├── .gitignore ├── UArts Scripts (Archived) ├── Rename Parallels VM │ ├── firstrun.bat │ ├── FirstRun.reg │ ├── autoLogin.bat │ ├── getHostname.sh │ ├── RenameVMfromMAC.ps1 │ └── README.md ├── wacom_cleanup.sh ├── removeBambooDrivers.sh ├── removeIntuosCintiqDrivers.sh ├── repairStudentReceipt.sh ├── DEP Scripts │ ├── README.md │ ├── com.uarts.launch.plist │ ├── dep-facstaff-postinstall.sh │ ├── dep-public-postinstall.sh │ ├── DEP-DEPNotify-assignAndRename.sh │ ├── DEP-DEPNotify-firstRunFACSTAFF.sh │ ├── com.uarts.DEPprovisioning.facstaff │ └── com.uarts.DEPprovisioning.public ├── remove-non-local-users.sh ├── OS-out-of-date.sh ├── login-ableton_db.sh ├── killBrowsers.sh ├── set-ComputerName-EA.sh ├── set-Cohort-EA.sh ├── autoAddZAppGroup.sh ├── add-office-icons.sh ├── Microsoft-Office-2016-prefs.sh ├── remove-AWCapp.sh ├── rename-Machine-by-User.sh ├── remove-macKeeperApp.sh ├── symantec-nag.sh ├── autoAddPublicCohort.sh ├── Adobe-RUMWithProgress-cocoadialog.sh ├── autoAddStaticGroup.sh └── dockMaster.sh ├── LICENSE ├── README.md ├── Adobe-RUMWithProgress-jamfhelper.sh └── Jamf Large Install Helper.sh /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | .DS_Store 3 | install-CHECKOUT-software.sh 4 | install-OFFICE-software.sh 5 | install-PUBLIC-software.sh 6 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/Rename Parallels VM/firstrun.bat: -------------------------------------------------------------------------------- 1 | powershell.exe -executionpolicy unrestricted -file C:\Users\Public\RenameVMfromMAC.ps1 -------------------------------------------------------------------------------- /UArts Scripts (Archived)/Rename Parallels VM/FirstRun.reg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jmahlman/Mac-Admin-Scripts/HEAD/UArts Scripts (Archived)/Rename Parallels VM/FirstRun.reg -------------------------------------------------------------------------------- /UArts Scripts (Archived)/wacom_cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [[ ! -e "/Install Wacom Tablet.pkg" ]]; then 4 | rm -Rf /ChineseS 5 | rm -Rf /ChineseT 6 | rm -Rf /Dutch 7 | rm -Rf /English 8 | rm -Rf /French 9 | rm -Rf /German 10 | rm -Rf /Italian 11 | rm -Rf /Japanese 12 | rm -Rf /Korean 13 | rm -Rf /Polish 14 | rm -Rf /Portuguese 15 | rm -Rf /Russian 16 | rm -Rf /Spanish 17 | rm -Rf "/Install Wacom Tablet.pkg" 18 | exit 0 19 | else 20 | echo "Files not found" 21 | exit 0 22 | fi 23 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/removeBambooDrivers.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Last Updated: 12/13/16 6 | # 7 | # Name: removeBambooDrivers.sh 8 | # 9 | # Purpose: Remove the Wacom Bamboo drivers if installed 10 | 11 | bambooApp="/Applications/Pen Tablet.localized/Pen Tablet Utility.app" 12 | 13 | if [[ -e $bambooApp ]]; then 14 | echo "Bamboo app found, removing." 15 | /usr/bin/perl "$bambooApp/Contents/Resources/uninstall.pl" 16 | else 17 | echo "Bamboo app not found, nothing to remove." 18 | exit 0 19 | fi 20 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/Rename Parallels VM/autoLogin.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | REM -------------------------------------------------------------------------------- 4 | REM Enable Auto login 5 | REM -------------------------------------------------------------------------------- 6 | reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AutoAdminLogon" /t REG_DWORD /d 1 /f 7 | reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultUserName" /t REG_SZ /d "UArts-User" /f 8 | reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultPassword" /t REG_SZ /d "" /f -------------------------------------------------------------------------------- /UArts Scripts (Archived)/removeIntuosCintiqDrivers.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Last Updated: 12/13/16 6 | # 7 | # Name: removeIntuosCintiqDrivers.sh 8 | # 9 | # Purpose: Remove the Intuos/Cintiq Bamboo drivers if installed 10 | 11 | 12 | isApp="/Applications/Wacom Tablet.localized/Wacom Tablet Utility.app" 13 | 14 | if [[ -e $isApp ]]; then 15 | echo "Intuos/Cintiq app found, removing." 16 | /usr/bin/perl "$isApp/Contents/Resources/uninstall.pl" 17 | else 18 | echo "Intuos/Cintiq app not found, nothing to remove." 19 | exit 0 20 | fi 21 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/repairStudentReceipt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: repairStudentReceipt.sh 6 | # 7 | # Purpose: Removes any receipts and imaging completed files for a machine 8 | # if a student accidentally migrates data from a Checkout machine to personal 9 | # 10 | # Changelog 11 | # 10/24/17: - Creation of script 12 | 13 | 14 | if [ -d /Library/JAMF\ DM/ ]; then 15 | rm -Rf /Library/JAMF\ DM/ 16 | else 17 | break 18 | fi 19 | 20 | if [ -e /var/imagingCompleted ]; then 21 | rm -Rf /var/imagingCompleted 22 | else 23 | break 24 | fi 25 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/DEP Scripts/README.md: -------------------------------------------------------------------------------- 1 | # DEP scripts 2 | 3 | These scripts are used for our DEP deployments. There are two because one (the FACSTAFF one) was a proof of concept and the PUBLIC 4 | one was made after. 5 | 6 | For more information on how to use these you can head over to my [blog post](https://yearofthegeek.net/2018/05/updating-our-depnotify-process/) about it. There is also a presentation video from the 7 | Greater Philadelphia MacAdmins [here](https://youtu.be/Jk5Snii-nWA?t=32m40s). 8 | 9 | Eventually, these scripts will be merged into one deployment method. You can find that repo [here](https://github.com/jmahlman/DEPNotify-automated). 10 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/Rename Parallels VM/getHostname.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Last Updated: 5/10/16 6 | # 7 | # Name: getHostname 8 | # 9 | # Purpose: Gets local hostname and drops it into a file. This was created for a greater purpose: 10 | # Renaming a Parallels VM automatically. See more here: https://github.com/jmahlman/uarts-scripts/tree/master/Rename%20Parallels%20VM 11 | # 12 | # 13 | localName='scutil --get LocalHostName' 14 | ########## 15 | # Script # 16 | ########## 17 | if [ ! -d /Users/Shared ]; then 18 | mkdir /Users/Shared 19 | fi 20 | 21 | $localName | head -c 12 > /Users/Shared/hostname 22 | chmod 777 /Users/Shared/hostname -------------------------------------------------------------------------------- /UArts Scripts (Archived)/Rename Parallels VM/RenameVMfromMAC.ps1: -------------------------------------------------------------------------------- 1 | if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { 2 | Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit 3 | } 4 | 5 | $hostMac = Get-Content \\Mac\Shared\hostname 6 | $newName = "vm-$hostMac" 7 | 8 | echo "Renaming Compter to $newName" 9 | Rename-Computer -NewName $newName 10 | 11 | echo "Setting up UArts-User account to auto-login with no password." 12 | cmd.exe /c 'C:\Users\Public\autoLogin.bat' 13 | 14 | echo "RESTARTING VIRTUAL MACHINE NOW!!!!!!!!" 15 | sleep 1 16 | echo "The answer is 42" 17 | Restart-Computer 18 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/DEP Scripts/com.uarts.launch.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | GroupName 6 | wheel 7 | InitGroups 8 | 9 | Label 10 | com.uarts.launch 11 | Program 12 | /var/tmp/com.uarts.DEPprovisioning.facstaff 13 | RunAtLoad 14 | 15 | StartInterval 16 | 10 17 | UserName 18 | root 19 | StandardErrorPath 20 | /var/tmp/depnotify.launch.err 21 | StandardOutPath 22 | /var/tmp/depnotify.launch.out 23 | 24 | 25 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/DEP Scripts/dep-facstaff-postinstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ## postinstall 3 | 4 | echo "disable auto updates ASAP" >> /var/log/jamf.log 5 | /usr/sbin/softwareupdate --schedule off 6 | 7 | # Disable diagnostic data 8 | SUBMIT_DIAGNOSTIC_DATA_TO_APPLE=FALSE 9 | SUBMIT_DIAGNOSTIC_DATA_TO_APP_DEVELOPERS=FALSE 10 | 11 | ## Make the main script executable 12 | echo "setting main script permissions" >> /var/log/jamf.log 13 | chmod a+x /var/tmp/com.uarts.DEPprovisioning.facstaff.sh 14 | 15 | ## Set permissions and ownership for launch daemon 16 | echo "set LaunchDaemon permissions" >> /var/log/jamf.log 17 | chmod 644 /Library/LaunchDaemons/com.uarts.launch.plist 18 | chown root:wheel /Library/LaunchDaemons/com.uarts.launch.plist 19 | 20 | ## Load launch daemon into the Launchd system 21 | echo "load LaunchDaemon" >> /var/log/jamf.log 22 | launchctl load /Library/LaunchDaemons/com.uarts.launch.plist 23 | 24 | exit 0 ## Success 25 | exit 1 ## Failure 26 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/remove-non-local-users.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Last Updated: 6/15/16 6 | # 7 | # Name: remove-non-local-users 8 | # 9 | # Purpose: Removes all non-local accounts on machines to help stop HDs from filling up 10 | # Will spare the 'macadmin,' 'student,' and 'Shared' home directories. 11 | # 12 | # 13 | users=`find /Users -type d -maxdepth 1 | cut -d"/" -f3` 14 | # you can edit this to remove only accounts that haven't logged in for x days: add '-mtime +<# of days>' after maxdepth 15 | 16 | ########## 17 | # Script # 18 | ########## 19 | for i in $users; do 20 | if [[ $i = "macadmin" ]] || [[ $i = "Shared" ]] || [[ $i = "student" ]]; then continue 21 | else 22 | jamf deleteAccount -username $i -deleteHomeDirectory 23 | rm -Rf /Users/$i 24 | fi 25 | done 26 | # Remove the student home directory but leave the account at the end. 27 | rm -Rf /Users/student 28 | 29 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/OS-out-of-date.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: OS-Out-of-date 6 | # 7 | # Purpose: This literally just gets the currently running OS and alerts the user that they should update. 8 | # 9 | # Changelog 10 | # 11 | # 1/8/18 - Newly created script 12 | # 13 | # 14 | 15 | jamf_bin=$(/usr/bin/which jamf) 16 | osvers_major=$(sw_vers -productVersion | awk -F. '{print $1}') 17 | osvers_minor=$(sw_vers -productVersion | awk -F. '{print $2}') 18 | 19 | if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -lt 11 ]]; then 20 | $jamf_bin displayMessage -message \ 21 | "You are currently running Mac OS version $osvers_major.$osvers_minor, you should be running at least Mac OS 10.11 to install most software. 22 | 23 | It is HIGHLY recommended that you update to Mac OS 10.12 or newer. 24 | 25 | You can upgrade to free using the Mac App Store. If you need assistance, please visit the OTIS Help Desk." 26 | fi 27 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 John Mahlman 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/login-ableton_db.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Last Updated: 5/10/16 6 | # 7 | # Name: login-ableton_db 8 | # 9 | # Purpose: Login script for copying and editing Ableton Live database files to match new users 10 | # $3 is current username as defined by Casper Suite. Obviously this can be changed to $USER is you want to use this standalone 11 | # 12 | # NOTE: This script actually edits the db file! 13 | # 14 | # HEY GUESS WHAT? THIS DOESN'T ACTUALLY WORK. WELL, THE SCRIPT WORKS FINE BUT ABLETON WILL STILL RE-INDEX UNLESS YOU GET LUCKY. 15 | # SO...THIS SCRIPT IS KINDA USELESS. BUT I'LL STILL KEEP IT AROUND..MAYBE I CAN FIGURE OUT HOW TO ACTUALLY EDIT THE DB FILE PROPERLY. 16 | # 17 | # 18 | db='/Users/Shared/Database' 19 | 20 | ########## 21 | # Script # 22 | ########## 23 | if [ -d $db/macadmin ] ; then # We need to make sure that the macadmin database is on the local machine first 24 | if [ ! -d $db/$3 ] ; then # If it is, does this user already have a database? If so, just skip it, it not... 25 | cp -R $db/macadmin $db/$3 # Copy that folder with the new username 26 | chown -R $3 $db/$3 # Give the user ownership 27 | LANG=C sed -i "" "s/macadmin/$3/g" $db/$3/Live\ 9.5/Database/files.db 28 | # ^ the "fun" part; replace all instances of "macadmin" in the db file with the new username. 29 | fi 30 | fi 31 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/killBrowsers.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Last Updated: 12/13/16 6 | # 7 | # Name: killBrowsers.sh 8 | # 9 | # Purpose: This script will kill all browsers in our environment if the user has been idle for 10 minutes. 10 | # (I wrote this because we have people complaining about the browsers keeping their accounts logged in 11 | # which is actually a problem of users not quitting browsers when done. It just checks idle time and if 12 | # a browser is running and kills it.) I run this at every check-in. 13 | # 14 | # get idle time in seconds 15 | idleTime=`/usr/sbin/ioreg -c IOHIDSystem | /usr/bin/awk '/HIDIdleTime/ {print int($NF/1000000000); exit}'` 16 | # get Chrome pid (is it running?) 17 | chromeOn=`ps -A | grep -m1 '[G]oogle Chrome' | awk '{print $1}'` 18 | # get Sarafi pid (is it running?) 19 | safariOn=`ps -A | grep -m1 [S]afari | awk '{print $1}'` 20 | # get Firefox pid (is it running?) 21 | firefoxOn=`ps -A | grep -m1 [f]irefox | awk '{print $1}'` 22 | 23 | 24 | if [[ $idleTime -ge "600" ]]; then 25 | if [[ $chromeOn != "" ]]; then 26 | echo "Killing Chrome" 27 | killall "Google Chrome" 28 | else 29 | echo "Chrome not running." 30 | fi 31 | if [[ $safariOn != "" ]]; then 32 | echo "Killing Safari" 33 | killall Safari 34 | else 35 | echo "Safari not running." 36 | fi 37 | if [[ $firefoxOn != "" ]]; then 38 | echo "Killing Firefox" 39 | killall firefox 40 | else 41 | echo "Firefox not running." 42 | fi 43 | fi -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Mac Admin Scripts 2 | 3 | Ths is a repo of scripts that I have written for various needs as a Mac Admin. Lots of shell scripts. If it's in anything marked "Archived" or in a folder with "Archived" means I don't update those anymore. 4 | 5 | ## Info about the scripts I have here 6 | 7 | * __Adobe-RUMWithProgress-jamfhelper__: This script uses jamfhelper to show which updates are available for Adobe CC and asks if they would like to install those updates. If they choose to install updates it will begin installing updates. 8 | 9 | * __Jamf Large Install Helper__: This script will be used to show a user the progress of large installs using DEPNotify and Jamf policies. Will show the user a download and install progress dialog (as well as runs some checks) instead of just a spinning circle in Self Service. I wrote this to use with Jamf but I'm sure it can be altered for other tools. 