├── Bash ├── Adobe │ ├── Adobe_CC_ExManCMD_via_Jamf_Pro.sh │ ├── Adobe_CC_User_Reset.zsh │ └── Reset_Adobe_User_Level_v2.sh ├── Apple │ ├── Apple Software Update - Reset Prefs.sh │ ├── DefaultsWriteCurrentUser_Jamf.sh │ ├── Enable_Location_Services.sh │ ├── FileStringValue_Jamf.sh │ ├── FinderViewCurrentUserPlistBuddy_Jamf.sh │ ├── List_All_Installed_Apps.sh │ ├── List_All_Installed_Apps_Except_Adobe.sh │ ├── List_All_User_Installed_Apps.sh │ ├── List_All_User_Installed_Apps_Except_Adobe.sh │ ├── Set_Automatic_Time_and_Timezone_Update.sh │ ├── System_Prefs_Standard_Allow_Users_Access_v1.sh │ └── chflags_hidden_nohidden_v1.zsh ├── Crowdstrike │ ├── Crowdstrike_Falcon_Run_Diagnose_And_Upload_To_Jamf.sh │ ├── Crowdstrike_Falcon_Uninstall_With_Token_Prompt.sh │ └── ReadMe.md ├── DEPNotify │ └── DEPNotify_Reset.zsh ├── Fiery │ ├── Fiery_Staged_Driver_Install.sh │ └── Fiery_Staged_Driver_Uninstall_v1.sh ├── Jamf │ ├── API │ │ ├── Jamf_StaticGroup_AddComputer.zsh │ │ ├── Jamf_StaticGroup_AddComputer_PromptForGroupAndSerial.zsh │ │ ├── Jamf_StaticGroup_AddComputer_PromptForSerial.zsh │ │ ├── Jamf_StaticGroup_RemoveComputer.zsh │ │ ├── Jamf_StaticGroup_RemoveComputer_PromptForGroupAndSerial.zsh │ │ ├── Jamf_StaticGroup_RemoveComputer_PromptForSerial.sh │ │ └── ReadMe.md │ ├── Fix_Jamf_recon_Stuck_at_App_Store_and_Gatekeeper_Status_v1.sh │ ├── Jamf_Connect_LaunchAgent_Uninstall_v1.sh │ ├── Jamf_Connect_LaunchAgent_Uninstall_v2.sh │ ├── Jamf_Flag_File_Create.zsh │ ├── Jamf_Flag_File_Remove.zsh │ ├── Jamf_Symbolic_Link_Create.sh │ ├── Policies │ │ ├── Jamf_Call_Other_Policies_In_Order_By_Trigger.sh │ │ ├── Jamf_Kill_Running_Process.zsh │ │ ├── Jamf_Launch_Agent_Load.zsh │ │ ├── Jamf_Launch_Agent_Unload.zsh │ │ └── Set_TimeZone_Based_On_Location_From_External_IP.zsh │ └── Self Service │ │ ├── Display_IP_Addresses.zsh │ │ ├── Display_Network_Info.sh │ │ └── User_Cache_And_Saved_App_State_Reset.zsh ├── Nudge │ └── Nudge_Reset_Deferrals_And_Preferences.zsh ├── Palo Alto │ ├── Install_GlobalProtect_from_portal_Windows_untested.ps1 │ └── Install_GlobalProtect_from_portal_macOS.sh ├── ReadMe.md ├── SMB Shares │ ├── ReadMe.md │ └── SMB_Share_Stats_Display.sh ├── Snippits │ ├── Current Console User.zsh │ └── Jamf Script Logging Functions.sh ├── VMware │ └── VMware_Horizon_Client_Install_via_Jamf.zsh ├── z_Depreciated │ └── JamfNACMigration.sh └── z_To Rework │ └── SwiftDefaultApps set with Jamf params.sh ├── Configuration Profiles ├── ReadMe.md ├── com.github.macadmins.nudge │ ├── 12.4 │ │ ├── Nudge - macOS Update Management - 12.4 - v3.3.png │ │ ├── Nudge - macOS Update Management - 12.4 - v4.0.plist │ │ ├── ReadMe.md │ │ ├── macOS Monterey 12.4 - Self Service policy - Apple Silicon - v1.md │ │ ├── macOS Monterey 12.4 - Self Service policy - Before script - Disk Space notification - v1.1.png │ │ ├── macOS Monterey 12.4 - Self Service policy - Before script - Disk Space notification - v1.1.sh │ │ └── macOS Monterey 12.4 - Self Service policy - Intel - v1.md │ ├── 12.5 │ │ ├── Nudge - macOS Update Management - 12.5 - v1.3.plist │ │ └── ReadMe.md │ ├── 13.0 │ │ └── ReadMe.md │ └── ReadMe.md ├── com.microsoft.CompanyPortalMac.ssoextension │ ├── ReadMe.md │ └── com.microsoft.CompanyPortalMac.ssoextension.plist └── org.mozilla.firefox │ ├── Enable Autoupdate.plist │ └── ReadMe.md ├── Documentation ├── *Blogs and Links │ └── ReadMe.md ├── *Other Github Projects │ └── ReadMe.md ├── *Subreddit Links │ └── ReadMe.md ├── Apple Hardware │ └── ReadMe.md ├── FileVault │ └── ReadMe.md ├── Intune │ ├── Conditional Access │ │ └── ReadMe.md │ └── ReadMe.md ├── Jamf Pro │ ├── Patch Management │ │ └── ReadMe.md │ ├── ReadMe.md │ ├── Upgrade process │ │ └── On-Prem Parent + Child (External Forwarding) Server.md │ ├── VPP Token Renewal.md │ └── Zero Touch Deployment │ │ ├── Cloud │ │ └── ReadMe.md │ │ ├── Manifest Files │ │ ├── PreStage package manifest for Jamf Example.plist │ │ └── ReadMe.md │ │ └── ReadMe.md ├── PaloAlto │ └── ReadMe.md ├── ReadMe.md ├── SCEP │ └── ReadMe.md ├── Virtual Machines │ └── ReadMe.md └── smbx │ └── ReadMe.md ├── Extension Attributes ├── Asset Management │ ├── Approximate City or Locality of Computer.zsh │ ├── Approximate Location of Computer.zsh │ ├── Approximate State or Region of Computer.zsh │ └── HardwareType_isLaptop.sh ├── Flag_File_Check_Template.zsh ├── Jamf Connect │ ├── Jamf_Connect_LaunchAgent_Install_Status.zsh │ └── Jamf_Connect_Login_Status.sh ├── Privileges │ └── Last 5 Privileges.app reasons.sh ├── ProofPoint ObserveIT │ ├── ObserveIT_Installed_Version.zsh │ ├── ProofPoint_ObserveIt_AutoUpdater_Installation_Status.zsh │ └── ProofPoint_ObserveIt_AutoUpdater_Version.zsh ├── ReadMe.md └── TouchID │ └── TouchID_Status.sh ├── Gemfile ├── JSON Schemas └── README.md ├── Jamf Protect └── ReadMe.md ├── LICENSE ├── README.md ├── _data └── home.yml └── about.md /Bash/Adobe/Adobe_CC_ExManCMD_via_Jamf_Pro.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | ############################# 4 | ############################# 5 | # 6 | # Greg Knackstedt 7 | # 5.13.2021 8 | # 9 | # Script to use ExManCMD to install ZXP plugins for Adobe CC via Jamf Pro 10 | # 11 | ############################# 12 | ############################# 13 | # 14 | # Variables 15 | # 16 | # Full path to directory containing ZXP file to install 17 | ZXPDirectory="$4" 18 | # ZXP File name 19 | ZXPToInstall="$5" 20 | # Full path to directory containing ExManCMD 21 | exManDirectory="$6" 22 | # Full path to ExManCMD 23 | exManPath="$7" 24 | # 25 | ############################# 26 | ############################# 27 | # 28 | # Script 29 | # 30 | # Change permissions on pre-staged installation files 31 | chmod -Rf 777 "$ZXPDirectory" 32 | chmod -Rf 777 "$exManDirectory" 33 | # 34 | # Call ExManCMD to install the .zxp file 35 | ."$exManPath" --install "$ZXPDirectory""$ZXPToInstall" 36 | # Remove the staging files 37 | rm -Rf "$ZXPDirectory" 38 | rm -Rf "$exManDirectory" 39 | -------------------------------------------------------------------------------- /Bash/Adobe/Adobe_CC_User_Reset.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # 3 | ############################## 4 | ############################## 5 | # 6 | # Before running this script, try the script User_Cache_And_Saved_App_State_Reset.zsh to see if it resolves the Adobe issue. 7 | # 8 | ############################## 9 | ############################## 10 | # 11 | # Reset user level files for Adobe. Removes all Adobe files from /Users/$CurrentUser/Library, 12 | # as well as all files from /Users/$CurrentUser/Library/Caches, 13 | # and /Users/$CurrentUser/Library/Saved Application State/ 14 | # for the currently logged in user. 15 | # 16 | ############################## 17 | ############################## 18 | # 19 | # Created by Greg Knackstedt 20 | # 4.10.18 21 | # https://github.com/scriptsandthings/ 22 | # 23 | ############################## 24 | ############################## 25 | # 26 | #find current user 27 | CurrentUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}') 28 | # 29 | #Remove everything Adobe and all caches from currently logged in user's /Library/ 30 | rm -Rf /Users/$CurrentUser/Library/Application\ Support/Adob* 31 | rm -Rf /Users/$CurrentUser/Library/Caches/* 32 | rm -Rf /Users/$CurrentUser/Library/Preferences/Adob* 33 | rm -Rf /Users/$CurrentUser/Library/Preferences/adob* 34 | rm -Rf /Users/$CurrentUser/Library/Preferences/com.adob* 35 | rm -Rf /Users/$CurrentUser/Library/Preferences/ByHost/com.adob* 36 | rm -Rf /Users/$CurrentUser/Library/Saved\ Application\ State/* 37 | rm -Rf /Users/$CurrentUser/Library/Containers/com.adob* 38 | rm -Rf /Users/$CurrentUser/Library/LaunchAgents/com.adob* 39 | rm -Rf /Users/$CurrentUser/Library/Group\ Containers/Adob* 40 | rm -Rf /Users/$CurrentUser/Library/Group\ Containers/com.adob* 41 | 42 | exit 0 43 | -------------------------------------------------------------------------------- /Bash/Adobe/Reset_Adobe_User_Level_v2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Reset_Adobe_User_Level_v2 - runs as currently logged in user 4 | # Reset user level files for Adobe. Removes all Adobe files from /Users/$CurrentUser/Library 5 | # 6 | # Created by Greg Knackstedt on 4.10.18 7 | # https://github.com/scriptsandthings/ 8 | # 9 | 10 | #find current user 11 | CurrentUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}') 12 | 13 | #Remove everything Adobe and all caches from currently logged in user's /Library/ 14 | rm -Rf /Users/$CurrentUser/Library/Application\ Support/Adob* 15 | rm -Rf /Users/$CurrentUser/Library/Caches/* 16 | rm -Rf /Users/$CurrentUser/Library/Preferences/Adob* 17 | rm -Rf /Users/$CurrentUser/Library/Preferences/adob* 18 | rm -Rf /Users/$CurrentUser/Library/Preferences/com.adob* 19 | rm -Rf /Users/$CurrentUser/Library/Preferences/ByHost/com.adob* 20 | rm -Rf /Users/$CurrentUser/Library/Saved\ Application\ State/* 21 | rm -Rf /Users/$CurrentUser/Library/Containers/com.adob* 22 | rm -Rf /Users/$CurrentUser/Library/LaunchAgents/com.adob* 23 | rm -Rf /Users/$CurrentUser/Library/Group\ Containers/Adob* 24 | rm -Rf /Users/$CurrentUser/Library/Group\ Containers/com.adob* 25 | 26 | exit 0 27 | -------------------------------------------------------------------------------- /Bash/Apple/Apple Software Update - Reset Prefs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | #################################### 4 | # 5 | # Apple Software Update - Reset Prefs.sh 6 | # 7 | # Deletes Apple Software Update local cached preferences. 8 | # Resolves "Update not found" issues when updates should appear outside of a deferral window but don't. 9 | # 10 | # v1.0 11 | # https://github.com/scriptsandthings 12 | # 13 | # Greg Knackstedt 14 | # 8.31.2022 15 | # 16 | ################## 17 | echo "----------------" 18 | echo "Deleting Apple Software Update preferences..." 19 | rm -fv /Library/Preferences/com.apple.SoftwareUpdate.plist 20 | echo "----------------" 21 | -------------------------------------------------------------------------------- /Bash/Apple/DefaultsWriteCurrentUser_Jamf.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | #################### 4 | #################### 5 | # 6 | # Greg Knackstedt 7 | # gmknacks(AT)gmail.com 8 | # https://github.com/scriptsandthings/ 9 | # 10 | #################### 11 | #################### 12 | # 13 | # DefaultsWriteCurrentUser_Jamf.sh 14 | # 15 | # For information on how to use defaults write refer to the man page 16 | # man defaults 17 | # 18 | # Use the defaults write command to change a defined setting in a .plist for the current user 19 | # Uses Jamf script parameters for portability 20 | # 21 | # By defining script parameters $4, $5, $6, and $7, the following example command 22 | # would be executed targeting the currently logged in user 23 | # 24 | # defaults write com.apple.desktopservices.plist DSDontWriteNetworkStores true 25 | # 26 | ############################################################ 27 | #################### Script Parameters ##################### 28 | ############################################################ 29 | # 30 | # $4 - Define path to directory containing .plist within the user directory 31 | # Do not include an opening / or trailing / in the path 32 | # Example: Preferences 33 | # 34 | # $5 - Define .plist file to target 35 | # You use the full file name including the file extension 36 | # Example: com.apple.desktopservices.plist 37 | # 38 | # $6 - Define the string to target with defaults write 39 | # Example: DSDontWriteNetworkStores 40 | # 41 | # $7 - Define value to set for the string 42 | # Example: true 43 | # 44 | ################ Default Variable Declaration ################ 45 | # 46 | # Identify currently logged in user 47 | CurrentUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}') 48 | # 49 | # Current date 50 | # echo "Date stamp - $DateStamp" 51 | # $ Date stamp - 01.26.2020 52 | DateStamp=$(date +"%m.%d.%Y") 53 | # 54 | # Current date and time to seconds 55 | # $ Date time stamp - 01.26.2020_09.53.52 56 | # echo "Date time stamp - $DateTimeStamp" 57 | DateTimeStamp=$(date "+%m.%d.%Y_%H.%M.%S") 58 | # 59 | # Backup $TargetFileFull name 60 | BackupFileExt="backup.$CurrentUser.$DateTimeStamp.plist" 61 | # 62 | # Where to place backups 63 | BackupDir="/Users/Shared/bin/Backup" 64 | # 65 | # Define the current user's home directory 66 | UserHome="/Users/$CurrentUser" 67 | # 68 | # Define current user's /Library/Preferences/ folder 69 | UserLib="$UserHome/Library" 70 | # 71 | # Define path to directory containing .plist within the user directory 72 | # Example: Preferences/Microsoft 73 | PlistDir="$4/" 74 | # 75 | # Define .plist file to target 76 | # Example: com.apple.desktopservices.plist 77 | TargetFileName=$5 78 | # 79 | # Combine above to define the full path to the target plist for current console UserDefaultsWrite 80 | TargetFileFull="$UserLib/$PlistDir/$TargetFileName" 81 | # 82 | # Define string to target with defaults write 83 | # Example: DSDontWriteNetworkStores 84 | TargetString=$6 85 | # 86 | # Define value to set $TargetString 87 | TargetStringValue=$7 88 | # 89 | ################ Functions ################ 90 | # 91 | # Make a local backup of the target TargetFileFull to BackupDir 92 | function MakeBackup 93 | { 94 | echo "------------------------" 95 | echo "Making backup copy of $TargetFileName." 96 | echo "The backup will be saved here:" 97 | echo "$BackupDir/$TargetFileName.$BackupFileExt" 98 | echo "" 99 | ditto "$TargetFileFull" "$BackupDir"/"$TargetFileName"."$BackupFileExt" 100 | } 101 | # 102 | # Call defaults write to apply the defined value to the defined string in the targeted .plist for current user 103 | function UserDefaultsWrite 104 | { 105 | defaults write $TargetFileFull $TargetString $TargetStringValue 106 | } 107 | # 108 | # Set ownership of plist to $CurrentUser:staff 109 | function RepairOwnership 110 | { 111 | chown -Rf $CurrentUser:staff $TargetFileFull 112 | } 113 | # 114 | # Restart services for CFPreferences and NSUserDefaults 115 | function ApplyChange 116 | { 117 | killall cfprefsd 118 | } 119 | # 120 | ################ Script ################ 121 | # 122 | MakeBackup 123 | UserDefaultsWrite 124 | RepairOwnership 125 | ApplyChange 126 | -------------------------------------------------------------------------------- /Bash/Apple/Enable_Location_Services.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #enabling location services 4 | /usr/bin/defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd LocationServicesEnabled -int 1 5 | 6 | uuid=$(/usr/sbin/system_profiler SPHardwareDataType | grep "Hardware UUID" | cut -c22-57) 7 | /usr/bin/defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd.$uuid LocationServicesEnabled -int 1 8 | -------------------------------------------------------------------------------- /Bash/Apple/FinderViewCurrentUserPlistBuddy_Jamf.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Greg Knackstedt 4 | # gmknacks(AT)gmail.com 5 | # https://github.com/scriptsandthings/ 6 | # 7 | # FinderViewCurrentUserPlistBuddy_Jamf.sh 8 | # 9 | # Based on Jamf Script option $4 and a value of "true" or "false" the following is set: 10 | # 11 | # To improve SMB performance in macOS, 12 | # it is recommended to disable file and icon previews in Finder. 13 | # This script removes current file and icon preview settings in Finder, 14 | # then sets the following 15 | # 16 | # Cover-flow View - preview carousel 17 | # Icon View - icon preview 18 | # List Vies - icon preview 19 | # Column View - icon preview 20 | # Column View - preview column 21 | # 22 | ################ Variables ################ 23 | # 24 | # Identify currently logged in user 25 | CurrentUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}') 26 | # Set location of PlistBuddy 27 | PlistBuddy=/usr/libexec/PlistBuddy 28 | # Set location of current users com.apple.finder.plist 29 | UserPlist=/Users/$CurrentUser/Library/Preferences/com.apple.finder.plist 30 | # 31 | # Define if value will be "$FinderPreviewSettingValue" true or false 32 | # This is set using Jamf script paramiter 4 33 | FinderPreviewSettingValueValue=$4 34 | ################ functions ############### 35 | # 36 | # Clear current Finder preview settings 37 | function ClearFinderPreviewSettingValues 38 | { 39 | # Delete the existing cover-flow preview setting 40 | $PlistBuddy -c 'Delete StandardViewSettings:ExtendedListViewSettings:showIconPreview' $UserPlist; 41 | # Delete the existing icon preview setting 42 | $PlistBuddy -c 'Delete StandardViewSettings:IconViewSettings:showIconPreview' $UserPlist; 43 | # Delete the existing list icon preview setting 44 | $PlistBuddy -c 'Delete StandardViewSettings:ListViewSettings:showIconPreview' $UserPlist; 45 | # Delete the existing column icon preview setting 46 | $PlistBuddy -c 'Delete StandardViewOptions:ColumnViewOptions:ShowIconThumbnails' $UserPlist; 47 | # Delete the existing column preview column setting 48 | $PlistBuddy -c 'Delete StandardViewOptions:ColumnViewOptions:ColumnShowIcons' $UserPlist; 49 | } 50 | # 51 | # Set Finder preview settings to disabled 52 | function SetFinderPreviewSettingValues 53 | { 54 | #Reset the cover-flow preview setting to off 55 | $PlistBuddy -c 'Add StandardViewSettings:ExtendedListViewSettings:showIconPreview bool "$FinderPreviewSettingValue"' $UserPlist; 56 | #Reset the icon preview setting to off 57 | $PlistBuddy -c 'Add StandardViewSettings:IconViewSettings:showIconPreview bool "$FinderPreviewSettingValue"' $UserPlist; 58 | #Reset the list icon preview setting to off 59 | $PlistBuddy -c 'Add StandardViewSettings:ListViewSettings:showIconPreview bool "$FinderPreviewSettingValue"' $UserPlist; 60 | #Reset the column icon preview setting to off 61 | $PlistBuddy -c 'Add StandardViewOptions:ColumnViewOptions:ShowIconThumbnails bool "$FinderPreviewSettingValue"' $UserPlist; 62 | #Reset the column preview column setting to off 63 | $PlistBuddy -c 'Add StandardViewOptions:ColumnViewOptions:ColumnShowIcons bool "$FinderPreviewSettingValue"' $UserPlist; 64 | } 65 | # Set ownership of plist to CurrentUser:staff 66 | function RepairOwnership 67 | { 68 | chown -R $CurrentUser:staff $UserPlist 69 | } 70 | # 71 | # Restart services for CFPreferences and NSUserDefaults, then relaunch Finder to apply change 72 | function ApplyChange 73 | { 74 | killall cfprefsd 75 | } 76 | # 77 | ################ Script ################ 78 | ClearFinderPreviewSettingValues 79 | SetFinderPreviewSettingValues 80 | RepairOwnership 81 | ApplyChange 82 | -------------------------------------------------------------------------------- /Bash/Apple/List_All_Installed_Apps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | ####################### 3 | # 4 | # List_All_Installed_Apps.sh v1.2 5 | # 6 | # Finds and lists all installed applications on a Mac. 7 | # Short script to list all .app bundles on a Mac using Spotlight to search the contents of /Applications/. 8 | # Apple applications are excluded using the com.apple.* bundle identifier. 9 | # Greg Knackstedt 10 | # 6.10.2022 11 | # 12 | ###################### 13 | # 14 | mdfind -onlyin /Applications/ '(kMDItemCFBundleIdentifier != "com.apple.*" && kMDItemKind == "Application")' | sort -g 15 | -------------------------------------------------------------------------------- /Bash/Apple/List_All_Installed_Apps_Except_Adobe.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | ####################### 3 | # 4 | # List_All_Installed_Apps_Except_Adobe.sh v1.3 5 | # 6 | # Finds and lists all installed applications on a Mac. 7 | # Short script to list all .app bundles on a Mac using Spotlight to search the contents of /Applications/. 8 | # Apple applications are excluded using the com.apple.* bundle identifier. 9 | # Adobe applications are excluded using the com.adobe.* bundle identifier. 10 | # Greg Knackstedt 11 | # 6.10.2022 12 | # 13 | ###################### 14 | # 15 | mdfind -onlyin /Applications/ '(kMDItemCFBundleIdentifier != "com.apple.*" && kMDItemCFBundleIdentifier != "com.adobe.*") && kMDItemKind == "Application"' | sort -g 16 | -------------------------------------------------------------------------------- /Bash/Apple/List_All_User_Installed_Apps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | ####################### 3 | # 4 | # List_All_User_Installed_Apps.sh v1.2 5 | # 6 | # Finds and lists all installed applications on a Mac within the /Applications/ and /Users/ directories. 7 | # Short script to list all .app bundles on a Mac using Spotlight to search the contents of the /Applications/ and /Users/ directories. 8 | # Apple applications are excluded using the com.apple.* bundle identifier. 9 | # Greg Knackstedt 10 | # 6.10.2022 11 | # 12 | ###################### 13 | # 14 | mdfind -onlyin /Applications/ -onlyin /Users/ '(kMDItemCFBundleIdentifier != "com.apple.*" && kMDItemKind == "Application")' | sort -g 15 | -------------------------------------------------------------------------------- /Bash/Apple/List_All_User_Installed_Apps_Except_Adobe.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | ####################### 3 | # 4 | # List_All_User_Installed_Apps_Except_Adobe.sh v1.3 5 | # 6 | # Finds and lists all installed applications on a Mac within the /Applications/ and /Users/ directories. 7 | # Short script to list all .app bundles on a Mac using Spotlight to search the contents of the /Applications/ and /Users/ directories. 8 | # Apple applications are excluded using the com.apple.* bundle identifier. 9 | # Adobe applications are excluded using the com.adobe.* bundle identifier. 10 | # Greg Knackstedt 11 | # 6.10.2022 12 | # 13 | ###################### 14 | # 15 | mdfind -onlyin /Applications/ -onlyin /Users/ '(kMDItemCFBundleIdentifier != "com.apple.*" && kMDItemCFBundleIdentifier != "com.adobe.*") && kMDItemKind == "Application"' | sort -g 16 | -------------------------------------------------------------------------------- /Bash/Apple/Set_Automatic_Time_and_Timezone_Update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #enabling location services 4 | /usr/bin/defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd LocationServicesEnabled -int 1 5 | 6 | uuid=$(/usr/sbin/system_profiler SPHardwareDataType | grep "Hardware UUID" | cut -c22-57) 7 | /usr/bin/defaults write /var/db/locationd/Library/Preferences/ByHost/com.apple.locationd.$uuid LocationServicesEnabled -int 1 8 | 9 | #configure automatic timezone 10 | /usr/bin/defaults write /Library/Preferences/com.apple.timezone.auto Active -bool YES 11 | /usr/bin/defaults write /private/var/db/timed/Library/Preferences/com.apple.timed.plist TMAutomaticTimeOnlyEnabled -bool YES 12 | /usr/bin/defaults write /private/var/db/timed/Library/Preferences/com.apple.timed.plist TMAutomaticTimeZoneEnabled -bool YES 13 | /usr/sbin/systemsetup -setusingnetworktime on 14 | /usr/sbin/systemsetup -gettimezone 15 | /usr/sbin/systemsetup -getnetworktimeserver 16 | -------------------------------------------------------------------------------- /Bash/Apple/System_Prefs_Standard_Allow_Users_Access_v1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # System_Prefs_Standard_Allow_Users_Access_v1.sh 3 | # 4 | ################################################## 5 | # 6 | # key: SettingsExtensions 7 | # 8 | # com.apple.Accessibility-Settings.extension 9 | # com.apple.AirDrop-Handoff-Settings.extension 10 | # com.apple.Battery-Settings.extension 11 | # com.apple.BluetoothSettings 12 | # com.apple.CD-DVD-Settings.extension 13 | # com.apple.ClassKit-Settings.extension 14 | # com.apple.Classroom-Settings.extension 15 | # com.apple.ControlCenter-Settings.extension 16 | # com.apple.Date-Time-Settings.extension 17 | # com.apple.Desktop-Settings.extension 18 | # com.apple.Displays-Settings.extension 19 | # com.apple.ExtensionsPreferences 20 | # com.apple.Family-Settings.extension 21 | # com.apple.Focus-Settings.extension 22 | # com.apple.Game-Center-Settings.extension 23 | # com.apple.Game-Controller-Settings.extension 24 | # com.apple.HeadphoneSettings 25 | # com.apple.Internet-Accounts-Settings.extension 26 | # com.apple.Keyboard-Settings.extension 27 | # com.apple.Localization-Settings.extension 28 | # com.apple.Lock-Screen-Settings.extension 29 | # com.apple.LoginItems-Settings.extension 30 | # com.apple.Mouse-Settings.extension 31 | # com.apple.Network-Settings.extension 32 | # com.apple.NetworkExtensionSettingsUI.NESettingsUIExtension 33 | # com.apple.Notifications-Settings.extension 34 | # com.apple.Passwords-Settings.extension 35 | # com.apple.Print-Scan-Settings.extension 36 | # com.apple.Screen-Time-Settings.extension 37 | # com.apple.ScreenSaver-Settings.extension 38 | # com.apple.Sharing-Settings.extension 39 | # com.apple.Siri-Settings.extension 40 | # com.apple.Software-Update-Settings.extension 41 | # com.apple.Sound-Settings.extension 42 | # com.apple.Startup-Disk-Settings.extension 43 | # com.apple.Time-Machine-Settings.extension 44 | # com.apple.Touch-ID-Settings.extension 45 | # com.apple.Trackpad-Settings.extension 46 | # com.apple.Transfer-Reset-Settings.extension 47 | # com.apple.Users-Groups-Settings.extension 48 | # com.apple.WalletSettingsExtension 49 | # com.apple.Wallpaper-Settings.extension 50 | # com.apple.settings.Storage 51 | # com.apple.systempreferences.AppleIDSettings 52 | # com.apple.wifi-settings-extension 53 | # 54 | ################################################## 55 | # 56 | # Add staff to lpadmin group 57 | /usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin 58 | 59 | # Unlock System Prefs first 60 | /usr/bin/security authorizationdb write system.preferences allow 61 | 62 | # Unlock Print and Fax 63 | /usr/bin/security authorizationdb write system.preferences.printing allow 64 | /usr/bin/security authorizationdb write system.print.operator allow 65 | 66 | # Unlock Energy Saver 67 | /usr/bin/security authorizationdb write system.preferences.energysaver allow 68 | 69 | # Unlock WiFi 70 | /usr/bin/security authorizationdb write com.apple.wifi allow 71 | /usr/bin/security authorizationdb write system.preferences.network allow 72 | /usr/bin/security authorizationdb write system.services.systemconfiguration.network allow 73 | 74 | # Unlock Date and Time 75 | /usr/bin/security authorizationdb write system.preferences.datetime allow 76 | /usr/bin/security authorizationdb write system.preferences.dateandtime.changetimezone allow 77 | 78 | exit 79 | -------------------------------------------------------------------------------- /Bash/Apple/chflags_hidden_nohidden_v1.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # 3 | # 4 | ############################################### 5 | # 6 | # chflags_hidden_nohidden_v1.zsh 7 | # A script to hide or un-hide a file/folder/app/whatever from appearing within the macOS Finder GUI via Jamf Pro. 8 | # 9 | # 10 | # Greg Knackstedt 11 | # 2.19.2023 12 | # shitttyscripts@gmail.com 13 | # https://github.com/scriptsandthings/ 14 | # 15 | ############################################### 16 | # 17 | # Variables 18 | # Path to file/app/whatever to hide or un-hide from Finder 19 | filePath="${4:-"/System/Applications/Utilities/AirPort Utility.app"}" 20 | # 21 | # hidden / nohidden 22 | chflagsMode="${5:-"hidden"}" 23 | # 24 | ############################################### 25 | # 26 | # Run chflags command with variables above 27 | chflags "${chflagsMode}" "${filePath}" 28 | # 29 | # exit 30 | exit 0 31 | -------------------------------------------------------------------------------- /Bash/Crowdstrike/Crowdstrike_Falcon_Uninstall_With_Token_Prompt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ##################################### 3 | ##################################### 4 | # Script to be used with Jamf Self Service to uninstall Crowdstrike Falcon, displaying a GUI prompt for the user to enter the Mac's unique maintenance token 5 | # 6 | # v1.0 7 | # 3.7.2022 8 | # 9 | # Greg Knackstedt 10 | # shitttyscripts@gmail.com 11 | # https://github.com/scriptsandthings/ 12 | # 13 | ###### Things to add/fix with this script in the future ##### 14 | # 1. Add logic that allows the script to run the uninstall command without the -t --maintenance-token flags for systems that the system/kernel extensions 15 | # are no longer loaded or damaged, which causes the Crowdstrike uninstall protection to no longer be enforced, resulting in an error if those flags 16 | # are passed at the time the uninstall command is run. 17 | # 18 | # 2. Valid exit codes/messages passed to the log via echo for display in the Jamf policy log based on the result of the uninstall attempt, 19 | # instead of just copping out by saying "Uninstall complete", throwing an exit 0, and relying on the person 20 | # running the policy to figure out if it was successful or not by completing an addtional task/check manually outside of Self Service. 21 | # 22 | ##################################### 23 | ##################################### 24 | # 25 | # Display a prompt in the GUI to ask the user for the maintenance token using osascript 26 | token=$( /usr/bin/osascript <${apiData}" ${jssHost}/JSSResource/computergroups/id/${groupID} 54 | 55 | # expire the auth token 56 | /usr/bin/curl "$jssHost/uapi/auth/invalidateToken" \ 57 | -s \ 58 | -X POST \ 59 | -H "Authorization: Bearer $token" 60 | -------------------------------------------------------------------------------- /Bash/Jamf/API/Jamf_StaticGroup_AddComputer_PromptForGroupAndSerial.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | ############################################################################### 3 | ############################################################################### 4 | # Add A Mac To A Static Group - Prompt For Group And Serial.sh 5 | ############################################################################### 6 | # v1.0 7 | # 3.14.2022 8 | # Greg Knackstedt 9 | # shitttyscripts@gmail.com 10 | # https://github.com/gknackstedt/ 11 | ############################################################################### 12 | # 13 | # This script leverages bash, the Jamf API, and bearer token authentication. 14 | # 15 | # A script to allow users without Jamf admin access to add Macs to 16 | # static groups using a Self Service Policy, by selecting the static group from a list, 17 | # then entering the target Mac's serial number. 18 | # 19 | # The script will attempt to add the Mac to the selected group, then displays 20 | # a dialog to the user informing them of it's success or HTTP error code received when 21 | # attempting to interact with the Jamf API. 22 | # 23 | # The script will attempt to login to whichever JSS server the Mac calling the policy is enrolled in, 24 | # using credentials defined by $4 and $5. 25 | # If you manage multiple JSS instances, it may be more prudent to define this via policy/script 26 | # variable $6. 27 | # 28 | ############################################################################### 29 | # API User Permission Requirements: 30 | # Smart Computer Groups - Read 31 | # Static Computer Groups - Read, Modify 32 | # 33 | ############################################################################## 34 | ############################################################################## 35 | # Suggested Jamf Policy Option Labels: 36 | # 37 | # $4 - Jamf API Username: 38 | # $5 - Jamf API Password: 39 | # $6 - Jamf Server Address (optional) - Enter address without trailing / - Example: https://jamfserver.jamfcloud.com 40 | ############################################################################## 41 | ############################################################################## 42 | ############################## Define Variables ############################## 43 | ############################################################################## 44 | ## Check if the variables have been provided and prompt for them if missing 45 | # If a JSS URL is not provided, the script will use the address the system it's executing on 46 | # is enrolled with. 47 | apiUser="$4" 48 | if [[ -z $apiUser ]]; then 49 | read -p "Username:" apiUser 50 | fi 51 | apiPass="$5" 52 | if [[ -z $apiPass ]]; then 53 | read -sp "Password:" apiPass 54 | fi 55 | jssHost="$6" 56 | if [[ -z $jssHost ]]; then 57 | jssHost=$( /usr/bin/defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url ) 58 | else 59 | jssHost="$6" 60 | fi 61 | # 62 | # 63 | # created base64-encoded credentials 64 | encodedCredentials=$( printf "$apiUser:$apiPass" | /usr/bin/iconv -t ISO-8859-1 | /usr/bin/base64 -i - ) 65 | # 66 | # generate an auth token 67 | authToken=$( /usr/bin/curl $jssHost"uapi/auth/tokens" \ 68 | -s \ 69 | -X POST \ 70 | -H "Authorization: Basic $encodedCredentials" ) 71 | # 72 | # parse authToken for token, omit expiration 73 | token=$( /usr/bin/awk -F \" '{ print $4 }' <<< "$authToken" | /usr/bin/xargs ) 74 | # 75 | # 76 | httpCodes="200 Request successful 77 | 201 Request to create or update object successful 78 | 400 Bad request 79 | 401 Authentication failed 80 | 403 Invalid permissions 81 | 404 Object/resource not found 82 | 409 Conflict 83 | 500 Internal server error" 84 | # 85 | ############################################################################## 86 | ############################### Run Functions ################################ 87 | ############################################################################## 88 | # 89 | # get list of static groups 90 | computerGroupXML=$( /usr/bin/curl $jssHost"JSSResource/computergroups" \ 91 | -s \ 92 | -X GET \ 93 | -H "Authorization: Bearer $token" \ 94 | -H 'Accept: text/xml' ) 95 | # 96 | ############################################################################## 97 | # 98 | # Parse the XML for static groups only 99 | staticGroupList=$( /usr/bin/xpath -e "//is_smart[text()='false']/preceding-sibling::name/text()" 2>&1 <<< "$computerGroupXML" | /usr/bin/sed 's/-- NODE --//g;' | /usr/bin/tail -n +3 | sed -e '/^[[:blank:]]*$/d' | /usr/bin/sort ) 100 | # 101 | # Display a dialog to choose a group and endcode for HTTP submission 102 | pickTheGroup="choose from list every paragraph of \"$staticGroupList\" with title \"Select The Group To Modify\" with prompt \"Choose ONE group to add a Mac to...\" multiple selections allowed false empty selection allowed false" 103 | # 104 | staticGroupName=$( /usr/bin/osascript -e "$pickTheGroup" | /usr/bin/sed -e 's/ /%20/g' ) 105 | # 106 | # display dialog to prompt for the target Mac's serial number 107 | gatherSerial="display dialog \"Enter target the Mac's serial number:\" default answer \"\" with title \"Define The Mac To Add\" buttons {\"Cancel\", \"OK\"} default button {\"OK\"}" 108 | # 109 | results=$( /usr/bin/osascript -e "$gatherSerial" ) 110 | serialNumber=$( echo "$results" | /usr/bin/awk -F "text returned:" '{print $2}' ) 111 | # 112 | ############################################################################## 113 | # 114 | # Set XML data to remove Mac from group by serial number 115 | apiDataAddToGroup=""$serialNumber"" 116 | # 117 | ## curl call to the API to Remove the Mac to the provided group ID by doing a PUT of the 118 | addComputer=$( curl \ 119 | -s \ 120 | -f \ 121 | -w "%{http_code}" \ 122 | -X PUT \ 123 | -H "Authorization: Bearer $token" \ 124 | -H 'Accept: application/json' \ 125 | -H "Content-Type: text/xml" \ 126 | -d "${apiDataAddToGroup}" $jssHost"JSSResource/computergroups/name/"$staticGroupName ) 127 | ############################################################################## 128 | ############################################################################## 129 | ############################################################################## 130 | # 131 | # Evaluate HTTP status code from curl attempt 132 | resultStatus=${addComputer: -3} 133 | code=$( /usr/bin/grep "$resultStatus" <<< "$httpCodes" ) 134 | # 135 | # Expire the Auth Token since we're done with it 136 | expireToken=$( /usr/bin/curl $jssHost"uapi/auth/invalidateToken" \ 137 | -s \ 138 | -X POST \ 139 | -H "Authorization: Bearer $token" ) 140 | # 141 | $expireToken 142 | # 143 | # Display status dialog based on HTTP status code 144 | if [ "$code" = "201 Request to create or update object successful" ]; 145 | then 146 | displayResults="display dialog \"$serialNumber was added to the static group successfully\" with title \"Mac Successfully Added To Group\" buttons {\"OK\"} default button {\"OK\"}" 147 | /usr/bin/osascript -e "$displayResults" 148 | exit 0 149 | else 150 | displayResults="display dialog \"Error Modifying Group: $code\" with title \"Error Modifying Group\" buttons {\"OK\"} default button {\"OK\"}" 151 | /usr/bin/osascript -e "$displayResults" 152 | fi 153 | # 154 | exit 0 155 | -------------------------------------------------------------------------------- /Bash/Jamf/API/Jamf_StaticGroup_AddComputer_PromptForSerial.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | ####################################################################### 3 | ###################################################################### 4 | # Add A Mac To A Static Group Via Self Service Prompt For Serial Number 5 | # via self service. 6 | # Uses Bearer Token Authentication To The JSS 7 | # 8 | # v1.0 9 | # 3.7.2022 10 | # 11 | # Greg Knackstedt 12 | # https://github.com/gknackstedt/ 13 | # shitttyscripts@gmail.com 14 | # 15 | ################################ 16 | ###################################################################### 17 | ############## Define Variable Block ################################# 18 | ###################################################################### 19 | ## Check if the variables have been provided, ask for them if not 20 | apiUser="$4" 21 | if [[ -z $apiUser ]]; then 22 | read -p "Username:" apiUser 23 | fi 24 | apiPass="$5" 25 | if [[ -z $apiPass ]]; then 26 | read -sp "Password:" apiPass 27 | fi 28 | groupID="$6" 29 | if [[ -z $groupID ]]; then 30 | read -p "Group ID Number:" groupID 31 | fi 32 | # 33 | # Find system's JSS URL 34 | jssHost=$( /usr/bin/defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url ) 35 | 36 | # created base64-encoded credentials 37 | encodedCredentials=$( printf "$apiUser:$apiPass" | /usr/bin/iconv -t ISO-8859-1 | /usr/bin/base64 -i - ) 38 | 39 | # generate an auth token 40 | authToken=$( /usr/bin/curl "$jssHost/uapi/auth/tokens" \ 41 | -s \ 42 | -X POST \ 43 | -H "Authorization: Basic $encodedCredentials" ) 44 | 45 | # parse authToken for token, omit expiration 46 | token=$( /usr/bin/awk -F \" '{ print $4 }' <<< "$authToken" | /usr/bin/xargs ) 47 | serialNumberCheck="/tmp/JamfAPI/jpsStaticGroupSerialCheck.txt" 48 | filePath="/tmp/JamfAPI/" 49 | loop="Continue" 50 | oops1Dialog="SORRY! Either the Serial Number entered: " 51 | oops2Dialog=" was incorrect or that device is not currently being managed by Jamf Pro. Please check the Mac's serial number and try again." 52 | addAnotherDialog="Would you like to add another Mac?" 53 | mainDialog="Please Enter the Serial Number of the Mac to add to the "$groupName" Group (format: XX123456)" 54 | appTitle="Add computer to the Static Group "$groupName"" 55 | xmlContentType="Content-Type: application/xml" 56 | computersAPI="JSSResource/computers" 57 | computerIDAPI="/JSSResource/computergroups/id/" 58 | apiDataAddToGroup="${targetGroupID}" 59 | 60 | ###################################################################### 61 | ################# Define Functions Block ############################# 62 | ###################################################################### 63 | 64 | file_Check() { 65 | mkdir -p "$filePath" 66 | if [ -f "$serialNumberCheck" ] 67 | then 68 | rm -rf "$serialNumberCheck" 69 | fi 70 | } 71 | 72 | get_List() { 73 | curl \ 74 | -s $jssHost"JSSResource/computers" \ 75 | -H 'Accept: application/xml' \ 76 | -H "Authorization: Bearer $token" \ 77 | > "$serialNumberCheck" 78 | } 79 | 80 | add_Devices() { 81 | serialNumber=$(osascript <" 99 | curl \ 100 | -s \ 101 | -f \ 102 | -X PUT \ 103 | -H "Authorization: Bearer $token" \ 104 | -H 'Accept: application/json' \ 105 | -H "Content-Type: text/xml" \ 106 | -d "$apiData" $jssHost"JSSResource/computergroups/id/"$groupID 107 | fi 108 | } 109 | 110 | device_Loop() { 111 | loop=$(osascript <${apiData}" ${jssHost}/JSSResource/computergroups/id/${groupID} 54 | 55 | # expire the auth token 56 | /usr/bin/curl "$jssHost/uapi/auth/invalidateToken" \ 57 | -s \ 58 | -X POST \ 59 | -H "Authorization: Bearer $token" 60 | -------------------------------------------------------------------------------- /Bash/Jamf/API/Jamf_StaticGroup_RemoveComputer_PromptForGroupAndSerial.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | ############################################################################### 3 | ############################################################################### 4 | # Remove A Mac From A Static Group - Prompt For Group And Serial.sh 5 | ############################################################################### 6 | # v1.0 7 | # 3.14.2022 8 | # Greg Knackstedt 9 | # shitttyscripts@gmail.com 10 | # https://github.com/gknackstedt/ 11 | ############################################################################### 12 | # 13 | # This script leverages bash, the Jamf API, and bearer token authentication. 14 | # 15 | # A script to allow users without Jamf admin access to remove Macs from 16 | # static groups using a Self Service Policy, by selecting the static group from a list, 17 | # then entering the target Mac's serial number. 18 | # 19 | # The script will attempt to remove the Mac from the selected group, then displays 20 | # a dialog to the user informing them of it's success or HTTP error code received when 21 | # attempting to interact with the Jamf API. 22 | # 23 | # The script will attempt to login to whichever JSS server the Mac calling the policy is enrolled in, 24 | # using credentials defined by $4 and $5. 25 | # If you manage multiple JSS instances, it may be more prudent to define this via policy/script 26 | # variable $6. 27 | # 28 | ############################################################################### 29 | # API User Permission Requirements: 30 | # Smart Computer Groups - Read 31 | # Static Computer Groups - Read, Modify 32 | # 33 | ############################################################################## 34 | ############################################################################## 35 | # Suggested Jamf Policy Option Labels 36 | # 37 | # $4 - Jamf API Username: 38 | # $5 - Jamf API Password: 39 | # $6 - Jamf Server Address (optional) - Enter address without trailing / - Example: https://jamfserver.jamfcloud.com 40 | ############################################################################## 41 | ############################################################################## 42 | ############################## Define Variables ############################## 43 | ############################################################################## 44 | ## Check if the variables have been provided and prompt for them if missing 45 | # If a JSS URL is not provided, the script will use the address the system it's executing on 46 | # is enrolled with. 47 | apiUser="$4" 48 | if [[ -z $apiUser ]]; then 49 | read -p "Username:" apiUser 50 | fi 51 | apiPass="$5" 52 | if [[ -z $apiPass ]]; then 53 | read -sp "Password:" apiPass 54 | fi 55 | jssHost="$6" 56 | if [[ -z $jssHost ]]; then 57 | jssHost=$( /usr/bin/defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url ) 58 | else 59 | jssHost="$6" 60 | fi 61 | # 62 | # 63 | # created base64-encoded credentials 64 | encodedCredentials=$( printf "$apiUser:$apiPass" | /usr/bin/iconv -t ISO-8859-1 | /usr/bin/base64 -i - ) 65 | # 66 | # generate an auth token 67 | authToken=$( /usr/bin/curl $jssHost"uapi/auth/tokens" \ 68 | -s \ 69 | -X POST \ 70 | -H "Authorization: Basic $encodedCredentials" ) 71 | # 72 | # parse authToken for token, omit expiration 73 | token=$( /usr/bin/awk -F \" '{ print $4 }' <<< "$authToken" | /usr/bin/xargs ) 74 | # 75 | # 76 | httpCodes="200 Request successful 77 | 201 Request to create or update object successful 78 | 400 Bad request 79 | 401 Authentication failed 80 | 403 Invalid permissions 81 | 404 Object/resource not found 82 | 409 Conflict 83 | 500 Internal server error" 84 | # 85 | ############################################################################## 86 | ############################### Run Functions ################################ 87 | ############################################################################## 88 | # 89 | # get list of static groups 90 | computerGroupXML=$( /usr/bin/curl $jssHost"JSSResource/computergroups" \ 91 | -s \ 92 | -X GET \ 93 | -H "Authorization: Bearer $token" \ 94 | -H 'Accept: text/xml' ) 95 | # 96 | ############################################################################## 97 | # 98 | # Parse the XML for static groups only 99 | staticGroupList=$( /usr/bin/xpath -e "//is_smart[text()='false']/preceding-sibling::name/text()" 2>&1 <<< "$computerGroupXML" | /usr/bin/sed 's/-- NODE --//g;' | /usr/bin/tail -n +3 | sed -e '/^[[:blank:]]*$/d' | /usr/bin/sort ) 100 | # 101 | # Display a dialog to choose a group and endcode for HTTP submission 102 | pickTheGroup="choose from list every paragraph of \"$staticGroupList\" with title \"Select The Group To Modify\" with prompt \"Choose ONE group to remove a Mac from...\" multiple selections allowed false empty selection allowed false" 103 | # 104 | staticGroupName=$( /usr/bin/osascript -e "$pickTheGroup" | /usr/bin/sed -e 's/ /%20/g' ) 105 | # 106 | # display dialog to prompt for the target Mac's serial number 107 | gatherSerial="display dialog \"Enter target the Mac's serial number:\" default answer \"\" with title \"Define The Mac To Remove\" buttons {\"Cancel\", \"OK\"} default button {\"OK\"}" 108 | # 109 | results=$( /usr/bin/osascript -e "$gatherSerial" ) 110 | serialNumber=$( echo "$results" | /usr/bin/awk -F "text returned:" '{print $2}' ) 111 | # 112 | ############################################################################## 113 | # 114 | # Set XML data to remove Mac from group by serial number 115 | apiDataDeleteFromGroup=""$serialNumber"" 116 | # 117 | ## curl call to the API to Remove the Mac to the provided group ID by doing a PUT of the 118 | deleteComputer=$( curl \ 119 | -s \ 120 | -f \ 121 | -w "%{http_code}" \ 122 | -X PUT \ 123 | -H "Authorization: Bearer $token" \ 124 | -H 'Accept: application/json' \ 125 | -H "Content-Type: text/xml" \ 126 | -d "${apiDataDeleteFromGroup}" $jssHost"JSSResource/computergroups/name/"$staticGroupName ) 127 | ############################################################################## 128 | ############################################################################## 129 | ############################################################################## 130 | # 131 | # Evaluate HTTP status code from curl attempt 132 | resultStatus=${deleteComputer: -3} 133 | code=$( /usr/bin/grep "$resultStatus" <<< "$httpCodes" ) 134 | # 135 | # Expire the Auth Token since we're done with it 136 | expireToken=$( /usr/bin/curl $jssHost"uapi/auth/invalidateToken" \ 137 | -s \ 138 | -X POST \ 139 | -H "Authorization: Bearer $token" ) 140 | # 141 | $expireToken 142 | # 143 | # Display status dialog based on HTTP status code 144 | if [ "$code" = "201 Request to create or update object successful" ]; 145 | then 146 | displayResults="display dialog \"$serialNumber was removed from the static group successfully\" with title \"Mac Successfully Removed From Group\" buttons {\"OK\"} default button {\"OK\"}" 147 | /usr/bin/osascript -e "$displayResults" 148 | exit 0 149 | else 150 | displayResults="display dialog \"Error Modifying Group: $code\" with title \"Error Modifying Group\" buttons {\"OK\"} default button {\"OK\"}" 151 | /usr/bin/osascript -e "$displayResults" 152 | fi 153 | # 154 | exit 0 155 | -------------------------------------------------------------------------------- /Bash/Jamf/API/Jamf_StaticGroup_RemoveComputer_PromptForSerial.