Archive

Archive for the ‘Scripting’ Category

Identifying the Jamf Pro server set in CasperCheck using an Extension Attribute

July 30, 2017 Leave a comment

As part of my Jamf Pro testing process, I will often set up a VM using a production setup workflow then enroll that newly-setup VM into my test Jamf Pro server. However, as part of my production workflow setup, I will usually install my CasperCheck self-repair solution in order to make sure the machine stays enrolled with my Jamf Pro server.

Unfortunately, this can lead to the following chain of events:

  1. Test VM is enrolled in the test Jamf Pro server
  2. CasperCheck runs on its pre-set schedule and detects that it is not enrolled with the Jamf Pro server specified in the script.
  3. CasperCheck runs its repair functions and enrolls the test VM in the production server.
  4. I wonder why my test VM isn’t talking to the test Jamf Pro server.
  5. I check the CasperCheck log, grumble when I notice that CasperCheck has done its job, and then install the test server’s CasperCheck script on the test VM.
  6. Reboot the test VM to trigger the test server’s CasperCheck script to enroll the test VM into the test server again.

This situation happened infrequently enough in the past that I usually just dealt with it on an individual basis, but I finally decided to fix it by writing a Jamf Pro Extension Attribute to help me identify which Jamf Pro server was specified in the installed copy of CasperCheck . For more details, see below the jump.

Read more…

Deploying a pre-configured F5 Big-IP VPN client

July 27, 2017 Leave a comment

As part of a discussion with a colleague, he said that he needed to build an installer for his shop’s F5 Network’s VPN service but wasn’t sure how. I hadn’t built one of these previously either, so I decided to look into it.

Fortunately, F5 Networks has made the process of creating one a fairly straightforward process, assuming that your VPN administrator can provide the needed config_tmp.f5c configuration file. Assuming that you can get that file, all that’s needed is making sure that the config_tmp.f5c file is located in the same directory as the VPN client installer.

Screen Shot 2017 07 26 at 8 27 48 PM

The reason for this is that the postinstall scripts of the F5 VPN client installer are set to look for that file in that location, and will automatically import the configuration file’s contents if the file is found.

Screen Shot 2017 07 26 at 8 16 13 PM

Once I had both the config_tmp.f5c config file and a copy of the F5 VPN client installer, I was able to create an installer using this method that handled both the installation and the automated configuration of the F5 VPN client. For more details, see below the jump.

Read more…

Generating printer configurations using payload-free_package_printer_generator.sh

July 18, 2017 1 comment

As part of a recent discussion, a colleague posted in the MacAdmins Slack that they needed to deploy printers as part of a DeployStudio workflow. DeployStudio doesn’t natively include this functionality, so that meant developing a way to deploy the desired printers to the appropriate Macs via one of the following methods:

As part of the conversation, I pointed to Nick McSpadden‘s PrinterGenerator tool:

https://github.com/nmcspadden/PrinterGenerator

Nick’s tool is designed to create printer configurations for deployment via Munki. However, my colleague wasn’t using Munki in this case and didn’t plan to deploy it. So even though there was a tool that could have solved the problem, adapting it to work for my DeployStudio-using colleague’s needs was going to take some time and effort.

The discussion got me started thinking about the problem of printer deployments and ways to solve it that could work for the vast majority of deployment solutions. After some research and testing, I’ve developed a solution that may work for most deployment needs. For more details, see below the jump.

Read more…

Automating the enablement of object versioning on AWS S3 buckets

June 30, 2017 Leave a comment

As part of some work I’ve been doing with Amazon Web Services, I needed to enable object versioning on all S3 buckets in an account.

Screen Shot 2017 06 30 at 1 28 38 PM

However, I had three issues that I needed to accommodate for:

  1. There were a sufficient number of S3 buckets that enabling versioning via the S3 web console would be inconvenient.
  2. Some of the S3 buckets in the list already had object versioning enabled, while others in the list did not.
  3. I had forgotten which ones already had versioning enabled, so I’d have to check each one.

To address all three issues, I’ve written a script that uses the aws command line tool to detect which S3 buckets do not have object versioning enabled and enable it on the detected S3 buckets. For more details, see below the jump.

Read more…

Using base64 encoding to include binary files inside scripts

May 2, 2017 6 comments

When writing scripts, it’s sometimes useful to be able to be able to include and deploy binary files as part of the script run. An example of this would be if you want to use MySQL 5.6 and later’s option for creating a MySQL connection file. This is a file that allows you to store MySQL authentication inside an encrypted file named .mylogin.cnf.

Rather than trying to script the creation of a MySQL connection file, where the creation process would involve placing the MySQL authentication credentials in a readable format inside the script, it is easier and more secure to build the connection file manually on one machine and then encode the encrypted MySQL connection file into ASCII text using base64 encoding. Once encoded, the ASCII text can be decoded as part of a script designed to deploy the still-encrypted MySQL connection file to a desired location.

For more details on how to use base64 encoding, please see below the jump.

Read more…

Office 2016 DefaultsToLocalOpenSave setting change as of Office 2016 15.33.x

April 17, 2017 1 comment

As part of the release of Office 2016 15.33.0, a number of managed preference options have been added and some have changed from what they were before. An example of one that has changed is the DefaultsToLocalOpenSave management setting, which sets the Open and Save options in Office 2016 apps to default to On My Mac instead of Online Locations.

In Microsoft Office 2016 15.32.x and earlier, the  DefaultsToLocalOpenSave setting could only be managed by running a command similar to the one below on the individual user accounts:

/usr/bin/defaults write "/path/to/user/homefolder/Library/Group Containers/UBF8T346G9.Office/"com.microsoft.officeprefs DefaultsToLocalOpenSave -bool true

To set this for all accounts on a particular Mac, I had written the following script:

As of Microsoft Office 2016 15.33.x, this setting can now be set at the global level for all users by running the following command with root privileges:

/usr/bin/defaults write /Library/Preferences/com.microsoft.office DefaultsToLocalOpenSave -bool true

I’ve posted an updated script for manage this setting to GitHub, available via the link below:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/set_office_2016_default_save_option_to_on_my_mac

This setting can now also be managed with a profile, so I’ve created a .mobileconfig file and posted it here on Github:

https://github.com/rtrouton/profiles/tree/master/Office2016DefaultToLocalSave

Building VMs on ESXi using esxi_macos_vm_creation.sh

April 11, 2017 1 comment

As part of my testing workflow, I’ve been using VMs running on a ESXi server running ESXi 6.5. To help me quickly build those VMs, I have been using a script named esxi_macos_vm_creation.sh for building VMs. This script is forked from Tamas Piros’s auto-create script for standing up Linux VMs on free ESXi:

https://github.com/tpiros/auto-create

My fork of the auto-create script is designed to create and configure virtual machines with Apple operating systems as the guest OS, hosted on a VMware ESXi server running on Apple hardware. The script assumes that the virtual machines are built using copied VMDK disk files, where the VMDK files are generated by AutoDMG and vfuse. For more details, see below the jump.

Read more…

%d bloggers like this: