macOS Scriptlets

Automated install of the latest Zoom for Mac

# Changes into the temporary folder
cd /Users/Shared

# Downloads the package from Mosyle CDN with Mosyle variable link for continuous downloading link that doesn't expire. 
# Check option to allow Mosyle Variables on PKG in Mosyle and replace %% variable. Or replace with http:// link
curl -L --silent -o /Users/Shared/ZoomInstallerIT.pkg "https://zoom.us/client/latest/ZoomInstallerIT.pkg"

# Installs the package
installer -allowUntrusted -pkg /Users/Shared/ZoomInstallerIT.pkg -target /

# Removes the package after installation
rm -f /Users/Shared/ZoomInstallerIT.pkg

Retrieve the last item downloaded from user’s Safari

currentUser=$(stat -f%Su /dev/console)

safariDownloadList=$(/usr/libexec/PlistBuddy -c "Print" /Users/$currentUser/Library/Safari/Downloads.plist)

echo "$safariDownloadList" | grep -m 1 DownloadEntryPath | cut -c 33- | tr -d “;

Check for a particular profile applied via MDM – in this case FileVault

function profileCheck {
  PROFILES=$(/usr/bin/profiles -P)
}
profileCheck

FVStatus=$(sudo fdesetup status)

if [[ "$FVStatus" = *"On"* ]]; then
	while [[ "$PROFILES" != *"com.mosyle.privacy.27"* ]]
	do
    echo "no filevault"
  profileCheck
  sleep 1
	done
  echo "filevault!"
fi

Choose documents based on macOS version

if [[ $devicemacOSVersion = *"13"* ]]; then # 14 because Ventura could theoretically go to 13.9
if [[ $dEPStatus == "Device Enrollment configuration:" ]]; then
echo "here!"
mediaPayload="$tutorialVideoVenturaDEP"
else
  if [[ "$newMDM" = *"mosyle"* ]]; then
    mediaPayload=$tutorialVideoVenturaWebEnrollMosyle
  else
    mediaPayload=$tutorialVideoVenturaWebEnrollJamf
  fi
fi
fi

if [[ $devicemacOSVersion < 13 ]]; then # 14 because Ventura could theoretically go to 13.9
if [[ $dEPStatus == "Device Enrollment configuration:" ]]; then
mediaPayload=$tutorialVideoMontereyDEP
else
  if [[ "$newMDM" = *"mosyle"* ]]; then
    mediaPayload=$tutorialVideoMontereyWebEnrollMosyle
  else
    mediaPayload=$tutorialVideoMontereyWebEnrollJamf
  fi
fi
fi

Check the DEP / Apple Business Manager status from of a particular Mac

dEPStatus=$(profiles show -type enrollment | grep "Device Enrollment configuration:") # For checking DEP Status for MDM Update support

if [[ $dEPStatus == "Device Enrollment configuration:" ]]
then
  echo "Has DEP"
else
  echo "No DEP"
fi

echo "The DEP Check is: "$DEPCheck

Retrieve the user’s set default browser on Mac

currentUser=$(stat -f%Su /dev/console)

defaultBrowser=$(defaults read /Users/$currentUser/Library/Preferences/com.apple.LaunchServices/com.apple.LaunchServices.secure.plist | grep https -B 2 | grep LSHandlerRoleAll | cut -d \" -f2)

echo "<result>$defaultBrowser</result>"

Wait for screen to be unlocked (no screensaver) before showing user dialogue boxes on Mac

#!/bin/sh

function screenIsLocked { [ "$(/usr/libexec/PlistBuddy -c "print :IOConsoleUsers:0:CGSSessionScreenIsLocked" /dev/stdin 2>/dev/null <<< "$(ioreg -n Root -d1 -a)")" = "true" ] && return 0 || return 1; }
function screenIsUnlocked { [ "$(/usr/libexec/PlistBuddy -c "print :IOConsoleUsers:0:CGSSessionScreenIsLocked" /dev/stdin 2>/dev/null <<< "$(ioreg -n Root -d1 -a)")" != "true" ] && return 0 || return 1; }

if screenIsLocked; then
    echo "Screen locked"
fi

while screenIsUnlocked; do
    sleep 1
done

if ! screenIsLocked; then
    echo "Screen unlocked (inverse logic)"
fi

if ! screenIsUnlocked; then
    echo "Screen locked (inverse logic)"
fi

Remove WiFi certificates and save passwords from a Mac

currentUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
deviceSerialNumber=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}') # For requesting Jamf JSSID
WIFIEN="$(networksetup -listallhardwareports | awk '/Wi-Fi/{getline; print $2}')"
currentSSID=$(/Sy*/L*/Priv*/Apple8*/V*/C*/R*/airport -I | grep -w SSID | awk '{print $2}')

echo "Removing WFSWIFI from AirPort settings"
sudo networksetup -removepreferredwirelessnetwork $WIFIEN WFSWIFI

echo "Removing WFS-$deviceSerialNumber certificate from the System Keychain"
sudo security delete-certificate -c WFS-$deviceSerialNumber /Library/Keychains/System.keychain
sudo security delete-certificate -c WFS-$deviceSerialNumber /Library/Keychains/System.keychain # Removing duplicates from improper process

echo "Removing $deviceSerialNumber certificate from the System Keychain"
sudo security delete-certificate -c $deviceSerialNumber /Library/Keychains/System.keychain
sudo security delete-certificate -c $deviceSerialNumber /Library/Keychains/System.keychain # Removing duplicates from improper process

Case statement for running commands on certain conditions

case "$enforcementCount" in
-5) enforcementCountWord="Five"
User_Notification_Check
;;
-4) enforcementCountWord="Four"
User_Notification_Check
;;
-3) enforcementCountWord="Three"
User_Notification_Check
;;
-2) enforcementCountWord="Two"
User_Notification_Check
;;
-1) enforcementCountWord="One"
User_Notification_Check
;;
0) Run_Nudge & # Must call Nudge with "&" as new process, or script will not continue.
if [[ "$enableNudgeLaunchAgent" == "true" ]]; then
CreateNudgeLaunchAgent
fi
;;
[0-9999]*) Run_Nudge & # Must call Nudge with "&" as new process, or script will not continue. 9,999 days is for anything above 0.
if [[ "$enableNudgeLaunchAgent" == "true" ]]; then
CreateNudgeLaunchAgent
fi
;;
*) enforcementCountWord="$enforcementCount"
;;
esac

Check if the Mac is running a beta macOS

betaCheck=$(/System/Library/PrivateFrameworks/Seeding.framework/Versions/A/Resources/seedutil current | grep -E 'Build|Enrolled')

if [[ "$betaCheck" = *"YES"* ]]
then
  echo "Data Check      -   Mac appears to have a beta macOS. Quitting!"
  exit 1
fi

Example Jamf API call script to retrieve a JSSID of for a particular Mac from its Serial Number

apiuser='user@user.com' # Username of a user with API Computer read GET and Computer Group PUT access
apipassBase64='sdfadfasdf=' # Encode password into Base64 at http://base64encode.org and place between the single quotes
apipass=$(echo $apipassBase64 | base64 --decode) # Base64 password decode into variable memory

DeviceSerialNumber=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')
notifierLocation=/usr/local/bin/Black\ Glove\ Notifier.app/Contents/MacOS/Black\ Glove\ Notifier


#jssurl="https://blackglove.jamfcloud.com" # Your JSS Information
jssurl="https://fantasy-jamf.electric.ai:8443" # Your JSS Information


#curl -H "Accept: text/xml" -sfku "${apiuser}:${apipass}" "${jssurl}/JSSResource/computers/serialnumber/${DeviceSerialNumber}/subset/general" | /usr/bin/perl -lne 'BEGIN{undef $/} while (/<id>(.*?)<\/id>/sg){print $1}' | head -n 1

curl -H "Accept: text/xml" -sfku "${apiuser}:${apipass}" "${jssurl}/JSSResource/computers/serialnumber/${DeviceSerialNumber}/subset/general" | /usr/bin/perl -lne 'BEGIN{undef $/} while (/<id>(.*?)<\/id>/sg){print $1}' | head -n 1
JSS_ID=$(curl -H "Accept: text/xml" -sfku "${apiuser}:${apipass}" "${jssurl}/JSSResource/computers/serialnumber/${DeviceSerialNumber}/subset/general" | /usr/bin/perl -lne 'BEGIN{undef $/} while (/<id>(.*?)<\/id>/sg){print $1}' | head -n 1)
echo "Data Check      -   Mac JSS ID: $JSS_ID"