10 | * This script also takes a long of Jamf parameters: 11 | * Parameter 4: Friendly Application Name (ex: _Apple Xcode_) 12 | * Parameter 5: Jamf Trigger for caching package( (ex: _cache-xcode_) Note this has to be a policy to CACHE a package, not install. 13 | * Parameter 6: Package Name (with .pkg) (ex: _Apple-Xcode-13.3.1.pkg_) 14 | * Parameter 7: Package size in KB (whole numbers only) (ex: _16013572_) I get this with `$PACKAGENAME | awk '{ print $5 }' | awk '{$1/=1024;printf "%.i\n",$1}'` 15 | * Parameter 8: Minimum drive space required (default 5) (ex: _45_) 16 | * Parameter 9: Extended timeout time in seconds (default 60) (ex: _10_) How long to wait for the download to start before failing 17 | 18 | If you find any of these helpful, feel free to drop me a comment in the macadmins slack, my username is jmahlman. -------------------------------------------------------------------------------- /UArts Scripts (Archived)/set-ComputerName-EA.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: EA-computerName 6 | # 7 | # Purpose: Update our Computer Name receipt EA via the API. 8 | # 9 | # 10 | # Changelog 11 | # 12 | # 7/27/18 - New script 13 | # 14 | # Get the JSS URL from the Mac's jamf plist file 15 | if [ -e "/Library/Preferences/com.jamfsoftware.jamf.plist" ]; then 16 | JSSURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url) 17 | else 18 | echo "No JSS server set. Exiting..." 19 | exit 1 20 | fi 21 | # Define API username and password information & JSS Group name from passed parameters 22 | if [ ! -z "$4" ]; then 23 | APIUSER="$4" 24 | else 25 | echo "No value passed to $4 for api username. Exiting..." 26 | exit 1 27 | fi 28 | 29 | if [ ! -z "$5" ]; then 30 | APIPASS="$5" 31 | else 32 | echo "No value passed to $5 for api password. Exiting..." 33 | exit 1 34 | fi 35 | 36 | serial=$(ioreg -rd1 -c IOPlatformExpertDevice | awk -F'"' '/IOPlatformSerialNumber/{print $4}') 37 | 38 | if [ -f /Library/JAMF\ DM/ComputerName/ComputerName.txt ]; then 39 | computerName=$(cat /Library/JAMF\ DM/ComputerName/ComputerName.txt) 40 | else 41 | computerName="" 42 | fi 43 | 44 | # Create xml 45 | cat << EOF > /var/tmp/name.xml 46 | 47 | 48 | 49 | New Computer Name 50 | $computerName 51 | 52 | 53 | 54 | EOF 55 | ## Upload the xml file 56 | /usr/bin/curl -sfku "$APIUSER":"$APIPASS" "$JSSURL"JSSResource/computers/serialnumber/"$serial" -H "Content-type: text/xml" -T /var/tmp/name.xml -X PUT 57 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/set-Cohort-EA.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: EA-cohort 6 | # 7 | # Purpose: Update our Computer Cohort receipt EA via the API. 8 | # 9 | # 10 | # Changelog 11 | # 12 | # 7/27/18 - New script 13 | # 14 | # Get the JSS URL from the Mac's jamf plist file 15 | if [ -e "/Library/Preferences/com.jamfsoftware.jamf.plist" ]; then 16 | JSSURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url) 17 | else 18 | echo "No JSS server set. Exiting..." 19 | exit 1 20 | fi 21 | # Define API username and password information & JSS Group name from passed parameters 22 | if [ ! -z "$4" ]; then 23 | APIUSER="$4" 24 | else 25 | echo "No value passed to $4 for api username. Exiting..." 26 | exit 1 27 | fi 28 | 29 | if [ ! -z "$5" ]; then 30 | APIPASS="$5" 31 | else 32 | echo "No value passed to $5 for api password. Exiting..." 33 | exit 1 34 | fi 35 | 36 | serial=$(ioreg -rd1 -c IOPlatformExpertDevice | awk -F'"' '/IOPlatformSerialNumber/{print $4}') 37 | 38 | if [ -f /Library/JAMF\ DM/Cohort/*.txt ]; then 39 | cohort=$(head -n 1 /Library/JAMF\ DM/Cohort/*.txt) 40 | elif [-f /Library/JAMF\ DM/*.txt]; then 41 | cohort=$(head -n 1 /Library/JAMF\ DM/*.txt) 42 | else 43 | cohort="" 44 | fi 45 | 46 | # Create xml 47 | cat << EOF > /var/tmp/cohort.xml 48 | 49 | 50 | 51 | New Cohort 52 | $cohort 53 | 54 | 55 | 56 | EOF 57 | ## Upload the xml file 58 | /usr/bin/curl -sfku "$APIUSER":"$APIPASS" "$JSSURL"JSSResource/computers/serialnumber/"$serial" -H "Content-type: text/xml" -T /var/tmp/cohort.xml -X PUT 59 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/Rename Parallels VM/README.md: -------------------------------------------------------------------------------- 1 | # uarts-scripts/Rename Parallels VM 2 | 3 | I made this in order to get the name from a mac host and rename a parallels VM running windows 11. This was made to work with Casper Suite but you can probably use it with other systems. 4 | 5 | Note that I've never written PowerShells scripts before, this is my first. 6 | 7 | # Usage 8 | 9 | 1. Create a VM with your users: Admin and Standard, log into both so initial creation is complete already 10 | 1. Make sure the VM has access to the mac folder /Users/Shared/, this is where "getHostname.sh" drops the hostname file, you can change it if you want, but you also have to change the PowerShell script 11 | 1. Set the windows administrator account to auto-login (You need admin privileges) 12 | 1. Drop "firstrun.bat", "autoLogin.bat", and "RenameVMfromMAC.ps1" into "C:/Users/Public/" 13 | 1. When you are completely updated and ready to roll in Windows, run the "FirstRun.reg" file. This creates a RunOnce object in the registry that will run the "firstrun.bat" file on the next reboot 14 | 1. Shutdown the VM 15 | 1. Package your VM and parallels however you prefer and upload to your JSS along with "getHostname.sh" 16 | 1. In your JSS, make a policy that installs your Parallels package and runs "getHostName.sh" (before or after is fine) 17 | 1. When the user starts the VM up it will automatically log in as the admin, run the batch file which calls "RenameVMfromMAC.ps1" and will show the name change progress, set the standard user to automatically login (you can change this also), and reboots the machine, no user intervention is needed unless.... 18 | 1. Note that this script does truncate your hostame if it’s too long for a NetBIOS name; since “vm-” takes 3 chars away your name would be shortened to 12 characters. 19 | 1. Once rebooted the VM is named vm-\ and the standard user now automatically logs in 20 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/autoAddZAppGroup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # autoAddZAppGroup.sh 4 | # 5 | # 6 | # Cut from scripts created by Mario Lopez and John Mahlman hacked together by Tom Cason in 08-25-16 7 | # 8 | # This script is designed to detect the room that a computer is 9 | # located in and automatically assign the appropriate cohort and app group 10 | # using a policy triggered by a JAMF "custom event". 11 | # 12 | 13 | ############### 14 | # Functions # 15 | ############### 16 | 17 | 18 | voice () { 19 | echo "Voice" > /Library/JAMF\ DM/AppGroup/AppGroup.txt 20 | } 21 | 22 | animation () { 23 | echo "Animation" > /Library/JAMF\ DM/AppGroup/AppGroup.txt 24 | } 25 | 26 | photo () { 27 | echo "Photo" > /Library/JAMF\ DM/AppGroup/AppGroup.txt 28 | } 29 | 30 | ############### 31 | # Variables # 32 | ############### 33 | 34 | # Get room number from computer name. 35 | roomNumber=`scutil --get ComputerName | awk 'BEGIN {FS="-"} END {print $1}' | tr "[a-z]" "[A-Z]"` 36 | 37 | 38 | # AppGroup room assignment 39 | AppGroupVoice=(T608 T612 T614 T616 T618 T620 T700 T709) 40 | AppGroupAnimation=(T1403 T1405 T1407 T1409 T1412 T1414 T1415 T1416 T1421 T1423 T1425 T1425C T1425B) 41 | AppGroupPhoto=(T1506 T1513 T1504 T1402) 42 | 43 | ############ 44 | # Script # 45 | ############ 46 | 47 | # Make "JAMF DM" directory and hide it. 48 | mkdir /Library/JAMF\ DM 49 | mkdir /Library/JAMF\ DM/Cohort 50 | mkdir /Library/JAMF\ DM/AppGroup 51 | chflags hidden /Library/JAMF\ DM 52 | 53 | # Automatically choose the appropriate Cohort based on room number. 54 | 55 | if [[ " ${AppGroupVoice[@]} " =~ " ${roomNumber} " ]]; then 56 | voice 57 | 58 | elif [[ " ${AppGroupPhoto[@]} " =~ " ${roomNumber} " ]]; then 59 | photo 60 | 61 | elif [[ " ${AppGroupAnimation[@]} " =~ " ${roomNumber} " ]]; then 62 | animation 63 | 64 | else 65 | echo "$roomNumber does not match any specialty app group. No app group will be added." 66 | exit 0 67 | 68 | fi 69 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/add-office-icons.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Last Updated: 5/27/16 6 | # 7 | # Name: add-office-icons 8 | # 9 | # Purpose: Adds office icons to dock using dockutil after installing Office 2016 10 | # Also installs dockutil if it's not found 11 | # 12 | # Changelog 13 | # 9/5/17: - Fixed a double negative if-statement 14 | # 15 | 16 | jamfbinary=$(/usr/bin/which jamf) 17 | 18 | # Make sure we have dockutil, install it if we don't 19 | if [ ! -f "/usr/local/bin/dockutil" ]; then 20 | echo "Installing DockUtil from JSS" 21 | "$jamfbinary" policy -event dockutil 22 | if [ ! -f "/usr/local/bin/dockutil" ]; then 23 | echo "Unable to install DockUtil, aborting!" 24 | exit 1 25 | fi 26 | fi 27 | du="/usr/local/bin/dockutil" 28 | 29 | # Get the current user 30 | if [ ! -z "$3" ]; then 31 | user=$3 32 | else 33 | user=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");') 34 | fi 35 | 36 | ########## 37 | # Script # 38 | ########## 39 | 40 | # Add dock icons only if word is installed (this happens after a full install, so if that's installed, they're all installed) 41 | if [ -e "/Applications/Microsoft Word.app" ]; then 42 | echo "Adding Office 2016 apps to dock" 43 | sleep 3 44 | $du --add "/Applications/Microsoft Word.app" --replacing "Microsoft Word" --no-restart /Users/$user 45 | $du --add "/Applications/Microsoft Excel.app" --replacing "Microsoft Excel" --no-restart /Users/$user 46 | $du --add "/Applications/Microsoft Outlook.app" --replacing "Microsoft Outlook" --no-restart /Users/$user 47 | $du --add "/Applications/Microsoft Powerpoint.app" --replacing "Microsoft Powerpoint" --no-restart /Users/$user 48 | # Restart the dock when done 49 | sleep 3 50 | killall Dock 51 | exit 0 52 | else 53 | echo "Office 2016 not installed! Exiting." 54 | exit 1 55 | fi 56 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/Microsoft-Office-2016-prefs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Original script by Rich Trouton: https://derflounder.wordpress.com/2016/01/17/suppressing-office-2016s-first-run-dialog-windows/#more-7666 4 | # 5 | # Customized by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 6 | # Last Updated: 5/17/16 7 | # 8 | # Name: Microsoft-Office-2016-DisableFirstRun 9 | # 10 | # Purpose: Disables office 2016 first run 11 | # 12 | 13 | echo "Disabling First Run" 14 | 15 | # disable first-run dialogs 16 | submit_diagnostic_data_to_microsoft=false 17 | 18 | DisableOffice2016FirstRun() 19 | { 20 | # This function will disable the first run dialog windows for all Office 2016 apps. 21 | # It will also set the desired diagnostic info settings for Office application. 22 | defaults write /Library/Preferences/com.microsoft."$app" kSubUIAppCompletedFirstRunSetup1507 -bool true 23 | defaults write /Library/Preferences/com.microsoft."$app" SendAllTelemetryEnabled -bool "$submit_diagnostic_data_to_microsoft" 24 | 25 | # Outlook and OneNote require one additional first run setting to be disabled 26 | if [[ $app == "Outlook" ]] || [[ $app == "onenote.mac" ]]; then 27 | defaults write /Library/Preferences/com.microsoft."$app" FirstRunExperienceCompletedO15 -bool true 28 | fi 29 | } 30 | 31 | # Run the DisableOffice2016FirstRun function for each detected Office 2016 32 | # application to disable the first run dialogs for that Office 2016 application. 33 | if [[ -e "/Applications/Microsoft Excel.app" ]]; then 34 | app=Excel 35 | DisableOffice2016FirstRun 36 | fi 37 | 38 | if [[ -e "/Applications/Microsoft OneNote.app" ]]; then 39 | app=onenote.mac 40 | DisableOffice2016FirstRun 41 | fi 42 | 43 | if [[ -e "/Applications/Microsoft Outlook.app" ]]; then 44 | app=Outlook 45 | DisableOffice2016FirstRun 46 | fi 47 | 48 | if [[ -e "/Applications/Microsoft PowerPoint.app" ]]; then 49 | app=Powerpoint 50 | DisableOffice2016FirstRun 51 | fi 52 | 53 | if [[ -e "/Applications/Microsoft Word.app" ]]; then 54 | app=Word 55 | DisableOffice2016FirstRun 56 | fi 57 | 58 | # Quit the script without errors. 59 | exit 0 -------------------------------------------------------------------------------- /UArts Scripts (Archived)/DEP Scripts/dep-public-postinstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ## postinstall 3 | 4 | echo "disable auto updates ASAP" >> /var/log/jamf.log 5 | # Disable Software Updates during imaging 6 | /usr/sbin/softwareupdate --schedule off 7 | 8 | echo "set power management" >> /var/log/jamf.log 9 | #set power management settings 10 | pmset -c displaysleep 60 disksleep 0 sleep 0 womp 0 ring 0 autorestart 0 halfdim 1 sms 1 11 | pmset -b displaysleep 5 disksleep 1 sleep 10 womp 0 ring 0 autorestart 0 halfdim 1 sms 1 12 | 13 | # Disable diagnostic data 14 | SUBMIT_DIAGNOSTIC_DATA_TO_APPLE=FALSE 15 | SUBMIT_DIAGNOSTIC_DATA_TO_APP_DEVELOPERS=FALSE 16 | 17 | ## Make the main script executable 18 | echo "setting main script permissions" >> /var/log/jamf.log 19 | chmod a+x /var/tmp/com.uarts.DEPprovisioning.public.sh 20 | 21 | ## Set permissions and ownership for launch daemon 22 | echo "set LaunchDaemon permissions" >> /var/log/jamf.log 23 | chmod 644 /Library/LaunchDaemons/com.uarts.launch.plist 24 | chown root:wheel /Library/LaunchDaemons/com.uarts.launch.plist 25 | 26 | ## Load launch daemon into the Launchd system 27 | echo "load LaunchDaemon" >> /var/log/jamf.log 28 | launchctl load /Library/LaunchDaemons/com.uarts.launch.plist 29 | 30 | # We have to wait for the login window to show because the machine will reboot... 31 | # so let's start this after the setup assistant is done. 32 | CURRENTUSER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");') 33 | while [[ "$CURRENTUSER" == "_mbsetupuser" ]]; do 34 | sleep 5 35 | CURRENTUSER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");') 36 | done 37 | 38 | echo "add auto-login user" >> /var/log/jamf.log 39 | /usr/local/jamf/bin/jamf policy -event dep-autologin 40 | 41 | exit 0 ## Success 42 | exit 1 ## Failure 43 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/remove-AWCapp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: remove-AWCapp 6 | # 7 | # Purpose: Run this on a machine to remove the "Mac Adware Cleaner.app" adware. This script doesn't check 8 | # specifically for the app running, we scope this to machines that have the app in inventory. 9 | # 10 | # Changelog 11 | # 12 | # 2/28/18 - Newly created script 13 | # 14 | # 15 | awcPID=`ps -A | grep -m1 '[M]ac Adware Cleaner' | awk '{print $1}'` 16 | 17 | # Get the current logged in user that we'll be modifying 18 | if [ ! -z "$3" ]; then 19 | user=$3 20 | else 21 | user=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");') 22 | fi 23 | 24 | if [[ $awcPID != "" ]]; then 25 | echo "Killing Mac Adware Cleaner" 26 | killall "Mac Adware Cleaner" 27 | else 28 | echo "Mac Adware Cleaner not running/not found" 29 | fi 30 | 31 | if [[ -e "/Applications/Mac Adware Cleaner.app" ]]; then 32 | rm -Rf "/Applications/Mac Adware Cleaner.app" 33 | echo "Remmoved /Applications/Mac Adware Cleaner.app" 34 | fi 35 | 36 | if [[ -e "/Applications/_MACOSX/Mac Adware Cleaner.app" ]]; then 37 | rm -Rf "/Applications/_MACOSX/Mac Adware Cleaner.app" 38 | echo "Remmoved /Applications/_MACOSX/Mac Adware Cleaner.app" 39 | fi 40 | 41 | if [[ -d "/Users/$user/Library/Mac Adware Cleaner" ]]; then 42 | rm -Rf "/Users/$user/Library/Mac Adware Cleaner" 43 | echo "Removed /Users/$user/Library/Mac Adware Cleaner" 44 | fi 45 | 46 | if [[ -d "/Users/$user/Library/Application Support/Mac Adware Cleaner" ]]; then 47 | rm -Rf "/Users/$user/Library/Application Support/Mac Adware Cleaner" 48 | echo "Removed /Users/$user/Application Support/Library/Mac Adware Cleaner" 49 | fi 50 | 51 | if [[ -d "/Users/$user/Library/Application Support/awc" ]]; then 52 | rm -Rf "/Users/$user/Library/Application Support/awc" 53 | echo "Removed /Users/$user/Application Support/Library/awc" 54 | fi 55 | 56 | # Now the scary part..find a file in /private/var/folders... 57 | find /private/var/folders -name "helperamc" -type d -exec rm -rf {} \; 58 | 59 | exit 0 60 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/rename-Machine-by-User.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: rename-Machine-by-User.sh 6 | # 7 | # Purpose: Will rename a machine based on the assigned user in the JSS via API. 8 | # Use this during DEP enrollment to avoid the "admin's MacBook" naming 9 | # 10 | # Changelog 11 | # 2/15/18: - Initial script creation 12 | # 13 | 14 | # Get the JSS URL from the Mac's jamf plist file 15 | if [ -e "/Library/Preferences/com.jamfsoftware.jamf.plist" ]; then 16 | jssURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url) 17 | else 18 | echo "No JSS server set. Exiting..." 19 | exit 1 20 | fi 21 | 22 | # Define API username and password information & JSS Group name from passed parameters 23 | if [ ! -z "$4" ]; then 24 | apiUser="$4" 25 | else 26 | echo "No value passed to $4 for api username. Exiting..." 27 | exit 1 28 | fi 29 | 30 | if [ ! -z "$5" ]; then 31 | apiPass="$5" 32 | else 33 | echo "No value passed to $5 for api password. Exiting..." 34 | exit 1 35 | fi 36 | 37 | SERIAL=$(ioreg -c IOPlatformExpertDevice -d 2 | awk -F\" '/IOPlatformSerialNumber/{print $(NF-1)}') 38 | 39 | USERINFO=$(curl -k ${jssURL}JSSResource/computers/serialnumber/${SERIAL}/subset/location -H "Accept: application/xml" --user "${apiUser}:${apiPass}") 40 | USERNAME=$(echo $USERINFO | /usr/bin/awk -F'|' '{print $2}' | tr [A-Z] [a-z]) 41 | 42 | DEVICEINFO=$(curl -k ${jssURL}JSSResource/computers/serialnumber/${SERIAL}/subset/hardware -H "Accept: application/xml" --user "${apiUser}:${apiPass}") 43 | MODEL=$(echo $DEVICEINFO | /usr/bin/awk -F'|' '{print $2}') 44 | 45 | if [ -z "$USERNAME" ] 46 | then 47 | USERNAME="$SERIAL" 48 | fi 49 | 50 | if echo "$MODEL" | grep -q "MacBookAir" 51 | then 52 | PREFIX="MBA" 53 | elif echo "$MODEL" | grep -q "MacBookPro" 54 | then 55 | PREFIX="MBP" 56 | else 57 | echo "No model identifier found." 58 | PREFIX="" 59 | fi 60 | 61 | COMPUTERNAME="${USERNAME}-${PREFIX}" 62 | COMPUTERNAME=`echo ${COMPUTERNAME:0:15}` 63 | echo "Setting computer name to $COMPUTERNAME" 64 | /usr/sbin/scutil --set ComputerName "$COMPUTERNAME" 65 | /usr/sbin/scutil --set LocalHostName "$COMPUTERNAME" 66 | /usr/sbin/scutil --set HostName "$COMPUTERNAME" 67 | dscacheutil -flushcache 68 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/remove-macKeeperApp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: remove-macKeeperApp 6 | # 7 | # Purpose: Run this on a machine to remove "Mackeeper.app" . This script doesn't check 8 | # specifically for the app running, we scope this to machines that have the app in inventory. 9 | # 10 | # Changelog 11 | # 12 | # 2/28/18 - Newly created script 13 | # 14 | # 15 | 16 | # Get the current logged in user that we'll be modifying 17 | if [ ! -z "$3" ]; then 18 | user=$3 19 | else 20 | user=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");') 21 | fi 22 | 23 | # delete needed files to remove MacKeeper 24 | rm -rf /Users/$user/Library/LaunchAgents/com.zeobit.MacKeeper.Helper.plist 25 | rm -rf /Users/$user/Library/LaunchAgents/com.mackeeper.MacKeeper.Helper.plist 26 | 27 | launchctl unload /Users/$user/Library/LaunchAgents/com.mackeeper.MacKeeper.Helper.plist 28 | 29 | sleep 5 30 | # Kill mackeeper processes 31 | killall "MacKeeper Helper" 32 | killall MKCleanService 33 | killall MacKeeper 34 | 35 | # Files Outside Home Folder 36 | 37 | rm -rf /Applications/MacKeeper.app 38 | rm -rf /Library/Preferences/.3FAD0F65-FC6E-4889-B975-B96CBF807B78 39 | 40 | # Files inside Home Folder 41 | 42 | rm -rf /Users/$user/Library/Application\ Support/MacKeeper\ Helper 43 | rm -rf /Users/$user/Library/Logs/MacKeeper.log 44 | rm -rf /Users/$user/Library/Logs/MacKeeper.log.signed 45 | rm -rf /Users/$user/Library/Logs/SparkleUpdateLog.log 46 | rm -rf /Users/$user/Library/Preferences/.3246584E-0CF8-4153-835D-C7D952862F9D 47 | rm -rf /Users/$user/Library/Preferences/com.zeobit.MacKeeper.Helper.plist 48 | rm -rf /Users/$user/Library/Preferences/com.zeobit.MacKeeper.plist 49 | rm -rf /Users/$user/Library/Saved\ Application\ State/com.zeobit.MacKeeper.savedState 50 | rm -rf /Users/$user/Library/Application\ Support/MacKeeper 51 | rm -rf /Users/$user/Library/Application\ Support/com.mackeeper.MacKeeper 52 | rm -rf /Users/$user/Library/Application\ Support/com.mackeeper.MacKeeper.Helper 53 | rm -rf /Users/$user/Library/Application\ Support/com.mackeeper.MacKeeper.MKCleanService 54 | rm -rf /Users/$user/Library/Preferences/.3FAD0F65-FC6E-4889-B975-B96CBF807B78 55 | rm -rf /Users/$user/Library/Preferences/com.mackeeper.MacKeeper.Helper.plist 56 | rm -rf /Users/$user/Library/Preferences/com.mackeeper.MacKeeper.plist 57 | rm -rf /Users/$user/Library/Saved\ Application\ State/com.mackeeper.MacKeeper.savedState 58 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/DEP Scripts/DEP-DEPNotify-assignAndRename.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: DEP-DEPNotify-assignAndRename 6 | # 7 | # Purpose: Will populate the server with appropriate username and rename the machine 8 | # at deployment time. Run AFTER DEPNotify collects information. 9 | # 10 | # Changelog 11 | # 12 | # 5/8/18 - Reverting to API call so we don't run recon twice. 13 | # 5/3/18 - Using the built-in jamf commands for setting asset tag and end user. 14 | # - Changing the prefixes so no extra hyphen gets added if the machine is not MBP or MBA. 15 | # 4/23/18 - Using the jamf binary to change the computer name instead of the three commands 16 | # 4/19/18 - Initial script creation 17 | # 18 | # 19 | # Get the JSS URL from the Mac's jamf plist file 20 | if [ -e "/Library/Preferences/com.jamfsoftware.jamf.plist" ]; then 21 | JSSURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url) 22 | else 23 | echo "No JSS server set. Exiting..." 24 | exit 1 25 | fi 26 | 27 | # Define API username and password information & JSS Group name from passed parameters 28 | if [ ! -z "$4" ]; then 29 | APIUSER="$4" 30 | else 31 | echo "No value passed to $4 for api username. Exiting..." 32 | exit 1 33 | fi 34 | 35 | if [ ! -z "$5" ]; then 36 | APIPASS="$5" 37 | else 38 | echo "No value passed to $5 for api password. Exiting..." 39 | exit 1 40 | fi 41 | 42 | SERIAL=$(ioreg -rd1 -c IOPlatformExpertDevice | awk -F'"' '/IOPlatformSerialNumber/{print $4}') 43 | MODEL=$(system_profiler SPHardwareDataType | awk '/Model Identifier/ {print $3}') 44 | 45 | DNPLIST=/var/tmp/DEPNotify.plist 46 | USERNAME=$(/usr/libexec/plistbuddy $DNPLIST -c "print 'Assigned User'" | tr [A-Z] [a-z]) 47 | ASSETTAG=$(/usr/libexec/plistbuddy $DNPLIST -c "print 'Asset Tag'" | tr [a-z] [A-Z]) 48 | 49 | # Create xml 50 | cat << EOF > /var/tmp/tempInfo.xml 51 | 52 | 53 | $ASSETTAG 54 | 55 | 56 | $USERNAME 57 | 58 | 59 | EOF 60 | ## Upload the xml file 61 | /usr/bin/curl -sfku "${APIUSER}:${APIPASS}" "${JSSURL}JSSResource/computers/serialnumber/$SERIAL" -X PUT -T /var/tmp/tempInfo.xml 62 | 63 | if echo "$MODEL" | grep -q "MacBookAir" 64 | then 65 | PREFIX="MBA" 66 | elif echo "$MODEL" | grep -q "MacBookPro" 67 | then 68 | PREFIX="MBP" 69 | else 70 | echo "No model identifier found." 71 | PREFIX="" 72 | fi 73 | 74 | # rename the computer 75 | COMPUTERNAME="${USERNAME}-${PREFIX}" 76 | COMPUTERNAME=`echo ${COMPUTERNAME:0:15}` 77 | /usr/local/jamf/bin/jamf setComputerName -name $COMPUTERNAME 78 | 79 | # update our extension attribute 80 | mkdir /Library/JAMF\ DM 81 | mkdir /Library/JAMF\ DM/ComputerName 82 | chflags hidden /Library/JAMF\ DM 83 | echo $COMPUTERNAME > /Library/JAMF\ DM/ComputerName/ComputerName.txt 84 | rm -Rf /var/tmp/tempInfo.xml 85 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/symantec-nag.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: symantec-nag 6 | # 7 | # Purpose: Uses CocoaDialog to nag our users to install Symantec AV 8 | # 9 | # 10 | # Changelog 11 | # 12 | # 9/7/15 - Re-Added a (better) user check for running at login in jamf 13 | # 8/31/17 - Cleaned up the script a bit, updates user variable 14 | # 8/25/17 - Added ability to customize force date or not; $4 is for a jamf variable 15 | # 8/10/17 - Added sudo -u $(ls -l /dev/console | awk '{print $3}')to the CocoaDialog portions to stop errors on older systems 16 | # 8/4/17 - Initial Creation 17 | # 18 | # 19 | 20 | icons=/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources 21 | CD_APP=/Applications/Utilities/CocoaDialog.app 22 | CocoaDialog=$CD_APP/Contents/MacOS/CocoaDialog 23 | jamf_bin=$(/usr/bin/which jamf) 24 | install_date=$4 # $4 is for jamf server 25 | OTISmsg='A new Anti-Virus program needs to be installed on your computer. Please run the "Install Symantec Anti-Virus" policy in Self Service now. 26 | 27 | This installation should not take long and will require your machine to reboot.' 28 | 29 | # find the current user 30 | if [ ! -z "$3" ]; then 31 | user=$3 32 | else 33 | user=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");') 34 | fi 35 | 36 | # does CocoaDialog Exist? 37 | if [ ! -f $CocoaDialog ] ; then 38 | echo "Installing Cocoa Dialog from JSS" 39 | $jamf_bin policy -event installcocoaDialog 40 | if [ ! -f $CocoaDialog ] ; then 41 | echo "Couldn't install Cocoa Dialog! Exiting." 42 | exit 1 43 | fi 44 | fi 45 | 46 | rv=`sudo -u $user $CocoaDialog msgbox --float --icon-file "$icons/ToolbarInfo.icns" --no-cancel \ 47 | --button1 "Open Self Service Now" --button2 "Not Now" --title "New Anti-Virus Available from UArts" \ 48 | --width "450" --height "150" \ 49 | --text "This is an important message from OTIS at UArts" --informative-text "$OTISmsg"` 50 | if [ "$rv" == "1" ]; then 51 | open /Applications/Self\ Service.app/ 52 | exit 0 53 | elif [ "$rv" == "2" ]; then 54 | if [[ -z $4 ]]; then 55 | sudo -u $user $CocoaDialog ok-msgbox --float --no-cancel --icon-file "$icons/ToolbarInfo.icns" \ 56 | --width "450" --height "150" \ 57 | --title "New Anti-Virus Available from UArts" --text "Please note:" \ 58 | --informative-text "You will see this alert every day until you install. \ 59 | Thank you." 60 | else 61 | sudo -u $user $CocoaDialog ok-msgbox --float --no-cancel --icon-file "$icons/ToolbarInfo.icns" \ 62 | --width "450" --height "150" \ 63 | --title "New Anti-Virus Available from UArts" --text "Please note:" \ 64 | --informative-text "After $install_date, the anti-virus will install automatically. You will see this alert every day until you install. Thank you." 65 | fi 66 | if [ "$rv" == "1" ]; then 67 | exit 0 68 | fi 69 | fi 70 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/autoAddPublicCohort.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: autoAddPublicCohort.sh 6 | # 7 | # Purpose: This script will add our dummy receipts (which are called cohorts) based on the room/computer name. 8 | # 9 | # Changelog 10 | # 11/6/18 - Fixing arrays...again. 11 | # 8/24/18 - Updated all room arrays. 12 | # - Changed env to bash 13 | # 8/23/18 - Adding a generic public cohort if no appropriate room is found. 14 | # 08/10/18 - Added T1215 15 | # 07/20/19 - Added A815. Will probably be adding/changing more rooms this summer. 16 | # 02/02/18 - Forgot to remove the room. The date reflects the repeat push ;) 17 | # 01/31/18 - Removed a room from labs and the MUSIC function because it's not needed. 18 | # 10/26/17 - Added some more suites. Might combine all suites eventually. 19 | # 10/25/17 - Updated rooms and cleaned up naming. 20 | # - Fixed header to conform with my other scripts 21 | # - Removed GALLERY cohort because it's deprecated 22 | # 23 | # 24 | 25 | # Creation functions for each cohort 26 | lab () { 27 | echo "LAB" > /Library/JAMF\ DM/Cohort/RECEIPT-LAB.txt 28 | } 29 | 30 | studio () { 31 | echo "STUDIO" > /Library/JAMF\ DM/Cohort/RECEIPT-STUDIO.txt 32 | } 33 | 34 | suite () { 35 | echo "SUITE" > /Library/JAMF\ DM/Cohort/RECEIPT-SUITE.txt 36 | } 37 | 38 | smart_classroom () { 39 | echo "SMART-CLASSROOM" > /Library/JAMF\ DM/Cohort/RECEIPT-SMART-CLASSROOM.txt 40 | } 41 | 42 | # Get room number from system name 43 | roomNumber=`scutil --get ComputerName | awk 'BEGIN {FS="-"} END {print $1}' | tr "[a-z]" "[A-Z]"` 44 | 45 | # Arrays for all of our different types of rooms 46 | labNumber=(A231 A309 A615 A626 A728 AM11 T1113 T1213 T1223 T1328 T1423 T1429 T1522 T802 T907) 47 | TsmartClass=(T1014 T1028 T1049 T1053 T1703 T202 T511 T513 T602 T604 T606 T702 T704 T706 T710 T712 T714 T716 T806 T831 T833 T902) 48 | AsmartClass=(A212 A815) 49 | GsmartClass=(G404 G405 G408 G410 G411 G415 H312) 50 | StudioT=(T1219 T1220 T1215 T1404 T1408 T1421 T1425 T1504 T1513 T510 T512 T514 T518) 51 | StudioA=(A200 A315 A316 A317 A318 A319 A320 A220 A716 A723 A725 A726) 52 | suiteVoice=(T612 T614 T616 T618 T620 T608 T709) 53 | suiteGen=(T1403 T1405 T1407 T1409 T1410 T1412 T1414 T1415) #generic suites 54 | suiteDragon=(T1403 T1405 T1407 T1409) 55 | suiteDragonUM=(T1425B T1425C) 56 | editBay=(T1210 T1212 T1214 T1216 T1218 T1220 T1420 T1422) 57 | 58 | # Make "JAMF DM" directory and hide it 59 | mkdir /Library/JAMF\ DM 60 | mkdir /Library/JAMF\ DM/Cohort 61 | chflags hidden /Library/JAMF\ DM 62 | 63 | # Automatically choose the appropriate Cohort based on room number. 