Archive

Archive for the ‘Scripting’ Category

Using the Jamf Pro API to mass-delete computers and mobile devices

May 19, 2018 Leave a comment

Periodically, it may be necessary to delete a large number of computers or mobile devices from a Jamf Pro server. However, there is currently a problem in Jamf Pro 10 where trying to delete multiple devices can fail. Jamf is aware of the issue and has assigned it a product issue code (PI-004957), but it has not yet been resolved and remains a known issue as of Jamf Pro 10.4.1.

To work around this issue, you can delete computers and mobile devices one at a time. This does not trigger the performance issues seen with PI-004957, but this can get tedious if you have multiple devices to delete. To help with this, I’ve adapted an earlier script written by Randy Saeks to help automate the deletion process by using a list of Jamf IDs and the API to delete the relevant computers or mobile devices one by one. For more details, please see below the jump.

Read more…

Detecting if a logged-in user on a FileVault-encrypted Mac has a Secure Token associated with their account

May 10, 2018 Leave a comment

A challenge many Mac admins have been dealing with is the introduction of the Secure Token attribute, which is now required to be added to a user account before that account can be enabled for FileVault on an encrypted Apple File System (APFS) volume.

In my own shop, we wanted to be able to identify if the primary user of a Mac had a Secure Token associated with their account. The reason we did this was:

  1. We could alert the affected help desk staff.
  2. We could work with our users to rebuild their Macs on an agreed-upon schedule where their data was preserved.
  3. We could hopefully avoid working with our users on an emergency basis where their data could be lost.

To help with this, we developed a detection script. For more details, please see below the jump.

Read more…

Oracle Java 10 JDK and JRE installation scripts for macOS

April 19, 2018 Leave a comment

Oracle has started to release Java 10 for macOS, so I’m posting a couple of scripts to download and install the following:

Oracle has been releasing two separate versions of Java 8 simultaneously and may do the same for Java 10, so these Java 10-focused scripts are designed to allow the user to set which version they want to install: the CPU release or the PSU release.

The difference between CPU and PSU releases is as follows:

  • Critical Patch Update (CPU): contains both fixes to security vulnerabilities and critical bug fixes.
  • Patch Set Update (PSU): contains all the fixes in the corresponding CPU, plus additional fixes to non-critical problems.

For more details on the differences between CPU and PSU updates, please see the link below:

http://www.oracle.com/technetwork/java/javase/cpu-psu-explained-2331472.html

For more information, please see below the jump.

Read more…

Suppressing the Data & Privacy pop-up window on macOS High Sierra

April 4, 2018 2 comments

Starting with Mac OS X 10.7.2, Apple set the iCloud sign-in to pop up on the first login.

Lwscreenshot 2016 09 20 at 10 38 00 am

In OS X 10.10, Apple added a Diagnostics & Usage window that pops up at first login after the iCloud sign-in.

Lwscreenshot 2016 09 20 at 7 35 05 am

In macOS 10.12, Apple added another pop-up window for Siri.

Lwscreenshot 2016 09 20 at 10 39 04 am

In macOS 10.13.4, Apple has added a Data & Privacy pop-up window for their data privacy information.

Data and privacy pop up

To stop the Data & Privacy pop-up window from appearing for your home folder, run the command shown below:

defaults write com.apple.SetupAssistant DidSeePrivacy -bool TRUE

Since you normally will be able to run this command only after you’ve seen the Data & Privacy pop-up window, I’ve updated my script for suppressing the various pop-up windows to now also suppress the Data & Privacy pop-up window. For more details, see below the jump.

Read more…

Detecting user approved MDM using the profiles command line tool on macOS 10.13.4

March 30, 2018 2 comments

Starting in macOS 10.13.2, Apple introduced the concept of User Approved MDM Enrollment (UAMDM). UAMDM grants mobile device management (MDM) additional management privileges, beyond what is allowed for macOS MDM enrollments which have not been “user approved”. As of macOS 10.13.4, the only additional management privilege associated with UAMDM is that it allows you to deploy a profile which provides a white list for third-party kernel extensions. However, I would anticipate that this list will grow over time.

Starting in macOS 10.13.4, you can use the profiles command line tool to determine if a machine is enrolled into a MDM, and if user-approved MDM is enabled. To do this, run the command shown below:

profiles status -type enrollment

Depending on your MDM enrollment status, you may see one of the following statuses shown below:

No MDM enrollment

computername:~ username$ profiles status -type enrollment
Enrolled via DEP: No
MDM enrollment: No
computername:~ username$

MDM enrolled, without user-approved MDM enabled

computername:~ username$ profiles status -type enrollment
Enrolled via DEP: No
MDM enrollment: Yes
computername:~ username$

MDM enrolled, with user-approved MDM enabled

computername:~ username$ profiles status -type enrollment
Enrolled via DEP: No
MDM enrollment: Yes (User Approved)
computername:~ username$

DEP Enrolled

computername:~ username$ profiles status -type enrollment
Enrolled via DEP: Yes
MDM enrollment: Yes (User Approved)
computername:~ username$

Note: If your Mac is enrolled in Apple’s Device Enrollment Program (DEP), it automatically gets user-approved MDM.

To help detect if a particular Mac has user-approved MDM enabled, I’ve written a script. For more details, please see below the jump.

Read more…

Using installinstallmacos.py to download macOS High Sierra installers

February 27, 2018 1 comment

Starting with macOS Sierra, Apple moved the macOS Installer applications from being exclusively an App Store download to now being included in the regular Software Update catalogs. This means that it’s possible to download macOS installers, including those for macOS betas or hardware-specific macOS builds, using the command-line softwareupdate tool.

To assist with this task, Greg Neagle has written a Python script named installinstallmacos.py. installinstallmacos.py is designed to do the following:

1. Parse a specified Software Update feed.
2. Identify the listed products which appear to be macOS installers.
3. Display a menu of the available choices.

Once you’ve selected from the available options, the script does the following:

4. Creates a disk image and names it with the appropriate information for the specified macOS installer.
5. Mounts the disk image.
6. Downloads all the relevant packages from the Software Update feed for the specified macOS installer.
7. Installs the packages onto the disk image.
8. Unmounts the disk image.
9. Stores the disk image in the current working directory (this is likely going to be the logged-in user’s home folder.)

For more details, please see below the jump.

Read more…

Backing up the contents of an AWS-hosted Jamf Pro cloud distribution point to a local directory

February 15, 2018 Leave a comment

As part of removing unused packages from a Jamf Pro cloud distribution point using @shea_craig‘s Spruce tool, I needed to first make a backup of the contents of the cloud distribution point to a local directory on my Mac. That way, in case I had made an error and deleted the wrong installer package, I had a copy of the package readily available and could re-add the package back to my Jamf Pro server.

The cloud distribution point in question is hosted out in Amazon Web Services’ (AWS) S3 service, so I decided to use AWS’s awscli command line tool‘s S3 functions to run a one-way synchronization process between the cloud distribution point in S3 and my local directory. For more details, please see below the jump.

Read more…

%d bloggers like this: