macOS Scriptlets
Automated install of the latest Zoom for Mac
# Changes into the temporary folder
cd /Users/Shared
# Downloads the package from Mosyle CDN with Mosyle variable link for continuous downloading link that doesn't expire.
# Check option to allow Mosyle Variables on PKG in Mosyle and replace %% variable. Or replace with http:// link
curl -L --silent -o /Users/Shared/ZoomInstallerIT.pkg "https://zoom.us/client/latest/ZoomInstallerIT.pkg"
# Installs the package
installer -allowUntrusted -pkg /Users/Shared/ZoomInstallerIT.pkg -target /
# Removes the package after installation
rm -f /Users/Shared/ZoomInstallerIT.pkg
Retrieve the last item downloaded from user’s Safari
currentUser=$(stat -f%Su /dev/console)
safariDownloadList=$(/usr/libexec/PlistBuddy -c "Print" /Users/$currentUser/Library/Safari/Downloads.plist)
echo "$safariDownloadList" | grep -m 1 DownloadEntryPath | cut -c 33- | tr -d “;
Check for a particular profile applied via MDM – in this case FileVault
function profileCheck {
PROFILES=$(/usr/bin/profiles -P)
}
profileCheck
FVStatus=$(sudo fdesetup status)
if [[ "$FVStatus" = *"On"* ]]; then
while [[ "$PROFILES" != *"com.mosyle.privacy.27"* ]]
do
echo "no filevault"
profileCheck
sleep 1
done
echo "filevault!"
fi
Choose documents based on macOS version
if [[ $devicemacOSVersion = *"13"* ]]; then # 14 because Ventura could theoretically go to 13.9
if [[ $dEPStatus == "Device Enrollment configuration:" ]]; then
echo "here!"
mediaPayload="$tutorialVideoVenturaDEP"
else
if [[ "$newMDM" = *"mosyle"* ]]; then
mediaPayload=$tutorialVideoVenturaWebEnrollMosyle
else
mediaPayload=$tutorialVideoVenturaWebEnrollJamf
fi
fi
fi
if [[ $devicemacOSVersion < 13 ]]; then # 14 because Ventura could theoretically go to 13.9
if [[ $dEPStatus == "Device Enrollment configuration:" ]]; then
mediaPayload=$tutorialVideoMontereyDEP
else
if [[ "$newMDM" = *"mosyle"* ]]; then
mediaPayload=$tutorialVideoMontereyWebEnrollMosyle
else
mediaPayload=$tutorialVideoMontereyWebEnrollJamf
fi
fi
fi
Check the DEP / Apple Business Manager status from of a particular Mac
dEPStatus=$(profiles show -type enrollment | grep "Device Enrollment configuration:") # For checking DEP Status for MDM Update support
if [[ $dEPStatus == "Device Enrollment configuration:" ]]
then
echo "Has DEP"
else
echo "No DEP"
fi
echo "The DEP Check is: "$DEPCheck
Retrieve the user’s set default browser on Mac
currentUser=$(stat -f%Su /dev/console)
defaultBrowser=$(defaults read /Users/$currentUser/Library/Preferences/com.apple.LaunchServices/com.apple.LaunchServices.secure.plist | grep https -B 2 | grep LSHandlerRoleAll | cut -d \" -f2)
echo "<result>$defaultBrowser</result>"
Wait for screen to be unlocked (no screensaver) before showing user dialogue boxes on Mac
#!/bin/sh
function screenIsLocked { [ "$(/usr/libexec/PlistBuddy -c "print :IOConsoleUsers:0:CGSSessionScreenIsLocked" /dev/stdin 2>/dev/null <<< "$(ioreg -n Root -d1 -a)")" = "true" ] && return 0 || return 1; }
function screenIsUnlocked { [ "$(/usr/libexec/PlistBuddy -c "print :IOConsoleUsers:0:CGSSessionScreenIsLocked" /dev/stdin 2>/dev/null <<< "$(ioreg -n Root -d1 -a)")" != "true" ] && return 0 || return 1; }
if screenIsLocked; then
echo "Screen locked"
fi
while screenIsUnlocked; do
sleep 1
done
if ! screenIsLocked; then
echo "Screen unlocked (inverse logic)"
fi
if ! screenIsUnlocked; then
echo "Screen locked (inverse logic)"
fi
Remove WiFi certificates and save passwords from a Mac
currentUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
deviceSerialNumber=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}') # For requesting Jamf JSSID
