Skip to content

Instantly share code, notes, and snippets.

Matthew Warren haircut

Block or report user

Report or block haircut

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@haircut
haircut / audit-logins.py
Last active Nov 26, 2017
Auditing login events on macOS
View audit-logins.py
#!/usr/bin/python
@haircut
haircut / EnableFirewall.mobileconfig
Last active Apr 15, 2018
Enable and manage the macOS firewall with a Configuration Profile. NB: See comments for important info!
View EnableFirewall.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>Applications</key>
<array>
<dict>
@haircut
haircut / getusers.py
Last active Nov 7, 2017
get a list of all non-system users on a Mac in Python
View getusers.py
def getusers():
'''get all non-system users on this Mac'''
cmd = ['dscl', '.', '-list', '/Users']
proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, _ = proc.communicate()
userlist = out.splitlines()
users = []
filter_out = ['daemon', 'root', 'nobody']
for user in userlist:
if not user.startswith('_') and not user in filter_out:
@haircut
haircut / README.md
Last active Jan 23, 2019
NoMAD control scripts
View README.md

NoMAD control scripts

  • nomad-add-launchagent.py: creates the NoMAD LaunchAgent
  • nomad-load-launchagent.py: loads an existing NoMAD LaunchAgent
  • nomad-pre-update.py: unloads NoMAD LaunchAgent and quits NoMAD prior to installing an updated version

These scripts are designed to be used in Jamf Pro policies. I've separated the functionality for different use cases and flexibility. The ...add... and ...load... file naming convention ensures the scripts will run in the correct order since Jamf Pro runs scripts alphabetically.

@haircut
haircut / System - Software Updates.mobileconfig
Created Oct 10, 2017
Manage macOS Software Update settings via configuration profile (Jamf Pro)
View System - Software Updates.mobileconfig
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.apple.SoftwareUpdate</key>
@haircut
haircut / README.md
Last active Sep 4, 2019
How to manage ONLY FDE Recovery Key Escrow in Jamf Pro 9.101+
View README.md

How to manage ONLY FDE Recovery Key Escrow in Jamf Pro 9.101+

The Jamf Pro GUI allows you to automatically set up the necessary payloads to manage the FDE Recovery Key Escrow process for macOS 10.13+.

However, the settings reside in the "Security & Privacy" grouping within the Jamf Pro GUI, forcing you to manage settings other than those related to recovery key escrow. You may inadvertently lock your users out of being able to make changes to the firewall, analytics settings, screen saver password requirement, etc.

You can upload a custom profile to the Jamf Pro Server that manages only FDE Recover Key Escrow preferences, but it takes a little work.

You'll also need to sign your resultant configuration profile to prevent the Jamf Pro Server from manipulating its contents or preventing deployment. You can use an Apple Developer certificate, or your Jamf Pro Server's CA (if self signed).

@haircut
haircut / Install PIP to user site on macOS.md
Created Aug 29, 2017
How to install and use pip without sudo or admin on macOS
View Install PIP to user site on macOS.md

Install and use pip on macOS without sudo / admin access

Most recently tested on macOS Sierra (10.12.6)

  1. Download the installation script; curl https://bootstrap.pypa.io/get-pip.py -o ~/Downloads/get-pip.py
  2. Run the installation, appending the --user flag; python ~/Downloads/get-pip.py --user. pip will be installed to ~/Library/Python/2.7/bin/pip
  3. Make sure ~/Library/Python/2.7/bin is in your $PATH. For bash users, edit the PATH= line in ~/.bashrc to append the local Python path; ie. PATH=$PATH:~/Library/Python/2.7/bin. Apply the changes, source ~/.bashrc.
  4. Use pip! Remember to append --user when installing modules; ie. pip install <package_name> --user

Note

@haircut
haircut / collect-info.py
Last active Feb 16, 2018
Spiffy GUI for Jamf Pro workflows
View collect-info.py
#!/usr/bin/python
"""
Collect Info
To be used in a Jamf Pro workflow to prompt a user/tech for info
Heavily cribbed from Jamf's iPhone ordering script:
https://github.com/jamfit/iPhone-Ordering
"""
@haircut
haircut / jamf-pro-script-environment.py
Last active Jun 27, 2017
Determine the Execution Environment of a Jamf Pro script
View jamf-pro-script-environment.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Jamf Pro - Determine Execution Environment
"""
import os
def is_running_directly():
"""
View execute-as-user-example.py
#!/usr/bin/python
import os
import pwd
from Foundation import CFPreferencesAppSynchronize
from Foundation import CFPreferencesSetValue
from Foundation import kCFPreferencesCurrentUser
from Foundation import kCFPreferencesCurrentHost
You can’t perform that action at this time.