├── .DS_Store
├── .github
└── FUNDING.yml
├── Code Sign Quickaction Workflow
├── Code Sign PKG.workflow
│ └── Contents
│ │ ├── Info.plist
│ │ ├── QuickLook
│ │ └── Thumbnail.png
│ │ └── document.wflow
├── READ ME.txt
├── code.txt
├── in use.png
└── screenshot.png
├── Computer Extension Attributes
├── Bitdefender Status.xml
├── Bomgar Jump Client Install Status.xml
├── Bomgar Jump Client Status.xml
├── Cisco AMP Status.xml
├── DEPNotify Status.xml
├── Extensis Portfolio_ Cataloging Service Status.xml
├── FindMyMac Status.xml
├── Jamf Connect - Auth Mechanism.xml
├── Jamf Connect - LaunchAgent Status.xml
├── Jamf Connect Launch Agent Status.xml
├── LAPS Expiration.xml
├── LAPS Password.xml
├── Location.xml
├── MS Excel Installed via App Store.xml
├── MS OneDrive Installed via App Store.xml
├── MS OneNote Installed via App Store.xml
├── MS Outlook Installed via App Store.xml
├── MS PowerPoint Installed via App Store.xml
├── MS Word Installed via App Store.xml
├── Nessus Agent Status.xml
├── NinjaOne.xml
├── Site.xml
└── Xcode Command Line Tools Installed.xml
├── Guides
├── Adding Macs to ABM.pdf
├── Adding iOS to ABM.pdf
├── Custom Claims to AzureAD.pdf
├── JAMF ADCS Certificate setup Guide.pdf
├── JAMF PRO ADCS Full Setup Ver. 1.0.pdf
├── Jamf Connect Troubleshooting
└── Jamf Connect Troubleshooting.pdf
├── Packages
└── Mobileconfig tools.pkg
├── Profiles
├── AnyConnect Kernel Extensions Mojave and lower.mobileconfig
├── AnyConnect System Extensions Big Sur and Catalina.mobileconfig
├── Cisco AMP 1.14.0 BigSur Ready.mobileconfig
├── Falcon Profile Intel.mobileconfig
├── Falcon Profile M1.mobileconfig
├── FortiClient VPN.mobileconfig
├── PPPC Bitdefender.mobileconfig
├── PPPC Bomgar.mobileconfig
└── PPPC ConnectWiseControl.mobileconfig
├── README.md
├── Scripts
├── Account-Tool.sh
├── Allow standard users rights to system prefs.sh
├── AzureADClaim.ps1
├── Backup iCloud Drive.sh
├── DEP-Setup-Mac.sh
├── Deploy_Splashtop_Streamer.sh
├── Grant Perm Admin Rights.sh
├── Install_Duo_Health.sh
├── Jamf-Change-Management-Account.sh
├── JamfConnectNotifyStart.sh
├── JamfConnectUninstall.sh
├── Jamf_Connect_Notify_Starter_Script.sh
├── MS-Company-Portal-Removal-Tool.sh
├── MSP-DEPNotify-Start.sh
├── Quick Add Post-install script.sh
├── Secure_Token_Handoff.sh
├── SendUnmangeCommand-token.sh
├── Set-Account-Picture-via-Jamf-Connect.sh
├── ad_unbind_migrate_to_local_account.sh
├── admobile2local.sh
├── authrestart.sh
├── code-sign.sh
├── install_backblaze.sh
├── install_bomgar_jump.sh
├── install_cisco_umbrella_client.sh
├── intune_user.sh
├── kaseya-install-agent.sh
├── standalone_vanta_install.sh
├── sysaid_config.sh
└── uninstall_bomgar_jump.sh
└── better-jamf-policy-deferral-docs
├── Install 1.png
├── Install 2.png
├── Install 4.png
├── Install 5.png
├── Prompt 1.png
├── Prompt 2.png
└── Prompt 3.png
/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/.DS_Store
--------------------------------------------------------------------------------
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | # These are supported funding model platforms
2 |
3 | github: kylejericson # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
4 | patreon: # Replace with a single Patreon username
5 | open_collective: # Replace with a single Open Collective username
6 | ko_fi: # Replace with a single Ko-fi username
7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
9 | liberapay: # Replace with a single Liberapay username
10 | issuehunt: # Replace with a single IssueHunt username
11 | otechie: # Replace with a single Otechie username
12 | lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
13 | custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
14 |
--------------------------------------------------------------------------------
/Code Sign Quickaction Workflow/Code Sign PKG.workflow/Contents/Info.plist:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | NSServices
6 |
7 |
8 | NSBackgroundColorName
9 | background
10 | NSBackgroundSystemColorName
11 | blackColor
12 | NSIconName
13 | NSActionTemplate
14 | NSMenuItem
15 |
16 | default
17 | Code Sign PKG
18 |
19 | NSMessage
20 | runWorkflowAsService
21 | NSRequiredContext
22 |
23 | NSApplicationIdentifier
24 | com.apple.finder
25 |
26 | NSSendFileTypes
27 |
28 | public.item
29 |
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/Code Sign Quickaction Workflow/Code Sign PKG.workflow/Contents/QuickLook/Thumbnail.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/Code Sign Quickaction Workflow/Code Sign PKG.workflow/Contents/QuickLook/Thumbnail.png
--------------------------------------------------------------------------------
/Code Sign Quickaction Workflow/Code Sign PKG.workflow/Contents/document.wflow:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | AMApplicationBuild
6 | 492
7 | AMApplicationVersion
8 | 2.10
9 | AMDocumentVersion
10 | 2
11 | actions
12 |
13 |
14 | action
15 |
16 | AMAccepts
17 |
18 | Container
19 | List
20 | Optional
21 |
22 | Types
23 |
24 | com.apple.cocoa.string
25 |
26 |
27 | AMActionVersion
28 | 2.0.3
29 | AMApplication
30 |
31 | Automator
32 |
33 | AMParameterProperties
34 |
35 | COMMAND_STRING
36 |
37 | CheckedForUserDefaultShell
38 |
39 | inputMethod
40 |
41 | shell
42 |
43 | source
44 |
45 |
46 | AMProvides
47 |
48 | Container
49 | List
50 | Types
51 |
52 | com.apple.cocoa.string
53 |
54 |
55 | ActionBundlePath
56 | /System/Library/Automator/Run Shell Script.action
57 | ActionName
58 | Run Shell Script
59 | ActionParameters
60 |
61 | COMMAND_STRING
62 | for pkg in "$@"
63 | do
64 | productsign --sign "Developer ID Installer: Your Cert info goes here (111111111)" "$pkg" "$(sed 's/.pkg$/.signed.pkg/g' <<< $pkg)"
65 | done
66 | CheckedForUserDefaultShell
67 |
68 | inputMethod
69 | 1
70 | shell
71 | /bin/bash
72 | source
73 |
74 |
75 | BundleIdentifier
76 | com.apple.RunShellScript
77 | CFBundleVersion
78 | 2.0.3
79 | CanShowSelectedItemsWhenRun
80 |
81 | CanShowWhenRun
82 |
83 | Category
84 |
85 | AMCategoryUtilities
86 |
87 | Class Name
88 | RunShellScriptAction
89 | InputUUID
90 | AC41D566-1C0E-42B7-9273-6060A003031D
91 | Keywords
92 |
93 | Shell
94 | Script
95 | Command
96 | Run
97 | Unix
98 |
99 | OutputUUID
100 | F02140EC-5840-46E7-A2B4-DF3F07E3AF10
101 | UUID
102 | 196CBBB1-CEB3-4990-836B-713E871D94FF
103 | UnlocalizedApplications
104 |
105 | Automator
106 |
107 | arguments
108 |
109 | 0
110 |
111 | default value
112 | 0
113 | name
114 | inputMethod
115 | required
116 | 0
117 | type
118 | 0
119 | uuid
120 | 0
121 |
122 | 1
123 |
124 | default value
125 |
126 | name
127 | CheckedForUserDefaultShell
128 | required
129 | 0
130 | type
131 | 0
132 | uuid
133 | 1
134 |
135 | 2
136 |
137 | default value
138 |
139 | name
140 | source
141 | required
142 | 0
143 | type
144 | 0
145 | uuid
146 | 2
147 |
148 | 3
149 |
150 | default value
151 |
152 | name
153 | COMMAND_STRING
154 | required
155 | 0
156 | type
157 | 0
158 | uuid
159 | 3
160 |
161 | 4
162 |
163 | default value
164 | /bin/sh
165 | name
166 | shell
167 | required
168 | 0
169 | type
170 | 0
171 | uuid
172 | 4
173 |
174 |
175 | isViewVisible
176 |
177 | location
178 | 523.000000:305.000000
179 | nibPath
180 | /System/Library/Automator/Run Shell Script.action/Contents/Resources/Base.lproj/main.nib
181 |
182 | isViewVisible
183 |
184 |
185 |
186 | connectors
187 |
188 | workflowMetaData
189 |
190 | applicationBundleID
191 | com.apple.finder
192 | applicationBundleIDsByPath
193 |
194 | /System/Library/CoreServices/Finder.app
195 | com.apple.finder
196 |
197 | applicationPath
198 | /System/Library/CoreServices/Finder.app
199 | applicationPaths
200 |
201 | /System/Library/CoreServices/Finder.app
202 |
203 | backgroundColorName
204 | blackColor
205 | inputTypeIdentifier
206 | com.apple.Automator.fileSystemObject
207 | outputTypeIdentifier
208 | com.apple.Automator.nothing
209 | presentationMode
210 | 15
211 | processesInput
212 | 0
213 | serviceApplicationBundleID
214 | com.apple.finder
215 | serviceApplicationPath
216 | /System/Library/CoreServices/Finder.app
217 | serviceInputTypeIdentifier
218 | com.apple.Automator.fileSystemObject
219 | serviceOutputTypeIdentifier
220 | com.apple.Automator.nothing
221 | serviceProcessesInput
222 | 0
223 | systemImageName
224 | NSActionTemplate
225 | useAutomaticInputType
226 | 0
227 | workflowTypeIdentifier
228 | com.apple.Automator.servicesMenu
229 |
230 |
231 |
232 |
--------------------------------------------------------------------------------
/Code Sign Quickaction Workflow/READ ME.txt:
--------------------------------------------------------------------------------
1 | Replace "Developer ID Installer: Your Company Name (##AAAA#AA)" with your Developer ID Installer
2 | Use this to create a quick action item to code sign apps.
3 | Or import the workflow item into Automator and make your changes. Then export and then install
--------------------------------------------------------------------------------
/Code Sign Quickaction Workflow/code.txt:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | for pkg in "$@"
5 | do
6 | productsign --sign "Developer ID Installer: Your Company Name (##AAAA#AA)" "$pkg" "$(sed 's/.pkg$/.signed.pkg/g' <<< $pkg)"
7 | done
--------------------------------------------------------------------------------
/Code Sign Quickaction Workflow/in use.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/Code Sign Quickaction Workflow/in use.png
--------------------------------------------------------------------------------
/Code Sign Quickaction Workflow/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/Code Sign Quickaction Workflow/screenshot.png
--------------------------------------------------------------------------------
/Computer Extension Attributes/Bitdefender Status.xml:
--------------------------------------------------------------------------------
1 |
2 | Bitdefender Status
3 |
4 | string
5 | #!/bin/bash
6 | if [ -d /Library/Bitdefender/AVP/Uninstaller/EndpointSecurityforMacUninstaller.app ]; then
7 | echo "<result>Installed</result>"
8 | else
9 | echo "<result>NotInstalled</result>"
10 | fi
11 |
12 | exit 0
13 |
14 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/Bomgar Jump Client Install Status.xml:
--------------------------------------------------------------------------------
1 |
2 | Bomgar Jump Client
3 | Checks to see if Bomgar Jump Client is Installed or Not Installed
4 | string
5 | #!/bin/bash
6 |
7 | # Check to see if Bomgar is installed
8 |
9 | files=(/Applications/.com.bomgar.scc.*)
10 |
11 | if [ -e "${files[0]}" ];
12 | then
13 | RESULT="Installed"
14 | else
15 | RESULT="Not Installed"
16 |
17 | fi
18 | echo "<result>$RESULT</result>"
19 |
20 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/Bomgar Jump Client Status.xml:
--------------------------------------------------------------------------------
1 |
2 | Bomgar Jump Client Status
3 | Checks to see if Bomgar Jump Client is running
4 | string
5 | #!/bin/zsh
6 |
7 | # check for process
8 | PROCESS=$( pgrep sdcust )
9 |
10 | #see if process is running
11 | if [[ -z "$PROCESS" ]]; then
12 | RESULT="Not Running"
13 | else
14 | RESULT="Running"
15 | fi
16 |
17 | #report results
18 | echo "<result>${RESULT}</result>"
19 |
20 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/Cisco AMP Status.xml:
--------------------------------------------------------------------------------
1 |
2 | Cisco AMP Status
3 |
4 | string
5 | #!/bin/zsh
6 |
7 | # Check to see if Cisco AMP is running
8 | AMPrunning="$(sudo launchctl list com.cisco.amp.daemon | grep "PID" | awk '{ print $1 }' | tr -d '\"')"
9 | if [ "$AMPrunning" = "PID" ]; then
10 | echo "<result>Running</result>"
11 | else
12 | echo "<result>Stopped</result>"
13 | fi
14 |
15 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/DEPNotify Status.xml:
--------------------------------------------------------------------------------
1 |
2 | DEPNotify Status
3 | Will return if DEPNotify has Provisioned or Not Provisioned.
4 | string
5 | #!/bin/zsh
6 | #Kyle Ericson
7 |
8 | if [[ -e /private/var/tmp/com.depnotify.provisioning.done ]]; then
9 | echo "<result>Provisioned</result>"
10 | elif [[ -e /private/var/tmp/com.depnotify.provisioning.logout ]]; then
11 | echo "<result>Provisioned</result>"
12 | else
13 | echo "<result>Not Provisioned</result>"
14 | fi
15 |
16 | exit 0
17 |
18 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/Extensis Portfolio_ Cataloging Service Status.xml:
--------------------------------------------------------------------------------
1 |
2 | Extensis Portfolio: Cataloging Service Status
3 | Checks to see if the /Library/LaunchDaemons/com.extensis.portfolio.server.media.delegate.plist is running which controls the cataloging in Portfolio
4 | string
5 | #!/bin/zsh
6 |
7 | # check for process
8 | PROCESS=$( pgrep native.media.processor )
9 |
10 | #see if process is running
11 | if [[ -z "$PROCESS" ]]; then
12 | RESULT="Not Running"
13 | else
14 | RESULT="Running"
15 | fi
16 |
17 | #report results
18 | echo "<result>${RESULT}</result>"
19 |
20 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/FindMyMac Status.xml:
--------------------------------------------------------------------------------
1 |
2 | FindMyMac Status
3 | Will return Disabled or Enabled
4 | string
5 | #!/bin/bash
6 |
7 | fmmToken=$(/usr/sbin/nvram -x -p | /usr/bin/grep fmm-mobileme-token-FMM)
8 |
9 | if [ -z "$fmmToken" ];
10 | then echo "<result>Disabled</result>"
11 | else echo "<result>Enabled</result>"
12 | fi
13 |
14 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/Jamf Connect - Auth Mechanism.xml:
--------------------------------------------------------------------------------
1 |
2 | Jamf Connect - Auth Mechanism
3 |
4 | string
5 | #!/bin/zsh
6 |
7 | security authorizationdb read system.login.console > /var/tmp/system.login.console.plist
8 |
9 | isJamfConnectFullMechanismEnabled=$(/usr/libexec/PlistBuddy -c "print :mechanisms" /var/tmp/system.login.console.plist | grep -c "JamfConnectLogin:LoginUI")
10 | isJamfConnectDemobilizeMechanismEnabled=$(/usr/libexec/PlistBuddy -c "print :mechanisms" /var/tmp/system.login.console.plist | grep -c "JamfConnectLogin:DeMobilize,privileged")
11 |
12 | if [[ "$isJamfConnectFullMechanismEnabled" -eq "1" ]]; then
13 | echo "<result>Full</result>"
14 | elif [[ "$isJamfConnectFullMechanismEnabled" -eq "0" && "$isJamfConnectDemobilizeMechanismEnabled" -eq "1" ]]; then
15 | echo "<result>Demobilize Only</result>"
16 | elif [[ "$isJamfConnectFullMechanismEnabled" -eq "0" && "$isJamfConnectDemobilizeMechanismEnabled" -eq "0" ]]; then
17 | echo "<result>Disabled</result>"
18 | else
19 | echo "<result>Undetermined</result>"
20 | fi
21 |
22 | rm /var/tmp/system.login.console.plist
23 |
24 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/Jamf Connect - LaunchAgent Status.xml:
--------------------------------------------------------------------------------
1 |
2 | Jamf Connect - LaunchAgent Status
3 | Checks if the Jamf Connect LaunchAgent is Installed or Not Installed
4 | Will return
5 | Installed or Not Installed
6 | string
7 | #!/bin/sh
8 | if [ -f "/Library/LaunchAgents/com.jamf.connect.plist" ]; then echo "<result>Installed</result>"; else echo "<result>Not Installed</result>";
9 | fi
10 | exit 0
11 |
12 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/Jamf Connect Launch Agent Status.xml:
--------------------------------------------------------------------------------
1 |
2 | Jamf Connect Launch Agent Status
3 | Will return if Jamf Connect Launch Agent is Installed or Not Installed
4 | string
5 | #!/bin/zsh
6 | #Kyle Ericson
7 |
8 | if [[ -e /Library/LaunchAgents/com.jamf.connect.plist ]]; then
9 | echo "<result>Installed</result>"
10 |
11 | else
12 | echo "<result>Not Installed</result>"
13 | fi
14 |
15 | exit 0
16 |
17 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/LAPS Expiration.xml:
--------------------------------------------------------------------------------
1 |
2 | LAPS Expiration
3 |
4 | string
5 | #!/bin/sh
6 | : '
7 | ---------------------------
8 | | macOSLAPS EA Expiration |
9 | ---------------------------
10 | | Captures the Expiration from the file outputted
11 | | to the filesystem and sends the result to jamf
12 | | in the following format:
13 | | | Expiration: Expiration Date |
14 | ------------------------------------------------------------
15 | | Created: Richard Purves - https://github.com/franton
16 | | Last Update By: Joshua D. Miller - josh.miller@outlook.com
17 | | Last Update Date: March 19, 2022
18 | ------------------------------------------------------------
19 | '
20 | # Path to macOSLAPS binary
21 | LAPS=/usr/local/laps/macOSLAPS
22 | # Path to Password File
23 | EXP_FILE="/var/root/Library/Application Support/macOSLAPS-expiration"
24 |
25 | if [ -e $LAPS ] ; then
26 | # Ask macOSLAPS to write out the current password and echo it for the Jamf EA
27 | $LAPS -getPassword
28 | CURRENT_EXPIRATION=$(/bin/cat "$EXP_FILE")
29 | # Test $CURRENT_EXPIRATION to ensure there is a value
30 | if [ -z "$CURRENT_EXPIRATION" ]; then
31 | # Write no expiration date is present and send to
32 | # jamf Pro
33 | /bin/echo "<result>No Expiration Date Present</result>"
34 | exit 0
35 | else
36 | /bin/echo "<result>$CURRENT_EXPIRATION</result>"
37 | # Run macOSLAPS a second time to remove the Expiration file
38 | # and expiration date file from the system
39 | $LAPS
40 | fi
41 |
42 | else
43 | echo "<result>Not Installed</result>"
44 | fi
45 |
46 | exit 0
47 |
48 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/LAPS Password.xml:
--------------------------------------------------------------------------------
1 |
2 | LAPS Password
3 |
4 | string
5 | #!/bin/sh
6 | : '
7 | -------------------------
8 | | macOSLAPS EA Password |
9 | -------------------------
10 | | Captures the Password from the file outputted
11 | | to the filesystem and sends the result to jamf
12 | | in the following format:
13 | | | Password: $CURRENT_PASSWORD |
14 | ------------------------------------------------------------
15 | | Created: Richard Purves - https://github.com/franton
16 | | Last Update By: Joshua D. Miller - josh.miller@outlook.com
17 | | Last Update Date: March 19, 2022
18 | ------------------------------------------------------------
19 | '
20 | # Path to macOSLAPS binary
21 | LAPS=/usr/local/laps/macOSLAPS
22 | # Path to Password File
23 | PW_FILE="/var/root/Library/Application Support/macOSLAPS-password"
24 |
25 | if [ -e $LAPS ] ; then
26 | # Ask macOSLAPS to write out the current password and echo it for the Jamf EA
27 | $LAPS -getPassword
28 | CURRENT_PASSWORD=$(/bin/cat "$PW_FILE")
29 | # Test $current_password to ensure there is a value
30 | if [ -z "$CURRENT_PASSWORD" ]; then
31 | # Don't Write anything to jamf as it might overwrite an
32 | # old password in place that might still be needed
33 | exit 0
34 | else
35 | /bin/echo "<result>$CURRENT_PASSWORD</result>"
36 | # Run macOSLAPS a second time to remove the password file
37 | # and expiration date file from the system
38 | $LAPS
39 | fi
40 |
41 | else
42 | echo "<result>Not Installed</result>"
43 | fi
44 |
45 | exit 0
46 |
47 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/Location.xml:
--------------------------------------------------------------------------------
1 |
2 | Location
3 |
4 | string
5 | #!/bin/zsh
6 |
7 | # provide for Big Sur and earlier
8 | xpath() {
9 | # the xpath tool changes in Big Sur
10 | if [[ $( /usr/bin/sw_vers -buildVersion) > "20A" ]]; then
11 | /usr/bin/xpath -e "$@"
12 | else
13 | /usr/bin/xpath "$@"
14 | fi
15 | }
16 |
17 | # get public IP address
18 | publicIP=$( /usr/bin/curl http://ifconfig.me/ip \
19 | --location \
20 | --silent \
21 | --max-time 10 )
22 |
23 | # get GeoIP data
24 | locationData=$( /usr/bin/curl http://ip-api.com/xml/$publicIP \
25 | --location \
26 | --silent \
27 | --max-time 10 )
28 |
29 | locationPieces=( country countryCode region regionName city zip lat lon timezone isp org as )
30 |
31 | for anItem in $locationPieces
32 | do
33 | export $anItem="$( xpath "/query/$anItem/text()" 2>/dev/null <<< "$locationData" )"
34 | done
35 |
36 | echo "<result>$country
37 | $countryCode
38 | $region
39 | $regionName
40 | $city
41 | $zip
42 | $lat
43 | $lon
44 | $timezone
45 | $isp
46 | $org
47 | $as</result>"
48 |
49 | exit 0
50 |
51 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/MS Excel Installed via App Store.xml:
--------------------------------------------------------------------------------
1 |
2 | MS Excel Installed via App Store
3 | Will return Yes or No
4 | Yes= Installed via App Store
5 | No= Not Installed via App Store
6 | string
7 | #!/bin/zsh
8 |
9 | if [[ -e /Applications/Microsoft\ Excel.app/Contents/_MASReceipt ]]; then
10 | echo "<result>Yes</result>"
11 |
12 | else
13 | echo "<result>No</result>"
14 | fi
15 |
16 | exit 0
17 |
18 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/MS OneDrive Installed via App Store.xml:
--------------------------------------------------------------------------------
1 |
2 | MS OneDrive Installed via App Store
3 | Will return Yes or No
4 | Yes= Installed via App Store
5 | No= Not Installed via App Store
6 | string
7 | #!/bin/zsh
8 |
9 | if [[ -e /Applications/OneDrive.app/Contents/_MASReceipt ]]; then
10 | echo "<result>Yes</result>"
11 |
12 | else
13 | echo "<result>No</result>"
14 | fi
15 |
16 | exit 0
17 |
18 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/MS OneNote Installed via App Store.xml:
--------------------------------------------------------------------------------
1 |
2 | MS OneNote Installed via App Store
3 | Will return Yes or No
4 | Yes= Installed via App Store
5 | No= Not Installed via App Store
6 | string
7 | #!/bin/zsh
8 |
9 | if [[ -e /Applications/Microsoft\ OneNote.app/Contents/_MASReceipt ]]; then
10 | echo "<result>Yes</result>"
11 |
12 | else
13 | echo "<result>No</result>"
14 | fi
15 |
16 | exit 0
17 |
18 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/MS Outlook Installed via App Store.xml:
--------------------------------------------------------------------------------
1 |
2 | MS Outlook Installed via App Store
3 | Will return Yes or No
4 | Yes= Installed via App Store
5 | No= Not Installed via App Store
6 | string
7 | #!/bin/zsh
8 |
9 | if [[ -e /Applications/Microsoft\ Outlook.app/Contents/_MASReceipt ]]; then
10 | echo "<result>Yes</result>"
11 |
12 | else
13 | echo "<result>No</result>"
14 | fi
15 |
16 | exit 0
17 |
18 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/MS PowerPoint Installed via App Store.xml:
--------------------------------------------------------------------------------
1 |
2 | MS PowerPoint Installed via App Store
3 | Will return Yes or No
4 | Yes= Installed via App Store
5 | No= Not Installed via App Store
6 | string
7 | #!/bin/zsh
8 |
9 | if [[ -e /Applications/Microsoft\ PowerPoint.app/Contents/_MASReceipt ]]; then
10 | echo "<result>Yes</result>"
11 |
12 | else
13 | echo "<result>No</result>"
14 | fi
15 |
16 | exit 0
17 |
18 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/MS Word Installed via App Store.xml:
--------------------------------------------------------------------------------
1 |
2 | MS Word Installed via App Store
3 | Will return Yes or No
4 | Yes= Installed via App Store
5 | No= Not Installed via App Store
6 | string
7 | #!/bin/zsh
8 |
9 | if [[ -e /Applications/Microsoft\ Word.app/Contents/_MASReceipt ]]; then
10 | echo "<result>Yes</result>"
11 |
12 | else
13 | echo "<result>No</result>"
14 | fi
15 |
16 | exit 0
17 |
18 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/Nessus Agent Status.xml:
--------------------------------------------------------------------------------
1 |
2 | Nessus Agent Status
3 | Running or Stopped
4 | string
5 | #!/bin/sh
6 |
7 | # Check to see if Nessus Agent is running
8 | NessusAgentRunning="$(sudo launchctl list com.tenablesecurity.nessusagent | grep "PID" | awk '{ print $1 }' | tr -d '\"')"
9 | if [ "$NessusAgentRunning" = "PID" ]; then
10 | echo "<result>Running</result>"
11 | else
12 | echo "<result>Stopped</result>"
13 | fi
14 |
15 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/NinjaOne.xml:
--------------------------------------------------------------------------------
1 |
2 | NinjaOne
3 | Checks if the NinjaOne LaunchAgent is Installed or Not Installed
4 | Will return
5 | Installed or Not Installed
6 | string
7 | #!/bin/sh
8 | if [ -f "/Applications/NinjaRMMAgent/programfiles/ninjarmm-macagent" ]; then echo "<result>Installed</result>"; else echo "<result>Not Installed</result>";
9 | fi
10 | exit 0
11 |
12 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/Site.xml:
--------------------------------------------------------------------------------
1 |
2 | Site
3 | This script reports the system's site association as an extended attribute so it can be used as search criteria.
4 | string
5 | #!/bin/sh
6 |
7 | apiURL="https://your.jamfcloud.com/JSSResource/computers/udid/"
8 | apiUser="yourapiusername"
9 | apiPass="yourapipassword"
10 | MacAdd=$( /usr/sbin/networksetup -getmacaddress en0 | /usr/bin/awk '{ print $3 }' | /usr/bin/sed 's/:/./g' )
11 |
12 | udid=$(/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/awk '/Hardware UUID:/ { print $3 }')
13 |
14 | siteName=$(/usr/bin/curl -s -u ${apiUser}:${apiPass} "${apiURL}${udid}" | /usr/bin/xpath '/computer/general/site/name[1]/text()' 2>/dev/null)
15 |
16 | if [[ $siteName ]]; then
17 | echo "<result>${siteName}</result>"
18 | else
19 | echo "<result>Not Available</result>"
20 | fi
21 |
22 |
--------------------------------------------------------------------------------
/Computer Extension Attributes/Xcode Command Line Tools Installed.xml:
--------------------------------------------------------------------------------
1 |
2 | Xcode Command Line Tools Installed
3 | Will report yes or no.
4 | string
5 | #!/bin/sh
6 |
7 | ###
8 | #
9 | # Name: Xcode Command Line Tools.sh
10 | # Description: Returns whether Xcode Command Line Tools are installed
11 | # (either standalone or as part of Xcode.app bundle).
12 | # Created: 2016-12-09
13 | # Last Modified: 2021-04-27
14 | # Version: 1.4
15 | #
16 | #
17 | # Copyright 2016 Palantir Technologies, Inc.
18 | #
19 | # Licensed under the Apache License, Version 2.0 (the "License");
20 | # you may not use this file except in compliance with the License.
21 | # You may obtain a copy of the License at
22 | #
23 | # http://www.apache.org/licenses/LICENSE-2.0
24 | #
25 | # Unless required by applicable law or agreed to in writing, software
26 | # distributed under the License is distributed on an "AS IS" BASIS,
27 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
28 | # See the License for the specific language governing permissions and
29 | # limitations under the License.
30 | #
31 | #
32 | ###
33 |
34 |
35 |
36 | ########## variable-ing ##########
37 |
38 |
39 |
40 | xcodeCLTCheck="No"
41 | xcodeAppPath="/Applications/Xcode.app/Contents/Developer"
42 | xcodeCLTPath="/Library/Developer/CommandLineTools"
43 | xcodeCheck=$(/usr/bin/xcode-select --print-path 2>&1)
44 |
45 |
46 |
47 | ########## main process ##########
48 |
49 |
50 |
51 | # Check for presence of target file path.
52 | if [ "$xcodeCheck" = "$xcodeAppPath" ] && [ -e "$xcodeAppPath" ]; then
53 | xcodeCLTCheck="Yes"
54 | elif [ "$xcodeCheck" = "$xcodeCLTPath" ] && [ -e "$xcodeCLTPath" ]; then
55 | xcodeCLTCheck="Yes"
56 | fi
57 |
58 |
59 | # Report result.
60 | echo "<result>$xcodeCLTCheck</result>"
61 |
62 |
63 |
64 | exit 0
65 |
66 |
--------------------------------------------------------------------------------
/Guides/Adding Macs to ABM.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/Guides/Adding Macs to ABM.pdf
--------------------------------------------------------------------------------
/Guides/Adding iOS to ABM.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/Guides/Adding iOS to ABM.pdf
--------------------------------------------------------------------------------
/Guides/Custom Claims to AzureAD.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/Guides/Custom Claims to AzureAD.pdf
--------------------------------------------------------------------------------
/Guides/JAMF ADCS Certificate setup Guide.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/Guides/JAMF ADCS Certificate setup Guide.pdf
--------------------------------------------------------------------------------
/Guides/JAMF PRO ADCS Full Setup Ver. 1.0.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/Guides/JAMF PRO ADCS Full Setup Ver. 1.0.pdf
--------------------------------------------------------------------------------
/Guides/Jamf Connect Troubleshooting:
--------------------------------------------------------------------------------
1 | Re-Enable Jamf Connect Login/disable Jamf Connect Notify
2 | (When doing a major macOS upgrade (e.g., upgrading from macOS 10.15.7 to macOS 11.0.1 or later this required)
3 |
4 | If ran via Jamf policy
5 | /usr/local/bin/authchanger -reset -jamfconnect
6 | If ran via Terminal
7 | sudo /usr/local/bin/authchanger -reset -jamfconnect
8 |
9 |
10 | Enable Jamf Connect Notify
11 |
12 | If ran via Jamf policy
13 | /usr/local/bin/authchanger -reset -JamfConnect -Notify
14 | If ran via Terminal
15 | sudo /usr/local/bin/authchanger -reset -JamfConnect -Notify
16 |
17 |
18 | Uninstall Jamf Connect
19 |
20 | If ran via Jamf policy
21 | curl -L "https://raw.githubusercontent.com/kylejericson/JAMF/master/Scripts/rmjamfconnect.sh" -o /tmp/rm.sh && sh /tmp/rm.sh
22 | If ran via Terminal
23 | curl -L "https://raw.githubusercontent.com/kylejericson/JAMF/master/Scripts/rmjamfconnect.sh" -o /tmp/rm.sh
24 |
25 | sudo sh /tmp/rm.sh
26 |
27 | Resources:
28 |
29 | https://docs.jamf.com/jamf-connect/2.9.1/documentation/Re-enabling_the_Login_Window_after_a_Major_macOS_Upgrade.html
30 |
31 | https://docs.jamf.com/jamf-connect/2.9.1/documentation/Uninstalling_Jamf_Connect.html#ID-000087dc
32 |
33 | https://docs.jamf.com/jamf-connect/2.9.1/documentation/Jamf_Connect_Logs.html
34 |
35 | https://docs.jamf.com/jamf-connect/2.9.1/documentation/Unmigrating_a_Local_Account.html
36 |
37 | https://docs.jamf.com/jamf-connect/2.9.1/documentation/Editing_the_macOS_loginwindow_Application.html
38 |
--------------------------------------------------------------------------------
/Guides/Jamf Connect Troubleshooting.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/Guides/Jamf Connect Troubleshooting.pdf
--------------------------------------------------------------------------------
/Packages/Mobileconfig tools.pkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/Packages/Mobileconfig tools.pkg
--------------------------------------------------------------------------------
/Profiles/AnyConnect Kernel Extensions Mojave and lower.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadContent
6 |
7 |
8 | AllowNonAdminUserApprovals
9 |
10 | AllowUserOverrides
11 |
12 | AllowedKernelExtensions
13 |
14 | DE8Y96K9QP
15 |
16 | com.cisco.kext.acsock
17 |
18 |
19 | PayloadDescription
20 |
21 | PayloadDisplayName
22 | Approved Kernel Extensions
23 | PayloadEnabled
24 |
25 | PayloadIdentifier
26 | 35AA3DAE-C111-423C-9382-5F89C7BB57DC
27 | PayloadOrganization
28 | YOUR COMPANY HERE
29 | PayloadType
30 | com.apple.syspolicy.kernel-extension-policy
31 | PayloadUUID
32 | 35AA3DAE-C111-423C-9382-5F89C7BB57DC
33 | PayloadVersion
34 | 1
35 |
36 |
37 | PayloadDescription
38 |
39 | PayloadDisplayName
40 | AnyConnect Kernel Extensions Mojave and lower
41 | PayloadEnabled
42 |
43 | PayloadIdentifier
44 | 43C5C9AE-D564-41A4-8AB2-7F7C6F10B2E0
45 | PayloadOrganization
46 | YOUR COMPANY HERE
47 | PayloadRemovalDisallowed
48 |
49 | PayloadScope
50 | System
51 | PayloadType
52 | Configuration
53 | PayloadUUID
54 | 43C5C9AE-D564-41A4-8AB2-7F7C6F10B2E0
55 | PayloadVersion
56 | 1
57 |
58 |
59 |
--------------------------------------------------------------------------------
/Profiles/AnyConnect System Extensions Big Sur and Catalina.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadContent
6 |
7 |
8 | AllowUserOverrides
9 |
10 | PayloadDescription
11 |
12 | PayloadDisplayName
13 | System Extensions
14 | PayloadEnabled
15 |
16 | PayloadIdentifier
17 | C6234279-1306-42CB-BF18-32D27DD418AD
18 | PayloadOrganization
19 | YOUR COMPANY HERE
20 | PayloadType
21 | com.apple.system-extension-policy
22 | PayloadUUID
23 | C6234279-1306-42CB-BF18-32D27DD418AD
24 | PayloadVersion
25 | 1
26 |
27 |
28 | FilterDataProviderBundleIdentifier
29 | com.cisco.anyconnect.macos.acsockext
30 | FilterDataProviderDesignatedRequirement
31 | anchor apple generic and identifier "com.cisco.anyconnect.macos.acsockext" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DE8Y96K9QP)
32 | FilterGrade
33 | firewall
34 | FilterPackets
35 |
36 | FilterSockets
37 |
38 | FilterType
39 | Plugin
40 | PayloadDisplayName
41 | Web Content Filter Payload
42 | PayloadIdentifier
43 | 76281ECE-59E7-407D-8D43-013A4EFD0469
44 | PayloadOrganization
45 | JAMF Software
46 | PayloadType
47 | com.apple.webcontent-filter
48 | PayloadUUID
49 | 76281ECE-59E7-407D-8D43-013A4EFD0469
50 | PayloadVersion
51 | 1
52 | PluginBundleID
53 | com.cisco.anyconnect.macos.acsock
54 | UserDefinedName
55 | Cisco AnyConnect Content Filter
56 |
57 |
58 | PayloadDescription
59 |
60 | PayloadDisplayName
61 | AnyConnect System Extensions Big Sur and Catalina
62 | PayloadEnabled
63 |
64 | PayloadIdentifier
65 | BAA5EAD2-E87B-4B5C-97F1-D3928B4FF075
66 | PayloadOrganization
67 | YOUR COMPANY HERE
68 | PayloadRemovalDisallowed
69 |
70 | PayloadScope
71 | System
72 | PayloadType
73 | Configuration
74 | PayloadUUID
75 | BAA5EAD2-E87B-4B5C-97F1-D3928B4FF075
76 | PayloadVersion
77 | 1
78 |
79 |
80 |
--------------------------------------------------------------------------------
/Profiles/Cisco AMP 1.14.0 BigSur Ready.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadContent
6 |
7 |
8 | AllowUserOverrides
9 |
10 | AllowedSystemExtensionTypes
11 |
12 | DE8Y96K9QP
13 |
14 | EndpointSecurityExtension
15 | NetworkExtension
16 |
17 |
18 | AllowedSystemExtensions
19 |
20 | DE8Y96K9QP
21 |
22 | com.cisco.endpoint.svc.securityextension
23 | com.cisco.endpoint.svc.networkextension
24 |
25 |
26 | PayloadDescription
27 |
28 | PayloadDisplayName
29 | System Extensions
30 | PayloadIdentifier
31 | EB2A2110-BCA3-4EFD-AEE8-EB18B0FE57C5
32 | PayloadOrganization
33 | YOUR COMPANY HERE
34 | PayloadType
35 | com.apple.system-extension-policy
36 | PayloadUUID
37 | 7B2A2110-BCA3-4EFD-AEE8-EB18B0FE57C5
38 | PayloadVersion
39 | 1
40 |
41 |
42 | FilterBrowsers
43 |
44 | FilterDataProviderBundleIdentifier
45 | com.cisco.endpoint.svc.networkextension
46 | FilterDataProviderDesignatedRequirement
47 | anchor apple generic and identifier "com.cisco.endpoint.svc.networkextension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DE8Y96K9QP)
48 | FilterGrade
49 | firewall
50 | FilterPackets
51 |
52 | FilterSockets
53 |
54 | FilterType
55 | Plugin
56 | PayloadDescription
57 | Adds a Web Content Filter
58 | PayloadDisplayName
59 | Web Content Filter
60 | PayloadIdentifier
61 | 19DE21F8-35AE-45B4-B8EE-3AC2A1F2B8B5.com.apple.webcontent-filter.BF054105-5232-49DB-ADA2-F334BFAFE7EA
62 | PayloadOrganization
63 |
64 | PayloadType
65 | com.apple.webcontent-filter
66 | PayloadUUID
67 | 7F054105-5232-49DB-ADA2-F334BFAFE7EA
68 | PayloadVersion
69 | 1
70 | PluginBundleID
71 | com.cisco.endpoint.svc
72 | UserDefinedName
73 | AMP Network Extension
74 |
75 |
76 | PayloadDescription
77 | Configures Privacy Preferences Policy Control settings
78 | PayloadDisplayName
79 | Privacy Preferences Policy Control
80 | PayloadIdentifier
81 | 6FB36903-B1BD-4670-B489-377AD3666415
82 | PayloadOrganization
83 | YOUR COMPANY HERE
84 | PayloadType
85 | com.apple.TCC.configuration-profile-policy
86 | PayloadUUID
87 | 7FB36903-B1BD-4670-B489-377AD3666415
88 | PayloadVersion
89 | 1
90 | Services
91 |
92 | SystemPolicyAllFiles
93 |
94 |
95 | Allowed
96 | 1
97 | CodeRequirement
98 | anchor apple generic and identifier "com.cisco.endpoint.svc" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DE8Y96K9QP)
99 | Comment
100 |
101 | Identifier
102 | com.cisco.endpoint.svc
103 | IdentifierType
104 | bundleID
105 | StaticCode
106 | 1
107 |
108 |
109 | Allowed
110 | 1
111 | CodeRequirement
112 | anchor apple generic and identifier "com.cisco.endpoint.svc.securityextension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DE8Y96K9QP)
113 | Comment
114 |
115 | Identifier
116 | com.cisco.endpoint.svc.securityextension
117 | IdentifierType
118 | bundleID
119 | StaticCode
120 | 1
121 |
122 |
123 |
124 |
125 |
126 | AllowUserOverrides
127 |
128 | AllowedKernelExtensions
129 |
130 | TDNYQP7VRK
131 |
132 | com.cisco.amp.nke
133 | com.cisco.amp.fileop
134 |
135 |
136 | PayloadDescription
137 | Configures Kernel Extension Policy settings
138 | PayloadDisplayName
139 | Approved Kernel Extensions
140 | PayloadIdentifier
141 | 902AECE7-6188-4B53-889F-9A9AE856D1FB
142 | PayloadOrganization
143 | YOUR COMPANY HERE
144 | PayloadType
145 | com.apple.syspolicy.kernel-extension-policy
146 | PayloadUUID
147 | 702AECE7-6188-4B53-889F-9A9AE856D1FB
148 | PayloadVersion
149 | 1
150 |
151 |
152 | PayloadDescription
153 | Allow AMP system and policy extensions and full disk access
154 | PayloadDisplayName
155 | Cisco AMP 1.14.0 BigSur Ready
156 | PayloadIdentifier
157 | 19DE21F8-35AE-45B4-B8EE-3AC2A1F2B8B5
158 | PayloadOrganization
159 | YOUR COMPANY HERE
160 | PayloadScope
161 | System
162 | PayloadType
163 | Configuration
164 | PayloadUUID
165 | 79DE21F8-35AE-45B4-B8EE-3AC2A1F2B8B5
166 | PayloadVersion
167 | 1
168 |
169 |
170 |
--------------------------------------------------------------------------------
/Profiles/Falcon Profile Intel.mobileconfig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/Profiles/Falcon Profile Intel.mobileconfig
--------------------------------------------------------------------------------
/Profiles/Falcon Profile M1.mobileconfig:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/Profiles/Falcon Profile M1.mobileconfig
--------------------------------------------------------------------------------
/Profiles/FortiClient VPN.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadContent
6 |
7 |
8 | PayloadDescription
9 | Configures Privacy Preferences Policy Control settings for FortiClient
10 | PayloadDisplayName
11 | Privacy Preferences
12 | PayloadEnabled
13 |
14 | PayloadIdentifier
15 | 5EF9C4F3-292A-4D7F-8B0B-30D3C48EAE9C
16 | PayloadOrganization
17 | Fortinet
18 | PayloadType
19 | com.apple.TCC.configuration-profile-policy
20 | PayloadUUID
21 | 5EF9C4F3-292A-4D7F-8B0B-30D3C48EAE9C
22 | PayloadVersion
23 | 1
24 | Services
25 |
26 | SystemPolicyAllFiles
27 |
28 |
29 | Allowed
30 |
31 | CodeRequirement
32 | anchor apple generic and identifier "com.fortinet.forticlient.macos.antivirus" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = AH4XFXJ7DK)
33 | Identifier
34 | com.fortinet.forticlient.macos.antivirus
35 | IdentifierType
36 | bundleID
37 | StaticCode
38 |
39 |
40 |
41 | Allowed
42 |
43 | CodeRequirement
44 | identifier "com.fortinet.FortiClient" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = AH4XFXJ7DK
45 | Identifier
46 | com.fortinet.FortiClient
47 | IdentifierType
48 | bundleID
49 | StaticCode
50 |
51 |
52 |
53 | Allowed
54 |
55 | CodeRequirement
56 | identifier fcaptmon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = AH4XFXJ7DK
57 | Identifier
58 | /Library/Application Support/Fortinet/FortiClient/bin/fcaptmon
59 | IdentifierType
60 | path
61 | StaticCode
62 |
63 |
64 |
65 | Allowed
66 |
67 | CodeRequirement
68 | identifier fctservctl2 and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = AH4XFXJ7DK
69 | Identifier
70 | /Library/Application Support/Fortinet/FortiClient/bin/fctservctl2
71 | IdentifierType
72 | path
73 | StaticCode
74 |
75 |
76 |
77 |
78 |
79 |
80 | AllowUserOverrides
81 |
82 | AllowedSystemExtensions
83 |
84 | AH4XFXJ7DK
85 |
86 | com.fortinet.forticlient.macos.vpn.nwextension
87 | com.fortinet.forticlient.macos.vpn
88 |
89 |
90 | PayloadDescription
91 | VPN Extension for FortiClient
92 | PayloadDisplayName
93 | VPN Extension
94 | PayloadEnabled
95 |
96 | PayloadIdentifier
97 | 49B16BB7-F46E-4E9D-845B-DC515875B628
98 | PayloadOrganization
99 | Fortinet
100 | PayloadType
101 | com.apple.system-extension-policy
102 | PayloadUUID
103 | 49B16BB7-F46E-4E9D-845B-DC515875B628
104 | PayloadVersion
105 | 1
106 |
107 |
108 | AllowAllAppsAccess
109 |
110 | KeyIsExtractable
111 |
112 | PayloadCertificateFileName
113 | FortiClient DNS Root.cer
114 | PayloadContent
115 |
116 | MIIEkDCCAvigAwIBAgIRAMoedyMP4hQcoCzRH7n8ozMwDQYJKoZI
117 | hvcNAQELBQAwYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIw
118 | EAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR0w
119 | GwYDVQQDExRGb3J0aUNsaWVudCBETlMgUm9vdDAeFw0yMjA0Mjkx
120 | ODQyNTVaFw0zMjA0MjkxODQyNTVaMGAxCzAJBgNVBAYTAlVTMQsw
121 | CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQK
122 | EwhGb3J0aW5ldDEdMBsGA1UEAxMURm9ydGlDbGllbnQgRE5TIFJv
123 | b3QwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDuhDIL
124 | geV9h22CKDVeSNEALTr1gwCI43e0o1PrBOb+E0YvwCWM5keEGDnA
125 | XrvMLub4XpWEnlC5O2b8Ql+AUX+P1ZxcgujSqV0gNVcBVsyE7EhE
126 | lIhjN31lC8swQEUkLX7xgK9WWfFX+UjZkCO/152K6f0RO+8hRMf3
127 | HOgaxdqCbIjeK1pDrTnpVt14pfI1Bgi5cI0+3oltoiOYmx527Qld
128 | z6G9hnbuAYFNPBB+pUjaDG47SwKj5BFYhFf/eAsj8L2VKeYx0J9f
129 | Xi7FH+ohRLp3oXAWyaFhtpCR6LnsAogkkoSGI1eVCd7Zg449gwmy
130 | Ww/yYPrZLWdPZn4t65Kz4ZzCiLLN1DnKag8kVZnbx9fvvBOqbNnv
131 | SJkz1CQrvGbi8LqTkqEafwKX0AMaKQ+cVXBMtVCWkQtrLY8aMzSM
132 | 6K8+BG35eSVX+fiqdZ0pvsNpDhnsHV/+xC8UlddiqT0RAR+1CcXL
133 | ALE4+HVz02oZsOOy2ZbanzIynsj6hiUbt6aRMgsCAwEAAaNFMEMw
134 | DgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYD
135 | VR0OBBYEFL+NpCLYF3opOSweBljeI81hD/jSMA0GCSqGSIb3DQEB
136 | CwUAA4IBgQDjR/S5xE1ke4ZBkhi37K3ZcxO2orscU0+HDCPZAjMo
137 | WWjvaMqZAEGLYGdRL99pyupHLIMUjCQ9paPB7CjPhTx9IPXCES2P
138 | v6knxsR3hI5/Fg6ZH7Renb1OhyoqzPbuoRFJb6Ey03S/ftOsJmYG
139 | 34ub2VpuDVngtIGPbozI3D6JCqMQnsUoaWJ0xD6cDQa6iIHScfEJ
140 | cRjUfK27hC7+Bj0WjnvRrAofBO1UOfwwzhTPFzqDBdzUsP5C4/o+
141 | RD2f/tp8cPOqssAvsgZknML08kE9bXWEKh/ocKVMcKCkbnFzE/nW
142 | ObhCGN+mjeypbmHX9KO97PfMWl9I26KZNL4kNCph/6hTYvqyGP+S
143 | Js/UZiwt4JLMuujjDqnPkpzz/8YLnjc5+NoR7qwAFMRM0oGJtWVu
144 | 0u42COYFqutcj4ULmgmZaLt/fBT6IGZfOtRsylT9wwnoasF2gHV6
145 | 992RhnZaLsc6ouewxwDkM9x0MYXNPcYvlyry3+KM4zVoAWkXPxAo
146 | tYE=
147 |
148 | PayloadDescription
149 |
150 | PayloadDisplayName
151 | FortiClient DNS Root.cer
152 | PayloadEnabled
153 |
154 | PayloadIdentifier
155 | 8BAEE378-A1BF-41CF-B6BF-E7540BB7FBB7
156 | PayloadOrganization
157 | Myorg
158 | PayloadType
159 | com.apple.security.root
160 | PayloadUUID
161 | 8BAEE378-A1BF-41CF-B6BF-E7540BB7FBB7
162 | PayloadVersion
163 | 1
164 |
165 |
166 | IPSec
167 |
168 | OnDemandEnabled
169 | 0
170 | PromptForVPNPIN
171 |
172 |
173 | IPv4
174 |
175 | OverridePrimary
176 | 1
177 |
178 | OnDemandUserOverrideDisabled
179 | 0
180 | PayloadDescription
181 |
182 | PayloadDisplayName
183 | VPN
184 | PayloadEnabled
185 |
186 | PayloadIdentifier
187 | 72CB6A39-B367-43C4-B20B-033EB558B758
188 | PayloadOrganization
189 | Myorg
190 | PayloadType
191 | com.apple.vpn.managed
192 | PayloadUUID
193 | 72CB6A39-B367-43C4-B20B-033EB558B758
194 | PayloadVersion
195 | 1
196 | Proxies
197 |
198 | UserDefinedName
199 | FortiClient VPN Tunnel
200 | VPN
201 |
202 | AuthName
203 |
204 | AuthenticationMethod
205 | Password
206 | ExcludeLocalNetworks
207 | 0
208 | IncludeAllNetworks
209 | 0
210 | OnDemandUserOverrideDisabled
211 | 0
212 | ProviderBundleIdentifier
213 | com.fortinet.forticlient.macos.vpn.nwextension
214 | ProviderDesignatedRequirement
215 | identifier "com.fortinet.forticlient.macos.vpn.nwextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = AH4XFXJ7DK
216 | ProviderType
217 | packet-tunnel
218 | RemoteAddress
219 | (LocalVPN)
220 |
221 | VPNSubType
222 | com.fortinet.forticlient.macos.vpn
223 | VPNType
224 | VPN
225 | VendorConfig
226 |
227 |
228 |
229 | FilterDataProviderBundleIdentifier
230 | com.fortinet.forticlient.macos.webfilter
231 | FilterDataProviderDesignatedRequirement
232 | identifier "com.fortinet.forticlient.macos.webfilter" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = AH4XFXJ7DK
233 | FilterGrade
234 | inspector
235 | FilterPackets
236 |
237 | FilterSockets
238 |
239 | FilterType
240 | Plugin
241 | PayloadDisplayName
242 | Web Content Filter Payload
243 | PayloadIdentifier
244 | 283F4BF0-788A-4435-9B62-3E00896358D7
245 | PayloadOrganization
246 | Fortinet
247 | PayloadType
248 | com.apple.webcontent-filter
249 | PayloadUUID
250 | 283F4BF0-788A-4435-9B62-3E00896358D7
251 | PayloadVersion
252 | 1
253 | PluginBundleID
254 | com.fortinet.forticlient.macos
255 | UserDefinedName
256 | Fortinet Content Filter
257 | VendorConfig
258 |
259 |
260 |
261 | NotificationSettings
262 |
263 |
264 | BadgesEnabled
265 |
266 | BundleIdentifier
267 | com.fortinet.forticlient.FortiClientAgent
268 | CriticalAlertEnabled
269 |
270 | NotificationsEnabled
271 |
272 | ShowInLockScreen
273 |
274 | ShowInNotificationCenter
275 |
276 | SoundsEnabled
277 |
278 |
279 |
280 | PayloadDisplayName
281 | Notifications Payload
282 | PayloadIdentifier
283 | 505E1A9C-708E-48F4-8334-13A3F40DFBE2
284 | PayloadOrganization
285 | JAMF Software
286 | PayloadType
287 | com.apple.notificationsettings
288 | PayloadUUID
289 | 4B864FE7-639C-4DC1-8F04-F1AAE8D9E28F
290 | PayloadVersion
291 | 1
292 |
293 |
294 | PayloadDescription
295 |
296 | PayloadDisplayName
297 | Configuration Profile for FortiClient
298 | PayloadEnabled
299 |
300 | PayloadIdentifier
301 | 21BF20CB-6775-4A40-A5A9-81A1361B5EA2
302 | PayloadOrganization
303 | Myorg
304 | PayloadRemovalDisallowed
305 |
306 | PayloadScope
307 | System
308 | PayloadType
309 | Configuration
310 | PayloadUUID
311 | 21BF20CB-6775-4A40-A5A9-81A1361B5EA2
312 | PayloadVersion
313 | 1
314 |
315 |
316 |
--------------------------------------------------------------------------------
/Profiles/PPPC Bitdefender.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadContent
6 |
7 |
8 | AllowNonAdminUserApprovals
9 |
10 | AllowUserOverrides
11 |
12 | AllowedTeamIdentifiers
13 |
14 | GUNFMW623Y
15 |
16 | PayloadDescription
17 |
18 | PayloadDisplayName
19 | Approved Kernel Extensions
20 | PayloadEnabled
21 |
22 | PayloadIdentifier
23 | 497B5081-FC46-46E2-9E9C-5707DDA89D2A
24 | PayloadOrganization
25 | My Org
26 | PayloadType
27 | com.apple.syspolicy.kernel-extension-policy
28 | PayloadUUID
29 | 497B5081-FC46-46E2-9E9C-5707DDA89D2A
30 | PayloadVersion
31 | 1
32 |
33 |
34 | AllowUserOverrides
35 |
36 | AllowedSystemExtensions
37 |
38 | GUNFMW623Y
39 |
40 | com.bitdefender.cst.net.dci.dci-network-extension
41 |
42 |
43 | PayloadDescription
44 |
45 | PayloadDisplayName
46 | System Extensions
47 | PayloadEnabled
48 |
49 | PayloadIdentifier
50 | 61C32DB4-8D3A-480D-B22C-42C6D709F9A2
51 | PayloadOrganization
52 | My Org
53 | PayloadType
54 | com.apple.system-extension-policy
55 | PayloadUUID
56 | 61C32DB4-8D3A-480D-B22C-42C6D709F9A2
57 | PayloadVersion
58 | 1
59 |
60 |
61 | PayloadDescription
62 |
63 | PayloadDisplayName
64 | Privacy Preferences Policy Control
65 | PayloadEnabled
66 |
67 | PayloadIdentifier
68 | E444460C-AAFA-4A5C-B180-F9FCDC502E52
69 | PayloadOrganization
70 | My Org
71 | PayloadType
72 | com.apple.TCC.configuration-profile-policy
73 | PayloadUUID
74 | E444460C-AAFA-4A5C-B180-F9FCDC502E52
75 | PayloadVersion
76 | 1
77 | Services
78 |
79 | SystemPolicyAllFiles
80 |
81 |
82 | Allowed
83 | 1
84 | CodeRequirement
85 | anchor apple generic and identifier "com.bitdefender.epsecurity.BDLDaemonApp" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)
86 | Identifier
87 | com.bitdefender.epsecurity.BDLDaemonApp
88 | IdentifierType
89 | bundleID
90 | StaticCode
91 | 0
92 |
93 |
94 | Allowed
95 | 1
96 | CodeRequirement
97 | identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
98 | Identifier
99 | com.bitdefender.EndpointSecurityforMac
100 | IdentifierType
101 | bundleID
102 | StaticCode
103 | 0
104 |
105 |
106 | Allowed
107 | 1
108 | CodeRequirement
109 | identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
110 | Identifier
111 | /Library/Bitdefender/AVP/BDLDaemon
112 | IdentifierType
113 | path
114 | StaticCode
115 | 0
116 |
117 |
118 |
119 |
120 |
121 | AllowAllAppsAccess
122 |
123 | KeyIsExtractable
124 |
125 | PayloadCertificateFileName
126 | Bitdefender CA SSL.cer
127 | PayloadContent
128 |
129 | MIIDRjCCAi4CCQDUeb7bP+2PqTANBgkqhkiG9w0BAQsFADBlMQsw
130 | CQYDVQQGEwJSTzESMBAGA1UECAwJQnVjaGFyZXN0MRIwEAYDVQQH
131 | DAlCdWNoYXJlc3QxETAPBgNVBAoMCEVuZHBvaW50MRswGQYDVQQD
132 | DBJCaXRkZWZlbmRlciBDQSBTU0wwHhcNMjEwNTE4MjMwOTQ4WhcN
133 | MjYwNTE3MjMwOTQ4WjBlMQswCQYDVQQGEwJSTzESMBAGA1UECAwJ
134 | QnVjaGFyZXN0MRIwEAYDVQQHDAlCdWNoYXJlc3QxETAPBgNVBAoM
135 | CEVuZHBvaW50MRswGQYDVQQDDBJCaXRkZWZlbmRlciBDQSBTU0ww
136 | ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcjm2zkHQB
137 | trhD94GOdp//tJ69aXTW86cCpivvPMFcqVrbhilCyD+EU96k231k
138 | +wR0vcGUtH34HWNCx1jGLoeeNZQ1SnpaZxYPaK4I0Ex7IjvSXr51
139 | tmajEoA46TY5vVmXwMol4eld7EqUqMYypmtQ3slGKILp8W59oCHI
140 | iZhXwqO6jz0eTqOiy723QZ0XsFlZa3DNnQ4Ge3dyuNzpqK2M6JiW
141 | eJoIPl61UwxxBKiRaMWKGOLJ+N5V9UxqhNgLsp/W8hxhU1Vlyaog
142 | ID1neZzXqfsOghCu/0SDXl1Ie1QY7vPbfSlBFx9EPDRLZfCdbLKP
143 | 8sp6BlHj+XTGjvyYKGZfAgMBAAEwDQYJKoZIhvcNAQELBQADggEB
144 | ACK068g13e3GOao5+a3dGC6VchdySALy6adjUj7XiG82R6YXJSZq
145 | g/vGVIsqIqrFgyBFtwhCPFVdEDLi5g3Cj4yq4geHD8mwwgw3GPmE
146 | 9dJ6ej1wNHzdsowx6HC0EjwF4Ryjk/pMJN7caklf0ukDGKtFwHuh
147 | mM4+FN6HGyBBMjVXQmVvUxdCMEotiOoTXpk9KoOksbePmkS6ywG4
148 | GfYRByZBFI0VrwWhm4fNtiTW8aSjsnzzemHqo+HX4NxYzvsdlvsl
149 | Z9vAWEBave3Gdf0KXIE4rjf9+L6VrmZaf1kuMWRLTSkxgcb9vwhy
150 | 673tNBujmE5iTcCzWjqpRnyQySwWqbQ=
151 |
152 | PayloadDescription
153 |
154 | PayloadDisplayName
155 | Bitdefender CA SSL
156 | PayloadEnabled
157 |
158 | PayloadIdentifier
159 | 16C156AA-FDCC-421D-AD95-E7478CA1C18D
160 | PayloadOrganization
161 | My Org
162 | PayloadType
163 | com.apple.security.root
164 | PayloadUUID
165 | 16C156AA-FDCC-421D-AD95-E7478CA1C18D
166 | PayloadVersion
167 | 1
168 |
169 |
170 | FilterPacketProviderBundleIdentifier
171 | com.bitdefender.cst.net.dci.dci-network-extension
172 | FilterPacketProviderDesignatedRequirement
173 | anchor apple generic and identifier "com.bitdefender.cst.net.dci.dci-network-extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)
174 | FilterPackets
175 |
176 | FilterSockets
177 |
178 | FilterType
179 | Plugin
180 | PayloadDisplayName
181 | Web Content Filter Payload
182 | PayloadIdentifier
183 | 6BB080BC-C665-4A87-9878-904D6F507585
184 | PayloadOrganization
185 | JAMF Software
186 | PayloadType
187 | com.apple.webcontent-filter
188 | PayloadUUID
189 | 6BB080BC-C665-4A87-9878-904D6F507585
190 | PayloadVersion
191 | 1
192 | PluginBundleID
193 | com.bitdefender.epsecurity.BDLDaemonApp
194 | UserDefinedName
195 | Bitdefender
196 |
197 |
198 | PayloadDescription
199 |
200 | PayloadDisplayName
201 | Bitdefender Allowed
202 | PayloadEnabled
203 |
204 | PayloadIdentifier
205 | 7577AEA3-EE14-450A-A08D-B63135052A51
206 | PayloadOrganization
207 | My Org
208 | PayloadRemovalDisallowed
209 |
210 | PayloadScope
211 | System
212 | PayloadType
213 | Configuration
214 | PayloadUUID
215 | 7577AEA3-EE14-450A-A08D-B63135052A51
216 | PayloadVersion
217 | 1
218 |
219 |
220 |
--------------------------------------------------------------------------------
/Profiles/PPPC Bomgar.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadContent
6 |
7 |
8 | PayloadDescription
9 |
10 | PayloadDisplayName
11 | PPPC Bomgar
12 | PayloadEnabled
13 |
14 | PayloadIdentifier
15 | 8412220D-83EC-4FDB-8AD0-CE26D781ADD9
16 | PayloadOrganization
17 | Myorg
18 | PayloadType
19 | com.apple.TCC.configuration-profile-policy
20 | PayloadUUID
21 | 88019E9A-E269-4D54-816C-D19A82045A5C
22 | PayloadVersion
23 | 1
24 | Services
25 |
26 | Accessibility
27 |
28 |
29 | Allowed
30 | 1
31 | CodeRequirement
32 | identifier "com.bomgar.bomgar-scc" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = B65TM49E24
33 | Identifier
34 | com.bomgar.bomgar-scc
35 | IdentifierType
36 | bundleID
37 | StaticCode
38 | 0
39 |
40 |
41 | SystemPolicyAllFiles
42 |
43 |
44 | Allowed
45 | 1
46 | CodeRequirement
47 | identifier "com.bomgar.bomgar-scc" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = B65TM49E24
48 | Identifier
49 | com.bomgar.bomgar-scc
50 | IdentifierType
51 | bundleID
52 | StaticCode
53 | 0
54 |
55 |
56 |
57 |
58 |
59 | PayloadDescription
60 |
61 | PayloadDisplayName
62 | PPPC Bomgar
63 | PayloadEnabled
64 |
65 | PayloadIdentifier
66 | ff650732-a086-4021-91ad-9507510f7b1f
67 | PayloadOrganization
68 | Myorg
69 | PayloadRemovalDisallowed
70 |
71 | PayloadScope
72 | System
73 | PayloadType
74 | Configuration
75 | PayloadUUID
76 | ff650732-a086-4021-91ad-9507510f7b1f
77 | PayloadVersion
78 | 1
79 |
80 |
81 |
--------------------------------------------------------------------------------
/Profiles/PPPC ConnectWiseControl.mobileconfig:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | PayloadContent
6 |
7 |
8 | PayloadDescription
9 | ConnectWiseControl PPPC
10 | PayloadDisplayName
11 | ConnectWiseControl PPPC
12 | PayloadEnabled
13 |
14 | PayloadIdentifier
15 | BEE165E6-42EE-4647-AC05-90A9F7A1E97F
16 | PayloadOrganization
17 | ConnectWise
18 | PayloadType
19 | com.apple.TCC.configuration-profile-policy
20 | PayloadUUID
21 | BEE165E6-42EE-4647-AC05-90A9F7A1E97F
22 | PayloadVersion
23 | 1
24 | Services
25 |
26 | Accessibility
27 |
28 |
29 | Allowed
30 | 1
31 | CodeRequirement
32 | identifier "com.screenconnect.client.access" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "K8M3XDZV9Y"
33 | Identifier
34 | com.screenconnect.client.access
35 | IdentifierType
36 | bundleID
37 | StaticCode
38 | 0
39 |
40 |
41 | Allowed
42 | 1
43 | CodeRequirement
44 | identifier "com.screenconnect.client" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = K8M3XDZV9Y
45 | Identifier
46 | com.screenconnect.client
47 | IdentifierType
48 | bundleID
49 | StaticCode
50 | 0
51 |
52 |
53 | Allowed
54 | 1
55 | CodeRequirement
56 | identifier "com.apple.bash" and anchor apple
57 | Identifier
58 | /bin/bash
59 | IdentifierType
60 | path
61 | StaticCode
62 | 0
63 |
64 |
65 | AppleEvents
66 |
67 |
68 | AEReceiverCodeRequirement
69 | identifier "com.apple.systemevents" and anchor apple
70 | AEReceiverIdentifier
71 | com.apple.systemevents
72 | AEReceiverIdentifierType
73 | bundleID
74 | Allowed
75 | 1
76 | CodeRequirement
77 | identifier "com.screenconnect.client.access" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "K8M3XDZV9Y"
78 | Identifier
79 | com.screenconnect.client.access
80 | IdentifierType
81 | bundleID
82 | StaticCode
83 | 0
84 |
85 |
86 | AEReceiverCodeRequirement
87 | identifier "com.apple.systemevents" and anchor apple
88 | AEReceiverIdentifier
89 | com.apple.systemevents
90 | AEReceiverIdentifierType
91 | bundleID
92 | Allowed
93 | 1
94 | CodeRequirement
95 | identifier "com.apple.bash" and anchor apple
96 | Identifier
97 | /bin/bash
98 | IdentifierType
99 | path
100 | StaticCode
101 | 0
102 |
103 |
104 | ScreenCapture
105 |
106 |
107 | Authorization
108 | AllowStandardUserToSetSystemService
109 | CodeRequirement
110 | identifier "com.screenconnect.client.access" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "K8M3XDZV9Y"
111 | Identifier
112 | com.screenconnect.client.access
113 | IdentifierType
114 | bundleID
115 | StaticCode
116 | 0
117 |
118 |
119 | Authorization
120 | AllowStandardUserToSetSystemService
121 | CodeRequirement
122 | identifier "com.screenconnect.client" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = K8M3XDZV9Y
123 | Identifier
124 | com.screenconnect.client
125 | IdentifierType
126 | bundleID
127 | StaticCode
128 | 0
129 |
130 |
131 |
132 |
133 |
134 | PayloadDescription
135 |
136 | PayloadDisplayName
137 | PPPC ConnectWiseControl
138 | PayloadEnabled
139 |
140 | PayloadIdentifier
141 | D0132371-D0AF-4CA2-985D-B67A1E5108C8
142 | PayloadOrganization
143 | ConnectWise
144 | PayloadRemovalDisallowed
145 |
146 | PayloadScope
147 | System
148 | PayloadType
149 | Configuration
150 | PayloadUUID
151 | D0132371-D0AF-4CA2-985D-B67A1E5108C8
152 | PayloadVersion
153 | 1
154 |
155 |
156 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Jamf
2 | Everything Jamf
3 | I'm a Independent IT Consultant and I like to share my creations.
4 |
--------------------------------------------------------------------------------
/Scripts/Account-Tool.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #Created by Kyle Ericson
3 | #Date July 25th 2019
4 | #You first have to download this script
5 | #https://github.com/gregneagle/pycreateuserpkg
6 |
7 | #Modify what you need to below
8 | #Start Modify
9 |
10 | Username="administrator"
11 | Full_Name="Administrator"
12 | Password="Replacewithyourpassword"
13 | ID="504"
14 | Company="Acemfg"
15 | Home_Folder=("$Username")
16 | consoleUser=$(stat -f %Su /dev/console)
17 | Path2createuserpkgScript="/Users/$consoleUser/Documents/pycreateuserpkg-master"
18 |
19 | #Stop Modify
20 |
21 | #Run stuff
22 | sudo $Path2createuserpkgScript/createuserpkg -n $Username -f $Full_Name -u $ID -p $Password -H /Users/$Username --admin --autologin --hidden --version=1.0.0 --identifier=$Company /Users/$consoleUser/Desktop/$Company-$Username-AL.pkg
23 |
24 | exit 0
--------------------------------------------------------------------------------
/Scripts/Allow standard users rights to system prefs.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Created by Kyle Ericson
3 |
4 | # unlock the sysprefs before unlocking specific panes:
5 | security authorizationdb write system.preferences allow
6 |
7 | # unlock energysaver:
8 | security authorizationdb write system.preferences.energysaver allow
9 |
10 | # unlock datetime:
11 | security authorizationdb write system.preferences.datetime allow
12 |
13 | # unlock printing:
14 | security authorizationdb write system.preferences.printing allow
15 |
16 | # unlock network:
17 | security authorizationdb write system.preferences.network allow
18 |
19 | # add staff to lpadmin group
20 | /usr/sbin/dseditgroup -o edit -t group -a staff _lpadmin
21 |
22 | exit 0
--------------------------------------------------------------------------------
/Scripts/AzureADClaim.ps1:
--------------------------------------------------------------------------------
1 | #Created by Kyle Ericson
2 | #Version 1.0
3 | #Adds the onpremisessamaccountname to the jamf connect token from Azure AD
4 |
5 | #Based on this workflow from here:
6 | # https://securecloud.blog/2019/06/06/add-samaccountname-to-azure-ad-access-token-jwt-with-claims-mapping-policy-and-avoiding-aadsts50146/
7 |
8 | #Connect to Azure
9 | AzureADPreview\Connect-AzureAD
10 |
11 | #Create Azure AD Policy
12 | #We are adding onpremisessamaccountname here
13 | New-AzureADPolicy -Definition @('{
14 |
15 | "ClaimsMappingPolicy": {
16 |
17 | "Version": 1,
18 |
19 | "IncludeBasicClaimSet": "true",
20 |
21 | "ClaimsSchema": [{
22 |
23 |
24 |
25 | "Source": "user",
26 |
27 | "ID": "onpremisessamaccountname",
28 |
29 | "JwtClaimType": "onpremisessamaccountname"
30 |
31 | }
32 |
33 |
34 |
35 | ]
36 |
37 | }
38 |
39 | }') -DisplayName "JamfConnectClaimsPolicy1" -Type "ClaimsMappingPolicy"
40 |
41 | #Get Jamf Connect object ID ###: ID1
42 | Get-AzureADServicePrincipal -SearchString "jamf connect" | Select-Object ObjectId
43 |
44 | #Get ID of claims policy ###: ID2
45 | Get-AzureADPolicy | Select-String "JamfConnectClaimsPolicy1"
46 |
47 | #Assign Azure AD claims mapping policy
48 | #Add-AzureADServicePrincipalPolicy -Id “object id of jamf connect app” -RefObjectId “Id of claims policy”
49 | #Add-AzureADServicePrincipalPolicy -Id “ID1” -RefObjectId “ID2”
50 |
51 | #Remove Azure AD claims mapping policy (Only if you want to revert the change)
52 | #Remove-AzureADServicePrincipalPolicy -Id “object id of jamf connect app” -PolicyId “Id of claims policy”
53 | #Remove-AzureADServicePrincipalPolicy -Id “ID1” -PolicyId “ID2”
54 |
55 | #Download the jamf connect app manifest file from AzureAD and modify this line "acceptMappedClaims": null, to "acceptMappedClaims": true,
56 | echo "Make sure to download the jamf connect app manifest file from Azure and change this value at the top of the file "acceptMappedClaims": true,"
--------------------------------------------------------------------------------
/Scripts/Backup iCloud Drive.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #Source: https://www.jessesquires.com/blog/2019/09/27/icloud-backup-using-rsync/
3 | #Used for copying iCloud folder to current user's desktop
4 | #Deploy with Jamf Pro
5 | #Created by Kyle Ericson
6 |
7 | USER=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
8 |
9 | DEST="/Users/$USER/Desktop/iCloud-Backup/"
10 |
11 | SRC="/Users/$USER/Library/Mobile Documents/com~apple~CloudDocs/"
12 |
13 | rsync --verbose --recursive --delete-before --whole-file --times --exclude=".DS_Store" --exclude=".Trash/" "$SRC" "$DEST"
14 |
15 | sudo chown -Rv $USER /Users/$USER/Desktop/iCloud-Backup
16 |
17 | exit 0
--------------------------------------------------------------------------------
/Scripts/DEP-Setup-Mac.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #New Mac Setup Checklist
3 | #Created by Kyle Ericson
4 | #Date 1-29-19
5 |
6 | #Replace the following with your info
7 |
8 | #yourlocaladminaccount
9 | #yourlocaladminpassword
10 | #temppass
11 | #Replace with your share ip and useraccount info
12 | #open 'smb://usr:pass@192.168.1.2/Mac-Setup'
13 |
14 |
15 | sudo defaults write /Library/Preferences/com.apple.NetworkAuthorization AllowUnknownServers -bool YES
16 |
17 |
18 | fullname=$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter the users First & Last name or select Cancel." default answer "John Doe"' -e 'text returned of result' 2>/dev/null)
19 |
20 | username=$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter the domain username or select Cancel." default answer "johdoe"' -e 'text returned of result' 2>/dev/null)
21 |
22 | #Create user account
23 | /usr/sbin/sysadminctl -addUser "$username" -fullName "$fullname" -password temppass -admin -adminUser yourlocaladminaccount -adminPassword yourlocaladminpassword
24 | #Add to FileVault2
25 | /usr/sbin/sysadminctl -adminUser Administrator -adminPassword TruHelp@1 -secureTokenOn "$username" -password temppass
26 |
27 | #filevault2
28 | /usr/bin/expect -f- << EOT
29 | spawn /usr/bin/fdesetup add -usertoadd "${username}";
30 | expect "Enter the username 'yourlocaladminaccount':*"
31 | send -- $(printf '%q' "yourlocaladminaccount")
32 | send -- "\r"
33 | expect "Enter the password 'yourlocaladminpassword':*"
34 | send -- $(printf '%q' "yourlocaladminpassword")
35 | send -- "\r"
36 | expect "Enter a password for '/', or the recovery key:*"
37 | send -- $(printf '%q' "${user_password}")
38 | send -- "\r"
39 | expect eof;
40 | EOT
41 |
42 | #rename mac
43 | serial_no=$(ioreg -c IOPlatformExpertDevice -d 2 | awk -F\" '/IOPlatformSerialNumber/{print $(NF-1)}' | tail -c 5)
44 | computer_name="${username}-${serial_no}"
45 | /usr/sbin/scutil --set LocalHostName "${computer_name}"
46 | /usr/sbin/scutil --set ComputerName "${computer_name}"
47 | /usr/sbin/scutil --set HostName "${computer_name}"
48 |
49 | dscacheutil -flushcache
50 |
51 | #Update user location
52 | sudo jamf recon -endUsername $username
53 |
54 |
55 |
56 | #Get Computer name
57 | computerName="$computer_name"
58 |
59 |
60 | #Get Computer Model.
