#!/bin/bash | |
<<ABOUT_THIS_SCRIPT | |
----------------------------------------------------------------------- | |
Written by:William Smith | |
Professional Services Engineer | |
Jamf | |
bill@talkingmoose.net | |
https://gist.github.com/talkingmoose/9faf50deaaefafa9a147e48ba39bb4b0 | |
Reference: https://developer.apple.com/documentation/devicemanagement/notifications/notificationsettingsitem | |
Originally posted: October 5, 2019 | |
Last updated: October 16, 2019 | |
Purpose: Create configuration profiles to manage app notifications. | |
Upload the configuration profile to Jamf Pro or save to your desktop. | |
Instructions: Run the script with help, -h or --usage for help. | |
Except where otherwise noted, this work is licensed under | |
http://creativecommons.org/licenses/by/4.0/ | |
"Fortune makes promises to many, keeps them to none. | |
Live for each day, live for the hours, since nothing is forever yours." | |
----------------------------------------------------------------------- | |
ABOUT_THIS_SCRIPT | |
# Jamf Pro URL and credentials | |
URL="https://jamfproserver.talkingmoose.net:8443" | |
userName="API-Editor" | |
password="P@55w0rd" | |
organizationName="Talking Moose Industries" | |
# -- set some variables for the rest of the script ---------------------------- | |
# regular expression for "help" and "usage" | |
regHelp="^-?-?[Hh]([Ee][Ll][Pp])?|[Uu]([Ss][Aa][Gg][Ee])?$" | |
# regular expressions for "true" and "false" | |
regTrue="^[Tt]([Rr][Uu][Ee])?|[Yy]([Ee][Ss])?$" | |
regFalse="^[Ff]([Aa][Ll][Ss][Ee])?|[Nn]([Oo])?$" | |
# regular expressions for "upload" and "save" | |
regUpload="^[Uu]([Pp][Ll][Oo][Aa][Dd])?$" | |
regSave="^[Ss]([Aa][Vv][Ee])?$" | |
regBoth="^[Bb]([Oo][Tt][Hh])?$" | |
# regular expressions for "none", "banners" and "alerts" | |
regNone="^[Nn]([Oo][Nn][Ee])?$" | |
regBanners="^[Bb]([Aa][Nn][Nn][Ee][Rr][Ss])?$" | |
regAlerts="^[Aa]([Ll][Ee][Rr][Tt][Ss])?$" | |
# generate two UUIDs for configuration profile payload identifiers | |
PayloadUUID1=$( /usr/bin/uuidgen ) | |
PayloadUUID2=$( /usr/bin/uuidgen ) | |
appDicts="" | |
# -- display usage information or parse app path for information -------------- | |
appPath="$1" | |
if [[ "$appPath" =~ ${regHelp} ]]; then | |
echo | |
echo "Manage App Notifications | |
Purpose: Create configuration profiles to manage app notifications | |
Upload the configuration profile to Jamf Pro or save to your desktop | |
Configuration: To upload to your Jamf Pro server, edit these lines before running the script. | |
The API-Editor account needs the Create privilege for macOS Configuration Profiles in Jamf Pro | |
URL=\"https://jamfproserver.talkingmoose.net:8443\" | |
userName=\"API-Editor\" | |
password=\"P@55w0rd\" | |
organizationName=\"Talking Moose Industries\" | |
Usage: \"$0\" [/path/to/application] | |
Questions are followed by allowed responses with [default] responses in brackets. | |
Responses are case insensitive and accept the first letter or entire word. | |
Press return to accept the default response. | |
Example: $ \"$0\" | |
Path to managed app (drag app into this Terminal window): /Applications/FaceTime.app | |
... | |
or | |
$ \"$0\" /Applications/FaceTime.app | |
Allow Notifications from FaceTime ( [Yes] No ): Yes | |
FaceTime alert style ( None [Banners] Alerts ): A | |
Show notifications on lock screen ( [Yes] No ): n | |
Show in Notification Center ( [Yes] No ): true | |
Badge app icon ( [Yes] No ): | |
Play sound for notifications ( [Yes] No ): NO | |
Critical Alerts Enabled ( Yes [No] ): FALSE | |
Add another app ( [Yes] No ): n | |
Upload to Jamf Pro or Save to Desktop? ( Both [Upload] Save ): U | |