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | ####################################################################### 3 | ###################################################################### 4 | # Remove A Mac From A Static Group Via Self Service Prompt For Serial Number 5 | # via Self Service. 6 | # Uses Bearer Token Authentication To The JSS 7 | # 8 | # v1.0 9 | # 3.7.2022 10 | # 11 | # Greg Knackstedt 12 | # https://github.com/gknackstedt/ 13 | # shitttyscripts@gmail.com 14 | # 15 | ###################################################################### 16 | ############## Define Variable Block ################################# 17 | ###################################################################### 18 | ## Check if the variables have been provided, ask for them if not 19 | apiUser="$4" 20 | if [[ -z $apiUser ]]; then 21 | read -p "Username:" apiUser 22 | fi 23 | apiPass="$5" 24 | if [[ -z $apiPass ]]; then 25 | read -sp "Password:" apiPass 26 | fi 27 | groupID="$6" 28 | if [[ -z $groupID ]]; then 29 | read -p "Group ID Number:" groupID 30 | fi 31 | # 32 | # Find system's JSS URL 33 | jssHost=$( /usr/bin/defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url ) 34 | 35 | # created base64-encoded credentials 36 | encodedCredentials=$( printf "$apiUser:$apiPass" | /usr/bin/iconv -t ISO-8859-1 | /usr/bin/base64 -i - ) 37 | 38 | # generate an auth token 39 | authToken=$( /usr/bin/curl "$jssHost/uapi/auth/tokens" \ 40 | -s \ 41 | -X POST \ 42 | -H "Authorization: Basic $encodedCredentials" ) 43 | 44 | # parse authToken for token, omit expiration 45 | token=$( /usr/bin/awk -F \" '{ print $4 }' <<< "$authToken" | /usr/bin/xargs ) 46 | serialNumberCheck="/tmp/JamfAPI/jpsStaticGroupSerialCheck.txt" 47 | filePath="/tmp/JamfAPI/" 48 | loop="Continue" 49 | oops1Dialog="SORRY! Either the Serial Number entered: " 50 | oops2Dialog=" was incorrect or that device is not currently being managed by Jamf Pro. Please check the Mac's serial number and try again." 51 | addAnotherDialog="Would you like to remove another Mac?" 52 | mainDialog="Please Enter the Serial Number of the Mac to remove from the "$groupName" Group (format: XX123456)" 53 | appTitle="Remove computer from the Static Group "$groupName"" 54 | xmlContentType="Content-Type: application/xml" 55 | computersAPI="JSSResource/computers" 56 | computerIDAPI="/JSSResource/computergroups/id/" 57 | apiDataAddToGroup="${targetGroupID}" 58 | 59 | ###################################################################### 60 | ################# Define Functions Block ############################# 61 | ###################################################################### 62 | 63 | file_Check() { 64 | mkdir -p "$filePath" 65 | if [ -f "$serialNumberCheck" ] 66 | then 67 | rm -rf "$serialNumberCheck" 68 | fi 69 | } 70 | 71 | get_List() { 72 | curl \ 73 | -s $jssHost"JSSResource/computers" \ 74 | -H 'Accept: application/xml' \ 75 | -H "Authorization: Bearer $token" \ 76 | > "$serialNumberCheck" 77 | } 78 | 79 | add_Devices() { 80 | serialNumber=$(osascript <" 98 | curl \ 99 | -s \ 100 | -f \ 101 | -X PUT \ 102 | -H "Authorization: Bearer $token" \ 103 | -H 'Accept: application/json' \ 104 | -H "Content-Type: text/xml" \ 105 | -d "$apiData" $jssHost"JSSResource/computergroups/id/"$groupID 106 | fi 107 | } 108 | 109 | device_Loop() { 110 | loop=$(osascript <" | sed 's/\|/ /'|awk '{print $2}') 27 | 28 | OSInfo=$(sw_vers) 29 | 30 | HardwareInfo=$(/usr/sbin/system_profiler SPHardwareDataType) 31 | 32 | SN=`system_profiler SPHardwareDataType | awk '/Serial/ {print $4}' 2>&1` 33 | 34 | en0=`ipconfig getifaddr en0 2>&1` 35 | 36 | en1=`ipconfig getifaddr en1 2>&1` 37 | 38 | en2=`ipconfig getifaddr en2 2>&1` 39 | 40 | VPN=$(/sbin/ifconfig "utun0" 2>/dev/null | \ 41 | /usr/bin/sed -n -e 's|^[[:space:]]*inet \([0-9.]*\).*|\1|p' 2>&1) 42 | 43 | VPN1=$(/sbin/ifconfig "utun1" 2>/dev/null | \ 44 | /usr/bin/sed -n -e 's|^[[:space:]]*inet \([0-9.]*\).*|\1|p' 2>&1) 45 | 46 | VPN2=$(/sbin/ifconfig "utun2" 2>/dev/null | \ 47 | /usr/bin/sed -n -e 's|^[[:space:]]*inet \([0-9.]*\).*|\1|p' 2>&1) 48 | 49 | GPD=$(/sbin/ifconfig "gpd0" 2>/dev/null | \ 50 | /usr/bin/sed -n -e 's|^[[:space:]]*inet \([0-9.]*\).*|\1|p' 2>&1) 51 | 52 | GPD1=$(/sbin/ifconfig "gpd1" 2>/dev/null | \ 53 | /usr/bin/sed -n -e 's|^[[:space:]]*inet \([0-9.]*\).*|\1|p' 2>&1) 54 | 55 | if [ "$en0" = "get if addr en0 failed, (os/kern) failure" ]; then 56 | 57 | en0="unavailable" 58 | 59 | fi 60 | 61 | if [ "$en1" = "get if addr en1 failed, (os/kern) failure" ]; then 62 | 63 | en1="unavailable" 64 | 65 | fi 66 | 67 | if [ "$en2" = "get if addr en1 failed, (os/kern) failure" ]; then 68 | 69 | en2="unavailable" 70 | 71 | fi 72 | 73 | 74 | /usr/bin/osascript << EOF 75 | 76 | tell application "Finder" 77 | 78 | activate 79 | 80 | display dialog "$Timestamp" & return & return & "$OSInfo" & return & return & "Current User:" & return & "$CurrentConsoleUser" & return & return & "Serial Number:" & return & "$SN" & return & return & "GlobalProtect VPN IP Address:" & return & "$GP_IP" & return & "$GPD" & return & "$GPD1" & return & return & "Wifi and Ethernet IP Addresses:" & return & "$en0" & return & "$en1" & return & "$en2" & return & return & "Cisco AnyConnect VPN IP Addresses:" & return &"$VPN" & return & "$VPN1" & return & "$VPN2" buttons {"OK"} with icon caution 81 | 82 | end tell 83 | 84 | EOF 85 | 86 | 87 | exit 0 88 | -------------------------------------------------------------------------------- /Bash/Jamf/Self Service/Display_Network_Info.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # 3 | ScriptName="Display_Network_Info" 4 | # 5 | # 6 | # NOTE: This script can only be executed on systems running macOS Monterey (and presumably versions after Monterey). 7 | # Previous versions of macOS do not include the "networkQuality" binary, which will cause the script to spit back an error. 8 | # 9 | # 10 | # This script displays an AppleScript dialog showing the current date/time, the Mac's serial number, 11 | # the version and build number of macOS installed on the system, the shortname of the currently logged in user, 12 | # the Mac's current IP addresses of the default Ethernet and Airport interfaces (by just showing the first couple enX addresses), 13 | # as well as IP addresses for Cisco AnyConnect and Palo Alto GlobalProtect VPN. 14 | # Script also runs the "networkQuality" command to test upload/download speeds, 15 | # displaying the results via an AppleScript dialog. 16 | # 17 | # The output isn't beautiful or anything, but it's nice information to have. 18 | # 19 | # v1.0 20 | # 3.8.2022 21 | # 22 | # Greg Knackstedt 23 | # https://github.com/gknackstedt/ 24 | # shitttyscripts@gmail.com 25 | # 26 | Timestamp=$(date) 27 | 28 | CurrentConsoleUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}') 29 | 30 | GP_IP=$(ifconfig | grep -e "-->" | sed 's/\|/ /'|awk '{print $2}') 31 | 32 | OSInfo=$(sw_vers) 33 | 34 | HardwareInfo=$(/usr/sbin/system_profiler SPHardwareDataType) 35 | 36 | SN=`system_profiler SPHardwareDataType | awk '/Serial/ {print $4}' 2>&1` 37 | 38 | en0=`ipconfig getifaddr en0 2>&1` 39 | 40 | en1=`ipconfig getifaddr en1 2>&1` 41 | 42 | en2=`ipconfig getifaddr en2 2>&1` 43 | 44 | en3=`ipconfig getifaddr en3 2>&1` 45 | 46 | en4=`ipconfig getifaddr en4 2>&1` 47 | 48 | VPN=$(/sbin/ifconfig "utun0" 2>/dev/null | \ 49 | /usr/bin/sed -n -e 's|^[[:space:]]*inet \([0-9.]*\).*|\1|p' 2>&1) 50 | 51 | VPN1=$(/sbin/ifconfig "utun1" 2>/dev/null | \ 52 | /usr/bin/sed -n -e 's|^[[:space:]]*inet \([0-9.]*\).*|\1|p' 2>&1) 53 | 54 | VPN2=$(/sbin/ifconfig "utun2" 2>/dev/null | \ 55 | /usr/bin/sed -n -e 's|^[[:space:]]*inet \([0-9.]*\).*|\1|p' 2>&1) 56 | 57 | GPD=$(/sbin/ifconfig "gpd0" 2>/dev/null | \ 58 | /usr/bin/sed -n -e 's|^[[:space:]]*inet \([0-9.]*\).*|\1|p' 2>&1) 59 | 60 | GPD1=$(/sbin/ifconfig "gpd1" 2>/dev/null | \ 61 | /usr/bin/sed -n -e 's|^[[:space:]]*inet \([0-9.]*\).*|\1|p' 2>&1) 62 | 63 | if [ "$en0" = "get if addr en0 failed, (os/kern) failure" ]; then 64 | 65 | en0="en0 unavailable" 66 | 67 | fi 68 | 69 | if [ "$en1" = "get if addr en1 failed, (os/kern) failure" ]; then 70 | 71 | en1="en1 unavailable" 72 | 73 | fi 74 | 75 | if [ "$en2" = "get if addr en2 failed, (os/kern) failure" ]; then 76 | 77 | en2="en2 unavailable" 78 | 79 | fi 80 | 81 | if [ "$en3" = "get if addr en3 failed, (os/kern) failure" ]; then 82 | 83 | en3="en3 unavailable" 84 | 85 | fi 86 | 87 | if [ "$en4" = "get if addr en4 failed, (os/kern) failure" ]; then 88 | 89 | en4="en4 unavailable" 90 | 91 | fi 92 | 93 | /usr/bin/osascript << EOF 94 | set testResults to do shell script "networkQuality -v" 95 | 96 | tell application "Finder" 97 | 98 | activate 99 | 100 | display dialog "------- $ScriptName -------" & return & return & "Test ran on: $Timestamp" & return & return & "Serial Number: $SN" & return & "Current User: $CurrentConsoleUser" & return & return & "Network Speed Test Results:" & testResults & return & return & "Wifi and Ethernet IP Addresses:" & return & "$en0" & return & "$en1" & return & "$en2" & return & "$en3" & return & "$en4" & return & return & "GlobalProtect VPN IP Address:" & return & "$GP_IP" & return & "$GPD" & return & "$GPD1" & return & return & "Cisco AnyConnect VPN IP Address:" & return &"$VPN" & return & "$VPN1" & return & "$VPN2" buttons {"OK"} with icon caution 101 | 102 | end tell 103 | 104 | EOF 105 | 106 | 107 | exit 0 108 | -------------------------------------------------------------------------------- /Bash/Jamf/Self Service/User_Cache_And_Saved_App_State_Reset.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | 3 | # Clears files from /Users/$CurrentUser/Library/Caches, and /Users/$CurrentUser/Library/Saved Application State/ 4 | # for the currently logged in user. 5 | # 6 | # Created by Greg Knackstedt on 4.10.18. 7 | 8 | #Current user 9 | CurrentUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}') 10 | 11 | #clear user caches 12 | rm -Rf /Users/$CurrentUser/Library/Caches/* 13 | #clear saved application state 14 | rm -Rf /Users/$CurrentUser/Library/Saved\ Application\ State/* 15 | 16 | exit 17 | -------------------------------------------------------------------------------- /Bash/Nudge/Nudge_Reset_Deferrals_And_Preferences.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | ####################### 3 | ####################### 4 | # 5 | # Greg Knackstedt 6 | # 9.2.2021 7 | # https://github.com/scriptsandthings/ 8 | # 9 | # To be used with the Nudge utility for updating macOS. 10 | # Resets a system's deferrals, and local preferences. 11 | # 12 | ####################### 13 | ####################### 14 | # 15 | # Remove Nudge system wide preferences 16 | rm -fv /Library/Preferences/com.github.macadmins.Nudge.plist 17 | # Remove Nuge plist from all user directories 18 | rm -fv /Users/*/Library/Preferences/com.github.macadmins.Nudge.plist 19 | exit 0 20 | -------------------------------------------------------------------------------- /Bash/Palo Alto/Install_GlobalProtect_from_portal_Windows_untested.ps1: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | ############################################################################### 3 | # Install GlobalProtect VPN Client - Windows.ps1 4 | ############################################################################### 5 | # v1.0a 6 | # 9.18.2023 7 | # Greg Knackstedt 8 | # shitttyscripts@gmail.com 9 | # https://github.com/shitttyscripts/ 10 | ############################################################################### 11 | # 12 | # This script leverages PowerShell to automate the installation of the Palo Alto GlobalProtect VPN client on Windows. 13 | # 14 | # The script will download the GlobalProtect MSI installer from a given VPN portal. 15 | # The portal can be either manually set via Intune or Microsoft Endpoint Manager script variables 16 | # or automatically detected from the existing GlobalProtect configuration in the Windows Registry. 17 | # 18 | # The installer is then run to install the GlobalProtect client. 19 | # Finally, the downloaded installer is removed to clean up. 20 | # 21 | # This script is intended to be deployed via Microsoft Intune and expects the VPN portal address to be 22 | # provided via custom script parameters or variables within Intune. 23 | # 24 | # If the VPN portal address is not provided, the script will look in the Windows Registry to try 25 | # to determine the current portal address. 26 | # 27 | ############################################################################### 28 | # Intune Script Parameters: 29 | # TODO: Define any custom parameters or variables to be used within Intune, if applicable. 30 | # 31 | # Note: The VPN portal address will be automatically detected if not provided. 32 | # 33 | ############################################################################### 34 | ############################################################################### 35 | ################################# Script Body ################################# 36 | ############################################################################### 37 | 38 | # Set default VPN portal, replace with Intune parameter if available. 39 | $vpnPortal = "default-portal-address" 40 | 41 | # TODO: Replace this with fetching the VPN portal from Intune parameters, if applicable. 42 | # e.g., $vpnPortal = $Env:vpnPortalFromIntune 43 | 44 | # Check if the registry entry exists for GlobalProtect portal 45 | if (Test-Path "HKLM:\SOFTWARE\Palo Alto Networks\GlobalProtect\PanSetup") { 46 | $regPortal = Get-ItemProperty -Path "HKLM:\SOFTWARE\Palo Alto Networks\GlobalProtect\PanSetup" -Name "PanPortalList" -ErrorAction SilentlyContinue 47 | if ($null -ne $regPortal.PanPortalList) { 48 | $vpnPortal = $regPortal.PanPortalList 49 | } 50 | } 51 | 52 | # Download the GlobalProtect.msi from the VPN portal 53 | Invoke-WebRequest -Uri "https://$vpnPortal/global-protect/msi/GlobalProtect.msi" -OutFile "$env:TEMP\GlobalProtect.msi" 54 | 55 | # Install GlobalProtect 56 | Start-Process "msiexec.exe" -ArgumentList "/i $env:TEMP\GlobalProtect.msi /quiet" -Wait 57 | 58 | # Remove the downloaded installer 59 | Remove-Item -Path "$env:TEMP\GlobalProtect.msi" -Force 60 | -------------------------------------------------------------------------------- /Bash/Palo Alto/Install_GlobalProtect_from_portal_macOS.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ############################################################################### 3 | ############################################################################### 4 | # Install GlobalProtect VPN Client - macOS.sh 5 | ############################################################################### 6 | # v1.0 7 | # 9.18.2023 8 | # Greg Knackstedt 9 | # shitttyscripts@gmail.com 10 | # https://github.com/shitttyscripts/ 11 | ############################################################################### 12 | # 13 | # This script leverages bash to automate the installation of the Palo Alto GlobalProtect VPN client on macOS. 14 | # 15 | # The script will download the GlobalProtect installer package from a given VPN portal. 16 | # The portal can be either manually set via Jamf Pro script variables or automatically detected 17 | # from the existing GlobalProtect configuration plist. 18 | # 19 | # The installer package is then run to install the GlobalProtect client. 20 | # Finally, the downloaded installer package is removed to clean up. 21 | # 22 | # The script is intended to be deployed via Jamf Pro and expects the VPN portal address to be 23 | # provided via the $4 script parameter in the Jamf Pro admin interface. 24 | # 25 | # If the VPN portal address is not provided, the script will look in the GlobalProtect configuration plist 26 | # to try to determine the current portal address. The plist is checked in both system-wide and user-specific 27 | # library folders. 28 | # 29 | ############################################################################### 30 | # Jamf Pro Script Parameters: 31 | # $4 - VPN Portal Address (optional): The address of the VPN portal, e.g., "vpn-portal.domain.org". 32 | # 33 | # Note: The VPN portal address will be automatically detected if not provided. 34 | # 35 | ############################################################################### 36 | ############################################################################### 37 | ################################# Script Body ################################# 38 | ############################################################################### 39 | CurrentConsoleUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}') 40 | # Check if $4 is set and use it as vpnPortal 41 | if [[ -n "$4" ]]; then 42 | vpnPortal="$4" 43 | else 44 | # Try to read system-wide plist first 45 | plistPath="/Library/Preferences/com.paloaltonetworks.GlobalProtect.plist" 46 | if [[ -f $plistPath ]]; then 47 | vpnPortal=$( /usr/libexec/PlistBuddy -c "Print :PanPortalList:0" $plistPath 2>/dev/null ) 48 | else 49 | # Fall back to the current user's home directory 50 | plistPath="/Users/$CurrentConsoleUser/Library/Preferences/com.paloaltonetworks.GlobalProtect.client.plist" 51 | if [[ -f $plistPath ]]; then 52 | vpnPortal=$( /usr/libexec/PlistBuddy -c "Print :PanPortalList:0" $plistPath 2>/dev/null ) 53 | fi 54 | fi 55 | 56 | # Check if vpnPortal is still empty or null 57 | if [[ -z "$vpnPortal" ]]; then 58 | echo "Error: No VPN portal address found in plist or in \$4." 59 | exit 1 60 | fi 61 | fi 62 | 63 | # Download the GlobalProtect.pkg from the VPN portal 64 | curl -o /tmp/GlobalProtect.pkg "https://$vpnPortal/global-protect/msi/GlobalProtect.pkg" 65 | 66 | # Run the downloaded .pkg installer 67 | sudo installer -allowUntrusted -pkg /tmp/GlobalProtect.pkg -target / 68 | 69 | # Remove the downloaded installer from the /tmp/ directory 70 | rm -f /tmp/GlobalProtect.pkg 71 | 72 | # Exit 73 | exit 0 74 | -------------------------------------------------------------------------------- /Bash/ReadMe.md: -------------------------------------------------------------------------------- 1 | # These are provided only as basic examples to build upon when crafting a solution that best fits your environment and needs. 2 | 3 | By no means is anything here to be taken as a best practice suggestion. 4 | 5 | ### API access should be highly restricted, if allowed at all. 6 | 7 | #### If you're going to use the Jamf API, it is important to take steps to be as secure as possible. 8 | 9 | I would suggest looking at the API authentication options presented at the link below, by user [macnotes](https://github.com/macnotes/) rather then the methods given in any of these examples. 10 | 11 | https://github.com/macnotes/jamfscripts/tree/main/jamfpro/getJamfApiCredentials 12 | 13 | # Always test before using, never test in prod, use these at your own risk. 14 | -------------------------------------------------------------------------------- /Bash/SMB Shares/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## For additional info on Apple's proprietary implementation of SMB file sharing, smbx 2 | 3 | Visit my dedicated repo on smbx for additional information and scripts to help wrangle smbx into something usable in the creative space. 4 | 5 | https://github.com/scriptsandthings/macOS_smbx_things 6 | -------------------------------------------------------------------------------- /Bash/SMB Shares/SMB_Share_Stats_Display.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # SMB_Share_Stats_Display.sh 4 | # 5 | # Displays current smb mountpoint stats using AppleScript 6 | # 7 | # v1.0 8 | # 3.8.2022 9 | # 10 | # The output isn't beautiful or anything, but it's nice information to have. 11 | # 12 | # Greg Knackstedt 13 | # https://github.com/gknackstedt/ 14 | # shitttyscripts@gmail.com 15 | # 16 | # 17 | ShowSMBStatus=$(smbutil statshares -a) 18 | Timestamp=$(date) 19 | 20 | /usr/bin/osascript << EOF 21 | 22 | tell application "Finder" 23 | 24 | activate 25 | 26 | display dialog "SMB share status for $USER at $Timestamp" & return & return & "NOTE: If formatting is difficult to read, copy/paste results into a text editor." & return & return & "$ShowSMBStatus" buttons {"================================================= Dismiss ================================================="} with icon caution 27 | 28 | end tell 29 | 30 | EOF 31 | 32 | 33 | exit 0 34 | -------------------------------------------------------------------------------- /Bash/Snippits/Current Console User.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # 3 | # Use scutil to identify the currently logged in user 4 | CurrentConsoleUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}') 5 | # Echo current logged in user to terminal output 6 | echo "$CurrentConsoleUser" 7 | # 8 | exit 0 9 | -------------------------------------------------------------------------------- /Bash/Snippits/Jamf Script Logging Functions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Greg Knackstedt 3 | # 2.14.2020 4 | # v1.1 5 | # 6 | # Functions to write a local log file 7 | # Tested on macOS 10.12-10.15 8 | # 9 | # Just put this into your script or something.. that's how I'm going to use it for now. 10 | # 11 | ScriptName="Script Name.sh" 12 | # 13 | ################### Log File Parameters ################### 14 | # 15 | # Current date and time to seconds 16 | # $DateTimeStampFull - Date time stamp - 01-26-2020_09:53:52 17 | DateTimeStampFull=$(date "+%m.%d.%Y_%H.%M.%S") 18 | # 19 | # Name of log file - Script name + Date time stamp.txt 20 | LogFileName="$ScriptName - $DateTimeStampFull.txt" 21 | # 22 | # Name of company for common directory in /Library/ 23 | CompanyName="Company Name" 24 | # 25 | # Log file directory 26 | LogDir="/Library/$CompanyName/logs" 27 | # 28 | # Log file name 29 | LogFile="$LogDir"/"$LogFileName" 30 | # Identify currently logged in user 31 | CurrentUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}') 32 | # 33 | # Jamf binary version 34 | JamfVersion=$(/usr/local/jamf/bin/jamf version) 35 | # 36 | # System Serial Number 37 | SystemSN=$(ioreg -c IOPlatformExpertDevice -d 2 | awk -F\" '/IOPlatformSerialNumber/{print $(NF-1)}') 38 | # 39 | ################### Log File Functions ################### 40 | # 41 | # Write Local Log file 42 | function LocalScriptLoggingEnabled 43 | { 44 | mkdir -p "$LogDir" 45 | touch "$LogFile" 46 | echo "$LogFile" 47 | exec 3>&1 4>&2 # Save standard output and standard error 48 | exec 1>>"$LogFile" # Redirect standard output to logFile 49 | exec 2>>"$LogFile" # Redirect standard error to logFile 50 | echo "########################## Begin Log ##########################" >> "$LogFile" 51 | echo "$ScriptName" >> "$LogFile" 52 | echo "$ScriptName" >> "$LogFile" 53 | echo "$CompanyName" >> "$LogFile" 54 | echo "$DateTimeStampFull" >> "$LogFile" 55 | echo "Current Console User: $CurrentUser" >> "$LogFile" 56 | echo "System Serial Number: $SystemSN" >> "$LogFile" 57 | } 58 | # Log Jamf script paramaters 59 | function LogJamfParams 60 | { 61 | echo "$4" >> "$LogFile" 62 | echo "$5" >> "$LogFile" 63 | echo "$6" >> "$LogFile" 64 | echo "$7" >> "$LogFile" 65 | echo "$8" >> "$LogFile" 66 | echo "$9" >> "$LogFile" 67 | echo "$10" >> "$LogFile" 68 | echo "$11" >> "$LogFile" 69 | } 70 | function JSSScriptLoggingEnabled 71 | { # Re-direct logging to the JSS 72 | LocalScriptLoggingEnabled "${1}" 73 | exec 1>&3 2>&4 74 | echo >&1 ${1} 75 | } 76 | ################### End Log File Functions ################### 77 | -------------------------------------------------------------------------------- /Bash/VMware/VMware_Horizon_Client_Install_via_Jamf.