Skip to main content
Jamf Nation, hosted by Jamf, is a dynamic and knowledgeable community of Apple-focused IT admins and Jamf Pro users. Join us in person, in October, for the annual Jamf Nation User Conference (JNUC) to discover new and better ways to manage Apple devices.

Scripts

Scripts can be uploaded into the JSS using Casper Admin and executed on managed computers using a Policy or Casper Remote.

Most scripts can be used in other management systems with little or no modification.

113 scripts have been uploaded to Jamf Nation

activateSchedule.sh - Activates the scheduled updates on target computer(s); name of the schedule must be included in the command

This script activates a schedule that is currently configured in the DeepFreeze application. Please note that the schedule object must already be present on the computers on which this script is being run. If the schedule is not currently available on the target clients, it can be packaged up and deployed via Composer.

activateSchedule.sh (4.81 KB)

Download

activateSophosSafeGuard.sh -- Activate Sophos SafeGuard

This script will create a SafeGuard user, and will begin the encrypting a specified drive. Please note that this script was created using the latest version of Sophos SafeGuard available at the time of the script creation (05.49.00). Compatibility with versions of Sophos SafeGuard created prior to and post 05.49.00 is unknown at this time.

activateSophosSafeGuard.sh (6.80 KB)

Download

Add Custom DNS Search Domains

Add custom DNS search domains to every Ethernet adapter on a system. This can be handy when imaging new systems or adjusting configurations into DNS for users who neglect using Fully Qualified Domain Names when connecting to Server Shares, etc.

AddSearchDomains_new.sh (1.80 KB)

Download

addToODComputerGroup.sh -- Adds a computer to an Open Directory Computer Group

This script will add a Computer that exists in an Open Directory server to an Open Directory computer group or computer list. The script assumes that the computer group has previously been bound using a "Secure Bind" to the OD server. Multiple groups can be specified for the "groups" array found below in the variable section. Example values for the groups hard-coding the groups array are: groups=( 'group1' ) groups=( 'group1' 'group2' ) Example values for passing the groups parameter by Casper Remote or a Policy: group1 group2

addToODComputerGroup.sh (n/a)

Download

ADmitMac Mobile Account Alias Fix

It appears that with ADmitMac v7 on OS X 10.7 and 10.8, the local Directory Services accounts for Mobile Accounts are created without any reference to the sAMAccountName. This means that user record names do not shown in the alias field of the users accounts in System Preferences For example jbloggs logs in the first time ok but subsequent logins will only work with jbloggs@FQDN Alternatively i have created this script to run as a login policy to address this issue.

MobileAccountAliasFix.sh (1.61 KB)

Download

Adobe Acrobat Reader DC installer/updater

Installs or updates Adobe Acrobat Reader DC

AdobeReaderUpdate.sh (4.62 KB)

Download

Adobe AIR installer/updater

Installs or updates Adobe AIR

AdobeAIRUpdate.sh (4.31 KB)

Download

Adobe Reader installer/updater

Installs or updates Adobe Reader

AdobeReaderUpdate.sh (4.38 KB)

Download

Apple Software Update Script

This script will allow you to install individual software updates from Apple. By using the Parameter 4 option, you can select which item you would like the script to find any available updates and install them if they are available.

AppleSoftwareUpdateSearch_Casper.sh (4.05 KB)

Download

Auto Scan Removable Media

This is used with a launch daemon to run the script every time a volume is mounted This script will search if there is removable media and will automatically scan the media If there is a virus the system tries to "touch the file" which activate the SAV Quarantine Manager

SAV_Scan_Removable_Media.sh (1.60 KB)

Download

bindToLDAP.sh -- Bind to LDAP

This script will bind a Mac OS X Server or Client machine to any LDAP server. This script is part of a larger process that is required to bind machines to an LDAP server and is intended to be used for situations in which the built-in binding types (AD, OD, Centrify, Likewise, ADmitMac) are not acceptable. This script is designed to be used when attribute mappings need to be customized through the Directory Utility to add an LDAP server to Directory Services for authentication and contact lookups. The overall process consists of: -Manually configuring a machine to read from the LDAP server using the Directory Utility -Creating a package of the file: /Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig.plist -Modifying this script to contain the server address -Deploying the package, and running the script on a targeted client machine

bindToLDAP.sh (5.28 KB)

Download

bootFrozen.sh -- Freezes a Deep Freeze Partition

This script freezes a partition that has been thawed by DeepFreeze. This script assumes that the partition to which the machine is currently booted is the working DeepFreeze partition. To freeze a partition that the machine is not currently booted to, see freezePartition.sh Note that a reboot is required to finalize the freeze process. We recommend using the "Reboot" tab in a Casper Remote session or a Casper Policy to perform this process. This script should be used in the scenario where you would like to freeze the partition to which you are currently booted. To freeze a partition that you are not booted to (i.e. when using Casper Imaging), please see freezeTargetPartition.sh.

bootFrozen.sh (4.67 KB)

Download

bootThawed.sh -- Thaws a Deep Freeze Partition

This script thaws a partition that has been frozen by DeepFreeze. This script assumes that the partition to which the machine is currently booted is the working DeepFreeze partition. To thaw a partition that the machine is not currently booted to, see thawPartition.sh The number of reboots for which the machine will remain thawed is hard-coded to 1 reboot by default, but can be customized by either passing parameter 6 through the Casper Suite, or by hard-coding the number of times via the "bootThawedFor" variable in this script. Note that a reboot is required to finalize the freeze process. We recommend using the "Reboot" tab in a Casper Remote session or a Casper Policy to perform this process. This script should be used in the scenario where you would like to thaw the partition to which you are currently booted. To thaw a partition that you are not booted to (i.e. when using Casper Imaging), please see thawTargetPartition.sh.

bootThawed.sh (5.42 KB)

Download

Capture App Store Installer Packages

This script can be used to capture downloaded package files from the Mac App Store so the apps can be redistributed. The package files will retain their Apple developer certificates but will NOT include the _MASReceipt from the App Store.

get_appstore_downloads.v2.sh (1.69 KB)