61 | computerModel=$(ioreg -l |grep "product-name" |cut -d ""="" -f 2|sed -e s/[^[:alnum:]]//g | sed s/[0-9]//g)
62 |
63 | #Get Serial Number
64 | SERIAL="$(ioreg -l | grep IOPlatformSerialNumber | sed -e 's/.*\"\(.*\)\"/\1/')"
65 |
66 | # Lets format it.
67 | printf "New Mac Setup Checklist\t Device Info\t DATE\n" >> /tmp/$computerName.txt
68 | printf "%s\n" "#################################" "Device Info:" "#################################" >> /tmp/$computerName.txt
69 | printf "Computer name =\t $computerName\t $(date)\n" >> /tmp/$computerName.txt
70 | printf "User assigned in Jamf =\t $username\n" >> /tmp/$computerName.txt
71 | printf "Users full name =\t $fullname\n" >> /tmp/$computerName.txt
72 | printf "Computer Serial Number =\t $SERIAL\n" >> /tmp/$computerName.txt
73 | printf "Computer Model =\t $computerModel\n" >> /tmp/$computerName.txt
74 | printf "%s\n" "#################################" "Setup Checklist" "#################################" >> /tmp/$computerName.txt
75 | printf "%s\n" "Open Outlook and Activate and setup email account" "Open OneDrive and let it fully sync files and folders" "Run the OneDrive Setup wizard from Jamf Self Service" "Install Auto Quotes from Self Service" "Run Office Updates" "Run macOS updates" "Print Asset tag" "##################################" "Computer Built by:" >> /tmp/$computerName.txt
76 |
77 | #lets make it a CSV
78 | tr '\t' ',' ~/Desktop/$computerName.csv
79 |
80 | loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
81 | echo $loggedInUser
82 | sudo chown -v $loggedInUser:staff "/Users/$loggedInUser/Desktop/$computerName.csv"
83 |
84 | #Replace with your share
85 | open 'smb://usr:pass@192.168.1.2/Mac-Setup'
86 |
87 | sleep 15
88 |
89 | echo "/Users/$loggedInUser/Desktop/$computerName.csv"
90 |
91 | cp "/Users/$loggedInUser/Desktop/$computerName.csv" /Volumes/Mac-Setup/
92 |
93 |
94 |
95 | sleep 2
96 | sudo defaults write /Library/Preferences/com.apple.NetworkAuthorization AllowUnknownServers -bool NO
97 |
98 | umount /Volumes/Mac-Setup
99 |
100 | Log out user
101 | echo "Logout time"
102 | pkill loginwindow
103 |
104 | exit 0
105 |
--------------------------------------------------------------------------------
/Scripts/Deploy_Splashtop_Streamer.sh:
--------------------------------------------------------------------------------
1 | #!/bin.zsh
2 | # Deploys latest Splashtop Streamer
3 | # Use Parameter $4 in Jamf for your org ID from Splashtop
4 | # Created by Kyle Ericson
5 | # Version 1.0
6 | # March 26 2021
7 |
8 | curl -L https://support-splashtopbusiness.splashtop.com/hc/en-us/article_attachments/360065327792/Deploy_splashtop_streamer.sh.zip -o /tmp/Deploy_splashtop_streamer.sh.zip
9 |
10 | unzip /tmp/Deploy_splashtop_streamer.sh.zip -d /tmp/Deploy_splashtop_streamer.sh
11 |
12 | mv /tmp/Deploy_splashtop_streamer.sh /tmp/Splash
13 |
14 | curl -L https://my.splashtop.com/csrs/mac -o /tmp/Splash/splash.dmg
15 |
16 | sh /tmp/Splash/Deploy_splashtop_streamer.sh -i "/tmp/Splash/splash.dmg" -d $4 -w 0 -s 0
17 |
18 | exit 0
--------------------------------------------------------------------------------
/Scripts/Grant Perm Admin Rights.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Created by Kyle Ericson
3 | # Add admin rights to current user
4 |
5 | U1=$(/bin/echo "show State:/Users/ConsoleUser" | /usr/sbin/scutil | /usr/bin/awk '/Name :/&&!/loginwindow/{print $3}')
6 | U2=$(id -un $U1)
7 | echo "Current username is:$U2"
8 | /usr/sbin/dseditgroup -o edit -a $U2 -t user admin
9 | dscl . -append /groups/admin GroupMembership $U2
10 | exit 0
--------------------------------------------------------------------------------
/Scripts/Install_Duo_Health.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Written by Kyle Ericson
3 | # Version 1.0
4 | # Installs Duo Device Health macOS
5 |
6 | # Download
7 | curl -L "https://dl.duosecurity.com/DuoDeviceHealth-latest.dmg" -o /tmp/DuoDeviceHealth-latest.dmg
8 | # Mount DMG
9 | hdiutil attach /tmp/DuoDeviceHealth-latest.dmg -nobrowse
10 | # Run Installer
11 | /usr/sbin/installer -pkg /Volumes/DuoDeviceHealth/Install-DuoDeviceHealth.pkg -target /
12 | # Wait for Installer
13 | sleep 15
14 | # Unmount DMG
15 | hdiutil detach /Volumes/DuoDeviceHealth || :
16 |
17 | exit 0
--------------------------------------------------------------------------------
/Scripts/Jamf-Change-Management-Account.sh:
--------------------------------------------------------------------------------
1 | #!/bin/zsh
2 | # Created by OpenAI & Kyle Ericson
3 | # This script will create a new local admin account for use as a new Jamf Pro Management Account
4 | # This will create a new local admin account
5 | # Change the Jamf Management account to this new account
6 | # Update Jamf inventory at the end.
7 | # Add this to a policy with script to run before
8 | # Then add the reset Management account password to random
9 | #######################################################################
10 | # Update with your values below
11 | #
12 |
13 | # API user accounts here
14 | # Generate API base64 credentials by using:
15 | # printf "username:password" | iconv -t ISO-8859-1 | base64 -i -
16 | apib64=""
17 |
18 | # Create a local admin account on the Mac
19 | new_userdisplayname=""
20 | new_username=""
21 | new_password=""
22 |
23 | #######################################################################
24 | # Check if the local admin account already exists
25 | #######################################################################
26 | # Check if the local admin account already exists
27 | dscl . -list /Users |grep $new_username
28 | if [ "$result" != "" ]; then
29 | echo "User: $new_username already exists."
30 | else
31 | echo "User: $new_username doesn't exists."
32 | # Create the local admin account
33 | dscl . -create /Users/"$new_username"
34 | dscl . -create /Users/"$new_username" RealName "$new_userdisplayname"
35 | dscl . -create /Users/"$new_username" UniqueID 510
36 | dscl . -create /Users/"$new_username" PrimaryGroupID 80
37 | dscl . -create /Users/"$new_username" UserShell /bin/zsh
38 | dscl . -create /Users/"$new_username" NFSHomeDirectory /Users/"$new_username"
39 | dscl . -passwd /Users/"$new_username" "$new_password"
40 | dscl . -create /Users/"$new_username" IsHidden 1
41 | dscl . -append /Groups/admin GroupMembership "$new_username"
42 | echo "User: $new_username created."
43 | echo "User: $new_username hidden."
44 | fi
45 |
46 | # Current JSS address
47 | jssurl=$( /usr/bin/defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url )
48 |
49 | # Hardware UDID of the Mac you're running this on
50 | udid=$( /usr/sbin/ioreg -rd1 -c IOPlatformExpertDevice | awk '/IOPlatformUUID/ { split($0, line, "\""); printf("%s\n", line[4]); }' )
51 |
52 | jsonresponse=$( /usr/bin/curl -s "${jssurl}api/v1/auth/token" -H "authorization: Basic ${apib64}" -X POST | tr -d "\n" )
53 | token=$( /usr/bin/osascript -l 'JavaScript' -e "JSON.parse(\`$jsonresponse\`).token" )
54 |
55 | # Use the read token to find the ID number of the current Mac
56 | computerrecord=$( /usr/bin/curl -s "${jssurl}api/v1/computers-inventory?section=USER_AND_LOCATION&filter=udid%3D%3D%22${udid}%22" -H "authorization: Bearer ${token}" )
57 | id=$( /usr/bin/osascript -l 'JavaScript' -e "JSON.parse(\`$computerrecord\`).results[0].id" )
58 |
59 |
60 | # echo "Computer ID is: $id" # enable debugging
61 | # echo "API Token is: $token" # enable debugging
62 |
63 | #set -x # enable debugging
64 |
65 | # Change Jamf management account username and password
66 | echo "Changing Jamf management account username and password..."
67 |
68 | # Build XML data for PUT request
69 | xml_data="$new_username$new_password"
70 |
71 | # Make PUT request to update management account info
72 | curl -s \
73 | -H "Authorization: Bearer $token" \
74 | -H "Content-Type: application/xml" \
75 | -X PUT \
76 | -d "$xml_data" \
77 | "$jssurl/JSSResource/computers/id/$id"
78 |
79 | #set +x # disable debugging
80 |
81 | # Invalidate the token
82 | /usr/bin/curl -s -k "${jssurl}api/v1/auth/invalidate-token" -H "authorization: Bearer ${token}" -X POST
83 |
84 | /usr/local/jamf/bin/jamf recon
85 |
86 | exit 0
87 |
--------------------------------------------------------------------------------
/Scripts/JamfConnectNotifyStart.sh:
--------------------------------------------------------------------------------
1 | #!/bin/zsh
2 | # Created by Kyle Ericson
3 | # Version 3.0
4 | # Jamf Connect Notify Start
5 | # Note you will need to ensure Jamf Connect is set to run in Notify Mode like this:
6 | # /usr/local/bin/authchanger -reset -JamfConnect -Notify
7 | # Credits to this script which some items were used from https://raw.githubusercontent.com/jamf/DEPNotify-Starter/master/depNotify.sh
8 |
9 | # Caffeinate Mac to keep awake
10 | /usr/bin/caffeinate -d -i -m -u & caffeinatePID=$!
11 |
12 | # Quit Key set to command + control + x
13 |
14 | ORG_NAME="My Org Name"
15 | BANNER_IMAGE_PATH="/Library/Resources/logo.png"
16 | NOTIFY_LOG="/var/tmp/depnotify.log"
17 | POLICY_ARRAY=(
18 | "Setting up your Mac 10% Complete...,rose"
19 | "Setting up your Mac 20% Complete...,username"
20 | "Setting up your Mac 30% Complete...,itadmin"
21 | "Setting up your Mac 40% Complete...,hostname"
22 | "Setting up your Mac 50% Complete...,portal"
23 | "Setting up your Mac 60% Complete...,excel"
24 | "Setting up your Mac 70% Complete...,onenote"
25 | "Setting up your Mac 80% Complete...,outlook"
26 | "Setting up your Mac 90% Complete...,powerpoint"
27 | "Setting up your Mac 99% Complete...,word"
28 | )
29 |
30 | ARAY_LENGTH="${#POLICY_ARRAY[@]}"
31 | for (( index = 1; index <= count; index ++ )); do
32 | echo "${index} of ${count}: ${POLICY_ARRAY[index]}"
33 | done
34 |
35 | echo "STARTING RUN" >> "$NOTIFY_LOG" # Define the number of increments for the progress bar
36 | echo "Command: Image: $BANNER_IMAGE_PATH" >> "$NOTIFY_LOG"
37 | echo "Command: MainTitle: Installing Apps and Settings." >> "$NOTIFY_LOG"
38 | echo "Command: MainText: Thanks for choosing a Mac at $ORG_NAME! We want you to have a few applications and settings configured before you get started with your new Mac. This process should take 10 to 20 minutes to complete. \n \n If you need additional software or help, please visit the Self Service app in your Applications folder or on your Dock." >> "$NOTIFY_LOG"
39 | echo "Command: DeterminateManual: $ARAY_LENGTH" >> "$NOTIFY_LOG"
40 |
41 | # Loop to run policies
42 | for POLICY in "${POLICY_ARRAY[@]}"; do
43 | echo "Status: $(echo "$POLICY" | cut -d ',' -f1)" >> "$NOTIFY_LOG"
44 | /usr/local/bin/jamf policy -event "$(echo "$POLICY" | cut -d ',' -f2)"
45 | echo "Command: DeterminateManualStep: ${POLICY_ARRAY[index]}" >> "$NOTIFY_LOG"
46 | done
47 |
48 | sleep 5
49 |
50 | ### Clean Up
51 | sleep 3
52 | echo "Command: Quit" >> "$NOTIFY_LOG"
53 | sleep 1
54 | rm -rf "$NOTIFY_LOG"
55 |
56 | # Disable notify screen from loginwindow process and remove script
57 | /usr/local/bin/authchanger -reset -JamfConnect
58 | rm -rf /usr/local/bin/start-jcnotify.sh
59 |
60 | # Kill caffeinate process
61 | kill "$caffeinatePID"
62 |
63 | exit 0
--------------------------------------------------------------------------------
/Scripts/JamfConnectUninstall.sh:
--------------------------------------------------------------------------------
1 | #!/bin/zsh
2 | # This will uninstall Jamf Connect and reset the login window
3 | # Created by Kyle Ericson
4 | # Version 5.0
5 | echo "Created by Kyle Ericson"
6 | echo "email kyle@ericsontech.com"
7 |
8 | # Get the logged in user's name
9 | FAKE_USER=$(/bin/echo "show State:/Users/ConsoleUser" | /usr/sbin/scutil | /usr/bin/awk '/Name :/&&!/loginwindow/{print $3}')
10 | CURRENT_USER=$(id -un $FAKE_USER)
11 | echo "Current User is: $CURRENT_USER"
12 |
13 | # Reset login window to default macOS
14 | /usr/local/bin/authchanger -reset
15 | rm /usr/local/bin/authchanger
16 | rm /usr/local/lib/pam/pam_saml.so.2
17 | rm -r /Library/Security/SecurityAgentPlugins/JamfConnectLogin.bundle
18 |
19 | # Remove Jamf Connect LaunchAgents
20 | rm -rf /Library/LaunchAgents/com.jamf.connect.plist
21 | rm -rf /Library/LaunchAgents/com.jamf.connect.unlock.login.plist
22 | killall 'Jamf Connect'
23 | rm -rf "/Applications/Jamf Connect.app"
24 |
25 | # Remove network info from user account
26 | dscl . delete /Users/$CURRENT_USER dsAttrTypeStandard:NetworkUser
27 | dscl . delete /Users/$CURRENT_USER dsAttrTypeStandard:OIDCProvider
28 | dscl . delete /Users/$CURRENT_USER dsAttrTypeStandard:OktaUser
29 | dscl . delete /Users/$CURRENT_USER dsAttrTypeStandard:AzureUser
30 |
31 | echo "Done removing Jamf Connect"
32 | exit 0
--------------------------------------------------------------------------------
/Scripts/Jamf_Connect_Notify_Starter_Script.sh:
--------------------------------------------------------------------------------
1 | #!/bin/zsh
2 | # Jamf Connect Starter Script
3 | # Update Line 21 and line 27 replacing the number and org name
4 |
5 | # Caffeinate Mac to keep awake
6 | /usr/bin/caffeinate -d -i -m -u & caffeinatePID=$!
7 |
8 | #variables
9 | NOTIFY_LOG="/var/tmp/depnotify.log"
10 | #For TOKEN_BASIC, use same file path location as set for OIDCIDTokenPath in com.jamf.connect.login
11 | TOKEN_BASIC="/private/tmp/token"
12 | TOKEN_GIVEN_NAME=$(echo "$(cat $TOKEN_BASIC)" | sed -e 's/\"//g' | awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}' | grep given_name | cut -d ":" -f2)
13 | TOKEN_UPN=$(echo "$(cat $TOKEN_BASIC)" | sed -e 's/\"//g' | awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}' | grep upn | cut -d ":" -f2)
14 |
15 |
16 | echo $TOKEN_GIVEN_NAME
17 | echo $TOKEN_UPN
18 |
19 | ### Update DeterminateManual to how many policies you have
20 | echo "STARTING RUN" >> $NOTIFY_LOG # Define the number of increments for the progress bar
21 | # Update Polices here
22 | echo "Command: DeterminateManual: 15" >> $NOTIFY_LOG
23 |
24 | ###Jamf Triggers
25 | echo "Command: Image: /Library/Resources/logo.png" >> $NOTIFY_LOG
26 | echo "Command: MainTitle: Installing Apps and Settings." >> $NOTIFY_LOG
27 | # Update Org name here
28 | echo "Command: MainText: Thanks for choosing a Mac at Myorg! We want you to have a few applications and settings configured before you get started with your new Mac. This process should take 10 to 20 minutes to complete. \n \n If you need additional software or help, please visit the Self Service app in your Applications folder or on your Dock.'" >> $NOTIFY_LOG
29 |
30 | # Jamf Policy: 1
31 | echo "Status: Setting up your Mac 5% Complete..." >> $NOTIFY_LOG
32 | /usr/local/bin/jamf policy -event "rose"
33 | echo "Command: DeterminateManualStep: 1" >> $NOTIFY_LOG
34 |
35 | # Jamf Policy: 2
36 | echo "Status: Setting up your Mac 10% Complete..." >> $NOTIFY_LOG
37 | /usr/local/bin/jamf policy -event "jc"
38 | echo "Command: DeterminateManualStep: 2" >> $NOTIFY_LOG
39 |
40 | # Jamf Policy: 3
41 | echo "Status: Setting up your Mac 15% Complete..." >> $NOTIFY_LOG
42 | /usr/local/bin/jamf policy -event "account"
43 | echo "Command: DeterminateManualStep: 3" >> $NOTIFY_LOG
44 |
45 | # Jamf Policy: 4
46 | echo "Status: Setting up your Mac 20% Complete..." >> $NOTIFY_LOG
47 | /usr/local/bin/jamf policy -event "name"
48 | echo "Command: DeterminateManualStep: 4" >> $NOTIFY_LOG
49 |
50 | # Jamf Policy: 5
51 | echo "Status: Setting up your Mac 25% Complete..." >> $NOTIFY_LOG
52 | /usr/local/bin/jamf policy -event "chrome"
53 | echo "Command: DeterminateManualStep: 5" >> $NOTIFY_LOG
54 |
55 | # Jamf Policy: 6
56 | echo "Status: Setting up your Mac 30% Complete..." >> $NOTIFY_LOG
57 | /usr/local/bin/jamf policy -event "portal"
58 | echo "Command: DeterminateManualStep: 6" >> $NOTIFY_LOG
59 |
60 | # Jamf Policy: 7
61 | echo "Status: Setting up your Mac 35% Complete..." >> $NOTIFY_LOG
62 | /usr/local/bin/jamf policy -event "adobecc"
63 | echo "Command: DeterminateManualStep: 7" >> $NOTIFY_LOG
64 |
65 | # Jamf Policy: 8
66 | echo "Status: Setting up your Mac 40% Complete..." >> $NOTIFY_LOG
67 | /usr/local/bin/jamf policy -event "reader"
68 | echo "Command: DeterminateManualStep: 8" >> $NOTIFY_LOG
69 |
70 | # Jamf Policy: 9
71 | echo "Status: Setting up your Mac 50% Complete..." >> $NOTIFY_LOG
72 | /usr/local/bin/jamf policy -event "office"
73 | echo "Command: DeterminateManualStep: 9" >> $NOTIFY_LOG
74 |
75 | # Jamf Policy: 10
76 | echo "Status: Setting up your Mac 60% Complete..." >> $NOTIFY_LOG
77 | /usr/local/bin/jamf policy -event "officetmp"
78 | echo "Command: DeterminateManualStep: 10" >> $NOTIFY_LOG
79 |
80 | # Jamf Policy: 11
81 | echo "Status: Setting up your Mac 70% Complete..." >> $NOTIFY_LOG
82 | /usr/local/bin/jamf policy -event "dock"
83 | echo "Command: DeterminateManualStep: 11" >> $NOTIFY_LOG
84 |
85 | # Jamf Policy: 12
86 | echo "Status: Setting up your Mac 80% Complete..." >> $NOTIFY_LOG
87 | /usr/local/bin/jamf policy -event "splash"
88 | echo "Command: DeterminateManualStep: 12" >> $NOTIFY_LOG
89 |
90 | # Jamf Policy: 13
91 | echo "Status: Setting up your Mac 85% Complete..." >> $NOTIFY_LOG
92 | /usr/local/bin/jamf policy -event "protect"
93 | echo "Command: DeterminateManualStep: 13" >> $NOTIFY_LOG
94 |
95 | # Jamf Policy: 14
96 | echo "Status: Setting up your Mac 90% Complete..." >> $NOTIFY_LOG
97 | /usr/local/bin/jamf policy -event "av"
98 | echo "Command: DeterminateManualStep: 14" >> $NOTIFY_LOG
99 |
100 | # Jamf Policy: 15
101 | echo "Status: Setting up your Mac 99% Complete..." >> $NOTIFY_LOG
102 | /usr/local/bin/jamf policy -event "filevault"
103 | echo "Command: DeterminateManualStep: 15" >> $NOTIFY_LOG
104 |
105 | sleep 5
106 |
107 | ###Clean Up
108 | sleep 3
109 | echo "Command: Quit" >> $NOTIFY_LOG
110 | sleep 1
111 | rm -rf $NOTIFY_LOG
112 |
113 | # Kill caffeinate process
114 | kill "$caffeinatePID"
115 |
116 | #6 - Disable notify screen from loginwindow process
117 | /usr/local/bin/authchanger -reset -JamfConnect
--------------------------------------------------------------------------------
/Scripts/MS-Company-Portal-Removal-Tool.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #created by Kyle Ericson
3 | #Date: Dec 18 2018
4 | #Script to cleanup Company portal for Azure CA via Intune
5 |
6 |
7 | killall 'JAMF'
8 | echo "quit JAMF"
9 | killall 'Company Portal'
10 | echo "quit Company Portal"
11 | echo "Remove Company Portal"
12 | rm -R '/Applications/Company Portal.app/'
13 | rm -rf '/Library/Application Support/com.microsoft.CompanyPortal.usercontext.info'
14 | rm -rf '/Library/Application Support/com.jamfsoftware.selfservice.mac'
15 | rm -r '/Library/Saved Application State/com.jamfsoftware.selfservice.mac.savedState'
16 | rm -r 'Library/Saved Application State/com.microsoft.CompanyPortal.savedState'
17 | rm -r '/Library/Preferences/com.microsoft.CompanyPortal.plist'
18 | rm -r 'Library/Preferences/com.jamfsoftware.management.jamfAAD.plist'
19 | rm -r 'Users/$loggedInUser/Library/Cookies/com.microsoft.CompanyPortal.binarycookies'
20 | rm -r '/Users/$loggedInUser/Library/Cookes/com.jamf.management.jamfAAD.binarycookies'
21 |
22 | echo "Remove keychain password items"
23 |
24 | security delete-generic-password -l 'com.jamf.management.jamfAAD'
25 | security delete-generic-password -l 'com.microsoft.CompanyPortal'
26 | security delete-generic-password -l 'com.microsoft.CompanyPortal.HockeySDK'
27 | security delete-generic-password -l 'enterpriseregistration.windows.net'
28 |
29 | #Replace-with-your-adfs-server-name-FQDN
30 | security delete-generic-password -l 'https://replace-with-your-adfs-server-name-FQDN.com/adfs/ls'
31 | security delete-generic-password -l 'https://replace-with-your-adfs-server-name-FQDN.com/adfs/ls/'
32 | #Replace-with-your-adfs-server-name-FQDN
33 |
34 | security delete-generic-password -l 'https://device.login.microsoftonline.com'
35 | security delete-generic-password -l 'https://device.login.microsoftonline.com/'
36 | security delete-generic-password -l 'https://enterpriseregistration.windows.net'
37 | security delete-generic-password -l 'https://enterpriseregistration.windows.net/'
38 | security delete-generic-password -a 'com.microsoft.workplacejoin.thumbprint'
39 | security delete-generic-password -a 'com.microsoft.workplacejoin.registeredUserPrincipalName'
40 |
41 | removecert=$(security find-certificate -a -Z | grep -B 9 "MS-ORGANIZATION-ACCESS" | grep "SHA-1" | awk '{print $3}')
42 | echo $removecert
43 | security delete-identity -Z $removecert
44 |
45 | echo "Install Company Portal"
46 |
47 | #replace with your Jamf policy to install Company Portal
48 | /usr/local/bin/jamf policy -event cportal
49 |
50 | echo "Run the Azure Registration via Self Service"
51 | exit 0
52 |
--------------------------------------------------------------------------------
/Scripts/MSP-DEPNotify-Start.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Version 2.0.5
3 |
4 | #########################################################################################
5 | # License information
6 | #########################################################################################
7 | # Copyright 2018 Jamf Professional Services
8 |
9 | # Permission is hereby granted, free of charge, to any person obtaining a copy of this
10 | # software and associated documentation files (the "Software"), to deal in the Software
11 | # without restriction, including without limitation the rights to use, copy, modify, merge,
12 | # publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
13 | # to whom the Software is furnished to do so, subject to the following conditions:
14 |
15 | # The above copyright notice and this permission notice shall be included in all copies or
16 | # substantial portions of the Software.