Your new Notifications configuration profile for FaceTime was uploaded to Jamf Pro and is ready for scoping. | |
Would you like to view the profile now? ( [Yes] No ): yes" | |
echo | |
exit 0 | |
else | |
appBundleID=$( /usr/bin/defaults read "$appPath/Contents/Info.plist" CFBundleIdentifier 2>/dev/null ) | |
appExecutable=$( /usr/bin/defaults read "$appPath/Contents/Info.plist" CFBundleExecutable 2>/dev/null ) | |
appExecutableString=$( /usr/bin/sed -e 's/ /./g' <<< "$appExecutable" ) | |
fi | |
function getApp { | |
# -- request path to managed app if no app path provided ---------------------- | |
while [[ "$appExecutable" = "" ]]; | |
do | |
echo | |
read -p "Path to managed app (drag app into this Terminal window): " appPath | |
appBundleID=$( /usr/bin/defaults read "$appPath/Contents/Info.plist" CFBundleIdentifier 2>/dev/null ) | |
appExecutable=$( /usr/bin/defaults read "$appPath/Contents/Info.plist" CFBundleExecutable 2>/dev/null ) | |
appExecutableString=$( /usr/bin/sed -e 's/ /./g' <<< "$appExecutable" ) | |
done | |
} | |
function getNotificationsEnabled { | |
# -- choose notificationsEnabled ---------------------------------------------- | |
while [[ ! "$notificationsEnabled" =~ ${regTrue} && ! "$notificationsEnabled" =~ ${regFalse} ]]; | |
do | |
echo | |
read -p "Allow Notifications from $appExecutable ( [Yes] No ): " notificationsEnabled # true, false, yes or no; case insensitive, first letter accepted, return to accept default | |
notificationsEnabled=${notificationsEnabled:-true} | |
done | |
if [[ "$notificationsEnabled" =~ ${regTrue} ]]; then | |
notificationsEnabled="true" | |
else | |
notificationsEnabled="false" | |
fi | |
} | |
function getAlertType { | |
# -- choose alertType --------------------------------------------------------- | |
while [[ ! "$alertType" =~ ${regNone} && ! "$alertType" =~ ${regBanners} && ! "$alertType" =~ ${regAlerts} && "$notificationsEnabled" = "true" ]]; | |
do | |
echo | |
read -p "$appExecutable alert style ( None [Banners] Alerts ): " alertType # none, banners or alerts, case insensitive, first letter accepted, return to accept default | |
alertType=${alertType:-Banners} | |
done | |
if [[ "$alertType" =~ ${regNone} ]]; then | |
alertType="0" | |
elif [[ "$alertType" =~ ${regBanners} ]]; then | |
alertType="1" | |
else | |
alertType="2" | |
fi | |
} | |
function getShowInLockScreen { | |
# -- choose showInLockScreen -------------------------------------------------- | |
while [[ ! "$showInLockScreen" =~ ${regTrue} && ! "$showInLockScreen" =~ ${regFalse} && "$notificationsEnabled" = "true" ]]; | |
do | |
read -p "Show notifications on lock screen ( [Yes] No ): " showInLockScreen # true, false, yes or no; case insensitive, first letter accepted, return to accept default | |
showInLockScreen=${showInLockScreen:-true} | |
done | |
if [[ "$showInLockScreen" =~ ${regTrue} ]]; then | |
showInLockScreen="true" | |
else | |
showInLockScreen="false" | |
fi | |
} | |
function getShowInNotificationCenter { | |
# -- choose showInNotificationCenter ------------------------------------------ | |
while [[ ! "$showInNotificationCenter" =~ ${regTrue} && ! "$showInNotificationCenter" =~ ${regFalse} && "$notificationsEnabled" = "true" ]]; | |
do | |
read -p "Show in Notification Center ( [Yes] No ): " showInNotificationCenter # true, false, yes or no; case insensitive, first letter accepted, return to accept default | |
showInNotificationCenter=${showInNotificationCenter:-true} | |
done | |
if [[ "$showInNotificationCenter" =~ ${regTrue} ]]; then | |
showInNotificationCenter="true" | |
else | |
showInNotificationCenter="false" | |
fi | |
} | |
function getBadgesEnabled { | |
# -- choose badgesEnabled ----------------------------------------------------- | |
while [[ ! "$badgesEnabled" =~ ${regTrue} && ! "$badgesEnabled" =~ ${regFalse} && "$notificationsEnabled" = "true" ]]; | |
do | |
read -p "Badge app icon ( [Yes] No ): " badgesEnabled # true, false, yes or no; case insensitive, first letter accepted, return to accept default | |
badgesEnabled=${badgesEnabled:-true} | |
done | |
if [[ "$badgesEnabled" =~ ${regTrue} ]]; then | |
badgesEnabled="true" | |
else | |
badgesEnabled="false" | |
fi | |
} | |
function getSoundsEnabled { | |
# -- choose soundsEnabled ----------------------------------------------------- | |
while [[ ! "$soundsEnabled" =~ ${regTrue} && ! "$soundsEnabled" =~ ${regFalse} && "$notificationsEnabled" = "true" ]]; | |
do | |
read -p "Play sound for notifications ( [Yes] No ): " soundsEnabled # true, false, yes or no; case insensitive, first letter accepted, return to accept default | |
soundsEnabled=${soundsEnabled:-true} | |
done | |
if [[ "$soundsEnabled" =~ ${regTrue} ]]; then | |
soundsEnabled="true" | |
else | |
soundsEnabled="false" | |
fi | |
} | |
function getCriticalAlertsEnabled { | |
# -- choose criticalAlertsEnabled (does not appear in GUI) -------------------- | |
while [[ ! "$criticalAlertsEnabled" =~ ${regTrue} && ! "$criticalAlertsEnabled" =~ ${regFalse} && "$notificationsEnabled" = "true" ]]; | |
do | |
read -p "Critical Alerts Enabled ( Yes [No] ): " criticalAlertsEnabled # true, false, yes or no; case insensitive, first letter accepted, return to accept default | |
criticalAlertsEnabled=${criticalAlertsEnabled:-false} | |
done | |
if [[ "$criticalAlertsEnabled" =~ ${regTrue} ]]; then | |
criticalAlertsEnabled="true" | |
else | |
criticalAlertsEnabled="false" | |
fi | |
} | |
function uploadProfile { | |
# upload to Jamf Pro | |
profilePayload=$( /usr/bin/xmllint --noblanks - <<< "$mobileconfig" | /usr/bin/sed -e 's/</\</g' -e 's/>/\>/g' ) | |
profileXML="<os_x_configuration_profile> | |
<general> | |
<name>Managed Notifications</name> | |
<description> | |
<string>Manage Notifications settings.</string> | |
</description> | |
<site/> | |
<category/> | |
<distribution_method>Install Automatically</distribution_method> | |
<user_removable>false</user_removable> | |
<level>computer</level> | |
<uuid>$PayloadUUID2</uuid> | |
<payloads>$profilePayload</payloads> | |
</general> | |
</os_x_configuration_profile>" | |
# flatten the XML for the configuration profile to upload to Jamf Pro | |
flatXML=$( /usr/bin/xmllint --noblanks - <<< "$profileXML" ) | |
# upload and create configuration profile | |
result=$( /usr/bin/curl "$URL/JSSResource/osxconfigurationprofiles/id/0" \ | |
--silent \ | |
--insecure \ | |
--write-out "%{http_code}" \ | |
--user "$userName":"$password" \ | |
--header "Content-Type: text/xml" \ | |
--request POST \ | |
--data "$flatXML" 2>&1 ) | |
# evaluate HTTP status code | |
resultStatus=${result: -3} | |
if [[ $resultStatus = 201 ]]; then # 201 is successful | |
echo | |
echo "Your new Notifications configuration profile for $appExecutable was uploaded to Jamf Pro and is ready for scoping." | |
# -- offer to open configuration profile in Jamf Pro ------------------ | |
while [[ ! "$openProfile" =~ ${regTrue} && ! "$openProfile" =~ ${regFalse} ]]; | |
do | |
echo | |
read -p "Would you like to view the profile now? ( [Yes] No ): " openProfile # true, false, yes or no; case insensitive, first letter accepted, return to accept default | |
openProfile=${openProfile:-true} | |
done | |
if [[ "$openProfile" =~ ${regTrue} ]]; then | |
resultXML=${result%???} | |
profileID=$( /usr/bin/xpath '/os_x_configuration_profile/id/text()' <<< "$resultXML" 2>/dev/null ) | |