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | ################################# 3 | ################################# 4 | # Installs from a .dmg placed by a staging package into /Users/Shared/ 5 | # Set the .dmg name with Jamf Script option $4 6 | # This method of install ensures that USB device passthrough functions 7 | # without the need for local admin rights. 8 | # Script developed with feedback from VMware support, as they had not previously 9 | # recieved a request for a silent install method. 10 | # 11 | # Greg Knackstedt 12 | # https://github.com/scriptsandthings/ 13 | # 6.20.2021 14 | ################################# 15 | ################################# 16 | # 17 | # Remove VMware Horizon Client from /Applications/ 18 | rm -Rf /Applications/VMware\ Horizon\ Client.app 19 | # 20 | # Remove VMware Horizon Client files from /Library/Application Support/ 21 | rm -Rf /Library/Application\ Support/VMware/VMware\ Horizo* 22 | sleep 5 23 | # 24 | # Remove the quarantine bit from the .dmg prior to copy. 25 | # This step is essential in setting USB passthrough as enabled 26 | xattr -dr com.apple.quarantine /Users/Shared/"$4" 27 | # 28 | # Mount the DMG 29 | hdiutil attach /Users/Shared/"$4" -nobrowse 30 | sleep 10 31 | # 32 | # Copy the VMware Horizon Client.app to /Applications/ 33 | cp -pPR /Volumes/VMware\ Horizon\ Client/VMware\ Horizon\ Client.app /Applications/ 34 | sleep 10 35 | # 36 | # Unmount the .dmg 37 | hdiutil detach /Volumes/VMware\ Horizon\ Client 38 | sleep 5 39 | # 40 | # Clean up the staged .dmg 41 | rm -Rf /Users/Shared/"$4" 42 | # 43 | #Set the rights of the USB kexts and support files so they may be loaded by unprivileged users 44 | /Applications/VMware\ Horizon\ Client.app/Contents/Library/InitUsbServices.tool 45 | sleep 5 46 | # 47 | # Start Services - Not needed 48 | # sh /Applications/VMware\ Horizon\ Client.app/Contents/Library/services.sh --start 49 | exit 0 50 | -------------------------------------------------------------------------------- /Bash/z_To Rework/SwiftDefaultApps set with Jamf params.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | ######################################################## 3 | # 4 | # Script to use swda to set default applications for UTIs 5 | # as defined by Jamf parameters 6 | # 7 | # Note: I don't think this works, as it must be run under the local user context. Saving to be repositioned at a later date. 8 | # 9 | # swda_jamf_params.sh 10 | # 1.0 11 | # 2.13.2022 12 | # Greg Knackstedt 13 | # shitttyscripts@gmail.com 14 | # 15 | ######################################################## 16 | # 17 | # swda binary location 18 | swdaBinary="/usr/local/bin/swda" 19 | # find current console user 20 | CurrentConsoleUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}') 21 | # 22 | ######################################################## 23 | # 24 | # Define application to set as default 25 | AppPath1="$4" 26 | # 27 | # Set handler switch 28 | handlerSwitch="$5" 29 | # 30 | # Define App UTIs to assign to the application specified 31 | AppUTI1="$6" 32 | AppUTI2="$7" 33 | AppUTI3="$8" 34 | AppUTI4="$9" 35 | AppUTI5="$10" 36 | AppUTI6="$11" 37 | # 38 | ######################################################## 39 | # 40 | # Exit function 41 | # 42 | function NotifyScriptComplete 43 | { 44 | echo "##########################" 45 | echo "" 46 | echo "Defaults set for $AppPath1" 47 | echo "" 48 | echo "##########################" 49 | exit 0 50 | } 51 | # 52 | ######################################################## 53 | # 54 | # Set UTIs based on entered parameters in Jamf Pro 55 | # 56 | if [ "$handlerSwitch" = "UTI" ] 57 | then 58 | echo "##########################" 59 | echo "" 60 | echo "Setting $AppPath1 as default for $AppUTI1" 61 | echo "" 62 | echo "##########################" 63 | $swdaBinary setHandler --app $AppPath1 --UTI $AppUTI1 64 | if [ $AppUTI2 != "" ] 65 | then 66 | echo "##########################" 67 | echo "" 68 | echo "Setting $AppPath1 as default for $AppUTI2" 69 | echo "" 70 | echo "##########################" 71 | $swdaBinary setHandler --app $AppPath1 --UTI $AppUTI2 72 | if [ $AppUTI3 != "" ] 73 | then 74 | echo "##########################" 75 | echo "" 76 | echo "Setting $AppPath1 as default for $AppUTI3" 77 | echo "" 78 | echo "##########################" 79 | $swdaBinary setHandler --app $AppPath1 --UTI $AppUTI3 80 | if [ $AppUTI4 != "" ] 81 | then 82 | echo "##########################" 83 | echo "" 84 | echo "Setting $AppPath1 as default for $AppUTI4" 85 | echo "" 86 | echo "##########################" 87 | $swdaBinary setHandler --app $AppPath1 --UTI $AppUTI4 88 | if [ $AppUTI5 != "" ] 89 | then 90 | echo "##########################" 91 | echo "" 92 | echo "Setting $AppPath1 as default for $AppUTI5" 93 | echo "" 94 | echo "##########################" 95 | $swdaBinary setHandler --app $AppPath1 --UTI $AppUTI5 96 | if [ $AppUTI6 != "" ] 97 | then 98 | echo "##########################" 99 | echo "" 100 | echo "Setting $AppPath1 as default for $AppUTI6" 101 | echo "" 102 | echo "##########################" 103 | $swdaBinary setHandler --app $AppPath1 --UTI $AppUTI6 104 | NotifyScriptComplete 105 | else 106 | NotifyScriptComplete 107 | fi 108 | else 109 | NotifyScriptComplete 110 | fi 111 | else 112 | NotifyScriptComplete 113 | fi 114 | else 115 | NotifyScriptComplete 116 | fi 117 | else 118 | NotifyScriptComplete 119 | fi 120 | else 121 | if [ "$handlerSwitch" != "UTI" ] 122 | then 123 | echo "##########################" 124 | echo "" 125 | echo "Setting $AppPath1 as default for $handlerSwitch" 126 | echo "" 127 | echo "##########################" 128 | $swdaBinary setHandler --app $AppPath1 --$handlerSwitch 129 | echo "" 130 | echo "##########################" 131 | NotifyScriptComplete 132 | fi 133 | echo "##########################" 134 | echo "" 135 | echo "No app UTIs were entered for $AppPath1" 136 | echo "No changes made." 137 | echo "" 138 | echo "##########################" 139 | exit 0 140 | fi 141 | exit 0 142 | -------------------------------------------------------------------------------- /Configuration Profiles/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Configuration Profiles 2 | Configuration profiles for different applications 3 | 4 | 5 | ## Profiles 6 | 7 | [Nudge.app v1.1.7+ - Preference Domain: com.github.macadmins.nudge](https://github.com/scriptsandthings/Jamf_things/tree/master/Configuration%20Profiles/com.github.macadmins.nudge) 8 | 9 | [Microsoft Company Portal (Intune) - Preference Domain: com.microsoft.CompanyPortal.mac.ssoextenssion](https://github.com/scriptsandthings/Jamf_things/tree/master/Configuration%20Profiles/com.microsoft.CompanyPortalMac.ssoextension) 10 | 11 | [Mozilla Firefox - Preference Domain: org.mozilla.firefox](https://github.com/scriptsandthings/Jamf_things/tree/master/Configuration%20Profiles/org.mozilla.firefox) 12 | 13 | 14 | ### Navigation 15 | 16 | - [Scripts and Things Homepage](https://github.com/scriptsandthings) 17 | - [Jamf Things - Home](https://github.com/scriptsandthings/Jamf_things/tree/master) 18 | - [Scripts and Things - Jamf JSON Schemas Home](https://gregknackstedt/scriptsandthings_Jamf_JSON_Schemas) 19 | - [Jamf Things Documentation - Home](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation) 20 | -------------------------------------------------------------------------------- /Configuration Profiles/com.github.macadmins.nudge/12.4/Nudge - macOS Update Management - 12.4 - v3.3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/scriptsandthings/Jamf_things/1fa94b2a01e29cbbb52c43911d08ca1be4daac8f/Configuration Profiles/com.github.macadmins.nudge/12.4/Nudge - macOS Update Management - 12.4 - v3.3.png -------------------------------------------------------------------------------- /Configuration Profiles/com.github.macadmins.nudge/12.4/Nudge - macOS Update Management - 12.4 - v4.0.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | optionalFeatures 6 | 7 | acceptableCameraUsage 8 | 9 | acceptableScreenSharingUsage 10 | 11 | aggressiveUserExperience 12 | 13 | aggressiveUserFullScreenExperience 14 | 15 | asynchronousSoftwareUpdate 16 | 17 | attemptToBlockApplicationLaunches 18 | 19 | blockedApplicationBundleIDs 20 | 21 | com.adobe.Acrobat 22 | com.adobe.Acrobat.Pro 23 | com.adobe.acc.AdobeCreativeCloud 24 | com.adobe.illustrator 25 | com.adobe.indesign 26 | com.adobe.lightroomCC 27 | com.adobe.Photoshop 28 | com.adobe.PremierePro.18 29 | com.adobe.PremierePro.19 30 | com.adobe.PremierePro.20 31 | com.adobe.PremierePro.21 32 | com.adobe.PremierePro.22 33 | com.apple.configurator.ui 34 | com.apple.FaceTime 35 | com.apple.iPhoto 36 | com.apple.Keynote 37 | com.apple.Music 38 | com.apple.iWork.Numbers 39 | com.apple.iWork.Pages 40 | com.apple.Safari 41 | com.apple.Xcode 42 | com.apple.ActivityMonitor 43 | com.apple.Terminal 44 | com.autodesk.AutoCAD2017 45 | com.autodesk.AutoCAD2018 46 | com.autodesk.AutoCAD2019 47 | com.autodesk.AutoCAD2020 48 | com.autodesk.AutoCAD2021 49 | com.autodesk.AutoCAD2022 50 | com.autodesk.AutoCAD 51 | com.brave.Browser 52 | com.clo3d.security.clono 53 | org.jkiss.dbeaver.core.product 54 | com.dbeaver.product.enterprise 55 | com.dbeaver.product.ultimate 56 | com.hnc.Discord 57 | com.docker.docker 58 | org.eclipse.eclipse 59 | com.extensis.UniversalTypeClient 60 | com.macpaw.Gemini2 61 | com.github.GitHub 62 | com.google.Chrome 63 | com.google.sketchuppro 64 | com.jetbrains.intellij 65 | com.jetbrains.PhpStorm 66 | com.jetbrains.pycharm.ce 67 | com.jetbrains.pycharm 68 | com.jetbrains.WebStorm 69 | com.microsoft.edgemac 70 | com.microsoft.Excel 71 | com.microsoft.onenote.mac 72 | com.microsoft.Powerpoint 73 | com.microsoft.VSCode 74 | com.microsoft.Word 75 | org.mozilla.firefox 76 | com.oracle.workbench.MySQLWorkbench 77 | com.operasoftware.Opera 78 | com.pandora.desktop 79 | com.panic.Transmit 80 | com.parallels.desktop.console 81 | com.postmanlabs.mac 82 | com.tinyspeck.slackmacgap 83 | com.spotify.client 84 | com.tableausoftware.tableaudesktop 85 | org.torproject.torbrowser 86 | org.utmapp.UTM 87 | org.virutalbox.app.VirtualBox 88 | com.vivaldi.Vivaldi 89 | com.vmware.horizon 90 | 91 | enforceMinorUpdates 92 | 93 | 94 | osVersionRequirements 95 | 96 | 97 | aboutUpdateURL 98 | https://support.apple.com/en-us/HT212585 99 | actionButtonPath 100 | jamfselfservice://content?entity=policy&id=123456&action=view 101 | majorUpgradeAppPath 102 | jamfselfservice://content?entity=policy&id=123456&action=view 103 | requiredInstallationDate 104 | 2022-06-23T00:00:00Z 105 | requiredMinimumOSVersion 106 | 12.4 107 | targetedOSVersions 108 | 109 | 11.0.1 110 | 11.1 111 | 11.2 112 | 11.2.1 113 | 11.2.2 114 | 11.2.3 115 | 11.3 116 | 11.3.1 117 | 11.4 118 | 11.5 119 | 11.5.1 120 | 11.5.2 121 | 11.6 122 | 11.6.1 123 | 11.6.2 124 | 11.6.3 125 | 11.6.4 126 | 11.6.5 127 | 11.6.6 128 | 11.6.7 129 | 12.0.1 130 | 12.1 131 | 12.2 132 | 12.2.1 133 | 12.3 134 | 12.3.1 135 | 136 | targetedOSVersionsRule 137 | default 138 | 139 | 140 | userExperience 141 | 142 | allowGracePeriods 143 | 144 | allowUserQuitDeferrals 145 | 146 | allowedDeferrals 147 | 15 148 | allowedDeferralsUntilForcedSecondaryQuitButton 149 | 5 150 | approachingRefreshCycle 151 | 3600 152 | approachingWindowTime 153 | 96 154 | elapsedRefreshCycle 155 | 60 156 | gracePeriodInstallDelay 157 | 24 158 | gracePeriodLaunchDelay 159 | 4 160 | gracePeriodPath 161 | /private/var/db/.AppleSetupDone 162 | imminentRefreshCycle 163 | 120 164 | imminentWindowTime 165 | 48 166 | initialRefreshCycle 167 | 9000 168 | maxRandomDelayInSeconds 169 | 1200 170 | randomDelay 171 | 172 | 173 | userInterface 174 | 175 | actionButtonPath 176 | jamfselfservice://content?entity=policy&id=123456&action=view 177 | iconDarkPath 178 | /Applications/Install macOS Monterey.app/Contents/Resources/InstallAssistant.icns 179 | iconLightPath 180 | /Applications/Install macOS Monterey.app/Contents/Resources/InstallAssistant.icns 181 | showDeferralCount 182 | 183 | simpleMode 184 | 185 | singleQuitButton 186 | 187 | updateElements 188 | 189 | 190 | _language 191 | en 192 | actionButtonText 193 | Install Update Now 194 | customDeferralButtonText 195 | Select a Date and Time 196 | customDeferralDropdownText 197 | Schedule Reminder 198 | informationButtonText 199 | About This Update 200 | oneDayDeferralButtonText 201 | Tomorrow 202 | oneHourDeferralButtonText 203 | One Hour 204 | mainContentHeader 205 | Your Mac will need to reboot in order to complete update installation. 206 | mainContentNote 207 | Important Note About This Required Update 208 | mainContentSubHeader 209 | Updates may take up to 30-45 minutes to install 210 | mainContentText 211 | An fully up-to-date macOS is required to ensure that corporate IT can your accurately protect and support your Mac, so it can continue to provide you with the best user experience possible everyday.\n\nThis update must be installed on your Mac prior to Thursday June 23, 2022. If you do not update your Mac prior to the installation deadline, you may lose access to applications necessary for your day-to-day tasks until it is installed.\n\nTo begin the install now, simply click the blue “Install Update Now” button above and follow the provided steps. To schedule a reminder to install later, click “I Understand” or "Schedule Reminder" below. 212 | mainHeader 213 | macOS Monterey 12.4 update required 214 | primaryQuitButtonText 215 | Later 216 | secondaryQuitButtonText 217 | I Understand 218 | subHeader 219 | A friendly reminder from corporate IT 220 | 221 | 222 | 223 | 224 | 225 | -------------------------------------------------------------------------------- /Configuration Profiles/com.github.macadmins.nudge/12.4/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Nudge - macOS Update Management - 12.4 - v4.0.plist 2 | ### For Nudge version 1.1.7+ 3 | 4 | [Download Nudge - macOS Update Management - 12.4 - v4.0.plist](https://www.gregknackstedt.com/Jamf_things/Configuration%20Profiles/com.github.macadmins.nudge/12.4/Nudge%20-%20macOS%20Update%20Management%20-%2012.4%20-%20v4.0.plist) 5 | - Create one for Intel and one for Apple Silicon. 6 | - Configure platform specific policies in Jamf and point *actionButtonPath* and *majorUpgradeAppPath* to the platform specific Self Service policy URLs 7 | 8 | ![alt text](https://www.gregknackstedt.com/Jamf_things/Configuration%20Profiles/com.github.macadmins.nudge/12.4/Nudge%20-%20macOS%20Update%20Management%20-%2012.4%20-%20v3.3.png) 9 | 10 | # About this .plist 11 | 12 | ## Jamf Policy Examples / Scripts 13 | 14 | - [macOS Monterey 12.4 - Self Service policy - Apple Silicon](https://www.gregknackstedt.com/Jamf_things/Configuration%20Profiles/com.github.macadmins.nudge/12.4/macOS%20Monterey%2012.4%20-%20Self%20Service%20policy%20-%20Apple%20Silicon%20-%20v1/) 15 | - [macOS Monterey 12.4 - Self Service policy - Intel](https://www.gregknackstedt.com/Jamf_things/Configuration%20Profiles/com.github.macadmins.nudge/12.4/macOS%20Monterey%2012.4%20-%20Self%20Service%20policy%20-%20Intel%20-%20v1/) 16 | 17 | #### OPTIONAL: Pre-Install disk space notification policy 18 | - [macOS Monterey 12.4 - Self Service policy - Before script - Disk Space notification - v1.1.sh](https://www.gregknackstedt.com/Jamf_things/Configuration%20Profiles/com.github.macadmins.nudge/12.4/macOS%20Monterey%2012.4%20-%20Self%20Service%20policy%20-%20Before%20script%20-%20Disk%20Space%20notification%20-%20v1.1.sh) 19 | 20 | ## The following keys will need to be configured (or removed) depending on your environment. Also configure the iconLightPath / iconDarkPath if you'd like otherwise remove it if the OS isn't pre-cached prior to launching Nudge. 21 | 22 | **osVersionRequirements** 23 | - actionButtonPath - Self Service macOS Monterey Policy URL (architecture specific policies) - Install or View URL 24 | - majorUpgradeAppPath - Self Service macOS Monterey Policy URL (architecture specific policies) - Install or View URL 25 | - **requiredInstallationDate**: Set the Nudge / macOS update install deadline. *Currently set for June 23rd, 2022*: "2022-06-23T00:00:00Z" 26 | 27 | **userInterface** 28 | - actionButtonPath - Self Service macOS Monterey Policy URL (architecture specific policies) - Install or View URL 29 | - iconLightPath - If you wish to customize the logo used or don't pre-cache the Install macOS Monterey.app on your clients, update this. 30 | - iconDarkPath - If you wish to customize the logo used or don't pre-cache the Install macOS Monterey.app on your clients, update this. 31 | 32 | # .plist keys 33 | 34 | ### optionalFeatures - Configured 35 | - acceptableCameraUsage - Configured - true 36 | - acceptableScreenSharingUsage - Configured - true 37 | - aggressiveUserExperience - Configured - true 38 | - aggressiveUserFullScreenExperience - Configured - True 39 | - asynchronousSoftwareUpdate - Configured - true 40 | - attemptToBlockApplicationLaunches - Configured - true 41 | - attemptToFetchMajorUpgrade - Not Configured 42 | - enforceMinorUpdates - Configured - True 43 | - blockedApplicationBundleIDs - Configured 44 | ##### blockedApplicationBundleIDs: 45 | - Adobe Acrobat DC - com.adobe.Acrobat 46 | - Adobe Acrobat Pro - com.adobe.Acrobat.Pro 47 | - Adobe Creative Cloud Desktop - com.adobe.acc.AdobeCreativeCloud 48 | - Adobe Illustrator - com.adobe.Illustrator 49 | - Adobe InDesign - com.adobe.InDesign 50 | - Adobe Lightroom - com.adobe.lightroomCC 51 | - Adobe Photoshop - com.adobe.Photoshop 52 | - Adobe Premiere Pro 2018 - com.adobe.PremierePro.18 53 | - Adobe Premiere Pro 2019 - com.adobe.PremierePro.19 54 | - Adobe Premiere Pro 2020 - com.adobe.PremierePro.20 55 | - Adobe Premiere Pro 2021 - com.adobe.PremierePro.21 56 | - Adobe Premiere Pro 2022 - com.adobe.PremierePro.22 57 | - Apple Configurator - com.apple.configurator.ui 58 | - Apple FaceTime - com.apple.FaceTime 59 | - Apple iPhoto - com.apple.iPhoto 60 | - Apple Keynote - com.apple.Keynote 61 | - Apple Music - com.apple.Music 62 | - Apple Numbers - com.apple.iWork.Numbers 63 | - Apple Pages - com.apple.iWork.Pages 64 | - Apple Safari - com.apple.Safari 65 | - Apple Xcode - com.apple.Xcode 66 | - Apple/macOS Activity Monitor.app - com.apple.ActivityMonitor 67 | - Apple/macOS Terminal.app - com.apple.Terminal 68 | - AutoDesk AutoCAD - com.autodesk.AutoCAD 69 | - AutoDesk AutoCad 2017 - com.autodesk.AutoCAD2017 70 | - AutoDesk AutoCad 2018 - com.autodesk.AutoCAD2018 71 | - AutoDesk AutoCad 2019 - com.autodesk.AutoCAD2019 72 | - AutoDesk AutoCad 2020 - com.autodesk.AutoCAD2020 73 | - AutoDesk AutoCad 2021 - com.autodesk.AutoCAD2021 74 | - AutoDesk AutoCad 2022 - com.autodesk.AutoCAD2022 75 | - Brave Browser - com.brave.Browser 76 | - CLO_Network_OnlineAuth.app - com.clo3d.security.clono 77 | - DBeaver Community Edition - org.jkiss.dbeaver.core.product 78 | - DBeaver Enterprise - com.dbeaver.product.enterprise 79 | - DBeaver Ultimate - com.dbeaver.product.ultimate 80 | - Discord - com.hnc.Discord 81 | - Docker - com.docker.docker 82 | - Eclipse IDE - org.eclipse.eclipse 83 | - Extensis Universal Type Client - com.extensis.UniversalTypeClient 84 | - Gemini2 - com.macpaw.Gemini2 85 | - GitHub Desktop - com.github.GitHub 86 | - Google Chrome - com.google.Chrome 87 | - Google SketchUp - com.google.sketchuppro 88 | - JetBrains IntelliJ - com.jetbrains.intellij 89 | - JetBrains PHPStorm - com.jetbrains.PhpStorm 90 | - JetBrains PyCharm Community Edition - com.jetbrains.pycharm.ce 91 | - JetBrains PyCharm Professional - com.jetbrains.pycharm 92 | - JetBrains WebStorm - com.jetbrains.WebStorm 93 | - Microsoft Edge - com.microsoft.edgemac 94 | - Microsoft Excel - com.microsoft.Excel 95 | - Microsoft OneNote - com.microsoft.onenote.mac 96 | - Microsoft Powerpoint - com.microsoft.Powerpoint 97 | - Microsoft Visual Studio Code - com.microsoft.VSCode 98 | - Microsoft Word - com.microsoft.Word 99 | - Mozilla Firefox - org.mozilla.firefox 100 | - MySQLWorkbench - com.oracle.workbench.MySQLWorkbench 101 | - Opera - com.operasoftware.Opera 102 | - Pandora - com.pandora.desktop 103 | - Panic Transmit - com.panic.Transmit 104 | - Parallels Desktop - com.parallels.desktop.console 105 | - Postman - com.postmanlabs.mac 106 | - Slack - com.tinyspeck.slackmacgap 107 | - Spotify - com.spotify.client 108 | - Tableau Desktop - com.tableausoftware.tableaudesktop 109 | - Tor Browser - org.torproject.torbrowser 110 | - UTM - com.utmapp.UTM 111 | - VirtualBox - org.virtualbox.app.VirtualBox 112 | - Vivaldi - com.vivaldi.Vivaldi 113 | - VMware Horizon Client - com.vmware.horizon 114 | 115 | ### osVersionRequirements - Configured - macOS Monterey + macOS Big Sur Clients (targetedOSVersionsRule = default) 116 | - aboutUpdateURL - https://support.apple.com/en-us/HT212585 117 | - actionButtonPath - Configured - Self Service macOS Monterey Policy URL (architecture specific policies) - Install URL 118 | - majorUpgradeAppPath - Configured - Self Service macOS Monterey Policy URL (architecture specific policies) - Install URL 119 | - requiredInstallationDate - Configured - 2022-06-23T00:00:01Z 120 | - requiredMinimumOSVersion - Configured - 12.4 121 | - targetedOSVersions - Configured - 11.0.1 ,11.1 ,11.2 ,11.2.1 ,11.2.2 ,11.2.3 ,11.3 ,11.3.1 ,11.4 ,11.5 ,11.5.1 ,11.5.2 ,11.6 ,11.6.1 ,11.6.2 ,11.6.3 ,11.6.4 ,11.6.5 ,11.6.6 ,11.6.7 ,12.0.1 ,12.1 ,12.2 ,12.2.1 ,12.3 ,12.3.1 122 | - targetedOSVersionsRule - Configured - "default" 123 | 124 | ### userExperience - Configured 125 | - allowGracePeriods - Configured - true 126 | - allowUserQuitDeferrals - Configured - true 127 | - allowedDeferrals - Configured - 15 128 | - allowedDeferralsUntilForcedSecondaryQuitButton - Configured - 5 129 | - approachingRefreshCycle - Configured - 3600 130 | - approachingWindowTime - Configured - 96 131 | - elapsedRefreshCycle - Configured - 60 132 | - gracePeriodInstallDelay - Configured - 24 133 | - gracePeriodLaunchDelay - Configured - 4 134 | - gracePeriodPath - Configured - /private/var/db/.AppleSetupDone 135 | - imminentRefreshCycle - Configured - 120 136 | - imminentWindowTime - Configured - 48 137 | - initialRefreshCycle - Configured - 9000 138 | - maxRandomDelayInSeconds - Configured - 1200 139 | - randomDelay - Configured - false 140 | 141 | ## userInterface - Configured 142 | - actionButtonPath - Configured - Self Service macOS Monterey Policy URL (architecture specific policies) - Install URL 143 | - iconLightPath - Configured - "/Applications/Install macOS Monterey.app/Contents/Resources/InstallAssistant.icns" 144 | - iconDarkPath - Configured - "/Applications/Install macOS Monterey.app/Contents/Resources/InstallAssistant.icns" 145 | - showDeferralCount - Configured - true 146 | - simpleMode - Configured - false 147 | - singleQuitButton - Configured - false 148 | 149 | ### updateElements - Configured 150 | #### updateElement - Dictionary 1 151 | - language - Configured - "en" 152 | - actionButtonText - Configured - "Install Update Now" 153 | - customDeferralButtonText - Configured - "Select a Date and Time" 154 | - customDeferralDropdownText - Configured - "Schedule Reminder" 155 | - informationButtonText - Configured - "About This Update" 156 | - oneDayDeferralButtonText - Configured "Tomorrow" 157 | - oneHourDeferralButtonText - Configured - "One Hour" 158 | - mainContentHeader - Configured - "Your Mac will need to reboot in order to complete update installation." 