michael/MacAdmin
1
0
Fork 0
mirror of https://github.com/MLBZ521/MacAdmin.git synced 2026-02-03 14:03:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
initialDev
MacAdmin/Jamf Pro/Scripts
History
Zack T c9e6957f2d Code Improvements 
General code improvements
2019-02-13 23:39:48 -07:00
..
assign_Mac2User.sh
Minor clean up of script
2017-08-29 11:16:53 -07:00
config_SMBProtocol.sh
v2.0 = Made as a JSS Parameter Script
2017-08-29 11:15:04 -07:00
convert_OfficeLicense.sh
v1.0 = Production Version
2018-08-29 16:44:51 -07:00
info_DefaultApplication.md
Updated Extra Documentation
2017-09-08 15:52:38 -07:00
jamf_policyCaller.sh
Code Improvements
2019-02-13 23:39:48 -07:00
README.md
Added New ReadMe
2019-02-05 23:14:47 -07:00
reissue_FileVaultPRK.sh
v1.2 = Added several pre-req checks and better logging verbiage
2018-08-07 10:28:41 -07:00
set_DefaultApplication.sh
v1.0 = First Production Version
2017-08-30 10:45:15 -07:00

README.md

Scripts

The following are descriptions of the scripts that I have written for use in a Jamf Pro managed environment.

assign_Mac2User.sh

This script assigns a Mac to a User in JAMF Inventory records for a specific device. I had a request for a way to tie users to machines where users were not using directory accounts to sign in. This was as quick script that I threw together to accomplish this. I later converted this to an application using Swift.

config_SMBProtocol.sh

This script uses Script Parameters to configure the SMB Protocol on a Mac. There is also an Extension Attribute that can be used for scoping.

macOS Sierra 10.12

For macOS Sierra, set the JSS Script Parameter 6 to your desired configuration.

  • ex: To enable SMBv2/v3 only; Script Parameter 6 = 6

From the nsmb.conf man page:

  • Key = protocol_vers_map
  • Default Value = 7
  • Comment = Bitmap of SMB Versions that are enabled

"Bitmap of SMB Versions that are enabled" can be one of:

  • 7 = SMB 1/2/3 should be enabled
  • 6 = SMB 2/3 should be enabled
  • 4 = SMB 3 should be enabled
  • 2 = SMB 2 should be enabled
  • 1 - SMB 1 should be enabled

Mac OS X El Capitan 10.11 and Yosemite 10.10

For OS X El Capitan and Yosemite, set the JSS Script Parameter 5 to your desired configuration.

  • ex: To enable SMBv3 only; Script Parameter 5 = smb3_only

From the nsmb.conf man page:

  • Key = smb_neg
  • Default Value = normal
  • Comment = How to negotiate SMB 1/2/3

"How to negotiate SMB 1/2/3" can be one of:

  • normal = Negotiate with SMB 1 and attempt to negotiate to SMB 2/3.
  • smb1_only = Negotiate with only SMB 1.
  • smb2_only = Negotiate with only SMB 2. This also will set no_netbios.
  • smb3_only = Negotiate with only SMB 3. This also will set no_netbios.

Mac OS Mavericks 10.9

For OS X Mavericks or earlier, set the JSS Script Parameter 4 to your desired configuration.

  • ex: To enable SMBv3 only; Script Parameter 4 = smb2_only

From the nsmb.conf man page:

  • Key = smb_neg
  • Default Value = normal
  • Comment = How to negotiate SMB 2.x

"How to negotiate SMB 2.x" can be one of:

  • normal = Negotiate with SMB 1.x and attempt to negotiate to SMB 2.x.
  • smb1_only = Negotiate with only SMB 1.x.
  • smb2_only = Negotiate with only SMB 2.x. This also will set no_netbios.

jamf_policyCaller.sh

Description: This script uses Script Parameters to call other policies via Custom Triggers or Policy IDs. Essentially add the script to a policy and then in the Script Parameters, list the trigger(s) and ID(s) you want to use, separated by commas. Example format:

  • Custom Triggers
    • Trigger1, Trigger2, A_Trigger3, Another_Trigger4
  • Policy IDs
    • 1, 56, 237, 503, 290

reissue_FileVaultPRK.sh

Description: This script is intended for scenarios where the JSS does not have a valid FileVault Personal Recovery Key and one of the two are known:

  • a FV_Enabled User accounts password; or
  • a FileVault Recovery Key that was created/saved outside of the JSS

set_DefaultApplications.sh

For additional information, also see: info_DefaultApplication.md

This script set default applications using Script Parameters. This script will allow you to set the default application for both URL Schemes and Content Types (i.e. File Extensions). There are eight parameters available for use with this script. First we'll review the pre-configured ones to go over how to use the script.

There are two pre-configured parameters to make it easy to set the default Mail/Calendar and Browser applications. To use a pre-configured option, enter the name into the field exactly how it appears bolded below, or it will not work.

  • For the 'Set Web Browser' parameter, there are three built-in script options as well as a custom option:
    • Chrome
    • Firefox
    • Safari
    • (custom)
  • The same is done for the 'Set Mail/Calendar Application' parameter:
    • Outlook (Outlook for Mac)
    • Parallels Outlook
    • Apple Mail (with Apple Calendar)
    • (custom)

For custom parameters, you will need to supply the values for the Application's CFBundleIdentifier and the URL Scheme or Content Type.

In the first box in the parameter fields, you would enter the type of content/service that is accessed and the second field you would enter the application that will be assigned. URL Schemes are a little more self-explanatory than the Extension fields or ContentType. You will will have to gather the type of content for a file (it's not the '.extension' unfortunately). This will take a bit of field work to figure out; you can use the mdls command to assist in getting this info. To assign to an application, you will need to enter that applications 'CFBundleIdentifier'. For most applications, you can easily pull that with the defaults command.

  • mdls myFile.txt
  • defaults read /Applications/Microsoft\ Outlook.app/Contents/Info.plist CFBundleIdentifier

For an example, to set a custom 'ftp' application, you would need to use the Custom URL Scheme 1 and Custom URL App 1. These two fields are linked as are the Custom [Extension|App] [1|2] or Content Type fields.

Going back to the pre-configured parameters, to use an application that is not pre-configured, you would just need to enter the applications CFBundleIdentifier. And yes, if there is a Parallels instance (with Windows) installed on the machine, it (should)/will find the CFBundleIdentifier for the Windows instance of Microsoft Outlook and set it as the default application.

This parameters script is a little more complicated so if you have any questions or need help, feel free to let me know.

(I highly recommend testing this before deploying -- there is not an 'undo' option!)

Reference in New Issue View Git Blame Copy Permalink