├── .gitignore ├── README ├── bash ├── AM-check_for_MAS_iPhoto.sh ├── AM_check_ssh_group_membership.sh ├── AppKill_Office2011.sh ├── Delete_MAS_iLife.sh ├── ECAS_Set_Asset-Tag.sh ├── McAfee_getUsersDetails.sh ├── RunAdobeUpdater.sh ├── bind_to_AD_10.5.sh ├── bind_to_AD_10.7.sh ├── check-for-jsched_flashback.sh ├── check-for-osx-flashback.K.sh ├── check_for_f5_plugin.sh ├── check_fv2_status.sh ├── check_recoveryHD.sh ├── check_sibelius6_server.sh ├── check_wde.sh ├── computerGroup_membership.sh ├── config_ard.sh ├── config_lanrev_admin.sh ├── delete_mcx_printers.sh ├── disable_firewall.sh ├── ec_Bind_to_OD.sh ├── ec_mcx_printer_refresh.sh ├── eccs_enable_ssh.sh ├── enable_firewall.sh ├── firstboot-config.sh ├── getPhone.sh ├── get_DS_landesk.sh ├── get_NTP.sh ├── kill_screensaver_over_loginwindow.sh ├── localUsers.sh ├── remove_acrobat9.sh ├── remove_acrobatX.sh ├── remove_adobe_reader.sh ├── remove_labstats.sh ├── run_as_root.sh └── set_NTP.sh └── batch └── remove_labstats.bat /.gitignore: -------------------------------------------------------------------------------- 1 | # Initally borrowed from http://help.github.com/ignore-files/ 2 | 3 | # Compiled source # 4 | ################### 5 | *.com 6 | *.class 7 | *.dll 8 | *.exe 9 | *.o 10 | *.so 11 | *.app 12 | SymantecRemovalTool.command 13 | SupportFiles 14 | 15 | # Packages # 16 | ############ 17 | # it's better to unpack these files and commit the raw source 18 | # git has its own built in compression methods 19 | *.7z 20 | *.dmg 21 | *.gz 22 | *.iso 23 | *.jar 24 | *.rar 25 | *.tar 26 | *.zip 27 | *.pkg 28 | 29 | # Logs and databases # 30 | ###################### 31 | # *.log 32 | *.sql 33 | *.sqlite 34 | 35 | # OS generated files # 36 | ###################### 37 | .DS_Store* 38 | ehthumbs.db 39 | Icon? 40 | Thumbs.db 41 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | This repo contains various OS X administration scripts. 2 | -------------------------------------------------------------------------------- /bash/AM-check_for_MAS_iPhoto.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | iPhoto="/Applications/iPhoto.app" 4 | 5 | if [ -e "${iPhoto}" ]; then 6 | 7 | if [ -e "${iPhoto}/Contents/_MASReceipt" ]; then 8 | echo "MAS iLife version" 9 | else 10 | echo "Retail iLife version" 11 | fi 12 | fi 13 | exit 0 -------------------------------------------------------------------------------- /bash/AM_check_ssh_group_membership.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Custom information item for Absolute Manage 4 | # Check NestedGroups within com.apple.access_ssh 5 | 6 | group=`dscl . -read /Groups/com.apple.access_ssh NestedGroups | cut -c 15-` 7 | 8 | if [ "$group" == "ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050" ]; then 9 | echo "Administrators" 10 | fi 11 | 12 | exit 0 -------------------------------------------------------------------------------- /bash/AppKill_Office2011.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ########################################################################### 4 | # AppKill.sh v1.0 # 5 | # # 6 | # DISCLAIMER: This script is offered on a strictly "as is" basis without # 7 | # any warranty, expressed or implied. Use of this script is at your own # 8 | # risk. LANrev is not responsible for and cannot be held accountable for # 9 | # any direct, indirect, incidental or consequential damages that may # 10 | # result from its use. # 11 | ########################################################################### 12 | 13 | # Increase APPROVALTIME (in minutes) to give enduser more time to save changes to 14 | # open documents. Set TIMER to NO to wait virtually forever. 15 | ########################################################################### 16 | APPROVALTIME=5 17 | 18 | MSGTIME=$((60 * $APPROVALTIME)) 19 | 20 | TIMER=YES 21 | 22 | # Edit messages to reference application or application suite to be updated 23 | ########################################################################### 24 | MESSAGETIMER="============ WARNING ============ All Microsoft Office 2011 applications and web browsers will automatically be closed in $APPROVALTIME minutes so that they can be updated. Click OK to close all open Office applications and begin now." 25 | 26 | MESSAGE="============ WARNING ============ All Microsoft Office 2011 applications and web browsers will automatically be closed so that they can be updated. Click OK to close all open Office applications and begin now." 27 | 28 | LOGGEDINUSER=`who | grep console | wc -l | cut -c 8` 29 | 30 | if [ $LOGGEDINUSER = "0" ] ; then 31 | exit 32 | else 33 | if [ $TIMER = "YES" ] ; then 34 | osascript <<-__AS__ 35 | tell application "Finder" to activate 36 | with timeout of $MSGTIME seconds 37 | tell application "Finder" 38 | display dialog "$MESSAGETIMER" giving up after $MSGTIME buttons {"OK"} 39 | end tell 40 | end timeout 41 | __AS__ 42 | else 43 | osascript <<-__AS__ 44 | tell application "Finder" to activate 45 | with timeout of 8947848 seconds 46 | tell application "Finder" 47 | display dialog "$MESSAGE" buttons {"OK"} 48 | end tell 49 | end timeout 50 | __AS__ 51 | fi 52 | fi 53 | 54 | function AppKill() 55 | { 56 | CURRENTUSER=`whoami` 57 | PCOUNT=`ps -u $CURRENTUSER | grep "$1" | wc -l` 58 | if [ "$PCOUNT" -eq "1" ] ; then 59 | echo "Application $1 not open." 60 | else 61 | killall "$1" 62 | echo "Closing application $1." 63 | fi 64 | } 65 | 66 | # Add entries for any applications you would like to terminate 67 | ########################################################################### 68 | AppKill "Microsoft Word" 69 | AppKill "Microsoft Excel" 70 | AppKill "Microsoft PowerPoint" 71 | AppKill "Microsoft Entourage" 72 | AppKill "Firefox" 73 | AppKill "Safari" 74 | AppKill "Google Chrome" 75 | AppKill "Opera" 76 | -------------------------------------------------------------------------------- /bash/Delete_MAS_iLife.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Delete_MAS_iLife.sh 4 | # Patrick Gallagher 5 | # Emory College of Arts & Sciences 6 | 7 | ## Purpose 8 | # Delete iLife apps to allow installation of retail versions. 9 | 10 | iMovie="/Applications/iMovie.app" 11 | iPhoto="/Applications/iPhoto.app" 12 | GarageBand="/Applications/GarageBand.app" 13 | 14 | if [ -e "${iMovie}/Contents/_MASReceipt" ]; then 15 | rm -rf "${iMovie}" 16 | rm -rf "/var/db/receipts/com.apple.pkg.iMovie_AppStore.bom" 17 | rm -rf "/var/db/receipts/com.apple.pkg.iMovie_AppStore.plist" 18 | fi 19 | 20 | if [ -e "${iPhoto}/Contents/_MASReceipt" ]; then 21 | rm -rf "${iPhoto}" 22 | rm -rf "/var/db/receipts/com.apple.pkg.iPhoto_AppStore.bom" 23 | rm -rf "/var/db/receipts/com.apple.pkg.iPhoto_AppStore.plist" 24 | fi 25 | 26 | if [ -e "${GarageBand}/Contents/_MASReceipt" ]; then 27 | rm -rf "${GarageBand}" 28 | rm -rf "/Library/Application Support/GarageBand" 29 | rm -rf "/Library/Audio/Apple Loops" 30 | rm -rf "/Library/Audio/Apple Loops Index" 31 | rm -rf "/var/db/receipts/com.apple.pkg.GarageBandBasicContent.bom" 32 | rm -rf "/var/db/receipts/com.apple.pkg.GarageBandBasicContent.plist" 33 | rm -rf "/var/db/receipts/com.apple.pkg.GarageBand_AppStore.bom" 34 | rm -rf "/var/db/receipts/com.apple.pkg.GarageBand_AppStore.plist" 35 | fi 36 | 37 | exit 0 -------------------------------------------------------------------------------- /bash/ECAS_Set_Asset-Tag.