if isPackage(currentDir):
195 | pkgDir = currentDir
196 | syncPermissions(pkgDir, quiet)
197 | makePackage(pkgDir, quiet)
198 | movePackage(buildLocation, pkgDir, quiet)
199 | if not owner:
200 | resetOwner(pkgDir, quiet)
201 | else:
202 | print >> sys.stdout, "buildMunkiPkg: examining directories in", currentDir
203 | for subDir in os.listdir(currentDir):
204 | pkgDir = os.path.join(currentDir, subDir)
205 | if os.path.isdir(pkgDir):
206 | if isPackage(pkgDir):
207 | syncPermissions(pkgDir, quiet)
208 | makePackage(pkgDir, quiet)
209 | movePackage(buildLocation, pkgDir, quiet)
210 | if not owner:
211 | resetOwner(pkgDir, quiet)
212 | return
213 |
214 |
215 | if __name__ == "__main__":
216 | main()
217 |
--------------------------------------------------------------------------------
/scripts/munki_setup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Sets up a basic Munki repo on
4 | # a new Ubuntu 16.04 Server.
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Written: 08/19/2016
9 | # Updated: 06/24/2017
10 | #
11 |
12 | # Installing required updates/software:
13 | sudo apt-get update
14 | sudo apt-get -y upgrade
15 | sudo apt-get -y install apache2-utils build-essential curl git nginx python samba
16 |
17 |
18 | # Setup the directories:
19 | sudo mkdir /srv/munki_repo
20 | ln -s /srv/munki_repo ~/
21 | cd /srv/munki_repo
22 | sudo mkdir catalogs client_resources icons manifests pkgs pkgsinfo
23 | cd
24 |
25 |
26 | # Creating the service accounts & set directory permissions:
27 | sudo addgroup --system munki
28 | sudo adduser --system munki --ingroup munki --no-create-home
29 | sudo usermod -aG munki $USER # Adds the current console user to munki group
30 | sudo usermod -aG munki www-data # Adds web user to munki group
31 | sudo chown -R munki:munki /srv/munki_repo
32 | sudo chmod -R 2774 /srv/munki_repo
33 |
34 |
35 | # Get IP address
36 | ipaddr=$(ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}')
37 |
38 |
39 | #cat > /etc/nginx/sites-enabled/default << EOL
40 | sudo bash -c "cat > /etc/nginx/sites-available/munki" << EOF
41 | server {
42 | listen 80 default_server;
43 | listen [::]:80 default_server;
44 |
45 | server_name ${ipaddr}; # Change this to your Munki FQDN
46 |
47 | root /usr/share/nginx/html;
48 | index index.php index.html index.htm;
49 |
50 | location /munki_repo/ {
51 | alias /srv/munki_repo/;
52 | autoindex off;
53 | #auth_basic "Restricted";
54 | #auth_basic_user_file /etc/nginx/.htpasswd;
55 | }
56 | }
57 | EOF
58 |
59 |
60 | # Configure nginx server block symlinks
61 | sudo ln -s /etc/nginx/sites-available/munki /etc/nginx/sites-enabled/munki
62 | sudo rm /etc/nginx/sites-enabled/default
63 |
64 |
65 | # Set up samba
66 | echo
67 | echo 'SMB password for munki user'
68 | sudo smbpasswd -a munki
69 |
70 |
71 | #cat >> /etc/samba/smb.conf << EOL
72 | sudo bash -c "cat >> /etc/samba/smb.conf" << EOL
73 | [munki_repo]
74 | path = /srv/munki_repo
75 | available = yes
76 | valid users = munki
77 | read only = no
78 | browseable = yes
79 | public = no
80 | writable = yes
81 | EOL
82 |
83 |
84 | # Restart services
85 | sudo systemctl restart nginx
86 | sudo systemctl restart smbd
87 |
--------------------------------------------------------------------------------
/scripts/munkireport_setup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Sets up Munkireport on a
4 | # a new Ubuntu 16.04 Server.
