Skip to content

Instantly share code, notes, and snippets.

Matthew Warren haircut

Block or report user

Report or block haircut

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View Self-Service-Reset-Privacy-Consent.py
@haircut
haircut / TCC-Testing-Privacy-Policy.mobileconfig
Created Aug 23, 2018
Largely disable consent prompts in a Jamf environment.
View TCC-Testing-Privacy-Policy.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>Services</key>
<dict>
<key>Accessibility</key>
@haircut
haircut / Defer-Software-Updates.mobileconfig
Last active Aug 17, 2018
Manage ONLY Software Update Deferral delay
View Defer-Software-Updates.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
@haircut
haircut / tcc-reset.py
Last active Nov 17, 2019
Completely reset TCC services database in macOS
View tcc-reset.py
#!/usr/bin/python
"""
Completely reset TCC services database in macOS
Note: Both the system and individual users have TCC databases; run the script as both
a user and as root to completely reset TCC decisions at all levels.
2018-08-15: Resetting the 'Location' service fails; unknown cause
2018-08-16: Confirmed the 'All' service does not really reset _all_
services, so individual calls to each service is necessary.
@haircut
haircut / forget-saved-ssids.py
Last active Sep 24, 2018
Forget all saved SSIDs with whitelisting
View forget-saved-ssids.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
'''
Forget saved SSIDs with whitelisting
This script removes ALL saved SSIDs on a Mac except for those configured in a
whitelist – see SSID_WHITELIST variable below.
Thanks to @sepiemoini for suggestion of "MERGE_CURRENT_SSID" behavior
@haircut
haircut / modify-system-preferences-authorizations.py
Last active Nov 22, 2018
Backs up authdb, then modifies them so users can modify Energy Saver, Network, Printers & Scanners, Date & Time, Time Machine
View modify-system-preferences-authorizations.py
#!/usr/bin/python
'''
Modifies authorizations database to allow standard users to change select
system preferences.
A great guide to available authorization rights can be found at:
https://www.dssw.co.uk/reference/authorization-rights/index.html
USE AT YOUR OWN RISK
'''
View rename-computer.py
#!/usr/bin/python
'''
Rename computer from remote CSV using Jamf binary
Pass in the URL to your remote CSV file using script parameter 4
The remote CSV could live on a web server you control, OR be a Google Sheet
specified in the following format:
https://docs.google.com/spreadsheets/u/0/d/<document ID>/export?format=csv&id=<document ID>&gid=0
@haircut
haircut / bash-multiple-jamf-policies.sh
Last active Dec 29, 2018
Running multiple Jamf policies in bash or python; minimal examples
View bash-multiple-jamf-policies.sh
#!/bin/bash
# Policy IDs or custom trigger names
# Bash arrays are specified like the provided example; surround custom triggers with
# quotes, and leave policy ids as "bare" integers
POLICIES=( "custom" "triggers" 523 32 )
for i in "${POLICIES[@]}"; do
# test if array element is an integer, ie. a policy id
if [ "$i" -eq "$i" ] 2>/dev/null
@haircut
haircut / opendirectoryd_version.py
Created Nov 30, 2017
Check the project build version of opendirectoryd to confirm Security Update 2017-001 is installed
View opendirectoryd_version.py
import subprocess
factoid = 'opendirectoryd_version'
def fact():
'''
Returns the "project version" number used to build opendirectoryd
per https://support.apple.com/en-gb/HT208315 to check that
"Security Update 2017-001" is installed
'''
View secure-root-high-sierra.sh
#!/bin/bash
# modified from original by Rich Trouton
# https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/block_root_account_login
ERROR=0
# Set root password to some uuid, eg. 1730DFA3-C59B-447C-BAE8-3C3F052862A4
rootpassword=$(uuidgen)
You can’t perform that action at this time.