Hi! I'm a Mac admin based in Austin, TX and I've uploaded some helpful scripts and configuration profiles compatible with macOS High Sierra and Mojave. You may freely use or modify anything I upload.
Mojave_FileVault_Sync.sh
in the scripts folder revokes and reissues a Secure Token, then updates the FileVault preboot volumesysadminctl
SystemPolicyAllFiles
AppleEvents
Accessibility
The scripts folder contains helpful scripts compatible with macOS Mojave and High Sierra.
New Local_pw_expiration
/usr/bin/dscl . -read /Users/$localUser accountPolicyData | /usr/bin/awk -F'<real>|</real>' '{print $2}' | tail -4
dscl
to change the password, because that causes isses with secureToken in macOS High Sierra and Mojaveosascript
simulates a click on the "Change Password..." button to take the user directly to the pw change interface. If your users are on Mojave they will need Jamf to be whitelisted for Accessibility in a PPPC profile.sysadminctl
that will respect your org's password complexity policy.resetTCC_mic_camera
create_admin_user: updated script with interactive osascript
prompts to create a new user account with sysadminctl
admin_pwreset: Reset a user account password in High Sierra
osascript
prompts to reset a user password using sysadminctl
outlook_timezone: If a user is unable to resolve time zone mismatch errors in Microsoft Outlook.
The profiles folder contains helpful mobileconfig files for use with your MDM service. The PayloadRemovalDisallowed
key may be set to -bool
value true
or false
depending on the profile. Please adjust the profile removal restrictions as needed when uploading to your MDM service.
Hide 32-bit Alerts: suppresses the 32-bit compatibility warnings for legacy software in High Sierra and Mojave
Suppress secureToken Window: suppresses the secureToken activation window that appears when an Active Directory-bound account signs into the Mac for the first time. Helpful for loaner Macs or computer lab environments
Skip Choose Your Look: skips the Setup Assistant screen for choosing between Light and Dark mode in Mojave
Skip Privacy Warning: skips the Setup Assistant screen for Data & Privacy in High Sierra and Mojave
block_macosbeta: Prevents users from installing macOS beta releases
chrome_settings: Sets some basic Chrome browser settings including:
Multiple Microsoft Office profiles: Settings to reduce the number of dialog windows need to configure a user account if your org is using Office 365.
delay_updates: Delay macOS software updates by 30 days. Apple has the ability to bypass this restriction to push critical security patches.
disable_icloud_sync: Allows users to enable iCloud Drive on their Mac, however the iCloud Documents & Desktop sync feature is disallowed
disable_pw_change: If your users should reset their local Mac passwords using NoMAD, this restriction disables the Change Password button in System Preferences. Admins may still reset user passwords using the sysadminctl
command or via your MDM service
expand_dialogs: Forces the expanded save and print dialog windows in macOS
kernelext_symantec: Allows macOS to load kernel extensions for Symantec Anti Virus 14
nomad_example: template for deploying NoMAD in your environment
block_profiles: Prevents users from clicking the Profiles pref pane in System Preferences
lock_screen: multiple settings for the lock and login screens
menubar_icons: Hide the Siri button in the menu bar, and always show:
enable_firewall: enforces the firewall, installed apps are able to receive incoming connections
I use Munki to deploy apps and custom pkgs at my organization. Munki supports startosinstall
to re-image already-deployed Macs.
OnDemand
optional_install
startosinstall
command, I add additional flags like...
--eraseinstall
--agreetolicense
--nointeraction
--installpackage
(can be used multiple times, but keep the total number of pkgs and file sizes to a minimum)--newvolumename