64 | if [[ " ${labNumber[@]} " =~ " ${roomNumber} " ]]; then 65 | lab 66 | 67 | elif [[ " ${StudioT[@]} " =~ " ${roomNumber} " ]]; then 68 | studio 69 | 70 | elif [[ " ${StudioA[@]} " =~ " ${roomNumber} " ]]; then 71 | studio 72 | 73 | elif [[ " ${suiteVoice[@]} " =~ " ${roomNumber} " ]]; then 74 | suite 75 | 76 | elif [[ " ${suiteGen[@]} " =~ " ${roomNumber} " ]]; then 77 | suite 78 | 79 | elif [[ " ${suiteDragon[@]} " =~ " ${roomNumber} " ]]; then 80 | suite 81 | 82 | elif [[ " ${suiteDragonUM[@]} " =~ " ${roomNumber} " ]]; then 83 | suite 84 | 85 | elif [[ " ${editBay[@]} " =~ " ${roomNumber} " ]]; then 86 | studio 87 | 88 | elif [[ " ${TsmartClass[@]} " =~ " ${roomNumber} " ]]; then 89 | smart_classroom 90 | 91 | elif [[ " ${AsmartClass[@]} " =~ " ${roomNumber} " ]]; then 92 | smart_classroom 93 | 94 | elif [[ " ${GsmartClass[@]} " =~ " ${roomNumber} " ]]; then 95 | smart_classroom 96 | 97 | else 98 | echo "$roomNumber does not match any public spaces. Adding generic PUBLIC cohort." 99 | echo "PUBLIC" > /Library/JAMF\ DM/Cohort/RECEIPT-PUBLIC.txt 100 | exit 1 101 | 102 | fi 103 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/DEP Scripts/DEP-DEPNotify-firstRunFACSTAFF.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: DEP-DEPNotify-firstRunFACSTAFF 6 | # 7 | # Purpose: Install and run DEPNotify at enrollment time and do some final touches 8 | # for the users. It also checks for software updates and installs them if found. 9 | # 10 | # Changelog 11 | # 12 | # 5/8/18 - Combined with LaunchDaemon script. This will remain for reference. 13 | # - Changed around a bunch of things since we're moving to a single policy AND LaunchDaemon. 14 | # - Moving to DeterminateManual so we can control the progress bar better. 15 | # 5/3/18 - Trying a new method for setting username and asset tag. See DEP-DEPNotify-assignAndRename updates. (REVERTED) 16 | # 4/25/18 - Moved AV install up in the process. 17 | # 4/23/18 - Added a "wait for dock" loop to it will wait until a user is logged in 18 | # - Moved the caffinate command down so it will only run if DEPNotify is running and waiting for user input 19 | # 4/20/18 - Fixed a small typo...it really didn't change anything. 20 | # 4/19/18 - Added defaults for DEPNotify pref file to allow for assignment 21 | # - Added the loop for user entry, hopefully that works 22 | # - Renamed script, will eventually make a generalized script for all cohorts 23 | # 4/10/18 - Rearrange the policies 24 | # 4/9/18 - Added ContinueButtonRegister comment 25 | # 2/22/18 - Initial script creation 26 | # 27 | # 28 | JAMFBIN=$(/usr/bin/which jamf) 29 | 30 | # Get the current logged in user that we'll be modifying 31 | if [ ! -z "$3" ]; then 32 | CURRENTUSER=$3 33 | else 34 | CURRENTUSER=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");') 35 | fi 36 | 37 | # DEPNotify Log file 38 | DNLOG=/var/tmp/depnotify.log 39 | 40 | # Configure DEPNotify 41 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify PathToPlistFile /var/tmp/ 42 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify RegisterMainTitle "Assignment..." 43 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify RegistrationButtonLabel Assign 44 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UITextFieldUpperLabel "Assigned User" 45 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UITextFieldUpperPlaceholder "dadams" 46 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UITextFieldLowerLabel "Asset Tag" 47 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UITextFieldLowerPlaceholder "UA42LAP1337" 48 | 49 | echo "Command: MainTitle: Click Assign to begin Deployment" >> $DNLOG 50 | echo "Command: MainText: This process will assign this device and install base software." >> $DNLOG 51 | echo "Command: Image: /var/tmp/uarts-logo.png" >> $DNLOG 52 | echo "Command: DeterminateManual: 5" >> $DNLOG 53 | #echo "Command: WindowStyle: NotMovable" >> $DNLOG 54 | # re-enable the above line after we update to jamf 10 and add kext whitelisting 55 | 56 | # Open DepNotify 57 | sudo -u "$CURRENTUSER" /var/tmp/DEPNotify.app/Contents/MacOS/DEPNotify & 58 | # We'll re-add -fullScreen once we upgrade to jamf 10 probably 59 | 60 | # Let's caffinate the mac because this can take long 61 | /usr/bin/caffeinate -d -i -m -u & 62 | caffeinatepid=$! 63 | 64 | # get user input... 65 | echo "Command: ContinueButtonRegister: Assign" >> $DNLOG 66 | echo "Status: Just waiting for you..." >> $DNLOG 67 | DNPLIST=/var/tmp/DEPNotify.plist 68 | # hold here until the user enters something 69 | while : ; do 70 | [[ -f $DNPLIST ]] && break 71 | sleep 1 72 | done 73 | # grab the username from the plist that is created so we can use it to automaticlaly create the account 74 | USERNAME=$(/usr/libexec/plistbuddy $DNPLIST -c "print 'Assigned User'" | tr [A-Z] [a-z]) 75 | 76 | echo "Command: MainTitle: Preparing the system for Deployment" >> $DNLOG 77 | echo "Command: MainText: Please do not shutdown, reboot, or close your device, it will automatically reboot when complete." >> $DNLOG 78 | 79 | echo "Command: DeterminateManualStep:" >> $DNLOG 80 | # Do the things! We're calling a single policy now. 81 | echo "Status: Installing base software..." >> $DNLOG 82 | $JAMFBIN policy -event enroll-firstRunFACSTAFF 83 | 84 | echo "Command: DeterminateManualStep:" >> $DNLOG 85 | echo "Status: Creating local user account with password as username..." >> $DNLOG 86 | $JAMFBIN createAccount -username $USERNAME -realname $USERNAME -password $USERNAME -admin 87 | 88 | echo "Command: DeterminateManualStep:" >> $DNLOG 89 | echo "Status: Assigning and renaming device..." >> $DNLOG 90 | $JAMFBIN policy -event enroll-assignDevice 91 | 92 | echo "Status: Updating Inventory..." >> $DNLOG 93 | $JAMFBIN recon 94 | 95 | echo "Command: MainTitle: Almost done!" >> $DNLOG 96 | echo "Command: DeterminateManualStep:" >> $DNLOG 97 | echo "Status: Checking for and installing any OS updates..." >> $DNLOG 98 | /usr/sbin/softwareupdate -ia 99 | 100 | kill "$caffeinatepid" 101 | 102 | echo "Command: RestartNow:" >> $DNLOG 103 | 104 | # Remove DEPNotify and the logs 105 | /bin/rm -Rf /var/tmp/DEPNotify.app 106 | /bin/rm -Rf /var/tmp/uarts-logo.png 107 | /bin/rm -Rf $DNLOG 108 | /bin/rm -Rf $DNPLIST 109 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/Adobe-RUMWithProgress-cocoadialog.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: Adobe-RUMWithProgress-cocoadialog 6 | # 7 | # Purpose: This script uses CocoaDialog to show which updates are available for Adobe CC and asks 8 | # if they would like to install those updates. If they choose to install updates it will 9 | # show a progress bar to the user and begin installing updates. The progress bar doesn't change, 10 | # it's only there to show the user that something is actually happening. 11 | # 12 | # Changelog 13 | # 14 | # 4/25/18 - Thanks for user remyb we've decided to move to using jamfhelper instead of cocoadialog. Instead of 15 | # updating this script, I'm just going to create a new one so people who do not use jamf can still use this. 16 | # This script may not be update much anymore. 17 | # - Renamed script to show that this uses CocoaDialog. 18 | # 2/22/18 - Cleaned up some logic to make it prettier 19 | # 1/8/18 - Updated channel ID list with new channels and names 20 | # 9/8/17 - Added link to channel ID list from Adobe 21 | # 8/31/17 - Just some cleaning up 22 | # 8/29/17 - Added a "caffeinate" command when installing updates to stop systems from sleeping during long installs 23 | # 6/19/17 - Removed the "wait" command at the end because it was just causing things to hang 24 | # - Added some sleep 0.2 lines to allow the script some time to catch up 25 | # - Fixed Dreamweaver channel ID 26 | # - Added jamf_bin to determine which jamf binary to use 27 | # 3/23/17 - Added more to "super-echo" to make it nicer for the user to read what's available for updates 28 | # 2/21/17 - Cleaned up script to make it in line with my styling. 29 | # 30 | # 31 | 32 | icons=/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources 33 | rumlog=/var/tmp/RUMupdate.log # mmmmmm, rum log 34 | CD_APP=/Applications/Utilities/CocoaDialog.app 35 | CocoaDialog=$CD_APP/Contents/MacOS/CocoaDialog 36 | oldRUM=/usr/sbin/RemoteUpdateManager # this is where RUM used to live pre-10.11 37 | rum=/usr/local/bin/RemoteUpdateManager # post-10.11 38 | jamf_bin=$(/usr/bin/which jamf) 39 | 40 | # Installer function 41 | installUpdates () 42 | { 43 | # Let's caffinate the mac because this can take long 44 | caffeinate -d -i -m -u & 45 | caffeinatepid=$! 46 | 47 | # create a named pipe 48 | rm -f /tmp/hpipe 49 | mkfifo /tmp/hpipe 50 | sleep 0.2 51 | 52 | # create a background job which takes its input from the named pipe 53 | $CocoaDialog progressbar --indeterminate --float --icon-file "$icons/Sync.icns" \ 54 | --title "UArts Adobe Updater" --text "Downloading and Installing Updates, this may take some time..." \ 55 | --width "500" --height "115" < /tmp/hpipe & 56 | 57 | sleep 0.2 58 | # associate file descriptor 3 with that pipe and send a character through the pipe 59 | exec 3<> /tmp/hpipe 60 | 61 | echo -n >&3 62 | 63 | # do all of your work here 64 | $rum --action=install 65 | 66 | # now turn off the progress bar by closing file descriptor 3 67 | exec 3>&- 68 | rm -f /tmp/hpipe 69 | 70 | # No more caffeine please. I've a headache. 71 | kill "$caffeinatepid" 72 | 73 | exit 0 74 | } 75 | 76 | 77 | ############# 78 | # Script # 79 | ############# 80 | 81 | # does CocoaDialog Exist? 82 | if [ ! -f $CocoaDialog ] ; then 83 | echo "Installing Cocoa Dialog from JSS" 84 | $jamf_bin policy -event installcocoaDialog 85 | if [ ! -f $CocoaDialog ] ; then 86 | echo "Couldn't install Cocoa Dialog! Exiting." 87 | exit 1 88 | fi 89 | fi 90 | 91 | # old RUM installed? 92 | if [ -f $oldRUM ] ; then 93 | rm -rf $oldRUM 94 | fi 95 | 96 | # new/current RUM installed? 97 | if [ ! -f $rum ] ; then 98 | echo "Installing RUM from JSS" 99 | $jamf_bin policy -event installRUM 100 | if [ ! -f $rum ] ; then 101 | echo "Couldn't install RUM! Exiting." 102 | exit 1 103 | fi 104 | fi 105 | 106 | # Not that it matters but we'll remove the old log file if it exists 107 | if [ -f $rumlog ] ; then 108 | rm $rumlog 109 | fi 110 | 111 | #run RUM and output to the log file 112 | touch $rumlog 113 | $rum --action=list > $rumlog 114 | 115 | # super-echo! Echo pretty-ish output to user. Replaces Adobes channel IDs with actual app names 116 | # I think it's silly that I have to do this, but whatever. :) 117 | # Adobe channel ID list: https://helpx.adobe.com/enterprise/package/help/apps-deployed-without-their-base-versions.html 118 | secho=`sed -n '/Following*/,/\*/p' $rumlog \ 119 | | sed 's/Following/The\ Following/g' \ 120 | | sed 's/ACR/Acrobat/g' \ 121 | | sed 's/AEFT/After\ Effects/g' \ 122 | | sed 's/AME/Media\ Encoder/g' \ 123 | | sed 's/AUDT/Audition/g' \ 124 | | sed 's/FLPR/Animate/g' \ 125 | | sed 's/ILST/Illustrator/g' \ 126 | | sed 's/MUSE/Muse/g' \ 127 | | sed 's/PHSP/Photoshop/g' \ 128 | | sed 's/PRLD/Prelude/g' \ 129 | | sed 's/SPRK/XD/g' \ 130 | | sed 's/KBRG/Bridge/g' \ 131 | | sed 's/AICY/InCopy/g' \ 132 | | sed 's/ANMLBETA/Character\ Animator\ Beta/g' \ 133 | | sed 's/DRWV/Dreamweaver/g' \ 134 | | sed 's/IDSN/InDesign/g' \ 135 | | sed 's/PPRO/Premiere\ Pro/g' \ 136 | | sed 's/LTRM/Lightroom\ Classic/g' \ 137 | | sed 's/CHAR/Character\ Animator/g' \ 138 | | sed 's/ESHR/Dimension/g' ` 139 | 140 | if [ "$(grep "Following Updates are applicable" $rumlog)" ] ; then 141 | rv=`$CocoaDialog yesno-msgbox --float --icon-file "$icons/ToolbarInfo.icns" --no-cancel \ 142 | --title "UArts Adobe Updater" --text "Do you want to install the following updates?" --informative-text "$secho"` 143 | if [ "$rv" == "1" ]; then 144 | installUpdates 145 | elif [ "$rv" == "2" ]; then 146 | exit 0 147 | fi 148 | else 149 | $CocoaDialog ok-msgbox --float --no-cancel --icon-file "$icons/ToolbarInfo.icns" \ 150 | --title "UArts Adobe Updater" --text "There are no Adobe Updates available." 151 | if [ "$rv" == "1" ]; then 152 | exit 0 153 | fi 154 | fi 155 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/DEP Scripts/com.uarts.DEPprovisioning.facstaff: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: com.uarts.DEPprovisioning.facstaff 6 | # 7 | # Purpose: Install and run DEPNotify at enrollment time and do some final touches 8 | # for the users. It also checks for software updates and installs them if found. 9 | # This gets put in the composer package along with DEPNotofy, com.uarts.launch.plist, 10 | # and any supporting files. Then add the post install script to the package. 11 | # 12 | # 13 | # Changelog 14 | # 15 | # 8/16/18 - Added a check for the receipt to help with "accidental" re-enrollments 16 | # 8/15/18 - Change env to bash from sh. 17 | # 8/6/18 - Added a self destruct for the script at the end 18 | # 7/30/18 - Changed key from RegistrationButtonLabel to RegisterButtonLabel (new version of DEPNotify) 19 | # - Missed a jamf binary call somehow 20 | # 5/8/18 - New Script (same as DEP-DEPNotify-firstRunFACSTAFF but now made into a launchDaemon) 21 | # 22 | JAMFBIN=/usr/local/bin/jamf 23 | # Get the logged in user 24 | CURRENTUSER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");') 25 | # Setup Done File 26 | setupDone="/var/db/receipts/com.uarts.provisioning.done.bom" 27 | # If the receipt is found, DEP already ran so let's remove this script and 28 | # the launch Daemon. This helps if someone re-enrolls a machine for some reason. 