/usr/bin/open "$URL/OSXConfigurationProfiles.html?id=$profileID&o=r" | |
fi | |
else | |
echo | |
echo "Unable to upload your new Notifications configuration profile for $appExecutable [Response code: $resultStatus]." | |
echo | |
echo "CODE DESCRIPTION | |
000 Check server URL in script | |
200 Request successful | |
201 Request to create or update object successful | |
400 Bad request. Verify the syntax of the request specifically the XML body. | |
401 Authentication failed. Verify the credentials being used for the request. | |
403 Invalid permissions. Verify the account being used has the proper permissions for the object/resource you are trying to access. | |
404 Object/resource not found. Verify the URL path is correct. | |
409 Conflict. Delete existing profile \"Set $appExecutable notifications\" first. | |
500 Internal server error. Retry the request or contact Jamf support if the error is persistent." | |
fi | |
} | |
function saveProfile { | |
echo | |
echo "$mobileconfig" > "$HOME/Desktop/Managed Notifications.mobileconfig" | |
echo "Your new Notifications configuration profile was saved to your desktop." | |
} | |
# -- ask for another app -------------------------------------------------- | |
while [[ ! "$addApp" =~ ${regFalse} ]]; | |
do | |
getApp | |
if [[ $appList = *"$appBundleID"* ]]; then | |
echo | |
echo "This app is already added to the list." | |
else | |
getNotificationsEnabled | |
getAlertType | |
getShowInLockScreen | |
getNotificationsEnabled | |
getShowInNotificationCenter | |
getBadgesEnabled | |
getSoundsEnabled | |
getCriticalAlertsEnabled | |
appDicts="$appDicts | |
<dict> | |
<key>AlertType</key> | |
<integer>$alertType</integer> | |
<key>BadgesEnabled</key> | |
<$badgesEnabled/> | |
<key>BundleIdentifier</key> | |
<string>$appBundleID</string> | |
<key>CriticalAlertEnabled</key> | |
<$criticalAlertsEnabled/> | |
<key>NotificationsEnabled</key> | |
<$notificationsEnabled/> | |
<key>ShowInLockScreen</key> | |
<$showInLockScreen/> | |
<key>ShowInNotificationCenter</key> | |
<$showInNotificationCenter/> | |
<key>SoundsEnabled</key> | |
<$soundsEnabled/> | |
</dict>" | |
appList="$appList $appBundleID" | |
fi | |
addApp="" | |
while [[ ! "$addApp" =~ ${regTrue} && ! "$addApp" =~ ${regFalse} ]]; | |
do | |
echo | |
read -p "Add another app ( [Yes] No ): " addApp # true, false, yes or no; case insensitive, first letter accepted, return to accept default | |
addApp=${addApp:-true} | |
done | |
if [[ "$addApp" =~ ${regTrue} ]]; then | |
addApp="true" | |
appExecutable="" | |
notificationsEnabled="" | |
alertType="" | |
showInLockScreen="" | |
notificationsEnabled="" | |
showInNotificationCenter="" | |
badgesEnabled="" | |
soundsEnabled="" | |
criticalAlertsEnabled="" | |
else | |
addApp="false" | |
fi | |
done | |
# -- use this template XML to create a .mobileconfig file -------------------------- | |
mobileconfig="<?xml version=\"1.0\" encoding=\"UTF-8\"?> | |
<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"> | |
<plist version=\"1.0\"> | |
<dict> | |
<key>PayloadContent</key> | |
<array> | |
<dict> | |
<key>NotificationSettings</key> | |
<array>$appDicts | |
</array> | |
<key>PayloadDescription</key> | |
<string>Managed Notifications</string> | |
<key>PayloadDisplayName</key> | |
<string>Managed Notifications</string> | |
<key>PayloadEnabled</key> | |
<true/> | |
<key>PayloadIdentifier</key> | |
<string>$PayloadUUID1</string> | |
<key>PayloadOrganization</key> | |
<string>$organizationName</string> | |
<key>PayloadType</key> | |
<string>com.apple.notificationsettings</string> | |
<key>PayloadUUID</key> | |
<string>$PayloadUUID1</string> | |
<key>PayloadVersion</key> | |