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | # ECAS_Set_Asset-Tag.sh 4 | 5 | 6 | defaults write /Library/Preferences/com.apple.RemoteDesktop Text2 "$1" 7 | 8 | nvram ASSET="$1" -------------------------------------------------------------------------------- /bash/McAfee_getUsersDetails.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | #get users on the machine 4 | getUsersDetails= 5 | count=1 6 | for i in `dscl . list /Users | egrep -v '_|nobody|root|daemon|Guest'` ; 7 | do 8 | getUsersDetails="${getUsersDetails}User$count="$(dscl . read /Users/${i} RealName RecordName EMailAddress |awk -v ORS=' ' '{print}') 9 | let count++ 10 | done 11 | echo "$getUsersDetails" 12 | 13 | /Library/McAfee/cma/bin/msaconfig -CustomProps1 "$getUsersDetails" 14 | /Library/McAfee/cma/bin/cmdagent -P 15 | exit 0 -------------------------------------------------------------------------------- /bash/RunAdobeUpdater.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # RunAdobeUpdater.sh 4 | 5 | /Library/Application\ Support/Adobe/OOBE/PDApp/core/Adobe\ Application\ Manager.app/Contents/MacOS/PDApp -------------------------------------------------------------------------------- /bash/bind_to_AD_10.5.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ## bind_to_AD_10.5.sh 4 | ## 5 | ## Purpose: Unbind and rebind to AD to correct computer name in AD 6 | ## 10.5 and 10.6 7 | ## Much of this borrowed from DeployStudio bind script 8 | 9 | # Usage: bind_to_AD_10.5.sh newComputerName 10 | # If using Absolute Manage, enter computer name in "command line options" 11 | 12 | args=("$@") 13 | COMPUTER_ID="${1}" 14 | 15 | if [ ${#} -ne 1 ] 16 | then 17 | echo "Missing argument for computer name" 18 | echo "Usage: ${SCRIPT_NAME} " 19 | exit 1 20 | fi 21 | 22 | # Enter a user and password for an account with unbind/bind rights 23 | DOM_ADMIN=" " 24 | DOM_ADMIN_PASS=" " 25 | 26 | # Standard parameters 27 | AD_DOMAIN="eu.emory.edu" # Change to your domain 28 | AUTH_DOMAIN="All Domains" 29 | COMPUTERS_OU="CN=Computers,DC=eu,DC=emory,DC=edu" # Change to your OU 30 | 31 | # Advanced options 32 | alldomains="enable" 33 | localhome="enable" 34 | protocol="smb" 35 | mobile="enable" 36 | mobileconfirm="disable" 37 | useuncpath="disable" 38 | user_shell="/bin/bash" 39 | preferred="-nopreferred" 40 | admingroups="EMORYUNIVAD\eccsls" # change to your domain and AD group 41 | check4AD=`dscl localhost -list /Active\ Directory` 42 | OS=`/usr/bin/sw_vers | grep ProductVersion | cut -c 17-20` 43 | 44 | if [[ "${OS}" != "10.5" || "10.6" ]]; then 45 | echo "This script is only for 10.5 and 10.6" 46 | exit 1 47 | fi 48 | 49 | # Unbind from AD 50 | if [[ "${check4AD}" == "All Domains" || "$AD_DOMAIN" ]]; then 51 | unbind_status=`dsconfigad -r -u $DOM_ADMIN -p $DOM_ADMIN_PASS -status 2>&1` 52 | if [ "$unbind_status" = "Error: The credentials you supplied do not have privileges to remove this computer." ] 53 | then 54 | echo "This account does not have permission to unbind from this OU" 55 | exit 1 56 | else 57 | echo "Successfully unbound from AD" 58 | break 59 | fi 60 | fi 61 | 62 | # set computer names 63 | echo Computer will be renamed ${1} 64 | scutil --set ComputerName $COMPUTER_ID 65 | scutil --set LocalHostName $COMPUTER_ID 66 | scutil --set HostName $COMPUTER_ID 67 | 68 | # Activate the AD plugin 69 | echo "Enabling the Active Directory Plugin" 2>&1 70 | defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" Active 2>&1 71 | chmod 600 /Library/Preferences/DirectoryService/DirectoryService.plist 2>&1 72 | 73 | echo "Setting plugin options" 74 | dsconfigad -alldomains $alldomains -localhome $localhome -protocol $protocol \ 75 | -mobile $mobile -mobileconfirm $mobileconfirm -useuncpath $useuncpath \ 76 | -shell $user_shell $preferred -status 2>&1 77 | 78 | # Set --passinterval on 10.5 or later 79 | if [ `sw_vers -productVersion | awk -F. '{ print $2 }'` -ge 5 ] 80 | then 81 | dsconfigad -passinterval 0 -status 2>&1 82 | fi 83 | 84 | # Do the bind 85 | #dsconfigad -a "${COMPUTER_ID}" -domain "${AD_DOMAIN}" -u "${DOM_ADMIN}" -p "${DOM_ADMIN_PASS}" -ou "${ou}" -status 2>&1 86 | 87 | # Configure advanced AD plugin options 88 | if [ "$admingroups" = "" ]; then 89 | dsconfigad -nogroups -status 2>&1 90 | else 91 | dsconfigad -groups "$admingroups" -status 2>&1 92 | fi 93 | 94 | # 95 | # Try to bind the computer 96 | # 97 | ATTEMPTS=0 98 | MAX_ATTEMPTS=12 99 | SUCCESS= 100 | while [ -z "${SUCCESS}" ] 101 | do 102 | if [ ${ATTEMPTS} -le ${MAX_ATTEMPTS} ] 103 | then 104 | echo "Binding computer to domain ${AD_DOMAIN}..." 2>&1 105 | dsconfigad -f -a "${COMPUTER_ID}" -domain "${AD_DOMAIN}" -ou "${COMPUTERS_OU}" -u "${DOM_ADMIN}" -p "${DOM_ADMIN_PASS}" -status 2>&1 106 | IS_BOUND=`defaults read /Library/Preferences/DirectoryService/ActiveDirectory "AD Bound to Domain"` 107 | if [ ${IS_BOUND} -eq 1 ] 108 | then 109 | SUCCESS="YES" 110 | else 111 | echo "An error occured while trying to bind this computer to AD, new attempt in 10 seconds..." 2>&1 112 | sleep 10 113 | ATTEMPTS=`expr ${ATTEMPTS} + 1` 114 | fi 115 | else 116 | echo "AD binding failed (${MAX_ATTEMPTS} attempts), will retry at next boot!" 2>&1 117 | SUCCESS="NO" 118 | fi 119 | done 120 | 121 | if [ "${SUCCESS}" = "YES" ] 122 | then 123 | # 124 | # Restart the DirectoryService 125 | # 126 | echo "Killing DirectoryService daemon..." 2>&1 127 | killall DirectoryService 128 | sleep 5 129 | 130 | # 131 | # Trigger the node availability 132 | # 133 | echo "Triggering '/Active Directory/${AUTH_DOMAIN}' node..." 2>&1 134 | NODE_AVAILABILITY=`dscl localhost -read "/Active Directory/${AUTH_DOMAIN}" | grep "NodeAvailability:" | grep "Available"` 135 | ATTEMPTS=0 136 | MAX_ATTEMPTS=12 137 | while [ -z "${NODE_AVAILABILITY}" ] 138 | do 139 | if [ ${ATTEMPTS} -le ${MAX_ATTEMPTS} ] 140 | then 141 | NODE_AVAILABILITY=`dscl localhost -read "/Active Directory/${AUTH_DOMAIN}" | grep "NodeAvailability:" | grep "Available"` 142 | if [ -z "${NODE_AVAILABILITY}" ] 143 | then 144 | echo "The '/Active Directory/${AUTH_DOMAIN}' node is unavailable, new attempt in 10 seconds..." 2>&1 145 | sleep 10 146 | ATTEMPTS=`expr ${ATTEMPTS} + 1` 147 | fi 148 | else 149 | echo "AD directory node lookup failed (${MAX_ATTEMPTS} attempts), will retry at next boot!" 2>&1 150 | exit 1 151 | fi 152 | done 153 | 154 | # 155 | # Update the search policy 156 | # 157 | echo "Updating authentication search policy..." 2>&1 158 | CSP_SEARCH_POLICY=`dscl localhost -read /Search | grep "SearchPolicy:" | grep -i "CSPSearchPath"` 159 | if [ -z "${CSP_SEARCH_POLICY}" ] 160 | then 161 | ATTEMPTS=0 162 | MAX_ATTEMPTS=12 163 | SUCCESS= 164 | while [ -z "${SUCCESS}" ] 165 | do 166 | if [ ${ATTEMPTS} -le ${MAX_ATTEMPTS} ] 167 | then 168 | dscl localhost -create /Search SearchPolicy CSPSearchPath 2>&1 169 | if [ ${?} -eq 0 ] 170 | then 171 | SUCCESS="YES" 172 | else 173 | echo "An error occured while trying to update the authentication search policy, new attempt in 10 seconds..." 2>&1 174 | sleep 10 175 | ATTEMPTS=`expr ${ATTEMPTS} + 1` 176 | fi 177 | else 178 | echo "Authentication search policy update failed (${MAX_ATTEMPTS} attempts), will retry at next boot!" 2>&1 179 | exit 1 180 | fi 181 | done 182 | fi 183 | 184 | echo "Updating contacts search policy..." 