17 |
18 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
19 | # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
20 | # PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
21 | # FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
22 | # OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
23 | # DEALINGS IN THE SOFTWARE.
24 |
25 | #########################################################################################
26 | # General Information
27 | #########################################################################################
28 | # This script is designed to make implementation of DEPNotify very easy with limited
29 | # scripting knowledge. The section below has variables that may be modified to customize
30 | # the end user experience. DO NOT modify things in or below the CORE LOGIC area unless
31 | # major testing and validation is performed.
32 |
33 | # More information at: https://github.com/jamfprofessionalservices/DEP-Notify
34 |
35 | #########################################################################################
36 | # Testing Mode
37 | #########################################################################################
38 | # Testing flag will enable the following things to change:
39 | # Auto removal of BOM files to reduce errors
40 | # Sleep commands instead of policies or other changes being called
41 | # Quit Key set to command + control + x
42 | TESTING_MODE=false # Set variable to true or false
43 |
44 | #########################################################################################
45 | # General Appearance
46 | #########################################################################################
47 | # Flag the app to open fullscreen or as a window
48 | FULLSCREEN=true # Set variable to true or false
49 |
50 | # Banner image can be 600px wide by 100px high. Images will be scaled to fit
51 | # If this variable is left blank, the generic image will appear. If using custom Self
52 | # Service branding, please see the Customized Self Service Branding area below
53 | BANNER_IMAGE_PATH="$4"
54 |
55 | # Update the variable below replacing "Organization" with the actual name of your organization. Example "ACME Corp Inc."
56 | ORG_NAME="$5"
57 |
58 | # Main heading that will be displayed under the image
59 | # If this variable is left blank, the generic banner will appear
60 | BANNER_TITLE="Welcome to $ORG_NAME"
61 |
62 | # Update the variable below replacing "email helpdesk@company.com" with the actual plaintext instructions for your organization. Example "call 555-1212" or "email helpdesk@company.com"
63 | SUPPORT_CONTACT_DETAILS="$6"
64 |
65 | # Paragraph text that will display under the main heading. For a new line, use \n
66 | # If this variable is left blank, the generic message will appear. Leave single
67 | # quotes below as double quotes will break the new lines.
68 | MAIN_TEXT='Thanks for choosing a Mac at '$ORG_NAME'! We want you to have a few applications and settings configured before you get started with your new Mac. This process should take 10 to 20 minutes to complete. \n \n If you need additional software or help, please visit the Self Service app in your Applications folder or on your Dock.'
69 |
70 | # Initial Start Status text that shows as things are firing up
71 | INITAL_START_STATUS="Initial Configuration Starting..."
72 |
73 | # Text that will display in the progress bar
74 | INSTALL_COMPLETE_TEXT="Configuration Complete!"
75 |
76 | # Complete messaging to the end user can ether be a button at the bottom of the
77 | # app with a modification to the main window text or a dropdown alert box. Default
78 | # value set to false and will use buttons instead of dropdown messages.
79 | COMPLETE_METHOD_DROPDOWN_ALERT=false # Set variable to true or false
80 |
81 | # Script designed to automatically logout user to start FileVault process if
82 | # deferred enablement is detected. Text displayed if deferred status is on.
83 | # Option for dropdown alert box
84 | FV_ALERT_TEXT="Your Mac must logout to start the encryption process. You will be asked to enter your password and click OK or Continue a few times. Your Mac will be usable while encryption takes place."
85 | # Options if not using dropdown alert box
86 | FV_COMPLETE_MAIN_TEXT='Your Mac must logout to start the encryption process. You will be asked to enter your password and click OK or Continue a few times. Your Mac will be usable while encryption takes place.'
87 | FV_COMPLETE_BUTTON_TEXT="Logout"
88 |
89 | # Text that will display inside the alert once policies have finished
90 | # Option for dropdown alert box
91 | COMPLETE_ALERT_TEXT="Your Mac is now finished with initial setup and configuration. Press Quit to get started!"
92 | # Options if not using dropdown alert box
93 | COMPLETE_MAIN_TEXT='Your Mac is now finished with initial setup and configuration.'
94 | COMPLETE_BUTTON_TEXT="Get Started!"
95 |
96 | #########################################################################################
97 | # Plist Configuration
98 | #########################################################################################
99 | # The menu.depnotify.plist contains more and more things that configure the DEPNotify app
100 | # You may want to save the file for purposes like verifying EULA acceptance or validating
101 | # other options.
102 |
103 | # Plist Save Location
104 | # This wrapper allows variables that are created later to be used but also allow for
105 | # configuration of where the plist is stored
106 | INFO_PLIST_WRAPPER (){
107 | DEP_NOTIFY_USER_INPUT_PLIST="/Users/$CURRENT_USER/Library/Preferences/menu.nomad.DEPNotifyUserInput.plist"
108 | }
109 |
110 | # Status Text Alignment
111 | # The status text under the progress bar can be configured to be left, right, or center
112 | STATUS_TEXT_ALIGN="center"
113 |
114 | # Help Button Configuration
115 | # The help button was changed to a popup. Button will appear if title is populated.
116 | HELP_BUBBLE_TITLE="Need Help?"
117 | HELP_BUBBLE_BODY="This tool at $ORG_NAME is designed to help with new employee onboarding. If you have issues, please $SUPPORT_CONTACT_DETAILS"
118 |
119 | #########################################################################################
120 | # Error Screen Text
121 | #########################################################################################
122 | # If testing mode is false and configuration files are present, this text will appear to
123 | # the end user and asking them to contact IT. Limited window options here as the
124 | # assumption is that they need to call IT. No continue or exit buttons will show for
125 | # DEP Notify window and it will not show in fullscreen. IT staff will need to use Terminal
126 | # or Activity Monitor to kill DEP Notify.
127 |
128 | # Main heading that will be displayed under the image
129 | ERROR_BANNER_TITLE="Uh oh, Something Needs Fixing!"
130 |
131 | # Paragraph text that will display under the main heading. For a new line, use \n
132 | # If this variable is left blank, the generic message will appear. Leave single
133 | # quotes below as double quotes will break the new lines.
134 | ERROR_MAIN_TEXT='We are sorry that you are experiencing this inconvenience with your new Mac. However, we have the nerds to get you back up and running in no time! \n \n Please contact IT right away and we will take a look at your computer ASAP. \n \n'
135 | ERROR_MAIN_TEXT="$ERROR_MAIN_TEXT $SUPPORT_CONTACT_DETAILS"
136 |
137 | # Error status message that is displayed under the progress bar
138 | ERROR_STATUS="Setup Failed"
139 |
140 | #########################################################################################
141 | # Trigger to be used to call the policy
142 | #########################################################################################
143 | # Policies can be called be either a custom trigger or by policy id.
144 | # Select either event, to call the policy by the custom trigger,
145 | # or id to call the policy by id.
146 | TRIGGER="event"
147 |
148 |
149 | #########################################################################################
150 | # Policy Variable to Modify
151 | #########################################################################################
152 | # The policy array must be formatted "Progress Bar text,customTrigger". These will be
153 | # run in order as they appear below.
154 | POLICY_ARRAY=(
155 |
156 | "Installing Google Apps,gdfs"
157 | "Installing Dropbox,dropbox"
158 | "Installing Adobe Reader DC,reader"
159 | "Installing Google Chrome,chrome"
160 | "Installing MS Office,office"
161 | "Installing Zoom,zoom"
162 | "Installing Carbon Black,carbon"
163 | "Enable Filevault,fv"
164 | "Installing Done,done"
165 |
166 | )
167 |
168 | #########################################################################################
169 | # Caffeinate / No Sleep Configuration
170 | #########################################################################################
171 | # Flag script to keep the computer from sleeping. BE VERY CAREFUL WITH THIS FLAG!
172 | # This flag could expose your data to risk by leaving an unlocked computer wide open.
173 | # Only recommended if you are using fullscreen mode and have a logout taking place at
174 | # the end of configuration (like for FileVault). Some folks may use this in workflows
175 | # where IT staff are the primary people setting up the device. The device will be
176 | # allowed to sleep again once the DEPNotify app is quit as caffeinate is looking
177 | # at DEPNotify's process ID.
178 | NO_SLEEP=true
179 |
180 | #########################################################################################
181 | # Customized Self Service Branding
182 | #########################################################################################
183 | # Flag for using the custom branding icon from Self Service and Jamf Pro
184 | # This will override the banner image specified above. If you have changed the
185 | # name of Self Service, make sure to modify the Self Service name below.
186 | # Please note, custom branding is downloaded from Jamf Pro after Self Service has opened
187 | # at least one time. The script is designed to wait until the files have been downloaded.
188 | # This could take a few minutes depending on server and network resources.
189 | SELF_SERVICE_CUSTOM_BRANDING=false # Set variable to true or false
190 |
191 | # If using a name other than Self Service with Custom branding. Change the
192 | # name with the SELF_SERVICE_APP_NAME variable below. Keep .app on the end
193 | SELF_SERVICE_APP_NAME="Self Service.app"
194 |
195 | # Number of seconds to wait (seconds) for the Self Service custon icon.
196 | SELF_SERVICE_CUSTOM_WAIT=20
197 |
198 |
199 | #########################################################################################
200 | # EULA Variables to Modify
201 | #########################################################################################
202 | # EULA configuration
203 | EULA_ENABLED=false # Set variable to true or false
204 |
205 | # EULA status bar text
206 | EULA_STATUS="Waiting on completion of EULA acceptance"
207 |
208 | # EULA button text on the main screen
209 | EULA_BUTTON="Read and Agree to EULA"
210 |
211 | # EULA Screen Title
212 | EULA_MAIN_TITLE="Organization End User License Agreement"
213 |
214 | # EULA Subtitle
215 | EULA_SUBTITLE="Please agree to the following terms and conditions to start configuration of this Mac"
216 |
217 | # Path to the EULA file you would like the user to read and agree to. It is
218 | # best to package this up with Composer or another tool and deliver it to a
219 | # shared area like /Users/Shared/
220 | EULA_FILE_PATH="/Users/Shared/eula.txt"
221 |
222 | #########################################################################################
223 | # Registration Variables to Modify
224 | #########################################################################################
225 | # Registration window configuration
226 | REGISTRATION_ENABLED=true # Set variable to true or false
227 |
228 | # Registration window title
229 | REGISTRATION_TITLE="Register Mac at $ORG_NAME"
230 |
231 | # Registration status bar text
232 | REGISTRATION_STATUS="Waiting on completion of computer registration"
233 |
234 | # Registration window submit or finish button text
235 | REGISTRATION_BUTTON="Register Your Mac"
236 |
237 | # The text and pick list sections below will write the following lines out for
238 | # end users. Use the variables below to configure what the sentence says
239 | # Ex: Setting Computer Name to macBook0132
240 | REGISTRATION_BEGIN_WORD="Setting"
241 | REGISTRATION_MIDDLE_WORD="to"
242 |
243 | # Registration window can have up to two text fields. Leaving the text display
244 | # variable empty will hide the input box. Display text is to the side of the
245 | # input and placeholder text is the gray text inside the input box.
246 | # Registration window can have up to four dropdown / pick list inputs. Leaving
247 | # the pick display variable empty will hide the dropdown / pick list.
248 |
249 | # First Text Field
250 | #######################################################################################
251 | # Text Field Label
252 | REG_TEXT_LABEL_1="First & Last Name"
253 |
254 | # Place Holder Text
255 | REG_TEXT_LABEL_1_PLACEHOLDER="John Smith"
256 |
257 | # Optional flag for making the field an optional input for end user
258 | REG_TEXT_LABEL_1_OPTIONAL="false" # Set variable to true or false
259 |
260 | # Help Bubble for Input. If title left blank, this will not appear
261 | REG_TEXT_LABEL_1_HELP_TITLE="First & Last Name"
262 | REG_TEXT_LABEL_1_HELP_TEXT="Please enter your first & last name"
263 |
264 | # Logic below was put in this section rather than in core code as folks may
265 | # want to change what the field does. This is a function that gets called
266 | # when needed later on. BE VERY CAREFUL IN CHANGING THE FUNCTION!
267 | REG_TEXT_LABEL_1_LOGIC (){
268 | REG_TEXT_LABEL_1_VALUE=$(defaults read "$DEP_NOTIFY_USER_INPUT_PLIST" "$REG_TEXT_LABEL_1")
269 | if [ "$REG_TEXT_LABEL_1_OPTIONAL" = true ] && [ "$REG_TEXT_LABEL_1_VALUE" = "" ]; then
270 | echo "Status: $REG_TEXT_LABEL_1 was left empty. Skipping..." >> "$DEP_NOTIFY_LOG"
271 | echo "$(date "+%a %h %d %H:%M:%S"): $REG_TEXT_LABEL_1 was set to optional and was left empty. Skipping..." >> "$DEP_NOTIFY_DEBUG"
272 | sleep 5
273 | else
274 | echo "Status: $REGISTRATION_BEGIN_WORD $REG_TEXT_LABEL_1 $REGISTRATION_MIDDLE_WORD $REG_TEXT_LABEL_1_VALUE" >> "$DEP_NOTIFY_LOG"
275 | if [ "$TESTING_MODE" = true ]; then
276 | sleep 10
277 | else
278 | "$JAMF_BINARY" recon -realname "$REG_TEXT_LABEL_1_VALUE"
279 | sleep 5
280 | fi
281 | fi
282 | }
283 |
284 |
285 | # Second Text Field
286 | #######################################################################################
287 | # Text Field Label
288 | REG_TEXT_LABEL_2="Email address"
289 |
290 | # Place Holder Text
291 | REG_TEXT_LABEL_2_PLACEHOLDER="$7"
292 |
293 | # Optional flag for making the field an optional input for end user
294 | REG_TEXT_LABEL_2_OPTIONAL="true" # Set variable to true or false
295 |
296 | # Help Bubble for Input. If title left blank, this will not appear
297 | REG_TEXT_LABEL_2_HELP_TITLE="Email Address"
298 | REG_TEXT_LABEL_2_HELP_TEXT="Please enter your work email address"
299 |
300 | # Logic below was put in this section rather than in core code as folks may
301 | # want to change what the field does. This is a function that gets called
302 | # when needed later on. BE VERY CAREFUL IN CHANGING THE FUNCTION!
303 | REG_TEXT_LABEL_2_LOGIC (){
304 | REG_TEXT_LABEL_2_VALUE=$(defaults read "$DEP_NOTIFY_USER_INPUT_PLIST" "$REG_TEXT_LABEL_2")
305 | if [ "$REG_TEXT_LABEL_2_OPTIONAL" = true ] && [ "$REG_TEXT_LABEL_2_VALUE" = "" ]; then
306 | echo "Status: $REG_TEXT_LABEL_2 was left empty. Skipping..." >> "$DEP_NOTIFY_LOG"
307 | echo "$(date "+%a %h %d %H:%M:%S"): $REG_TEXT_LABEL_2 was set to optional and was left empty. Skipping..." >> "$DEP_NOTIFY_DEBUG"
308 | sleep 5
309 | else
310 | echo "Status: $REGISTRATION_BEGIN_WORD $REG_TEXT_LABEL_2 $REGISTRATION_MIDDLE_WORD $REG_TEXT_LABEL_2_VALUE" >> "$DEP_NOTIFY_LOG"
311 | if [ "$TESTING_MODE" = true ]; then
312 | sleep 10
313 | else
314 | "$JAMF_BINARY" recon -email "$REG_TEXT_LABEL_2_VALUE"
315 | sleep 4
316 | username=$(echo $REG_TEXT_LABEL_2_VALUE |awk -F'@' '{print $1}')
317 | "$JAMF_BINARY" recon -endUsername "$username"
318 | fi
319 | fi
320 |
321 | #Rename Mac
322 | ############################################################################################
323 |
324 | serial=$(ioreg -rd1 -c IOPlatformExpertDevice | awk -F'"' '/IOPlatformSerialNumber/{print $4}')
325 | serial_short=$(ioreg -c IOPlatformExpertDevice -d 2 | awk -F\" '/IOPlatformSerialNumber/{print $(NF-1)}' | tail -c 5)
326 |
327 | computer_name="$( echo "$REG_TEXT_LABEL_1_VALUE" | tr " " . )"
328 |
329 | echo $computer_name
330 |
331 | #Start the rename process
332 | /usr/sbin/scutil --set LocalHostName "${computer_name}"
333 | /usr/sbin/scutil --set ComputerName "${computer_name}"
334 | /usr/sbin/scutil --set HostName "${computer_name}"
335 | dscacheutil -flushcache
336 |
337 | echo "Status: $REGISTRATION_BEGIN_WORD Computer Name $REGISTRATION_MIDDLE_WORD $computer_name" >> "$DEP_NOTIFY_LOG"
338 |
339 | "$JAMF_BINARY" setComputerName -name "$COMPUTERNAME"
340 |
341 | #Rename Mac
342 |
343 | }
344 |
345 | # Popup 1
346 | #######################################################################################
347 | # Label for the popup
348 | REG_POPUP_LABEL_1=""
349 |
350 | # Array of options for the user to select
351 | REG_POPUP_LABEL_1_OPTIONS=(
352 | "Amsterdam"
353 | "Katowice"
354 | "Eau Claire"
355 | "Minneapolis"
356 | )
357 |
358 | # Help Bubble for Input. If title left blank, this will not appear
359 | REG_POPUP_LABEL_1_HELP_TITLE="Building Dropdown Field"
360 | REG_POPUP_LABEL_1_HELP_TEXT="Please choose the appropriate building for where you normally work. This is important for inventory purposes."
361 |
362 | # Logic below was put in this section rather than in core code as folks may
363 | # want to change what the field does. This is a function that gets called
364 | # when needed later on. BE VERY CAREFUL IN CHANGING THE FUNCTION!
365 | REG_POPUP_LABEL_1_LOGIC (){
366 | REG_POPUP_LABEL_1_VALUE=$(/usr/bin/defaults read "$DEP_NOTIFY_USER_INPUT_PLIST" "$REG_POPUP_LABEL_1")
367 | echo "Status: $REGISTRATION_BEGIN_WORD $REG_POPUP_LABEL_1 $REGISTRATION_MIDDLE_WORD $REG_POPUP_LABEL_1_VALUE" >> "$DEP_NOTIFY_LOG"
368 | if [ "$TESTING_MODE" = true ]; then
369 | sleep 10
370 | else
371 | "$JAMF_BINARY" recon -building "$REG_POPUP_LABEL_1_VALUE"
372 | fi
373 | }
374 |
375 | # Popup 2
376 | #######################################################################################
377 | # Label for the popup
378 | REG_POPUP_LABEL_2=""
379 |
380 | # Array of options for the user to select
381 | REG_POPUP_LABEL_2_OPTIONS=(
382 | "Customer Onboarding"
383 | "Professional Services"
384 | "Sales Engineering"
385 | )
386 |
387 | # Help Bubble for Input. If title left blank, this will not appear
388 | REG_POPUP_LABEL_2_HELP_TITLE="Department Dropdown Field"
389 | REG_POPUP_LABEL_2_HELP_TEXT="Please choose the appropriate department for where you normally work. This is important for inventory purposes."
390 |
391 | # Logic below was put in this section rather than in core code as folks may
392 | # want to change what the field does. This is a function that gets called
393 | # when needed later on. BE VERY CAREFUL IN CHANGING THE FUNCTION!
394 | REG_POPUP_LABEL_2_LOGIC (){
395 | REG_POPUP_LABEL_2_VALUE=$(/usr/bin/defaults read "$DEP_NOTIFY_USER_INPUT_PLIST" "$REG_POPUP_LABEL_2")
396 | echo "Status: $REGISTRATION_BEGIN_WORD $REG_POPUP_LABEL_2 $REGISTRATION_MIDDLE_WORD $REG_POPUP_LABEL_2_VALUE" >> "$DEP_NOTIFY_LOG"
397 | if [ "$TESTING_MODE" = true ]; then
398 | sleep 10
399 | else
400 | "$JAMF_BINARY" recon -department "$REG_POPUP_LABEL_2_VALUE"
401 | fi
402 | }
403 |
404 | # Popup 3 - Code is here but currently unused
405 | #######################################################################################
406 | # Label for the popup
407 | REG_POPUP_LABEL_3=""
408 |
409 | # Array of options for the user to select
410 | REG_POPUP_LABEL_3_OPTIONS=(
411 | "Option 1"
412 | "Option 2"
413 | "Option 3"
414 | )
415 |
416 | # Help Bubble for Input. If title left blank, this will not appear
417 | REG_POPUP_LABEL_3_HELP_TITLE="Dropdown 3 Field"
418 | REG_POPUP_LABEL_3_HELP_TEXT="This dropdown is currently not in use. All code is here ready for you to use. It can also be hidden by removing the contents of the REG_POPUP_LABEL_3 variable."
419 |
420 | # Logic below was put in this section rather than in core code as folks may
421 | # want to change what the field does. This is a function that gets called
422 | # when needed later on. BE VERY CAREFUL IN CHANGING THE FUNCTION!
423 | REG_POPUP_LABEL_3_LOGIC (){
424 | REG_POPUP_LABEL_3_VALUE=$(/usr/bin/defaults read "$DEP_NOTIFY_USER_INPUT_PLIST" "$REG_POPUP_LABEL_3")
425 | echo "Status: $REGISTRATION_BEGIN_WORD $REG_POPUP_LABEL_3 $REGISTRATION_MIDDLE_WORD $REG_POPUP_LABEL_3_VALUE" >> "$DEP_NOTIFY_LOG"
426 | if [ "$TESTING_MODE" = true ]; then
427 | sleep 10
428 | else
429 | sleep 10
430 | fi
431 | }
432 |
433 | # Popup 4 - Code is here but currently unused
434 | #######################################################################################
435 | # Label for the popup
436 | REG_POPUP_LABEL_4=""
437 |
438 | # Array of options for the user to select
439 | REG_POPUP_LABEL_4_OPTIONS=(
440 | "Option 1"
441 | "Option 2"
442 | "Option 3"
443 | )
444 |
445 | # Help Bubble for Input. If title left blank, this will not appear
446 | REG_POPUP_LABEL_4_HELP_TITLE="Dropdown 4 Field"
447 | REG_POPUP_LABEL_4_HELP_TEXT="This dropdown is currently not in use. All code is here ready for you to use. It can also be hidden by removing the contents of the REG_POPUP_LABEL_4 variable."
448 |
449 | # Logic below was put in this section rather than in core code as folks may
450 | # want to change what the field does. This is a function that gets called
451 | # when needed later on. BE VERY CAREFUL IN CHANGING THE FUNCTION!