Download

changeADAdminGroups.sh -- Change the AD Administrative Groups

This script will modify the groups from an Active Directory domain controller that will have administrative access on the machine. This script should be run after a machine has been bound to Active Directory. The <timeout> value can be used with a hardcoded value in the script, or read in as a parameter. Since the Casper Suite defines the first three parameters as (1) Mount Point, (2) Computer Name and (3) username, we are using the fourth parameter ($4) as the passable parameter.

changeADAdminGroups.sh (4.73 KB)

Download

changeLDAPConnectionTimeout.sh -- Change the connection timeout to get to a Directory Server

This script will modify the length of time that Directory Services will wait before an attempted connection times out. Modifying this value can be particularly useful in an environment with mobile users that are bound to an LDAP server that is not accessible from the outside world. The <timeout> value can be used with a hardcoded value in the script, or read in as a parameter. Since the Casper Suite defines the first three parameters as (1) Mount Point, (2) Computer Name and (3) username, we are using the fourth parameter ($4) as the passable parameter.

changeLDAPConnectionTimeout.sh (4.98 KB)

Download

Clear & Randomize SEP Updates

The script is currently set to: 1. Clear any and all scheduled jobs 2. Generate a new randomized time between 6AM & 9PM (this is adjustable) 3. Use the new randomized time to set a new schedule for updating all SEP products daily and in the background. 4. Display the new schedule for verification of a good set. Very helpful for making sure all the Macs aren't bringing an internet connection or local server to it's knees at one certain time a day.

Set_SEP_Sched_Tasks-New.sh (2.49 KB)

Download

Configure Accounts in Microsoft Entourage 2004, 2008

This script will configure an account within Entourage 2004 or 2008 based upon information provided in the parameters below as well as the username of the user who is currently logged into a machine. This script is best run as part of a Casper Suite policy that utilizes a trigger of "Login" with a frequency set to "Once Per User" so that as a user logs into a machine for the first time, this script will launch and Entourage will be configured. Please note that Applescripts can be published directly to the Casper Suite and pushed out via a Casper Policy or Casper Remote, provided that the script is saved in the readable "scpt" format.

entourageSetup.scpt (32.7 KB)

Download

Configure Accounts in Microsoft Entourage 2004, 2008

This script will configure an account within Entourage 2004 or 2008 based upon information provided in the parameters below as well as the username of the user who is currently logged into a machine. This script is best run as part of a Casper Suite policy that utilizes a trigger of "Login" with a frequency set to "Once Per User" so that as a user logs into a machine for the first time, this script will launch and Entourage will be configured. Please note that Applescripts can be published directly to the Casper Suite and pushed out via a Casper Policy or Casper Remote, provided that the script is saved in the readable "scpt" format.

entourageSetup.scpt (32.7 KB)

Download

configureADmitMac.sh -- Change some of ADmitMac's configuration options

This script will modify the following ADmitMac configuration options: -Enable Workgroup Manager MCX functionality -Set ADmitMac LANMAN policy to use "Send NTLMv2 response only"

configureADmitMac.sh (3.68 KB)

Download

configurePowerSave.sh -- Configures Faronics Power Save

This script configures the Power Save application. To configure a certain setting, either pass the value for the setting, or modify the variable in this script. For example, to set the display sleep setting to make the display sleep after 10 minutes, modify the "displaySleep" variable to equal "10"

configurePowerSave.sh (5.11 KB)

Download

Copy Device Hostname to Device's Location "Room" field.

This script copies an iOS device's hostname from the JSS and submits it into the device's inventory record under Location->Room. Organizations utilizing an Asset Tag can set the hostname of the device to the asset tag, then copy the hostname to the Location field for future searches, reporting, etc.

setIOShostname.sh (2.16 KB)

Download

Copy Vendor .APP from Vendor .DMG using a Composer .PKG

Useful for making installer .PKGs from vendor .DMG files that are simple copy-to-/Applications folder. Sometimes these apps do NOT like being wrapped into a Composer setup making installs problematic. I'd originally made this for the VMWare Horizon Client, but it works for other problematic apps as well.

install_from_vendorDMG.sh (2.28 KB)

Download

Create Mas_Receipt

If you are in need of creating a MAS_Receipt for an appstore pkg such as iPhoto, Keynote, or any other application this script will allow you to run as an after action to create them. For information on how to download an app from the Apple App store, not tied to an AppleID, please refer to : http://derflounder.wordpress.com/2013/08/22/downloading-apples-server-app-installer-package/

CreateMASReceipt.sh (396 B)

Download

Disable Smart Card Pairing UI

This was created as a solution for the "Allow Smart Card Pairing" option in the SmartCard Configuration Profile payload not working and allowing the user to pair their Smart Card after the profile was installed. Since the sc_auth command cannot be ran as root, this script will pull the username of the current user and run the command to disable the pairing UI as each user at login (or whenever the trigger is set to run) I have also created an Extension Attribute to pull the status of the Smart Card Pairing UI which can be used for a smart group or scoping.

DisableSmartCardPairing.sh (1.41 KB)

Download

disableAirport.sh -- Disable the airport drivers

This script disables the airport drivers, thereby disabling all functionality of the airport. After running this script, the airport drivers will be moved to: /Library/Application Support/JAMF/DisabledExtensions/ This way, the airport could be re-enabled in the future. After running this script, the machine will need to be rebooted for the settings to take effect if the script was run against a booted target volume.

disableAirPort.sh (5.25 KB)

Download

disableAutoLogout.sh -- Disable Account Auto-Logout Feature

This script will prevent a user account from logging out automatically. The Center for Internet Security Recommends disabling the ability to log out automatically in its Mac OS X 10.5 Leopard Level 1 & 2 Benchmark publication in the section titled 'Disable Òautomatic logoutÓ after a period of inactivity' andis rule number 2.4.13.4.

disableAutoLogout.sh (4.27 KB)

Download

disableBluetooth.sh -- Disable the Bluetooth drivers

This script disables the bluetooth drivers, thereby disabling all functionality of the bluetooth receiver. After running this script, the bluetooth drivers will be moved to: /Library/Application Support/JAMF/DisabledExtensions/ This way, the bluetooth could be re-enabled in the future. After running this script, the machine will need to be rebooted for the settings to take effect.

disableBluetooth.sh (6.73 KB)

Download

disableBluetoothSetupAssistant.sh -- Disable the Bluetooth Setup Assisant

This script disables the Bluetooth Setup Assistant that appears when an unrecognized bluetooth device is connected to a machine. After running this script, the Bluetooth Setup Assistant will be moved to: /Library/Application Support/JAMF/DisabledApplications/ This way, the Bluetooth Setup Assistant could be re-enabled in the future.

disableBluetoothSetupAssistant.sh (4.09 KB)

Download

disableCoreDumps.sh -- Disables system core dumps

This script will disable system core dumps. The Center for Internet Security recommends disabling core dumps in its Mac OS X 10.5 Leopard Level 1 & 2 Benchmark publication in the section titled "Disable Core Dumps" and is rule number 2.2.8.

disableCoreDumps.sh (4.23 KB)

Download

disableFirewire.sh -- Disable the firewire drivers

This script disables the firewire drivers, thereby disabling all functionality of the firewire bus. After running this script, the firewire drivers will be moved to: /Library/Application Support/JAMF/DisabledExtensions/ This way, the firewire drivers could be re-enabled in the future. After running this script, the machine will need to be rebooted for the settings to take effect.

disableFirewire.sh (4.68 KB)

Download

disableGuestFolderSharing.sh -- Disable guest access to shared folders

This script will disable guest access to shared folders through AFP & SMB.

disableGuestFolderSharing.sh (4.60 KB)

Download

disableGuestLogin.sh -- Disable Guest Account Login Feature

This script will prevent the guest user account from logging in.

disableGuestLogin.sh (3.53 KB)

Download

disableInternetSharing.sh -- Disable Internet Sharing System Preference

This script will disable internet sharing on Leopard as it is found in the sharing section of System Preferences.

disableInternetSharing.sh (3.96 KB)

Download

disableIR.sh -- Disable IR Receiver required for use of remote control

This script will disable the remote control infrared receiver.

disableIR.sh (3.80 KB)

Download

disableiSight.sh -- Disable the iSight Camera drivers

This script disables the iSight Camera drivers, thereby disabling all functionality of the iSight Camera. After running this script, the iSight Camera drivers will be moved to: /Library/Application Support/JAMF/DisabledExtensions/ This way, the iSight Camera drivers could be re-enabled in the future. After running this script, the machine will need to be rebooted for the settings to take effect.

disableiSight.sh (5.97 KB)

Download

disableKeyboardSetupAssistant.sh -- Disable the Keyboard Setup Assisant

This script disables the Keyboard Setup Assistant that appears when an unrecognized keyboard is connected to a machine. Certain types of KVM's can also cause the Keyboard Setup Assistant to appear. After running this script, the Keyboard Setup Assistant will be moved to: /Library/Application Support/JAMF/DisabledApplications/ This way, the Keyboard Setup Assistant could be re-enabled in the future.

disableKeyboardSetupAssistant.sh (4.15 KB)

Download

disableMobileMePrefPane.sh -- Disable MobileMe/.Mac preference pane

This script will disable MobileMe/.Mac account access on Tiger and Leopard as it is found in System Preferences-> MobileMe/.Mac Note that the Preference Pane can be restored by moving the preference pane back from: /Library/Application Support/JAMF/DisabledPrefPanes/Mac.prefPane -TO- /System/Library/PreferencePanes/

disableMobileMePrefPane.sh (5.16 KB)

Download

disablePasswordHints.sh -- Disables Showing of Password Hints

This script will disable the "Show Password Hints" feature found in System Preferences-> Accounts -> Login Options.

disablePasswordHints.sh (3.89 KB)

Download

disablePowerSave.sh -- Disables Faronics Power Save

This script disables the Power Save application. If settings have not already been specified, please see the script titled "configurePowerSave.sh" prior to running this script.

disablePowerSave.sh (4.58 KB)

Download

disableUSB.sh -- Disable the USB drivers

This script disables the USB drivers, thereby disabling all functionality of the USB ports. After running this script, the USB drivers will be moved to: /Library/Application Support/JAMF/DisabledExtensions/ This way, the USB drivers could be re-enabled in the future. After running this script, the machine will need to be rebooted for the settings to take effect.

disableUSB.sh (4.58 KB)

Download

displayMessage.sh -- Display a message to the end user

This script will display a message to the end user with a specified message. The message can be backgrounded so that a message is displayed and a process such as a policy is delayed until a user clicks the "OK" button. By default, the process will not be backgrounded and subsequent scripts or commands that run after this script will be delayed until a user clicks "OK".

displayMessage.sh (5.54 KB)

Download

Eject Removable Media if Threat is found

This is to be used in conjunction with a launch daemon running all the time. You can get Lingon here to create the launch daemon http://sourceforge.net/projects/lingon/files/Lingon/2.1.1/

SAV_Eject_USB.sh (2.23 KB)

Download

Enable File Vault

This script will enable the File Vault feature in Mac OS X 10.4 or later. It should only be run while a user is logged onto a system (i.e. as part of a Casper Suite login policy that is assigned a frequency of once per user.) When the script is run, it will direct the user to the FileVault preference pane located within the System Preferences application. At that point, the user will be prompted to finish the process of enabling FileVault. NOTE: Before enabling FileVault, it is a good idea to generate a FileVault Master Keychain as described in the Mac OS X Security Confguration Manual which can be downloaded from: http://images.apple.com/server/macosx/docs/Tiger_Security_Config_021507.pdf Performing the steps desribed in the above manual will ensure that access can be regranted to a user who have forgotten his or her password.

enableFileVault.scpt (21.3 KB)

Download

Enable SSL on an Entourage Email account

This script will enable SSL on an Email account that has been previously configured in Microsoft Entourage 2004 or 2008.

enableEntourageSSL.scpt (13.9 KB)

