haircut’s gists

## Self-Service-Reset-Privacy-Consent.py
#!/usr/bin/python
"""
Reset User-level Privacy Policy Controls via Jamf Self Service

    Pass script Parameter 4 as "all" to reset privacy controls for all users on
    the system. This parameter is optional.

https://www.macblog.org/post/reset-tcc-privacy/
https://github.com/haircut
"""

## TCC-Testing-Privacy-Policy.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>Services</key>
            <dict>
                <key>Accessibility</key>

## Defer-Software-Updates.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDescription</key>
			<string></string>
			<key>PayloadDisplayName</key>

## tcc-reset.py
#!/usr/bin/python
"""
Completely reset TCC services database in macOS 10.14b7

2018-08-15: Resetting the 'Location' service fails; unknown cause
2018-08-16: Confirmed the 'All' service does not really reset _all_
            services, so individual calls to each service is necessary.
"""

import subprocess

## forget-saved-ssids.py
#!/usr/bin/python
# -*- coding: utf-8 -*-

'''
Forget saved SSIDs with whitelisting

This script removes ALL saved SSIDs on a Mac except for those configured in a
whitelist – see SSID_WHITELIST variable below.

Thanks to @sepiemoini for suggestion of "MERGE_CURRENT_SSID" behavior

## modify-system-preferences-authorizations.py
#!/usr/bin/python
'''
Modifies authorizations database to allow standard users to change select
system preferences.

A great guide to available authorization rights can be found at:
https://www.dssw.co.uk/reference/authorization-rights/index.html

USE AT YOUR OWN RISK
'''

## rename-computer.py
#!/usr/bin/python
'''
Rename computer from remote CSV using Jamf binary

Pass in the URL to your remote CSV file using script parameter 4

The remote CSV could live on a web server you control, OR be a Google Sheet
specified in the following format:

https://docs.google.com/spreadsheets/u/0/d/<document ID>/export?format=csv&id=<document ID>&gid=0

## bash-multiple-jamf-policies.sh
#!/bin/bash

# Policy IDs or custom trigger names
# Bash arrays are specified like the provided example; surround custom triggers with
# quotes, and leave policy ids as "bare" integers
POLICIES=( "custom" "triggers" 523 32 )

for i in "${POLICIES[@]}"; do
	# test if array element is an integer, ie. a policy id
	if [ "$i" -eq "$i" ] 2>/dev/null

## opendirectoryd_version.py
import subprocess

factoid = 'opendirectoryd_version'

def fact():
    '''
    Returns the "project version" number used to build opendirectoryd
    per https://support.apple.com/en-gb/HT208315 to check that
    "Security Update 2017-001" is installed
    '''

## secure-root-high-sierra.sh
#!/bin/bash

# modified from original by Rich Trouton
# https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/block_root_account_login

ERROR=0

# Set root password to some uuid, eg. 1730DFA3-C59B-447C-BAE8-3C3F052862A4

rootpassword=$(uuidgen)