Skip to content

Instantly share code, notes, and snippets.

Matthew Warren haircut

Block or report user

Report or block haircut

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@haircut
haircut / tcc-reset.py
Last active Nov 17, 2019
Completely reset TCC services database in macOS
View tcc-reset.py
#!/usr/bin/python
"""
Completely reset TCC services database in macOS
Note: Both the system and individual users have TCC databases; run the script as both
a user and as root to completely reset TCC decisions at all levels.
2018-08-15: Resetting the 'Location' service fails; unknown cause
2018-08-16: Confirmed the 'All' service does not really reset _all_
services, so individual calls to each service is necessary.
@haircut
haircut / Install PIP to user site on macOS.md
Created Aug 29, 2017
How to install and use pip without sudo or admin on macOS
View Install PIP to user site on macOS.md

Install and use pip on macOS without sudo / admin access

Most recently tested on macOS Sierra (10.12.6)

  1. Download the installation script; curl https://bootstrap.pypa.io/get-pip.py -o ~/Downloads/get-pip.py
  2. Run the installation, appending the --user flag; python ~/Downloads/get-pip.py --user. pip will be installed to ~/Library/Python/2.7/bin/pip
  3. Make sure ~/Library/Python/2.7/bin is in your $PATH. For bash users, edit the PATH= line in ~/.bashrc to append the local Python path; ie. PATH=$PATH:~/Library/Python/2.7/bin. Apply the changes, source ~/.bashrc.
  4. Use pip! Remember to append --user when installing modules; ie. pip install <package_name> --user

Note

View rename-computer.py
#!/usr/bin/python
'''
Rename computer from remote CSV using Jamf binary
Pass in the URL to your remote CSV file using script parameter 4
The remote CSV could live on a web server you control, OR be a Google Sheet
specified in the following format:
https://docs.google.com/spreadsheets/u/0/d/<document ID>/export?format=csv&id=<document ID>&gid=0
View AdwareMedic-Supplement.adf
<AdwareDefinition>
<Version>1.0</Version>
<DefinitionAuthor>Matthew Warren</DefinitionAuthor>
<DefinitionSource>http://www.adwaremedic.com/signatures.xml</DefinitionSource>
<!-- Supplemental ADF based on AdwareMedic Signatures. Should be used as
a complement to the default HT-203987 definitions
-->
<Adware>
<AdwareName>FkCodec</AdwareName>
<!-- Does not remove related browser extensions -->
@haircut
haircut / README.md
Last active Sep 4, 2019
How to manage ONLY FDE Recovery Key Escrow in Jamf Pro 9.101+
View README.md

How to manage ONLY FDE Recovery Key Escrow in Jamf Pro 9.101+

The Jamf Pro GUI allows you to automatically set up the necessary payloads to manage the FDE Recovery Key Escrow process for macOS 10.13+.

However, the settings reside in the "Security & Privacy" grouping within the Jamf Pro GUI, forcing you to manage settings other than those related to recovery key escrow. You may inadvertently lock your users out of being able to make changes to the firewall, analytics settings, screen saver password requirement, etc.

You can upload a custom profile to the Jamf Pro Server that manages only FDE Recover Key Escrow preferences, but it takes a little work.

You'll also need to sign your resultant configuration profile to prevent the Jamf Pro Server from manipulating its contents or preventing deployment. You can use an Apple Developer certificate, or your Jamf Pro Server's CA (if self signed).

@haircut
haircut / TCC-Testing-Privacy-Policy.mobileconfig
Created Aug 23, 2018
Largely disable consent prompts in a Jamf environment.
View TCC-Testing-Privacy-Policy.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>Services</key>
<dict>
<key>Accessibility</key>
View close-app-before-update.sh
#!/bin/bash
#
# Script: Safely Close Application
#
# Description:
# Safely closes and application after alerting user and prompting to save
# any unsaved documents (if applicable).
#
# Parameters:
# - app_name: Name of the application
@haircut
haircut / System - Software Updates.mobileconfig
Created Oct 10, 2017
Manage macOS Software Update settings via configuration profile (Jamf Pro)
View System - Software Updates.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.apple.SoftwareUpdate</key>
View SetRemoteManagement.sh
#!/bin/bash
LOCALADMIN="username"
kickstart=/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart
echo "Configuring Remote Management"
if id -u $LOCALADMIN >/dev/null 2>&1; then
echo "Defined local admin account exists"
# Deactivate ARD agent, deny all access
echo "Deactivating ARD agent"
View Self-Service-Reset-Privacy-Consent.py
You can’t perform that action at this time.