haircut

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>Applications</key>
			<array>
				<dict>

haircut

NoMAD control scripts

• nomad-add-launchagent.py: creates the NoMAD LaunchAgent
• nomad-load-launchagent.py: loads an existing NoMAD LaunchAgent
• nomad-pre-update.py: unloads NoMAD LaunchAgent and quits NoMAD prior to installing an updated version

These scripts are designed to be used in Jamf Pro policies. I've separated the functionality for different use cases and flexibility. The ...add... and ...load... file naming convention ensures the scripts will run in the correct order since Jamf Pro runs scripts alphabetically.

haircut

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadContent</key>
			<dict>
				<key>com.apple.SoftwareUpdate</key>

haircut

How to manage ONLY FDE Recovery Key Escrow in Jamf Pro 9.101+

The Jamf Pro GUI allows you to automatically set up the necessary payloads to manage the FDE Recovery Key Escrow process for macOS 10.13+.

However, the settings reside in the "Security & Privacy" grouping within the Jamf Pro GUI, forcing you to manage settings other than those related to recovery key escrow. You may inadvertently lock your users out of being able to make changes to the firewall, analytics settings, screen saver password requirement, etc.

You can upload a custom profile to the Jamf Pro Server that manages only FDE Recover Key Escrow preferences, but it takes a little work.

You'll also need to sign your resultant configuration profile to prevent the Jamf Pro Server from manipulating its contents or preventing deployment. You can use an Apple Developer certificate, or your Jamf Pro Server's CA (if self signed).

haircut

<AdwareDefinition>
    <Version>1.0</Version>
    <DefinitionAuthor>Matthew Warren</DefinitionAuthor>
    <DefinitionSource>http://www.adwaremedic.com/signatures.xml</DefinitionSource>
    <!-- Supplemental ADF based on AdwareMedic Signatures. Should be used as
    a complement to the default HT-203987 definitions
    -->
    <Adware>
        <AdwareName>FkCodec</AdwareName>
        <!-- Does not remove related browser extensions -->

haircut

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>Services</key>
            <dict>
                <key>Accessibility</key>

haircut

#!/bin/bash
#
# Script: Safely Close Application
#
# Description:
#   Safely closes and application after alerting user and prompting to save
#   any unsaved documents (if applicable).
#
# Parameters:
#   - app_name: Name of the application

haircut

#!/bin/sh

# Quit apps command
read -r -d '' OSASCRIPT_COMMAND <<EOD
set white_list to {"Finder"}
tell application "Finder"
	set process_list to the name of every process whose visible is true
end tell
repeat with i from 1 to (number of items in process_list)
	set this_process to item i of the process_list

haircut

#!/usr/bin/python
# -*- coding: utf-8 -*-

'''
Forget saved SSIDs with whitelisting

This script removes ALL saved SSIDs on a Mac except for those configured in a
whitelist – see SSID_WHITELIST variable below.

Thanks to @sepiemoini for suggestion of "MERGE_CURRENT_SSID" behavior

haircut

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDescription</key>
			<string></string>
			<key>PayloadDisplayName</key>