Skip to content

Instantly share code, notes, and snippets.

Avatar

Matthew Warren haircut

View GitHub Profile
@haircut
haircut / System - Software Updates.mobileconfig
Created Oct 10, 2017
Manage macOS Software Update settings via configuration profile (Jamf Pro)
View System - Software Updates.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.apple.SoftwareUpdate</key>
@haircut
haircut / README.md
Last active Feb 20, 2020
How to manage ONLY FDE Recovery Key Escrow in Jamf Pro 9.101+
View README.md

How to manage ONLY FDE Recovery Key Escrow in Jamf Pro 9.101+

The Jamf Pro GUI allows you to automatically set up the necessary payloads to manage the FDE Recovery Key Escrow process for macOS 10.13+.

However, the settings reside in the "Security & Privacy" grouping within the Jamf Pro GUI, forcing you to manage settings other than those related to recovery key escrow. You may inadvertently lock your users out of being able to make changes to the firewall, analytics settings, screen saver password requirement, etc.

You can upload a custom profile to the Jamf Pro Server that manages only FDE Recover Key Escrow preferences, but it takes a little work.

You'll also need to sign your resultant configuration profile to prevent the Jamf Pro Server from manipulating its contents or preventing deployment. You can use an Apple Developer certificate, or your Jamf Pro Server's CA (if self signed).

View AdwareMedic-Supplement.adf
<AdwareDefinition>
<Version>1.0</Version>
<DefinitionAuthor>Matthew Warren</DefinitionAuthor>
<DefinitionSource>http://www.adwaremedic.com/signatures.xml</DefinitionSource>
<!-- Supplemental ADF based on AdwareMedic Signatures. Should be used as
a complement to the default HT-203987 definitions
-->
<Adware>
<AdwareName>FkCodec</AdwareName>
<!-- Does not remove related browser extensions -->
@haircut
haircut / TCC-Testing-Privacy-Policy.mobileconfig
Created Aug 23, 2018
Largely disable consent prompts in a Jamf environment.
View TCC-Testing-Privacy-Policy.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>Services</key>
<dict>
<key>Accessibility</key>
View close-app-before-update.sh
#!/bin/bash
#
# Script: Safely Close Application
#
# Description:
# Safely closes and application after alerting user and prompting to save
# any unsaved documents (if applicable).
#
# Parameters:
# - app_name: Name of the application
@haircut
haircut / Quit-All-Apps-With-Whitelist.sh
Created Feb 8, 2017
Closes all running apps, excluding those found in a customizable whitelist
View Quit-All-Apps-With-Whitelist.sh
#!/bin/sh
# Quit apps command
read -r -d '' OSASCRIPT_COMMAND <<EOD
set white_list to {"Finder"}
tell application "Finder"
set process_list to the name of every process whose visible is true
end tell
repeat with i from 1 to (number of items in process_list)
set this_process to item i of the process_list
@haircut
haircut / forget-saved-ssids.py
Last active Sep 24, 2018
Forget all saved SSIDs with whitelisting
View forget-saved-ssids.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
'''
Forget saved SSIDs with whitelisting
This script removes ALL saved SSIDs on a Mac except for those configured in a
whitelistsee SSID_WHITELIST variable below.
Thanks to @sepiemoini for suggestion of "MERGE_CURRENT_SSID" behavior
@haircut
haircut / Defer-Software-Updates.mobileconfig
Last active Aug 17, 2018
Manage ONLY Software Update Deferral delay
View Defer-Software-Updates.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
@haircut
haircut / run_jamf_policy.py
Last active Jul 31, 2018
Utility function to run a Jamf Pro policy
View run_jamf_policy.py
# encoding: utf-8
import subprocess
def run_jamf_policy(p):
"""Runs a jamf policy by id or event name"""
cmd = ['/usr/local/bin/jamf', 'policy']
if isinstance(p, basestring):
@haircut
haircut / com.apple.Safari.plist
Last active Feb 7, 2018
Disables adding common "Internet Accounts", disables auto-open of "Safe" downloads, disables all form autofill
View com.apple.Safari.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AutoOpenSafeDownloads</key>
<false/>
<key>DomainsToNeverSetUp</key>
<array>
<string>aol.com</string>
<string>facebook.com</string>