159 | - mainContentNote - "An Important Note Regarding Required Updates" 160 | - mainContentSubHeader - Configured - "Updates may take up to 30-45 minutes to install" 161 | - mainContentText - Configured - "A fully up-to-date macOS is required to ensure that IT Support can your accurately protect and support your Mac, so it can continue to provide you with the best user experience possible everyday.\n\nThis update must be installed on your Mac prior to Thursday June 23rd, 2022. If you do not update your Mac prior to the installation deadline, you may lose access to applications necessary for your day-to-day tasks until it is installed.\n\nTo begin the install now, simply click the blue 'Install Update Now' button above and follow the provided steps. To schedule a reminder to install later, click 'I Understand' or 'Schedule Reminder' below." 162 | - mainHeader - Configured - "macOS Monterey 12.4 update required" 163 | - primaryQuitButtonText - Configured - "Later" 164 | - secondaryQuitButtonText - Configured - "I Understand" 165 | - subHeader - Configured - "A friendly reminder from corporate IT Support" 166 | -------------------------------------------------------------------------------- /Configuration Profiles/com.github.macadmins.nudge/12.4/macOS Monterey 12.4 - Self Service policy - Apple Silicon - v1.md: -------------------------------------------------------------------------------- 1 | # macOS Monterey 12.4 - Self Service policy - Apple Silicon - v1 2 | ## General 3 | ### Trigger 4 | 5 | None set 6 | 7 | ### Execution Frequency 8 | 9 | Ongoing 10 | 11 | macOS Monterey 12 4 - Self Service policy - Apple Silicon - v1 - General 12 | 13 | ## Packages 14 | ### Latest version of [erase-install-XX.xx.pkg](https://github.com/grahampugh/erase-install) by Graham Pugh 15 | **NOTE: We had issues with erase-install-26.1.pkg** and **reverted back to erase-install-26.0.pkg** and **haven't had issues since reverting to v26.0.** 16 | 17 | macOS Monterey 12 4 - Self Service policy - Apple Silicon - v1 - Packages 18 | 19 | 20 | ## Scripts 21 | ### [macOS Monterey 12.4 - Self Service policy - Before script - Disk Space notification - v1.sh](https://gregknackstedt.com/Jamf_things/Configuration%20Profiles/com.github.macadmins.nudge/macOS%20Monterey%2012.4%20-%20Self%20Service%20policy%20-%20Before%20script%20-%20Disk%20Space%20notification%20-%20v1.1.sh) 22 | 23 | ### Priority 24 | 25 | Before 26 | 27 | macOS Monterey 12 4 - Self Service policy - Apple Silicon - v1 - Scripts 28 | 29 | ## Files and Processes 30 | 31 | ### Execute Command 32 | 33 | > /Library/Management/erase-install/erase-install.sh --reinstall --build=21F79 --current-user --depnotify --fs --check-power --power-wait-limit 300 --min-drive-space=45 --cleanup-after-use 34 | 35 | macOS Monterey 12 4 - Self Service policy - Apple Silicon - v1 - Files and Processes 36 | -------------------------------------------------------------------------------- /Configuration Profiles/com.github.macadmins.nudge/12.4/macOS Monterey 12.4 - Self Service policy - Before script - Disk Space notification - v1.1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/scriptsandthings/Jamf_things/1fa94b2a01e29cbbb52c43911d08ca1be4daac8f/Configuration Profiles/com.github.macadmins.nudge/12.4/macOS Monterey 12.4 - Self Service policy - Before script - Disk Space notification - v1.1.png -------------------------------------------------------------------------------- /Configuration Profiles/com.github.macadmins.nudge/12.4/macOS Monterey 12.4 - Self Service policy - Before script - Disk Space notification - v1.1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | ############################# 4 | ############################# 5 | # 6 | # macOS Monterey 12.4 - Self Service policy - Before script - Disk Space notification - v1.1.sh 7 | # 8 | # Greg Knackstedt 9 | # shitttyscripts@gmail.com 10 | # 6.15.2022 11 | # 12 | # Script to use notify users that macOS Monterey 12.4 will require 45GB of free space on Macintosh HD prior to starting the update install. 13 | # Add to your Self Service macOS Monterey installation policy with a priority of 'Before". 14 | # 15 | ############################# 16 | ############################# 17 | loggedInUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }} ') 18 | jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" 19 | windowType="hud" 20 | description="IMPORTANT: The macOS Monterey 12.4 update requires 45GB of free space on Macintosh HD to complete installation. 21 | 22 | To continue installing the update now, select 'Install macOS' below and the macOS Monterey 12.4 update will begin installation shortly. This update can take upwards of 35-45 minutes to complete. If you are unable to perform this update at this time or do not currently have 45GB of available disk space, please select 'Cancel' to be prompted again later. 23 | 24 | If you attempt to run the macOS Monterey 12.4 update and encounter any issues such as the policy showing 'Complete' but the installer failing to launch, double check your available free space on Macintosh HD and attempt the update again using a wired network connection. 25 | 26 | If you require assistance, please contact corporate IT support by phone at 1-555-555-5555 or by email at support@email.address. 27 | 28 | *Please quit out of open applications and save all working documents before selecting 'Install macOS'." 29 | 30 | button1="Install macOS" 31 | button2="Cancel" 32 | icon="/Library/Application Support/branding_assets/AppIcons/logodir/solid_background/install.png" 33 | title="Important: macOS Monterey 12.4 requires 45GB free space" 34 | alignDescription="left" 35 | alignHeading="center" 36 | defaultButton="2" 37 | timeout="900" 38 | 39 | # JAMF Helper window as it appears for targeted computers 40 | userChoice=$("$jamfHelper" -windowType "$windowType" -lockHUD -title "$title" -timeout "$timeout" -defaultButton "$defaultButton" -icon "$icon" -description "$description" -alignDescription "$alignDescription" -alignHeading "$alignHeading" -button1 "$button1" -button2 "$button2") 41 | 42 | # If user selects "UPDATE" 43 | if [ "$userChoice" == "0" ]; then 44 | echo "User clicked Install macOS; now downloading and installing updates." 45 | # Install ALL available software and security updates 46 | # If user selects "Cancel" 47 | elif [ "$userChoice" == "2" ]; then 48 | echo "User clicked Cancel or timeout was reached; now exiting." 49 | exit 0 50 | fi 51 | exit 0 52 | -------------------------------------------------------------------------------- /Configuration Profiles/com.github.macadmins.nudge/12.4/macOS Monterey 12.4 - Self Service policy - Intel - v1.md: -------------------------------------------------------------------------------- 1 | # macOS Monterey 12.4 - Self Service policy - Intel - v1 2 | ## General 3 | ### Trigger 4 | 5 | None set 6 | 7 | ### Execution Frequency 8 | 9 | Ongoing 10 | 11 | macOS Monterey 12 4 - Self Service policy - Intel - v1 - General 12 | 13 | ## Packages 14 | ### Latest version of[erase-install-XX.xx.pkg](https://github.com/grahampugh/erase-install) by Graham Pugh 15 | 16 | macOS Monterey 12 4 - Self Service policy - Intel - v1 - Packages 17 | 18 | ## Scripts 19 | ### [macOS Monterey 12.4 - Self Service policy - Before script - Disk Space notification - v1.1.sh](https://www.gregknackstedt.com/Jamf_things/Configuration%20Profiles/com.github.macadmins.nudge/12.4/macOS%20Monterey%2012.4%20-%20Self%20Service%20policy%20-%20Before%20script%20-%20Disk%20Space%20notification%20-%20v1.1.sh) 20 | 21 | ### Priority 22 | 23 | Before 24 | 25 | macOS Monterey 12 4 - Self Service policy - Intel - v1 - Scripts 26 | 27 | ## Files and Processes 28 | 29 | ### Execute Command 30 | 31 | /Library/Management/erase-install/erase-install.sh --reinstall --build=21F79 --depnotify --fs --check-power --power-wait-limit 300 --min-drive-space=45 --cleanup-after-use 32 | 33 | macOS Monterey 12 4 - Self Service policy - Intel - v1 - Files and processes 34 | 35 | -------------------------------------------------------------------------------- /Configuration Profiles/com.github.macadmins.nudge/12.5/Nudge - macOS Update Management - 12.5 - v1.3.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | optionalFeatures 6 | 7 | acceptableCameraUsage 8 | 9 | acceptableScreenSharingUsage 10 | 11 | aggressiveUserExperience 12 | 13 | aggressiveUserFullScreenExperience 14 | 15 | asynchronousSoftwareUpdate 16 | 17 | attemptToBlockApplicationLaunches 18 | 19 | blockedApplicationBundleIDs 20 | 21 | com.adobe.Acrobat 22 | com.adobe.Acrobat.Pro 23 | com.adobe.acc.AdobeCreativeCloud 24 | com.adobe.illustrator 25 | com.adobe.indesign 26 | com.adobe.lightroomCC 27 | com.adobe.Photoshop 28 | com.adobe.PremierePro.18 29 | com.adobe.PremierePro.19 30 | com.adobe.PremierePro.20 31 | com.adobe.PremierePro.21 32 | com.adobe.PremierePro.22 33 | com.apple.configurator.ui 34 | com.apple.FaceTime 35 | com.apple.iPhoto 36 | com.apple.Keynote 37 | com.apple.Music 38 | com.apple.iWork.Numbers 39 | com.apple.iWork.Pages 40 | com.apple.Safari 41 | com.apple.Xcode 42 | com.apple.ActivityMonitor 43 | com.apple.Terminal 44 | com.autodesk.AutoCAD2017 45 | com.autodesk.AutoCAD2018 46 | com.autodesk.AutoCAD2019 47 | com.autodesk.AutoCAD2020 48 | com.autodesk.AutoCAD2021 49 | com.autodesk.AutoCAD2022 50 | com.autodesk.AutoCAD 51 | com.brave.Browser 52 | com.clo3d.security.clono 53 | org.jkiss.dbeaver.core.product 54 | com.dbeaver.product.enterprise 55 | com.dbeaver.product.ultimate 56 | com.hnc.Discord 57 | com.docker.docker 58 | org.eclipse.eclipse 59 | com.extensis.UniversalTypeClient 60 | com.macpaw.Gemini2 61 | com.github.GitHub 62 | com.google.Chrome 63 | com.google.sketchuppro 64 | com.jetbrains.intellij 65 | com.jetbrains.PhpStorm 66 | com.jetbrains.pycharm.ce 67 | com.jetbrains.pycharm 68 | com.jetbrains.WebStorm 69 | com.microsoft.edgemac 70 | com.microsoft.Excel 71 | com.microsoft.onenote.mac 72 | com.microsoft.Powerpoint 73 | com.microsoft.VSCode 74 | com.microsoft.Word 75 | org.mozilla.firefox 76 | com.oracle.workbench.MySQLWorkbench 77 | com.operasoftware.Opera 78 | com.pandora.desktop 79 | com.panic.Transmit 80 | com.parallels.desktop.console 81 | com.postmanlabs.mac 82 | com.tinyspeck.slackmacgap 83 | com.spotify.client 84 | com.tableausoftware.tableaudesktop 85 | org.torproject.torbrowser 86 | org.utmapp.UTM 87 | org.virutalbox.app.VirtualBox 88 | com.vivaldi.Vivaldi 89 | com.vmware.horizon 90 | 91 | enforceMinorUpdates 92 | 93 | 94 | osVersionRequirements 95 | 96 | 97 | aboutUpdateURL 98 | https://support.apple.com/en-us/HT212585 99 | requiredInstallationDate 100 | 2022-09-15T00:00:00Z 101 | requiredMinimumOSVersion 102 | 12.5 103 | targetedOSVersions 104 | 105 | 12.0.1 106 | 12.1 107 | 12.2 108 | 12.2.1 109 | 12.3 110 | 12.3.1 111 | 12.4 112 | 113 | targetedOSVersionsRule 114 | default 115 | 116 | 117 | userExperience 118 | 119 | allowGracePeriods 120 | 121 | allowUserQuitDeferrals 122 | 123 | allowedDeferrals 124 | 15 125 | allowedDeferralsUntilForcedSecondaryQuitButton 126 | 5 127 | approachingRefreshCycle 128 | 3600 129 | approachingWindowTime 130 | 96 131 | elapsedRefreshCycle 132 | 60 133 | gracePeriodInstallDelay 134 | 24 135 | gracePeriodLaunchDelay 136 | 2 137 | gracePeriodPath 138 | /private/var/db/.AppleSetupDone 139 | imminentRefreshCycle 140 | 120 141 | imminentWindowTime 142 | 48 143 | initialRefreshCycle 144 | 9000 145 | maxRandomDelayInSeconds 146 | 1200 147 | randomDelay 148 | 149 | 150 | userInterface 151 | 152 | iconDarkPath 153 | /Library/Application Support/Corp_Branding/Dark/install.png 154 | iconLightPath 155 | /Library/Application Support/Corp_Branding/Light/install.png 156 | showDeferralCount 157 | 158 | simpleMode 159 | 160 | singleQuitButton 161 | 162 | updateElements 163 | 164 | 165 | _language 166 | en 167 | actionButtonText 168 | Install Update Now 169 | customDeferralButtonText 170 | Select a Date and Time 171 | customDeferralDropdownText 172 | Schedule Reminder 173 | informationButtonText 174 | About This Update 175 | oneDayDeferralButtonText 176 | Tomorrow 177 | oneHourDeferralButtonText 178 | One Hour 179 | mainContentHeader 180 | Your Mac will need to reboot in order to complete update installation. 181 | mainContentNote 182 | Important Note About This Required Update 183 | mainContentSubHeader 184 | Updates may take up to 30-45 minutes to install 185 | mainContentText 186 | An fully up-to-date macOS is required to ensure that Corporate IT Support can your accurately protect and support your Mac, so it can continue to provide you with the best user experience possible everyday.\n\nThis update must be installed on your Mac prior to Thursday September 15th, 2022. If you do not update your Mac prior to the installation deadline, you will lose access to the applications necessary for your day-to-day tasks until it is installed.\n\nTo begin the install now, simply click the blue 'Install Update Now' button above and follow the provided steps. To schedule a reminder to install later, click 'I Understand' or 'Schedule Reminder' below. 187 | mainHeader 188 | macOS Monterey 12.5 update required 189 | primaryQuitButtonText 190 | Later 191 | secondaryQuitButtonText 192 | I Understand 193 | subHeader 194 | A friendly reminder from Corporate IT Support 195 | 196 | 197 | 198 | 199 | 200 | -------------------------------------------------------------------------------- /Configuration Profiles/com.github.macadmins.nudge/12.5/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Nudge - macOS Update Management - 12.5 - v1.3.plist 2 | ### For Nudge version 1.1.7+ 3 | ## About this profile 4 | 5 | This .plist is to assist in configuring Nudge to prompt users with clients running macOS Monterey 12.0.1-12.4 (Intel and Apple Silicon) to install the macOS 12.5 update via Apple Software Update. 6 | 7 | The following keys will need to be configured (or removed) depending on your environment. Also configure the iconLightPath / iconDarkPath if you'd like otherwise remove it if the OS isn't pre-cached prior to launching Nudge. 8 | 9 | optionalFeatures 10 | - **blockedApplicationBundleIDs**: 69 applications are currently listed within blockedApplicationBundleIDs. Customize this for your environment, or to not block/restrict applications in your profile set **attemptToBlockApplicationLaunches** to "false" and set **blockedApplicationBundleIDs** to "Not Configured". 11 | 12 | osVersionRequirements 13 | - **requiredInstallationDate**: Set the Nudge / macOS update install deadline. *Currently set for September 15th, 2022*: "2022-09-15T00:00:00Z" 14 | 15 | userInterface 16 | - **iconLightPath**: If you wish to customize the logo, update this. Requires image file be pre-staged/pre-deployed to client systems prior to activating Nudge. 17 | - **iconDarkPath**: If you wish to customize the logo, update this. Requires image file be pre-staged/pre-deployed to client systems prior to activating Nudge. 18 | 19 | ## .plist Key Values: 20 | 21 | ### optionalFeatures - Configured 22 | - acceptableCameraUsage - Configured - true 23 | - acceptableScreenSharingUsage - Configured - true 24 | - aggressiveUserExperience - Configured - true 25 | - aggressiveUserFullScreenExperience - Configured - true 26 | - asynchronousSoftwareUpdate - Configured - true 27 | - attemptToBlockApplicationLaunches - Configured - true 28 | - attemptToFetchMajorUpgrade - Not Configured 29 | - blockedApplicationBundleIDs - Configured 30 | ##### blockedApplicationBundleIDs: 31 | - Adobe Acrobat DC - com.adobe.Acrobat 32 | - Adobe Acrobat Pro - com.adobe.Acrobat.Pro 33 | - Adobe Creative Cloud Desktop - com.adobe.acc.AdobeCreativeCloud 34 | - Adobe Illustrator - com.adobe.Illustrator 35 | - Adobe InDesign - com.adobe.InDesign 36 | - Adobe Lightroom - com.adobe.lightroomCC 37 | - Adobe Photoshop - com.adobe.Photoshop 38 | - Adobe Premiere Pro 2018 - com.adobe.PremierePro.18 39 | - Adobe Premiere Pro 2019 - com.adobe.PremierePro.19 40 | - Adobe Premiere Pro 2020 - com.adobe.PremierePro.20 41 | - Adobe Premiere Pro 2021 - com.adobe.PremierePro.21 42 | - Adobe Premiere Pro 2022 - com.adobe.PremierePro.22 43 | - Apple Configurator - com.apple.configurator.ui 44 | - Apple FaceTime - com.apple.FaceTime 45 | - Apple iPhoto - com.apple.iPhoto 46 | - Apple Keynote - com.apple.Keynote 47 | - Apple Music - com.apple.Music 48 | - Apple Numbers - com.apple.iWork.Numbers 49 | - Apple Pages - com.apple.iWork.Pages 50 | - Apple Safari - com.apple.Safari 51 | - Apple Xcode - com.apple.Xcode 52 | - Apple/macOS Activity Monitor.app - com.apple.ActivityMonitor 53 | - Apple/macOS Terminal.app - com.apple.Terminal 54 | - AutoDesk AutoCAD - com.autodesk.AutoCAD 55 | - AutoDesk AutoCad 2017 - com.autodesk.AutoCAD2017 56 | - AutoDesk AutoCad 2018 - com.autodesk.AutoCAD2018 57 | - AutoDesk AutoCad 2019 - com.autodesk.AutoCAD2019 58 | - AutoDesk AutoCad 2020 - com.autodesk.AutoCAD2020 59 | - AutoDesk AutoCad 2021 - com.autodesk.AutoCAD2021 60 | - AutoDesk AutoCad 2022 - com.autodesk.AutoCAD2022 61 | - Brave Browser - com.brave.Browser 62 | - CLO_Network_OnlineAuth.app - com.clo3d.security.clono 63 | - DBeaver Community Edition - org.jkiss.dbeaver.core.product 64 | - DBeaver Enterprise - com.dbeaver.product.enterprise 65 | - DBeaver Ultimate - com.dbeaver.product.ultimate 66 | - Discord - com.hnc.Discord 67 | - Docker - com.docker.docker 68 | - Eclipse IDE - org.eclipse.eclipse 69 | - Extensis Universal Type Client - com.extensis.UniversalTypeClient 70 | - Gemini2 - com.macpaw.Gemini2 71 | - GitHub Desktop - com.github.GitHub 72 | - Google Chrome - com.google.Chrome 73 | - Google SketchUp - com.google.sketchuppro 74 | - JetBrains IntelliJ - com.jetbrains.intellij 75 | - JetBrains PHPStorm - com.jetbrains.PhpStorm 76 | - JetBrains PyCharm Community Edition - com.jetbrains.pycharm.ce 77 | - JetBrains PyCharm Professional - com.jetbrains.pycharm 78 | - JetBrains WebStorm - com.jetbrains.WebStorm 79 | - Microsoft Edge - com.microsoft.edgemac 80 | - Microsoft Excel - com.microsoft.Excel 81 | - Microsoft OneNote - com.microsoft.onenote.mac 82 | - Microsoft Powerpoint - com.microsoft.Powerpoint 83 | - Microsoft Visual Studio Code - com.microsoft.VSCode 84 | - Microsoft Word - com.microsoft.Word 85 | - Mozilla Firefox - org.mozilla.firefox 86 | - MySQLWorkbench - com.oracle.workbench.MySQLWorkbench 87 | - Opera - com.operasoftware.Opera 88 | - Pandora - com.pandora.desktop 89 | - Panic Transmit - com.panic.Transmit 90 | - Parallels Desktop - com.parallels.desktop.console 91 | - Postman - com.postmanlabs.mac 92 | - Slack - com.tinyspeck.slackmacgap 93 | - Spotify - com.spotify.client 94 | - Tableau Desktop - com.tableausoftware.tableaudesktop 95 | - Tor Browser - org.torproject.torbrowser 96 | - UTM - com.utmapp.UTM 97 | - VirtualBox - org.virtualbox.app.VirtualBox 98 | - Vivaldi - com.vivaldi.Vivaldi 99 | - VMware Horizon Client - com.vmware.horizonenforceMinorUpdates - Configured - true 100 | 101 | ### osVersionRequirements - Configured - macOS Monterey + (targetedOSVersionsRule = default) 102 | 103 | - aboutUpdateURL - https://support.apple.com/en-us/HT212585 104 | - actionButtonPath - Not Configured 105 | - majorUpgradeAppPath - Not Configured 106 | - requiredInstallationDate - Configured - 2022-09-15T00:00:01Z 107 | - requiredMinimumOSVersion - Configured - 12.5 108 | - targetedOSVersions - Configured - 12.0.1, 12.1, 12.2, 12.2.1, 12.3, 12.3.1, 12.4 109 | - targetedOSVersionsRule - Configured - "default" 110 | 111 | ### userExperience - Configured 112 | - allowGracePeriods - Configured - true 113 | - allowUserQuitDeferrals - Configured - true 114 | - allowedDeferrals - Configured - 15 115 | - allowedDeferralsUntilForcedSecondaryQuitButton - Configured - 5 116 | - approachingRefreshCycle - Configured - 3600 117 | - approachingWindowTime - Configured - 96 118 | - elapsedRefreshCycle - Configured - 60 119 | - gracePeriodInstallDelay - Configured - 24 120 | - gracePeriodLaunchDelay - Configured - 4 121 | - gracePeriodPath - Configured - /private/var/db/.AppleSetupDone 122 | - imminentRefreshCycle - Configured - 120 123 | - imminentWindowTime - Configured - 48 124 | - initialRefreshCycle - Configured - 9000 125 | - maxRandomDelayInSeconds - Configured - 1200 126 | - randomDelay - Configured - false 127 | 128 | 129 | ### userInterface - Configured 130 | - iconLightPath - Configured - "/Library/Application Support/Corp_Branding/Light/install.png" 131 | - iconDarkPath - Configured - "/Library/Application Support/Corp_Branding/Dark/install.png" 132 | - showDeferralCount - Configured - true 133 | - simpleMode - Configured - false 134 | - singleQuitButton - Configured - false 135 | 136 | 137 | ### updateElements - Configured 138 | #### updateElement - Dictionary 1 139 | - language - Configured - "en" 140 | - actionButtonText - Configured - "Install Update Now" 141 | - customDeferralButtonText - Configured - "Select a Date and Time" 142 | - customDeferralDropdownText - Configured - "Schedule Reminder" 143 | - informationButtonText - Configured - "About This Update" 144 | - oneDayDeferralButtonText - Configured "Tomorrow" 145 | - oneHourDeferralButtonText - Configured - "One Hour" 146 | - mainContentHeader - Configured - "Your Mac will need to reboot in order to complete update installation." 147 | - mainContentNote - "An Important Note Regarding Required Updates" 148 | - mainContentSubHeader - Configured - "Updates may take up to 30-45 minutes to install" 149 | - mainContentText - Configured - "A fully up-to-date macOS is required to ensure that IT Support can your accurately protect and support your Mac, so it can continue to provide you with the best user experience possible everyday.\n\nThis update must be installed on your Mac prior to Thursday September 15th, 2022. If you do not update your Mac prior to the installation deadline, you may lose access to applications necessary for your day-to-day tasks until it is installed.\n\nTo begin the install now, simply click the blue 'Install Update Now' button above and follow the provided steps. To schedule a reminder to install later, click 'I Understand' or 'Schedule Reminder' below." 150 | - mainHeader - Configured - "macOS Monterey 12.5 update required" 151 | - primaryQuitButtonText - Configured - "Later" 152 | - secondaryQuitButtonText - Configured - "I Understand" 153 | - subHeader - Configured - "A friendly reminder from corporate IT Support" 154 | -------------------------------------------------------------------------------- /Configuration Profiles/com.github.macadmins.nudge/13.0/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Nudge 2 | ## macOS Update Management - macOS Ventura 13.0 3 | ### .plist version 0.2 4 | ### For Nudge version 1.1.7+ 5 | 6 | # NOTE: 7 | ### This is a placeholder for new .plists and individual Jamf Self Service policies for Intel and Apple Silicon clients, to complete the update from macOS Monterey to macOS Ventura using a pre-cached "Install macOS Ventura.app". This has not been tested and is currently missing a number of required key values. 8 | 9 | ## About this profile 10 | 11 | This .plist is to assist in configuring Nudge to prompt users with clients running macOS Monterey 12.0.1-12.5 to install the macOS Ventura 13.0 via Jamf Self Service policies 12 | 13 | The following keys will need to be configured (or removed) depending on your environment. Also configure the iconLightPath / iconDarkPath if you'd like otherwise remove it if the OS isn't pre-cached prior to launching Nudge. 14 | 15 | optionalFeatures 16 | - **blockedApplicationBundleIDs**: 69 applications are currently listed within blockedApplicationBundleIDs. Customize this for your environment, or to not block/restrict applications in your profile set **attemptToBlockApplicationLaunches** to "false" and set **blockedApplicationBundleIDs** to "Not Configured". 17 | 18 | osVersionRequirements 19 | - actionButtonPath - Configured - https://jamfselfservice://content?entity=policy&id=123456&action=view 20 | - majorUpgradeAppPath - Configured - https://jamfselfservice://content?entity=policy&id=123456&action=view 21 | - **requiredInstallationDate**: Set the Nudge / macOS update install deadline. *Currently set for October 20th, 2022*: "2022-09-15T00:00:00Z" 22 | 23 | userInterface 24 | - actionButtonPath - Configured - https://jamfselfservice://content?entity=policy&id=123456&action=view 25 | - **iconLightPath**: If you wish to customize the logo, update this. Requires image file be pre-staged/pre-deployed to client systems prior to activating Nudge. 26 | - **iconDarkPath**: If you wish to customize the logo, update this. Requires image file be pre-staged/pre-deployed to client systems prior to activating Nudge. 27 | 28 | ## .plist Key Values: 29 | 30 | ### optionalFeatures - Configured 31 | - acceptableCameraUsage - Configured - true 32 | - acceptableScreenSharingUsage - Configured - true 33 | - aggressiveUserExperience - Configured - true 34 | - aggressiveUserFullScreenExperience - Configured - true 35 | - asynchronousSoftwareUpdate - Configured - true 36 | - attemptToBlockApplicationLaunches - Configured - true 37 | - attemptToFetchMajorUpgrade - Not Configured 38 | - enforceMinorUpdates - Configured - true 39 | - blockedApplicationBundleIDs - Configured 40 | ##### blockedApplicationBundleIDs: 41 | - Adobe Acrobat DC - com.adobe.Acrobat 42 | - Adobe Acrobat Pro - com.adobe.Acrobat.Pro 43 | - Adobe Creative Cloud Desktop - com.adobe.acc.AdobeCreativeCloud 44 | - Adobe Illustrator - com.adobe.Illustrator 45 | - Adobe InDesign - com.adobe.InDesign 46 | - Adobe Lightroom - com.adobe.lightroomCC 47 | - Adobe Photoshop - com.adobe.Photoshop 48 | - Adobe Premiere Pro 2018 - com.adobe.PremierePro.18 49 | - Adobe Premiere Pro 2019 - com.adobe.PremierePro.19 50 | - Adobe Premiere Pro 2020 - com.adobe.PremierePro.20 51 | - Adobe Premiere Pro 2021 - com.adobe.PremierePro.21 52 | - Adobe Premiere Pro 2022 - com.adobe.PremierePro.22 53 | - Apple Configurator - com.apple.configurator.ui 54 | - Apple FaceTime - com.apple.FaceTime 55 | - Apple iPhoto - com.apple.iPhoto 56 | - Apple Keynote - com.apple.Keynote 57 | - Apple Music - com.apple.Music 58 | - Apple Numbers - com.apple.iWork.Numbers 59 | - Apple Pages - com.apple.iWork.Pages 60 | - Apple Safari - com.apple.Safari 61 | - Apple Xcode - com.apple.Xcode 62 | - Apple/macOS Activity Monitor.app - com.apple.ActivityMonitor 63 | - Apple/macOS Terminal.app - com.apple.Terminal 64 | - AutoDesk AutoCAD - com.autodesk.AutoCAD 65 | - AutoDesk AutoCad 2017 - com.autodesk.AutoCAD2017 66 | - AutoDesk AutoCad 2018 - com.autodesk.AutoCAD2018 67 | - AutoDesk AutoCad 2019 - com.autodesk.AutoCAD2019 68 | - AutoDesk AutoCad 2020 - com.autodesk.AutoCAD2020 69 | - AutoDesk AutoCad 2021 - com.autodesk.AutoCAD2021 70 | - AutoDesk AutoCad 2022 - com.autodesk.AutoCAD2022 71 | - Brave Browser - com.brave.Browser 72 | - CLO_Network_OnlineAuth.app - com.clo3d.security.clono 73 | - DBeaver Community Edition - org.jkiss.dbeaver.core.product 74 | - DBeaver Enterprise - com.dbeaver.product.enterprise 75 | - DBeaver Ultimate - com.dbeaver.product.ultimate 76 | - Discord - com.hnc.Discord 77 | - Docker - com.docker.docker 78 | - Eclipse IDE - org.eclipse.eclipse 79 | - Extensis Universal Type Client - com.extensis.UniversalTypeClient 80 | - Gemini2 - com.macpaw.Gemini2 81 | - GitHub Desktop - com.github.GitHub 82 | - Google Chrome - com.google.Chrome 83 | - Google SketchUp - com.google.sketchuppro 84 | - JetBrains IntelliJ - com.jetbrains.intellij 85 | - JetBrains PHPStorm - com.jetbrains.PhpStorm 86 | - JetBrains PyCharm Community Edition - com.jetbrains.pycharm.ce 87 | - JetBrains PyCharm Professional - com.jetbrains.pycharm 88 | - JetBrains WebStorm - com.jetbrains.WebStorm 89 | - Microsoft Edge - com.microsoft.edgemac 90 | - Microsoft Excel - com.microsoft.Excel 91 | - Microsoft OneNote - com.microsoft.onenote.mac 92 | - Microsoft Powerpoint - com.microsoft.Powerpoint 93 | - Microsoft Visual Studio Code - com.microsoft.VSCode 94 | - Microsoft Word - com.microsoft.Word 95 | - Mozilla Firefox - org.mozilla.firefox 96 | - MySQLWorkbench - com.oracle.workbench.MySQLWorkbench 97 | - Opera - com.operasoftware.Opera 98 | - Pandora - com.pandora.desktop 99 | - Panic Transmit - com.panic.Transmit 100 | - Parallels Desktop - com.parallels.desktop.console 101 | - Postman - com.postmanlabs.mac 102 | - Slack - com.tinyspeck.slackmacgap 103 | - Spotify - com.spotify.client 104 | - Tableau Desktop - com.tableausoftware.tableaudesktop 105 | - Tor Browser - org.torproject.torbrowser 106 | - UTM - com.utmapp.UTM 107 | - VirtualBox - org.virtualbox.app.VirtualBox 108 | - Vivaldi - com.vivaldi.Vivaldi 109 | - VMware Horizon Client - com.vmware.horizon 110 | 111 | ### osVersionRequirements - Configured - macOS Monterey + (targetedOSVersionsRule = default) 112 | 113 | - aboutUpdateURL - https://support.apple.com/en-us/XXXXXXXX 114 | - actionButtonPath - Configured - https://jamfselfservice://content?entity=policy&id=123456&action=view 115 | - majorUpgradeAppPath - Configured - https://jamfselfservice://content?entity=policy&id=123456&action=view 116 | - requiredInstallationDate - Configured - 2022-10-20T00:00:01Z 117 | - requiredMinimumOSVersion - Configured - 13 118 | - targetedOSVersions - Configured - 12.0.1, 12.1, 12.2, 12.2.1, 12.3, 12.3.1, 12.4, 12.5 119 | - targetedOSVersionsRule - Configured - "default" 120 | 121 | ### userExperience - Configured 122 | - allowGracePeriods - Configured - true 123 | - allowUserQuitDeferrals - Configured - true 124 | - allowedDeferrals - Configured - 15 125 | - allowedDeferralsUntilForcedSecondaryQuitButton - Configured - 5 126 | - approachingRefreshCycle - Configured - 3600 127 | - approachingWindowTime - Configured - 96 128 | - elapsedRefreshCycle - Configured - 60 129 | - gracePeriodInstallDelay - Configured - 24 130 | - gracePeriodLaunchDelay - Configured - 4 131 | - gracePeriodPath - Configured - /private/var/db/.AppleSetupDone 132 | - imminentRefreshCycle - Configured - 120 133 | - imminentWindowTime - Configured - 48 134 | - initialRefreshCycle - Configured - 9000 135 | - maxRandomDelayInSeconds - Configured - 1200 136 | - randomDelay - Configured - false 137 | 138 | 139 | ### userInterface - Configured 140 | - actionButtonPath - Configured - https://jamfselfservice://content?entity=policy&id=123456&action=view 141 | - iconLightPath - Configured - "/Library/Applications/Install macOS Ventura.app/Contents/Resources/InstallAssistant.icns" 142 | - iconDarkPath - Configured - "/Library/Applications/Install macOS Ventura.app/Contents/Resources/InstallAssistant.icns" 143 | - showDeferralCount - Configured - true 144 | - simpleMode - Configured - false 145 | - singleQuitButton - Configured - false 146 | 147 | 148 | ### updateElements - Configured 149 | #### updateElement - Dictionary 1 150 | - language - Configured - "en" 151 | - actionButtonText - Configured - "Install Update Now" 152 | - customDeferralButtonText - Configured - "Select a Date and Time" 153 | - customDeferralDropdownText - Configured - "Schedule Reminder" 154 | - informationButtonText - Configured - "About This Update" 155 | - oneDayDeferralButtonText - Configured "Tomorrow" 156 | - oneHourDeferralButtonText - Configured - "One Hour" 157 | - mainContentHeader - Configured - "Your Mac will need to reboot in order to complete update installation." 158 | - mainContentNote - "An Important Note Regarding Required Updates" 159 | - mainContentSubHeader - Configured - "Updates may take up to 30-45 minutes to install" 160 | - mainContentText - Configured - "A fully up-to-date macOS is required to ensure that IT Support can your accurately protect and support your Mac, so it can continue to provide you with the best user experience possible everyday.\n\nThis update must be installed on your Mac prior to Thursday October 20th, 2022. If you do not update your Mac prior to the installation deadline, you may lose access to applications necessary for your day-to-day tasks until it is installed.\n\nTo begin the install now, simply click the blue 'Install Update Now' button above and follow the provided steps. To schedule a reminder to install later, click 'I Understand' or 'Schedule Reminder' below." 161 | - mainHeader - Configured - "macOS Ventura update required" 162 | - primaryQuitButtonText - Configured - "Later" 163 | - secondaryQuitButtonText - Configured - "I Understand" 164 | - subHeader - Configured - "A friendly reminder from corporate IT Support" 165 | -------------------------------------------------------------------------------- /Configuration Profiles/com.github.macadmins.nudge/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Nudge - macOS Update Management 2 | ### For Nudge version 1.1.7+ 3 | ## About these profiles 4 | 5 | Plists to use as a base for configuring Nudge to assist users with macOS updates. These .plist files were generated by configuring Nudge in Jamf via JSON schema and pulling the resulting plist. 6 | 7 | ## Nudge plists for macOS versions: 8 | 9 | #### macOS Monterey 12.4 10 | - [macOS Monterey - 12.4 repo](https://www.gregknackstedt.com/Jamf_things/Configuration%20Profiles/com.github.macadmins.nudge/12.4/) 11 | - Seperate Intel and Apple Silicon .plists 12 | - Seperate Intel and Apple Silicon Jamf Self Service policies 13 | - Update via Self Service/Jamf Policy using pre-cached "Install macOS Monterey.app" for version 12.4 and [Graham Pugh's erase-install](https://github.com/grahampugh/erase-install) 14 | - Configured to bring macOS Big Sur clients and macOS Monterey clients prior to version 12.4 all up to macOS Monterey 12.4 across the board 15 | 16 | #### macOS Monterey 12.5 17 | - [macOS Monterey - 12.5 repo](https://www.gregknackstedt.com/Jamf_things/Configuration%20Profiles/com.github.macadmins.nudge/12.5) 18 | - Single .plist for both Intel and Apple Silicon 19 | - Download/install updates via Apple Software Update 20 | 21 | #### macOS Ventura 13 22 | ##### INCOMPLETE / NOT TESTED / CONCEPT PHASE 23 | - [macOS Ventura - 13 repo](https://www.gregknackstedt.com/Jamf_things/Configuration%20Profiles/com.github.macadmins.nudge/13.0) 24 | - Will have seperate Intel and Apple Silicon .plists 25 | - Will have seperate Intel and Apple Silicon Jamf Self Service policies 26 | - Update via Self Service/Jamf Policy using pre-cached "Install macOS Ventura.app" for version 13.0 and [Graham Pugh's erase-install](https://github.com/grahampugh/erase-install) 27 | - Configured to bring macOS Monterey clients up to macOS Ventura 13.0 28 | -------------------------------------------------------------------------------- /Configuration Profiles/com.microsoft.CompanyPortalMac.ssoextension/ReadMe.md: -------------------------------------------------------------------------------- 1 | # com.microsoft.CompanyPortalMac.ssoextension 2 | ## v1.0 3 | 4 | sets the following keys 5 | 6 | - disable_explicit_app_prompt_and_autologon - 1 7 | - AppPrefixAllowList - com.microsoft.,com.jamf.,com.apple. 8 | - browser_sso_disable_mfa - 1 9 | - Enable_SSO_On_All_ManagedApps - 1 10 | - browser_sso_interaction_enabled - 1 11 | 12 | [Download the com.microsoft.CompanyPortalMac.ssoextension.plist](https://github.com/scriptsandthings/Jamf_things/blob/master/Configuration%20Profiles/com.microsoft.CompanyPortalMac.ssoextension/com.microsoft.CompanyPortalMac.ssoextension.plist) 13 | 14 | ### Navigation 15 | 16 | - [Scripts and Things - Configuration Profiles](https://gregknackstedt.com/Jamf_things/Configuration%20Profiles) 17 | - [Scripts and Things - Homepage](https://gregknackstedt.com/) 18 | - [Jamf Things - Home](https://gregknackstedt.com/Jamf_things/) 19 | - [Scripts and Things - Jamf JSON Schemas Home](https://gregknackstedt/scriptsandthings_Jamf_JSON_Schemas) 20 | - [Jamf Things - Documentation - Home](https://gregknackstedt.com/Jamf_things/Documentation/) 21 | -------------------------------------------------------------------------------- /Configuration Profiles/com.microsoft.CompanyPortalMac.ssoextension/com.microsoft.CompanyPortalMac.ssoextension.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | disable_explicit_app_prompt_and_autologon 6 | 1 7 | AppPrefixAllowList 8 | com.microsoft.,com.jamf.,com.apple. 9 | browser_sso_disable_mfa 10 | 1 11 | Enable_SSO_On_All_ManagedApps 12 | 1 13 | browser_sso_interaction_enabled 14 | 1 15 | 16 | 17 | -------------------------------------------------------------------------------- /Configuration Profiles/org.mozilla.firefox/Enable Autoupdate.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | AppAutoUpdate 6 | 7 | BackgroundAppUpdate 8 | 9 | EnterprisePoliciesEnabled 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /Configuration Profiles/org.mozilla.firefox/ReadMe.md: -------------------------------------------------------------------------------- 1 | ### Enables Enterprise Policies, Auto-Update + Background update for Firefox. 2 | 3 | Enables the following keys via .plist/Configuration Profile 4 | 5 | >AppAutoUpdate - true 6 | > 7 | >BackgroundAppUpdate - true 8 | > 9 | >EnterprisePoliciesEnabled - true 10 | 11 | 12 | [Click to download the org.mozilla.firefox 'Enable Autoupdate.plist'](https://gregknackstedt.com/Jamf_things/Configuration%20Profiles/org.mozilla.firefox/Enable%20Autoupdate.plist) 13 | 14 | ### Navigation 15 | 16 | - [Scripts and Things - Configuration Profiles](https://gregknackstedt.com/Jamf_things/Configuration%20Profiles) 17 | - [Scripts and Things - Homepage](https://gregknackstedt.com/) 18 | - [Jamf Things - Home](https://gregknackstedt.com/Jamf_things/) 19 | - [Scripts and Things - Jamf JSON Schemas Home](https://gregknackstedt/scriptsandthings_Jamf_JSON_Schemas) 20 | - [Jamf Things - Documentation - Home](https://gregknackstedt.com/Jamf_things/Documentation/) 21 | -------------------------------------------------------------------------------- /Documentation/*Blogs and Links/ReadMe.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | # macOS administration and support focused blogs and links 4 | #### In Alphabetical Order 5 | 6 | - [Babo D's Corner (Blog)](https://babodee.wordpress.com/) - "I work with Macs and have benefited from other admins who have blogged about their findings and solutions to common problems. So here’s my [little contribution](https://babodee.wordpress.com/about/) to this small community." 7 | - [Der Flounder (Blog)](https://derflounder.wordpress.com/) - [Rich Trouton's](https://github.com/rtrouton/) Blog 8 | - [DssW (Dragon Systems Software Limited)](https://www.dssw.co.uk/reference/) - "We often need to provide links and references to useful documentation. This section is home to documents, guides, and materials we have found helpful." 9 | - [ElliotJordan.com (Blog)](https://www.elliotjordan.com/) - macOS Admin/Engineering info - By: Elliot Jordan's b 10 | - [HCS Technology Group - White Papers](https://hcsonline.com/support/white-papers/) - Technical Articles and White Papers on a wide range of macOS topics 11 | - [Is Apple Silicon ready?](https://isapplesiliconready.com/) - The complete guide for MacOS Apps Optimized for Apple Silicon Macs and the M1 Processor 12 | - [Jamf Nation (Forum)](https://community.jamf.com/) - Jamf's official community forum and communications channel 13 | - [Jamf Support](https://support.jamf.com/) - Contact Jamf Support or open a ticket for an issue 14 | - [Mac Admin Info](https://www.macadmin.info/) - A resource for beginning and experienced Mac/Apple administrators. 15 | - [Mac Admins Foundation](https://www.macadmins.org/) - Mac Admins Slack 16 | - [Mac Admins Microsoft Mac Downloads](https://www.macadmins.software/) - Microsoft Mac Downloads - Version tracking and helpful utilities for supporting Office on macOS 17 | - [Mac Lovin' (Blog)](https://maclovin.org/) - A few tidbits to help you get started deploying Apple devices at scale 18 | - [Macnotes (Blog)](https://macnotes.wordpress.com/) - Helpful stuff for Jamf Pro + Azure 19 | - [Macops.ca (Blog)](https://macops.ca/) - Mac Operations is a technical blog dedicated to topics in systems administration, mostly in the context of macOS. Frequent topics include installers and packaging, automation tooling, software and OS deployment, Xcode and Apple’s command line tools, Python, Munki. - By [Tim Sutton](https://github.com/timsutton) 20 | - [Mostly Mac (Blog)](https://mostlymac.blog/) - A Blog for (Mostly) Mac Things 21 | - [Mr. Macintosh (Blog-ish)](https://mrmacintosh.com/) - Apple Macintosh & macOS News – Troubleshooting – Problem Reporting – How to Articles (Mr. Macintosh has great notes on each macOS point release) 22 | - [One More Admin (Blog)](https://blog.eriknicolasgomez.com/) - Erik Gomez's Blog 23 | - [Reddit.com/r/MacSysAdmin (Forum)](https://old.reddit.com/r/macsysadmin/) - A subreddit for all things related to the administration of Apple devices. 24 | - [Reddit.com/r/Jamf (Forum)](https://old.reddit.com/r/Jamf/) - A subreddit for Jamf specific topics. - Not super active and not an official Jamf channel 25 | - [Richard Purves' Homepage (Blog)](https://richard-purves.com/) - Recovering Filmmaker. Recovering Apple Admin. Recovering Brit. 26 | - [Scriptingosx.com (Blog)](https://scriptingosx.com/) - Armin Briegel's Blog 27 | - [The Eclectic Light Company](https://eclecticlight.co/) - Macs, painting, and more 28 | - [Traveling Tech Guy (Blog)](https://travellingtechguy.blog/) - macOS and iOS management with a twist of Jamf (less travel, a lot more tech) - Frederick Abeloos's Blog 29 | - [worthdoingbadly.com (Blog)](https://worthdoingbadly.com) - "If a thing is worth doing, it is worth doing badly" quote by G. K. Chesterton - 'This is a blog where I create - and document - new projects.' 30 | 31 | # Specific Topics 32 | #### In Alphabetical Order 33 | 34 | - ['launched'](https://zerolaunched.herokuapp.com/) - A launchd plist generator - By [heroku.com](https://www.heroku.com/) 35 | - [Adding a Printer to Jamf Pro Web Interface](https://oit.ncsu.edu/help-support/apple/jamf-pro/jamf-pro-add-printer-in-web-interface/) - Steps to configuring/adding a printer in Jamf Admin for deployment to client systems - By NC State University's Office of Information Technology 36 | - [Apple Developer Documentation - Profile-Specific Payload Keys](https://developer.apple.com/documentation/devicemanagement/profile-specific_payload_keys) - Use the appropriate payload for your configuration needs 37 | - [Authorization Rights](https://www.dssw.co.uk/reference/authorization-rights/) - This reference of default authorization rights provides an overview of the rights available in recent versions of macOS. 38 | - [CIS Apple macOS Benchmarks](https://www.cisecurity.org/benchmark/apple_os) - Security benchmarks for macOS from cisecurity.org 39 | - [Crowdstrike Falcon commands](http://kb.mit.edu/confluence/display/istcontrib/CrowdStrike+Falcon+-+Installation+Instructions) - Helpful commands for Crowdstrike Falcon from kb.MIT.edu 40 | - [cyberark-get-password-curl-cert-based-auth](https://www.shellhacks.com/cyberark-get-password-curl-cert-based-auth/) - CyberArk Get Password – cURL – Cert-Based Auth 41 | - [iOS Version History](https://www.gkgigs.com/list-apple-ios-version-history/) - List Of All Apple iOS Version History 42 | - [Jamf Training Documentation](https://docs.jamf.com/education-services/resources/20211229/Resources_Welcome.html) - Resources for Jamf training courses 43 | - [JSONLint](https://jsonlint.com/) - The JSON Validator (Browser based JSON validator) 44 | - [Listing of Known App Bundle IDs](https://worthdoingbadly.com/assets/blog/appkitcompat/appkit_processed.html) - Listing of application bundle identifiers - By [worthdoingbadly.com](https://worthdoingbadly.com) 45 | - [macOS Big Sur on VMWare Fusion 12](https://travellingtechguy.blog/macos-big-sur-on-vmware-fusion-12/) - The Traveling Tech Guy's blog entry on creating macOS Big Sur VMs for use with Apple DEP testing in VMware Fusion 12 (guide works for Monterey as well) 46 | - [Shellcheck.net](https://shellcheck.net) - Finds bugs in your shell scripts. 47 | - [munkipkg - An Installation Guide](https://www.elliotjordan.com/posts/munkipkg-01-intro/) - A short guide to installing munkipkg by [Elliot Jordan](https://www.elliotjordan.com/) 48 | - [Tenable Security Benchmarks Audit Item Search](https://www.tenable.com/audits/items/search) - Security benchmarks for macOS - Covers multiple benchmarks. NIST, CIS, etc as well as multiple OSs beyond macOS including Windows and Linux 49 | -------------------------------------------------------------------------------- /Documentation/*Other Github Projects/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## GitHub projects (and other apps) worth looking at 2 | #### In Alphabetical Order 3 | - [device-management](https://github.com/apple/device-management) - Apple's GitHub repository of device management commands and documentation 4 | - [AutoBrew](https://github.com/kennyb-222/AutoBrew) - Homebrew install script for currently logged in user (no admin rights required) 5 | - [DEPNotify-Starter](https://github.com/jamf/DEPNotify-Starter) - DEPNotify Starter - Launch script for DEPNotify 6 | - [DEPNotify](https://gitlab.com/Mactroll/DEPNotify) - DEPNotify - UX for DEP/Automated Device Enrollment system setups durring the software install/configuration phase 7 | - [EncryptedStrings](https://github.com/brysontyrrell/EncryptedStrings) - The Bash and Python scripts included here contain functions that use 'openssl' to generate encrypted strings with unqiue hashes and passphrases required for decoding and the functions to use those values to decrypt the strings. 8 | - [erase-install](https://github.com/grahampugh/erase-install) - Easily upgrade macOS or erase a Mac and reinstall macOS with the click of a button 9 | - [getJamfApiCredentials](https://github.com/macnotes/jamfscripts/tree/main/jamfpro/getJamfApiCredentials) - Get secrets (passwords) out of your API scripts. 10 | - [Homebrew](https://github.com/Homebrew/) - The missing package manager for macOS (or Linux) 11 | - [Installomator](https://github.com/Installomator/Installomator) - Install many common applications on-demand without packaging, downloaded directly from each developer's CDN or GitHub project at runtime 12 | - [intune-app-wrapping-tool-mac](https://github.com/msintuneappsdk/intune-app-wrapping-tool-mac) - Intune App Wrapping Tool - Useful for obtaining checksums used when creating package manifest files for on-prem Jamf Pro pre-stage enrollment packages 13 | - [JamfMigrator](https://github.com/jamf/JamfMigrator) - Migrate/copy data between two Jamf instances (or export to an .xml file) 14 | - [Mac Admins Python](https://github.com/macadmins/python) - Mac Admins Foundation's Python redistributable 15 | - [macOSLAPS](https://github.com/joshua-d-miller/macOSLAPS) - Unique per-system admin passwords on a rotating basis escrowed to AD or Jamf (Jamf escrowed passwords are stored in plain text) 16 | - [networkShareMounter](https://gitlab.rrze.fau.de/faumac/networkShareMounter) - App to mount network shares at login or on changes of network state 17 | - [Nudge](https://github.com/macadmins/nudge) - 'Nudge' your users to complete macOS updates 18 | - [Office-Reset.com](https://office-reset.com/macadmins/) - Office-Reset is a free downloadable tool that you can use to fix problems and errors encountered with Microsoft Office for Mac apps. This includes Word, Excel, PowerPoint, Outlook, OneNote, OneDrive, Teams and AutoUpdate. The tool can help fix app launch errors, freezes, hangs, crashes, bad plug-ins, corrupt templates, performance issues, and confusing error messages. 