haircut

import subprocess

factoid = 'opendirectoryd_version'

def fact():
    '''
    Returns the "project version" number used to build opendirectoryd
    per https://support.apple.com/en-gb/HT208315 to check that
    "Security Update 2017-001" is installed
    '''

haircut

#!/bin/bash

# modified from original by Rich Trouton 
# https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/block_root_account_login

ERROR=0

# Set root password to some uuid, eg. 1730DFA3-C59B-447C-BAE8-3C3F052862A4

rootpassword=$(uuidgen)

haircut

#!/usr/bin/python

haircut

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>Applications</key>
			<array>
				<dict>

haircut

def getusers():
    '''get all non-system users on this Mac'''
    cmd = ['dscl', '.', '-list', '/Users']
    proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    out, _ = proc.communicate()
    userlist = out.splitlines()
    users = []
    filter_out = ['daemon', 'root', 'nobody']
    for user in userlist:
        if not user.startswith('_') and not user in filter_out:

haircut

NoMAD control scripts

• nomad-add-launchagent.py: creates the NoMAD LaunchAgent
• nomad-load-launchagent.py: loads an existing NoMAD LaunchAgent
• nomad-pre-update.py: unloads NoMAD LaunchAgent and quits NoMAD prior to installing an updated version

These scripts are designed to be used in Jamf Pro policies. I've separated the functionality for different use cases and flexibility. The ...add... and ...load... file naming convention ensures the scripts will run in the correct order since Jamf Pro runs scripts alphabetically.

haircut

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadContent</key>
			<dict>
				<key>com.apple.SoftwareUpdate</key>

haircut

How to manage ONLY FDE Recovery Key Escrow in Jamf Pro 9.101+

The Jamf Pro GUI allows you to automatically set up the necessary payloads to manage the FDE Recovery Key Escrow process for macOS 10.13+.

However, the settings reside in the "Security & Privacy" grouping within the Jamf Pro GUI, forcing you to manage settings other than those related to recovery key escrow. You may inadvertently lock your users out of being able to make changes to the firewall, analytics settings, screen saver password requirement, etc.

You can upload a custom profile to the Jamf Pro Server that manages only FDE Recover Key Escrow preferences, but it takes a little work.

You'll also need to sign your resultant configuration profile to prevent the Jamf Pro Server from manipulating its contents or preventing deployment. You can use an Apple Developer certificate, or your Jamf Pro Server's CA (if self signed).

haircut

Install and use pip on macOS without sudo / admin access

Most recently tested on macOS Sierra (10.12.6)

1. Download the installation script; curl https://bootstrap.pypa.io/get-pip.py -o ~/Downloads/get-pip.py
2. Run the installation, appending the --user flag; python ~/Downloads/get-pip.py --user. pip will be installed to ~/Library/Python/2.7/bin/pip
3. Make sure ~/Library/Python/2.7/bin is in your $PATH. For bash users, edit the PATH= line in ~/.bashrc to append the local Python path; ie. PATH=$PATH:~/Library/Python/2.7/bin. Apply the changes, source ~/.bashrc.
4. Use pip! Remember to append --user when installing modules; ie. pip install <package_name> --user

Note

haircut

#!/usr/bin/python
"""
Collect Info

To be used in a Jamf Pro workflow to prompt a user/tech for info

Heavily cribbed from Jamf's iPhone ordering script:
https://github.com/jamfit/iPhone-Ordering
"""