2>&1 185 | CSP_SEARCH_POLICY=`dscl localhost -read /Contact | grep "SearchPolicy:" | grep -i "CSPSearchPath"` 186 | if [ -z "${CSP_SEARCH_POLICY}" ] 187 | then 188 | ATTEMPTS=0 189 | MAX_ATTEMPTS=12 190 | SUCCESS= 191 | while [ -z "${SUCCESS}" ] 192 | do 193 | if [ ${ATTEMPTS} -le ${MAX_ATTEMPTS} ] 194 | then 195 | dscl localhost -create /Contact SearchPolicy CSPSearchPath 2>&1 196 | if [ ${?} -eq 0 ] 197 | then 198 | SUCCESS="YES" 199 | else 200 | echo "An error occured while trying to update the contacts search policy, new attempt in 10 seconds..." 2>&1 201 | sleep 10 202 | ATTEMPTS=`expr ${ATTEMPTS} + 1` 203 | fi 204 | else 205 | echo "Contacts search policy update failed (${MAX_ATTEMPTS} attempts), will retry at next boot!" 2>&1 206 | exit 1 207 | fi 208 | done 209 | fi 210 | 211 | # 212 | # Add "${AUTH_DOMAIN}" to the search path 213 | # 214 | echo "Updating authentication search path..." 2>&1 215 | AD_SEARCH_PATH=`dscl localhost -read /Search | grep "CSPSearchPath:" | grep -i "/Active Directory/${AUTH_DOMAIN}"` 216 | if [ -z "${AD_SEARCH_PATH}" ] 217 | then 218 | ATTEMPTS=0 219 | MAX_ATTEMPTS=12 220 | SUCCESS= 221 | while [ -z "${SUCCESS}" ] 222 | do 223 | if [ ${ATTEMPTS} -le ${MAX_ATTEMPTS} ] 224 | then 225 | dscl localhost -append /Search CSPSearchPath "/Active Directory/${AUTH_DOMAIN}" 2>&1 226 | if [ ${?} -eq 0 ] 227 | then 228 | SUCCESS="YES" 229 | else 230 | echo "An error occured while trying to update the authentication search path, new attempt in 10 seconds..." 2>&1 231 | sleep 10 232 | ATTEMPTS=`expr ${ATTEMPTS} + 1` 233 | fi 234 | else 235 | echo "Authentication search path update failed (${MAX_ATTEMPTS} attempts), will retry at next boot!" 2>&1 236 | exit 1 237 | fi 238 | done 239 | fi 240 | 241 | echo "Updating contacts search path..." 2>&1 242 | AD_SEARCH_PATH=`dscl localhost -read /Contact | grep "CSPSearchPath:" | grep -i "/Active Directory/${AUTH_DOMAIN}"` 243 | if [ -z "${AD_SEARCH_PATH}" ] 244 | then 245 | ATTEMPTS=0 246 | MAX_ATTEMPTS=12 247 | SUCCESS= 248 | while [ -z "${SUCCESS}" ] 249 | do 250 | if [ ${ATTEMPTS} -le ${MAX_ATTEMPTS} ] 251 | then 252 | dscl localhost -append /Contact CSPSearchPath "/Active Directory/${AUTH_DOMAIN}" 2>&1 253 | if [ ${?} -eq 0 ] 254 | then 255 | SUCCESS="YES" 256 | else 257 | echo "An error occured while trying to update the contacts search path, new attempt in 10 seconds..." 2>&1 258 | sleep 10 259 | ATTEMPTS=`expr ${ATTEMPTS} + 1` 260 | fi 261 | else 262 | echo "Contacts search path update failed (${MAX_ATTEMPTS} attempts), will retry at next boot!" 2>&1 263 | exit 1 264 | fi 265 | done 266 | fi 267 | fi -------------------------------------------------------------------------------- /bash/bind_to_AD_10.7.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ## bind_to_AD_10.7.sh 4 | ## 5 | ## Purpose: Unbind and rebind to AD to correct computer name in AD 6 | ## 10.7 only 7 | ## Much of this borrowed from DeployStudio bind script 8 | 9 | # Usage: bind_to_AD_10.7.sh newComputerName 10 | # If using Absolute Manage, enter computer name in "command line options" 11 | 12 | args=("$@") 13 | COMPUTER_ID="${1}" 14 | 15 | if [ ${#} -ne 1 ] 16 | then 17 | echo "Missing argument for computer name" 18 | echo "Usage: ${SCRIPT_NAME} " 19 | exit 1 20 | fi 21 | 22 | # Enter a user and password for an account with unbind/bind rights 23 | DOM_ADMIN="" 24 | DOM_ADMIN_PASS="" 25 | 26 | # Advanced options 27 | AD_DOMAIN="eu.emory.edu" 28 | COMPUTER_ID="${1}" 29 | COMPUTERS_OU="OU=Macs,OU=ArtsSciences,dc=EU,dc=Emory,dc=Edu" 30 | ADMIN_LOGIN="adminaccount" 31 | ADMIN_PWD="password" 32 | 33 | MOBILE="enable" 34 | MOBILE_CONFIRM="disable" 35 | LOCAL_HOME="enable" 36 | USE_UNC_PATHS="disable" 37 | UNC_PATHS_PROTOCOL="smb" 38 | PACKET_SIGN="allow" 39 | PACKET_ENCRYPT="allow" 40 | PASSWORD_INTERVAL="0" 41 | AUTH_DOMAIN="All Domains" 42 | ADMIN_GROUPS="EMORYUNIVAD\eccsls" 43 | OS=`/usr/bin/sw_vers | grep ProductVersion | cut -c 17-20` 44 | 45 | if [ "${OS}" != "10.7" ]; then 46 | echo "This script is only for 10.7" 47 | exit 1 48 | fi 49 | 50 | # Unbind from AD 51 | dsconfigad -remove -force -user $DOM_ADMIN -password $DOM_ADMIN_PASS 2>&1 52 | 53 | 54 | # set computer names 55 | echo Computer will be renamed ${1} 56 | scutil --set ComputerName $COMPUTER_ID 57 | scutil --set LocalHostName $COMPUTER_ID 58 | scutil --set HostName $COMPUTER_ID 59 | 60 | # Activate the AD plugin 61 | echo "Enabling the Active Directory Plugin" 2>&1 62 | defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" Active 2>&1 63 | chmod 600 /Library/Preferences/DirectoryService/DirectoryService.plist 2>&1 64 | 65 | #echo "Setting plugin options" 66 | #dsconfigad -alldomains $alldomains -localhome $localhome -protocol $protocol \ 67 | # -mobile $mobile -mobileconfirm $mobileconfirm -useuncpath $useuncpath \ 68 | # -shell $user_shell -packetsign $packetsign -packetencrypt $packetencrypt -status 2>&1 69 | 70 | # 71 | # Try to bind the computer 72 | # 73 | ATTEMPTS=0 74 | MAX_ATTEMPTS=12 75 | SUCCESS= 76 | while [ -z "${SUCCESS}" ] 77 | do 78 | if [ ${ATTEMPTS} -le ${MAX_ATTEMPTS} ] 79 | then 80 | echo "Binding computer to domain ${AD_DOMAIN}..." 2>&1 81 | dsconfigad -add "${AD_DOMAIN}" -computer "${COMPUTER_ID}" -ou "${COMPUTERS_OU}" -username "${DOM_ADMIN}" -password "${DOM_ADMIN_PASS}" -force 2>&1 82 | IS_BOUND=`dsconfigad -show | grep "Active Directory Domain"` 83 | if [ -n "${IS_BOUND}" ] 84 | then 85 | SUCCESS="YES" 86 | else 87 | echo "An error occured while trying to bind this computer to AD, new attempt in 10 seconds..." 2>&1 88 | sleep 10 89 | ATTEMPTS=`expr ${ATTEMPTS} + 1` 90 | fi 91 | else 92 | echo "AD binding failed (${MAX_ATTEMPTS} attempts)" 2>&1 93 | SUCCESS="NO" 94 | fi 95 | done 96 | 97 | if [ "${SUCCESS}" = "YES" ] 98 | then 99 | # 100 | # Update AD plugin options 101 | # 102 | echo "Setting AD plugin options..." 2>&1 103 | dsconfigad -mobile ${MOBILE} 2>&1 104 | sleep 1 105 | dsconfigad -mobileconfirm ${MOBILE_CONFIRM} 2>&1 106 | sleep 1 107 | dsconfigad -localhome ${LOCAL_HOME} 2>&1 108 | sleep 1 109 | dsconfigad -useuncpath ${USE_UNC_PATHS} 2>&1 110 | sleep 1 111 | dsconfigad -protocol ${UNC_PATHS_PROTOCOL} 2>&1 112 | sleep 1 113 | dsconfigad -packetsign ${PACKET_SIGN} 2>&1 114 | sleep 1 115 | dsconfigad -packetencrypt ${PACKET_ENCRYPT} 2>&1 116 | sleep 1 117 | dsconfigad -passinterval ${PASSWORD_INTERVAL} 2>&1 118 | if [ -n "${ADMIN_GROUPS}" ] 119 | then 120 | sleep 1 121 | dsconfigad -groups "${ADMIN_GROUPS}" 2>&1 122 | fi 123 | if [ "${AUTH_DOMAIN}" != 'All Domains' ] 124 | then 125 | sleep 1 126 | dsconfigad -alldomains disable 2>&1 127 | fi 128 | if [ -n "${UID_MAPPING}" ] 129 | then 130 | sleep 1 131 | dsconfigad -uid "${UID_MAPPING}" 2>&1 132 | fi 133 | if [ -n "${GID_MAPPING}" ] 134 | then 135 | sleep 1 136 | dsconfigad -gid "${GID_MAPPING}" 2>&1 137 | fi 138 | fi 139 | echo "Successfully rebound machine to AD" 140 | exit 0 -------------------------------------------------------------------------------- /bash/check-for-jsched_flashback.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # check-for-jsched_flashback.sh 4 | # Patrick Gallagher | Emory College 5 | # 6 | # Checks for (and deletes) a variant of Flashback.k which installs a com.sun.jsched.plist 7 | # file in the users Library/LaunchAgents and executes a hidden file .jsched in ~/. 8 | 9 | # Check for root 10 | if [[ $EUID -ne 0 ]]; then 11 | echo "This script must be run as root" 2>&1 12 | exit 1 13 | fi 14 | 15 | USER_HOMES=/Users/* 16 | for f in $USER_HOMES 17 | do 18 | if [ -f $f/.jsched ]; then 19 | echo "Found .jsched" 20 | rm -f $f/.jsched 21 | echo "Deleted .jsched" 22 | fi 23 | done 24 | 25 | for f in $USER_HOMES 26 | do 27 | if [ -f $f/Library/LaunchAgents/com.sun.jsched.plist ]; then 28 | echo "Found fake Java preference" 29 | rm -f $f/Library/LaunchAgents/com.sun.jsched.plist 30 | echo "Deleted com.sun.jsched.plist" 31 | fi 32 | done 33 | 34 | exit 0 -------------------------------------------------------------------------------- /bash/check-for-osx-flashback.K.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ================================================================================ 4 | # check-for-osx-flashback.K.sh 5 | # 6 | # Script to check system for any signs of OSX/Flashback.K trojan 7 | # Checks are based on information from F-Secure's website: 8 | # http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml 9 | # 10 | # Hannes Juutilainen, hjuutilainen@mac.com 11 | # Patrick Gallagher, pgalla2@emory.edu - Modified to work with Absolute Manage 12 | # 13 | # History: 14 | # - 2012-04-03, Hannes Juutilainen, first version 15 | # - 2012-04-05, Patrick Gallagher 16 | # ================================================================================ 17 | 18 | # Check for root 19 | if [[ $EUID -ne 0 ]]; then 20 | echo "This script must be run as root" 2>&1 21 | exit 1 22 | fi 23 | 24 | defaults read /Applications/Safari.app/Contents/Info LSEnvironment > /dev/null 2>&1 25 | if [[ $? -eq 0 ]]; then 26 | printf "%b\n\n" "===> WARNING: Found LSEnvironment in Safari Info.plist" 27 | fi 28 | 29 | if [[ -f /Users/Shared/.libgmalloc.dylib ]]; then 30 | printf "%b\n\n" "===> WARNING: Found /Users/Shared/.libgmalloc.dylib" 31 | fi 32 | 33 | shopt -s nullglob 34 | USER_HOMES=/Users/* 35 | for f in $USER_HOMES 36 | do 37 | #echo "---> Checking $f/.MacOSX/environment.plist" 38 | if [[ -f $f/.MacOSX/environment.plist ]]; then 39 | defaults read $f/.MacOSX/environment DYLD_INSERT_LIBRARIES > /dev/null 2>&1 40 | if [[ $? -eq 0 ]]; then 41 | printf "%b\n" "===> WARNING: Found DYLD_INSERT_LIBRARIES key in $f/.MacOSX/environment" 42 | fi 43 | fi 44 | done 45 | shopt -u nullglob 46 | #printf "%b\n\n" "---> Done" 47 | 48 | exit 0 -------------------------------------------------------------------------------- /bash/check_for_f5_plugin.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # check_for_f5_plugin.sh 4 | 5 | if [ -e /Library/Internet\ Plug-Ins/F5\ SSL\ VPN\ Plugin.plugin ]; then 6 | defaults read /Library/Internet\ Plug-Ins/F5\ SSL\ VPN\ Plugin.plugin/Contents/Info CFBundleVersion 7 | else 8 | echo "F5 Plugin not installed" 9 | fi 10 | exit 0 -------------------------------------------------------------------------------- /bash/check_fv2_status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | CORESTORAGESTATUS="/private/tmp/corestorage.txt" 4 | ENCRYPTSTATUS="/private/tmp/encrypt_status.txt" 5 | ENCRYPTDIRECTION="/private/tmp/encrypt_direction.txt" 6 | 7 | OS=`/usr/bin/sw_vers | grep ProductVersion | cut -c 17-20` 8 | CONTEXT=`diskutil cs list | grep -E "Encryption Context" | awk '{print $3}'` 9 | ENCRYPTION=`diskutil cs list | grep -E "Encryption Type" | awk '{print $3}'` 10 | CONVERTED=`diskutil cs list | grep "Size (Converted)" | awk '{print $5, $6}'` 11 | SIZE=`diskutil cs list | grep "Size (Total)" | awk '{print $5, $6}'` 12 | 13 | # Checks to see if the OS on the Mac is 10.7 or not. 14 | # If it is not, the following message is displayed without quotes: 15 | # "FileVault 2 Encryption Not Available For This Version Of Mac OS X" 16 | 17 | if [ "$OS" != "10.7" ]; then 18 | echo "FileVault 2 Encryption Not Available For This Version Of Mac OS X" 19 | fi 20 | 21 | 22 | 23 | if [ "$OS" = "10.7" ]; then 24 | diskutil cs list >> $CORESTORAGESTATUS 25 | 26 | # If the Mac is running 10.7, but not does not have 27 | # any CoreStorage volumes, the following message is 28 | # displayed without quotes: 29 | # "FileVault 2 Encryption Not Enabled" 30 | 31 | if grep -iE 'No CoreStorage' $CORESTORAGESTATUS 1>/dev/null; then 32 | echo "FileVault 2 Encryption Not Enabled" 33 | fi 34 | 35 | # If the Mac is running 10.7 and has CoreStorage volumes, 36 | # the script then checks to see if the machine is encrypted, 37 | # encrypting, or decrypting. 38 | # 39 | # If encrypted, the following message is 40 | # displayed without quotes: 41 | # "FileVault 2 Encryption Complete" 42 | # 43 | # If encrypting, the following message is 44 | # displayed without quotes: 45 | # "FileVault 2 Encryption Proceeding." 46 | # How much has been encrypted of of the total 47 | # amount of space is also displayed. If the 48 | # amount of encryption is for some reason not 49 | # known, the following message is 50 | # displayed without quotes: 51 | # "FileVault 2 Encryption Status Unknown. Please check." 52 | # 53 | # If decrypting, the following message is 54 | # displayed without quotes: 55 | # "FileVault 2 Decryption Proceeding" 56 | # How much has been decrypted of of the total 57 | # amount of space is also displayed 58 | # 59 | # If fully decrypted, the following message is 60 | # displayed without quotes: 61 | # "FileVault 2 Decryption Complete" 62 | # 63 | 64 | 65 | if grep -iE 'Logical Volume Family' $CORESTORAGESTATUS 1>/dev/null; then 66 | if [ "$CONTEXT" = "Present" ]; then 67 | if [ "$ENCRYPTION" = "AES-XTS" ]; then 68 | diskutil cs list | grep -E "Conversion Status" | awk '{print $3}' >> $ENCRYPTSTATUS 69 | if grep -iE 'Complete' $ENCRYPTSTATUS; then 70 | echo "FileVault 2 Encryption Complete" 71 | else 72 | if grep -iE 'Converting' $ENCRYPTSTATUS 1>/dev/null; then 73 | diskutil cs list | grep -E "Conversion Direction" | awk '{print $3}' >> $ENCRYPTDIRECTION 74 | if grep -iE 'Forward' $ENCRYPTDIRECTION 1>/dev/null; then 75 | echo "FileVault 2 Encryption Proceeding. $CONVERTED of $SIZE Remaining" 76 | else 77 | echo "FileVault 2 Encryption Status Unknown. Please check." 78 | fi 79 | fi 80 | fi 81 | else 82 | if [ "$ENCRYPTION" = "None" ]; then 83 | diskutil cs list | grep -E "Conversion Direction" | awk '{print $3}' >> $ENCRYPTDIRECTION 84 | if grep -iE 'Backward' $ENCRYPTDIRECTION 1>/dev/null; then 85 | echo "FileVault 2 Decryption Proceeding. $CONVERTED of $SIZE Remaining" 86 | elif grep -iE '-none-' $ENCRYPTDIRECTION 1>/dev/null; then 87 | echo "FileVault 2 Decryption Completed" 88 | fi 89 | fi 90 | fi 91 | fi 92 | fi 93 | fi 94 | 95 | # Remove the temp files created during the script 96 | 97 | if [ -f /private/tmp/corestorage.txt ]; then 98 | srm /private/tmp/corestorage.txt 99 | fi 100 | 101 | if [ -f /private/tmp/encrypt_status.txt ]; then 102 | srm /private/tmp/encrypt_status.txt 103 | fi 104 | 105 | if [ -f /private/tmp/encrypt_direction.txt ]; then 106 | srm /private/tmp/encrypt_direction.txt 107 | fi -------------------------------------------------------------------------------- /bash/check_recoveryHD.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | reHD=`diskutil list | grep Recovery` 4 | if [ -z "$reHD" ]; then 5 | echo "No Recovery HD Found" 6 | else echo $reHD 7 | fi 8 | exit 0 -------------------------------------------------------------------------------- /bash/check_sibelius6_server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | licFile="/Library/Application Support/Sibelius Software/Sibelius 6/_manuscript/LicenceServerInfo" 4 | 5 | if [ -e "$licFile" ]; then 6 | cat "$licFile" 7 | fi -------------------------------------------------------------------------------- /bash/check_wde.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | count=$(pgpwde --disk-status --disk 0 |grep Disk\ 0 |wc -w) 2> /dev/null 3 | if [ $count == 6 ]; 4 | then 5 | echo "yes" 6 | else 7 | echo "no" 8 | fi -------------------------------------------------------------------------------- /bash/computerGroup_membership.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # computerGroup_membership.sh 4 | # Purpose: This script will create a report of which OD computerGroups each machine is a member of 5 | 6 | # Set these 2 values 7 | odDomain=ecod.as.emory.edu 8 | outputFile=ComputerMembership.txt 9 | 10 | for i in `dscl /LDAPv3/$odDomain -list /Computers`; do 11 | echo "$i is a member of the following ComputerGroup(s):" >> $outputFile 12 | groups=`dscl /LDAPv3/$odDomain search /ComputerGroups Member $i | grep Member | cut -f1-1` 13 | echo "$groups" >> $outputFile 14 | echo "" >> $outputFile 15 | #echo $i >> $outputFile 16 | done 17 | 18 | exit 0 19 | -------------------------------------------------------------------------------- /bash/config_ard.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | KICKSTRT="/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart" 3 | $KICKSTRT -configure -allowAccessFor -specifiedUsers 4 | sleep 1 5 | $KICKSTRT -activate -configure -users eccsadmin -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings -access -on -clientopts -setreqperm -reqperm yes -setmenuextra -menuextra yes -restart -agent 6 | -------------------------------------------------------------------------------- /bash/config_lanrev_admin.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Absolute Admin console settings for EC 4 | # Speeds up console for us. 5 | # Use with caution! There are settings on server that accompany this 6 | # Run when tech is logged in 7 | 8 | osascript -e 'tell application "LANrev Admin" to quit' 9 | 10 | defaults write com.poleposition-sw.lanrev_admin AutoGenerateInstalledSoftwareStatistics -bool false 11 | defaults write com.poleposition-sw.lanrev_admin AutoGenerateMissingPatchesStatistics -bool false 12 | defaults write com.poleposition-sw.lanrev_admin DatabaseSyncManagerEnable -bool true 13 | defaults write com.poleposition-sw.lanrev_admin SyncLicenseStatusAgentRecords -bool false 14 | 15 | exit 0 -------------------------------------------------------------------------------- /bash/delete_mcx_printers.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # delete_mcx_printers.sh 4 | 5 | # Patrick Gallagher 6 | # Modified 1/9/2014 7 | 8 | for i in `lpstat -p | grep mcx | awk '{print $2}'`; do lpadmin -x "$i"; done 9 | for i in `lpstat -p | grep ECPRINT | awk '{print $2}'`; do lpadmin -x "$i"; done 10 | exit 0 -------------------------------------------------------------------------------- /bash/disable_firewall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # disable_firewall.sh 4 | 5 | defaults write /Library/Preferences/com.apple.alf globalstate -int 0 6 | launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist 7 | launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist 8 | -------------------------------------------------------------------------------- /bash/ec_Bind_to_OD.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh # ec_Bind_to_OD.sh # Patrick Gallagher | patgmac at gmail dot com # http://blog.macadmincorner.com # Updated 12/11/2009 # Purpose: Unbinds from old OD server, bind to new OD server. Can also be used if there is no old OD # Anonymous bind, adds computer account to OD computer group # Set variables for your enviornment odAdmin="" odPassword="" oldDomain="oldserver.school.edu" oldODip="10.0.1.1" computerName=`/usr/sbin/scutil --get LocalHostName` nicAddress=`ifconfig en0 | grep ether | awk '{print $2}'` domain="od.school.edu" computerGroup=computers # Add appropriate computer group, case sensitive check4OD=`dscl localhost -list /LDAPv3` check4ODacct=`dscl /LDAPv3/${domain} -read Computers/${computerName} RealName | cut -c 11-` check4AD=`dscl localhost -list /Active\ Directory` ADdomain="eu.emory.edu" osversionlong=`sw_vers -productVersion` osvers=${osversionlong:3:1} # Removing SUS # Delete or comment out the next 3 lines if you don't wish to nuke use of SUS echo "Removing locally configured SUS" defaults delete /Library/Preferences/com.apple.SoftwareUpdate CatalogURL defaults delete /var/root/Library/Preferences/com.apple.SoftwareUpdate CatalogURL # Check if on OD already if [ "${check4OD}" == "${domain}" ]; then echo "This machine is joined to ${domain} already." odSearchPath=`defaults read /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" | grep $domain` if [ "${odSearchPath}" = "" ]; then echo "$domain not found in search path. Adding..." dscl /Search -append / CSPSearchPath /LDAPv3/$domain sleep 10 fi else if [ "${check4OD}" == "${oldDomain}" ]; then echo "Removing from ${oldDomain}" dsconfigldap -r "${oldDomain}" dscl /Search -delete / CSPSearchPath /LDAPv3/"${oldDomain}" dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"${oldDomain}" echo "Binding to $domain" defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" Active dsconfigldap -v -a $domain -n $domain dscl /Search -create / SearchPolicy CSPSearchPath dscl /Search -append / CSPSearchPath /LDAPv3/$domain killall DirectoryService else if [ "${check4OD}" == "${oldODip}" ]; then echo "Removing from ${oldODip}" dsconfigldap -r "${oldODip}" dscl /Search -delete / CSPSearchPath /LDAPv3/"${oldODip}" dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"${oldODip}" echo "Binding to $domain" defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" Active dsconfigldap -v -a $domain -n $domain dscl /Search -create / SearchPolicy CSPSearchPath dscl /Search -append / CSPSearchPath /LDAPv3/$domain killall DirectoryService else echo "No previous OD servers found, binding to $domain" dsconfigldap -v -a $domain -n $domain defaults write /Library/Preferences/DirectoryService/DirectoryService "LDAPv3" Active dscl /Search -create / SearchPolicy CSPSearchPath dscl /Search -append / CSPSearchPath /LDAPv3/$domain fi fi fi killall DirectoryService sleep 20 if [ "${check4ODacct}" == "${computerName}" ]; then echo "This machine has a computer account on ${domain} already." else echo "Adding computer account to ${domain}" dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -create /Computers/${computerName} ENetAddress "$nicAddress" dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /Computers/${computerName} RealName ${computerName} # Add computer to ComputerList dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /ComputerLists/${computerGroup} apple-computers ${computerName} # Set the GUID GUID="$(dscl /LDAPv3/${domain} -read /Computers/${computerName} GeneratedUID | awk '{ print $2 }')" # Add to computergroup dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /ComputerGroups/${computerGroup} apple-group-memberguid "${GUID}" dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/${domain} -merge /ComputerGroups/${computerGroup} memberUid ${computerName} fi # Fix DS search order echo "Checking DS search order..." if [ "${check4AD}" == "${adDomain}" ]; then echo "AD is set to ${check4AD}" dsconfigad -alldomains enable dscl /Search -delete / CSPSearchPath "/Active Directory/${adDomain}" dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/${adDomain}" dscl /Search -append / CSPSearchPath "/Active Directory/All Domains" if [ $osvers -eq 4 ]; then echo "OS detected as ${osversionlong}" echo "Setting AD, then OD to search order..." dscl localhost changei /Search CSPSearchPath 2 "/Active Directory/All Domains" dscl localhost changei /Search CSPSearchPath 3 /LDAPv3/$domain dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains" else if [[ ${osvers} -eq 5 || 6 ]]; then echo "OS detected as ${osversionlong}" echo "Setting OD, then AD to search order..." dscl localhost changei /Search CSPSearchPath 2 /LDAPv3/$domain dscl localhost changei /Search CSPSearchPath 3 "/Active Directory/All Domains" dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains" fi fi else if [ "${check4AD}" == "All Domains" ]; then echo "AD is set to ${check4AD}" dscl localhost -append /Search CSPSearchPath "/Active Directory/All Domains" sleep 10 if [ $osvers -eq 4 ]; then echo "OS detected as ${osversionlong}" echo "Setting AD, then OD to search order..." dscl localhost changei /Search CSPSearchPath 1 "/Active Directory/All Domains" dscl localhost changei /Search CSPSearchPath 2 /LDAPv3/$domain else if [[ ${osvers} -eq 5 || 6 ]]; then echo "OS detected as ${osversionlong}" echo "Setting OD, then AD to search order..." dscl localhost changei /Search CSPSearchPath 2 /LDAPv3/$domain dscl localhost changei /Search CSPSearchPath 3 "/Active Directory/All Domains" dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains" fi fi fi fi echo "Enabling MCX login scripts" defaults write /var/root/Library/Preferences/com.apple.loginwindow EnableMCXLoginScripts -bool TRUE defaults write /var/root/Library/Preferences/com.apple.loginwindow MCXScriptTrust Anonymous echo "Finished. Exiting..." exit 0 -------------------------------------------------------------------------------- /bash/ec_mcx_printer_refresh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ec_mcx_printer_refresh.sh 4 | 5 | # Patrick Gallagher 6 | # Modified 5/5/2010 7 | 8 | # Purpose: Logout script to delete any MCX printers using a generic ppd. 9 | # If correct printer driver is installed after mcx applied, printer needs to be deleted for new driver to be used 10 | 11 | 12 | for i in `lpstat -p | grep mcx | awk '{print $2}'`; 13 | do make=`lpoptions -d "$i" | grep -o -e "model='.*'" | awk -F"'" '{print $2}'` 14 | p=`lpinfo --make-and-model "$make" -m | grep generic | awk '{print $2}'` 15 | if [ "$p" == "Generic" ]; then 16 | lpadmin -x "$i" 17 | fi 18 | done 19 | exit 0 -------------------------------------------------------------------------------- /bash/eccs_enable_ssh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # eccs_config_ssh 4 | # Patrick Gallagher 5 | # Created 2/16/2012 6 | # Modified 6/17/2014 7 | 8 | ## Change Log 9 | # 2/16/2012 - Initial script 10 | # 3/1/2012 - Added logic to create ssh group only if it didn't already exist. 11 | # 3/5/2012 - Fixed logic with help of @gregneagle and @tvsutton 12 | # 3/27/2012 - Changed how ssh is enabled. No longer using deprecated systemsetup. 13 | # 6/17/2014 - Back to using systemsetup since Mavericks doesn't like plistbuddy. 14 | 15 | # Enable ssh 16 | systemsetup -setremotelogin on 17 | launchctl load -w /System/Library/LaunchDaemons/ssh.plist 18 | 19 | # Create the com.apple.access_ssh group 20 | dscl . read /Groups/com.apple.access_ssh > /dev/null 2>&1 21 | if [ "$?" != "0" ]; then 22 | echo "Creating ssh access group" 23 | dseditgroup -o create -q com.apple.access_ssh 24 | fi 25 | 26 | # Add the admin group to com.apple.access_ssh 27 | dseditgroup -o edit -a admin -t group com.apple.access_ssh 28 | 29 | # Add our admin acct to group. This is mainly to remain consistent from what we did the past. 30 | # Otherwise not needed. 31 | dseditgroup -o edit -a eccsadmin -t user com.apple.access_ssh 32 | 33 | exit 0 -------------------------------------------------------------------------------- /bash/enable_firewall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # enable_firewall.sh 3 | # 4 | # Patrick Gallagher 5 | # http://macadmincorner.com 6 | 7 | # Stealth Mode - Set to 0 to disable 8 | # Stealth mode prevents machine from responding to ping requestst 9 | # Be aware that this would prevent tools such as ARD from discovering 10 | # the machine, though bonjour on the same subnet will still work 11 | 12 | osversionlong=`sw_vers -productVersion` 13 | osvers=${osversionlong:3:1} 14 | 15 | # Check if this is being run by root 16 | if [ "$(whoami)" != "root" ] ; then 17 | echo "Must be root to run this command." 18 | exit 1 19 | fi 20 | 21 | # Enable firewall for Tiger 22 | if [ $osvers -eq 4 ]; then 23 | echo "Setting firewall on a ${osversionlong} machine" 24 | /usr/bin/defaults write /Library/Preferences/com.apple.sharing.firewall state -bool YES 25 | # UDP, change to 0 to disable 26 | /usr/bin/defaults write /Library/Preferences/com.apple.sharing.firewall udpenabled -int 1 27 | # Stealth, change to 0 to disable 28 | /usr/bin/defaults write /Library/Preferences/com.apple.sharing.firewall stealthenabled -int 0 29 | /usr/libexec/FirewallTool 30 | fi 31 | 32 | # Enable firewall for Leopard or Snow Leopard 33 | if [ $osvers -ge 5 ]; then 34 | echo "Setting firewall on a ${osversionlong} machine" 35 | # Globalstate - Set to 0 for off, 1 for on, 2 for "Block all incoming access" 36 | /usr/bin/defaults write /Library/Preferences/com.apple.alf globalstate -int 1 37 | /usr/bin/defaults write /Library/Preferences/com.apple.alf stealthenabled -int 0 38 | fi -------------------------------------------------------------------------------- /bash/firstboot-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Emory College fistboot-config.sh script 4 | # Created 11/11/2010 5 | # Modified 01/12/2015 6 | ======= 7 | # Modified 09/11/2014 8 | 9 | localAdmin=eccsadmin 10 | ntpserver="ntp.service.emory.edu" 11 | timezone="America/New_York" 12 | 13 | osvers=$(sw_vers -productVersion | awk -F. '{print $2}') 14 | sw_vers=$(sw_vers -productVersion) 15 | sw_build=$(sw_vers -buildVersion) 16 | 17 | update_dyld_shared_cache -root / 18 | 19 | /usr/bin/update_dyld_shared_cache -force 20 | 21 | # Config networking 22 | networksetup -detectnewhardware 23 | networksetup -setnetworkserviceenabled FireWire off 24 | networksetup -setnetworkserviceenabled "Thunderbolt Bridge" off 25 | 26 | # Changes roots and Guest's shell to /usr/bin/false which disables their ability to login to a shell or GUI 27 | /usr/bin/dscl . -create /Users/root UserShell /usr/bin/false 28 | /usr/bin/dscl . -create /Users/Guest UserShell /usr/bin/false 29 | 30 | # Setup ssh 31 | dseditgroup -o create -q com.apple.access_ssh 32 | dseditgroup -o edit -a ${localAdmin} -t user com.apple.access_ssh 33 | dseditgroup -o edit -a admin -t group com.apple.access_ssh 34 | 35 | #/usr/libexec/PlistBuddy -c "Delete Disabled" "/System/Library/LaunchDaemons/ssh.plist" 36 | systemsetup -setremotelogin on 37 | launchctl load -w /System/Library/LaunchDaemons/ssh.plist 38 | 39 | # Display login window as Name and Password. 40 | defaults write "/Library/Preferences/com.apple.loginwindow" SHOWFULLNAME -bool YES 41 | 42 | #Enable ARD client 43 | KICKSTRT="/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart" 44 | $KICKSTRT -configure -allowAccessFor -specifiedUsers 45 | sleep 1 46 | $KICKSTRT -activate -configure -users ${localAdmin} -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings -access -on -clientopts -setreqperm -reqperm yes -setmenuextra -menuextra yes -restart -agent 47 | 48 | # Disable GateKeeper 49 | spctl --master-disable 50 | 51 | #Starts the Flurry screensaver over the login window when idle for 120 seconds 52 | defaults write "/Library/Preferences/com.apple.screensaver" loginWindowIdleTime -int 120 53 | defaults write "/Library/Preferences/com.apple.screensaver" loginWindowModulePath "/System/Library/Screen Savers/Flurry.saver" 54 | 55 | # Use encrypted virtual memory. 56 | defaults write "/Library/Preferences/com.apple.virtualMemory" UseEncryptedSwap -bool Yes 57 | 58 | # Set Safari Preferences. 59 | defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.Safari" HomePage "http://www.emory.edu/" 60 | defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.Safari" ShowStatusBar -bool YES 61 | 62 | # Set Finder Prefereces. 63 | defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.finder" ShowMountedServersOnDesktop -bool YES 64 | 65 | # No .ds-store files on Network Shares 66 | defaults write "/Library/Preferences/com.apple.desktopservices" DSDontWriteNetworkStores true 67 | 68 | # Globally Set Expanded Print dialog Box. 69 | defaults write "/Library/Preferences/.GlobalPreferences" PMPrintingExpandedStateForPrint -bool TRUE 70 | 71 | # Use short-name for logging into Network Shares 72 | defaults write "/Library/Preferences/com.apple.NetworkAuthorization" UseDefaultName -bool NO 73 | defaults write "/Library/Preferences/com.apple.NetworkAuthorization" UseShortName -bool YES 74 | 75 | # Set Apple Mouse button 1 to Primary click and button 2 to Secondary click. 76 | defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.driver.AppleHIDMouse" Button1 -integer 1 77 | defaults write "/System/Library/User Template/English.lproj/Library/Preferences/com.apple.driver.AppleHIDMouse" Button2 -integer 2 78 | 79 | # Turn off backwards mouse scrolling 80 | defaults write "/System/Library/User Template/English.lproj/Library/Preferences/.GlobalPreferences" com.apple.swipescrolldirection -bool false 81 | 82 | # Disable Time Machine Offers. 83 | defaults write "/Library/Preferences/com.apple.TimeMachine" DoNotOfferNewDisksForBackup -bool YES 84 | 85 | # Disable Time Machine AutoBackup 86 | defaults write "/Library/Preferences/com.apple.TimeMachine" AutoBackup 0 87 | 88 | # Set network time server 89 | /usr/sbin/systemsetup -setusingnetworktime on -setnetworktimeserver ${ntpserver} 90 | /usr/sbin/systemsetup -settimezone ${timezone} 91 | ntpdate -bvs ${ntpserver} 92 | 93 | # Enable firewall 94 | #defaults write "/Library/Preferences/com.apple.alf" globalstate -int 1 95 | #/usr/libexec/ApplicationFirewall/socketfilterfw -k 96 | 97 | # Allow admin users to add printers 98 | /usr/sbin/dseditgroup -o edit -a admin -t group _lpadmin 99 | 100 | # Energy Saver settings 101 | /usr/bin/pmset -a displaysleep 10 disksleep 10 -b sleep 15 -a womp 1 -c sleep 0 102 | 103 | <<<<<<< HEAD 104 | # Show system info at login window 105 | /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName 106 | 107 | # Kill iCloud assistant 108 | if [[ ${osvers} -ge 7 ]]; then 109 | 110 | for USER_TEMPLATE in "/System/Library/User Template"/* 111 | do 112 | defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE 113 | defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant GestureMovieSeen none 114 | defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion "${sw_vers}" 115 | defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant LastSeenBuddyBuildVersion "${sw_build}" 116 | done 117 | fi 118 | ======= 119 | # Hide Boot Camp Assistant 120 | chflags hidden /Applications/Utilities/Boot\ Camp\ Assistant.app 121 | 122 | # Kill iCloud assistant 123 | defaults write "/System/Library/User Template/Non_localized/Library/Preferences/com.apple.SetupAssistant" DidSeeCloudSetup -bool TRUE 124 | >>>>>>> FETCH_HEAD 125 | 126 | # Configuring diagnostic report settings. 127 | SUBMIT_DIAGNOSTIC_DATA_TO_APPLE=FALSE 128 | SUBMIT_DIAGNOSTIC_DATA_TO_APP_DEVELOPERS=FALSE 129 | 130 | if [[ ${osvers} -ge 10 ]]; then 131 | 132 | CRASHREPORTER_SUPPORT="/Library/Application Support/CrashReporter" 133 | 134 | if [ ! -d "${CRASHREPORTER_SUPPORT}" ]; then 135 | mkdir "${CRASHREPORTER_SUPPORT}" 136 | chmod 775 "${CRASHREPORTER_SUPPORT}" 137 | chown root:admin "${CRASHREPORTER_SUPPORT}" 138 | fi 139 | 140 | /usr/bin/defaults write "$CRASHREPORTER_SUPPORT"/DiagnosticMessagesHistory AutoSubmit -boolean ${SUBMIT_DIAGNOSTIC_DATA_TO_APPLE} 141 | /usr/bin/defaults write "$CRASHREPORTER_SUPPORT"/DiagnosticMessagesHistory AutoSubmitVersion -int 4 142 | /usr/bin/defaults write "$CRASHREPORTER_SUPPORT"/DiagnosticMessagesHistory ThirdPartyDataSubmit -boolean ${SUBMIT_DIAGNOSTIC_DATA_TO_APP_DEVELOPERS} 143 | /usr/bin/defaults write "$CRASHREPORTER_SUPPORT"/DiagnosticMessagesHistory ThirdPartyDataSubmitVersion -int 4 144 | /bin/chmod a+r "$CRASHREPORTER_SUPPORT"/DiagnosticMessagesHistory.plist 145 | /usr/sbin/chown root:admin "$CRASHREPORTER_SUPPORT"/DiagnosticMessagesHistory.plist 146 | fi 147 | 148 | # Hide Boot Camp Assistant 149 | chflags hidden /Applications/Utilities/Boot\ Camp\ Assistant.app 150 | 151 | exit 0 -------------------------------------------------------------------------------- /bash/getPhone.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | myID=`id -u` 4 | if [ $myID -ge 1000 ]; then 5 | dscl . read /users/`whoami` PhoneNumber | awk '{print $2}' 6 | fi 7 | 8 | exit 0 -------------------------------------------------------------------------------- /bash/get_DS_landesk.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | #ec_get_DS_landesk.sh 3 | 4 | # Patrick Gallagher 5 | # Modified 03/12/2010 6 | 7 | # Plist variables 8 | plistFile="/Library/Application Support/LANDesk/data/ldscan.core.data" 9 | adPlist="/Library/Preferences/DirectoryService/ActiveDirectory" 10 | 11 | ### Retrieve the directory service settings 12 | 13 | # Gets the OD domain 14 | odDomain=`dscl localhost -list /LDAPv3` 15 | # Get the setting for AD machine password change settings. Some enviornments need to change this value 16 | # so having it in inventory helps enforce this. Only applicable to 10.5 and greater 17 | adIntervalDate=`/usr/bin/defaults read ${adPlist} "Password Change Date" | cut -c1-10` 18 | adIntervalDays=`/usr/bin/defaults read ${adPlist} | grep Interval | cut -c38-39` 19 | # Is the machine bound to AD? 20 | boundToAD=`defaults read ${adPlist} "AD Bound to Domain"` 21 | # If bound to AD, what computer name was used? 22 | computerID=`defaults read ${adPlist} "AD Computer ID"` 23 | # AD domain Mac is bound to 24 | defaultADdomain=`defaults read ${adPlist} "AD Default Domain"` 25 | # This will show the first DS in the search path. I use this to ensure that Tiger machines 26 | # have AD first and that > 10.5 have OD first. 27 | searchPath=`defaults read /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array"` 28 | # Check MCX trust level. Used if you are using login or logout scripts through OD. 29 | mcxScripts=`defaults read com.apple.loginwindow EnableMCXLoginScripts` 30 | mcxTrust=`defaults read com.apple.loginwindow MCXScriptTrust` 31 | 32 | # Write the data to the LANDesk plist 33 | /usr/bin/defaults write "${plistFile}" "Custom Data - Mac - Directory Services - Open Directory - Open Directory Domain" "${odDomain}" 34 | /usr/bin/defaults write "${plistFile}" "Custom Data - Mac - Directory Services - Open Directory - Enable MCX Login Scripts" ${mcxScripts} 35 | /usr/bin/defaults write "${plistFile}" "Custom Data - Mac - Directory Services - Open Directory - MCX Script Trust" "${mcxTrust}" 36 | /usr/bin/defaults write "${plistFile}" "Custom Data - Mac - Directory Services - Active Directory - Active Directory Domain" "${adDomain}" 37 | /usr/bin/defaults write "${plistFile}" "Custom Data - Mac - Directory Services - Active Directory - Password Change Date" "${adIntervalDate}" 38 | /usr/bin/defaults write "${plistFile}" "Custom Data - Mac - Directory Services - Active Directory - Password Change Interval" -int "${adIntervalDays}" 39 | /usr/bin/defaults write "${plistFile}" "Custom Data - Mac - Directory Services - Active Directory - AD Bound to Domain" -int "${boundToAD}" 40 | /usr/bin/defaults write "${plistFile}" "Custom Data - Mac - Directory Services - Active Directory - AD Computer ID" "${computerID}" 41 | /usr/bin/defaults write "${plistFile}" "Custom Data - Mac - Directory Services - Active Directory - AD Default Domain" "${defaultADdomain}" 42 | /usr/bin/defaults write "${plistFile}" "Custom Data - Mac - Directory Services - Search Node Custom Path Array" "${searchPath}" 43 | /usr/bin/defaults read "$plistFile" 44 | 45 | # Running a scan gets the inventory up to date instead of waiting for the next scheduled scan to run 46 | # If you don't want this, delete or comment out the next line. 47 | "/Library/Application Support/LANDesk/bin/ldscan" 48 | 49 | exit 0 50 | 51 | 52 | -------------------------------------------------------------------------------- /bash/get_NTP.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | osversionlong=`sw_vers -productVersion` 4 | osvers=${osversionlong:3:1} 5 | 6 | if [ $osvers -eq 4 ]; then 7 | /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/systemsetup -getnetworktimeserver 8 | else if [[ $osvers -eq 5 || 6 ]]; then 9 | systemsetup -getnetworktimeserver 10 | fi 11 | fi 12 | exit 0 13 | 14 | 15 | -------------------------------------------------------------------------------- /bash/kill_screensaver_over_loginwindow.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # kill_screensaver_over_loginwindow.sh 4 | 5 | defaults write "/Library/Preferences/com.apple.screensaver" loginWindowIdleTime -int 0 -------------------------------------------------------------------------------- /bash/localUsers.sh: -------------------------------------------------------------------------------- 1 | users=`dscl . list /users | grep -v _ | grep -v nobody | grep -v daemon | grep -v Guest | grep -v root` 2 | 3 | for i in `dscl . list /users | grep -v _ | grep -v nobody | grep -v daemon | grep -v Guest | grep -v root`; 4 | do uniqueID=`dscl . read /users/$i UniqueID | awk '{print $2}'` 5 | if [ $uniqueID -lt 600 ] && [ $uniqueID -ge 499 ]; then 6 | echo $i 7 | fi 8 | done -------------------------------------------------------------------------------- /bash/remove_acrobat9.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | "/Applications/Adobe Acrobat 9 Pro/Acrobat Uninstaller.app/Contents/MacOS/RemoverTool" "/Applications/Adobe Acrobat 9 Pro/Acrobat Uninstaller.app/Contents/MacOS/RemoverTool" "/Applications/Adobe Acrobat 9 Pro/Adobe Acrobat Pro.app" 4 | 5 | rm -rf /Applications/Adobe\ Acrobat\ 9\ Pro 6 | 7 | exit 0 -------------------------------------------------------------------------------- /bash/remove_acrobatX.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | "/Applications/Adobe Acrobat X Pro/Adobe Acrobat Pro.app/Contents/Support/Acrobat Uninstaller.app/Contents/MacOS/RemoverTool" "/Applications/Adobe Acrobat X Pro/Adobe Acrobat Pro.app/Contents/Support/Acrobat Uninstaller.app/Contents/MacOS/RemoverTool" "/Applications/Adobe Acrobat X Pro/Adobe Acrobat Pro.app" 4 | rm -rf /Applications/Adobe\ Acrobat\ X\ Pro 5 | rm /Library/Application\ Support/regid.1986-12.com.adobe/regid.1986-12.com.adobe_AcrobatPro-AS1-Mac-GM-MUL.swidtag 6 | exit 0 -------------------------------------------------------------------------------- /bash/remove_adobe_reader.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | #remove_adobe_reader.sh 4 | 5 | rm -rf "/Applications/Adobe Reader.app" 6 | rm -rf /Library/Internet\ Plug-Ins/AdobePDF* 7 | rm -f "/Library/Application Support/Adobe/HelpCfg/en_US/Reader.helpcfg" 8 | 9 | pkgutil --forget com.adobe.acrobat.reader.10.reader.app.pkg.en_US 10 | pkgutil --forget com.adobe.acrobat.reader.10.reader.browser.pkg.en_US 11 | pkgutil --forget com.adobe.acrobat.reader.10.reader.appsupport.pkg.en_US 12 | pkgutil --forget com.adobe.acrobat.reader.11003.reader.app.pkg.en_US 13 | pkgutil --forget com.adobe.acrobat.reader.11003.reader.appsupport.pkg.en_US 14 | pkgutil --forget com.adobe.acrobat.reader.11003.reader.browser.pkg.en_US 15 | pkgutil --forget com.adobe.acrobat.reader.11004.reader.app.pkg.en_US 16 | pkgutil --forget com.adobe.acrobat.reader.11004.reader.appsupport.pkg.en_US 17 | pkgutil --forget com.adobe.acrobat.reader.11004.reader.browser.pkg.en_US 18 | pkgutil --forget com.adobe.acrobat.reader.11006.reader.app.pkg.en_US 19 | pkgutil --forget com.adobe.acrobat.reader.11006.reader.appsupport.pkg.en_US 20 | pkgutil --forget com.adobe.acrobat.reader.11006.reader.browser.pkg.en_US 21 | exit 0 -------------------------------------------------------------------------------- /bash/remove_labstats.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | launchctl unload /Library/LaunchDaemons/LabStats.plist 4 | launchctl unload /Library/LaunchAgents/LabStats.plist 5 | 6 | rm -rf /Applications/LabStats 7 | rm -f /Library/LaunchDaemons/LabStats.plist 8 | rm -f /Library/LaunchAgents/LabStats.plist 9 | rm -rf /Library/Application Support/LabStats -------------------------------------------------------------------------------- /bash/run_as_root.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | RunAsRoot() 3 | { 4 | ## Pass in the full path to the executable as $1 5 | if [[ "${USER}" != "root" ]] ; then 6 | echo 7 | echo "*** This application must be run as root. Please authenticate below. ***" 8 | echo 9 | sudo "${1}" && exit 0 10 | fi 11 | } 12 | 13 | RunAsRoot "${0}" 14 | echo "${0}" 15 | 16 | 17 | #echo "${1}" -------------------------------------------------------------------------------- /bash/set_NTP.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | osversionlong=`sw_vers -productVersion` 4 | osvers=${osversionlong:3:1} 5 | 6 | if [ $osvers -eq 4 ]; then 7 | /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/systemsetup -setnetworktimeserver ntp.service.emory.edu 8 | else if [[ $osvers -eq 5 || 6 ]]; then 9 | systemsetup -setnetworktimeserver ntp.service.emory.edu 10 | fi 11 | fi 12 | exit 0 -------------------------------------------------------------------------------- /batch/remove_labstats.bat: -------------------------------------------------------------------------------- 1 | sc stop "CLS Client Service" 2 | 3 | taskkill /f /im CLSUserClient.exe 4 | 5 | MsiExec /qn /X{4441A97E-8750-4A01-98FF-06BD12CF4443} --------------------------------------------------------------------------------