5 | #
6 | # Created by Jacob F. Grant
7 | #
8 | # Created: 02/19/2017
9 | # Updated: 06/24/2017
10 | #
11 |
12 | # Set variables
13 | MR_SQL_PASSWORD='munkireportmysqlpassword'
14 |
15 |
16 | # Installing required updates/software:
17 | sudo apt-get update
18 | sudo apt-get upgrade -y
19 | sudo apt-get install -y nginx php7.0-fpm php7.0-mysql php7.0-xml #php7.0-ldap
20 | # Note: php7.0-ldap only necessary if binding to AD/LDAP
21 |
22 |
23 | # Install MySQL & run installation script:
24 | sudo apt-get install -y mysql-client mysql-server
25 | sudo mysql_secure_installation
26 |
27 |
28 | # Create munkireport database:
29 | echo
30 | echo 'Enter MySQL root password to create munkireport MySQL user/database'
31 | echo \
32 | "CREATE DATABASE munkireport CHARACTER SET utf8 COLLATE utf8_bin;
33 | CREATE USER 'munkireport_user'@'localhost' IDENTIFIED BY '$MR_SQL_PASSWORD';
34 | GRANT ALL PRIVILEGES ON munkireport.* TO 'munkireport_user'@'localhost' IDENTIFIED BY '$MR_SQL_PASSWORD';
35 | FLUSH PRIVILEGES;" \
36 | | mysql -u root -p
37 |
38 |
39 | # Modify cgi.fix_pathinfo in php.ini:
40 | sudo sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php/7.0/fpm/php.ini
41 |
42 |
43 | # Install munkireport:
44 | sudo git clone https://github.com/munkireport/munkireport-php /usr/share/nginx/html/munkireport
45 | sudo ln -s /usr/share/nginx/html/munkireport ~/munkireport
46 |
47 |
48 | # Set up config.php:
49 | sudo bash -c "cat > /usr/share/nginx/html/munkireport/config.php" << EOF
50 | 25, 'warning' => 100);
70 | \$conf['keep_previous_displays'] = TRUE;
71 |
72 | // Require HTTPS
73 | //\$conf['auth_secure'] = TRUE;
74 |
75 | /*
76 | |===============================================
77 | | Authorized Users of Munki Report
78 | |===============================================
79 | | Visit http://yourserver.example.com/munkireport/index.php?/auth/generate to generate additional local values
80 | */
81 | \$auth_config['root'] = '\$P\$BUqxGuzR2VfbSvOtjxlwsHTLIMTmuw0'; // Password is root
82 |
83 | // MunkiReport Admins
84 | //\$conf['roles']['admin'] = array();
85 |
86 | // MunkiReport Users
87 | //\$conf['roles']['user'] = array();
88 |
89 | // Client Secret Passphrase
90 | //\$conf['client_passphrases'] = array();
91 |
92 | /*
93 | |===============================================
94 | | PDO Datasource
95 | |===============================================
96 | */
97 | \$conf['pdo_dsn'] = 'mysql:host=localhost;dbname=munkireport';
98 | \$conf['pdo_user'] = 'munkireport_user';
99 | \$conf['pdo_pass'] = '${MR_SQL_PASSWORD}';
100 | \$conf['pdo_opts'] = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');
101 | EOF
102 |
103 |
104 | # Get IP address
105 | ipaddr=$(ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}')
106 |
107 |
108 | # Configure nginx:
109 | sudo bash -c "cat > /etc/nginx/sites-available/munkireport" << EOF
110 | server {
111 | listen 80 default_server;
112 | listen [::]:80 default_server;
113 |
114 | server_name ${ipaddr}; # Change this to your Munkireport FQDN
115 |
116 | root /usr/share/nginx/html;
117 | index index.php index.html index.htm;
118 |
119 | error_page 404 /404.html;
120 | error_page 500 502 503 504 /50x.html;
121 | location = /50x.html {
122 | root /usr/share/nginx/html;
123 | }
124 |
125 | location /munkireport {
126 | try_files \$uri \$uri/ =404;
127 | }
128 |
129 | location ~ \.php$ {
130 | try_files \$uri =404;
131 | fastcgi_split_path_info ^(.+\.php)(/.+)$;
132 | fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
133 | fastcgi_index index.php;
134 | fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
135 | include fastcgi_params;
136 | }
137 |
138 | }
139 | EOF
140 |
141 |
142 | # Configure nginx server block symlinks
143 | sudo ln -s /etc/nginx/sites-available/munkireport /etc/nginx/sites-enabled/munkireport
144 | sudo rm /etc/nginx/sites-enabled/default
145 |
146 |
147 | # Modify nginx.conf:
148 | sudo sed -i 's:default_type application/octet-stream;:#default_type application/octet-stream;:' /etc/nginx/nginx.conf
149 |
150 |
151 | # Restart services
152 | sudo systemctl restart nginx
153 | sudo systemctl restart php7.0-fpm
154 |
--------------------------------------------------------------------------------