<integer>1</integer> | |
</dict> | |
</array> | |
<key>PayloadDescription</key> | |
<string>Managed Notifications</string> | |
<key>PayloadDisplayName</key> | |
<string>Managed Notifications</string> | |
<key>PayloadEnabled</key> | |
<true/> | |
<key>PayloadIdentifier</key> | |
<string>$PayloadUUID2</string> | |
<key>PayloadOrganization</key> | |
<string>$organizationName</string> | |
<key>PayloadRemovalDisallowed</key> | |
<false/> | |
<key>PayloadScope</key> | |
<string>System</string> | |
<key>PayloadType</key> | |
<string>Configuration</string> | |
<key>PayloadUUID</key> | |
<string>$PayloadUUID2</string> | |
<key>PayloadVersion</key> | |
<integer>1</integer> | |
</dict> | |
</plist>" | |
# -- choose to upload to Jamf Pro or save to Desktop -------------------------- | |
while [[ ! "$chooseOutput" =~ ${regUpload} && ! "$chooseOutput" =~ ${regSave} && ! "$chooseOutput" =~ ${regBoth} ]]; | |
do | |
echo | |
read -p "Upload to Jamf Pro or Save to Desktop? ( Both [Upload] Save ): " chooseOutput # upload, save or both; case insensitive, first letter accepted, return to accept default | |
chooseOutput=${chooseOutput:-upload} | |
done | |
if [[ "$chooseOutput" =~ ${regUpload} ]]; then | |
uploadProfile | |
elif [[ "$chooseOutput" =~ ${regSave} ]]; then | |
saveProfile | |
else | |
uploadProfile | |
saveProfile | |
fi | |
exit 0 |
This comment has been minimized.
This comment has been minimized.
This is awesome, thanks a ton for posting this. It looks like it's one profile per notification (application). I was hoping to have a single profile, that was acting on multiple applications. Great work, and thanks again! |
This comment has been minimized.
This comment has been minimized.
Thanks for the feedback, @vandehey! I'll look into what it will take to add multiple items to the payload as I get more feedback. |
This comment has been minimized.
This comment has been minimized.
Very helpful and a neat idea, thank you! |
This comment has been minimized.
This comment has been minimized.
Thanks, @Dials-Mavis. Not a bad idea to offer both and should be fairly easy to do. I'll look into it. |
This comment has been minimized.
This comment has been minimized.
This worked fantastically, @talkingmoose, thank you very much for this. Would also love an option to add multiple items to the payload if you get the chance to put that in. |
This comment has been minimized.
This comment has been minimized.
Thanks for the feedback @vandehey, @Dials-Mavis and @GavinAndersonGuvnor! This new version of the script now supports multiple apps in one profile and uploading to Jamf Pro and saving at the same time. Very limited testing, but appears to be working for me. |
This comment has been minimized.
This comment has been minimized.
@talkingmoose Thanks so much, that's fantastic :) |
This comment has been minimized.
This comment has been minimized.
This worked perfectly, thanks a TON for this! One thing of note....After importing it into JAMF, it looks like an empty profile. I realize that JAMF hasn't implemented any of these settings, but I expected to see something there. Regardless, works perfectly. Thanks again! |
This comment has been minimized.
This comment has been minimized.
@vandehey, thanks for verifying! You won’t see the Notifications payload in Jamf Pro until Jamf implement that payload into the GUI. Everything is there behind the scenes but Jamf Pro has no way to show you yet. We had the same issue with PPPC and the PPPC Utility. Once you upgrade to a version of Jamf Pro that supports the Notifications payload, your earlier profiles will still work and show the payload. |
This comment has been minimized.
This comment has been minimized.
