Last active
December 19, 2024 09:28
-
-
Save talkingmoose/b6637160b65b751824943ede022daa17 to your computer and use it in GitHub Desktop.
Downloads and installs the latest available Microsoft product specified directly on the client. This avoids having to manually download and store an up-to-date installer on a distribution server every month.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/zsh | |
:<<'ABOUT_THIS_SCRIPT' | |
----------------------------------------------------------------------- | |
Written by:William Smith | |
Partner Program Manager | |
Jamf | |
bill@talkingmoose.net | |
https://gist.github.com/b6637160b65b751824943ede022daa17 | |
Originally posted: November 19, 2017 | |
Updated: February 13, 2023 | |
Updated: March 8, 2024 | |
Updated: April 22, 2024 | |
Updated: June 5, 2024 | |
Included Team ID check | |
Purpose: Downloads and installs the latest available Microsoft | |
product specified directly on the client. This avoids having to | |
manually download and store an up-to-date installer on a | |
distribution server every month. | |
Instructions: Update the linkID value to one of the corresponding | |
Microsoft products in the list and optionally update the sha256Checksum | |
value with a known SHA 256 string. Run the script with elevated | |
privileges. If using Jamf Pro, consider replacing the linkID, | |
sha256Checksum, and teamID values with "$4", "$5" and "$6", entering the ID | |
as script parameters in a policy. | |
Except where otherwise noted, this work is licensed under | |
http://creativecommons.org/licenses/by/4.0/ | |
"You say goodbye and I say exit 0." | |
----------------------------------------------------------------------- | |
ABOUT_THIS_SCRIPT | |
# enter the Microsoft fwlink (permalink) product ID | |
# or leave blank if using a $4 script parameter with Jamf Pro | |
linkID="" # e.g. "525133" for Office 2019 | |
teamID="" # usually "UBF8T346G9" but may differ between products | |
# 525133 - Office 2019 for Mac SKUless download (aka Office 365) | |
# 2009112 - Office 2019 for Mac BusinessPro SKUless download (aka Office 365 with Teams) | |
# 871743 - Office 2016 for Mac SKUless download | |
# 830196 - AutoUpdate download | |
# 2069439 - Edge (Intel Consumer Beta) | |
# 2069340 - Edge (Intel Consumer Dev) | |
# 2069147 - Edge (Intel Consumer Canary) | |
# These no longer work; unable to determine link IDs | |
# XXXXXXX - Edge (Enterprise Stable) | |
# XXXXXXX - Edge (Enterprise Beta) | |
# XXXXXXX - Edge (Enterprise Dev) | |
# Releases sourced from https://www.microsoft.com/en-us/edge/download?form=MA13FJ | |
# 2069148 - Edge (Intel Consumer Stable) | |
# 2093504 - Edge (Apple Silicon Stable) | |
# 2069340 - Edge (Intel Dev) | |
# 2099619 - Edge (Apple Silicon Dev) | |
# 525135 - Excel 2019 SKUless download | |
# 871750 - Excel 2016 SKUless download | |
# 869655 - InTune Company Portal download (Intel only from October 2023) | |
# 853070 - InTune Company Portal download (Universal) | |
# 823060 - OneDrive download | |
# 820886 - OneNote download | |
# 525137 - Outlook 2019 SKUless download | |
# 871753 - Outlook 2016 SKUless download | |
# 525136 - PowerPoint 2019 SKUless download | |
# 871751 - PowerPoint 2016 SKUless download | |
# 868963 - Remote Desktop | |
# 800050 - SharePoint Plugin download | |
# 832978 - Skype for Business download | |
# 869428 - Teams Classic | |
# 2249065 - New Teams | |
# 525134 - Word 2019 SKUless download | |
# 871748 - Word 2016 SKUless download | |
# enter the SHA 256 checksum for the download file | |
# download the package and run '/usr/bin/shasum -a 256 /path/to/file.pkg' | |
# this will change with each version | |
# leave blank to to skip the checksum verification (less secure) or if using a $5 script parameter with Jamf Pro | |
sha256Checksum="" # e.g. "67b1e8e036c575782b1c9188dd48fa94d9eabcb81947c8632fd4acac7b01644b" | |
if [ "$4" != "" ] && [ "$linkID" = "" ] | |
then | |
linkID=$4 | |
fi | |
if [ "$5" != "" ] && [ "$sha256Checksum" = "" ] | |
then | |
sha256Checksum=$5 | |
fi | |
if [ "$6" != "" ] && [ "$teamID" = "" ] | |
then | |
teamID=$6 | |
fi | |
# this is the full fwlink URL | |
url="https://go.microsoft.com/fwlink/?linkid=$linkID" | |
# create temporary working directory | |
echo "Creating working directory '$tempDirectory'" | |
workDirectory=$( /usr/bin/basename $0 ) | |
tempDirectory=$( /usr/bin/mktemp -d "/private/tmp/$workDirectory.XXXXXX" ) | |
# change directory to temporary working directory | |
echo "Changing directory to working directory '$tempDirectory'" | |
cd "$tempDirectory" | |
# download the installer package and name it for the linkID | |
echo "Downloading package $linkID.pkg" | |
/usr/bin/curl --location --silent "$url" -o "$linkID.pkg" | |
# checksum the download | |
downloadChecksum=$( /usr/bin/shasum -a 256 "$tempDirectory/$linkID.pkg" | /usr/bin/awk '{ print $1 }' ) | |
echo "Checksum for downloaded package: $downloadChecksum" | |
# extract Team ID from the download | |
downloadTeamID=$( /usr/sbin/pkgutil --check-signature "$tempDirectory/$linkID.pkg" | /usr/bin/awk -F '[()]' '/Developer ID Installer/{ print $2 }' ) | |
echo "Team ID for downloaded package: $downloadTeamID" | |
# install the package if checksum validates | |
if ([ "$sha256Checksum" = "$downloadChecksum" ] || [ "$sha256Checksum" = "" ]) && ([ "$teamID" = "$downloadTeamID" ] || [ "$teamID" = "" ]); then | |
echo "Checksum and Team ID verified. Installing package $linkID.pkg" | |
/usr/sbin/installer -pkg "$linkID.pkg" -target / | |
exitCode=0 | |
else | |
echo "Checksum failed. Recalculate the SHA 256 checksum and try again. Or download may not be valid." | |
exitCode=1 | |
fi | |
# remove the temporary working directory when done | |
/bin/rm -Rf "$tempDirectory" | |
echo "Deleting working directory '$tempDirectory' and its contents" | |
exit $exitCode |
Hey @talkingmoose
maybe you can add a teamid check to be on the safe side? As far as i know the Microsoft Team ID is always UBF8T346G9.
if [ "$6" != "" ] && [ "$Teamid" = "" ]
then
Teamid=$6
fi
...............
# Get package TeamID
packageTeamid=$(spctl -a -vv -t install "$tempDirectory/$linkID.pkg" 2>&1 | awk -F '[()]' '/origin=/ {print $2}')
#Check if the package TeamID is the Microsoft TeamID.
if [[ " $Teamid " == " $packageTeamid " ]]; then
echo "Package TeamID $packageTeamid is valid"
else
echo "Package TeamID $packageTeamid is unvalid"
exit 1
fi
@colorenz, thanks for the suggestion. I've updated it and briefly tested it. Take it for a spin and let me know your results.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've found the ID for New Teams and updated the script to include it.