Skip to content

Instantly share code, notes, and snippets.

Avatar

Matthew Warren haircut

View GitHub Profile
View Self-Service-Reset-Privacy-Consent.py
@haircut
haircut / tcc-reset.py
Last active May 17, 2021
Completely reset TCC services database in macOS
View tcc-reset.py
#!/usr/bin/python
"""
Completely reset TCC services database in macOS
Note: Both the system and individual users have TCC databases; run the script as both
a user and as root to completely reset TCC decisions at all levels.
2018-08-15: Resetting the 'Location' service fails; unknown cause
2018-08-16: Confirmed the 'All' service does not really reset _all_
services, so individual calls to each service is necessary.
@haircut
haircut / Install PIP to user site on macOS.md
Created Aug 29, 2017
How to install and use pip without sudo or admin on macOS
View Install PIP to user site on macOS.md

Install and use pip on macOS without sudo / admin access

Most recently tested on macOS Sierra (10.12.6)

  1. Download the installation script; curl https://bootstrap.pypa.io/get-pip.py -o ~/Downloads/get-pip.py
  2. Run the installation, appending the --user flag; python ~/Downloads/get-pip.py --user. pip will be installed to ~/Library/Python/2.7/bin/pip
  3. Make sure ~/Library/Python/2.7/bin is in your $PATH. For bash users, edit the PATH= line in ~/.bashrc to append the local Python path; ie. PATH=$PATH:~/Library/Python/2.7/bin. Apply the changes, source ~/.bashrc.
  4. Use pip! Remember to append --user when installing modules; ie. pip install <package_name> --user

Note

View rename-computer.py
#!/usr/bin/python
'''
Rename computer from remote CSV using Jamf binary
Pass in the URL to your remote CSV file using script parameter 4
The remote CSV could live on a web server you control, OR be a Google Sheet
specified in the following format:
https://docs.google.com/spreadsheets/u/0/d/<document ID>/export?format=csv&id=<document ID>&gid=0
@haircut
haircut / bash-multiple-jamf-policies.sh
Last active Dec 28, 2020
Running multiple Jamf policies in bash or python; minimal examples
View bash-multiple-jamf-policies.sh
#!/bin/bash
# Policy IDs or custom trigger names
# Bash arrays are specified like the provided example; surround custom triggers with
# quotes, and leave policy ids as "bare" integers
POLICIES=( "custom" "triggers" 523 32 )
for i in "${POLICIES[@]}"; do
# test if array element is an integer, ie. a policy id
if [ "$i" -eq "$i" ] 2>/dev/null
@haircut
haircut / EnableFirewall.mobileconfig
Last active Oct 26, 2020
Enable and manage the macOS firewall with a Configuration Profile. NB: See comments for important info!
View EnableFirewall.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>Applications</key>
<array>
<dict>
@haircut
haircut / README.md
Last active Sep 30, 2020
NoMAD control scripts
View README.md

NoMAD control scripts

  • nomad-add-launchagent.py: creates the NoMAD LaunchAgent
  • nomad-load-launchagent.py: loads an existing NoMAD LaunchAgent
  • nomad-pre-update.py: unloads NoMAD LaunchAgent and quits NoMAD prior to installing an updated version

These scripts are designed to be used in Jamf Pro policies. I've separated the functionality for different use cases and flexibility. The ...add... and ...load... file naming convention ensures the scripts will run in the correct order since Jamf Pro runs scripts alphabetically.

@haircut
haircut / System - Software Updates.mobileconfig
Created Oct 10, 2017
Manage macOS Software Update settings via configuration profile (Jamf Pro)
View System - Software Updates.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.apple.SoftwareUpdate</key>
@haircut
haircut / README.md
Last active Feb 20, 2020
How to manage ONLY FDE Recovery Key Escrow in Jamf Pro 9.101+
View README.md

How to manage ONLY FDE Recovery Key Escrow in Jamf Pro 9.101+

The Jamf Pro GUI allows you to automatically set up the necessary payloads to manage the FDE Recovery Key Escrow process for macOS 10.13+.

However, the settings reside in the "Security & Privacy" grouping within the Jamf Pro GUI, forcing you to manage settings other than those related to recovery key escrow. You may inadvertently lock your users out of being able to make changes to the firewall, analytics settings, screen saver password requirement, etc.

You can upload a custom profile to the Jamf Pro Server that manages only FDE Recover Key Escrow preferences, but it takes a little work.

You'll also need to sign your resultant configuration profile to prevent the Jamf Pro Server from manipulating its contents or preventing deployment. You can use an Apple Developer certificate, or your Jamf Pro Server's CA (if self signed).

View AdwareMedic-Supplement.adf
<AdwareDefinition>
<Version>1.0</Version>
<DefinitionAuthor>Matthew Warren</DefinitionAuthor>
<DefinitionSource>http://www.adwaremedic.com/signatures.xml</DefinitionSource>
<!-- Supplemental ADF based on AdwareMedic Signatures. Should be used as
a complement to the default HT-203987 definitions
-->
<Adware>
<AdwareName>FkCodec</AdwareName>
<!-- Does not remove related browser extensions -->