All Projects → ducksrfr → Mac_admin

ducksrfr / Mac_admin

Licence: mit
Helpful scripts & configuration profiles for the Mac admin community

Programming Languages

shell
77523 projects

Projects that are alternatives of or similar to Mac admin

Macvars
command library for scripting osx
Stars: ✭ 34 (-75.54%)
Mutual labels:  macadmin, apple, mac
LAPSforMac
Local Administrator Password Solution for Mac
Stars: ✭ 29 (-79.14%)
Mutual labels:  mac, apple, macadmin
pre-commit-macadmin
Pre-commit hooks for Mac admins.
Stars: ✭ 43 (-69.06%)
Mutual labels:  mac, apple, macadmin
Swiftui
A collaborative list of awesome SwiftUI resources. Feel free to contribute!
Stars: ✭ 774 (+456.83%)
Mutual labels:  apple, mac
Rome
Carthage cache for S3, Minio, Ceph, Google Storage, Artifactory and many others
Stars: ✭ 724 (+420.86%)
Mutual labels:  apple, mac
Macapps
个人收集的一些mac使用的不易找到的app,不断更新中。
Stars: ✭ 726 (+422.3%)
Mutual labels:  apple, mac
Munkiadmin
macOS app for managing Munki repositories
Stars: ✭ 310 (+123.02%)
Mutual labels:  macadmin, mac
Syncthing Macos
Frugal and native macOS Syncthing application bundle
Stars: ✭ 1,096 (+688.49%)
Mutual labels:  apple, mac
Swift Keylogger
Keylogger for mac written in Swift using HID
Stars: ✭ 995 (+615.83%)
Mutual labels:  apple, mac
Mac Zsh Completions
macOS specific additional completion definitions for Zsh.
Stars: ✭ 79 (-43.17%)
Mutual labels:  macadmin, mac
Neptunes
simple and reliable Last.fm scrobbler for iTunes and Spotify for macOS
Stars: ✭ 98 (-29.5%)
Mutual labels:  apple, mac
Soundcast
Cast audio from macOS to Chromecast
Stars: ✭ 684 (+392.09%)
Mutual labels:  apple, mac
Swcrypt
RSA public/private key generation, RSA, AES encryption/decryption, RSA sign/verify in Swift with CommonCrypto in iOS and OS X
Stars: ✭ 632 (+354.68%)
Mutual labels:  apple, mac
Hackintosh Installer University
Open source tutorial & information collector for hackintosh installation.
Stars: ✭ 3,815 (+2644.6%)
Mutual labels:  apple, mac
Night Shift On Unsupported Macs
Enable Night Shift on older Unsupported Macs
Stars: ✭ 86 (-38.13%)
Mutual labels:  apple, mac
Awesome Mac
 Now we have become very big, Different from the original idea. Collect premium software in various categories.
Stars: ✭ 46,674 (+33478.42%)
Mutual labels:  apple, mac
Amazon Fresh Whole Foods Delivery Slot Finder
A Mac tool that finds available delivery slots for Amazon's Whole Foods delivery and Amazon Fresh services
Stars: ✭ 1,048 (+653.96%)
Mutual labels:  apple, mac
Privacy services manager
A single management utility to administer Location Services, Contacts requests, Accessibility, and iCloud access in Apple's OS X.
Stars: ✭ 115 (-17.27%)
Mutual labels:  macadmin, mac
Macdriver
Native Mac APIs for Go
Stars: ✭ 3,582 (+2476.98%)
Mutual labels:  apple, mac
Splashbuddy
Onboarding splash screen for Jamf Pro. Improves DEP provisioning for macOS.
Stars: ✭ 309 (+122.3%)
Mutual labels:  macadmin, apple

Hi! I'm a Mac admin based in Austin, TX and I've uploaded some helpful scripts and configuration profiles compatible with macOS High Sierra and Mojave. You may freely use or modify anything I upload.

Resolve an out-of-sync FileVault password with mobile AD user accounts

  • There is a major bug in Mojave with AD-bound mobile user accounts. If a user's password is reset off of the Mac (like in Active Directory, Okta, or an AD-bound Windows PC) the FileVault password is never updated to reflect the password change.
  • Users may report that their Keychain or account password at the login screen alternates between the old and new/current network password based on whether they are connected to the corporate network.
  • Mojave_FileVault_Sync.sh in the scripts folder revokes and reissues a Secure Token, then updates the FileVault preboot volume
  • I use a LAPS script in a Jamf extended attribute at my org, so this script also pulls that password value for use with sysadminctl
  • Members of the MacAdmins Slack report that Apple has acknowledged the issue, however a resolution date is unknown. The issue is still present as of 10.14.3.

Mojave: Privacy Preferences Policy Control (TCC) profiles

  • In macOS Mojave a user might encounter new privacy permission pop-ups when they launch apps like Microsoft Office, Parallels, Citrix, or TeamViewer.
  • You can find more information about the PPPC profiles from Apple https://help.apple.com/deployment/mdm/#/mdm38df53c2a
  • My profiles tend to focus on granting access to:
    • SystemPolicyAllFiles
    • AppleEvents
    • Accessibility
  • You cannot pre-approve Location Services, Microphone, or Camera access.

Scripts

The scripts folder contains helpful scripts compatible with macOS Mojave and High Sierra.

  • New Local_pw_expiration

    • If your organization is using a configuration profile to enforce a local password expiration policy, then a user doesn't receive any proactive notification that their password is nearing expiration.
    • This script pulls the value from a Jamf extended attribute (which contains the password age) and based on that value presents a "change password" warning dialogue to the user.
    • If you're not using Jamf, you can modify the script to pull the password age locally. Find the value in epoch time: /usr/bin/dscl . -read /Users/$localUser accountPolicyData | /usr/bin/awk -F'<real>|</real>' '{print $2}' | tail -4
    • If the user decides to reset their password, the Users & Groups pref pane will launch to allow the user to change their password.
    • This script avoids dscl to change the password, because that causes isses with secureToken in macOS High Sierra and Mojave
    • osascript simulates a click on the "Change Password..." button to take the user directly to the pw change interface. If your users are on Mojave they will need Jamf to be whitelisted for Accessibility in a PPPC profile.
    • PPPC profile will also need Jamf whitelisted for AppleEvents to control System Events.
    • I'm testing a revised version with sysadminctl that will respect your org's password complexity policy.
  • resetTCC_mic_camera

    • Resets the camera and microphone properties in the TCC database
    • Useful if an end user unintentionally denies access to the camera or microphone in a chat app like Skype, Slack, WebEx, or Lifesize.
  • create_admin_user: updated script with interactive osascript prompts to create a new user account with sysadminctl

  • admin_pwreset: Reset a user account password in High Sierra

    • updated script with interactive osascript prompts to reset a user password using sysadminctl
  • outlook_timezone: If a user is unable to resolve time zone mismatch errors in Microsoft Outlook.

Profiles

The profiles folder contains helpful mobileconfig files for use with your MDM service. The PayloadRemovalDisallowed key may be set to -bool value true or false depending on the profile. Please adjust the profile removal restrictions as needed when uploading to your MDM service.

  • Hide 32-bit Alerts: suppresses the 32-bit compatibility warnings for legacy software in High Sierra and Mojave

  • Suppress secureToken Window: suppresses the secureToken activation window that appears when an Active Directory-bound account signs into the Mac for the first time. Helpful for loaner Macs or computer lab environments

  • Skip Choose Your Look: skips the Setup Assistant screen for choosing between Light and Dark mode in Mojave

  • Skip Privacy Warning: skips the Setup Assistant screen for Data & Privacy in High Sierra and Mojave

  • block_macosbeta: Prevents users from installing macOS beta releases

  • chrome_settings: Sets some basic Chrome browser settings including:

    • preset bookmarks folder on bookmarks toolbar
    • preload Chrome extensions
    • set Java and Flash URL exceptions
    • set homepage
    • set first run tabs
    • previous versions of this profile set Chrome as the default browser, however in macOS High Sierra the user will still encounter default browser confirmation alerts regardless if that specific key is preconfigured in a profile
  • Multiple Microsoft Office profiles: Settings to reduce the number of dialog windows need to configure a user account if your org is using Office 365.

    • Suppresses "new feature" alerts & autodiscover auto-acceptance alerts.
    • Suppresses user requests for diagnostic info.
    • Sets the default save location to a "local" Mac location, and not OneDrive.
  • delay_updates: Delay macOS software updates by 30 days. Apple has the ability to bypass this restriction to push critical security patches.

  • disable_icloud_sync: Allows users to enable iCloud Drive on their Mac, however the iCloud Documents & Desktop sync feature is disallowed

  • disable_pw_change: If your users should reset their local Mac passwords using NoMAD, this restriction disables the Change Password button in System Preferences. Admins may still reset user passwords using the sysadminctl command or via your MDM service

  • expand_dialogs: Forces the expanded save and print dialog windows in macOS

  • kernelext_symantec: Allows macOS to load kernel extensions for Symantec Anti Virus 14

  • nomad_example: template for deploying NoMAD in your environment

  • block_profiles: Prevents users from clicking the Profiles pref pane in System Preferences

  • lock_screen: multiple settings for the lock and login screens

    • sets a lock screen message (and prevents users from changing it)
    • Allows Touch ID and auto unlock with Apple Watch
    • Disables the guest account
    • Enforces fast-user switching
    • Requires a user password 5 seconds after screensaver or sleep
    • Shows the Sleep, Restart, and Shutdown buttons at the lock screen
    • Disables auto user login
    • Presents username and password fields instead of user account icons at the lock screen.
      • Note: The FileVault login screen will always show user account icons
  • menubar_icons: Hide the Siri button in the menu bar, and always show:

    • AirPlay
    • Wifi
    • User's full name (for fast-user switching)
    • Battery icon with percentage
    • Bluetooth (macOS hides this by default)
    • Clock
    • Volume (hidden by default)
    • VPN (hidden by default)
  • enable_firewall: enforces the firewall, installed apps are able to receive incoming connections

Munki_pkgsinfo

I use Munki to deploy apps and custom pkgs at my organization. Munki supports startosinstall to re-image already-deployed Macs.

  • An admin (or the user) visits Managed Software Center and downloads the macOS installer as an OnDemand optional_install
  • Munki supports the startosinstall command, I add additional flags like...
    • --eraseinstall
    • --agreetolicense
    • --nointeraction
    • --installpackage (can be used multiple times, but keep the total number of pkgs and file sizes to a minimum)
    • --newvolumename
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].