19 | - [plist-yaml-plist](https://github.com/grahampugh/plist-yaml-plist) - yaml/plist/json converter 20 | - [macOS-enterprise-privileges (Privileges.app)](https://github.com/SAP/macOS-enterprise-privileges) - Grant temporary admin access to standard users w/controls + logging options 21 | - [PrivilegesDemoter](https://github.com/sgmills/PrivilegesDemoter) - Essential if using Privileges.app - Removes the temporarily granted admin rights 22 | - [profiledocs](https://mosen.github.io/profiledocs/index.html) - Mac Admins Profile Reference’s documentation 23 | - [SupportApp](https://github.com/root3nl/SupportApp) - Menu Bar app for client systems w/helpful info for users by Root3 24 | - [talkingmoose Microsoft App Install Script](https://gist.github.com/talkingmoose/a16ca849416ce5ce89316bacd75fc91a) - Download and install Microsoft apps by product ID 25 | 26 | ## Security Benchmark Compliance 27 | - [CIS-for-macOS-Sierra-CP](https://github.com/jamf/CIS-for-macOS-Sierra-CP/) - Jamf's guide to CIS Benchmarks for macOS Sierra 28 | - [CIS-macOS-Security - CIS-Script](https://github.com/mvdbent/CIS-Script/) - Remediation script for CIS Benchmarks - Part of the macOS CIS Benchmark Project 29 | - [CIS-macOS-Security](https://github.com/mvdbent/CIS-macOS-Security) - macOS CIS Benchmark Project 30 | - [lynis](https://github.com/CISOfy/lynis) - Multi-platform security audit tool 31 | - [US NIST macos_security GitHub](https://github.com/usnistgov/macos_security) - US NIST's macOS Security Benchmarks 32 | 33 | ## Additional people to follow 34 | - [Macmade](https://github.com/macmade) 35 | - [Macnotes](https://github.com/macnotes) 36 | - [pbowden-msft](https://github.com/pbowden-msft) 37 | - [talkingmoose - GitHub Gists](https://gist.github.com/talkingmoose/) 38 | - [talkingmoose - GitHub](https://github.com/talkingmoose) 39 | 40 | # Things to consider if you don't have Jamf, or possibly as a supplement 41 | - [Munki](https://github.com/munki/munki) 42 | -------------------------------------------------------------------------------- /Documentation/Apple Hardware/ReadMe.md: -------------------------------------------------------------------------------- 1 | [Revive or restore a Mac with Apple silicon using Apple Configurator](https://support.apple.com/guide/apple-configurator-mac/revive-or-restore-a-mac-with-apple-silicon-apdd5f3c75ad/mac) 2 | 3 | [Revive or restore an Intel-based Mac using Apple Configurator](https://support.apple.com/guide/apple-configurator-mac/revive-or-restore-an-intel-based-mac-apdebea5be51/mac) 4 | -------------------------------------------------------------------------------- /Documentation/FileVault/ReadMe.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Documentation/Intune/Conditional Access/ReadMe.md: -------------------------------------------------------------------------------- 1 | Source Documentation from HCS Online - ["Integrate and configure jamf pro and microsoft intune for conditional access for macos" technical white paper from HCSOnline.com](https://hcsonline.com/support/white-papers/integrate-and-configure-jamf-pro-and-microsoft-intune-for-conditional-access-for-macos) 2 | 3 | # HCS Online Technical Whitepaper 4 | ## Integrate and configure Jamf Pro and Microsoft Intune for Conditional Access for macOS 5 | 6 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_001](https://user-images.githubusercontent.com/52809959/175917820-574ef754-2fe0-4b4c-a816-767a96bc0f27.png) 7 | 8 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_002](https://user-images.githubusercontent.com/52809959/175917822-707c5bba-912f-4673-8ecd-5c54dadbe05b.png) 9 | 10 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_003](https://user-images.githubusercontent.com/52809959/175917824-f2f61526-93c4-4631-a2ee-c8690940fc70.png) 11 | 12 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_004](https://user-images.githubusercontent.com/52809959/175917826-0e89fd4b-07a2-4d64-a1cd-4bd7591f0221.png) 13 | 14 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_005](https://user-images.githubusercontent.com/52809959/175917829-d646f75b-9dfb-42c0-840f-79b373ba8713.png) 15 | 16 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_006](https://user-images.githubusercontent.com/52809959/175917831-e7fb14e9-9535-4850-910d-df1b51188e3d.png) 17 | 18 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_007](https://user-images.githubusercontent.com/52809959/175917833-55bcf686-f87d-4631-87fa-9e5708ae288a.png) 19 | 20 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_008](https://user-images.githubusercontent.com/52809959/175917836-165d2813-81fd-41bc-af68-7769ab77e8b8.png) 21 | 22 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_009](https://user-images.githubusercontent.com/52809959/175917838-b4835130-3010-40dc-8386-7489d0f8986a.png) 23 | 24 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_010](https://user-images.githubusercontent.com/52809959/175917841-c1c70164-fa40-485d-b500-f6c8c7ea2d4c.png) 25 | 26 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_011](https://user-images.githubusercontent.com/52809959/175917843-80ff2edc-7074-4d9a-b039-e679afe5c7a3.png) 27 | 28 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_012](https://user-images.githubusercontent.com/52809959/175917849-91a5c011-88ca-4586-9528-6d405b719313.png) 29 | 30 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_013](https://user-images.githubusercontent.com/52809959/175917852-9a7ca7d1-a587-4a73-bfb0-993472e84473.png) 31 | 32 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_014](https://user-images.githubusercontent.com/52809959/175917855-351a6ac7-1bf5-4586-8b54-9be714c06b6e.png) 33 | 34 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_015](https://user-images.githubusercontent.com/52809959/175917858-d3192727-4405-4abc-90a7-ab35509b3ff2.png) 35 | 36 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_016](https://user-images.githubusercontent.com/52809959/175917861-d9b4dc9b-20e8-4662-b43d-8b36decafe6e.png) 37 | 38 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_017](https://user-images.githubusercontent.com/52809959/175917864-3eeac753-0aaa-4463-86e3-db20a60b9917.png) 39 | 40 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_018](https://user-images.githubusercontent.com/52809959/175917868-b679b9b7-8ead-4dce-92c7-30e4472d8909.png) 41 | 42 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_019](https://user-images.githubusercontent.com/52809959/175917871-87f9a9e8-85e4-44cf-ba7d-2515d31d4b12.png) 43 | 44 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_020](https://user-images.githubusercontent.com/52809959/175917874-82c764db-6830-490d-a4a2-a14d1e7cfcd9.png) 45 | 46 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_021](https://user-images.githubusercontent.com/52809959/175917879-c541da42-e2f5-45d2-a0a5-399c0e8970f4.png) 47 | 48 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_022](https://user-images.githubusercontent.com/52809959/175917883-341f4e67-d924-427c-859b-21dd4f50c360.png) 49 | 50 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_023](https://user-images.githubusercontent.com/52809959/175917887-701e6cda-569a-423b-aab7-d71c06659718.png) 51 | 52 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_024](https://user-images.githubusercontent.com/52809959/175917888-6b31d437-e917-4c31-8887-93d37c5dedb2.png) 53 | 54 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_025](https://user-images.githubusercontent.com/52809959/175917896-2f33807b-a2e0-4e8a-90a7-4ee81ae5ff81.png) 55 | 56 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_026](https://user-images.githubusercontent.com/52809959/175917898-de32d390-7a17-4a2c-b926-60d4e8954bd1.png) 57 | 58 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_027](https://user-images.githubusercontent.com/52809959/175917901-7a58e65e-bd6f-40fb-b773-31ab0fea2743.png) 59 | 60 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_028](https://user-images.githubusercontent.com/52809959/175917903-00621a42-1449-4ac2-9ffd-7dbf9d906ee7.png) 61 | 62 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_029](https://user-images.githubusercontent.com/52809959/175917906-45b6e708-460b-4025-ab2f-a2bbec40d8bb.png) 63 | 64 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_030](https://user-images.githubusercontent.com/52809959/175917908-e76ff67f-19dd-41c7-9b9c-9e58d18ca1c2.png) 65 | 66 | ![HCS_Jamf_Intune_Conditional_Access_Guide_page_031](https://user-images.githubusercontent.com/52809959/175917910-be55c466-6667-4bfb-8f07-f2dc2a5bac2c.png) 67 | -------------------------------------------------------------------------------- /Documentation/Intune/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Helpful Intune blogs and links 2 | 3 | [hmaslowski.com (Blog)](https://hmaslowski.com/) - General macOS/Intune info 4 | 5 | [Jamf + Intune Conditional Access Configuration Guide (From HCS Online)](https://gregknackstedt.com/Jamf_things/Documentation/Intune/Conditional%20Access) 6 | -------------------------------------------------------------------------------- /Documentation/Jamf Pro/Patch Management/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Suggestions for patch management 2 | 3 | ## 1. Build payload-less packages (.pkg files) containing Installomator as patch definitions 4 | 5 | Build payload-less packages (.pkg files) containing [Installomator](https://github.com/Installomator/Installomator) (the script only), with a static defined tag and install variables for individual applications. 6 | These payload-less packages can easily be created with Jamf Composer by adding a Post-Install script to a package then removing the dummy file from the package. Paste the contents of the Installomator script into the Post-Install and modify for your requirements. There are multiple other methods or tools to accomplish this as well. 7 | 8 | This is a great article on Der Flounder by rtrouton to get you started with payloadless packages: 9 | 10 | https://derflounder.wordpress.com/2014/06/01/understanding-payload-free-packages/ 11 | 12 | These payload-less packages based on Installomator can then be used as patch management definitions with Jamf Pro for your applications on an ongoing basis without the need to repackage. 13 | 14 | ## 2. Jamf Pro will only use your primary DP if you're on-premise (this is key for a primary-remote fleet) 15 | 16 | Jamf Pro will only use your primary DP if you're on-premise. This is important to note, as there is currently no way to set a different primary, or specify a failover DP for patch management. If your primary DP is only accessible while on your network, Jamf Pro will log multiple failed attempts when trying to patch your applications. This will drag down your mySQL database performance and cause Jamf Pro to become unresponsive on a daily basis at about the same times each day. It is based on this that I recommend to NOT use patch management as your primary method of patching unless you have an external hosted primary DP on a 3rd party CDN or are hosted on Jamf Pro Cloud. 17 | -------------------------------------------------------------------------------- /Documentation/Jamf Pro/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Jamf Pro 2 | 3 | 4 | [Zero-Touch/DEP Deployment](https://gregknackstedt.com/Jamf_things/Documentation/Jamf%20Pro/Zero%20Touch%20Deployment/) 5 | -------------------------------------------------------------------------------- /Documentation/Jamf Pro/Upgrade process/On-Prem Parent + Child (External Forwarding) Server.md: -------------------------------------------------------------------------------- 1 | ### Updating Jamf Pro 10 for primary + child/forwarding configuration 2 | 3 | 1. Snapshot/Backup all servers 4 | 2. Verify snapshots 5 | 3. Create backup of Jamf SQL Database from parent server 6 | 4. Copy SQL DB backup to a seperate network/backup share 7 | 5. Stop tomcat on child/external server 8 | 6. Stop tomcat on primary server 9 | 7. Install Jamf update on primary server 10 | 8. Reboot primary server 11 | 9. Verify update successful 12 | 10. Complete update on child/forwarding server 13 | 11. Reboot child/forwarding server 14 | 12. Verify update successful 15 | 13. Remove snapshots and DB backup 16 | -------------------------------------------------------------------------------- /Documentation/Jamf Pro/VPP Token Renewal.md: -------------------------------------------------------------------------------- 1 | ### Obtaining and renewaing a VPP token for Jamf Pro 2 | 3 | 1. Login to Apple Business Manager https://business.apple.com/ 4 | 2. Go to Settings>Payment Methods 5 | 3. Download the correct VPP Token for your Jamf pro Instance 6 | 7 | Login To Jamf Pro 8 | 9 | 1. In the top-right corner of the page, click Settings. 10 | 2. Click Global Management. 11 | 3. Click Volume Purchasing. 12 | 4. Select the VPP program you need to renew the token for 13 | 5. In the bottom right corner of the page, click Edit 14 | 6. Click Renew Service Token button 15 | 7. Select the new VPP token downloaded from ABM 16 | 8. Click Upload 17 | 9. In the bottom right corner of the page, click Save 18 | -------------------------------------------------------------------------------- /Documentation/Jamf Pro/Zero Touch Deployment/Cloud/ReadMe.md: -------------------------------------------------------------------------------- 1 | Info specific to Jamf Pro Cloud 2 | -------------------------------------------------------------------------------- /Documentation/Jamf Pro/Zero Touch Deployment/Manifest Files/PreStage package manifest for Jamf Example.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | items 6 | 7 | 8 | 9 | assets 10 | 11 | 12 | 13 | kind 14 | software-package 15 | 16 | md5-size 17 | put the size here in bites from the intuneapputil 18 | 19 | md5s 20 | 21 | xxxxxxMD5 Hash Goes Here from the intuneapputilxxxxxx 22 | xxxxxxMD5 Hash Goes Here from the intuneapputilxxxxxx 23 | xxxxxxMD5 Hash Goes Here from the intuneapputilxxxxxx 24 | 25 | 26 | url 27 | https://SubDomain.ServerAddress.com:PortNumber/Directory/SubDirectory/PackageName.pkg 28 | 29 | 30 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /Documentation/Jamf Pro/Zero Touch Deployment/Manifest Files/ReadMe.md: -------------------------------------------------------------------------------- 1 | Use template with https://github.com/msintuneappsdk/intune-app-wrapping-tool-mac to create package manifests for pre-stage enrollment packages to use with an on-premise Jamf Pro instances. 2 | -------------------------------------------------------------------------------- /Documentation/Jamf Pro/Zero Touch Deployment/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Jamf Pro Zero Touch/PreStage Enrollment 2 | #### [Jamf Documentation for Jamf Pro 10.40.0](https://docs.jamf.com/10.40.0/jamf-pro/documentation/Computer_PreStage_Enrollments.html) 3 | 4 | ### Basic foundation for a true zero-touch deployment of macOS from Jamf Pro 5 | 1. Unprotected/auth free external facing HTTP/HTTPS file share to host pre-stage enrollment packages (Jamf Cloud DP works) 6 | 2. Signing Certificate - ([DeveloperID Installer Cert from Apple](https://docs.jamf.com/technical-articles/Obtaining_an_Installer_Certificate_from_Apple.html) AND [Apple Trusted Root Certificates](https://support.apple.com/en-us/HT209143) or [Self Signed Signing Cert from Jamf Pro](https://docs.jamf.com/technical-articles/Creating_a_Signing_Certificate_Using_Jamf_Pros_Built-in_CA_to_Use_for_Signing_Configuration_Profiles_and_Packages.html)) all PreStage Enrollment packages must be signed with a cert trusted by the client at time of install 7 | 3. Package manifest file - ([Example and utility here](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/Jamf%20Pro/Zero%20Touch%20Deployment/Manifest%20Files)) - created for each PreStage Enrollment package 8 | - *For Jamf Cloud: Upload package via Jamf Web GUI Settings>Packages to bypass manifest requirement* 9 | 4. [Enrollment Customization](https://docs.jamf.com/10.40.0/jamf-pro/documentation/Enrollment_Customization_Settings.html#ID-0000a9bc) (optional but reccomended to suggest a wired network connection to users + 2factor prior to enrollment) 10 | 5. [Pre-Stage Enrollment](https://docs.jamf.com/10.40.0/jamf-pro/documentation/Computer_PreStage_Enrollments.html) configuration 11 | 6. Jamf Connect Login (depending on IdP, may be optional) 12 | 7. [DEPNotify](https://gitlab.com/Mactroll/DEPNotify) 13 | 8. Jamf's [DEPNotify Starter Script](https://github.com/jamf/DEPNotify-Starter) 14 | 9. Optional/Environment dependent: FileVault 15 | 10. Optional/Environment dependent: [macOSLAPS](https://github.com/joshua-d-miller/macOSLAPS) 16 | -------------------------------------------------------------------------------- /Documentation/PaloAlto/ReadMe.md: -------------------------------------------------------------------------------- 1 | ### GlobalProtect PreLogon 2 | [Tips for deploying](https://old.reddit.com/r/macsysadmin/comments/txwq0p/global_protect_prelogon/) 3 | 4 | 5 | 6 | ### Navigation 7 | 8 | - [Scripts and Things Homepage](https://gregknackstedt.com/) 9 | - [Jamf Things - Home](https://gregknackstedt.com/Jamf_things/) 10 | - [Scripts and Things - Jamf JSON Schemas Home](https://gregknackstedt/scriptsandthings_Jamf_JSON_Schemas) 11 | - [Jamf Things Documentation - Home](https://gregknackstedt.com/Jamf_things/Documentation/) 12 | -------------------------------------------------------------------------------- /Documentation/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Documentation 2 | 3 | - [Jamf Things Documentation - Home](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation) 4 | 5 | - [Blogs and Links](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/*Blogs%20and%20Links) 6 | - [Other Github Projects](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/*Other%20Github%20Projects) 7 | - [Subreddit/Discord Links](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/*Subreddit%20Links) 8 | - [Jamf Pro](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/Jamf%20Pro) 9 | - [Apple Hardware](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/Apple%20Hardware) 10 | - [FileVault](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/FileVault) 11 | - [Apple smbx Documentation](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/smbx) 12 | - [Intune](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/Intune) 13 | - [Conditional Access - Intune + Jamf.md](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/Intune/Conditional%20Access) 14 | - [PaloAlto](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/PaloAlto) 15 | - [SCEP Information](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/SCEP) 16 | - [Virtual Machines](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation/Virtual%20Machines) 17 | 18 | 19 | ### Navigation 20 | 21 | - [Jamf Things Documentation - Home](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation) 22 | - [Jamf Things - Home](https://github.com/scriptsandthings/Jamf_things/tree/master/Documentation) 23 | - [Scripts and Things Homepage](https://github.com/scriptsandthings) 24 | -------------------------------------------------------------------------------- /Documentation/SCEP/ReadMe.md: -------------------------------------------------------------------------------- 1 | # SCEP With Azure App Proxy + Jamf Pro 2 | 3 | ## [Handy guide to get started from macnotes.wordpress](https://macnotes.wordpress.com/2020/11/11/configuring-azure-web-application-proxy-for-jamf-pro-scep-certificates/) 4 | 5 | ## Some additional notes: 6 | 1. Intune requires it's own NDES/SCEP server. You can't use the same server for both. 7 | 2. Don't try to load balance, you'll get rate limit/bad/max password attempt issues and fight it months. 8 | #### Just do an active/passive failover, kinda lame but gives some DR and functions. **Literally spent 6 months with Microsoft and Jamf support on this.** 9 | 10 | 11 | ### Navigation 12 | 13 | - [Scripts and Things Homepage](https://gregknackstedt.com/) 14 | - [Jamf Things - Home](https://gregknackstedt.com/Jamf_things/) 15 | - [Scripts and Things Jamf JSON Schemas Home](https://gregknackstedt/scriptsandthings_Jamf_JSON_Schemas) 16 | - [Jamf Things Documentation - Home](https://gregknackstedt.com/Jamf_things/Documentation/) 17 | -------------------------------------------------------------------------------- /Documentation/Virtual Machines/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Virtual Machines 2 | 3 | ### Info on managing Linux, Windows, and macOS VMs running on macOS hosts. 4 | 5 | ## Configuring a DEP capable VM snapshot with VMware Fusion and Parallels Desktop 6 | ### These guides only work on an Intel Mac at this time. 7 | 8 | [Guide for VMware Fusion](https://www.rderewianko.com/how-to-create-a-vm-thatll-work-with-dep-on-vmware-fusion/) 9 | 10 | [Another guide for VMware Fusion](https://travellingtechguy.blog/vmware-dep/) * I found this to be the best guide 11 | 12 | [Guide for Parallels Desktop](https://jerbecause.wordpress.com/2018/02/09/creating-a-dep-vm-using-parallels-desktop/) 13 | 14 | [Guide for VirtualBox](https://tobiwashere.de/2017/10/virtualbox-how-to-create-a-macos-high-sierra-vm-to-run-on-a-mac-host-system/) 15 | 16 | ## VM Options for Apple Silicon 17 | 18 | [UTM](https://github.com/utmapp/UTM) 19 | 20 | [Parallels Desktop](https://www.parallels.com/products/desktop/) 21 | 22 | [Fusion Tech Preview - Linux VMs only](https://customerconnect.vmware.com/downloads/get-download?downloadGroup=FUS-PUBTP-2021H1) 23 | 24 | [QEMU Manager](https://github.com/macmade/QEMU-Manager) - Xcode project 25 | 26 | ## VM Options for other OS hosts 27 | 28 | https://github.com/kholia/OSX-KVM 29 | 30 | 31 | 32 | ### Navigation 33 | 34 | - [Scripts and Things Homepage](https://gregknackstedt.com/) 35 | - [Jamf Things - Home](https://gregknackstedt.com/Jamf_things/) 36 | - [Scripts and Things - Jamf JSON Schemas Home](https://gregknackstedt/scriptsandthings_Jamf_JSON_Schemas) 37 | - [Jamf Things Documentation - Home](https://gregknackstedt.com/Jamf_things/Documentation/) 38 | -------------------------------------------------------------------------------- /Documentation/smbx/ReadMe.md: -------------------------------------------------------------------------------- 1 | # smbx 2 | ### Info on Apple's proprietary implementation of SMB file sharing and how to wrangle it 3 | 4 | I have a dedicated repo for Apple's smbx here: [macOS smbx Things](https://gregknackstedt.com/macOS_smbx_things) 5 | 6 | 7 | ### Navigation 8 | 9 | - [Jamf Things Documentation - Home](https://gregknackstedt.com/Jamf_things/Documentation/) 10 | - [Jamf Things - Home](https://gregknackstedt.com/Jamf_things/Documentation/) 11 | - [Scripts and Things Homepage](https://gregknackstedt.com/) 12 | -------------------------------------------------------------------------------- /Extension Attributes/Asset Management/Approximate City or Locality of Computer.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # 3 | # Gets the system's approximate city it's currently located in by using its current external facing IP 4 | # based on ip-api.com 5 | # 6 | # v1.0 7 | # 3.7.2022 8 | # 9 | # Greg Knackstedt 10 | # https://github.com/scriptsandthings/ 11 | # Shitttyscripts@gmail.com 12 | # 13 | #################################### 14 | # 15 | # Get the current external IP address 16 | myIP=$(curl -L -s --max-time 10 http://checkip.dyndns.org | egrep -o -m 1 '([[:digit:]]{1,3}.){3}[[:digit:]]{1,3}') 17 | # Use the IP address to identify the current City 18 | City=$(curl -L -s --max-time 10 "http://ip-api.com/line/$myIP?fields=city") 19 | # 20 | # Display the results in a format that can be used as an extension attribute 21 | echo "$City" 22 | -------------------------------------------------------------------------------- /Extension Attributes/Asset Management/Approximate Location of Computer.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # Gets the system's approximate physical location by using its current external facing IP 3 | # Displays the City, State, and Country info returned from ip-api.com. 4 | # 5 | # v2.0 6 | # 3.28.2023 7 | # 8 | # Greg Knackstedt 9 | # https://github.com/scriptsandthings/ 10 | # Shitttyscripts@gmail.com 11 | # 12 | #################################### 13 | # 14 | # Get the current external IP address 15 | myIP=$(curl -L -s --max-time 10 http://checkip.dyndns.org | egrep -o -m 1 '([[:digit:]]{1,3}.){3}[[:digit:]]{1,3}') 16 | # Use the IP address to identify the current City 17 | City=$(curl -L -s --max-time 10 "http://ip-api.com/line/$myIP?fields=city") 18 | # Use the IP address to identify the current State or Region 19 | State=$(curl -L -s --max-time 10 "http://ip-api.com/line/$myIP?fields=regionName") 20 | # Use the IP address to identify the current Country 21 | Country=$(curl -L -s --max-time 10 "http://ip-api.com/line/$myIP?fields=country") 22 | # 23 | # Display the results in a format that can be used as an extension attribute 24 | echo "$City, $State - $Country" 25 | exit 0 26 | -------------------------------------------------------------------------------- /Extension Attributes/Asset Management/Approximate State or Region of Computer.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # 3 | # Gets the approximated State or Region the system is currently physically locatted in by using its current external facing IP 4 | # based on ip-api.com 5 | # 6 | # v1.0 7 | # 3.7.2022 8 | # 9 | # Greg Knackstedt 10 | # https://github.com/scriptsandthings/ 11 | # Shitttyscripts@gmail.com 12 | # 13 | #################################### 14 | # 15 | # Get the current external IP address 16 | myIP=$(curl -L -s --max-time 10 http://checkip.dyndns.org | egrep -o -m 1 '([[:digit:]]{1,3}.){3}[[:digit:]]{1,3}') 17 | # Use the IP address to identify the current State or Region 18 | State=$(curl -L -s --max-time 10 "http://ip-api.com/line/$myIP?fields=regionName") 19 | # 20 | # Display the results in a format that can be used as an extension attribute 21 | echo "$State" 22 | -------------------------------------------------------------------------------- /Extension Attributes/Asset Management/HardwareType_isLaptop.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Script tested as working in bash + zsh 4 | #################################################################### 5 | # HardwareType_isLaptop 6 | # v1.1 7 | # 8 | # Extension attribute to identify if a system is a laptop or desktop by detecting the presence of a battery. 9 | # Value will be "Yes" if system is a laptop or "No" if the system is a desktop. 10 | # 11 | # Greg Knackstedt 12 | # https://github.com/scriptsandthings/ 13 | # Shitttyscripts@gmail.com 14 | # 2.18.2023 15 | # 16 | #################################################################### 17 | # 18 | # Check if system has an internal battery 19 | isLaptop=$(/usr/sbin/ioreg -c AppleSmartBattery -r | awk '/BatteryInstalled/ {print $3}') 20 | # 21 | # If system is a laptop, set result to Yes 22 | if [[ $isLaptop == "Yes" ]]; then 23 | echo "System is a laptop" 24 | result="Yes" 25 | else 26 | # Else system is a desktop, set result to No 27 | echo "System is a desktop" 28 | result="No" 29 | fi 30 | # Echo the result for collection 31 | /bin/echo "$result" 32 | -------------------------------------------------------------------------------- /Extension Attributes/Flag_File_Check_Template.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | ####################### 3 | # 4 | # To pair with Jamf script to create flag file. 5 | # 6 | ####################### 7 | # 8 | # Originally from Jamf Nation user sdagley 9 | # https://community.jamf.com/t5/jamf-pro/add-a-system-to-a-smartgroup-using-self-service/m-p/238671 10 | # 11 | # EA - Template Check For Flag File.sh 12 | # 13 | # One strategy for enabling a Jamf Pro Policy or Configuration Profile is using a Smart Group 14 | # to identify Macs that the Policy or Profile should be deployed to. Some criteria is 15 | # needed to identify a Mac as a member of the target Smart Group. This EA template is a 16 | # mechanism for doing that. If a file exists with the specified name at the specified path 17 | # it will return True, otherwise it returns False. 18 | 19 | FlagFilePath="/Library/SomeOrg/" 20 | FlagFileName="flagfile" 21 | result="False" 22 | 23 | if [ -e "${FlagFilePath}${FlagFileName}" ]; then 24 | result="True" 25 | fi 26 | 27 | echo "$result" 28 | -------------------------------------------------------------------------------- /Extension Attributes/Jamf Connect/Jamf_Connect_LaunchAgent_Install_Status.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # 3 | ################################# 4 | # 5 | # Jamf_Connect_LaunchAgent_Install_Status.zsh 6 | # 7 | # Greg Knackstedt 8 | # 5.11.2022 9 | # v1.0 10 | # 11 | # Checks for the Jamf Connect LaunchAgent presence and reports a True or False status if it is found 12 | # 13 | ################################# 14 | # 15 | launchAgentPath="/Library/LaunchAgents/" 16 | launchAgentName="com.jamf.connect.plist" 17 | result="False" 18 | 19 | if [ -e "${launchAgentPath}${launchAgentName}" ]; then 20 | result="True" 21 | fi 22 | 23 | echo "$result" 24 | 25 | -------------------------------------------------------------------------------- /Extension Attributes/Jamf Connect/Jamf_Connect_Login_Status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Extension Attribute to determine if Jamf Connect Login is enabled on system 4 | 5 | # Uses authchanger to check if any JamfConnectLogin mechs are enabled 6 | if [[ $( /usr/local/bin/authchanger -print | grep JamfConnectLogin ) != "" ]]; then 7 | /bin/echo "Enabled" 8 | else 9 | /bin/echo "Disabled" 10 | fi 11 | -------------------------------------------------------------------------------- /Extension Attributes/Privileges/Last 5 Privileges.app reasons.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | # 3 | ########################################################## 4 | # 5 | # Jamf Pro Extension Attribute 6 | # Last 5 Privileges.app reasons.sh 7 | # Version 1.0 8 | # 3.29.2023 9 | # 10 | # This script records the last 5 reasons an end user needs to request local admin rights 11 | # using Privileges.app on macOS from https://github.com/SAP/macOS-enterprise-privileges 12 | # and records the information into Jamf Pro as documented here: 13 | # https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Computer_Extension_Attributes.html. 14 | # 15 | # The purpose of this script is to improve the end user support experience and for future security audits. 16 | # It is not meant to be intrusive or an invasion of privacy. 17 | # 18 | # This script was created by Greg Knackstedt (https://github.com/scriptsandthings/) with assistance from ChatGPT. 19 | # Contact information: Shitttyscripts@gmail.com 20 | # 21 | ########################################################## 22 | # 23 | # set the path to the log file we want to search 24 | log_file='/private/var/log/privileges.log' 25 | 26 | # read each line of the log file 27 | while read -r line; do 28 | # if the line contains the pattern 'reason:', extract the date and reason 29 | if [[ "$line" == *reason:* ]]; then 30 | # extract the date and time from the line using grep 31 | date=$(echo "$line" | grep -oE '\b[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\b') 32 | # extract the reason from the line using sed 33 | reason=$(echo "$line" | sed 's/.*reason:/reason:/;s/ on MachineID:.*//') 34 | # append the date and reason to the result output 35 | result+="${date} ${reason}\n" 36 | fi 37 | # read from the log file 38 | done < "$log_file" 39 | 40 | 41 | # read and save the resulting output to the variable $eaResult 42 | # use tail to limit the output to the last 5 matching lines 43 | eaResult=$( echo "$result" | tail -n 5 ) 44 | 45 | # print the result output to the console 46 | echo "$eaResult" 47 | 48 | # Exit the script 49 | exit 0 50 | -------------------------------------------------------------------------------- /Extension Attributes/ProofPoint ObserveIT/ObserveIT_Installed_Version.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh 2 | ######################################################################## 3 | # A script to collect information on if ProofPoint Observe IT 4 | # is currently installed. Returns version number if installed, 5 | # If ObserveIT is not installed then "Not Installed" will return back 6 | # 7 | # v1.0 8 | # 3.9.2022 9 | # Greg Knackstedt 10 | # https://github.com/scriptsandthings/ 11 | # shitttyscripts@gmail.com 12 | # 13 | ######################################################################## 14 | if [ -e /Library/PEA/agent ] 15 | then 16 | fileversion_number="/Library/PEA/agent/version" 17 | while read -r line; do 18 | version_number="$line" 19 | echo "$version_number" 20 | done < "$fileversion_number" 21 | else 22 | echo "Not Installed" 23 | fi 24 | -------------------------------------------------------------------------------- /Extension Attributes/ProofPoint ObserveIT/ProofPoint_ObserveIt_AutoUpdater_Installation_Status.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | ############################################################ 4 | # 5 | # Greg Knackstedt 6 | # https://github.com/scriptsandthings/Jamf_things/ 7 | # 5.11.2022 8 | # 9 | # ProofPoint_ObserveIt_AutoUpdater_Version.zsh 10 | # v2.0 11 | # 12 | # Checks for the ProofPoint ObserveIT AutoUpdater daemon and reports the installed version 13 | # 14 | ############################################################ 15 | updaterPath="/Library/ITUpdater/updater/" 16 | updaterName="autoUpdater" 17 | # 18 | if [ -e "${updaterPath}${updaterName}" ]; then 19 | updaterVersion=$(/usr/bin/defaults read /Library/ITUpdater/updater/updater.Info.plist CFBundleVersion) 20 | echo "$updaterVersion" 21 | else 22 | echo "Not installed" 23 | fi 24 | 25 | exit 0 26 | -------------------------------------------------------------------------------- /Extension Attributes/ProofPoint ObserveIT/ProofPoint_ObserveIt_AutoUpdater_Version.zsh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | ############################################################ 4 | # 5 | # Greg Knackstedt 6 | # https://github.com/scriptsandthings/Jamf_things/ 7 | # 5.11.2022 8 | # 9 | # ProofPoint_ObserveIt_AutoUpdater_Version.zsh 10 | # v2.0 11 | # 12 | # Checks for the ProofPoint ObserveIT AutoUpdater daemon and reports the installed version 13 | # 14 | ############################################################ 15 | updaterPath="/Library/ITUpdater/updater/" 16 | updaterName="autoUpdater" 17 | # 18 | if [ -e "${updaterPath}${updaterName}" ]; then 19 | updaterVersion=$(/usr/bin/defaults read /Library/ITUpdater/updater/plist/updater.Info.plist CFBundleVersion) 20 | echo "$updaterVersion" 21 | else 22 | echo "Not installed" 23 | fi 24 | 25 | exit 0 26 | -------------------------------------------------------------------------------- /Extension Attributes/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Extension Attributes 2 | ## For Use With Jamf Pro 3 | 4 | - [Asset Management](https://github.com/scriptsandthings/Jamf_things/tree/master/Extension%20Attributes/Asset%20Management) 5 | - [ProofPoint ObserveIT](https://github.com/scriptsandthings/Jamf_things/tree/master/Extension%20Attributes/ProofPoint%20ObserveIT) 6 | - [Jamf Connect](https://github.com/scriptsandthings/Jamf_things/tree/master/Extension%20Attributes/Jamf%20Connect) 7 | - [Flag File EA Template](https://github.com/scriptsandthings/Jamf_things/blob/master/Extension%20Attributes/Flag_File_Check_Template.zsh) 8 | -------------------------------------------------------------------------------- /Extension Attributes/TouchID/TouchID_Status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/zsh --no-rcs 2 | # 3 | ############################################################################################################################# 4 | # 5 | # Jamf Pro Extension Attribute for TouchID Status 6 | # Version: 1.0 7 | # 8 | # 9 | # Greg Knackstedt 10 | # 10.21.2024 11 | # shitttyscripts@gmail.com 12 | # https://github.com/scriptsandthings/ 13 | # 14 | # 15 | ################### A Jamf Pro Extension Attribute for macOS clients that reports the following settings: ################### 16 | # 17 | # System Level TouchID Checks 18 | # - TouchID Status (Biometrics functionality) 19 | # - Biometrics for Unlock 20 | # - Biometric timeout 21 | # - Passcode input timeout 22 | # 23 | # User Level TouchID Checks 24 | # - Biometrics for Unlock 25 | # - Biometrics for ApplePay 26 | # - Effective biometrics for ApplePay - ***Not Currently Displaying in EA output*** 27 | # - Effective biometrics for Unlock - ***Not Currently Displaying in EA output*** 28 | # 29 | ############################################################################################################################# 30 | # 31 | # Define Variables 32 | # 33 | ############################################################################################################################# 34 | # 35 | # Find currently Logged in console user 36 | CurrentConsoleUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}') 37 | # Check System TouchID Status 38 | SystemTouchIDStatus=`bioutil -rs | grep "Biometrics functionality" | awk -F': ' '{print $2}'` 39 | # Check System TouchID Status for Unlock 40 | SystemTouchIDStatusForUnlock=`bioutil -rs | grep "Biometrics for unlock" | awk -F': ' '{print $2}'` 41 | # Check System TouchID Timeout Settings 42 | SystemTouchIDTimeout=`bioutil -rs | grep "Biometric timeout (in seconds)" | awk -F': ' '{print $2}'` 43 | # Check System TouchID Match Timeout Settings 44 | SystemTouchIDMatchTimeout=`bioutil -rs | grep "Match timeout (in seconds)" | awk -F': ' '{print $2}'` 45 | # Check System Passcode Timeout Settings 46 | SystemTouchIDPasscodeInputTimeout=`bioutil -rs | grep "Passcode input timeout (in seconds)" | awk -F': ' '{print $2}'` 47 | # Check User's TouchID Status for Unlock 48 | UserTouchIDStatusForUnlock=`bioutil -r | grep "Biometrics for unlock" | awk -F': ' '{print $2}'` 49 | # Check User's TouchID Status for ApplePay 50 | UserTouchIDStatusForApplePay=`bioutil -r | grep "Biometrics for ApplePay" | awk -F': ' '{print $2}'` 51 | # Check User's Effective Biometrics for ApplePay 52 | UserTouchIDEffectiveBiometricsForApplePay=`bioutil -r | grep "Effective biometrics for ApplePay" | awk -F': ' '{print $2}'` 53 | # Check User's Effective Biometrics for Unlock 54 | UserTouchIDEffectiveBiometricsForUnlock=`bioutil -r | grep "Effective biometrics for unlock" | awk -F': ' '{print $2}'` 55 | # 56 | ############################################################################################################################# 57 | # 58 | # Define Functions 59 | # 60 | ############################################################################################################################# 61 | # 62 | # Find number of Fingerprints registered for users with TouchID enabled 63 | function GetFingerprintInfo (){ 64 | # Step 1: Check if users have current fingerprint registrations, loop through each line of the command output containing a UID to pair it & fingerprints registered for each UID with a local username on the macOS client 65 | bioutil -cs | grep "User [0-9]\+:" | while read -r line; do 66 | # Step 2: Extract UID from the line 67 | uid=$(echo "$line" | awk -F'[ :]' '{print $2}') 68 | # Step 3: Extract the local user account name corresponding to the UID 69 | TouchIDUsername=$(id "$uid" | awk -F'[()]' '{print $2}') 70 | # Step 4: Extract the number of biometric templates (registered fingerprints) from the line 71 | TouchIDFingerprintsEnrolled=$(echo "$line" | awk '{print $3}') 72 | # If no registered fingerprints found, report no fingerpints found for user 73 | if [[ "$TouchIDFingerprintsEnrolled" = "0" ]]; then 74 | echo "No Fingerprints Enrolled for $TouchIDUsername" 75 | elif [[ "$TouchIDFingerprintsEnrolled" -gt 0 ]]; then 76 | # Report results for the user's fingerpint registration 77 | echo "$TouchIDUsername: $TouchIDFingerprintsEnrolled Fingerprints Registered" 78 | fi 79 | done 80 | } 81 | # 82 | ############################################################################################################################# 83 | # 84 | # Begin Script 85 | # 86 | ############################################################################################################################# 87 | # 88 | # Check if TouchID is enabled at the system level 89 | if [[ "$SystemTouchIDStatus" = "0" ]]; then 90 | SystemTouchIDStatusResult="TouchID Enabled: False" 91 | elif [[ "$SystemTouchIDStatus" = "1" ]]; then 92 | SystemTouchIDStatusResult="TouchID Enabled: True" 93 | # Check if TouchID is enabled for Unlock at the system level 94 | if [[ "$SystemTouchIDStatusForUnlock" = "0" ]]; then 95 | SystemTouchIDStatusForUnlockResult="TouchID Enabled for Unlock: False" 96 | elif [[ "$SystemTouchIDStatusForUnlock" = "1" ]]; then 97 | SystemTouchIDStatusForUnlockResult="TouchID Enabled for Unlock: True" 98 | else 99 | SystemTouchIDStatusForUnlockResult="Error Checking TouchID Status for Unlock" 100 | fi 101 | # Report System TouchID Timeout Setting 102 | if [[ "$SystemTouchIDTimeout" = "0" ]]; then 103 | SystemTouchIDTimeoutResult="Biometric Timeout: Not Configured" 104 | elif [[ "$SystemTouchIDTimeout" -gt 0 ]]; then 105 | SystemTouchIDTimeoutResult="Biometric Timeout: $SystemTouchIDTimeout Seconds" 106 | else 107 | SystemTouchIDTimeoutResult="Error Checking Biometric Timeout Settings" 108 | fi 109 | # Report System TouchID Match Timeout Setting 110 | if [[ "$SystemTouchIDMatchTimeout" = "0" ]]; then 111 | SystemTouchIDMatchTimeoutResult="Biometric Match Timeout: Not Configured" 112 | elif [[ "$SystemTouchIDMatchTimeout" -gt 0 ]]; then 113 | SystemTouchIDMatchTimeoutResult="Biometric Match Timeout: $SystemTouchIDMatchTimeout Seconds" 114 | else 115 | SystemTouchIDMatchTimeoutResult="Error Checking Biometric Match Timeout Settings" 116 | fi 117 | # Report System TouchID Passcode Input Timeout Setting 118 | if [[ "$SystemTouchIDPasscodeInputTimeout" = "0" ]]; then 119 | SystemTouchIDPasscodeInputTimeoutResult="Passcode Input Timeout: Not Configured" 120 | elif [[ "$SystemTouchIDPasscodeInputTimeout" -gt 0 ]]; then 121 | SystemTouchIDPasscodeInputTimeoutResult="Passcode Input Timeout: $SystemTouchIDPasscodeInputTimeout Seconds" 122 | else 123 | SystemTouchIDPasscodeInputTimeoutResult="Error Checking Passcode Input Timeout Settings" 124 | fi 125 | # Check if users have TouchID Enabled for Unlock 126 | if [[ "$UserTouchIDStatusForUnlock" = "0" ]]; then 127 | UserTouchIDStatusForUnlockResult="$CurrentConsoleUser: Unlock Disabled" 128 | elif [[ "$UserTouchIDStatusForUnlock" = "1" ]]; then 129 | UserTouchIDStatusForUnlockResult="$CurrentConsoleUser: Unlock Enabled" 130 | else 131 | UserTouchIDStatusForUnlockResult="Error Checking "$CurrentConsoleUser"'s TouchID Status for Unlock" 132 | fi 133 | # Check if users have TouchID Enabled for ApplePay 134 | if [[ "$UserTouchIDStatusForApplePay" = "0" ]]; then 135 | UserTouchIDStatusForApplePayResult="$CurrentConsoleUser: ApplePay Disabled" 136 | elif [[ "$UserTouchIDStatusForApplePay" = "1" ]]; then 137 | UserTouchIDStatusForApplePayResult="$CurrentConsoleUser: ApplePay Enabled" 138 | else 139 | UserTouchIDStatusForApplePayResult="Error Checking "$CurrentConsoleUser"'s TouchID Status for ApplePay" 140 | fi 141 | else 142 | # If unable to determine TouchID status, report an error 143 | SystemTouchIDStatusResult="Error Checking if TouchID is enabled on this Mac." 144 | echo "$SystemTouchIDStatusResult" 145 | exit 0 146 | fi 147 | # 148 | # Echo all of the results 149 | echo "$SystemTouchIDStatusResult" 150 | echo "$SystemTouchIDStatusForUnlockResult" 151 | echo "$SystemTouchIDTimeoutResult" 152 | echo "$SystemTouchIDMatchTimeoutResult" 153 | echo "$SystemTouchIDPasscodeInputTimeoutResult" 154 | echo "$UserTouchIDStatusForUnlockResult" 155 | echo "$UserTouchIDStatusForApplePayResult" 156 | # Check for user fingerprint registrations and list # of fingerprints per user if registrations are found 157 | GetFingerprintInfo 158 | exit 0 159 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | source "https://rubygems.org" 4 | 5 | gemspec 6 | 7 | 8 | gem "github-pages" 9 | gem "jekyll-include-cache" 10 | gem "jekyll-octicons" 11 | gem "jekyll-paginate" 12 | gem "jekyll-sitemap" 13 | gem "jekyll-gist" 14 | gem "jekyll-feed" 15 | gem "jemoji" 16 | gem "jekyll-remote-theme" 17 | 18 | group :test do 19 | gem "rubocop", "~> 0.79" 20 | gem "rubocop-performance" 21 | gem "webmock" 22 | end 23 | -------------------------------------------------------------------------------- /JSON Schemas/README.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Jamf Protect/ReadMe.md: -------------------------------------------------------------------------------- 1 | Here's some Jamf Protect/Universal Syslog predicates 2 | 3 | log show --style syslog --predicate 'process == "corp.sap.privileges.helper" && eventMessage CONTAINS 4 | "SAPCorp" && eventMessage CONTAINS "reason"' 5 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Greg Knackstedt 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | There's a powershell thing for windows in here now. 2 | 3 | Uh oh. 4 | -------------------------------------------------------------------------------- /_data/home.yml: -------------------------------------------------------------------------------- 1 | navbar_entries: 2 | - title: Home 3 | url: https://gregknackstedt.com 4 | 5 | - title: About Scripts and Things 6 | url: https://gregknackstedt.com/about 7 | 8 | project_entries: 9 | - title: Apple 10 | url: https://github.com/scriptsandthings/scriptsandthings_Jamf_JSON_Schemas/tree/main/Schemas/Apple 11 | desc: Originally created with the goal of simplifying the enforcement of CIS benchmarks level 1 and level 2 for macOS Monterey and Big Sur. 12 | highlight: WIP 13 | 14 | - title: PaloAlto 15 | url: https://github.com/scriptsandthings/scriptsandthings_Jamf_JSON_Schemas/tree/main/Schemas/PaloAlto 16 | desc: JSON Schemas for PaloAlto GlobalProtect 17 | 18 | - title: VMWare 19 | url: https://github.com/scriptsandthings/scriptsandthings_Jamf_JSON_Schemas/tree/main/Schemas/VMware 20 | desc: JSON Schemas for VMware Horizon Client 21 | 22 | 23 | footer_entries: 24 | - title: Home 25 | url: https://gregknackstedt.com 26 | 27 | - title: My GitHub 28 | url: https://github.com/scriptsandthings 29 | 30 | - title: My LinkedIn 31 | url: https://www.linkedin.com/in/gregknac/ 32 | 33 | # misc_entries: 34 | # Shows on homepage under 'Details" heading 35 | # - title: this is an example vertical list 36 | # url: false 37 | # 38 | # - title: you can show or hide using a boolean flag in _config.yml 39 | # url: false 40 | # 41 | # - title: and you can add data in _data/home.yml 42 | # url: false 43 | # 44 | # - title: Blog posts 45 | # post_list: true 46 | # url: false 47 | # 48 | # - title: Scripts and Things 49 | # url: false 50 | # entries: 51 | # - title: on Github 52 | # url: https://github.com/scriptsandthings 53 | # 54 | # - title: Homepage 55 | # url: https://www.gregknackstedt.com 56 | # 57 | # - title: this list is scalable and can be nested 58 | # url: false 59 | # entries: 60 | # - title: this is nested inside a nested list 61 | # url: false 62 | # 63 | # - title: it is easy to use, see _data/home.yml to see how to configure it. 64 | # url: false 65 | -------------------------------------------------------------------------------- /about.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: post 3 | title: About 4 | --- 5 | --------------------------------------------------------------------------------