29 | if [ -f "${setupDone}" ]; then 30 | # Remove the Launch Daemon 31 | /bin/rm -Rf /Library/LaunchDaemons/com.uarts.launch.plist 32 | # Remove this script 33 | /bin/rm -- "$0" 34 | exit 0 35 | fi 36 | 37 | if pgrep -x "Finder" \ 38 | && pgrep -x "Dock" \ 39 | && [ "$CURRENTUSER" != "_mbsetupuser" ] \ 40 | && [ ! -f "${setupDone}" ]; then 41 | 42 | # Kill any installer process running 43 | killall Installer 44 | # Wait a few seconds 45 | sleep 5 46 | 47 | # Let's Roll! 48 | 49 | # DEPNotify Log file 50 | DNLOG=/var/tmp/depnotify.log 51 | 52 | # Configure DEPNotify registration window 53 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify PathToPlistFile /var/tmp/ 54 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify RegisterMainTitle "Assignment..." 55 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify RegisterButtonLabel Assign 56 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UITextFieldUpperLabel "Assigned User" 57 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UITextFieldUpperPlaceholder "dadams" 58 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UITextFieldLowerLabel "Asset Tag" 59 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UITextFieldLowerPlaceholder "UA42LAP1337" 60 | 61 | # Configure DEPNotify starting window 62 | echo "Command: MainTitle: Click Assign to begin Deployment" >> $DNLOG 63 | echo "Command: MainText: This process will assign this device and install base software." >> $DNLOG 64 | echo "Command: Image: /var/tmp/uarts-logo.png" >> $DNLOG 65 | echo "Command: DeterminateManual: 5" >> $DNLOG 66 | 67 | # Open DEPNotify 68 | sudo -u "$CURRENTUSER" /var/tmp/DEPNotify.app/Contents/MacOS/DEPNotify & 69 | 70 | # Let's caffinate the mac because this can take long 71 | /usr/bin/caffeinate -d -i -m -u & 72 | caffeinatepid=$! 73 | 74 | # get user input... 75 | echo "Command: ContinueButtonRegister: Assign" >> $DNLOG 76 | echo "Status: Just waiting for you..." >> $DNLOG 77 | DNPLIST=/var/tmp/DEPNotify.plist 78 | # hold here until the user enters something 79 | while : ; do 80 | [[ -f $DNPLIST ]] && break 81 | sleep 1 82 | done 83 | # grab the username from the plist that is created so we can use it to automaticlaly create the account 84 | USERNAME=$(/usr/libexec/plistbuddy $DNPLIST -c "print 'Assigned User'" | tr [A-Z] [a-z]) 85 | 86 | echo "Command: MainTitle: Preparing the system for Deployment" >> $DNLOG 87 | echo "Command: MainText: Please do not shutdown, reboot, or close your device, it will automatically reboot when complete." >> $DNLOG 88 | 89 | echo "Command: DeterminateManualStep:" >> $DNLOG 90 | # Do the things! We're calling a single policy now. 91 | echo "Status: Installing base software..." >> $DNLOG 92 | $JAMFBIN policy -event enroll-firstRunFACSTAFF 93 | 94 | echo "Command: DeterminateManualStep:" >> $DNLOG 95 | echo "Status: Creating local user account with password as username..." >> $DNLOG 96 | $JAMFBIN createAccount -username $USERNAME -realname $USERNAME -password $USERNAME -admin 97 | 98 | echo "Command: DeterminateManualStep:" >> $DNLOG 99 | echo "Status: Assigning and renaming device..." >> $DNLOG 100 | $JAMFBIN policy -event enroll-assignDevice 101 | 102 | echo "Status: Updating Inventory..." >> $DNLOG 103 | $JAMFBIN recon 104 | 105 | echo "Command: MainTitle: Almost done!" >> $DNLOG 106 | echo "Command: DeterminateManualStep:" >> $DNLOG 107 | echo "Status: Checking for and installing any OS updates..." >> $DNLOG 108 | /usr/sbin/softwareupdate -ia 109 | 110 | kill "$caffeinatepid" 111 | 112 | echo "Command: RestartNow:" >> $DNLOG 113 | 114 | # Remove DEPNotify and the logs 115 | /bin/rm -Rf /var/tmp/DEPNotify.app 116 | /bin/rm -Rf /var/tmp/uarts-logo.png 117 | /bin/rm -Rf $DNLOG 118 | /bin/rm -Rf $DNPLIST 119 | 120 | # Wait a few seconds 121 | sleep 5 122 | # Create a bom file that allow this script to stop launching DEPNotify after done 123 | /usr/bin/touch /var/db/receipts/com.uarts.provisioning.done.bom 124 | # Remove the Launch Daemon 125 | /bin/rm -Rf /Library/LaunchDaemons/com.uarts.launch.plist 126 | # Remove this script 127 | /bin/rm -- "$0" 128 | 129 | fi 130 | exit 0 131 | -------------------------------------------------------------------------------- /Adobe-RUMWithProgress-jamfhelper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # shellcheck shell=bash 3 | # 4 | # 5 | # Created by John Mahlman 6 | # Name: Adobe-RUMWithProgress-jamfhelper 7 | # 8 | # Purpose: This script uses jamfhelper to show which updates are available for Adobe CC and asks 9 | # if they would like to install those updates. If they choose to install updates it will begin installing updates. 10 | # 11 | # Changelog 12 | # 13 | # 10/18/22 - Fixing issue #3 and other code-y bits. 14 | # 8/17/21 - Fixed ChannelID ACR (issue #2) and re-adjusted the egrep for update checking (issue #1). 15 | # 1/12/21 - Add new product; RUSH and generalize wording. 16 | # 5/3/18 - Just adding "Uarts" to the window title. 17 | # 4/25/18 - Thanks for user remyb we've decided to move to using jamfhelper instead of cocoadialog. Instead of 18 | # updating the old script, I'm just going to create this new one so non-jamf people can still use the other. 19 | # 4/25/18 - Changed all CocoaDialog stuff to jamfHelper - remyb (Thanks!) 20 | # 2/22/18 - Cleaned up some logic to make it prettier 21 | # 1/8/18 - Updated channel ID list with new channels and names 22 | # 9/8/17 - Added link to channel ID list from Adobe 23 | # 8/31/17 - Just some cleaning up 24 | # 8/29/17 - Added a "caffeinate" command when installing updates to stop systems from sleeping during long installs 25 | # 6/19/17 - Removed the "wait" command at the end because it was just causing things to hang 26 | # - Added some sleep 0.2 lines to allow the script some time to catch up 27 | # - Fixed Dreamweaver channel ID 28 | # - Added jamf_bin to determine which jamf binary to use 29 | # 3/23/17 - Added more to "super-echo" to make it nicer for the user to read what's available for updates 30 | # 2/21/17 - Cleaned up script to make it in line with my styling. 31 | # 32 | 33 | icons="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources" 34 | logPath="/Library/Application Support/CustomAdobeUpdater/" 35 | rumlog="$logPath/AdobeRUMUpdatesLog.log" # mmmmmm, rum log 36 | jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" 37 | rum="/usr/local/bin/RemoteUpdateManager" 38 | jamf_bin="/usr/local/bin/jamf" 39 | installRUM="${4}" #set RUM install trigger 40 | 41 | # Installer function 42 | installUpdates () 43 | { 44 | # Let's caffinate the mac because this can take long 45 | caffeinate -d -i -m -u & 46 | caffeinatepid=$! 47 | # Displaying jamfHelper update "progress" 48 | "$jamfHelper" -windowType hud -title "Adobe Updater" -description "Downloading and Installing Updates, this may take some time..." \ 49 | -icon "$icons/Sync.icns" -lockHUD > /dev/null 2>&1 & 50 | # do all of your work here 51 | $rum --action=install 52 | # Kill jamfhelper 53 | killall jamfHelper > /dev/null 2>&1 54 | # No more caffeine please. I've a headache. 55 | kill "$caffeinatepid" 56 | exit 0 57 | } 58 | 59 | configureLog () 60 | { 61 | # fucntion to set up the log file 62 | if [[ ! -d "$logPath" ]]; then 63 | mkdir -p "$logPath" 64 | else 65 | # if the dir exists, lets clear the old log 66 | if [[ -f "$rumlog" ]] ; then 67 | rm "$rumlog" 68 | fi 69 | fi 70 | # Re/create a fresh log file 71 | touch "$rumlog" 72 | } 73 | 74 | ############# 75 | # Script # 76 | ############# 77 | 78 | # RUM installed? Lets install if not. 79 | if [[ ! -f $rum ]] ; then 80 | echo "Installing RUM from JSS" 81 | $jamf_bin policy -event "$installRUM" 82 | if [[ ! -f $rum ]] ; then 83 | echo "Couldn't install RUM! Exiting." 84 | exit 1 85 | fi 86 | fi 87 | 88 | configureLog 89 | $rum --action=list > "$rumlog" 90 | 91 | # super-echo! Echo pretty-ish output to user. Replaces Adobes channel IDs with actual app names 92 | # Adobe channel ID list: https://helpx.adobe.com/enterprise/package/help/apps-deployed-without-their-base-versions.html 93 | secho=$(sed -n '/Following*/,/\*/p' "$rumlog" \ 94 | | sed 's/Following/The\ Following/g' \ 95 | | sed 's/ACR/Camera\ Raw/g' \ 96 | | sed 's/AEFT/After\ Effects/g' \ 97 | | sed 's/AME/Media\ Encoder/g' \ 98 | | sed 's/AUDT/Audition/g' \ 99 | | sed 's/FLPR/Animate/g' \ 100 | | sed 's/ILST/Illustrator/g' \ 101 | | sed 's/MUSE/Muse/g' \ 102 | | sed 's/PHSP/Photoshop/g' \ 103 | | sed 's/PRLD/Prelude/g' \ 104 | | sed 's/SPRK/XD/g' \ 105 | | sed 's/KBRG/Bridge/g' \ 106 | | sed 's/AICY/InCopy/g' \ 107 | | sed 's/ANMLBETA/Character\ Animator\ Beta/g' \ 108 | | sed 's/DRWV/Dreamweaver/g' \ 109 | | sed 's/IDSN/InDesign/g' \ 110 | | sed 's/PPRO/Premiere\ Pro/g' \ 111 | | sed 's/LTRM/Lightroom\ Classic/g' \ 112 | | sed 's/LRCC/Lightroom/g' \ 113 | | sed 's/CHAR/Character\ Animator/g' \ 114 | | sed 's/SBSTA/Substance\ Alchemist/g' \ 115 | | sed 's/SBSTD/Substance\ Designer/g' \ 116 | | sed 's/SBSTP/Substance\ Painter/g' \ 117 | | sed 's/ESHR/Dimension/g' \ 118 | | sed 's/RUSH/Premiere\ Rush/g' ) 119 | 120 | if [ "$(grep -i "updates are applicable on the system" "$rumlog")" ] ; then 121 | userChoice=$("$jamfHelper" -windowType hud -lockHUD -title "Adobe Updater" \ 122 | -icon "$icons/ToolbarInfo.icns" -description "Do you want to install these updates? 123 | 124 | $secho" -button1 "Yes" -button2 "No") 125 | if [[ "$userChoice" == "0" ]]; then 126 | echo "User said yes, installing $secho" 127 | installUpdates 128 | # Lets show an alert that updates are done 129 | "$jamfHelper" -windowType hud -title "Adobe Updater" -description "Update installation complete." \ 130 | -icon "$icons/ToolbarInfo.icns" -button1 Ok -defaultButton 1 131 | elif [[ "$userChoice" == "2" ]]; then 132 | echo "User said no" 133 | exit 0 134 | fi 135 | else 136 | "$jamfHelper" -windowType hud -title "Adobe Updater" -description "There are no Adobe Updates available." \ 137 | -icon "$icons/ToolbarInfo.icns" -button1 Ok -defaultButton 1 138 | exit 0 139 | fi 140 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/autoAddStaticGroup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: autoAddStaticGroup.sh 6 | # 7 | # Purpose: Will add machines to static groups based on the machine name 8 | # Note: If your group names have spaces you have to use '%20' in their place. 9 | # 10 | # Changelog 11 | # 11/6/18 - Fixing arrays...again. 12 | # 11/2/18 - Updated suites in Terra array. 13 | # 8/24/18 - Updated all room arrays. 14 | # - Changed env to bash 15 | # 10/25/17: - Updated rooms and cleaned up naming. 16 | # - Fixed header to conform with my other scripts 17 | # - Added StudioA2 array (new studios) 18 | # 8/29/16: - Renamed Script 19 | # 20 | 21 | # Get the JSS URL from the Mac's jamf plist file 22 | if [ -e "/Library/Preferences/com.jamfsoftware.jamf.plist" ]; then 23 | jssURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url) 24 | else 25 | echo "No JSS server set. Exiting..." 26 | exit 1 27 | fi 28 | 29 | # Define API username and password information & JSS Group name from passed parameters 30 | if [ ! -z "$4" ]; then 31 | apiUser="$4" 32 | else 33 | echo "No value passed to $4 for api username. Exiting..." 34 | exit 1 35 | fi 36 | 37 | if [ ! -z "$5" ]; then 38 | apiPass="$5" 39 | else 40 | echo "No value passed to $5 for api password. Exiting..." 41 | exit 1 42 | fi 43 | 44 | # Get room number from computer name. 45 | roomNumber=`scutil --get ComputerName | awk 'BEGIN {FS="-"} END {print $1}' | tr "[a-z]" "[A-Z]"` 46 | # Get Department name if not a PUBLIC machine 47 | deptName=`scutil --get ComputerName | awk 'BEGIN {FS="-"} END {print $2}' | tr "[a-z]" "[A-Z]"` 48 | # Building by first letter 49 | building=`scutil --get ComputerName | cut -c -1 | tr "[a-z]" "[A-Z]"` 50 | # Kiosk or Machine (K or M) 51 | machType=`scutil --get ComputerName | awk 'BEGIN {FS="-"} END {print $3}' | cut -c -1 | tr "[a-z]" "[A-Z]"` 52 | 53 | # Arrays for all of our different types of rooms 54 | labNumber=(A231 A309 A615 A626 A728 AM11 T1113 T1213 T1223 T1328 T1423 T1429 T1522 T802 T907) 55 | TsmartClass=(T1014 T1028 T1049 T1053 T1703 T202 T511 T513 T602 T604 T606 T702 T704 T706 T710 T712 T714 T716 T806 T831 T833 T902) 56 | AsmartClass=(A212 A815) 57 | GsmartClass=(G404 G405 G408 G410 G411 G415 H312) 58 | StudioT=(T1219 T1220 T1215 T1404 T1408 T1421 T1425 T1504 T1513 T510 T512 T514 T518) 59 | StudioA=(A200 A315 A316 A317 A318 A319 A320 A220 A716 A723 A725 A726) 60 | suiteVoice=(T612 T614 T616 T618 T620 T608 T709) 61 | suiteGen=(T1403 T1405 T1407 T1409 T1410 T1412 T1414 T1415) #generic suites 62 | suiteDragon=(T1403 T1405 T1407 T1409) 63 | suiteDragonUM=(T1425B T1425C) 64 | editBay=(T1210 T1212 T1214 T1216 T1218 T1220 T1420 T1422) 65 | 66 | # Public Computers: Check the first part of the computer name against the labNumber array 67 | if [[ " ${labNumber[@]} " =~ " ${roomNumber} " ]]; then 68 | jssGroup=LAB-$roomNumber 69 | 70 | elif [[ " ${TsmartClass[@]} " =~ " ${roomNumber} " ]]; then 71 | jssGroup="SMARTCLASS-Terra" 72 | 73 | elif [[ " ${AsmartClass[@]} " =~ " ${roomNumber} " ]]; then 74 | jssGroup="SMARTCLASS-Anderson" 75 | 76 | elif [[ " ${GsmartClass[@]} " =~ " ${roomNumber} " ]]; then 77 | jssGroup="SMARTCLASS-Gershman" 78 | 79 | elif [[ " ${StudioA3[@]} " =~ " ${roomNumber} " ]]; then 80 | jssGroup="Studio-A3" 81 | 82 | elif [[ " ${StudioA2[@]} " =~ " ${roomNumber} " ]]; then 83 | jssGroup="Studio-A2" 84 | 85 | elif [[ " ${StudioA7[@]} " =~ " ${roomNumber} " ]]; then 86 | jssGroup="Studio-A7" 87 | 88 | elif [[ " ${suiteVoice[@]} " =~ " ${roomNumber} " ]]; then 89 | jssGroup="SUITE-Voice" 90 | 91 | elif [[ " ${suiteDragon[@]} " =~ " ${roomNumber} " ]]; then 92 | jssGroup="SUITES-Dragon%20Frame" 93 | 94 | elif [[ " ${suiteDragonUM[@]} " =~ " ${roomNumber} " ]]; then 95 | jssGroup="SUITES-Dragon%20Frame-Unmanaged" 96 | 97 | elif [[ " ${editBay[@]} " =~ " ${roomNumber} " ]]; then 98 | jssGroup="SUITE-Editing%20Bays" 99 | 100 | elif [[ "$roomNumber" == "T1513" ]]; then 101 | jssGroup=SUITE-$roomNumber 102 | 103 | elif [[ "$roomNumber" == "A714" ]]; then 104 | jssGroup=SUITE-$roomNumber 105 | 106 | elif [[ "$roomNumber" == "T1215" ]]; then 107 | jssGroup=STUDIO-$roomNumber 108 | 109 | elif [[ "$roomNumber" == "A220" ]]; then 110 | jssGroup=STUDIO-$roomNumber 111 | 112 | # Office/Department Computers: Check the second part of the computer name for the department and add accordingly 113 | elif [[ "$roomNumber" == "CHECKOUT" ]]; then 114 | jssGroup="CHECKOUT" 115 | 116 | elif [[ "$deptName" == "ADV" ]] || [[ "$deptName" == "PUBL" ]] || [[ "$deptName" == "UCOMM" ]]; then 117 | jssGroup="OFFICE-ADV-PUBL-UCOMM" 118 | 119 | elif [[ "$roomNumber" == "DANCE" ]]; then 120 | jssGroup="LAB-Dance%20Media" 121 | 122 | elif [[ "$deptName" == "CR" ]]; then 123 | jssGroup="OFFICE-CAMD-AART-Craft%20&%20Material%20Studies" 124 | 125 | elif [[ "$deptName" == "FA" ]] || [[ "$deptName" == "AART" ]] || [[ "$deptName" == "CAMD" ]]; then 126 | jssGroup="OFFICE-CAMD-AART-Fine%20Arts" 127 | 128 | elif [[ "$deptName" == "PH" ]]; then 129 | jssGroup="OFFICE-CAMD-AART-Photography" 130 | 131 | elif [[ "$roomNumber" == "F1J" ]] || [[ "$roomNumber" == "SCULPTURE" ]]; then 132 | jssGroup="OFFICE-CAMD-AART-Fine%20Arts" 133 | 134 | elif [[ "$deptName" == "GRAD" ]] && [[ "$building" == "T" ]] ; then 135 | jssGroup="OFFICE-CAMD-ACAMD-GRAD-Art%20&%20Design%20Education" 136 | 137 | elif ([[ "$deptName" == "GRAD" ]] && [[ "$building" == "A" ]]) || [[ "$deptName" == "GP" ]]; then 138 | jssGroup="OFFICE-CAMD-ACAMD-GRAD-Graduate%20Studies" 139 | 140 | elif [[ "$deptName" == "ILL" ]] && [[ "$building" == "A" ]]; then 141 | jssGroup="OFFICE-CAMD-ACAMD-Illustration" 142 | 143 | elif [[ "$deptName" == "LA" ]]; then 144 | jssGroup="OFFICE-CLAS-ACLAS-Liberal%20Arts" 145 | 146 | elif [[ "$deptName" == "FILM" ]]; then 147 | jssGroup="OFFICE-CAMD-AFLM-Film%20&%20Video" 148 | 149 | elif [[ "$deptName" == "MRC" ]] && [[ "$machType" == "M" ]]; then 150 | jssGroup="OFFICE-OTIS-Media%20Resources" 151 | 152 | elif [[ "$deptName" == "CORE" ]]; then 153 | jssGroup="OFFICE-CAMD-ACAMD-UGRAD-Core%20Studies" 154 | 155 | elif [[ "$deptName" == "PROV" ]]; then 156 | jssGroup="OFFICE-Provost" 157 | 158 | elif [[ "$deptName" == "VRC" ]]; then 159 | jssGroup="KIOSK-Library-Visual%20Resources%20Center" 160 | 161 | elif ([[ "$deptName" == "REG" ]] && [[ "$machType" == "M" ]]) || [[ "$roomNumber" == "REG" ]]; then 162 | jssGroup="OFFICE-Registrar" 163 | 164 | # Kiosk Machines 165 | elif [[ "$roomNumber" == "GL" ]] && [[ "$machType" == "K" ]]; then 166 | jssGroup="KIOSK-Library-Anderson" 167 | 168 | elif [[ "$roomNumber" == "ML" ]] && [[ "$machType" == "K" ]]; then 169 | jssGroup="KIOSK-Library-Merriam" 170 | 171 | elif [[ "$deptName" == "MRC" ]] && [[ "$machType" == "K" ]]; then 172 | jssGroup="KIOSK-Media%20Resources" 173 | 174 | elif [[ "$deptName" == "REG" ]] && [[ "$machType" == "K" ]]; then 175 | jssGroup="KIOSK-Registrar" 176 | 177 | elif [[ "$roomNumber" == "M201" ]] && [[ "$deptName" == "SMU" ]]; then 178 | jssGroup="OFFICE-PCPA-Music" 179 | 180 | # If the computer does not have a lab or department that matches, drop it into the NO STATIC GROUP group 181 | else 182 | echo "$roomNumber or $deptName does not match any PUBLIC or OFFICE names, adding to NO STATIC GROUP group (yes, that's odd)." 183 | jssGroup="ZZ-NO-STATIC-GROUP" 184 | fi 185 | echo "Group set to $jssGroup" 186 | 187 | # Get the JSS Group's data, remove closing section 188 | curl -H "Accept: application/xml" -sfku "${apiUser}:${apiPass}" "${jssURL}JSSResource/computergroups/name/${jssGroup}"| xmllint --format - | awk '//,/<\/computers>/{print}' | sed 's/<\/computers>//' | sed '/^$/d' > "/private/tmp/tmpgroupfile.xml" 189 | 190 | if [ -e "/private/tmp/tmpgroupfile.xml" ]; then 191 | # Get computer's data 192 | macName=$(scutil --get ComputerName) 193 | MACAdd1=$(networksetup -getmacaddress en0 | awk '{print $3}') 194 | MACAdd2=$(networksetup -getmacaddress en1 | awk '{print $3}') 195 | SerialNo=$(ioreg -rd1 -c IOPlatformExpertDevice | awk -F'"' '/IOPlatformSerialNumber/{print $4}') 196 | 197 | # Get the Mac's JSS ID using the API 198 | jssID=$(curl -H "Accept: application/xml" -sfku "${apiUser}:${apiPass}" "${jssURL}JSSResource/computers/macaddress/${MACAdd1}/subset/General" | xmllint --format - | awk -F'>|<' '//{print $3; exit}') 199 | 200 | echo "JSS ID found for $macName was: $jssID" 201 | 202 | if [[ "$jssID" ]] && [[ "$macName" ]] && [[ "$MACAdd1" ]] && [[ "$MACAdd2" ]] && [[ "$SerialNo" ]]; then 203 | # echo the xml section for the computer into the temp xml file 204 | echo ' 205 | '$jssID' 206 | '$macName' 207 | '$MACAdd1' 208 | '$MACAdd2' 209 | '$SerialNo' 210 | ' >> "/private/tmp/tmpgroupfile.xml" 211 | 212 | # Now finish the xml file 213 | echo ' 214 | ' >> "/private/tmp/tmpgroupfile.xml" 215 | else 216 | echo "Some data values are missing. Can't continue" 217 | exit 1 218 | fi 219 | else 220 | echo "The temp xml file could not be found. It may not have been created successfully" 221 | exit 1 222 | fi 223 | 224 | # If we got this far, check the format of the xml file. 225 | # If it passes the xmllint test, try uploading the xml file to the JSS 226 | if [[ $(xmllint --format "/private/tmp/tmpgroupfile.xml" 2>&1 >/dev/null; echo $?) == 0 ]]; then 227 | echo "XML creation successful. Attempting upload to JSS" 228 | 229 | curl -sfku "${apiUser}:${apiPass}" "${jssURL}JSSResource/computergroups/name/${jssGroup}" -X PUT -T "/private/tmp/tmpgroupfile.xml" 230 | 231 | # Check to see if we got a 0 exit status from the PUT command 232 | if [ $? == 0 ]; then 233 | echo "Computer \"$macName\" was added to group \"$jssGroup\"" 234 | # Clean up the xml file 235 | rm -f "/private/tmp/tmpgroupfile.xml" 236 | exit 0 237 | else 238 | echo "Add to group failed" 239 | # Clean up the xml file 240 | rm -f "/private/tmp/tmpgroupfile.xml" 241 | exit 1 242 | fi 243 | else 244 | echo "XML creation failed" 245 | rm -f "/private/tmp/tmpgroupfile.xml" 246 | exit 1 247 | fi 248 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/DEP Scripts/com.uarts.DEPprovisioning.public: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: com.uarts.DEPprovisioning.public 6 | # 7 | # Purpose: Install and run DEPNotify at enrollment time and do some final touches 8 | # for public machines. If the machine is already in the jss it will automatically continue 9 | # and continue setup. If the machine isn't in the jss, it will ask the tech to assign it 10 | # a name and cohort. It also checks for software updates and installs them if found. 11 | # This gets put in the composer package along with DEPNotofy, com.uarts.launch.plist, 12 | # and any supporting files. Then add the post install script to the package. 13 | # 14 | # 15 | # Changelog 16 | # 17 | # 9/10/18 - Changed MainText format and spell checked myself. 18 | # 8/24/18 - Removed an entire section of "MainText" because it was redundant. 19 | # 8/23/18 - Moved the caffinate command because it obviously wasn't running if a machine already existed. Oops. Also added -s in there. 20 | # 8/16/18 - Added a check for the receipt to help with "accidental" re-enrollments 21 | # 8/15/18 - Change env to bash from sh which helped fix the echo commands. 22 | # - Updated the output to maintext. 23 | # 8/9/18 - Fixed some XML issues :) 24 | # 8/3/18 - Trying out using policy calls for all software instead of a single policy 25 | # 7/24/18 - New script based on one by Neil Martin. 26 | # 27 | # Get the JSS URL from the Mac's jamf plist file, we'll use this to check if the machine is already in the jss 28 | if [ -e "/Library/Preferences/com.jamfsoftware.jamf.plist" ]; then 29 | JSSURL=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url) 30 | else 31 | echo "No JSS server set. Exiting..." 32 | exit 1 33 | fi 34 | # I don't like hardcoding passwords but... 35 | APIUSER="USERNAME" 36 | APIPASS="PASSWORD" 37 | 38 | # Set basic variables 39 | OSVERSION=$(sw_vers -productVersion) 40 | serial=$(ioreg -rd1 -c IOPlatformExpertDevice | awk -F'"' '/IOPlatformSerialNumber/{print $4}') 41 | eaxml=$(curl "$JSSURL"JSSResource/computers/serialnumber/"$serial"/subset/extension_attributes -u "$APIUSER":"$APIPASS" -H "Accept: text/xml") 42 | jssMacName=$(echo "$eaxml" | xpath '//extension_attribute[name="New Computer Name"' | awk -F'|' '{print $2}') 43 | jssCohort=$(echo "$eaxml" | xpath '//extension_attribute[name="New Cohort"' | awk -F'|' '{print $2}') 44 | 45 | JAMFBIN=/usr/local/bin/jamf 46 | # Get the logged in user 47 | CURRENTUSER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");') 48 | # Setup Done File 49 | setupDone="/var/db/receipts/com.uarts.provisioning.done.bom" 50 | 51 | # If the receipt is found, DEP already ran so let's remove this script and 52 | # the launch Daemon. This helps if someone re-enrolls a machine for some reason. 53 | if [ -f "${setupDone}" ]; then 54 | # Remove the Launch Daemon 55 | /bin/rm -Rf /Library/LaunchDaemons/com.uarts.launch.plist 56 | # Remove this script 57 | /bin/rm -- "$0" 58 | exit 0 59 | fi 60 | 61 | # This is where we wait until a user is completely logged in 62 | if pgrep -x "Finder" \ 63 | && pgrep -x "Dock" \ 64 | && [ "$CURRENTUSER" != "_mbsetupuser" ] \ 65 | && [ ! -f "${setupDone}" ]; then 66 | 67 | # Let's caffinate the mac because this can take long 68 | /usr/bin/caffeinate -d -i -m -u -s & 69 | caffeinatepid=$! 70 | 71 | # Kill any installer process running 72 | killall Installer 73 | # Wait a few seconds 74 | sleep 5 75 | 76 | # Let's Roll! 77 | 78 | # DEPNotify Log file 79 | DNLOG=/var/tmp/depnotify.log 80 | 81 | # If the computer is NOT in the jss or if it's an OFFICE machine 82 | # we want to get user input because most likely this is being reprovisioned. 83 | 84 | if [[ "$jssMacName" == "" ]] || [[ "$jssCohort" == "" ]] || [[ "$jssCohort" == "OFFICE" ]]; then 85 | # Configure DEPNotify registration window 86 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify PathToPlistFile /var/tmp/ 87 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify RegisterMainTitle "Setup..." 88 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify RegisterButtonLabel Setup 89 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UITextFieldUpperPlaceholder "T1337-M01" 90 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UITextFieldUpperLabel "Computer Name" 91 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UITextFieldLowerPlaceholder "UA42DSK1337" 92 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UITextFieldLowerLabel "Asset Tag" 93 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UIPopUpMenuUpper -array 'Lab' 'Studio' 'Smart-Classroom' 'Office' 'Checkout' 'Kiosk' 94 | sudo -u "$CURRENTUSER" defaults write menu.nomad.DEPNotify UIPopUpMenuUpperLabel "Cohort" 95 | 96 | # Configure DEPNotify starting window 97 | echo "Command: MainTitle: New Mac Setup" >> $DNLOG 98 | echo "Command: Image: /var/tmp/uarts-logo.png" >> $DNLOG 99 | echo "Command: WindowStyle: NotMovable" >> $DNLOG 100 | echo "Command: DeterminateManual: 5" >> $DNLOG 101 | 102 | # Open DepNotify fullscreen 103 | sudo -u "$CURRENTUSER" /var/tmp/DEPNotify.app/Contents/MacOS/DEPNotify -fullScreen & 104 | echo "Command: MainText: Make sure this Mac is plugged into a wired network connection before beginning." >> $DNLOG 105 | 106 | # get user input... 107 | echo "Command: ContinueButtonRegister: Begin" >> $DNLOG 108 | echo "Status: Please click the button below..." >> $DNLOG 109 | DNPLIST=/var/tmp/DEPNotify.plist 110 | # hold here until the user enters something 111 | while : ; do 112 | [[ -f $DNPLIST ]] && break 113 | sleep 1 114 | done 115 | 116 | # Let's read the user data into some variables... 117 | computerName=$(/usr/libexec/plistbuddy $DNPLIST -c "print 'Computer Name'" | tr [a-z] [A-Z]) 118 | cohort=$(/usr/libexec/plistbuddy $DNPLIST -c "print 'Cohort'" | tr [a-z] [A-Z]) 119 | ASSETTAG=$(/usr/libexec/plistbuddy $DNPLIST -c "print 'Asset Tag'" | tr [a-z] [A-Z]) 120 | 121 | # Update Asset Tag, Computer Name, and Cohort in JSS 122 | cat << EOF > /var/tmp/tempInfo.xml 123 | 124 | 125 | $ASSETTAG 126 | 127 | 128 | 129 | New Cohort 130 | $cohort 131 | 132 | 133 | New Computer Name 134 | $computerName 135 | 136 | 137 | 138 | EOF 139 | ## Upload the xml file 140 | /usr/bin/curl -sfku "$APIUSER":"$APIPASS" "$JSSURL"JSSResource/computers/serialnumber/"$serial" -H "Content-type: text/xml" -T /var/tmp/tempInfo.xml -X PUT 141 | else 142 | # This is if the machine is already found on the server 143 | 144 | # Set variables for Computer Name and Role to those from the receipts 145 | computerName=$jssMacName 146 | cohort=$jssCohort 147 | 148 | # Launch DEPNotify 149 | echo "Command: Image: /var/tmp/uarts-logo.png" >> $DNLOG 150 | echo "Command: MainTitle: Setting things up..." >> $DNLOG 151 | echo "Command: WindowStyle: NotMovable" >> $DNLOG 152 | echo "Command: DeterminateManual: 5" >> $DNLOG 153 | sudo -u "$CURRENTUSER" /var/tmp/DEPNotify.app/Contents/MacOS/DEPNotify -fullScreen & 154 | echo "Status: Please wait..." >> $DNLOG 155 | fi 156 | 157 | # Carry on with the setup... 158 | # This is where we do everything else... 159 | 160 | # Rename the machine 161 | echo "Command: DeterminateManualStep:" >> $DNLOG 162 | echo "Command: MainTitle: $computerName" >> $DNLOG 163 | echo "Status: Setting computer name..." >> $DNLOG 164 | $JAMFBIN setComputerName -name "${computerName}" 165 | 166 | echo "Status: Running FirstRun scripts and installing packages..." >> $DNLOG 167 | echo "Command: DeterminateManualStep:" >> $DNLOG 168 | if [[ $cohort == "CHECKOUT" ]]; then 169 | echo "Command: MainText: This Mac is installing all necessary software and \ 170 | running some installation scripts. This may take a little while to complete; the machine restart \ 171 | automatically when it's finished. \n \n Cohort: $cohort \n \n macOS Version: $OSVERSION" >> $DNLOG 172 | $JAMFBIN policy -event install-CHECKOUT-software 173 | $JAMFBIN policy -event enroll-firstRunCHECKOUT-scripts 174 | elif [[ $cohort == "OFFICE" ]]; then 175 | echo "Command: MainText: This Mac is installing all necessary software and \ 176 | running some installation scripts. This may take a little while to complete; the machine restart \ 177 | automatically when it's finished. \n \n Cohort: $cohort \n \n macOS Version: $OSVERSION" >> $DNLOG 178 | $JAMFBIN policy -event install-OFFICE-software 179 | $JAMFBIN policy -event enroll-firstRunOFFICE-scripts 180 | else 181 | echo "Command: MainText: This Mac is installing all necessary software and \ 182 | running some installation scripts. This may take a little while to complete; the machine restart \ 183 | automatically when it's finished. \n \n Cohort: $cohort \n \n macOS Version: $OSVERSION" >> $DNLOG 184 | $JAMFBIN policy -event install-PUBLIC-software 185 | $JAMFBIN policy -event enroll-firstRunPUBLIC-scripts 186 | fi 187 | 188 | echo "Command: DeterminateManualStep:" >> $DNLOG 189 | echo "Status: Updating Inventory..." >> $DNLOG 190 | $JAMFBIN recon 191 | 192 | # Run Software updates, Make sure you have the SUS set to an internal one in your first run. You can also hardcode it here. 193 | echo "Command: DeterminateManualStep:" >> $DNLOG 194 | echo "Status: Checking for and installing any OS updates..." >> $DNLOG 195 | /usr/sbin/softwareupdate -ia 196 | 197 | echo "Command: DeterminateManualStep:" >> $DNLOG 198 | kill "$caffeinatepid" 199 | echo "Command: RestartNow:" >> $DNLOG 200 | 201 | # Remove DEPNotify and the logs 202 | /bin/rm -Rf /var/tmp/DEPNotify.app 203 | /bin/rm -Rf /var/tmp/uarts-logo.png 204 | /bin/rm -Rf $DNLOG 205 | /bin/rm -Rf $DNPLIST 206 | 207 | # Wait a few seconds 208 | sleep 5 209 | # Remove the autologin user password file so it doesn't login again 210 | /bin/rm -Rf /etc/kcpassword 211 | # Create a bom file that allow this script to stop launching DEPNotify after done 212 | /usr/bin/touch /var/db/receipts/com.uarts.provisioning.done.bom 213 | # Remove the Launch Daemon 214 | /bin/rm -Rf /Library/LaunchDaemons/com.uarts.launch.plist 215 | # Remove this script 216 | /bin/rm -- "$0" 217 | 218 | fi 219 | exit 0 220 | -------------------------------------------------------------------------------- /UArts Scripts (Archived)/dockMaster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 4 | # Created by John Mahlman, University of the Arts Philadelphia (jmahlman@uarts.edu) 5 | # Name: DockMaster.sh 6 | # 7 | # Purpose: Set the contents of the dock on login based on computer type (cohort) 8 | # and what applications are available on the local machine. 9 | # 10 | # Changelog 11 | # 12/1/17: - Added KIOSK items 12 | # 9/5/17: - Fixed a double negative if-statement 13 | # 7/26/17: - Fixed a typo with powerpoint 14 | # 2/20/17: - Replaced the sleep 5 on line 16 with the wait loop. 15 | # - Cleaned up script to make it in line with my styling. 16 | # - I removed the "originally created by" in the header, this is 17 | # so customized that it no longer has any part of the original in it. 18 | # - ALL of the comments! 19 | # 9/15/16: - Removed network connect since we don't use it anymore. 20 | # 21 | # 22 | 23 | # we need to wait for the dock to actually start 24 | until [[ $(pgrep Dock) ]]; do 25 | wait 26 | done 27 | 28 | # Find the JAMF binary 29 | jamfbinary=$(/usr/bin/which jamf) 30 | 31 | # Chesk to see if we have dockutil installed, install if not 32 | if [ ! -f "/usr/local/bin/dockutil" ]; then 33 | echo "Installing DockUtil from JSS" 34 | "$jamfbinary" policy -event dockutil 35 | if [ ! -f "/usr/local/bin/dockutil" ]; then # Did the install work? 36 | echo "Unable to install DockUtil, aborting!" 37 | exit 1 38 | fi 39 | fi 40 | du="/usr/local/bin/dockutil" 41 | 42 | # Get the current logged in user that we'll be modifying 43 | if [ ! -z "$3" ]; then 44 | user=$3 45 | else 46 | user=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");') 47 | fi 48 | echo "Running DockMaster on $user" 49 | 50 | # Find out the type of machine using our COHORT receipt 51 | if [ -f /Library/JAMF\ DM/Cohort/*.txt ]; then 52 | cohort=$(cat /Library/JAMF\ DM/Cohort/*.txt) 53 | echo "Cohort set to $cohort" 54 | else 55 | echo "No cohort available. Adding default icons only." 56 | cohort="NONE" 57 | fi 58 | 59 | # Bundled apps checker functions 60 | officeIcons () 61 | { 62 | wordversion=$(defaults read "/Applications/Microsoft Word.app/Contents/Info.plist" CFBundleShortVersionString) 63 | # Checking for Word/Office 2016 64 | sleep 2 65 | if [[ $wordversion == "15."* ]]; then 66 | echo "Adding Office 2016 apps" 67 | $du --add "/Applications/Microsoft Word.app" --no-restart /Users/$user 68 | $du --add "/Applications/Microsoft Excel.app" --no-restart /Users/$user 69 | $du --add "/Applications/Microsoft Outlook.app" --no-restart /Users/$user 70 | $du --add "/Applications/Microsoft PowerPoint.app" --no-restart /Users/$user 71 | else 72 | # Checking for Office 2011 73 | if [ -d "/Applications/Microsoft Office 2011/" ]; then 74 | echo "Adding Office 2011 apps" 75 | $du --add "/Applications/Microsoft Office 2011/Microsoft Word.app" --no-restart /Users/$user 76 | $du --add "/Applications/Microsoft Office 2011/Microsoft Excel.app" --no-restart /Users/$user 77 | $du --add "/Applications/Microsoft Office 2011/Microsoft Outlook.app" --no-restart /Users/$user 78 | $du --add "/Applications/Microsoft Office 2011/Microsoft PowerPoint.app" --no-restart /Users/$user 79 | fi 80 | fi 81 | } 82 | 83 | iWorkIcons () 84 | { 85 | echo "Adding installed iWork Apps" 86 | if [ -e "/Applications/Pages.app" ]; then 87 | $du --add "/Applications/Pages.app" --no-restart /Users/$user 88 | fi 89 | if [ -e "/Applications/Numbers.app" ]; then 90 | $du --add "/Applications/Numbers.app" --no-restart /Users/$user 91 | fi 92 | if [ -e "/Applications/Keynote.app" ]; then 93 | $du --add "/Applications/Keynote.app" --no-restart /Users/$user 94 | fi 95 | # We check for every app here one by one because they're installed separately, 96 | # we don't do this for office because that's a single package that gets laid. 97 | } 98 | 99 | # Clear the default dock 100 | echo "Removing all items from the dock" 101 | $du --remove all --no-restart /Users/$user 102 | sleep 2 # we need to give this time to work or we'll get errors with "replacing" items instead of adding them 103 | 104 | 105 | ### The next secion is where you'll want to add your dock items based on computer type/COHORT ### 106 | 107 | ####################################### 108 | #### Items for all/no cohorts 109 | ####################################### 110 | if [ $cohort != "KIOSK" ]; then # KIOSK machines get special treatment, at the bottom. 111 | echo "Adding browsers" 112 | $du --add "/Applications/Safari.app" --no-restart /Users/$user 113 | if [ -e "/Applications/Google Chrome.app/" ]; then 114 | $du --add "/Applications/Google Chrome.app" --no-restart /Users/$user 115 | fi 116 | # We have two different firefox types, lets figure out which one is installed 117 | if [ -e /Applications/Firefox* ]; then 118 | firefox=$(find /Applications -type d -maxdepth 1 -name Firefox*) 119 | $du --add "$firefox" --no-restart /Users/$user 120 | fi 121 | # Add Office icons to all cohorts 122 | officeIcons 123 | # Every user gets a downloads folder too 124 | echo "Adding the Downloads folder" 125 | $du --add "~/Downloads" --view fan --display stack --sort dateadded --no-restart /Users/$user 126 | fi 127 | 128 | ####################################### 129 | #### Add dock items for FACSTAFF cohort 130 | ####################################### 131 | if [ $cohort == "FACSTAFF" ]; then 132 | echo "Adding apps for FACSTAFF" 133 | $du --add "/Applications/Calendar.app" --no-restart /Users/$user 134 | $du --add "/Applications/Preview.app" --no-restart /Users/$user 135 | $du --add "/Applications/iTunes.app" --no-restart /Users/$user 136 | $du --add "/Applications/Photo Booth.app" --no-restart /Users/$user 137 | $du --add "/Applications/Time Machine.app" --no-restart /Users/$user 138 | if [ -e "/Library/KeyAccess/KeyCheckout.app/" ]; then 139 | $du --add "/Library/KeyAccess/KeyCheckout.app" --no-restart /Users/$user 140 | fi 141 | $du --add "/Applications/Self Service.app" --no-restart /Users/$user 142 | $du --add "/Applications/App Store.app" --no-restart /Users/$user 143 | $du --add "/Applications/System Preferences.app" --position end --no-restart /Users/$user 144 | # This should be the end of the applications in the dock, anything after should be a folder 145 | $du --add "/Applications" --view grid --display folder --sort name --no-restart /Users/$user 146 | $du --add "~/Documents" --view fan --display stack --sort dateadded --no-restart /Users/$user 147 | 148 | ####################################### 149 | #### Add dock items for OFFICE cohort 150 | ####################################### 151 | elif [ $cohort == "OFFICE" ]; then 152 | echo "Adding apps for OFFICE cohort" 153 | $du --add "/Applications/Launchpad.app" --position beginning --no-restart /Users/$user 154 | $du --add "/Applications/Contacts.app" --no-restart /Users/$user 155 | $du --add "/Applications/Calendar.app" --no-restart /Users/$user 156 | $du --add "/Applications/Notes.app" --no-restart /Users/$user 157 | $du --add "/Applications/Messages.app" --no-restart /Users/$user 158 | $du --add "/Applications/Self Service.app" --no-restart /Users/$user 159 | $du --add "/Applications/System Preferences.app" --position end --no-restart /Users/$user 160 | # This should be the end of the applications in the dock, anything after should be a folder 161 | $du --add "/Applications" --view grid --display folder --sort name --no-restart /Users/$user 162 | 163 | ####################################### 164 | #### Add dock items for PUBLIC cohorts 165 | #### This one has a lot of different cohorts, 166 | #### You can break it down as much as you want of course 167 | ####################################### 168 | elif [ $cohort == "LAB" ] || [ $cohort == "STUDIO" ] || [ $cohort == "SUITE" ] || [ $cohort == "SMART-CLASSROOM" ]; then 169 | echo "Adding apps for $cohort cohort" 170 | iWorkIcons 171 | $du --add "/Applications/Image Capture.app" --no-restart /Users/$user 172 | $du --add "/Applications/Preview.app" --no-restart /Users/$user 173 | # This should be the end of the applications in the dock, anything after should be a folder 174 | $du --add "/Applications" --view grid --display folder --sort name --no-restart /Users/$user 175 | 176 | ####################################### 177 | #### Add dock items for CHECKOUT cohort 178 | ####################################### 179 | elif [ $cohort == "CHECKOUT" ]; then 180 | echo "Adding apps for CHECKOUT cohort" 181 | $du --add "/Applications/Calendar.app" --no-restart /Users/$user 182 | $du --add "/Applications/Preview.app" --no-restart /Users/$user 183 | $du --add "/Applications/iTunes.app" --no-restart /Users/$user 184 | $du --add "/Applications/Photo Booth.app" --no-restart /Users/$user 185 | $du --add "/Applications/Time Machine.app" --no-restart /Users/$user 186 | if [ -e "/Library/KeyAccess/KeyCheckout.app/" ]; then 187 | $du --add "/Library/KeyAccess/KeyCheckout.app" --no-restart /Users/$user 188 | fi 189 | $du --add "/Applications/Self Service.app" --no-restart /Users/$user 190 | $du --add "/Applications/App Store.app" --no-restart /Users/$user 191 | $du --add "/Applications/System Preferences.app" --position end --no-restart /Users/$user 192 | # This should be the end of the applications in the dock, anything after should be a folder 193 | $du --add "/Applications" --view grid --display folder --sort name --no-restart /Users/$user 194 | $du --add "~/Documents" --view fan --display stack --sort dateadded --no-restart /Users/$user 195 | 196 | ####################################### 197 | #### Add dock items for KIOSK cohort 198 | ####################################### 199 | elif [ $cohort == "KIOSK" ]; then 200 | echo "Adding apps for KIOSK cohort" 201 | $du --add "/Applications/Safari.app" --no-restart /Users/$user 202 | # This should be the end of the applications in the dock, anything after should be a folder 203 | $du --add "~/Downloads" --view fan --display stack --sort dateadded --no-restart /Users/$user 204 | $du --add https://sss.uarts.edu/ --label 'Student Self Service' --no-restart /Users/$user 205 | $du --add https://mycampus.uarts.edu/ --label 'UArts Portal' --no-restart /Users/$user 206 | $du --add http://www.studentclearinghouse.org/ --label 'Transcripts & Enrollment Verifications' --after Downloads --no-restart /Users/$user 207 | 208 | fi #end of cohorts 209 | 210 | # Restart the dock after everything is done 211 | sleep 5 212 | killall Dock 213 | exit 0 214 | -------------------------------------------------------------------------------- /Jamf Large Install Helper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # shellcheck shell=bash 3 | 4 | # Script Info variables 5 | SCRIPT_AUTHOR="John Mahlman" 6 | SCRIPT_AUTHOR_EMAIL="john.mahlman@gmail.com" 7 | SCRIPT_NAME="large-app-install-helper" 8 | SCRIPTVER="1.10.8" 9 | 10 | # Purpose: This script will be used to show a user the progress of large installs using DEPNotify 11 | # 12 | # 13 | # Author: John Mahlman 14 | # Creation Date: May 10, 2022 15 | # 16 | # v1.10.8 17 | # 2023-02-28 - John Mahlman 18 | # With the removal of the jamf "install" verb I created the installApp function to use installer instead. I had to make a few other changes to make this work. 19 | # I also removed the "ability" to kill the installation process since installer does not like doing that 20 | # 21 | # v1.10.4 22 | # 2022-05-19 - John Mahlman 23 | # Adding a status message at satrtup so we dont show any old messages. 24 | # 25 | # v1.10.3 26 | # 2022-05-19 - John Mahlman 27 | # Added some better error checking for a failed package install. 28 | # Added a popup for a failed download or a failed install (instead of just quitting). 29 | # Change logs file name to include date so we don't accidentally get false reports from old installs. 30 | # Fixed the free space checker. 31 | # 32 | # v1.6 33 | # 2022-05-18 - John Mahlman 34 | # Learned that Jamf has an install flag that will also give us percentages, so we're going to try to use that instead. 35 | # Updated to use the Jamf Waiting room, this means that the Jamf policy you call should be a CACHE package policy, not an install. 36 | # 37 | # v1.3 38 | # 2022-05-17 - John Mahlman 39 | # Refactored some variables and also updated the installer loop to be dumber but to actually work :) 40 | # Added a check in the main portion of the script, if the package is downloaded fully already, just have it install instead of running a policy. 41 | # 42 | # v1.1 43 | # 2022-05-16 - John Mahlman 44 | # When a user exits with cmd+ctrl+c we want to make it as a clean quit, so I changed the exit code from 2 to 0 45 | # 46 | # v1.0 47 | # 2022-05-16 - John Mahlman 48 | # Jamf trial ready! 49 | # 50 | # v0.1 51 | # 2022-05-10 - John Mahlman 52 | # Initial Creation 53 | # 54 | 55 | # JAMF Parameters 56 | # Parameter 4: Friendly Application Name 57 | [ -z "$4" ] && exit 14 || APPNAME="$4" 58 | # Parameter 5: Jamf Trigger for caching package 59 | [ -z "$5" ] && exit 15 || JAMF_TRIGGER="$5" 60 | # Parameter 6: Package Name (with .pkg) 61 | [ -z "$6" ] && exit 16 || PKG_NAME="$6" 62 | # Parameter 7: Package size in KB (whole numebrs only) 63 | [ -z "$7" ] && exit 17 || PKG_Size="$7" 64 | # Parameter 8: Minimum drive space required (default 5) (Optional) 65 | [ -z "$8" ] && min_drive_space="5" || min_drive_space="$8" 66 | # Parameter 9: Extended tout time (default 60) (Optional) 67 | [ -z "$9" ] && TIMEOUT="60" || TIMEOUT="$9" 68 | 69 | RUNTIME=$(/bin/date +'%Y-%m-%d_%H%M%S') 70 | # all output from now on is written also to a log file 71 | LOG_FILE="/var/tmp/install-helper.