macos_setup_cheatsheet
macos_setup_cheatsheet copied to clipboard
zackn9ne
a macOS sysadmin cheatsheet
macOS Sysadmin Cheatsheet
find JAMF Policies ran in the last hour
cat /var/log/jamf.log | grep "$(date "+%a %b %e %H")"
last day
cat /var/log/jamf.log | grep "$(date "+%a %b %e")"
run a speedcheck multiply x10 for MB/sec roughly
curl -o /dev/null http://speedtest.wdc01.softlayer.com/downloads/test10.zip
plist to json (used for autopkg)
plutil -convert json site-autopkg_prefs.plist -o site.plist
how to get app version
defaults read /Applications/zoom.us.app/Contents/Info.plist CFBundleShortVersionString
defaults read /Applications/Slack.app/Contents/Info.plist CFBundleShortVersionString
how to get bundle ID
/usr/libexec/PlistBuddy -c 'Print CFBundleIdentifier' /Applications/Safari.app/Contents/Info.plist
Bundle ID's Collection (if you're too busy to look up)
com.adobe.acc.AdobeCreativeCloud
com.adobe.Reader
com.adobe.acc.AdobeCreativeCloud
com.linebreak.CloudAppMacOSX
com.getdropbox.dropbox
com.FormaGrid.Airtable
com.google.Chrome
org.mozilla.firefox
com.microsoft.Word
com.microsoft.Excel
com.microsoft.Outlook
com.microsoft.Powerpoint
com.microsoft.OneDrive-mac
com.tinyspeck.slackmacgap
WhatsApp
io.zeplin.osx
us.zoom.xos
a good jamf patching source
Patch Source: 3 (BeatleMike)
beta2.communitypatch.com/jamf/v1/64b23b234facb1d173e92941cf3ff452
who/why defered in jamf (see whodefered.sh)
cat /Library/Application\ Support/JAMF/.userdelay.plist
clear depnotify fails (cfprefsd is evil)
curl -O https://raw.githubusercontent.com/jamf/DEPNotify-Starter/master/depNotifyReset.sh && sudo sh depNotifyReset.sh
see what crashed and why
ls /Users/$USER/Library/Logs/DiagnosticReports/
kext lookup cheatsheet
sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy
select * from kext_policy;
reset a users password Jamf Pro
sudo jamf resetPassword -username <name> -password <password>
enable SSH access for only ONE USER macos
systemsetup -setremotelogin on
launchctl unload /System/Library/LaunchDaemons/ssh.plist
# Delete SSH access for existing users and groups
dscl . delete /Groups/com.apple.access_ssh NestedGroups
dscl . delete /Groups/com.apple.access_ssh GroupMembership
# Add SSH access for specific user(s)
dscl . create /Groups/com.apple.access_ssh GroupMembership test
# turnon
launchctl load /System/Library/LaunchDaemons/ssh.plist
Side Load Catalina installer
cd /tmp && curl -O https://raw.githubusercontent.com/grahampugh/erase-install/master/erase-install.sh && sudo bash erase-install.sh --move --version=10.15.2
no screensaver allowed in login screen
sudo defaults write /Library/Preferences/com.apple.screensaver loginWindowIdleTime 0
Add Printsystem to JAMF
PPD's are in
/private/etc/cups/PPD
drivers are in
/Library/Printers/PPDs/Contents/Resources/
Mac Admin GUI Tools
Privledges.app
/Applications/Privileges.app/Contents/Resources/PrivilegesCLI --remove
MacAdmin Commands and Tricks
oneDrive mac files on demand scope
Files On-Demand requires the latest version of Mac OS Mojave 10.14. You can download and install Mac OS Mojave from the Mac App Store.
generate a serial number
python -c "import string; from random import randint, sample; print('VM' + ''.join(sample((string.ascii_uppercase + string.digits),10)))"
sign packages (you have to setup your Apple Developer ID 1st)
productsign --sign “Developer ID Installer: Your Developer Name (12345asdf1234)” ~/Desktop/example.pkg ~/Desktop/signed-example.pkg
check the package signature
pkgutil --check-signature /path/to/package.pkg
make guest account script
curl -O https://raw.githubusercontent.com/sheagcraig/guestAccount/master/guest_account && sudo guest_account enable
make macOs USB installers Instructions
https://support.apple.com/hr-hr/HT201372
install pkg's
sudo installer -pkg /path/to/package.pkg -target /
create a bootable VMWare Mojave Image
Create a virtual disk image .dmg to fit the installation media. This command will do the trick: hdiutil create -o /tmp/Mojave -size 8000m -layout SPUD -fs HFS+J
Mount it using this command: hdiutil attach /tmp/Mojave.dmg -noverify -mountpoint /Volumes/install_build
Use the createinstallmedia tool that is packed in the Mojave installer that you downloaded from the AppStore to write the Mojave Installer to the virtual disk image we just created. remember to use sudo!: sudo /Applications/Install\ macOS\ Mojave.app/Contents/Resources/createinstallmedia --volume /Volumes/Mojave
users
copy paste and press return to rename computers with zackn9nez hoStnamE ChanGeR ScRiPT :computer:
curl -O https://raw.githubusercontent.com/zackn9ne/macos_setup_cheatsheet/master/host-name-changer.sh && sh host-name-changer.sh
escallate user to admin
dscl . -append /groups/admin GroupMembership USERNAME
revok admin privledges
sudo dseditgroup -o edit -d USERNAME -t user admin
password reset
/usr/bin/dscl . -passwd /Users/USERNAME "N3wPassWorD"
is root user enabeled
sudo dscl . -read /Users/root Password
is securetoken on for user
sysadminctl interactive -secureTokenStatus USER_NAME
get logged in user
loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'`
or
get logged in console user
id -un
get all users
dscl . list /Users | grep -v '_'
get admin users
dscacheutil -q group -a name admin
delete user
sudo sysadminctl -deleteUser USERNAME
log people out :door:
sudo pkill loginwindow #logs you out eg, xdg-logout gnome-session-quit
is mac bound to ad
dsconfigad -show | awk '/Active Directory Domain/{print $NF}'
reset mac to new status on boot password break in hack :minidisc:
Start or restart your Mac. As soon as you hear the startup tone, press and hold Command-S on the keyboard. Keep holding down those keys until you see a black screen with white lettering. This is called “booting into Single User Mode.”
rm /var/db/.applesetupdone #will ask to create user account on next boot with GUI #you have to be onsite and boot into single user mode
macos cruft
rebuild spotlight index :flashlight:
sudo mdutil -i on /
open link in chrome
open -a "Google Chrome" https://chrome.google.com/webstore/detail/clear-cache/cppjkneekbjaeellbfkmgnhonkkjfpdn?hl=en
Chrome Remove Searchvirus
#!/bin/sh
sudo pkill chrome
rm -rf "~/Library/Application Support/Google"
rm -rf "~/Library/Caches/com.google.Chrome*"
rm -rf "~/Library/Google"
Essential MacAdmin Tools
autopkg and autopkgr (GUI)
1. download and install autopkg
2. autopkg repo-add https://github.com/autopkg/recipes
3. autopkg list-recipes | grep Excel
4. autopkg run MicrosoftExcel2016.install
5. open ~/Library/AutoPkg/Cache/
PPPCUtility
how to create a kext
Create a kext from an pre-approved action on a sample machine.
Using the output from the Kext_Policy table, locate the Team_ID for the application and add it to the 'AllowedTeamIdentifiers'. In the provided ApprovedKEXT.mobileconfig file in this repo.
Push Config Profile to machine using MDM.
LINKS
https://support.jamfschool.com/hc/en-us/articles/115004701513-Whitelist-Kernel-Extensions
https://chris-collins.io/2018/03/15/Using-Terminal-At-macOS-Setup-Assistant/
https://forums.ivanti.com/s/article/How-To-Add-Kernel-Extension-Exceptions-using-Ivanti-MDM-in-2018-3
https://twocanoes.com/12-customizations-for-the-mojave-macos-login-window-that-you-didnt-know-about/
