- Save a plaintext
filename.mobileconfig
file that enforces your desired settings - Create a self-signed certificate using Keychain Access
- Certificate Type:
Code Signing
- Certificate Type:
- Sign the plaintext
filename.mobileconfig
asfilename-signed.mobileconfig
/usr/bin/security cms -S -N "<Code Signing Certificate Name Here>" -i "filename.mobileconfig" -o "filename-signed.mobileconfig"
- Click the
Upload
button on your JSS Configuration Prifiles Page to upload your signedfilename-signed.mobileconfig
- Jamf states the uploaded configuration profile is in read-only mode, because it is signed
- Use Jamf to scope the configuration profile to your desired Macs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# e.g., Grant all remote control privileges to user johnsmith: | |
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users johnsmith -privs -all -restart -agent -menu | |
# e.g., Revoke all remote control privileges for all users, to clear unwanted settings: | |
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -off | |
# e.g., Grant ability to request screen sharing only, with explicit confirmation from the current user: | |
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers -clientopts -setreqperm -reqperm yes -setvnclegacy -vnclegacy no -setmenuextra -menuextra no |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Replace N in diskN with the disk number of your choice | |
# Use "diskutil list" to confirm, and ALWAYS back up your data | |
dd if=/dev/zero of=/dev/diskN bs=512 count=1 | |
diskutil partitionDisk /dev/diskN 1 GPT APFS "Macintosh HD" 100% |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Stop CUPS | |
launchctl stop org.cups.cupsd | |
# Backup the InstalledPrinters plist | |
if [ -e "/Library/Printers/InstalledPrinters.plist" ] | |
then | |
mv /Library/Printers/InstalledPrinters.plist /Library/Printers/InstalledPrinters.plist.bak | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
to_remove=( | |
"/Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist" | |
"/Library/Preferences/SystemConfiguration/com.apple.network.identification.plist" | |
"/Library/Preferences/SystemConfiguration/com.apple.wifi.message-tracer.plist" | |
"/Library/Preferences/SystemConfiguration/NetworkInterfaces.plist" | |
"/Library/Preferences/SystemConfiguration/preferences.plist" | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
to_remove=( | |
"/Applications/Utilities/Adobe Flash Player Install Manager.app" | |
"/Library/Internet Plug-Ins/Flash Player.plugin" | |
"/Library/Internet Plug-Ins/flashplayer.xpt" | |
"/Library/PreferencePanes/Flash Player.prefPane" | |
"/Library/Receipts/Adobe Flash Player.pkg" | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo -e "\n# Prohibit password authentication for administrator user\nMatch User <username>\n\tKbdInteractiveAuthentication no\n\tPasswordAuthentication no" >> /etc/ssh/sshd_config |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
networksetup -listpreferredwirelessnetworks `networksetup -listallhardwareports | awk '/Wi-Fi|AirPort/{getline; print $NF}'` | sed 's/^ //g' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
date -jf "%s" "$(sysctl kern.boottime | awk -F'[= |,]' '{print $6}')" +"%Y-%m-%d %T" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
for interface in $(networksetup -listnetworkserviceorder | grep Hardware | awk '/Wi-Fi/ { print $NF }' | awk -F ")" '{ print $1 }') | |
do | |
echo "Forgetting non-preferred SSID for $interface" | |
networksetup -removepreferredwirelessnetwork $interface <SSID to forget> | |
done | |
exit 0 |