$RUNTIME.log" 72 | exec > >(tee "${LOG_FILE}") 2>&1 73 | 74 | # Grab currently logged in user to set the language for Dialogue messages 75 | CURRENT_USER=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}') 76 | 77 | # Jamf Variables 78 | JAMFBINARY=/usr/local/jamf/bin/jamf 79 | JAMF_DOWNLOADS="/Library/Application Support/JAMF/Downloads" 80 | JAMF_WAITING_ROOM="/Library/Application Support/JAMF/Waiting Room" 81 | jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" 82 | 83 | # DEPNotify varaibles 84 | DN_APP="/Applications/Utilities/DEPNotify.app" 85 | DNLOG="/var/tmp/depnotify.log" 86 | DN_CONFIRMATION="/var/tmp/com.depnotify.provisioning.done" 87 | DNPLIST="/Users/$CURRENT_USER/Library/Preferences/menu.nomad.DEPNotify.plist" 88 | 89 | # DEPNotify UI Elements and text 90 | IT_SUPPORT="IT Support" 91 | DOWNLOAD_ICON="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/SidebarDownloadsFolder.icns" 92 | INSTALL_ICON="/System/Library/CoreServices/Installer.app/Contents/Resources/package.icns" 93 | DN_TITLE="$APPNAME Install Helper" 94 | DOWNLOAD_DESC="Your machine is currently downloading $APPNAME. This process will take a long time, please be patient.\n\nIf you want to cancel this process press CMD+CTRL+C." 95 | INSTALL_DESC="Your machine is now installing $APPNAME. This process may take a while, please be patient.\n\no not cancel the installation, if you have any issues please contact $IT_SUPPORT" 96 | 97 | # shellcheck disable=SC2012 98 | CURRENT_PKG_SIZE=$(ls -l "$JAMF_WAITING_ROOM/$PKG_NAME" | awk '{ print $5 }' | awk '{$1/=1024;printf "%.i\n",$1}') 99 | 100 | # icon for error dialog 101 | ALERT_ICON="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertStopIcon.icns" 102 | # Error dialogs 103 | FREESPACE_ERROR="There is not enough space on the drive to complete this install. You need to have at least ${min_drive_space} GB available." 104 | DL_ERROR="There was a problem starting the download, this process will now quit. Please try again or open a ticket with $IT_SUPPORT." 105 | INSTALL_ERROR="The installation failed. Please open a ticket with $IT_SUPPORT." 106 | 107 | # Check if DEPNotify is installed, if it's not install from Jamf. 108 | if [[ ! -d $DN_APP ]]; then 109 | echo "DEPNotify does not exist, installing." 110 | $JAMFBINARY policy -event main-depnotify 111 | if [[ ! -d $DN_APP ]]; then 112 | echo "DEPNotify Install failed, exiting" 113 | exit 20 114 | fi 115 | fi 116 | 117 | check_free_space() { 118 | # determine if the amount of free and purgable drive space is sufficient for the upgrade to take place. 119 | free_disk_space=$(osascript -l 'JavaScript' -e "ObjC.import('Foundation'); var freeSpaceBytesRef=Ref(); $.NSURL.fileURLWithPath('/').getResourceValueForKeyError(freeSpaceBytesRef, 'NSURLVolumeAvailableCapacityForImportantUsageKey', null); Math.round(ObjC.unwrap(freeSpaceBytesRef[0]) / 1000000000)") # with thanks to Pico 120 | 121 | if [[ ! "$free_disk_space" ]]; then 122 | # fall back to df -h if the above fails 123 | free_disk_space=$(df -Pk . | column -t | sed 1d | awk '{print $4}') 124 | fi 125 | 126 | if [[ $free_disk_space -ge $min_drive_space ]]; then 127 | echo " [check_free_space] OK - $free_disk_space GB free/purgeable disk space detected" 128 | else 129 | echo " [check_free_space] ERROR - $free_disk_space GB free/purgeable disk space detected" 130 | "$jamfHelper" -windowType "utility" -description "${FREESPACE_ERROR}" -alignDescription "left" -icon "$ALERT_ICON" -button1 "OK" -defaultButton "0" -cancelButton "1" 131 | exit 1 132 | fi 133 | } 134 | 135 | dep_notify() { 136 | # This function will open DEPNotify and set up the initial parameters. 137 | # configuration taken from https://github.com/jamf/DEPNotify-Starter 138 | /usr/bin/defaults write "$DNPLIST" statusTextAlignment "center" 139 | # Set the help bubble information 140 | /usr/bin/defaults write "$DNPLIST" helpBubble -array "About this tool" \ 141 | "This utility was designed to provide you with feedback for large installs like Xcode. \nThe progress bar will update based on your current download size and during install will update based on feedback from the installer. \n\nIf you have issues, pelase contact $IT_SUPPORT. \n\nWritten by $SCRIPT_AUTHOR, $SCRIPT_AUTHOR_EMAIL \nVersion $SCRIPTVER" 142 | chown "$CURRENT_USER":staff "$DNPLIST" 143 | 144 | # Configure the window's look 145 | { 146 | echo "Command: Image: $DOWNLOAD_ICON" 147 | echo "Command: MainTitle: $DN_TITLE" 148 | /bin/echo "Command: MainText: $DOWNLOAD_DESC" 149 | echo "Status: Starting up..." 150 | echo "Command: QuitKey: c" 151 | } >> "$DNLOG" 152 | 153 | # Launch DEPNotify if it's not open 154 | if ! pgrep DEPNotify ; then 155 | sudo -u "$CURRENT_USER" open -a "$DN_APP" --args -path "$DNLOG" 156 | fi 157 | } 158 | 159 | # Call this with "install" or "download" to update the DEPNotify window and progress dialogs 160 | depNotifyProgress() { 161 | last_progress_value=0 162 | current_progress_value=0 163 | 164 | if [[ "$1" == "download" ]]; then 165 | echo "Command: MainTitle: Downloading $APPNAME" >> $DNLOG 166 | 167 | # Wait for for the download to start, if it doesn't we'll bail out. 168 | while [ ! -f "$JAMF_DOWNLOADS/$PKG_NAME" ]; do 169 | userCancelProcess 170 | if [[ "$TIMEOUT" == 0 ]]; then 171 | echo "ERROR: (depNotifyProgress) Timeout while waiting for the download to start." 172 | { 173 | /bin/echo "Command: MainText: $DL_ERROR" 174 | echo "Status: Error downloading $PKG_NAME" 175 | echo "Command: DeterminateManualStep: 100" 176 | echo "Command: Quit: $DL_ERROR" 177 | } >> $DNLOG 178 | exit 1 179 | fi 180 | sleep 1 181 | ((TIMEOUT--)) 182 | done 183 | 184 | # Download started, lets set the progress bar 185 | echo "Status: Downloading - 0%" >> $DNLOG 186 | echo "Command: DeterminateManual: 100" >> $DNLOG 187 | 188 | # Until at least 100% is reached, calculate the downloading progress and move the bar accordingly 189 | until [[ "$current_progress_value" -ge 100 ]]; do 190 | # shellcheck disable=SC2012 191 | until [ "$current_progress_value" -gt "$last_progress_value" ]; do 192 | # Check if the download is in the waiting room (it moves from downloads to the waiting room after it's fully downloaded) 193 | if [[ ! -e "$JAMF_DOWNLOADS/$PKG_NAME" ]]; then 194 | CURRENT_DL_SIZE=$(ls -l "$JAMF_WAITING_ROOM/$PKG_NAME" | awk '{ print $5 }' | awk '{$1/=1024;printf "%.i\n",$1}') 195 | userCancelProcess 196 | current_progress_value=$((CURRENT_DL_SIZE * 100 / PKG_Size)) 197 | sleep 2 198 | else 199 | CURRENT_DL_SIZE=$(ls -l "$JAMF_DOWNLOADS/$PKG_NAME" | awk '{ print $5 }' | awk '{$1/=1024;printf "%.i\n",$1}') 200 | userCancelProcess 201 | current_progress_value=$((CURRENT_DL_SIZE * 100 / PKG_Size)) 202 | sleep 2 203 | fi 204 | done 205 | echo "Command: DeterminateManualStep: $((current_progress_value-last_progress_value))" >> $DNLOG 206 | echo "Status: Downloading - $current_progress_value%" >> $DNLOG 207 | last_progress_value=$current_progress_value 208 | done 209 | elif [[ "$1" == "install" ]]; then 210 | echo "Command: MainTitle: Installing $APPNAME" >> $DNLOG 211 | # Install started, lets set the progress bar 212 | { 213 | echo "Command: Image: $INSTALL_ICON" 214 | /bin/echo "Command: MainText: $INSTALL_DESC" 215 | echo "Status: Preparing to Install $PKG_NAME" 216 | echo "Command: QuitKey: i" 217 | echo "Command: DeterminateManual: 100" 218 | } >> $DNLOG 219 | until grep -q "installer:STATUS:" "$LOG_FILE" ; do 220 | didInstallFail 221 | userCancelProcess 222 | sleep 2 223 | done 224 | # Update the progress using a timer until it's at 100% 225 | until [[ "$current_progress_value" -ge "100" ]]; do 226 | until [ "$current_progress_value" -gt "$last_progress_value" ]; do 227 | INSTALL_STATUS=$(sed -nE 's/installer:PHASE:(.*)/\1/p' < $LOG_FILE | tail -n 1) 228 | didInstallFail 229 | userCancelProcess 230 | current_progress_value=$(sed -nE 's/installer:%([0-9]*).*/\1/p' < $LOG_FILE | tail -n 1) 231 | sleep 2 232 | done 233 | echo "Command: DeterminateManualStep: $((current_progress_value-last_progress_value))" >> $DNLOG 234 | echo "Status: $INSTALL_STATUS - $current_progress_value%" >> $DNLOG 235 | last_progress_value=$current_progress_value 236 | done 237 | # The code below is the install logic to use when "estimating" the time of an install instead of using JAMF 238 | # It mostly works but I want to keep it for historical sake ;) 239 | elif [[ "$1" == "manualInstall" ]]; then 240 | echo "Command: MainTitle: Installing $APPNAME" >> $DNLOG 241 | # Install started, lets set the progress bar 242 | { 243 | echo "Command: Image: $INSTALL_ICON" 244 | /bin/echo "Command: MainText: $INSTALL_DESC" 245 | echo "Status: Preparing to Install $PKG_NAME" 246 | echo "Command: DeterminateManual: $INSTALL_TIMER" 247 | } >> $DNLOG 248 | 249 | # Update the progress using a timer until a receipt is found. If it gets full it'll just wait for a receipt. 250 | until [[ "$current_progress_value" -ge $INSTALL_TIMER ]] && [[ $(receiptIsPresent) -eq 1 ]]; do 251 | userCancelProcess 252 | sleep 5 253 | current_progress_value=$((current_progress_value + 5)) 254 | echo "Command: DeterminateManualStep: 5" >> $DNLOG 255 | echo "Status: Installing $PKG_NAME" >> $DNLOG 256 | receiptIsPresent && break 257 | last_progress_value=$current_progress_value 258 | done 259 | fi 260 | } 261 | 262 | receiptIsPresent() { 263 | if [[ $(find "/Library/Application Support/JAMF/Receipts/$PKG_NAME" -type f -maxdepth 1) ]]; then 264 | current_progress_value="100" 265 | # If it finds the receipt, just set the progress bar to full 266 | { 267 | echo "Installer is not running, exiting." 268 | echo "Command: DeterminateManualStep: 100" 269 | echo "Status: $PKG_NAME successfully installed." 270 | } >> $DNLOG 271 | sleep 10 272 | return 0 273 | fi 274 | return 1 275 | } 276 | 277 | cachePackageWithJamf() { 278 | $JAMFBINARY policy -event "$1" & 279 | JAMF_PID=$! 280 | echo "Jamf policy running with a PID of $JAMF_PID" 281 | } 282 | 283 | installWithJamf() { # the jamf verb "install" was removed in 10.44, moving to the installApp() function below. 284 | $JAMFBINARY install -path "$JAMF_WAITING_ROOM" -package "$PKG_NAME" -showProgress -target / 2>&1 | tee $LOG_FILE & 285 | JAMF_PID=$! 286 | echo "Jamf install running with a PID of $JAMF_PID" 287 | } 288 | 289 | installApp() { 290 | #/usr/sbin/installer -pkg "$JAMF_WAITING_ROOM/$PKG_NAME" -verboseR -target / 2>&1 | tee $LOG_FILE & 291 | /usr/sbin/installer -pkg "$JAMF_WAITING_ROOM/$PKG_NAME" -verboseR -target / > >(tee $LOG_FILE) 2>&1 & 292 | INSTALLER_PID=$! 293 | echo "Installer running with a PID of $INSTALLER_PID" 294 | } 295 | 296 | cleanupWaitingRoom() { 297 | echo "Sweeping up the waiting room..." 298 | rm -f "$JAMF_WAITING_ROOM/$PKG_NAME" & 299 | rm -f "$JAMF_WAITING_ROOM/$PKG_NAME".cache.xml 300 | } 301 | 302 | didInstallFail() { 303 | INSTALL_FAILED=$(sed -nE 's/installer:(.*)/\1/p' < $LOG_FILE | tail -n 1 | grep -c "The Installer encountered an error") 304 | if [[ $INSTALL_FAILED -ge "1" ]]; then 305 | echo "Install failed, notifying user." 306 | echo "Command: Quit: $INSTALL_ERROR" >> $DNLOG 307 | fi 308 | } 309 | 310 | # Checks if DEPNotify is open, if it's not, it'll exit, causing the trap to run 311 | # It's not a good idea to kill the installer...so the question is...should we even stop installer? Naa 312 | # Thanks for the sanity check, Armin. 313 | userCancelProcess () { 314 | if ! pgrep DEPNotify ; then 315 | killall jamf 316 | #kill -9 "$INSTALLER_PID" 317 | #killall installer 318 | echo "User manually cancelled with the quit key." 319 | # We don't want to mark this as a failure, so let's exit gracefully. 320 | exit 0 321 | fi 322 | } 323 | 324 | dep_notify_quit() { 325 | # quit DEP Notify 326 | echo "Command: Quit" >> "$DNLOG" 327 | # reset all the settings that might be used again 328 | /bin/rm "$DNLOG" "$DN_CONFIRMATION" 2>/dev/null 329 | # kill dep_notify_progress background job if it's already running 330 | if [ -f "/tmp/depnotify_progress_pid" ]; then 331 | while read -r i; do 332 | kill -9 "${i}" 333 | done < /tmp/depnotify_progress_pid 334 | /bin/rm /tmp/depnotify_progress_pid 335 | fi 336 | } 337 | 338 | kill_process() { 339 | process="$1" 340 | echo 341 | if process_pid=$(/usr/bin/pgrep -a "$process" 2>/dev/null) ; then 342 | echo " [$SCRIPT_NAME] attempting to terminate the '$process' process - Termination message indicates success" 343 | kill "$process_pid" 2> /dev/null 344 | if /usr/bin/pgrep -a "$process" >/dev/null ; then 345 | echo " [$SCRIPT_NAME] ERROR: '$process' could not be killed" 346 | fi 347 | echo 348 | fi 349 | } 350 | 351 | finish() { 352 | # kill caffeinate 353 | kill_process "caffeinate" 354 | kill_process "jamfHelper" 355 | dep_notify_quit 356 | /bin/rm $DNLOG 357 | } 358 | 359 | ############### 360 | ## MAIN BODY ## 361 | ############### 362 | echo "$SCRIPT_NAME version $SCRIPTVER" 363 | # ensure the finish function is executed when exit is signaled 364 | trap "finish" EXIT 365 | 366 | # ensure computer does not go to sleep while running this script 367 | echo " [$SCRIPT_NAME] Caffeinating this script (pid=$$)" 368 | /usr/bin/caffeinate -dimsu -w $$ & 369 | 370 | check_free_space 371 | # Let's first check if the package exists in the downloads and it matches the size... 372 | # this avoids us having to run the policy again and causing the sceript to re-download the whole thing again. 373 | if [[ -e "$JAMF_WAITING_ROOM/$PKG_NAME" ]] && [[ $CURRENT_PKG_SIZE == "$PKG_Size" ]]; then 374 | echo "Package already download, installing with jamf binary." 375 | dep_notify 376 | #installWithJamf 377 | installApp 378 | depNotifyProgress install 379 | cleanupWaitingRoom 380 | else 381 | dep_notify 382 | cachePackageWithJamf "$JAMF_TRIGGER" 383 | depNotifyProgress download 384 | sleep 5 385 | dep_notify_quit 386 | dep_notify 387 | #installWithJamf 388 | installApp 389 | depNotifyProgress install 390 | cleanupWaitingRoom 391 | fi 392 | 393 | # Let's get a recon only if the script completes here. 394 | $JAMFBINARY recon --------------------------------------------------------------------------------