https://alvinalexander.com/mac-os-x/mac-osx-startup-crontab-launchd-jobs
filevault commands
## is fv on?
`sudo fdesetup status`
## check fv status
diskutil cs list | grep 'Conversion Progress'
### check fv status live update eg or... wait check status with command emulation
while :; do clear; diskutil cs list | grep 'Conversion Progress'; sleep 2; done
## can user unlock filevault
sysadminctl -secureTokenStatus tracy
## troubleshooting a failed filevault
fdesetup status
sudo fdesetup disable
##add user to filevault unlock list
sudo fdesetup add -usertoadd username
## filevault spare tires
sudo fdesetup list
sudo diskutil apfs updatePreboot /
send notification to user
osascript -e 'display alert "Hello World!" message "The reason for this pop-up alert: IT Work In Progress"'
osascript -e 'display alert "Hello World!" message "Leave open and plugged in: Automated installs in progress"'
mobileconfig to supress chrome 1strun
curl -o firstchrome.mobileconfig https://raw.githubusercontent.com/moofit/Config_Profiles/master/Google%20Chrome%20-%20Suppress%20First%20Run.mobileconfig && open firstchrome.mobileconfig
install printer using lpinfo.. make a package to install drivers first
#install drivers first
CURRENTPRNTR=`sudo cat /etc/cups/printers.conf | grep MakeModel | cut -c11-`
lpinfo --make-and-model "$CURRENTPRNTR" -m
lpoptions -l #list all printer options
lpadmin -p $MODEL \
-o StringBeforeEqualsSign=ValueAfterColon #found on lpoptions -l pRiNtErNaMe -t
Installinstallmacos.py Cheatsheet MacOS Installers, run them via command line
sudo curl -o installmacos.py https://raw.githubusercontent.com/munki/macadmin-scripts/master/installinstallmacos.py
sudo python installmacos.py
## or if coming from an older version the catalogurl might have to be spec'd
sudo python installmacos.py --catalogurl https://swscan.apple.com/content/catalogs/others/index-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
## do user interaction, wait for download, then...
hdiutil attach ./Install_macOS_10.14.3-18D109.dmg
open ./Install_macOS_10.14.3-18D109.dmg
Mojave installer
create a mojave installer USB
sudo ~/Downloads/Install\ macOS\ Mojave.app/Contents/Resources/createinstallmedia --volume /Volumes/newdisk
erase and reinstall
sudo /Applications/Install\ macOS\ Mojave.app/Contents/Resources/startosinstall --agreetolicense --eraseinstall --newvolumename "Macintosh HD" --nointeraction
do in place upgrade
sudo /Applications/Install\ macOS\ Mojave.app/Contents/Resources/startosinstall --agreetolicense --nointeraction
Reset Dock
#!/bin/sh
killall cfprefsd
killall Dock
#if these don't work try v
rm $HOME/Library/Preferences/com.apple.Dock.plist; killall cfprefsd; killall Dock
Copy and Paste all this and press return. Dock Icons uses https://github.com/homebysix/docklib library
#!/bin/sh
echo "downloading library..."
curl -O https://raw.githubusercontent.com/homebysix/docklib/4f3e173367f24b034c60092472c9523d8c7ddfca/docklib.py
echo "downloading script..."
curl -O https://raw.githubusercontent.com/zackn9ne/macos_setup_cheatsheet/master/dock.py
echo "creating dock..."
python dock.py
microsoft (python script) (installer) (run as user with admin priveledges, eg sudo)
#!/usr/bin/env python
import urllib2
import os
import sys
filedata = urllib2.urlopen('https://go.microsoft.com/fwlink/?linkid=830196')
datatowrite = filedata.read()
with open('./msupdater.pkg', 'wb') as f:
f.write(datatowrite)
os.system('sudo installer -pkg ./msupdater.pkg -target /')
os.system('cd /Library/Application\ Support/Microsoft/MAU2.0/Microsoft\ AutoUpdate.app/Contents/MacOS && ./msupdate --install')
..but if you have to script.. slack (python)
#!/usr/bin/env python
import urllib2
import os
import sys
src = "https://raw.githubusercontent.com/bwiessner/install_latest_slack_osx_app/master/install_latest_slack_osx_app.sh"
dest = "slack.sh"
filedata = urllib2.urlopen(src)
datatowrite = filedata.read()
with open('./' + dest, 'wb') as f:
f.write(datatowrite)
os.system('sudo chmod +x' + dest)
os.system('sudo ./' + dest)
zackn9ne