Download

Enable SSL on an Entourage Email account

This script will enable SSL on an Email account that has been previously configured in Microsoft Entourage 2004 or 2008.

enableEntourageSSL.scpt (13.9 KB)

Download

enable.lpadmin.sh - Enable or Disable a standard user's ability to add printer

This script enables or disables the System Preferences authorization for standard users to add printers as reflected in the Printers System Preference pane. It has been designed to function on Mac OS X 10.5.7 (when the restriction first appeared) & later. The disabled or enabled state is set according to the value specified in the "$lock" variable.

enable.lpadmin.sh (5.31 KB)

Download

enableARD.sh -- Enable ARD and Configure Remote Management Settings

This script enables and configures remote management settings for a user. There are a number of options that the script is capable of configuring, which should be specified in the privs string. Please see the kickstart man page for more information. The following options are available in the kickstart application: -DeleteFiles -ControlObserve -TextMessages -ShowObserve -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings -ObserveOnly -mask ARD access is granted and priviliges are assigned to an individual account on computers running Mac OS X 10.3 and later. It can be used with a hardcoded value in the script, or read in as a parameter. Since the Casper Suite defines the first three parameters as (1) Mount Point, (2) Computer Name and (3) username, we are using the forth parameter ($4) as the passable parameter. We do not use $3 since it may not match up to the username that we want to grant access for.

enableARD.sh (5.69 KB)

Download

enableFileSharing.sh -- Enables or Disables Personal File Sharing on Mac OS X

This script enables or disables the Personal File Sharing preference on Mac OS X 10.3 or later. If there is a hardcoded value specified in the script for <enableFileSharing> it will be used. The value can also be populated from the JSS by deploying the script as a policy payload. Since the Casper Suite defines the first three parameters of a bash script as (1) Mount Point, (2) Computer Name and (3) username, the script uses the fourth parameter ($4) as the passable parameter (variable) to acquire the status of <enableFileSharing> and to set the enableFileSharing status.

enableFileSharing.sh (6.77 KB)

Download

enableFirewall.sh -- Enables or Disables the firewall on Mac OS X Clients

This script enables or disables the firewall on Mac OS X 10.3 or later. It can be used with a hardcoded value in the script, or read in as a parameter. Since the Casper Suite defines the first three parameters as (1) Mount Point, (2) Computer Name and (3) username, we are using the fourth parameter ($4) as the passable parameter to acquire the status of <enableFirewall>. In addition, the fourth parameter is utilized to set the enableFirewall parameter.

enableFirewall.sh (6.33 KB)

Download

enableFirewall.sh -- Enables or Disables the firewall on Mac OS X Clients

This script enables or disables the firewall on Mac OS X 10.3 or later. It can be used with a hardcoded value in the script, or read in as a parameter. Since the Casper Suite defines the first three parameters as (1) Mount Point, (2) Computer Name and (3) username, we are using the fourth parameter ($4) as the passable parameter to acquire the status of <enableFirewall>. In addition, the fourth parameter is utilized to set the enableFirewall parameter.

enableFirewall.sh (6.33 KB)

Download

enableJournaling.sh -- Enable journaling on an HFS+ volume

This script enables the journaling feature on the specified HFS+ volume. Journaling can help protect a drive against corruption in the event of power loss or power failure and can also expedite the repair process if a bad sector is found. This script was designed to take advantage of The Casper Suite automatically passing the <mountPoint> parameter. For further description of file system journaling, see: http://support.apple.com/kb/HT2355

enableJournaling.sh (4.83 KB)

Download

enablePowerSave.sh -- Enables Faronics Power Save

This script enables the Power Save application. If settings have not already been specified, please see the script titled "configurePowerSave.sh" prior to running this script.

enablePowerSave.sh (4.57 KB)

Download

Encrypt External Volume

This script can be used to encrypt an external volume. The script will make any changes that are needed to the partition map and then prompt the user to create a password for the external volume (Current requirements for the password is 7 characters or longer, this can be changed and uses AppleScript to capture the input). The script will also allow the user to rename the external volume, erase it and re-encrypt it again, or change the password (NOTE: The user must know the current volume password in order for this function to work). The script also has a section that will encode the passcode and upload it to the JSS to be used in the future if the user forgets their password or access to the external volume is needed. Note: This feature requires an Extension Attribute to be created in the JSS in order for the password to be accessible inside the JSS

EncryptExternalVolume.sh (17.8 KB)

Download

encryptVirtualMemory.sh -- Encrypts Virtual Memory

This script will encrypt virtual memory. Please note that a reboot must take place after running the script for the virtual memory to be encrypted.

encryptVirtualMemory.sh (3.90 KB)

Download

Firefox Install/Update

This shell script installs or updates Firefox to the latest online version. No need to package anything. It automatically downloads, mounts and installs Firefox. Log file available: /Library/Logs/FirefoxInstallScript.log The Firefox default language is "en-US". You can choose another language (fr, de, ...) in param 4.

FirefoxInstall.sh (4.23 KB)

Download

flushPolicyHistory.sh -- Flush an individual computer's policy history in the JSS

This script is designed to be run on any clients that have been previously managed by The Casper Suite. Running the script will attempt to connect to the JAMF Software Server (JSS) and will flush any historical policy logs for the computer so that the computer appears to have not run any policies. This script is most commonly used as an "At Reboot" script that runs as part of a Casper Imaging configuration to ensure that any policies that were previously run on a client will run again after the machine has been re-imaged.

flushPolicyHistory.sh (3.87 KB)

Download

freezeTargetPartition.sh -- Freezes a Deep Freeze Partition

This script thaws a partition that has been frozen by DeepFreeze. By default, the script will accept the target drive that is passed by default when running a script via the Casper Suite. If you desire to thaw an alternative partition, one can be specified. If specifying the target partition manually, the format to be used should be the name of the drive. Example: A drive that is mounted at /Volumes/Macintosh\ HD Should be speficied as follows: targetPartition="Macintosh HD" This script is best used in a scenario where you are imaging a machine with Casper Imaging and you would like to ensure that when booting into an imaged partition for the first time that the partition is in a "frozen" state. This script should be run in an "After" priority when being run as part of the imaging process. If you would like to freeze a partition to which the target machine is currently booted, please see bootFrozen.sh.

freezeTargetPartition.sh (5.94 KB)

Download

GateKeeper Configuration

The Gatekeeper settings are located on the General tab of the Security & Privacy System Preferences Preference Pane. Use this script to set the radio buttons as desired.

jamf.gatekeep.sh (5.49 KB)

Download

Get FS AV Database version

This script checks the version of F-Secure Antivirus database

fsavdb.sh (69 B)

Download

Google Chrome install/update

Installs the latest Google Chrome version

GoogleChromeInstall.sh (1.65 KB)

Download

Google Earth install/update

Installs the latest Google Earth version

GoogleEarthInstall.sh (2.19 KB)

Download

importCACert.sh -- Import CA Certficate to the System Keychain

This script will import a ".pem" or ".cer" certificate from a given location on the machine to the system keychain. This script assumes the following workflow is taking place: 1.) Create a package of the ".pem" or ".cer" formatted certificate being deployed to a location such as: "/Library/Application Support/JAMF" 2.) Upload the package to Casper Admin 3.) Edit the "caCertLocation" variable located within this script to reflect the location of the CA cert as it was packaged. For example, if we have a certficate named "CompanyCA.cer" that was packaged to be installed to "/Library/Application Support/JAMF", we would set the "caCertLocation" variable to "/Library/Application Support/JAMF/CompanyCA.cer" 4.) Upload the script to Casper Admin and ensure that a script priority of "After" is selected 5.) Create a policy that will install the package containing the CA cert and run this script after installing the package.

importCACert.sh (6.03 KB)

Download

importVPN.sh -- Import VPN Settings

This script will import a .networkConnect file that has been packaged and deployed to a system. Prior to running this script, the VPN should be configured on a machine, and a configuration should be created. Once a VPN has been configured, navigate to the Network pane within the System Preferences application and highlight the VPN service you wish to export. Then click the settings button near the "+" and "-" icon and select "Export Configurations". Save the file to a location like the Desktop. Finally, create a package of this file using Composer. When deploying the package, ensure that this script has been edited so that the "vpnFilePath" parameter properly points to the location of the .networkConnect file as it was packaged. Deploy the package, and run the script with a priority of "After" to import the VPN settings for the user. Please note that a user does need to be logged in while this script is run. We recommend running it via a policy triggered by "login" or "Self Service." The VPN network interface name will remain generic unless the "vpnInterfaceName" variable is specified. Please note that the .networkConnect file does not contain the name of the inteface.

importVPN.sh (7.48 KB)

Download

installPKGfromDMG.sh -- Install a PKG wrapped inside a DMG

Please see installation instructions here: https://jamfnation.jamfsoftware.com/article.html?id=161

installPKGfromDMG.sh (8.05 KB)

Download

jssID List to Static Group using the API Script

# Variables used by this script JSS_ID_PATH="" # Text file with one JSS ID per Line JSS_API_INFO_DIR="/tmp/jss_api_tmp" # Directory where working files for each JSS ID will be stored JSS_XML_INPUT="/tmp/JSS_XML_INPUT.xml" # XML Output to be uploaed to the JSS Computer Groups API STATIC_GROUP_ID="" # Static Group ID: This can be found in the URL when you click edit on a Static Group STATIC_GROUP_NAME="" # This is the name of the Static Group you want to overwrite # Variables used by Casper USERNAME="" #Username of user with API Computer read GET and Computer Group PUT access PASSWORD="" #Password of user with API Computer read GET and Computer Group PUT access JSS_URL='https://jss.jamf.com:8443' # JSS URL of the server you want to run API calls against

jss_api_id_staticgroup.sh (4.02 KB)

Download

limitSSHScope.sh -- Limit access to SSH to a single account

This script grants SSH access to an individual account on computers running Mac OS X 10.5 and later. It can be used with a hardcoded value in the script, or read in as a parameter. Since the Casper Suite defines the first three parameters as (1) Mount Point, (2) Computer Name and (3) username, we are using the forth parameter ($4) as the passable parameter. We do not use $3 since it may not match up to the username that we want to grant access for.

limitSSHScope.sh (5.23 KB)

Download

List Computers with no Last Check-in time (REST API)

This script will use the REST API to enumerate all computers in the JSS and list those that do NOT have a Last Check-in time. It is designed to run from an administrator's workstation and the results can easily be piped to a text file. Depending on the size of your JSS the script may take several minutes to complete. Please be patient. Use as your own risk.

list_computers_no_check-in_time.sh (1.79 KB)

Download

LyncSetup-1.0.sh

Populates user name and email address settings for Lync for Mac. This script resides in /Library/talkingmoose/Scripts and is launched by launch agent net.talkingmoose.LyncSetup.plist.

LyncSetup-1.0.sh (7.05 KB)

Download

mountNetworkShare.sh -- Mount a network share

This script was designed to mount a network share on an event such as user login, or through a self service policy. Using Casper's policy engine, a policy can be scoped so that users and groups (local or directory-based) will mount run this script, and therefore mount the assigned network share. For directory-based users, it is recommended to use the "kerberos" authentication type. For local users, the "password" authentication type must be used. For kerberos authentication to work properly, the user must be able to manually mount the share when logged in by navigating to "Go" > "Connect to Server..." in the Finder and the user must be able to mount the share without authenticating. To ensure that your directory users are obtaining kerberos tickets properly, navigate to "System" > "Library" > "CoreServices" and open the "Kerberos Ticket Viewer" application while a directory user is logged in.

mountNetworkShare.sh (12.8 KB)

Download

net.talkingmoose.LyncSetup.plist

Populates user name and email address settings for Lync for Mac. This launchd agent resides in /Library/LaunchAgents and launches the LyncSetup-1.0.sh script.

net.talkingmoose.LyncSetup.sh (417 B)

Download

Package Version

This script was written to interrogate a package file for its internal file name and version number. This can be helpful when a package file no longer retains its original file name or outwardly identifies its version number.

pkgver.sh (2.17 KB)

Download

POA & Recovery Account Sophos SafeGuard

This is to be used with Sophos SafeGuard. This will create a SGN POA account and recovery accounts (making sure there is always 5 recovery account) for the logged on user. Recovery accounts can be recorded thrugh an extension attribute to the JSS. This Script can be used for a logging in policy or if required through other means as root user.

poaRecoverySophosSafeGuard.sh (4.07 KB)

Download

Re-partition Disk Before Imaging

I wrote this script to automate the process of re-partitioning the primary partition so that when Casper Imaging performs a block-copy of my images (which include "Macintosh HD" and "Recovery HD") I do not end up with multiple "Recovery HD" partitions. By default, Casper Imaging only targets the partition that contains the Macintosh OS, so without re-partitioning it is possible to end up with more partitions than required. The script works for both "primary partitions" and "logical partitions" including Fusion drives. The idea is to wipeout all local partitions and attempt to recreate what was there before. That way, Casper Imaging doesn't complain because the expected partition with "Macintosh HD" has not changed. I then follow-up the imaging process by running a script to convert any "primary partitions" to CoreStorage.

partitionDisk.sh (3.51 KB)

Download

removeCS3.sh -- Remove Adobe Create Suite 3

This script will perform an uninstall of Adobe Creative Suite 3. The script is designed from a master list of files that are installed by the Adobe CS3 Master Collection. The script will detect to see if a file exists first, and if the file does exist, it will move the file or directory along with the directory structure for the file into: /Library/Application Support/JAMF/RemovedFiles Additionally, the script can be modified to completely erase the files that have been moved. Please note that this option should be used with caution, as it will permanently delete any files or directories included in the "files" array within this script. The values supported in the <erase> parameter include: "TRUE" "FALSE" "YES" "NO"

removeCS3.sh (12.7 KB)

Download

removeCS4.sh -- Remove Adobe Create Suite 4

This script will perform an uninstall of Adobe Creative Suite 4. The script is designed from a master list of files that are installed by the Adobe CS4 Master Collection. The script will detect to see if a file exists first, and if the file does exist, it will move the file or directory along with the directory structure for the file into: /Library/Application Support/JAMF/RemovedFiles Additionally, the script can be modified to completely erase the files that have been moved. Please note that this option should be used with caution, as it will permanently delete any files or directories included in the "files" array within this script. The values supported in the <erase> parameter include: "TRUE" "FALSE" "YES" "NO"

removeCS4.sh (12.0 KB)

Download

Rename Startup Volume

This script will find the boot volume using the bless command and then get the current volume name for the boot volume using the diskutil command. It will then find the short version of macOS the computer has installed. The reason for this script is so that the startup volume names are uniformed based off of the macOS version they have installed. The variable "newName" is then assigned a string based off of the macOS version installed. This variable is then compaired to the current volume name. If the names do not match, it will automatically rename the startup volume to the correct name.

RenameStartupVolume.sh (2.39 KB)

Download

runClamXavScan.sh -- Run ClamXav Anti-Virus Scan

This script will force sophos to perform a virus scan on the hard drive and will quarantine any infected files if desired. The default behavior of the script is to simply perform a scan of the drive and report back any infected files in the output of the script. Additionally, files can be quarantined if found to be infected with a virus. Please note that this script was created using the latest version of ClamXav available at the time of the script creation (1.1.1). Compatibility with versions of ClamXav created prior to and post 1.1.1 is unknown at this time.

runClamXavScan.sh (5.60 KB)

Download

runSAVLiveUpdate.sh -- Run Symantec LiveUpdate

This script will run the Symantec LiveUpdate application in the background which will silently download and install the latest virus definitions available from Symantec. This script expects Symantec LiveUpdate to be installed at: /Applications/Symantec Solutions/LiveUpdate.app

runSAVLiveUpdate.sh (7.07 KB)

Download

runSAVScan.sh -- Run Symantec Virus Scan

This script will run the Symantec Virus Scanning application in the background which will perform a scan of files while a user is actively working on the machine.

runSAVScan.sh (3.64 KB)

Download

runSophosScan.sh -- Run Sophos Anti-Virus Scan

This script will force sophos to perform a virus scan on the hard drive and will quarantine any infected files if desired. The default behavior of the script is to simply perform a scan of the drive and report back any infected files in the output of the script. Additionally, files can be quarantined if found to be infected with a virus. Please note that this script was created using the latest version of Sophos AV available at the time of the script creation (4.9). Compatibility with versions of Sophos AV created prior to and post 4.9 is unknown at this time.

runSophosScan.sh (5.68 KB)

Download

runVirusBarrierScan.sh -- Run VirusBarrier Anti-Virus Scan

This script will force VirusBarrier to perform a virus scan on the hard drive and will repair any infected files if desired. The default behavior of the script is to simply perform a scan of the drive and report back any infected files in the output of the script. Additionally, files can be repaired if found to be infected with a virus. Please note that this script was created using the latest version of VirusBarrierX5 available at the time of the script creation (10.5.3). Compatibility with versions of VirusBarrierX5 created prior to and post 10.5.3 is unknown at this time.

runVirusBarrierScan.sh (6.28 KB)

Download

secureBonjour.sh -- Disables DNS auto-discovery service required for Bonjour

This script will disable bonjour auto-discovery via DNS Service Discovery.

secureBonjour.sh (5.58 KB)

Download

setAirPortNetwork.sh -- Disassociates from the current wireless network and sets the SSID and WEP or WPA password on the AirPort assuming the AirPort is on

This script was designed to configure the AirPort network settings, including which SSID the AirPort is pointed to, as well as what password should be used to connect to the network if the network is a secured wireless network.

setAirPortNetwork.sh (4.70 KB)

Download

setDNSServers.sh -- Set a DNS server for a specified network interface

This script will set a DNS Server in the network settings for whichever network interface has been specified.

setDNSServers.sh (5.18 KB)

Download

setOSXInstallerTimestamp.sh

This script is intended to be a workaround for D-006029 involving an issue where an OS X Installer installed via Policy or Casper Remote will not be properly automated on systems that are located in a timezone ahead of UTC. It should be run after installation of an OS X Installer package, but before a reboot to an OS X Installer occurs.

setOSXInstallerTimestamp.sh (331 B)

Download

setSearchDomains.sh -- Set a search domain for a specified network interface

This script will set a search domain in the network settings for whichever network interface has been specified.

setSearchDomains.sh (5.26 KB)

Download

setTimeServer.sh

This script will set a Time Server in the network settings for whichever network interface has been specified.

setTimeServers.sh (5.06 KB)

Download

setTimeZone.sh -- Set the time zone

The system time zone will be set according to the value specified in the paramter $timeZone. It can be used with a hardcoded value in the script, or read in as a parameter. Since the Casper Suite defines the first three parameters as (1) Mount Point, (2) Computer Name and (3) username, we are using the forth parameter ($4) as the passable parameter. If no parameter is passed, then the hardcoded value will be used.

setTimeZone.sh (6.58 KB)

Download

setupOutlook.scpt - Configure Outlook for Mac 2011

This script was designed to configure Outlook 2011 account settings. There are two specific modes to the application that will: - Import an Entourage 2008 identity - Configure a new identity If an Entourage 2008 identity is found on the machine, the user will be presented with an option to import the identity or create a new account. If no Entourage 2008 identities are found in the user's home directory, then a new exchange account will be created for the user.

setupOutlook.scpt (41.2 KB)

Download

setWebProxy.sh -- Configure a web proxy for a specified network interface

This script will configure the web proxy on the specified network interface.

setWebProxy.sh (5.54 KB)

Download

setWiFiNetwork.sh -- Set or Change the Wi-Fi Network

This script was designed to configure the Wi-Fi network settings, including which SSID the Wi-Fi is pointed to, as well as what password should be used to connect to the network if the network is a secured wireless network.

setWiFiNetwork.sh (5.38 KB)

Download

Sophos Anti-Virus agent override

see http://www.sophos.com/en-us/support/knowledgebase/119758.aspx Written by Tim Kimpton 09.22.2014 There are multiple machine names that can be used within the OS X operating system; however, these can all differ and lead to some confusion. The machine name that we should use, according to Apple's documentation, is the NetBIOS name that is referenced within the com.apple.smb.server.plist file. Older versions of OS X may not contain the com.apple.smb.server.plist file; if this file cannot be found, we attempt to check the smb.plist file. Sophos Anti-Virus for OS X will check these files in this order to determine the machine name to send to Sophos Enterprise Console: The Remote Management System (RMS) that deals with the communication between Sophos Anti-Virus for Mac OS X and the Sophos Enterprise Console can be configured to allow the Machine Name, Domain Name, and Computer Description to be overridden and alternative values to be used.

Sophos_Anti-Virus_Override.sh (2.49 KB)

Download

Sophos Anti-Virus RMS Override

http://www.sophos.com/en-us/support/knowledgebase/119758.aspx Written by Tim Kimpton 09.23.2014 The Remote Management System (RMS) that deals with the communication between Sophos Anti-Virus for Mac OS X and the Sophos Enterprise Console can be configured to allow the Machine Name, Domain Name, and Computer Description to be overridden and alternative values to be used. For more information see http://www.sophos.com/en-us/support/knowledgebase/119758.aspx This script does the following 1. Checks if an override already exists and if so exits 2. Checks if the machine is bound to the domain & computer name exists in directory services 3. Writes the computer name into the override 4. Restarts the relevant Sophos Anti-Virus Services

Sophos_Anti-Virus_Override.sh (2.62 KB)

Download

SuspendFustionVMs.sh

Intended for use before performing an upgrade of VMware Fusion. This script will find the vmrun command included with VMware Fusion 2 and above and use it to suspend any virtual machines currently running. May have other uses as well.

SuspendFusionVMs.sh (1.77 KB)

Download

thawTargetPartition.sh -- Thaws a Deep Freeze Partition

This script thaws a partition that has been frozen by DeepFreeze. By default, the script will accept the target drive that is passed by default when running a script via the Casper Suite. If you desire to thaw an alternative partition, one can be specified. If specifying the target partition manually, the format to be used should be the name of the drive. Example: A drive that is mounted at /Volumes/Macintosh\ HD Should be speficied as follows: targetPartition="Macintosh HD" This script is best used in a scenario where you are imaging a machine with Casper Imaging and you would like to ensure that when booting into an imaged partition for the first time that the partition is in a "thawed" state. This script should be run in an "After" priority when being run as part of the imaging process. If you would like to freeze a partition to which the target machine is currently booted, please see bootThawed.sh.

thawTargetPartition.sh (5.71 KB)

Download

timedForcedShutdown.sh -- This script will help to enforce a mandatory reboot or shut down

This script will help to enforce a mandatory reboot or shut down. If no console user is logged in, the script will execute the command stored in the $shutdownAction variable. If a console user is logged in, a dialog is displayed informing the user of the number of minutes until shutdown followed by a configurable message stored in $notificationMessage. The dialog contains two buttons. Clicking the "Postpone" button will cancel shutdown/reboot. Clicking the "Shut Down" button will execute the command stored in the $shutdownAction variable.

timedForcedShutdown.sh (7.69 KB)

Download

Tomcat Monitor

The tomcat_check.sh script monitors Tomcat by checking to see if port 8080 on localhost is active. If not, Tomcat is then stopped and started using the startup scripts for your Tomcat installation (edit the stop and start commands as appropriate for your Tomcat installation.) The Tomcat installation being monitored is JAMF Software's Casper JSS server running on Red Hat Enterprise Linux 6.0. You will need to edit the stop and start commands in tomcat_check.sh if you are monitoring a different Tomcat installation.

tomcat_check.sh (241 B)

Download

turnOffAirport.sh -- Turns the airport's power off

This script turns off power to the airport and can be especially useful when you want to ensure that users are connecting to a wired connection when possible. This script is different from the "disableAirport.sh" script in that the user can still re-enable the airport after the script turns it off. If you would like to completely disable the airport, try running the "disableAirport.sh" script.

turnOffAirport.sh (4.25 KB)

Download

Umbrella Roaming Client Toggle

Allows an user to toggle the Umbrella Roaming Client on/off.