452 | REG_POPUP_LABEL_4_LOGIC (){
453 | REG_POPUP_LABEL_4_VALUE=$(/usr/bin/defaults read "$DEP_NOTIFY_USER_INPUT_PLIST" "$REG_POPUP_LABEL_4")
454 | echo "Status: $REGISTRATION_BEGIN_WORD $REG_POPUP_LABEL_4 $REGISTRATION_MIDDLE_WORD $REG_POPUP_LABEL_4_VALUE" >> "$DEP_NOTIFY_LOG"
455 | if [ "$TESTING_MODE" = true ]; then
456 | sleep 10
457 | else
458 | sleep 10
459 | fi
460 | }
461 |
462 | #########################################################################################
463 | #########################################################################################
464 | # Core Script Logic - Don't Change Without Major Testing
465 | #########################################################################################
466 | #########################################################################################
467 |
468 | # Variables for File Paths
469 | JAMF_BINARY="/usr/local/bin/jamf"
470 | FDE_SETUP_BINARY="/usr/bin/fdesetup"
471 | DEP_NOTIFY_APP="/Applications/Utilities/DEPNotify.app"
472 | DEP_NOTIFY_LOG="/var/tmp/depnotify.log"
473 | DEP_NOTIFY_DEBUG="/var/tmp/depnotifyDebug.log"
474 | DEP_NOTIFY_DONE="/var/tmp/com.depnotify.provisioning.done"
475 |
476 |
477 | # Standard Testing Mode Enhancements
478 | if [ "$TESTING_MODE" = true ]; then
479 | # Removing old config file if present (Testing Mode Only)
480 | if [ -f "$DEP_NOTIFY_LOG" ]; then rm "$DEP_NOTIFY_LOG"; fi
481 | if [ -f "$DEP_NOTIFY_DONE" ]; then rm "$DEP_NOTIFY_DONE"; fi
482 | if [ -f "$DEP_NOTIFY_DEBUG" ]; then rm "$DEP_NOTIFY_DEBUG"; fi
483 | # Setting Quit Key set to command + control + x (Testing Mode Only)
484 | echo "Command: QuitKey: x" >> "$DEP_NOTIFY_LOG"
485 | fi
486 |
487 | # Validating true/false flags
488 | if [ "$TESTING_MODE" != true ] && [ "$TESTING_MODE" != false ]; then
489 | echo "$(date "+%a %h %d %H:%M:%S"): Testing configuration not set properly. Currently set to $TESTING_MODE. Please update to true or false." >> "$DEP_NOTIFY_DEBUG"
490 | exit 1
491 | fi
492 | if [ "$FULLSCREEN" != true ] && [ "$FULLSCREEN" != false ]; then
493 | echo "$(date "+%a %h %d %H:%M:%S"): Fullscreen configuration not set properly. Currently set to $FULLSCREEN. Please update to true or false." >> "$DEP_NOTIFY_DEBUG"
494 | exit 1
495 | fi
496 | if [ "$NO_SLEEP" != true ] && [ "$NO_SLEEP" != false ]; then
497 | echo "$(date "+%a %h %d %H:%M:%S"): Sleep configuration not set properly. Currently set to $NO_SLEEP. Please update to true or false." >> "$DEP_NOTIFY_DEBUG"
498 | exit 1
499 | fi
500 | if [ "$SELF_SERVICE_CUSTOM_BRANDING" != true ] && [ "$SELF_SERVICE_CUSTOM_BRANDING" != false ]; then
501 | echo "$(date "+%a %h %d %H:%M:%S"): Self Service Custom Branding configuration not set properly. Currently set to $SELF_SERVICE_CUSTOM_BRANDING. Please update to true or false." >> "$DEP_NOTIFY_DEBUG"
502 | exit 1
503 | fi
504 | if [ "$COMPLETE_METHOD_DROPDOWN_ALERT" != true ] && [ "$COMPLETE_METHOD_DROPDOWN_ALERT" != false ]; then
505 | echo "$(date "+%a %h %d %H:%M:%S"): Completion alert method not set properly. Currently set to $COMPLETE_METHOD_DROPDOWN_ALERT. Please update to true or false." >> "$DEP_NOTIFY_DEBUG"
506 | exit 1
507 | fi
508 | if [ "$EULA_ENABLED" != true ] && [ "$EULA_ENABLED" != false ]; then
509 | echo "$(date "+%a %h %d %H:%M:%S"): EULA configuration not set properly. Currently set to $EULA_ENABLED. Please update to true or false." >> "$DEP_NOTIFY_DEBUG"
510 | exit 1
511 | fi
512 | if [ "$REGISTRATION_ENABLED" != true ] && [ "$REGISTRATION_ENABLED" != false ]; then
513 | echo "$(date "+%a %h %d %H:%M:%S"): Registration configuration not set properly. Currently set to $REGISTRATION_ENABLED. Please update to true or false." >> "$DEP_NOTIFY_DEBUG"
514 | exit 1
515 | fi
516 |
517 | # Run DEP Notify will run after Apple Setup Assistant
518 | SETUP_ASSISTANT_PROCESS=$(pgrep -l "Setup Assistant")
519 | until [ "$SETUP_ASSISTANT_PROCESS" = "" ]; do
520 | echo "$(date "+%a %h %d %H:%M:%S"): Setup Assistant Still Running. PID $SETUP_ASSISTANT_PROCESS." >> "$DEP_NOTIFY_DEBUG"
521 | sleep 1
522 | SETUP_ASSISTANT_PROCESS=$(pgrep -l "Setup Assistant")
523 | done
524 |
525 | # Checking to see if the Finder is running now before continuing. This can help
526 | # in scenarios where an end user is not configuring the device.
527 | FINDER_PROCESS=$(pgrep -l "Finder")
528 | until [ "$FINDER_PROCESS" != "" ]; do
529 | echo "$(date "+%a %h %d %H:%M:%S"): Finder process not found. Assuming device is at login screen." >> "$DEP_NOTIFY_DEBUG"
530 | sleep 1
531 | FINDER_PROCESS=$(pgrep -l "Finder")
532 | done
533 |
534 | # After the Apple Setup completed. Now safe to grab the current user.
535 | CURRENT_USER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");')
536 | echo "$(date "+%a %h %d %H:%M:%S"): Current user set to $CURRENT_USER." >> "$DEP_NOTIFY_DEBUG"
537 |
538 | # Stop DEPNotify if there was already a DEPNotify window running (from a PreStage package postinstall script).
539 | PREVIOUS_DEP_NOTIFY_PROCESS=$(pgrep -l "DEPNotify" | cut -d " " -f1)
540 | until [ "$PREVIOUS_DEP_NOTIFY_PROCESS" = "" ]; do
541 | echo "$(date "+%a %h %d %H:%M:%S"): Stopping the previously-opened instance of DEPNotify." >> "$DEP_NOTIFY_DEBUG"
542 | kill $PREVIOUS_DEP_NOTIFY_PROCESS
543 | PREVIOUS_DEP_NOTIFY_PROCESS=$(pgrep -l "DEPNotify" | cut -d " " -f1)
544 | done
545 |
546 | # Stop BigHonkingText if it's running (from a PreStage package postinstall script).
547 | BIG_HONKING_TEXT_PROCESS=$(pgrep -l "BigHonkingText" | cut -d " " -f1)
548 | until [ "$BIG_HONKING_TEXT_PROCESS" = "" ]; do
549 | echo "$(date "+%a %h %d %H:%M:%S"): Stopping the previously-opened instance of BigHonkingText." >> "$DEP_NOTIFY_DEBUG"
550 | kill $BIG_HONKING_TEXT_PROCESS
551 | BIG_HONKING_TEXT_PROCESS=$(pgrep -l "BigHonkingText" | cut -d " " -f1)
552 | done
553 |
554 | # Adding Check and Warning if Testing Mode is off and BOM files exist
555 | if [[ ( -f "$DEP_NOTIFY_LOG" || -f "$DEP_NOTIFY_DONE" ) && "$TESTING_MODE" = false ]]; then
556 | echo "$(date "+%a %h %d %H:%M:%S"): TESTING_MODE set to false but config files were found in /var/tmp. Letting user know and exiting." >> "$DEP_NOTIFY_DEBUG"
557 | mv "$DEP_NOTIFY_LOG" "/var/tmp/depnotify_old.log"
558 | echo "Command: MainTitle: $ERROR_BANNER_TITLE" >> "$DEP_NOTIFY_LOG"
559 | echo "Command: MainText: $ERROR_MAIN_TEXT" >> "$DEP_NOTIFY_LOG"
560 | echo "Status: $ERROR_STATUS" >> "$DEP_NOTIFY_LOG"
561 | sudo -u "$CURRENT_USER" open -a "$DEP_NOTIFY_APP" --args -path "$DEP_NOTIFY_LOG"
562 | sleep 5
563 | exit 1
564 | fi
565 |
566 | # If SELF_SERVICE_CUSTOM_BRANDING is set to true. Loading the updated icon
567 | if [ "$SELF_SERVICE_CUSTOM_BRANDING" = true ]; then
568 | open -a "/Applications/$SELF_SERVICE_APP_NAME" --hide
569 |
570 | # Loop waiting on the branding image to properly show in the users library
571 | SELF_SERVICE_COUNTER=0
572 | CUSTOM_BRANDING_PNG="/Users/$CURRENT_USER/Library/Application Support/com.jamfsoftware.selfservice.mac/Documents/Images/brandingimage.png"
573 | until [ -f "$CUSTOM_BRANDING_PNG" ]; do
574 | echo "$(date "+%a %h %d %H:%M:%S"): Waiting for branding image from Jamf Pro." >> "$DEP_NOTIFY_DEBUG"
575 | sleep 1
576 | (( SELF_SERVICE_COUNTER++ ))
577 | if [ $SELF_SERVICE_COUNTER -gt $SELF_SERVICE_CUSTOM_WAIT ];then
578 | CUSTOM_BRANDING_PNG="/Applications/Self Service.app/Contents/Resources/AppIcon.icns"
579 | break
580 | fi
581 | done
582 |
583 | # Setting Banner Image for DEP Notify to Self Service Custom Branding
584 | BANNER_IMAGE_PATH="$CUSTOM_BRANDING_PNG"
585 |
586 | # Closing Self Service
587 | SELF_SERVICE_PID=$(pgrep -l "Self Service" | cut -d' ' -f1)
588 | echo "$(date "+%a %h %d %H:%M:%S"): Self Service custom branding icon has been loaded. Killing Self Service PID $SELF_SERVICE_PID." >> "$DEP_NOTIFY_DEBUG"
589 | kill "$SELF_SERVICE_PID"
590 | fi
591 |
592 | # Setting custom image if specified
593 | if [ "$BANNER_IMAGE_PATH" != "" ]; then echo "Command: Image: $BANNER_IMAGE_PATH" >> "$DEP_NOTIFY_LOG"; fi
594 |
595 | # Setting custom title if specified
596 | if [ "$BANNER_TITLE" != "" ]; then echo "Command: MainTitle: $BANNER_TITLE" >> "$DEP_NOTIFY_LOG"; fi
597 |
598 | # Setting custom main text if specified
599 | if [ "$MAIN_TEXT" != "" ]; then echo "Command: MainText: $MAIN_TEXT" >> "$DEP_NOTIFY_LOG"; fi
600 |
601 | # General Plist Configuration
602 | # Calling function to set the INFO_PLIST_PATH
603 | INFO_PLIST_WRAPPER
604 |
605 | # The plist information below
606 | DEP_NOTIFY_CONFIG_PLIST="/Users/$CURRENT_USER/Library/Preferences/menu.nomad.DEPNotify.plist"
607 |
608 | # If testing mode is on, this will remove some old configuration files
609 | if [ "$TESTING_MODE" = true ] && [ -f "$DEP_NOTIFY_CONFIG_PLIST" ]; then rm "$DEP_NOTIFY_CONFIG_PLIST"; fi
610 | if [ "$TESTING_MODE" = true ] && [ -f "$DEP_NOTIFY_USER_INPUT_PLIST" ]; then rm "$DEP_NOTIFY_USER_INPUT_PLIST"; fi
611 |
612 | # Setting default path to the plist which stores all the user completed info
613 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" pathToPlistFile "$DEP_NOTIFY_USER_INPUT_PLIST"
614 |
615 | # Setting status text alignment
616 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" statusTextAlignment "$STATUS_TEXT_ALIGN"
617 |
618 | # Setting help button
619 | if [ "$HELP_BUBBLE_TITLE" != "" ]; then
620 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" helpBubble -array-add "$HELP_BUBBLE_TITLE"
621 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" helpBubble -array-add "$HELP_BUBBLE_BODY"
622 | fi
623 |
624 | # EULA Configuration
625 | if [ "$EULA_ENABLED" = true ]; then
626 | DEP_NOTIFY_EULA_DONE="/var/tmp/com.depnotify.agreement.done"
627 |
628 | # If testing mode is on, this will remove EULA specific configuration files
629 | if [ "$TESTING_MODE" = true ] && [ -f "$DEP_NOTIFY_EULA_DONE" ]; then rm "$DEP_NOTIFY_EULA_DONE"; fi
630 |
631 | # Writing title, subtitle, and EULA txt location to plist
632 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" EULAMainTitle "$EULA_MAIN_TITLE"
633 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" EULASubTitle "$EULA_SUBTITLE"
634 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" pathToEULA "$EULA_FILE_PATH"
635 |
636 | # Setting ownership of EULA file
637 | chown "$CURRENT_USER:staff" "$EULA_FILE_PATH"
638 | chmod 444 "$EULA_FILE_PATH"
639 | fi
640 |
641 | # Registration Plist Configuration
642 | if [ "$REGISTRATION_ENABLED" = true ]; then
643 | DEP_NOTIFY_REGISTER_DONE="/var/tmp/com.depnotify.registration.done"
644 |
645 | # If testing mode is on, this will remove registration specific configuration files
646 | if [ "$TESTING_MODE" = true ] && [ -f "$DEP_NOTIFY_REGISTER_DONE" ]; then rm "$DEP_NOTIFY_REGISTER_DONE"; fi
647 |
648 | # Main Window Text Configuration
649 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" registrationMainTitle "$REGISTRATION_TITLE"
650 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" registrationButtonLabel "$REGISTRATION_BUTTON"
651 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" registrationPicturePath "$BANNER_IMAGE_PATH"
652 |
653 | # First Text Box Configuration
654 | if [ "$REG_TEXT_LABEL_1" != "" ]; then
655 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField1Label "$REG_TEXT_LABEL_1"
656 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField1Placeholder "$REG_TEXT_LABEL_1_PLACEHOLDER"
657 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField1IsOptional "$REG_TEXT_LABEL_1_OPTIONAL"
658 | # Code for showing the help box if configured
659 | if [ "$REG_TEXT_LABEL_1_HELP_TITLE" != "" ]; then
660 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField1Bubble -array-add "$REG_TEXT_LABEL_1_HELP_TITLE"
661 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField1Bubble -array-add "$REG_TEXT_LABEL_1_HELP_TEXT"
662 | fi
663 | fi
664 |
665 | # Second Text Box Configuration
666 | if [ "$REG_TEXT_LABEL_2" != "" ]; then
667 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField2Label "$REG_TEXT_LABEL_2"
668 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField2Placeholder "$REG_TEXT_LABEL_2_PLACEHOLDER"
669 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField2IsOptional "$REG_TEXT_LABEL_2_OPTIONAL"
670 | # Code for showing the help box if configured
671 | if [ "$REG_TEXT_LABEL_2_HELP_TITLE" != "" ]; then
672 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField2Bubble -array-add "$REG_TEXT_LABEL_2_HELP_TITLE"
673 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField2Bubble -array-add "$REG_TEXT_LABEL_2_HELP_TEXT"
674 | fi
675 | fi
676 |
677 | # Popup 1
678 | if [ "$REG_POPUP_LABEL_1" != "" ]; then
679 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton1Label "$REG_POPUP_LABEL_1"
680 | # Code for showing the help box if configured
681 | if [ "$REG_POPUP_LABEL_1_HELP_TITLE" != "" ]; then
682 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu1Bubble -array-add "$REG_POPUP_LABEL_1_HELP_TITLE"
683 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu1Bubble -array-add "$REG_POPUP_LABEL_1_HELP_TEXT"
684 | fi
685 | # Code for adding the items from the array above into the plist
686 | for REG_POPUP_LABEL_1_OPTION in "${REG_POPUP_LABEL_1_OPTIONS[@]}"; do
687 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton1Content -array-add "$REG_POPUP_LABEL_1_OPTION"
688 | done
689 | fi
690 |
691 | # Popup 2
692 | if [ "$REG_POPUP_LABEL_2" != "" ]; then
693 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton2Label "$REG_POPUP_LABEL_2"
694 | # Code for showing the help box if configured
695 | if [ "$REG_POPUP_LABEL_2_HELP_TITLE" != "" ]; then
696 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu2Bubble -array-add "$REG_POPUP_LABEL_2_HELP_TITLE"
697 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu2Bubble -array-add "$REG_POPUP_LABEL_2_HELP_TEXT"
698 | fi
699 | # Code for adding the items from the array above into the plist
700 | for REG_POPUP_LABEL_2_OPTION in "${REG_POPUP_LABEL_2_OPTIONS[@]}"; do
701 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton2Content -array-add "$REG_POPUP_LABEL_2_OPTION"
702 | done
703 | fi
704 |
705 | # Popup 3
706 | if [ "$REG_POPUP_LABEL_3" != "" ]; then
707 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton3Label "$REG_POPUP_LABEL_3"
708 | # Code for showing the help box if configured
709 | if [ "$REG_POPUP_LABEL_3_HELP_TITLE" != "" ]; then
710 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu3Bubble -array-add "$REG_POPUP_LABEL_3_HELP_TITLE"
711 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu3Bubble -array-add "$REG_POPUP_LABEL_3_HELP_TEXT"
712 | fi
713 | # Code for adding the items from the array above into the plist
714 | for REG_POPUP_LABEL_3_OPTION in "${REG_POPUP_LABEL_3_OPTIONS[@]}"; do
715 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton3Content -array-add "$REG_POPUP_LABEL_3_OPTION"
716 | done
717 | fi
718 |
719 | # Popup 4
720 | if [ "$REG_POPUP_LABEL_4" != "" ]; then
721 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton4Label "$REG_POPUP_LABEL_4"
722 | # Code for showing the help box if configured
723 | if [ "$REG_POPUP_LABEL_4_HELP_TITLE" != "" ]; then
724 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu4Bubble -array-add "$REG_POPUP_LABEL_4_HELP_TITLE"
725 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu4Bubble -array-add "$REG_POPUP_LABEL_4_HELP_TEXT"
726 | fi
727 | # Code for adding the items from the array above into the plist
728 | for REG_POPUP_LABEL_4_OPTION in "${REG_POPUP_LABEL_4_OPTIONS[@]}"; do
729 | /usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton4Content -array-add "$REG_POPUP_LABEL_4_OPTION"
730 | done
731 | fi
732 | fi
733 |
734 | # Changing Ownership of the plist file
735 | chown "$CURRENT_USER":staff "$DEP_NOTIFY_CONFIG_PLIST"
736 | chmod 600 "$DEP_NOTIFY_CONFIG_PLIST"
737 |
738 | # Opening the app after initial configuration
739 | if [ "$FULLSCREEN" = true ]; then
740 | sudo -u "$CURRENT_USER" open -a "$DEP_NOTIFY_APP" --args -path "$DEP_NOTIFY_LOG" -fullScreen
741 | elif [ "$FULLSCREEN" = false ]; then
742 | sudo -u "$CURRENT_USER" open -a "$DEP_NOTIFY_APP" --args -path "$DEP_NOTIFY_LOG"
743 | fi
744 |
745 | # Grabbing the DEP Notify Process ID for use later
746 | DEP_NOTIFY_PROCESS=$(pgrep -l "DEPNotify" | cut -d " " -f1)
747 | until [ "$DEP_NOTIFY_PROCESS" != "" ]; do
748 | echo "$(date "+%a %h %d %H:%M:%S"): Waiting for DEPNotify to start to gather the process ID." >> "$DEP_NOTIFY_DEBUG"
749 | sleep 1
750 | DEP_NOTIFY_PROCESS=$(pgrep -l "DEPNotify" | cut -d " " -f1)
751 | done
752 |
753 | # Using Caffeinate binary to keep the computer awake if enabled
754 | if [ "$NO_SLEEP" = true ]; then
755 | echo "$(date "+%a %h %d %H:%M:%S"): Caffeinating DEP Notify process. Process ID: $DEP_NOTIFY_PROCESS" >> "$DEP_NOTIFY_DEBUG"
756 | caffeinate -disu -w "$DEP_NOTIFY_PROCESS"&
757 | fi
758 |
759 | # Adding an alert prompt to let admins know that the script is in testing mode
760 | if [ "$TESTING_MODE" = true ]; then
761 | echo "Command: Alert: DEP Notify is in TESTING_MODE. Script will not run Policies or other commands that make change to this computer." >> "$DEP_NOTIFY_LOG"
762 | fi
763 |
764 | # Adding nice text and a brief pause for prettiness
765 | echo "Status: $INITAL_START_STATUS" >> "$DEP_NOTIFY_LOG"
766 | sleep 5
767 |
768 | # Setting the status bar
769 | # Counter is for making the determinate look nice. Starts at one and adds
770 | # more based on EULA, register, or other options.
771 | ADDITIONAL_OPTIONS_COUNTER=1
772 | if [ "$EULA_ENABLED" = true ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
773 | if [ "$REGISTRATION_ENABLED" = true ]; then ((ADDITIONAL_OPTIONS_COUNTER++))
774 | if [ "$REG_TEXT_LABEL_1" != "" ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
775 | if [ "$REG_TEXT_LABEL_2" != "" ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
776 | if [ "$REG_POPUP_LABEL_1" != "" ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
777 | if [ "$REG_POPUP_LABEL_2" != "" ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
778 | if [ "$REG_POPUP_LABEL_3" != "" ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
779 | if [ "$REG_POPUP_LABEL_4" != "" ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
780 | fi
781 |
782 | # Checking policy array and adding the count from the additional options above.
783 | ARRAY_LENGTH="$((${#POLICY_ARRAY[@]}+ADDITIONAL_OPTIONS_COUNTER))"
784 | echo "Command: Determinate: $ARRAY_LENGTH" >> "$DEP_NOTIFY_LOG"
785 |
786 | # EULA Window Display Logic
787 | if [ "$EULA_ENABLED" = true ]; then
788 | echo "Status: $EULA_STATUS" >> "$DEP_NOTIFY_LOG"
789 | echo "Command: ContinueButtonEULA: $EULA_BUTTON" >> "$DEP_NOTIFY_LOG"
790 | while [ ! -f "$DEP_NOTIFY_EULA_DONE" ]; do
791 | echo "$(date "+%a %h %d %H:%M:%S"): Waiting for user to accept EULA." >> "$DEP_NOTIFY_DEBUG"
792 | sleep 1
793 | done
794 | fi
795 |
796 | # Registration Window Display Logic
797 | if [ "$REGISTRATION_ENABLED" = true ]; then
798 | echo "Status: $REGISTRATION_STATUS" >> "$DEP_NOTIFY_LOG"
799 | echo "Command: ContinueButtonRegister: $REGISTRATION_BUTTON" >> "$DEP_NOTIFY_LOG"
800 | while [ ! -f "$DEP_NOTIFY_REGISTER_DONE" ]; do
801 | echo "$(date "+%a %h %d %H:%M:%S"): Waiting for user to complete registration." >> "$DEP_NOTIFY_DEBUG"
802 | sleep 1
803 | done
804 | # Running Logic For Each Registration Box
805 | if [ "$REG_TEXT_LABEL_1" != "" ]; then REG_TEXT_LABEL_1_LOGIC; fi
806 | if [ "$REG_TEXT_LABEL_2" != "" ]; then REG_TEXT_LABEL_2_LOGIC; fi
807 | if [ "$REG_POPUP_LABEL_1" != "" ]; then REG_POPUP_LABEL_1_LOGIC; fi
808 | if [ "$REG_POPUP_LABEL_2" != "" ]; then REG_POPUP_LABEL_2_LOGIC; fi
809 | if [ "$REG_POPUP_LABEL_3" != "" ]; then REG_POPUP_LABEL_3_LOGIC; fi
810 | if [ "$REG_POPUP_LABEL_4" != "" ]; then REG_POPUP_LABEL_4_LOGIC; fi
811 | fi
812 |
813 | # Loop to run policies
814 | for POLICY in "${POLICY_ARRAY[@]}"; do
815 | echo "Status: $(echo "$POLICY" | cut -d ',' -f1)" >> "$DEP_NOTIFY_LOG"
816 | if [ "$TESTING_MODE" = true ]; then
817 | sleep 10
818 | elif [ "$TESTING_MODE" = false ]; then
819 | "$JAMF_BINARY" policy "-$TRIGGER" "$(echo "$POLICY" | cut -d ',' -f2)"
820 | fi
821 | done
822 |
823 | # Nice completion text
824 | echo "Status: $INSTALL_COMPLETE_TEXT" >> "$DEP_NOTIFY_LOG"
825 |
826 | # Check to see if FileVault Deferred enablement is active
827 | FV_DEFERRED_STATUS=$($FDE_SETUP_BINARY status | grep "Deferred" | cut -d ' ' -f6)
828 |
829 | # Logic to log user out if FileVault is detected. Otherwise, app will close.
830 | if [ "$FV_DEFERRED_STATUS" = "active" ] && [ "$TESTING_MODE" = true ]; then
831 | if [ "$COMPLETE_METHOD_DROPDOWN_ALERT" = true ]; then
832 | echo "Command: Quit: This is typically where your FV_LOGOUT_TEXT would be displayed. However, TESTING_MODE is set to true and FileVault deferred status is on." >> "$DEP_NOTIFY_LOG"
833 | else
834 | echo "Command: MainText: TESTING_MODE is set to true and FileVault deferred status is on. Button effect is quit instead of logout. \n \n $FV_COMPLETE_MAIN_TEXT" >> "$DEP_NOTIFY_LOG"
835 | echo "Command: ContinueButton: Test $FV_COMPLETE_BUTTON_TEXT" >> "$DEP_NOTIFY_LOG"
836 | fi
837 | elif [ "$FV_DEFERRED_STATUS" = "active" ] && [ "$TESTING_MODE" = false ]; then
838 | if [ "$COMPLETE_METHOD_DROPDOWN_ALERT" = true ]; then
839 | echo "Command: Logout: $FV_ALERT_TEXT" >> "$DEP_NOTIFY_LOG"
840 | else
841 | echo "Command: MainText: $FV_COMPLETE_MAIN_TEXT" >> "$DEP_NOTIFY_LOG"
842 | echo "Command: ContinueButtonLogout: $FV_COMPLETE_BUTTON_TEXT" >> "$DEP_NOTIFY_LOG"
843 | fi
844 | else
845 | if [ "$COMPLETE_METHOD_DROPDOWN_ALERT" = true ]; then
846 | echo "Command: Quit: $COMPLETE_ALERT_TEXT" >> "$DEP_NOTIFY_LOG"
847 | else
848 | echo "Command: MainText: $COMPLETE_MAIN_TEXT" >> "$DEP_NOTIFY_LOG"
849 | echo "Command: ContinueButton: $COMPLETE_BUTTON_TEXT" >> "$DEP_NOTIFY_LOG"
850 | fi
851 | fi
852 |
853 | exit 0
--------------------------------------------------------------------------------
/Scripts/Quick Add Post-install script.sh:
--------------------------------------------------------------------------------
1 | #!/bin/zsh
2 | # Created by Kyle Ericson
3 | # Quick Add Post-install script
4 |
5 | loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
6 |
7 | # Jamf Pro URL
8 | # This is the your Jamf Pro url without the .jamfcloud.com
9 | url="yourjamfprourlname"
10 | # Jamf Pro Invite URL
11 | # Replace this with the invite ID in Jamf Pro
12 | invite="00000000000000000000000000000000000000"
13 |
14 | ############
15 |
16 | /usr/bin/open -a Safari "https://$url.jamfcloud.com/enroll?invitation=$invite"
17 |
18 | for wait_seconds in {1..300}; do
19 | if [[ -f "/Users/$loggedInUser/Downloads/enrollmentProfile.mobileconfig" ]]; then
20 | open -b com.apple.systempreferences /System/Library/PreferencePanes/Profiles.prefPane
21 | sleep 4
22 | osascript -e 'display dialog "Click install on the MDM Profile.\nThen click install again & type your password.\nThen click ok on this popup message" with icon alias (POSIX file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/Actions.icns")'
23 | break # Exit loop whenever the file exists to not always wait 5 minutes.
24 | else
25 | sleep 1 # Waiting 1 second up to 300 times is a maximum 5 minute wait time.
26 | fi
27 | done
28 |
29 | exit 0
30 |
--------------------------------------------------------------------------------
/Scripts/Secure_Token_Handoff.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #Script to grant secure token to another user.
3 | #Add a loop for waiting got the macOS dekstop to load.
4 | #Credits to Travelling Tech Guy
5 | # Version 1.0
6 |
7 |
8 | # Check if a User is logged in
9 | if pgrep -x "Finder" \
10 | && pgrep -x "Dock" \
11 | && [ "$CURRENTUSER" != "_mbsetupuser" ]; then
12 |
13 | ###### Vars to update###################################
14 | # additional Admin credentials
15 | addAdminUser=$4
16 | addAdminUserPassword=$5
17 | PROMPT_TITLE=$6
18 | LOGO=$7
19 | ###### Vars to update###################################
20 |
21 | # Prompt for password
22 | CURRENT_USER=$(/bin/echo "show State:/Users/ConsoleUser" | /usr/sbin/scutil | /usr/bin/awk '/Name :/&&!/loginwindow/{print $3}')
23 |
24 | # Validate logo file. If no logo is provided or if the file cannot be found at
25 | # specified path, default to the FileVault icon.
26 | if [[ -z "$LOGO" ]] || [[ ! -f "$LOGO" ]]; then
27 | /bin/echo "No logo provided, or no logo exists at specified path. Using FileVault icon."
28 | LOGO="/System/Library/PreferencePanes/Security.prefPane/Contents/Resources/FileVault.icns"
29 | fi
30 |
31 | # Convert POSIX path of logo icon to Mac path for AppleScript.
32 | LOGO_POSIX="$(/usr/bin/osascript -e 'tell application "System Events" to return POSIX file "'"$LOGO"'" as text')"
33 |
34 | # Get information necessary to display messages in the current user's context.
35 | USER_ID=$(/usr/bin/id -u "$CURRENT_USER")
36 | L_ID=$USER_ID
37 | L_METHOD="asuser"
38 |
39 | # Check if the admin provided exists on the system
40 | if [[ $("/usr/sbin/dseditgroup" -o checkmember -m $addAdminUser admin / 2>&1) =~ "Unable" ]]; then
41 | addAdminUserType="LiesItDoesNotExists"
42 | else
43 | addAdminUserType="AllGood"
44 | fi
45 | if [ "$addAdminUserType" = LiesItDoesNotExists ]; then
46 | echo "Admin user status: LIES! it did not exist go check the data" && exit 20
47 | else
48 | echo "Admin user status: You where right! the account did exists"
49 | fi
50 | # Check if our admin has a Secure Token
51 |
52 | if [[ $("/usr/sbin/sysadminctl" -secureTokenStatus "$addAdminUser" 2>&1) =~ "ENABLED" ]]; then
53 | adminToken="true"
54 | else
55 | adminToken="false"
56 | fi
57 | echo "Admin Token: $adminToken"
58 | # Check if $addAdminUser is actually an administrator
59 |
60 | if [[ $("/usr/sbin/dseditgroup" -o checkmember -m $addAdminUser admin / 2>&1) =~ "yes" ]]; then
61 | AdminUserType="ItWasAdmin"
62 | else
63 | AdminUserType="LiesItWasNotAdmin"
64 | fi
65 | echo "Admin Account Status: $AdminUserType"
66 | #Fixing the admin to make it admin
67 | if [ "$AdminUserType" = LiesItWasNotAdmin ]; then
68 | dscl . -append /groups/admin GroupMembership $addAdminUser
69 | echo "Admin Promo status: It wasnt admin but now it is"
70 | else
71 | echo "Admin Promo status: No Action Needed "
72 | fi
73 | # Check if FileVault is Enabled
74 | # I'm not using this variable in the rest of the script. Only added it in case you want to customise the script and enable FileVault at the end if 'fvStatus' is false
75 |
76 | if [[ $("/usr/bin/fdesetup" status 2>&1) =~ "FileVault is On." ]]; then
77 | fvStatus="true"
78 | else
79 | fvStatus="false"
80 | fi
81 | echo "FV Status: $fvStatus"
82 |
83 | # Check Secure Tokens Status - Do we have any Token Holder?
84 |
85 | if [[ $("/usr/sbin/diskutil" apfs listcryptousers / 2>&1) =~ "No cryptographic users" ]]; then
86 | tokenStatus="false"
87 | else
88 | tokenStatus="true"
89 | fi
90 | echo "Token Status $tokenStatus"
91 |
92 |
93 | # Get the current logged in user
94 | userName=$(/bin/echo "show State:/Users/ConsoleUser" | /usr/sbin/scutil | /usr/bin/awk '/Name :/&&!/loginwindow/{print $3}')
95 |
96 | # Check if end user is admin
97 |
98 | if [[ $("/usr/sbin/dseditgroup" -o checkmember -m $userName admin / 2>&1) =~ "yes" ]]; then
99 | userType="Admin"
100 | else
101 | userType="Not admin"
102 | fi
103 | echo "User type: $userType"
104 |
105 | # Check Token status for end user
106 |
107 | if [[ $("/usr/sbin/sysadminctl" -secureTokenStatus "$userName" 2>&1) =~ "ENABLED" ]]; then
108 | userToken="true"
109 | else
110 | userToken="false"
111 | fi
112 | echo "User Token: $userToken"
113 |
114 | # If both end user and additional admin have a secure token
115 |
116 | if [[ $userToken = "true" && $adminToken = "true" ]]; then
117 | echo "All is good!"
118 | exit 0
119 | fi
120 |
121 |
122 |
123 | # Get the logged in user's password via a prompt.
124 | echo "Prompting $CURRENT_USER for their Mac password..."
125 |
126 | echo "Prompting ${userName} for their login password."
127 | userPass="$(/bin/launchctl "$L_METHOD" "$L_ID" /usr/bin/osascript -e 'display dialog "Please enter the password you use to log in to your Mac:" default answer "" with title "'"${PROMPT_TITLE//\"/\\\"}"'" giving up after 86400 with text buttons {"OK"} default button 1 with hidden answer with icon file "'"${LOGO_POSIX//\"/\\\"}"'"' -e 'return text returned of result')"
128 |
129 | # Check if the password is ok
130 | passDSCLCheck=`dscl /Local/Default authonly $userName $userPass; echo $?`
131 |
132 | # If password is not valid, loop and ask again
133 | while [[ "$passDSCLCheck" != "0" ]]; do
134 | echo "asking again"
135 | userPassAgain="$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Wrong Password!" default answer "" with title "Login Password" with text buttons {"Ok"} default button 1 with hidden answer' -e 'text returned of result')"
136 | userPass=$userPassAgain
137 | passDSCLCheck=`dscl /Local/Default authonly $userName $userPassAgain; echo $?`
138 | done
139 |
140 | if [ "$passDSCLCheck" -eq 0 ]; then
141 | echo "Password OK for $userName"
142 | fi
143 |
144 | # If additional admin has a token but end user does not
145 |
146 | if [[ $adminToken = "true" && $userToken = "false" ]]; then
147 | sysadminctl -adminUser $addAdminUser -adminPassword $addAdminUserPassword -secureTokenOn $userName -password $userPass
148 |
149 | echo "Token granted to end user!"
150 |
151 | diskutil apfs listcryptousers /
152 | fi
153 |
154 | # If no Token Holder exists, just grant both admin and end user a token
155 | if [[ $tokenStatus = "false" && $userToken="false" ]]; then
156 | sysadminctl -adminUser $addAdminUser -adminPassword $addAdminUserPassword -secureTokenOn $userName -password $userPass
157 |
158 | echo "Token granted to both additional admin and end user!"
159 |
160 | diskutil apfs listcryptousers /
161 | fi
162 |
163 | # If end user is an admin Token holder while our additional admin does not have one
164 |
165 | if [[ $userType = "Admin" && $userToken = "true" && $adminToken = "false" ]]; then
166 | sysadminctl -adminUser $userName -adminPassword $userPass -secureTokenOn $addAdminUser -password $addAdminUserPassword
167 |
168 | echo "End user admin token holder granted token to additional admin!"
169 |
170 | diskutil apfs listcryptousers /
171 | fi
172 |
173 | # If end user is a non-admin token holder and our additional admin does not have a Token yet
174 |
175 | if [[ $userType = "Not admin" && $userToken = "true" && $adminToken = "false" ]]; then
176 | echo "Promote the enduser to admin to grant token to local itadmin and demote enduser to standard account again"
177 | /usr/sbin/dseditgroup -o edit -a $userName -t user admin
178 | echo "End user promoted to admin!"
179 |
180 | sysadminctl -adminUser $userName -adminPassword $userPass -secureTokenOn $addAdminUser -password $addAdminUserPassword
181 | echo "End user admin token holder granted token to additional admin!"
182 |
183 | diskutil apfs listcryptousers /
184 |
185 | #dscl . -delete /groups/admin GroupMembership $userName
186 | /usr/sbin/dseditgroup -o edit -d $userName -t user admin
187 | echo "End user demoted back to standard!"
188 | #exit 1
189 | fi
190 |
191 |
192 | diskutil apfs updatepreBoot /
193 |
194 | else
195 | echo "No user logged in"
196 | exit 1
197 | fi
198 |
--------------------------------------------------------------------------------
/Scripts/SendUnmangeCommand-token.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | ##########################################################################################
4 | ##
5 | ##Copyright (c) 2019 Jamf. All rights reserved.
6 | ##
7 | ## Redistribution and use in source and binary forms, with or without
8 | ## modification, are permitted provided that the following conditions are met:
9 | ## * Redistributions of source code must retain the above copyright
10 | ## notice, this list of conditions and the following disclaimer.
11 | ## * Redistributions in binary form must reproduce the above copyright
12 | ## notice, this list of conditions and the following disclaimer in the
13 | ## documentation and#or other materials provided with the distribution.
14 | ## * Neither the name of the Jamf nor the names of its contributors may be
15 | ## used to endorse or promote products derived from this software without
16 | ## specific prior written permission.
17 | ##
18 | ## THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
19 | ## EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | ## WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | ## DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
22 | ## DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | ## (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | ## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 | ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | ## (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | ## SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | ##
29 | ##########################################################################################
30 | #
31 | # SUPPORT FOR THIS PROGRAM
32 | #
33 | # This program is distributed "as is" by JAMF Software, Professional Services Team. For more
34 | # information or support for this script, please contact your JAMF Software Account Manager.
35 | #
36 | #####################################################################################################
37 | #
38 | # ABOUT THIS PROGRAM
39 | #
40 | # NAME - apiMDM_remove.sh
41 | #
42 | # DESCRIPTION - Script is used to remove MDM from macOS clients 10.13 (High Sierra) and later.
43 | # Parameters passed to the script include a Jamf server api token and
44 | # optionally the Jamf server URL in the form: https://FQDN:port/.
45 | #
46 | # The jamf user aaccount must have at least computer create and read (JSS Objects)
47 | # along with Send Computer Unmanage Command (JSS Actions).
48 | #
49 | ####################################################################################################
50 | #
51 | # HISTORY
52 | #
53 | # Version: 1.0
54 | #
55 | # - Created by Leslie Helou, Professional Services Engineer, JAMF Software on December 12, 2017
56 | #
57 | # Version: 1.1
58 | #
59 | # - Matthew Phillips added Tokenized API access in $4. username and password parameters removed.
60 | #
61 | ####################################################################################################
62 |
63 |
64 | ## api account with computer create and read (JSS Objects), Send Computer Unmanage Command (JSS Actions)
65 |
66 | if [ "$4" != "" ];then
67 | token="$4"
68 | else
69 | echo "token not provided. exiting."
70 | exit 1
71 | fi
72 |
73 |
74 | if [ "$5" != "" ];then
75 | server="$5"
76 | echo "jamf URL not provided. getting from client plist."
77 | else
78 | ## get current Jamf server
79 | server=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url)
80 | fi
81 |
82 | ## ensure the server URL ends with a /
83 | strLen=$((${#server}-1))
84 | lastChar="${server:$strLen:1}"
85 | if [ ! "$lastChar" = "/" ];then
86 | server="${server}/"
87 | fi
88 |
89 |
90 | ###Check API Access
91 | apiCheck=$(/usr/bin/curl -X GET -H "Authorization: Basic ${token}" ${server}JSSResource/accounts | /usr/bin/grep -o "Unauthorized")
92 | if [ "$apiCheck" == "Unauthorized" ];then
93 | /bin/echo "Error with API token. Unauthorized Access."
94 | exit 1
95 | fi
96 |
97 |
98 | ## get unique identifier for machine
99 | udid=$(system_profiler SPHardwareDataType | awk '/UUID/ { print $3; }')
100 |
101 | ## get computer ID from Jamf server
102 | compId=$(/usr/bin/curl -X GET -H "Authorization: Basic ${token}" \
103 | ${server}JSSResource/computers/udid/${udid}/subset/general \
104 | "Accept: application/xml" | \
105 | /usr/bin/xpath "//computer/general/id/text()" 2>/dev/null)
106 | if [ "$compId" == "" ]; then
107 | /bin/echo "Error in xpath or device record not found"
108 | exit 1
109 | fi
110 |
111 | ## send unmanage command
112 | curl -X POST -H "Authorization: Basic ${token}" ${server}JSSResource/computercommands/command/UnmanageDevice/id/${compId}
113 |
114 | exit
--------------------------------------------------------------------------------
/Scripts/Set-Account-Picture-via-Jamf-Connect.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Created by Kyle Ericson
3 | # Updated by ChatGPT AI for desktop
4 |
5 | # Make sure the token file exists
6 | TOKEN_BASIC="/private/tmp/token"
7 | if [ ! -f "$TOKEN_BASIC" ]; then
8 | echo "Error: Token file not found"
9 | exit 1
10 | fi
11 |
12 | # Get the email address from the token
13 | EMAIL=$(awk -F'[,:}]' '{for(i=1;i<=NF;i++){if($i~/\s*"email"\s*/ && $(i+1)!=""){print $(i+1)}}}' /private/tmp/token | tr -d '"' | tr -d ' ')
14 | if [ -z "$EMAIL" ]; then
15 | echo "Error: Could not retrieve email address from token"
16 | exit 1
17 | fi
18 |
19 | # Update with your Azure Blob URL
20 | WEBURL="https://myazureblobname.blob.core.windows.net/mdm/$EMAIL.png"
21 |
22 | # Get the local user account also you can exclude your built in itadmin account by updating the ericsontechadmin to your username
23 | USR=$(dscl . -list /Users | grep -v -e '^_' -e 'root' -e 'ericsontechadmin' -e 'daemon' -e 'nobody')
24 |
25 | echo "Setting account picture for $USR to $EMAIL"
26 |
27 | # Download the images from a url
28 | if ! curl -L "$WEBURL" -o "/tmp/$EMAIL.png"; then
29 | echo "Error downloading image for user $EMAIL"
30 | exit 1
31 | fi
32 |
33 |
34 | # Convert the image to TIFF format
35 | if ! sips -s format tiff "/tmp/$EMAIL.png" --out "/tmp/$EMAIL.tiff"; then
36 | echo "Error converting image for user $EMAIL"
37 | exit 1
38 | fi
39 |
40 | # Set the user's picture
41 | dscl . create /Users/$USR Picture "/tmp/$EMAIL.tiff"
42 |
43 | exit 0
44 |
--------------------------------------------------------------------------------
/Scripts/ad_unbind_migrate_to_local_account.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | clear
4 |
5 | listUsers="$(/usr/bin/dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}') FINISHED"
6 | FullScriptName=`basename "$0"`
7 | ShowVersion="$FullScriptName $Version"
8 | check4AD=`/usr/bin/dscl localhost -list . | grep "Active Directory"`
9 |
10 | # Save current IFS state
11 |
12 | OLDIFS=$IFS
13 |
14 | IFS='.' read osvers_major osvers_minor osvers_dot_version <<< "$(/usr/bin/sw_vers -productVersion)"
15 |
16 | # restore IFS to previous state
17 |
18 | IFS=$OLDIFS
19 |
20 | /bin/echo "********* Running $FullScriptName Version $Version *********"
21 |
22 | RemoveAD(){
23 |
24 | # This function force-unbinds the Mac from the existing Active Directory domain
25 | # and updates the search path settings to remove references to Active Directory
26 |
27 | searchPath=`/usr/bin/dscl /Search -read . CSPSearchPath | grep Active\ Directory | sed 's/^ //'`
28 |
29 | # Force unbind from Active Directory
30 |
31 | /usr/sbin/dsconfigad -remove -force -u none -p none
32 |
33 | # Deletes the Active Directory domain from the custom /Search
34 | # and /Search/Contacts paths
35 |
36 | /usr/bin/dscl /Search/Contacts -delete . CSPSearchPath "$searchPath"
37 | /usr/bin/dscl /Search -delete . CSPSearchPath "$searchPath"
38 |
39 | # Changes the /Search and /Search/Contacts path type from Custom to Automatic
40 |
41 | /usr/bin/dscl /Search -change . SearchPolicy dsAttrTypeStandard:CSPSearchPath dsAttrTypeStandard:NSPSearchPath
42 | /usr/bin/dscl /Search/Contacts -change . SearchPolicy dsAttrTypeStandard:CSPSearchPath dsAttrTypeStandard:NSPSearchPath
43 | }
44 |
45 | PasswordMigration(){
46 |
47 |
48 | AuthenticationAuthority=$(/usr/bin/dscl -plist . -read /Users/$netname AuthenticationAuthority)
49 | Kerberosv5=$(echo "${AuthenticationAuthority}" | xmllint --xpath 'string(//string[contains(text(),"Kerberosv5")])' -)
50 | LocalCachedUser=$(echo "${AuthenticationAuthority}" | xmllint --xpath 'string(//string[contains(text(),"LocalCachedUser")])' -)
51 |
52 | # Remove Kerberosv5 and LocalCachedUser
53 | if [[ ! -z "${Kerberosv5}" ]]; then
54 | /usr/bin/dscl -plist . -delete /Users/$netname AuthenticationAuthority "${Kerberosv5}"
55 | fi
56 |
57 | if [[ ! -z "${LocalCachedUser}" ]]; then
58 | /usr/bin/dscl -plist . -delete /Users/$netname AuthenticationAuthority "${LocalCachedUser}"
59 | fi
60 | }
61 |
62 |
63 |
64 | # Check for AD binding and offer to unbind if found.
65 | if [[ "${check4AD}" = "Active Directory" ]]; then
66 | RemoveAD
67 | /bin/echo "AD binding has been removed."
68 |
69 | fi
70 |
71 | for netname in $listUsers; do
72 | if [ "$netname" = "FINISHED" ]; then
73 | /bin/echo "Finished converting users to local accounts"
74 | exit 0
75 | fi
76 |
77 | accounttype=$(/usr/bin/dscl . -read /Users/"$netname" AuthenticationAuthority | head -2 | awk -F'/' '{print $2}' | tr -d '\n')
78 |
79 | if [[ "$accounttype" = "Active Directory" ]]; then
80 | mobileusercheck=$(/usr/bin/dscl . -read /Users/"$netname" AuthenticationAuthority | head -2 | awk -F'/' '{print $1}' | tr -d '\n' | sed 's/^[^:]*: //' | sed s/\;/""/g)
81 | if [[ "$mobileusercheck" = "LocalCachedUser" ]]; then
82 | /usr/bin/printf "$netname has an AD mobile account.\nConverting to a local account with the same username and UID.\n"
83 | else
84 | /usr/bin/printf "The $netname account is not an AD mobile account\n"
85 | continue
86 | fi
87 | else
88 | /usr/bin/printf "The $netname account is not an AD mobile account\n"
89 | continue
90 | fi
91 |
92 | # Remove the account attributes that identify it as an Active Directory mobile account
93 | /usr/bin/dscl . -delete /users/$netname cached_groups
94 | /usr/bin/dscl . -delete /users/$netname cached_auth_policy
95 | /usr/bin/dscl . -delete /users/$netname CopyTimestamp
96 | /usr/bin/dscl . -delete /users/$netname AltSecurityIdentities
97 | /usr/bin/dscl . -delete /users/$netname SMBPrimaryGroupSID
98 | /usr/bin/dscl . -delete /users/$netname OriginalAuthenticationAuthority
99 | /usr/bin/dscl . -delete /users/$netname OriginalNodeName
100 | /usr/bin/dscl . -delete /users/$netname SMBSID
101 | /usr/bin/dscl . -delete /users/$netname SMBScriptPath
102 | /usr/bin/dscl . -delete /users/$netname SMBPasswordLastSet
103 | /usr/bin/dscl . -delete /users/$netname SMBGroupRID
104 | /usr/bin/dscl . -delete /users/$netname PrimaryNTDomain
105 | /usr/bin/dscl . -delete /users/$netname AppleMetaRecordName
106 | /usr/bin/dscl . -delete /users/$netname PrimaryNTDomain
107 | /usr/bin/dscl . -delete /users/$netname MCXSettings
108 | /usr/bin/dscl . -delete /users/$netname MCXFlags
109 |
110 | # Migrate password and remove AD-related attributes
111 | PasswordMigration
112 |
113 | # Refresh Directory Services
114 | if [[ ( ${osvers_major} -eq 10 && ${osvers_minor} -lt 7 ) ]]; then
115 | /usr/bin/killall DirectoryService
116 | else
117 | /usr/bin/killall opendirectoryd
118 | fi
119 |
120 | sleep 20
121 |
122 | accounttype=$(/usr/bin/dscl . -read /Users/"$netname" AuthenticationAuthority | head -2 | awk -F'/' '{print $2}' | tr -d '\n')
123 | if [[ "$accounttype" = "Active Directory" ]]; then
124 | /usr/bin/printf "Something went wrong with the conversion process.\nThe $netname account is still an AD mobile account.\n"
125 | exit 1
126 | else
127 | /usr/bin/printf "Conversion process was successful.\nThe $netname account is now a local account.\n"
128 | fi
129 |
130 | homedir=$(/usr/bin/dscl . -read /Users/"$netname" NFSHomeDirectory | awk '{print $2}')
131 | if [[ "$homedir" != "" ]]; then
132 | /bin/echo "Home directory location: $homedir"
133 | /bin/echo "Updating home folder permissions for the $netname account"
134 | /usr/sbin/chown -R "$netname" "$homedir"
135 | fi
136 |
137 | # Add user to the staff group on the Mac
138 | /bin/echo "Adding $netname to the staff group on this Mac."
139 | /usr/sbin/dseditgroup -o edit -a "$netname" -t user staff
140 |
141 | /bin/echo "Displaying user and group information for the $netname account"
142 | /usr/bin/id $netname
143 | done
144 |
--------------------------------------------------------------------------------
/Scripts/admobile2local.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | Version=2.0
4 |
5 | # Original source is from MigrateUserHomeToDomainAcct.sh
6 | # Written by Patrick Gallagher – https://twitter.com/patgmac
7 | # Guidance and inspiration from Lisa Davies:
8 | # http://lisacherie.com/?p=239
9 | # Modified by Rich Trouton
10 | # Modified by MacGPT
11 | # Modified by Kyle Ericson
12 |
13 | # Added this script to convert all accounts and run silently
14 |
15 |
16 | clear
17 |
18 | listUsers="$(/usr/bin/dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}') FINISHED"
19 | FullScriptName=`basename "$0"`
20 | check4AD=`/usr/bin/dscl localhost -list . | grep "Active Directory"`
21 |
22 | # Save current IFS state
23 |
24 | OLDIFS=$IFS
25 |
26 | IFS='.' read osvers_major osvers_minor osvers_dot_version <<< "$(/usr/bin/sw_vers -productVersion)"
27 |
28 | # restore IFS to previous state
29 |
30 | IFS=$OLDIFS
31 |
32 | /bin/echo "********* Running $FullScriptName Version $Version *********"
33 |
34 | RemoveAD(){
35 |
36 | # This function force-unbinds the Mac from the existing Active Directory domain
37 | # and updates the search path settings to remove references to Active Directory
38 |
39 | searchPath=`/usr/bin/dscl /Search -read . CSPSearchPath | grep Active\ Directory | sed 's/^ //'`
40 |
41 | # Force unbind from Active Directory
42 |
43 | /usr/sbin/dsconfigad -remove -force -u none -p none
44 |
45 | # Deletes the Active Directory domain from the custom /Search
46 | # and /Search/Contacts paths
47 |
48 | /usr/bin/dscl /Search/Contacts -delete . CSPSearchPath "$searchPath"
49 | /usr/bin/dscl /Search -delete . CSPSearchPath "$searchPath"
50 |
51 | # Changes the /Search and /Search/Contacts path type from Custom to Automatic
52 |
53 | /usr/bin/dscl /Search -change . SearchPolicy dsAttrTypeStandard:CSPSearchPath dsAttrTypeStandard:NSPSearchPath
54 | /usr/bin/dscl /Search/Contacts -change . SearchPolicy dsAttrTypeStandard:CSPSearchPath dsAttrTypeStandard:NSPSearchPath
55 | }
56 |
57 | PasswordMigration(){
58 |
59 |
60 | AuthenticationAuthority=$(/usr/bin/dscl -plist . -read /Users/$netname AuthenticationAuthority)
61 | Kerberosv5=$(echo "${AuthenticationAuthority}" | xmllint --xpath 'string(//string[contains(text(),"Kerberosv5")])' -)
62 | LocalCachedUser=$(echo "${AuthenticationAuthority}" | xmllint --xpath 'string(//string[contains(text(),"LocalCachedUser")])' -)
63 |
64 | # Remove Kerberosv5 and LocalCachedUser
65 | if [[ ! -z "${Kerberosv5}" ]]; then
66 | /usr/bin/dscl -plist . -delete /Users/$netname AuthenticationAuthority "${Kerberosv5}"
67 | fi
68 |
69 | if [[ ! -z "${LocalCachedUser}" ]]; then
70 | /usr/bin/dscl -plist . -delete /Users/$netname AuthenticationAuthority "${LocalCachedUser}"
71 | fi
72 | }
73 |
74 |
75 |
76 | # Check for AD binding and offer to unbind if found.
77 | if [[ "${check4AD}" = "Active Directory" ]]; then
78 | RemoveAD
79 | /bin/echo "AD binding has been removed."
80 |
81 | fi
82 |
83 | for netname in $listUsers; do
84 | if [ "$netname" = "FINISHED" ]; then
85 | /bin/echo "Finished converting users to local accounts"
86 | exit 0
87 | fi
88 |
89 | accounttype=$(/usr/bin/dscl . -read /Users/"$netname" AuthenticationAuthority | head -2 | awk -F'/' '{print $2}' | tr -d '\n')
90 |
91 | if [[ "$accounttype" = "Active Directory" ]]; then
92 | mobileusercheck=$(/usr/bin/dscl . -read /Users/"$netname" AuthenticationAuthority | head -2 | awk -F'/' '{print $1}' | tr -d '\n' | sed 's/^[^:]*: //' | sed s/\;/""/g)
93 | if [[ "$mobileusercheck" = "LocalCachedUser" ]]; then
94 | /usr/bin/printf "$netname has an AD mobile account.\nConverting to a local account with the same username and UID.\n"
95 | else
96 | /usr/bin/printf "The $netname account is not an AD mobile account\n"
97 | continue
98 | fi
99 | else
100 | /usr/bin/printf "The $netname account is not an AD mobile account\n"
101 | continue
102 | fi
103 |
104 | # Remove the account attributes that identify it as an Active Directory mobile account
105 | /usr/bin/dscl . -delete /users/$netname cached_groups
106 | /usr/bin/dscl . -delete /users/$netname cached_auth_policy
107 | /usr/bin/dscl . -delete /users/$netname CopyTimestamp
108 | /usr/bin/dscl . -delete /users/$netname AltSecurityIdentities
109 | /usr/bin/dscl . -delete /users/$netname SMBPrimaryGroupSID
110 | /usr/bin/dscl . -delete /users/$netname OriginalAuthenticationAuthority
111 | /usr/bin/dscl . -delete /users/$netname OriginalNodeName
112 | /usr/bin/dscl . -delete /users/$netname SMBSID
113 | /usr/bin/dscl . -delete /users/$netname SMBScriptPath
114 | /usr/bin/dscl . -delete /users/$netname SMBPasswordLastSet
115 | /usr/bin/dscl . -delete /users/$netname SMBGroupRID
116 | /usr/bin/dscl . -delete /users/$netname PrimaryNTDomain
117 | /usr/bin/dscl . -delete /users/$netname AppleMetaRecordName
118 | /usr/bin/dscl . -delete /users/$netname PrimaryNTDomain
119 | /usr/bin/dscl . -delete /users/$netname MCXSettings
120 | /usr/bin/dscl . -delete /users/$netname MCXFlags
121 |
122 | # Migrate password and remove AD-related attributes
123 | PasswordMigration
124 |
125 | # Refresh Directory Services
126 | if [[ ( ${osvers_major} -eq 10 && ${osvers_minor} -lt 7 ) ]]; then
127 | /usr/bin/killall DirectoryService
128 | else
129 | /usr/bin/killall opendirectoryd
130 | fi
131 |
132 | sleep 20
133 |
134 | accounttype=$(/usr/bin/dscl . -read /Users/"$netname" AuthenticationAuthority | head -2 | awk -F'/' '{print $2}' | tr -d '\n')
135 | if [[ "$accounttype" = "Active Directory" ]]; then
136 | /usr/bin/printf "Something went wrong with the conversion process.\nThe $netname account is still an AD mobile account.\n"
137 | exit 1
138 | else
139 | /usr/bin/printf "Conversion process was successful.\nThe $netname account is now a local account.\n"
140 | fi
141 |
142 | homedir=$(/usr/bin/dscl . -read /Users/"$netname" NFSHomeDirectory | awk '{print $2}')
143 | if [[ "$homedir" != "" ]]; then
144 | /bin/echo "Home directory location: $homedir"
145 | /bin/echo "Updating home folder permissions for the $netname account"
146 | /usr/sbin/chown -R "$netname" "$homedir"
147 | fi
148 |
149 | # Add user to the staff group on the Mac
150 | /bin/echo "Adding $netname to the staff group on this Mac."
151 | /usr/sbin/dseditgroup -o edit -a "$netname" -t user staff
152 |
153 | /bin/echo "Displaying user and group information for the $netname account"
154 | /usr/bin/id $netname
155 | done
156 |
--------------------------------------------------------------------------------
/Scripts/authrestart.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # Created by Kyle Ericson
4 |
5 | # Update with your username & password
6 | username="kyleericson"
7 | password="pass"
8 |
9 | # Create the plist file
10 | plutil -create xml1 /tmp/fv.plist
11 | plutil -insert 'Username' -string "${username}" /tmp/fv.plist
12 | plutil -insert 'Password' -string "${password}" /tmp/fv.plist
13 |
14 | # Set permissions
15 | chmod 755 /tmp/fv.plist
16 |
17 | # Use the plist file as input for the fdesetup command
18 | cat /tmp/fv.plist | sudo fdesetup authrestart -delayminutes -1 -inputplist
19 |
20 | exit 0
--------------------------------------------------------------------------------
/Scripts/code-sign.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #created by Kyle Ericson
3 | #Date Aug 9th 2019
4 | #Version 1.0
5 | #Purpose: Easy to use GUI app to Code Sign PKG files with a Apple Developer ID Installer cert
6 | #Requirements:
7 | #1. A Apple Developer ID Installer cert must be installed on the current machine.
8 | #2. Script to make into .app file https://gist.github.com/mathiasbynens/674099#file-appify
9 | #3. Update the Script with your dev ID in the section below
10 |
11 | consoleUser=$(stat -f %Su /dev/console)
12 | file=`osascript -e 'tell app (path to frontmost application as Unicode text) to set new_file to POSIX path of (choose file with prompt "Pick a PKG file to CodeSign" of type {"PKG"})' 2> /dev/null`
13 | newname=$(/usr/bin/osascript -e 'Tell application "System Events" to display dialog "Please enter a new name for your signed package.\n\nNote: The signed PKG will be saved your desktop.\n\nImportant: .pkg must be at the end of your filename!" default answer "signed.pkg"' -e 'text returned of result' 2>/dev/null)
14 |
15 | ####################################################
16 | #Replace this line with your Developer ID Installer:
17 | productsign --sign 'Developer ID Installer: Mordo Inc. (AAA111AA11)' ${file} /Users/$consoleUser/Desktop/${newname}
18 | ####################################################
19 |
20 |
21 | #Result=`/usr/sbin/pkgutil --check-signature "$newname"`
22 |
23 | # "Message"
24 | function msg() {
25 | osascript < /var/log/backblaze.log
23 | echo "Password= $paswd" >> /var/log/backblaze.log
24 | echo "Group ID= $groupID" >> /var/log/backblaze.log
25 | echo "Group Token= $groupToken" >> /var/log/backblaze.log
26 |
27 |
28 | #check to see if Blackblaze is already installed
29 | if [[ -d "/Applications/Backblaze.app" ]]; then
30 | echo "Backblaze is already installed, exiting script" >> /var/log/backblaze.log
31 | exit 0
32 | else
33 | echo "Backblaze not installed, proceeding with install" >> /var/log/backblaze.log
34 | fi
35 |
36 | #Download the DMG from the Backblaze website
37 | curl https://secure.backblaze.com/mac/install_backblaze.dmg -o /tmp/install_backblaze.dmg >> /var/log/backblaze.log
38 |
39 | #mount the backblaze .dmg
40 | hdiutil attach /tmp/install_backblaze.dmg -nobrowse
41 |
42 | #run the installer
43 | /Volumes/Backblaze\ Installer/Backblaze\ Installer.app/Contents/MacOS/bzinstall_mate -nogui -createaccount $email $passwd $groupID $groupToken >> /var/log/backblaze.log
44 |
45 | #pause for 15 seconds to make sure copy operations completed ok
46 | sleep 15
47 |
48 | #Unmount carbon black DMG disk image
49 | hdiutil detach /Volumes/Backblaze\ Installer || :
50 |
51 | #Write to log
52 | echo "Backblaze has been installed" >> /var/log/backblaze.log
53 | echo "Error codes" >> /var/log/backblaze.log
54 | echo "BZERROR:1001 - Successful Installation" >> /var/log/backblaze.log
55 | echo "BZERROR:190 - The System Preferences process is running on the computer. Close System Preferences and retry the installation." >> /var/log/backblaze.log
56 | echo "BZERROR:1000 - This is a general error code. One possible reason is that the Backblaze installer doesn't have root permissions and is failing. Please see the install log file for more details." >> /var/log/backblaze.log
57 | echo "BZERROR:1016 - The intended email address already has a Backblaze account, the group ID is incorrect, or the group token is incorrect." >> /var/log/backblaze.log
58 | exit 0
59 |
--------------------------------------------------------------------------------
/Scripts/install_bomgar_jump.sh:
--------------------------------------------------------------------------------
1 | #!/bin/zsh
2 | #Created by Kyle Ericson
3 | # Steps:
4 | #1. Create the jump client dmg from the Bomgar console
5 | #2. Create policy in Jamf to Cache the dmg and run this script after.
6 | #3. Scope and deploy.
7 | #The Bomgar DMG should have been installed cached prior to this script running, but we should make sure...
8 |
9 | if [ -a "/Library/Application Support/JAMF/Waiting Room/bomgar-scc-"*".dmg" ]; then
10 |
11 | # Attach the Disk Image
12 | hdiutil attach /Library/Application\ Support/JAMF/Waiting\ Room/bomgar-scc-*.dmg
13 |
14 | # Run the installer
15 | /Volumes/bomgar-scc/Double-Click\ To\ Start\ Support\ Session.app/Contents/MacOS/sdcust
16 |
17 | # Wait a minute for it to finish up
18 | sleep 90
19 |
20 | # Unmount the disk image
21 | hdiutil detach /Volumes/bomgar-scc
22 |
23 | # Wait for the unmount to complete
24 | sleep 25
25 |
26 | # Delete the disk image
27 | rm -R /Library/Application\ Support/JAMF/Waiting\ Room/bomgar-scc-*.dmg
28 |
29 |
30 | else
31 |
32 | echo "Bomgar NOT Present"
33 | exit 1
34 |
35 | fi
36 | exit 0
--------------------------------------------------------------------------------
/Scripts/install_cisco_umbrella_client.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #Created by Kyle Ericson
3 | #Date 12/17/2020
4 | #Version 1.0
5 | #Purpose: Download and Install Cisco Umbrella Client
6 |
7 | ########VARS##########
8 | APIFingerprint=""
9 | APIOrganizationID=""
10 | APIUserID=""
11 | InstallMenubar="true"
12 | ########VARS##########
13 |
14 | echo "APIFingerprint= $APIFingerprint" > /var/log/cisco_umbrella_client.log
15 | echo "APIOrganization= $APIOrganization" >> /var/log/cisco_umbrella_client.log
16 | echo "APIUser= $APIUser" >> /var/log/cisco_umbrella_client.log
17 | echo "InstallMenubar= $InstallMenubar" >> /var/log/cisco_umbrella_client.log
18 | sudo chmod 755 /var/log/cisco_umbrella_client.log
19 |
20 | #check to see if Cisco Umbrella Client is already installed
21 | if [[ -d "/Applications/OpenDNS\ Roaming\ Client/Umbrella\ Diagnostic.app" ]]; then
22 | echo "Cisco Umbrella Client is already installed, exiting script" >> /var/log/cisco_umbrella_client.log
23 | exit 0
24 | else
25 | echo "Cisco Umbrella Client not installed, proceeding with install" >> /var/log/cisco_umbrella_client.log
26 | fi
27 |
28 | #Download the PKG
29 | curl https://cisco-umbrella-client-downloads.s3.amazonaws.com/mac/production/RoamingClient_MAC.mpkg.zip -o /tmp/RoamingClient_MAC.mpkg.zip >> /var/log/cisco_umbrella_client.log
30 |
31 | #Unzip
32 | unzip /tmp/RoamingClient_MAC.mpkg.zip -d /tmp/ >> /var/log/cisco_umbrella_client.log
33 |
34 | #Create the Plist
35 | mkdir -p "/Library/Application Support/OpenDNS Roaming Client/" >> /var/log/cisco_umbrella_client.log
36 | cat > "/Library/Application Support/OpenDNS Roaming Client/OrgInfo.plist" <
38 |
39 |
40 |
41 | APIFingerprint
42 | $APIFingerprint
43 | APIOrganizationID
44 | $APIOrganizationID
45 | APIUserID
46 | $APIUserID
47 | InstallMenubar
48 | <$InstallMenubar/>
49 |
50 |
51 | EOF
52 |
53 | #Install the PKG
54 | sudo installer -pkg /tmp/RoamingClient_MAC_*.pkg -target / >> /var/log/cisco_umbrella_client.log
55 |
56 | echo "Cisco Umbrella has been installed" >> /var/log/cisco_umbrella_client.log
57 | exit 0
58 |
--------------------------------------------------------------------------------
/Scripts/intune_user.sh:
--------------------------------------------------------------------------------
1 | #!/bin/zsh
2 |
3 | # Set the domain as a variable
4 | domain="ericsontech.com"
5 |
6 | localUsers=$(find /Users -maxdepth 1 -type d | cut -d "/" -f3-)
7 | for localUser in $localUsers
8 | do
9 | test=$(grep "@$domain" "/Users/$localUser/Library/Application Support/com.microsoft.CompanyPortalMac.usercontext.info" 2>/dev/null)
10 | if [ ! -z "$test" ]; then
11 | aadUser=$(grep "@$domain" "/Users/$localUser/Library/Application Support/com.microsoft.CompanyPortalMac.usercontext.info" | cut -d ">" -f2- | sed 's/<\/string>//')
12 | break # Assuming you only want the first matching user
13 | fi
14 | done
15 |
16 | echo $aadUser
17 | exit 0
18 |
--------------------------------------------------------------------------------
/Scripts/kaseya-install-agent.sh:
--------------------------------------------------------------------------------
1 | #!/bin/zsh
2 | # Script to download and install Kaseya Agent
3 | # Updated from here:
4 | # http://community.kaseya.com/xsp/f/26/t/20211.aspx
5 | # Updated code by Kyle Ericson
6 | # Date Dec 11 2020
7 |
8 | #########################################################
9 | # MODIFY VARS FOR YOUR ENV HERE
10 | #########################################################
11 |
12 | #Kaseya URL
13 | vsaURL="https://kaseya.yourcompany.com"
14 |
15 | # Package ID is found by copying the download link and the string after 'id='
16 | # Example: setupDownload("/mkDefault.asp?id=123456789")
17 | agentID="123456789"
18 |
19 | #########################################################
20 | # DO NOT MODIFY BELOW HERE #
21 | #########################################################
22 |
23 | # Browser user agent
24 | useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56"
25 |
26 | # Download the agent
27 | curl -A "$useragent" "$vsaURL/api/v2.0/AssetManagement/asset/download-agent-package?packageid=$agentID" -H "Connection: keep-alive" --compressed --output /tmp/KcsSetup.zip
28 |
29 | # Unzip
30 | unzip /tmp/KcsSetup.zip -d /tmp/
31 |
32 | # Apply Permissions
33 | chmod 755 /tmp/Agent/agentsetup.pkg
34 |
35 | # Run the installer
36 | sudo installer -pkg /tmp/Agent/agentsetup.pkg -target /
37 |
38 | exit 0
--------------------------------------------------------------------------------
/Scripts/standalone_vanta_install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Created by Kyle Ericson
3 | # Version 1.0
4 | # installs Vanta Agent and registers it to a enduser
5 |
6 | # Update theses to your orgs needs.
7 | AGENT_KEY="rtvgbh5rvcnn928h2ag5ten11148q3ucwfj3f8zkr2grdk696rt0"
8 | OWNER_EMAIL="kyle@ericsontech.com"
9 | REGION="us"
10 | # Update theses to your orgs needs.
11 |
12 | #### Don't Edit Below this Line ########
13 | vantaCliPath="/usr/local/vanta/vanta-cli"
14 | # Check if the file exists
15 | if [ -e "$vantaCliPath" ]; then
16 | echo "Vanta is already installed. Exiting."
17 | else
18 | CONF_FILE="/private/etc/vanta.conf"
19 | currentTimestamp=$(date +%s)
20 | cat < "$CONF_FILE"
21 | {
22 | "ACTIVATION_REQUESTED_NONCE": $currentTimestamp,
23 | "AGENT_KEY": "$AGENT_KEY",
24 | "NEEDS_OWNER": true,
25 | "OWNER_EMAIL": "$aadUser",
26 | "REGION": "$REGION"
27 | }
28 | EOL
29 |
30 | # Set permissions and owner/group
31 | chmod 755 "$CONF_FILE"
32 | chown root:wheel "$CONF_FILE"
33 |
34 | echo "Configuration file $CONF_FILE created and permissions set successfully."
35 |
36 | # Download Vanta agent pkg
37 | echo "Starting the download of Vanta Agent"
38 | curl -L "https://app.vanta.com/osquery/download/macOS" -o /tmp/vanta.pkg || { echo "Error downloading Vanta Agent"; exit 1; }
39 | echo "Download done"
40 | echo "Starting the install of Vanta Agent"
41 | /usr/sbin/installer -pkg /tmp/vanta.pkg -target / || { echo "Error installing Vanta Agent"; exit 1; }
42 | echo "Install done"
43 | exit 0
44 | fi
45 |
--------------------------------------------------------------------------------
/Scripts/sysaid_config.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Created by Kyle Ericson
3 | # Version 1.0
4 | # Use this to setup Sysaid config
5 | # Vendor Website: https://www.sysaid.com
6 | # Vendor Manual Agent Deployment https://documentation.sysaid.com/docs/manual-agent-deployment
7 | # serverURL arg - URL of the server SysAid is running on. This information can be found at the user's profile menu > About > Your server URL (Required)
8 | # account arg - Your SysAid account ID. This information can be found at the user's profile menu > About > Your account (Required)
9 | # serial arg - Your SysAid serial number. This information can be found at the user's profile menu > About > Serial key for your account (Required)
10 | # These values are mapped with
11 | # serverURL arg = sysAidServerURL
12 | # account rg = accountID
13 | # serial arg= serial
14 |
15 |
16 | # Set the variables with the desired values
17 | # For Jamf Pro use add set var to $4, $5 , $6 for sysAidServerURL, accountID, serial
18 | sysAidServerURL="" # Example https://myorg.sysaidit.com
19 | accountID="" # Example myorg
20 | serial="" # Example 1AAA1AAAA111A11A
21 |
22 |
23 | xmlFile="/Applications/SysAid Helpdesk.app/Contents/MacOS/AgentConfigurationFile.xml" # Default XML config path don't change
24 |
25 | # Stop the Agent
26 | sh /Applications/SysAid Helpdesk.app/Contents/MacOS/scripts/StopAgent.sh
27 |
28 | # Use sed command to update the values in the XML file
29 | sed -i '' "s|.*|${sysAidServerURL}|g" "$xmlFile"
30 | sed -i '' "s|.*|${accountID}|g" "$xmlFile"
31 | sed -i '' "s|.*|${serial}|g" "$xmlFile"
32 |
33 | # Ensure ownership is set
34 | chmod 777 "/Applications/SysAid Helpdesk.app/Contents/MacOS/AgentConfigurationFile.xml"
35 |
36 | sleep 5
37 |
38 | # Start the agent
39 | sh /Applications/SysAid Helpdesk.app/Contents/MacOS/scripts/StartAgent.sh
40 |
41 | exit 0
42 |
--------------------------------------------------------------------------------
/Scripts/uninstall_bomgar_jump.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Created by Kyle Ericson
3 | # Remove Bomgar
4 | for KILLPID in `ps ax | grep 'bomg*' | awk ' { print $1;}'`; do
5 | kill -9 $KILLPID;
6 | done
7 | rm -rf /Library/LaunchDaemons/com.bomgar.bomgar-ps-*
8 | rm -rf /Library/LaunchAgents/com.bomgar.bomgar-scc*
9 | rm -rf /Users/Shared/bomgar-scc-*
10 | rm -rf /Applications/com.bomgar*
11 | exit 0
--------------------------------------------------------------------------------
/better-jamf-policy-deferral-docs/Install 1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/better-jamf-policy-deferral-docs/Install 1.png
--------------------------------------------------------------------------------
/better-jamf-policy-deferral-docs/Install 2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/better-jamf-policy-deferral-docs/Install 2.png
--------------------------------------------------------------------------------
/better-jamf-policy-deferral-docs/Install 4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/better-jamf-policy-deferral-docs/Install 4.png
--------------------------------------------------------------------------------
/better-jamf-policy-deferral-docs/Install 5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/better-jamf-policy-deferral-docs/Install 5.png
--------------------------------------------------------------------------------
/better-jamf-policy-deferral-docs/Prompt 1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/better-jamf-policy-deferral-docs/Prompt 1.png
--------------------------------------------------------------------------------
/better-jamf-policy-deferral-docs/Prompt 2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/better-jamf-policy-deferral-docs/Prompt 2.png
--------------------------------------------------------------------------------
/better-jamf-policy-deferral-docs/Prompt 3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kylejericson/JAMF/d723feaac2e75e50bf5bc7b8faa65d5c00074c0b/better-jamf-policy-deferral-docs/Prompt 3.png
--------------------------------------------------------------------------------