WIFIEN="$(networksetup -listallhardwareports | awk '/Wi-Fi/{getline; print $2}')"
currentSSID=$(/Sy*/L*/Priv*/Apple8*/V*/C*/R*/airport -I | grep -w SSID | awk '{print $2}')
echo "Removing WFSWIFI from AirPort settings"
sudo networksetup -removepreferredwirelessnetwork $WIFIEN WFSWIFI
echo "Removing WFS-$deviceSerialNumber certificate from the System Keychain"
sudo security delete-certificate -c WFS-$deviceSerialNumber /Library/Keychains/System.keychain
sudo security delete-certificate -c WFS-$deviceSerialNumber /Library/Keychains/System.keychain # Removing duplicates from improper process
echo "Removing $deviceSerialNumber certificate from the System Keychain"
sudo security delete-certificate -c $deviceSerialNumber /Library/Keychains/System.keychain
sudo security delete-certificate -c $deviceSerialNumber /Library/Keychains/System.keychain # Removing duplicates from improper process
Case statement for running commands on certain conditions
case "$enforcementCount" in
-5) enforcementCountWord="Five"
User_Notification_Check
;;
-4) enforcementCountWord="Four"
User_Notification_Check
;;
-3) enforcementCountWord="Three"
User_Notification_Check
;;
-2) enforcementCountWord="Two"
User_Notification_Check
;;
-1) enforcementCountWord="One"
User_Notification_Check
;;
0) Run_Nudge & # Must call Nudge with "&" as new process, or script will not continue.
if [[ "$enableNudgeLaunchAgent" == "true" ]]; then
CreateNudgeLaunchAgent
fi
;;
[0-9999]*) Run_Nudge & # Must call Nudge with "&" as new process, or script will not continue. 9,999 days is for anything above 0.
if [[ "$enableNudgeLaunchAgent" == "true" ]]; then
CreateNudgeLaunchAgent
fi
;;
*) enforcementCountWord="$enforcementCount"
;;
esac
Check if the Mac is running a beta macOS
betaCheck=$(/System/Library/PrivateFrameworks/Seeding.framework/Versions/A/Resources/seedutil current | grep -E 'Build|Enrolled')
if [[ "$betaCheck" = *"YES"* ]]
then
echo "Data Check - Mac appears to have a beta macOS. Quitting!"
exit 1
fi
Example Jamf API call script to retrieve a JSSID of for a particular Mac from its Serial Number
apiuser='user@user.com' # Username of a user with API Computer read GET and Computer Group PUT access
apipassBase64='sdfadfasdf=' # Encode password into Base64 at http://base64encode.org and place between the single quotes
apipass=$(echo $apipassBase64 | base64 --decode) # Base64 password decode into variable memory
DeviceSerialNumber=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')
notifierLocation=/usr/local/bin/Black\ Glove\ Notifier.app/Contents/MacOS/Black\ Glove\ Notifier
#jssurl="https://blackglove.jamfcloud.com" # Your JSS Information
jssurl="https://fantasy-jamf.electric.ai:8443" # Your JSS Information
#curl -H "Accept: text/xml" -sfku "${apiuser}:${apipass}" "${jssurl}/JSSResource/computers/serialnumber/${DeviceSerialNumber}/subset/general" | /usr/bin/perl -lne 'BEGIN{undef $/} while (/<id>(.*?)<\/id>/sg){print $1}' | head -n 1
curl -H "Accept: text/xml" -sfku "${apiuser}:${apipass}" "${jssurl}/JSSResource/computers/serialnumber/${DeviceSerialNumber}/subset/general" | /usr/bin/perl -lne 'BEGIN{undef $/} while (/<id>(.*?)<\/id>/sg){print $1}' | head -n 1
JSS_ID=$(curl -H "Accept: text/xml" -sfku "${apiuser}:${apipass}" "${jssurl}/JSSResource/computers/serialnumber/${DeviceSerialNumber}/subset/general" | /usr/bin/perl -lne 'BEGIN{undef $/} while (/<id>(.*?)<\/id>/sg){print $1}' | head -n 1)
echo "Data Check - Mac JSS ID: $JSS_ID"
Description
Black Glove
Various useful snippets of macOS shell code for demonstration purposes: