- Save a plaintext
filename.mobileconfigfile that enforces your desired settings - Create a self-signed certificate using Keychain Access
- Certificate Type:
Code Signing
- Certificate Type:
- Sign the plaintext
filename.mobileconfigasfilename-signed.mobileconfig/usr/bin/security cms -S -N "<Code Signing Certificate Name Here>" -i "filename.mobileconfig" -o "filename-signed.mobileconfig"
- Click the
Uploadbutton on your JSS Configuration Prifiles Page to upload your signedfilename-signed.mobileconfig - Jamf states the uploaded configuration profile is in read-only mode, because it is signed
- Use Jamf to scope the configuration profile to your desired Macs
Lucas Cantor lucascantor
lucascantor
/ enableRemoteManagement.sh
Last active
February 10, 2018 18:29
Apple Remote Desktop can be enabled and configured via the command line
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # e.g., Grant all remote control privileges to user johnsmith: | |
| /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users johnsmith -privs -all -restart -agent -menu | |
| # e.g., Revoke all remote control privileges for all users, to clear unwanted settings: | |
| /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -off | |
| # e.g., Grant ability to request screen sharing only, with explicit confirmation from the current user: | |
| /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers -clientopts -setreqperm -reqperm yes -setvnclegacy -vnclegacy no -setmenuextra -menuextra no |
lucascantor
/ resetMacintoshHD.sh
Last active
February 10, 2018 18:26
Overwrite the macOS disk partition table and re-partition over encrypted data without causing excessive wear by explicitly erasing the full SSD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Replace N in diskN with the disk number of your choice | |
| # Use "diskutil list" to confirm, and ALWAYS back up your data | |
| dd if=/dev/zero of=/dev/diskN bs=512 count=1 | |
| diskutil partitionDisk /dev/diskN 1 GPT APFS "Macintosh HD" 100% |
lucascantor
/ signMobileconfigFiles.md
Last active
February 10, 2018 18:19
Sign configuration profiles to prevent Jamf from modifying them, ensuring only your explicitly configured settings are applied.
lucascantor
/ resetPrintingSystem.sh
Created
January 27, 2018 08:09
Reset printing system to factory defaults
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Stop CUPS | |
| launchctl stop org.cups.cupsd | |
| # Backup the InstalledPrinters plist | |
| if [ -e "/Library/Printers/InstalledPrinters.plist" ] | |
| then | |
| mv /Library/Printers/InstalledPrinters.plist /Library/Printers/InstalledPrinters.plist.bak | |
| fi |
lucascantor
/ resetNetworkConfig.sh
Created
January 27, 2018 08:06
Remove network config files to reset to factory defaults
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| to_remove=( | |
| "/Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist" | |
| "/Library/Preferences/SystemConfiguration/com.apple.network.identification.plist" | |
| "/Library/Preferences/SystemConfiguration/com.apple.wifi.message-tracer.plist" | |
| "/Library/Preferences/SystemConfiguration/NetworkInterfaces.plist" | |
| "/Library/Preferences/SystemConfiguration/preferences.plist" | |
| ) |
lucascantor
/ removeFlashPlayer.sh
Created
January 27, 2018 08:06
Remove standalone Adobe Flash installation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| to_remove=( | |
| "/Applications/Utilities/Adobe Flash Player Install Manager.app" | |
| "/Library/Internet Plug-Ins/Flash Player.plugin" | |
| "/Library/Internet Plug-Ins/flashplayer.xpt" | |
| "/Library/PreferencePanes/Flash Player.prefPane" | |
| "/Library/Receipts/Adobe Flash Player.pkg" | |
| ) |
lucascantor
/ prohibitPasswordAuthPerUser.sh
Created
January 27, 2018 08:05
Append rules to to sshd_config to prohibit password ssh auth for a specific user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo -e "\n# Prohibit password authentication for administrator user\nMatch User <username>\n\tKbdInteractiveAuthentication no\n\tPasswordAuthentication no" >> /etc/ssh/sshd_config |
lucascantor
/ preferredWifiNetworks.sh
Created
January 27, 2018 08:03
Return a list of preferred wifi network SSIDs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| networksetup -listpreferredwirelessnetworks `networksetup -listallhardwareports | awk '/Wi-Fi|AirPort/{getline; print $NF}'` | sed 's/^ //g' |
lucascantor
/ lastBoot.sh
Created
January 27, 2018 08:00
Returns date and time of last boot for in YYYY-MM-DD HH:MM:SS format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| date -jf "%s" "$(sysctl kern.boottime | awk -F'[= |,]' '{print $6}')" +"%Y-%m-%d %T" |
lucascantor
/ forgetWifiNetwork.sh
Last active
January 27, 2018 07:58
Remove a specific wifi network SSID from the list of remembered wifi networks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| for interface in $(networksetup -listnetworkserviceorder | grep Hardware | awk '/Wi-Fi/ { print $NF }' | awk -F ")" '{ print $1 }') | |
| do | |
| echo "Forgetting non-preferred SSID for $interface" | |
| networksetup -removepreferredwirelessnetwork $interface <SSID to forget> | |
| done | |
| exit 0 |