Toggle_UmbrellaRC.sh (955 B)

Download

unbindAD.sh -- Unbind from Active Directory

This script will unbind a client machine from an Active Directory domain. The <username> and <password> values can be used with a hardcoded value in the script, or read in as a parameter. Since the Casper Suite defines the first three parameters as (1) Mount Point, (2) Computer Name and (3) username, we are using the fourth parameter ($4) as the passable parameter.

unbindAD.sh (5.03 KB)

Download

unbindOD.sh -- Unbind from Open Directory

This script will unbind a client machine from an Open Directory domain. The <serverAddress>, <username>, and <password> values can be used with a hardcoded value in the script, or read in as a parameter. Since the Casper Suite defines the first three parameters as (1) Mount Point, (2) Computer Name and (3) username, we are using the fourth, fifth, and sixth parameters ($4, $5, $6) as the passable parameters.

unbindOD.sh (6.62 KB)

Download

unlockRegionCodeSetting.sh -- Unlock the DVD region code setting

This script unlocks or locks the system preference authorization to allow or disallow users to set the DVD region code, as reflected in the DVD player application. It has been designed to function on Mac OS X 10.4 and higher with DVD Player.app 1.0 and higher. The locked/unlock value will be set according to the value specified in the paramter $locked. It can be used with a hardcoded value in the script, or read in as a parameter. Since the Casper Suite defines the first three parameters as (1) Mount Point, (2) Computer Name and (3) username, we are using the forth parameter ($4) as the passable parameter. If no parameter is passed, then the hardcoded value will be used.

unlockRegionCodeSetting.sh (7.11 KB)

Download

Update NBI with latest Casper Imaging application.

We have more than 45 NetBoot servers (nationally and internationally) and I needed a way to update each of the NetBoot images installed on them with the latest version of Casper Imaging. This script allowed me to do this in less than a minute.

update_nbi_casper_imaging.sh (4.67 KB)

Download

Update/Install VLC

This script is used to download and install one version behind the latest VLC. I was unable to get it to pull the latest version from the website but managed to get it to pull down one version behind.

update-install-vlc.sh (1.42 KB)

Download

updateClamXav.sh -- Update virus definitions for ClamXav

This script will download the latest virus definitions for ClamXav for mac to ensure that the latest definition set is being used whenever ClamXav is run. Please note that this script was created using the latest version of ClamXav available at the time of the script creation (1.1.1). Compatibility with versions of ClamXav created prior to and post 1.1.1 is unknown at this time.

updateClamXav.sh (3.91 KB)

Download

updateDeviceInventory.py -- Update Mobile Device Inventory

This script was designed to update all mobile device inventory in a JSS. For the script to function properly, users must be running the JSS version 7.31 or later and the account provided must have API privileges to "READ" and "UPDATE" mobile devices in the JSS. Please use your discretion to minimize the frequency of inventory updates.

updateDeviceInventory.py (7.88 KB)

Download

updateSophosVirusDefs.sh -- Update virus definitions for Sophos AntiVirus

This script will download the latest virus definitions for Sophos AntiVirus for mac to ensure that the latest definition set is being used whenever a Sophos scan is run. Please note that this script was created using the latest version of Sophos AV available at the time of the script creation (4.9). Compatibility with versions of Sophos AV created prior to and post 4.9 is unknown at this time.

updateSophosVirusDefs.sh (5.09 KB)

Download

Upload Mobile Device Apps

This script was designed to upload internally developed mobile device applications to the JSS For the script to function properly, users must be running the JSS version 8.0 or later and the account provided must have API privileges to "READ", "CREATE", and "UPDATE" mobiledeviceapplications in the JSS, as well as the "READ", "CREATE", and "UPDATE" privileges for mobiledeviceprovisioningprofiles in the JSS. To run, fill in the variables specified in the section titled "HARDCODED VALUES SET HERE", then execute the script.

uploadMobileDeviceApp.py (27.2 KB)

Download

uploadMobileDeviceApp.py -- Upload Mobile Device App

This script was designed to upload internally developed mobile device applications to the JSS For the script to function properly, users must be running the JSS version 8.0 or later and the account provided must have API privileges to "READ", "CREATE", and "UPDATE" mobiledeviceapplications in the JSS, as well as the "READ", "CREATE", and "UPDATE" privileges for mobiledeviceprovisioningprofiles in the JSS. To run, fill in the variables specified in the section titled "HARDCODED VALUES SET HERE", then execute the script.

uploadMobileDeviceApp.py (18.0 KB)

Download

UpSize NetBoot Image

This small script will upsize NetBoot images created by 10.8 and 10.9 Server's "System Image Utility". The original image file created makes barely enough room for virtual memory and can create problems with Casper Imaging and other Apps. This rebuilds the image file to 40 GBs when mounted (not actual size) and leaves room for virtual memory. Size is easily modifiable. NOTE: This script self-destructs after running, so please COPY, do not move the script to the .nbi folder when using. Built upon notes made on the URL https://discussions.apple.com/thread/4604107?start=0&tstart=0

UpSize_NetBoot_Image.sh (1.24 KB)

Download

VMware Horizon Client -post flight- script

I've run into troubles with the VMware Horizon client refusing to install correctly when doing a regular package via Casper's Composer. I came up with this postflight package script to just copy off the Application from the original Vendor's .DMG file into /Applications. I also included lines to look for and remove previous versions and copies using the most current, and older, names as well. Using the vendor's own .DMG and this postflight resolved a lot of issues we'd been seeing when using a regular composer package. Now the Composer package just drops the vendor .DMG into /private/var/tmp/. The postflight takes care of the rest.

Install_VMWare.sh (3.44 KB)

Download

Wait for Wi-Fi to connect

This script will loop until Wi-Fi is connected.

WaitForWifiConnection.sh (413 B)

Download