@talkingmoose This is great and working perfectly with the Yo app. I like how it grays the settings out so the user can't turn them off. I'm also trying with Microsoft Update Assistant app but it doesn't seem to be working. Have you tried this one? It's not enabling notifications or graying the settings out. |
This comment has been minimized.
This comment has been minimized.
@gsprague, it should work with Microsoft AutoUpdate just fine. That was one of the first apps I tried. Assuming you're pointing to |
This comment has been minimized.
This comment has been minimized.
@talkingmoose Yes, that's the path I'm using. Does the application path work with escaped spaces? I'm not removing the backslashes. I'm also testing on macOS 10.15.1. |
This comment has been minimized.
This comment has been minimized.
@gsprague You're maybe experiencing the same thing I did, where it was the MAU Daemon that kept coming up with a separate notification that needed allowed? I had to add an entry for the following to make that not come up any longer: /Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app |
This comment has been minimized.
This comment has been minimized.
@GavinAndersonGuvnor I want to force the MAU Notifications to be on and have all the settings grayed out in Sys Preferences : Notifications : Microsoft Update Assistant so the user cannot turn the notifications off. This is working with another app where all settings are grayed out and cannot be changed. @talkingmoose It's working now. I wasn't using the complete path to MUA. Needed to go into the apps contents: Thanks! |
This comment has been minimized.
This comment has been minimized.
Why am I the only one that seems to be getting a permissions denied message when running the script or has anyone else encountered this? |
This comment has been minimized.
This comment has been minimized.
If you downloaded the script, you’ll need to make it executable first. In Terminal run Then try running it again. |
This comment has been minimized.
This comment has been minimized.
@talkingmoose Thank you kindly, that did the trick! |
This comment has been minimized.
This comment has been minimized.
I ran into an unexpected side effect when creating a Notification Settings Configuration Profile for Enterprise Connect today (if anyone else thinks of doing that, don't. Enterprise Connect does not require one to display notifications) and had to engage Enterprise Connect support to figure out why. By installing a Notifications Setting specifying the alert style as Banner for ecAgent the process was prevented from displaying an Alert style notification. If you used this script's default of Banner and aren't sure that style notification is definitely what an app will display you may want to check and update your Notification Settings profiles. |
This comment has been minimized.
This comment has been minimized.
@talkingmoose this is awesome thanks so much! Took some liberties and had my son spice it up some as a coding project for him. -converted to zsh Feel free to pull it back to your's if you want |
This comment has been minimized.
This comment has been minimized.
This did not work for me. If I save off the mobile config, the format is not right. |
This comment has been minimized.
This comment has been minimized.
found it, the "&" in our company name needed escaping. |
This comment has been minimized.
This comment has been minimized.
Great, thanks for the super fast fix! |
This comment has been minimized.
This comment has been minimized.
This makes it so easy, thanks so much for scripting it. I had one question for after it is uploaded to Jamf. |
This comment has been minimized.
This comment has been minimized.
@kirbybj, not with this script. However, since writing this script, Jamf Pro 10.19 added a great new feature where you can bring your own manifests to make your own custom Configuration Profiles. Do this instead of the script:
What you see should look something like this. You can add multiple apps and you can come back later and modify. |
This comment has been minimized.
This comment has been minimized.
Thank you so much for that help. Our Jamf Pro was just upgraded last night to I believe to .21. We were on a very old version. Thanks for the help. |
This comment has been minimized.
This comment has been minimized.
Is it somehow possible to let the users change the notification settings afterwards? We just want to predefine the settings but still let the users choose if they want to disable notifications afterwards. |
This comment has been minimized.
This comment has been minimized.
Thank you, this will save me some time which its always very much appreciated :-) |
This comment has been minimized.
Until Jamf adds the Notifications payload to macOS Configuration Profiles in Jamf Pro, I've put together this script to help with creating these profiles. You can save them as .mobileconfig files to your desktop or supply your Jamf Pro address and credentials to upload to your server.
To use the script:
Keep in mind that until the Notifications payload is added to Jamf Pro, you won't see it appear in your profile. But the profile will still work. After the payload is added in a future version, the profiles should display the payload.
I hope folks find it useful. Please add comments and bug reports to the GitHub gist page.