charliwest/firstBootLogin.sh

## firstBootLogin.sh
#!/bin/zsh
organizationIdentifier=XXXX
installerBaseString=${organizationIdentifier}.firstBoot
tempUtilitiesPath=/var/tmp
installerScriptName=${installerBaseString}-installer.zsh
uninstallerScriptName=${installerBaseString}-cleanup.zsh
launchDaemonName=${installerBaseString}.plist
launchDaemonPath="/Library/LaunchDaemons"/${launchDaemonName}
installerScriptPath=${tempUtilitiesPath}/${installerScriptName}
uninstallerScriptPath=${tempUtilitiesPath}/${uninstallerScriptName}

echo "Creating ${installerScriptPath}."
(
cat <<ENDOFINSTALLERSCRIPT
#!/bin/zsh
while true; do
    # Check if current user is root, admin, or otheradmin (change these as needed or remove). Also make sure it is not _mbsetupuser
    loggedInUser=\$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print \$3 }' )
    if [[ \${loggedInUser} == "root" || \${loggedInUser} == "admin" || \${loggedInUser} == "otheradmin" || \${loggedInUser} == "_mbsetupuser" || \${loggedInUser} == "" || \${loggedInUser} == "." ]]; then
        echo "Cannot run script as \${loggedInUser}. Waiting for 10 seconds."
        sleep 10
    else
    	sleep 5
        echo "Running script as \${loggedInUser}"
        # Set up Dock
        /usr/local/bin/jamf policy -event "setUpDock" &&
        # Set VPN URL
        /usr/local/bin/jamf policy -event "setVPNURL" &&
        # Set Wallpaper
        /usr/local/bin/jamf policy -event "setWallpaper" &&
        # Set User Permissions for Printer, Network and Date & Time
        /usr/local/bin/jamf policy -event "SetUserPermissions" &&
        # Set Correct Username
        /usr/local/bin/jamf policy -event "updateUsername" &&
        # Set FV2 Keyboard Correctly
        /usr/local/bin/jamf policy -event "fixKeyboardLayout" &&
        # Sets the device enrollment complete
        /usr/local/bin/jamf policy -event "SetDeviceEnrollmentCompleted" &&
        # Open Self Service
        sudo -u $loggedInUser open "jamfselfservice://" &&
        # Run a Recon
        /usr/local/bin/jamf recon
        # Open OneDrive, this makes it autostart each login
        open -a OneDrive
        # Clean up set up
        #rm /var/tmp/notifyJamf.sh

        # Exit the loop and the script
        break
    fi
done
ENDOFINSTALLERSCRIPT
)  > "${installerScriptPath}"

echo "Setting permissions for ${installerScriptPath}."
chmod 700 "${installerScriptPath}"
chown root:wheel "${installerScriptPath}"


echo "Creating ${launchDaemonPath}."
(
cat <<ENDOFLAUNCHDAEMON
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>${launchDaemonName}</string>
	<key>RunAtLoad</key>
	<true/>
	<key>UserName</key>
	<string>root</string>
	<key>ProgramArguments</key>
	<array>
		<string>/bin/zsh</string>
		<string>${installerScriptPath}</string>
	</array>
	<key>StandardErrorPath</key>
	<string>/var/tmp/${installerScriptName}.err</string>
	<key>StandardOutPath</key>
	<string>/var/tmp/${installerScriptName}.out</string>
</dict>
</plist>

ENDOFLAUNCHDAEMON
)  > "${launchDaemonPath}"

echo "Setting permissions for ${launchDaemonPath}."
chmod 644 "${launchDaemonPath}"
chown root:wheel "${launchDaemonPath}"

echo "Loading ${launchDaemonName}."
launchctl load "${launchDaemonPath}"

echo "Creating ${uninstallerScriptPath}."
(
cat <<ENDOFUNINSTALLERSCRIPT
#!/bin/zsh
# This is meant to be called by a Jamf Pro policy via trigger
# Near the end of your setup for your mac script

rm ${installerScriptPath}

# Note that if you unload the LaunchDaemon this will immediately kill the setup your mac script script
# Just remove the underlying plist file, and the LaunchDaemon will not run after next reboot/login.

rm ${launchDaemonPath}
rm ${uninstallerScriptName}
rm /var/tmp/${installerScriptName}.err
rm /var/tmp/${installerScriptName}.out

ENDOFUNINSTALLERSCRIPT
) > "${uninstallerScriptPath}"

echo "Setting permissions for ${uninstallerScriptPath}."
chmod 700 "${uninstallerScriptPath}"
chown root:wheel "${uninstallerScriptPath}"
	#!/bin/zsh
	organizationIdentifier=XXXX
	installerBaseString=${organizationIdentifier}.firstBoot
	tempUtilitiesPath=/var/tmp
	installerScriptName=${installerBaseString}-installer.zsh
	uninstallerScriptName=${installerBaseString}-cleanup.zsh
	launchDaemonName=${installerBaseString}.plist
	launchDaemonPath="/Library/LaunchDaemons"/${launchDaemonName}
	installerScriptPath=${tempUtilitiesPath}/${installerScriptName}
	uninstallerScriptPath=${tempUtilitiesPath}/${uninstallerScriptName}

	echo "Creating ${installerScriptPath}."
	(
	cat <<ENDOFINSTALLERSCRIPT
	#!/bin/zsh
	while true; do
	# Check if current user is root, admin, or otheradmin (change these as needed or remove). Also make sure it is not _mbsetupuser
	loggedInUser=\$( scutil <<< "show State:/Users/ConsoleUser" \| awk '/Name :/ && ! /loginwindow/ { print \$3 }' )
	if [[ \${loggedInUser} == "root" \|\| \${loggedInUser} == "admin" \|\| \${loggedInUser} == "otheradmin" \|\| \${loggedInUser} == "_mbsetupuser" \|\| \${loggedInUser} == "" \|\| \${loggedInUser} == "." ]]; then
	echo "Cannot run script as \${loggedInUser}. Waiting for 10 seconds."
	sleep 10
	else
	sleep 5
	echo "Running script as \${loggedInUser}"
	# Set up Dock
	/usr/local/bin/jamf policy -event "setUpDock" &&
	# Set VPN URL
	/usr/local/bin/jamf policy -event "setVPNURL" &&
	# Set Wallpaper
	/usr/local/bin/jamf policy -event "setWallpaper" &&
	# Set User Permissions for Printer, Network and Date & Time
	/usr/local/bin/jamf policy -event "SetUserPermissions" &&
	# Set Correct Username
	/usr/local/bin/jamf policy -event "updateUsername" &&
	# Set FV2 Keyboard Correctly
	/usr/local/bin/jamf policy -event "fixKeyboardLayout" &&
	# Sets the device enrollment complete
	/usr/local/bin/jamf policy -event "SetDeviceEnrollmentCompleted" &&
	# Open Self Service
	sudo -u $loggedInUser open "jamfselfservice://" &&
	# Run a Recon
	/usr/local/bin/jamf recon
	# Open OneDrive, this makes it autostart each login
	open -a OneDrive
	# Clean up set up
	#rm /var/tmp/notifyJamf.sh

	# Exit the loop and the script
	break
	fi
	done
	ENDOFINSTALLERSCRIPT
	) > "${installerScriptPath}"

	echo "Setting permissions for ${installerScriptPath}."
	chmod 700 "${installerScriptPath}"
	chown root:wheel "${installerScriptPath}"


	echo "Creating ${launchDaemonPath}."
	(
	cat <<ENDOFLAUNCHDAEMON
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>Label</key>
	<string>${launchDaemonName}</string>
	<key>RunAtLoad</key>
	<true/>
	<key>UserName</key>
	<string>root</string>
	<key>ProgramArguments</key>
	<array>
	<string>/bin/zsh</string>
	<string>${installerScriptPath}</string>
	</array>
	<key>StandardErrorPath</key>
	<string>/var/tmp/${installerScriptName}.err</string>
	<key>StandardOutPath</key>
	<string>/var/tmp/${installerScriptName}.out</string>
	</dict>
	</plist>

	ENDOFLAUNCHDAEMON
	) > "${launchDaemonPath}"

	echo "Setting permissions for ${launchDaemonPath}."
	chmod 644 "${launchDaemonPath}"
	chown root:wheel "${launchDaemonPath}"

	echo "Loading ${launchDaemonName}."
	launchctl load "${launchDaemonPath}"

	echo "Creating ${uninstallerScriptPath}."
	(
	cat <<ENDOFUNINSTALLERSCRIPT
	#!/bin/zsh
	# This is meant to be called by a Jamf Pro policy via trigger
	# Near the end of your setup for your mac script

	rm ${installerScriptPath}

	# Note that if you unload the LaunchDaemon this will immediately kill the setup your mac script script
	# Just remove the underlying plist file, and the LaunchDaemon will not run after next reboot/login.

	rm ${launchDaemonPath}
	rm ${uninstallerScriptName}
	rm /var/tmp/${installerScriptName}.err
	rm /var/tmp/${installerScriptName}.out

	ENDOFUNINSTALLERSCRIPT
	) > "${uninstallerScriptPath}"

	echo "Setting permissions for ${uninstallerScriptPath}."
	chmod 700 "${uninstallerScriptPath}"
	chown root:wheel "${uninstallerScriptPath}"