Archive

Archive for the ‘Scripting’ Category

Updated MigrateADMobileAccounttoLocalAccount script now available to fix password issue in macOS 10.14.4

April 5, 2019 3 comments

A couple of years back, I wrote a script to assist with migrating AD mobile users to local users. I had to update it in 2018 to fix a bug, but once that issue was fixed, the script has chugged along without changes between macOS 10.13.5 and macOS 10.14.3.

However, starting with macOS 10.14.4, I was alerted to an issue with how the script worked in combination with a change on Apple’s end.

As part of the script, the following actions take place:

  1. The password hash value of the account from the AuthenticationAuthority attribute of the relevant account is backed up.
  2. The AuthenticationAuthority attribute is deleted from the relevant account.
  3. The AuthenticationAuthority attribute is re-created and the password hash of the account is restored from the backup.

As of macOS 10.14.4, once the reference to the password hash is removed from the AuthenticationAuthority attribute, the actual password hash is now automatically deleted by the OS. That means that step 2 in the process described above actually causes the password for the account to be removed, so that the account’s password must be re-set.

How to fix this? For more details, please see below the jump.

Read more…

Building an installer package for Privileges.app

March 20, 2019 8 comments

One of the open-source contributions by the Apple@SAP team has been Privileges.app, a tool designed to grant or take away administrator rights from accounts on macOS. The general idea behind Privileges is that it allows people to work with the account privileges of a standard user for day-to-day use, but allows them to get administrator rights when needed.

Documentation for Privileges.app can be found at the GitHub repo which hosts it, which is available via the link below:

https://github.com/SAP/macOS-enterprise-privileges

However, one item not included in that documentation is how to package it for deployment. Instead, AutoPkg recipes were written and made available to automate the packaging process:

However, not everyone is able to use AutoPkg in their environment, so manual packaging instructions are now available here. For more details, please see below the jump:

Read more…

Detecting installed 32-bit applications on macOS Mojave

January 30, 2019 Leave a comment

Over the past couple of OS releases, Apple has made it increasingly clear that 32-bit applications are on the way out. Starting with macOS High Sierra 10.13.4, launching a 32-bit application for the first time will result in a message similar to this being displayed:

macOS High Sierra 10.13.4 and later

Macos high sierra 32 bit app alert

macOS Mojave 10.14.x

Macos mojave 32 bit app alert

When the Learn More… button in the alert window is clicked, the following Apple KBase article opens in your default web browser:

32-bit app compatibility with macOS High Sierra 10.13.4 and later
https://support.apple.com/HT208436

To help identify if and where 32-bit applications have been installed, you can use /Applications/Utilities/System Information.app‘s list of installed software to identify which installed applications show up with the following status:

64-Bit (Intel): No

Screen Shot 2019 01 30 at 4 02 22 PM

 

To assist with automating this task, a script is available which uses the /usr/sbin/system_profiler command line tool to detect all 32-bit apps installed in /Applications, /Library or /usr/local and output the list to a logfile stored in /var/log. For more details, please see below the jump.

Read more…

Building macOS installer disk images for virtual machines with create_macos_vm_install_dmg

January 25, 2019 1 comment

A while back, I wrote a couple of scripts which built installers for Mac virtual machines:

However, Apple made some changes to the macOS installer starting in macOS Sierra 10.12.4 which broke the method I was using to build the installers. Recently though, I figured out that I could use Apple’s createinstallmedia tool to help me with building installers for Mac virtual machines again. After a substantial re-write, create_macos_vm_install_dmg is able to create bootable disk images for virtual machines running macOS Sierra, High Sierra and Mojave.

One change from the previous version of the create_macos_vm_install_dmg script is that the resulting installer no longer runs an automated installation. Instead, it will be necessary to follow the prompts to select the language and drive to install the OS onto. For more details, please see below the jump.

Read more…

Enabling automatic macOS software updates for OS X Yosemite through macOS Mojave

December 28, 2018 5 comments

A while back, I wrote a post on how to enable automatic OS X updates on OS X Yosemite. The methods used to enable automatic macOS updates changed as of macOS Mojave, so let’s take a look at the changes. For more details, please see below the jump.

Read more…

Backing up macOS management policies from Jamf Pro

December 21, 2018 1 comment

When working with computer management policies on Jamf Pro, especially more complex policies, I prefer to download then and back them up to GitHub or a similar internal source control tool. The reasons I do this are the following:

  1. I have an off-server backup for the policies
  2. I can track changes to the groups
  3. If needed, I can make a change to a policy and upload via the API instead of having to edit in the web console.

Up until recently, I didn’t have a good process for handling this but after some work, I was able to build a script which does the following:

  1. If any policies were previously downloaded, back up existing downloaded policies into a .zip file
  2. Download the policy information as XML
  3. Properly format the downloaded XML
  4. Identify the display name of the policy.
  5. Identify the category of the policy.
  6. Save the downloaded XML as Policy Name Here.xml to a specified download directory, based on the category that the policy is in.

The reason the script archives previously downloaded policies are the following:

  1. In case something goes wrong with the download, I still have the previously archived copy.
  2. The script can clear out the existing download directory and have only the latest version of the policy stored inside.

For more details, please see below the jump.

Read more…

Backing up extension attributes from Jamf Pro

December 20, 2018 Leave a comment

While working with extension attributes on Jamf Pro, I prefer to download then and back them up to GitHub or a similar internal source control tool. The reasons I do this are the following:

  1. I have an off-server backup for the extension attributes
  2. I can track changes to the extension attributes

To help me manage this, I have two scripts which do the following:

  1. Use the Jamf Pro API to identify the Jamf Pro ID numbers of the extension attributes.
  2. Download each extension attribute as an XML file using its Jamf Pro ID number.
  3. Format the downloaded XML.
  4. Identify the display name of the extension attribute.
  5. Identify if it was a String, Integer or Date extension attribute.
  6. If it’s a macOS or Windows extension attribute and it has a script, extract the script.
  7. Save the downloaded XML or script as Extension Attribute Name Here to a specified download directory, based on whether it was a String, Integer or Date extension attribute.

For more details, please see below the jump.

Read more…

%d bloggers like this: