rtrouton / rtrouton_scripts Goto Github PK

Original script found here: rtrouton_scripts/rtrouton_scripts/migrate_ad_mobile_account_to_local_account/

We tested the above script on a device that did not have a Jamf MDM profile first without any issues, but after deploying that script to a device with Jamf MDM, we're now unable to log into the newly created local account. To be more specific, when the user tried to log into the newly localized account, there is a prompt to set a new password. When trying to set up a new password, a password requirements window pops up and says "Not allowed to change own password". Because that didn't work, naturally we tried changing the password of the newly localized account through a different local admin account on the computer and we were prompted with the same password requirements window. We also tried to reset the password with a script but that failed with an error message:

"sudo /usr/bin/dscl . -passwd /Users/ dang961”sago
passwd: DS error: eDSAuthPasswordQualityCheckFailed
<dscl_cmd> DS Error: -14165 (eDSAuthPasswordQualityCheckFailed)"

I called Jamf support and they tried to have us remove the MDM and re-add the MDM after running the script, however of course since we already ran the script (and the machine is no longer domain attached), we were unable to test whether that would solve the issue.

If you need anymore information, I'd be happy to provide it. Please let me know your thoughts.

My question is this: how do we log back onto that account at this point? We've migrated the data but if we have to wipe the machine, the data transfer won't be as seamless as we were hoping.

FYI:

• the device we are trying to take off of AD has MacOS El Capitan 10.11.6

TLDR:

• cannot log into newly localized account because of Jamf MDM (?)

Unable to identify download URL for requested Oracle Java 8 JDK Critical Patch Update (CPU). Exiting.

Add check in the /etc/hosts file in case users redirecting casper traffic to 127.0.0.1.
DeleteEtcHostEntries(){
sudo sed -i “” “/casper*/d” /etc/hosts
}

Currently running 10.15.6. Script attempts to check for corestorage volume and fails. As such it reports "FileVault 2 Encryption Not Enabled"

However, FileVault 2 is enabled and shows encrypted in both the system and in Jamf.

This doesn't seem to be expected behavior. Glad to help with any testing you need to figure this out.

Hello,

It appears that the link to the actual script to migrate the local to network account is inactive. It also appears to appear that the homesite for the link, blog.macadmincorner.com is also dead.

Anyone still have a copy of the script, that could post please? Good luck fellow Mac admins!

The script says -

	# Check to see if the softwareupdate tool has returned more than one Xcode
	# command line tool installation option. If it has, use the last one listed
	# as that should be the latest Xcode command line tool installer.

However when I checked the result it actually returned the following which as you can see does not list the newest version as the last line.

Command Line Tools for Xcode-12.4
Command Line Tools for Xcode-13.2
Command Line Tools for Xcode-12.5
Command Line Tools for Xcode-12.5

This can be easily solved by adding | sort to the end of the relevant lines as follows

	if [[ ( ${osvers_major} -eq 10 && ${osvers_minor} -ge 15 ) || ( ${osvers_major} -ge 11 && ${osvers_minor} -ge 0 ) ]]; then
	   cmd_line_tools=$(softwareupdate -l | awk '/\*\ Label: Command Line Tools/ { $1=$1;print }' | sed 's/^[[ \t]]*//;s/[[ \t]]*$//;s/*//' | cut -c 9- | sort)	
	elif [[ ( ${osvers_major} -eq 10 && ${osvers_minor} -gt 9 ) ]] && [[ ( ${osvers_major} -eq 10 && ${osvers_minor} -lt 15 ) ]]; then
	   cmd_line_tools=$(softwareupdate -l | awk '/\*\ Command Line Tools/ { $1=$1;print }' | grep "$osvers_minor" | sed 's/^[[ \t]]*//;s/[[ \t]]*$//;s/*//' | cut -c 2- | sort)
	elif [[ ( ${osvers_major} -eq 10 && ${osvers_minor} -eq 9 ) ]]; then
	   cmd_line_tools=$(softwareupdate -l | awk '/\*\ Command Line Tools/ { $1=$1;print }' | grep "Mavericks" | sed 's/^[[ \t]]*//;s/[[ \t]]*$//;s/*//' | cut -c 2- | sort)
	fi

This sorts the results and therefore ensures the highest i.e. newest version is indeed the last line returned.

Command Line Tools for Xcode-12.4
Command Line Tools for Xcode-12.5
Command Line Tools for Xcode-12.5
Command Line Tools for Xcode-13.2

I have tried two ways

1. If already installed Java manually then if we run script its working as expected. I'm able to launch JNLP on click of button in chrome.

2. If i directly installed script Java -version is fine but i'm not able to launch in chrome (MAC laptop).

Hi @rtrouton! I'm not maintaining this script, so I don't see any reason to keep it alive.

I realize this is probably a known/obvious issue but thought it worth reporting for tracking purposes. Currently, when running filevault_2_encryption_check_extension_attribute.sh on a Mac with an APFS startup volume (i.e. macOS High Sierra Macs booting from SSDs), the script returns <result>FileVault 2 Encryption Not Enabled</result>. This is because the script only considers CoreStorage volumes when determining FileVault status, and because APFS ≠ CoreStorage, the check incorrectly assumes no disk encryption.

Right now the script starts by checking operating system build before proceeding with the CoreStorage check, but it might be more prudent to restructure it such that it first determines the File System Personality attribute (diskutil info / | awk -F: '/File System Personality/ {print $NF}' | sed 's/^ *// has been a reliable lookup method in my testing in macOS 10.12 and 10.13).

Recommended script workflow:

• If it's APFS, run checks specific to that disk type (could run fdesetup status for on/off and percentage encryption/decryption).
• If it's HFS+, check for CoreStorage and run the corresponding checks there; if it's not CoreStorage, report that FileVault is disabled.

When I run this script, I get the following error... I don't know enough about scripting to know how to fix...

-:1: parser error : Document is empty

Hi rtrouton,

Apologies for raising an issue on this repo, but I didn't how to contact you in any other way. Could you maybe help with a question regarding the Priviliges app you are a contributor of?
Although programming is definitely not new for me, Obj C and compiling that in Xcode is, unfortunately. I was hoping I could get a small change to work relatively quick but apparently this is a bigger turkey to fry than I thought. I was hoping you could look at what I tried (see below) and give me some pointers as to what I should investigate, without me having to study the entire language and the compiling process.

To be clear: this is not an issue of it self, but the only thing I want to achieve is to switch the functionality of the main click on the Tile (i.e. request or remove Admin permissions) and the options click > context menu > "toggle priviliges" (i.e. elevated rights with time limit).

What I tried is:

1. Add "- (void)togglePrivileges;" to the PrivilegesTile.h
2. In "AppDelegate.m" do "#import "PrivilegesTile.h"
3. In "applicationDidFinishLaunching" method call:
   PrivilegesTile *privTile = [[PrivilegesTile alloc] init];
   [privTile togglePrivileges];

But eventhough the IDE is happy, the compiler complains with the following error:

Undefined symbols for architecture x86_64:
  "_OBJC_CLASS_$_PrivilegesTile", referenced from:
      objc-class-ref in AppDelegate.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)

Did I take the correct approach? And if so, what could be the issue I'm facing with the compiler? I would be grateful if you could give me any help with this.

Best wishes,
Sudlon

I run script in my mac and get this. : then else then else dquote

The macOS version tests in the install_xcode_command_line_tools.sh script ignores macOS 12 resulting in no action being performed.

PR coming soon.

Hi Rich- in the FV2 status reporting scripts, the egrep string that is supposed to limit the results returned from diskutil cs list isn't actually doing that for me- if I have external drives connected that were encrypted via the Finder, the script returns status for all, not just the first drive. . . . which makes the comparison logic later in the script fail.
I added the -m 1 switch to all the grep commands, which seems to fix it. But I'm curious if there's a reason you didn't do that in the first place . . . . Is there a problem with using -m 1 to limit the results?

getting this issue when running script. Any ideas?

On network ass JSS but getting:
"Unable to verify access to site network. Exiting CasperCheck."

Hi,

how can i best setup check_apfs_encryption,
smart computer group?
and policy ?

thank you

https://github.com/rtrouton/rtrouton_scripts/blob/454ac12151c3d2488a125c86932e40ef72fd1e6b/rtrouton_scripts/uninstallers/adobe_flash_uninstall/adobe_flash_uninstall.sh

You called out removal of the pepper flash plugin and pieces but didn't remove the receipts either:
pkgutil --forget com.adobe.pkg.PepperFlashPlayer 2>&1 > /dev/null

PR will come your way soon

First off, thanks for sharing this script! I hit a minor issue and found a simple fix. TL;DR system_profiler could use a "-timeout 0" parameter specified or else it can time-out after 180 seconds.

When I ran this script, I received this error:

2019-04-29 15:26:36.642 system_profiler[43509:22585681] Terminating '/usr/sbin/system_profiler -nospawn -xml SPApplicationsDataType -detailLevel full' because it did not respond.
2019-04-29 15:26:36.724 system_profiler[43509:22585679] Non-zero termination status from '/usr/sbin/system_profiler -nospawn -xml SPApplicationsDataType -detailLevel full', termination status: 15

I added "-timeout 0" to the variable defined on Line 22 so that system_profiler does not hit its default 180 second timeout parameter (hooray for man pages), and it runs without issue for my old Mac Pro. Thanks again for sharing.

Script seems to fail on Mojave.

Error message in install.log:
Unable to identify download URL for requested Oracle Java 10 JDK Critical Patch Update (CPU).

In my shop, we not only want to hide the diagnostics & usage window, but also avoid sending data to apple. When the dialogue is only hidden, sending diagnostic data is enabled. It can be disabled like that:

defaults write "/Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist" AutoSubmit -bool false

I'm not sure, if your intention is similar to ours, but I wanted to share that with you. If you don't need it, just close this issue.

Thanks for this awesome script. How can I modify it to install current (Jan 2021) version of jdk17?

I am having trouble with the script detect_installed_32_bit_apps.sh running on macOS 10.15.7. It does not appear to be detecting any 32-bit applications in the Applications folder. Have two 32-bit apps in the folder currently. I verified they are detected by System Profiler by pulling up the list manually. Both apps are listed correctly as 32-bit. Running the script does not produce any results.

install_xcode_command_line_tools keeps pulling the beta version of CLT for version 13 rather than the latest version 13.2

Heya, here's an example:

As-is this won't work on Big Sur now that it has decided to be 11.0 and not 10.16. We've updated the script internally to work with the following modification:
if [[ "$osvers_major" -eq 11 ]] || [[ "$osvers_major" -eq 10 && "$osvers_minor" -ge 10 ]]; then

I don't seem to be able to make a pull request for this but in case others are still using this script it might be helpful to update it. I think there are a few others that will need something similar.

Cheers!

When I run the script it tried to rename the home director to username.old at this point the script comes back and gives error operation not permitted.
The home directory is still there, but the account gets deleted.
I would like to be able to use this script as I have a client who has over 50 macs to domain.

Thank you.

Hi ,

I having some problem when trying to run "install_latest_adobe_flash_player" in a shell script .
Been trying with 10.7 & 10.10 and get the same error "installer : must be run as root to install this package" without installing flash .
what am I missing in here?

TiA

I have recently tried the latest script to convert a 10.12.4 machine with a cached mobile account to a local account. In the gui all looks well and shows up as a standard account but the script reports back that it is still a mobile account.

"Something went wrong with the conversion process.
The support.engineering2 account is still an AD mobile account."

looking at the account i ran this

/usr/bin/dscl . -read /Users/theaccount AuthenticationAuthority

which gave this result showing it still has Active Directory attributes

AuthenticationAuthority:
;LocalCachedUser;/Active Directory/DOMAIN/CORP_DOMAIN:theaccount

New to git and I don't see a way to send you code changes besides here.
I've taken your code and modified to Flash. I wish this wasn't necessary but in some places, Flash is still relied on :-(

Anyway, here ya go.

https://gist.github.com/scifiman/5109047

Thanks for the script it's helping me to learn more interesting
Has one issue ->
rtrouton_scripts/rtrouton_scripts/check_for_admin_accounts/check_local_admin.sh

I have 4 Admin user

1. Localadmin
   2)admintest
   3)same
   4)jain

is possible to exclude the specified admin user (Localadmin,admintest)

can able to help with the scripting.

Was just testing the https://github.com/rtrouton/rtrouton_scripts/blob/master/rtrouton_scripts/Casper_Scripts/Jamf_Pro_Computer_Policy_Download/Jamf_Pro_Computer_Policy_Download.sh script and it appears that this will download all policies, including those created by Jamf Remote.

Is it possible to update the script such that it only includes those policies listed in the Computer Policies area?

Looking at the output XML, I can't tell any unique information other than the title containing a colon : but this results in (colon) in the actual output .xml filename.

The root problem here appears that despite these policies being triggered by Jamf Remote, the policy is listed as enabled: <enabled>true</enabled>

Not sure what the best solution is here to address this

First of all, thanks for this piece of work. Really helpful!
Please allow me a very quick question, and apologise if this is not really an issue (was the only I found to contact you).

It is known that it is possible to enable/disable and check status for Gatekeeper using the following command (for example):

• spctl --status
• sudo spctl --master-disable

My question is: is there a way to achieve the same for XProtect?
Many thanks in advance.

This has not been working for me on El Capitan. Have other people been having an issue?

is there any way you can make this use oascript to have this run through jamf pro?

I was looking for a way that an AppleScript could detect if Rosetta 2 is installed, and found this very impressive script. I found two problems with the Monterey beta. First, when I ran the script on an M1 system where Rosetta 2 was already installed (but I hadn't restarted the system), the script reinstalled Rosetta 2.

Next, when I ran the script again in the same session, it gave this error:

2021-07-04 23:05:36.579 softwareupdate[4759:66089] Package Authoring Error: 071-59957: Package reference com.apple.pkg.RosettaUpdateAuto is missing installKBytes attribute

I don't pretend to understand this at all. Meanwhile, thank you for writing this script, and I hope it's easy to update it for Monterey.

Defile your own brand Icon

`#!/bin/bash

# Enables the Mac to boot into the following:
# 
# * Recovery 
# * Internet Recovery
# * Diagnostics
# * Internet Diagnostics
#
# For information about Diagnostics: https://support.apple.com/HT202731
# For information about Recovery: https://support.apple.com/HT201314


# some variables we have to declare first
exitCode=0

# This is our logging function. It logs to syslog and also prints the
# log message to STDOUT to make sure, it appears in the Jamf Pro policy log.
log()
{
	local errorMessage="$1"
	echo "$errorMessage"
	/usr/bin/logger "SetBootMode: $errorMessage"
}

# Here we have a function that allows us to display a message box 
# to the user. If Jamf Self Service is installed on the machine, we 
# use its icon, otherwise we check for the existence of the system's
# AlertNoteIcon and use this, if available. If none of those icons 
# are available, we use a generic one.

imagelocation="/Users/Shared/yourimage.jpg" #Defile your own brand Icon

displayDialog()
{
	local dialogMessage="$1"
	local dialogButtons="$2"
	local defaultButton="$3"
	local dialogIcon="$4"
	local dialogGiveUp="$5"
	
	# set up our buttons and make sure we have at least
	# an OK button if nothing else has been specified
	if [[ -z "$dialogButtons" ]]; then 
		dialogButtons="\"OK\""
	else
		dialogButtons=$(echo "$dialogButtons" | /usr/bin/sed -e 's/^/"/' -e 's/$/"/' -e 's/,/","/g')
	fi

	# if not otherwise specified, the last button is enabled
	local allButtons=$(echo "$dialogButtons" | /usr/bin/awk -F"," '{print NF-1}')
	local lastButton=$(($allButtons + 1))
	if [[ ! "$defaultButton" =~ ^[0-9]+$ || $defaultButton -le 0 || $defaultButton -gt $lastButton ]]; then defaultButton="$lastButton"; fi
	
	# we set the dialog timeout to 0 if not otherwise specified
 	if [[ ! "$dialogGiveUp" =~ ^[0-9]+$ ]]; then dialogGiveUp=0; fi
 	
 	# make sure double quotation marks are properly escaped
 	dialogMessage=$(echo "$dialogMessage" | /usr/bin/sed -e 's/"/\\\"/g')
	
	# get the currently logged-in user
	currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')
	
	# set the dialog's icon
	if [[ ! "$dialogIcon" =~ ^[0-9]+$ || "$dialogIcon" -gt 2 ]]; then
		local selfServicePath="/Applications/Self Service.app"
		local iconName=$(/usr/bin/defaults read "/Applications/Self Service.app/Contents/Info" CFBundleIconFile 2>/dev/null)
		dialogIcon="1"

		if [[ -r "$imagelocation" ]]; then
			dialogIcon="alias POSIX file \"$imagelocation\""

		elif [[ -n "$iconName" && -r "$selfServicePath/Contents/Resources/$iconName.icns" ]]; then
			dialogIcon="alias POSIX file \"$selfServicePath/Contents/Resources/$iconName.icns\""
		
		elif [[ -r "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertNoteIcon.icns" ]]; then
			dialogIcon="alias POSIX file \"/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertNoteIcon.icns\""
		fi
	fi

	buttonPressed=$(/usr/bin/sudo -u "$currentUser" /usr/bin/osascript << EOF
tell application "System Events"
try
activate
display dialog "$dialogMessage" with icon $dialogIcon buttons {$dialogButtons} default button $defaultButton giving up after $dialogGiveUp
return (button returned of the result)
end try
end tell
EOF
)

	echo "$buttonPressed"
}


# this script must be run with root privileges
if [[ "$(/usr/bin/id -u)" -eq 0 ]]; then

	# bootMode is a 2-bit binary value defined as follows:
	# the most significant bit (MSB) specifies the actual boot mode. "Recovery" is 0 and "Diagnostics" is 1.
	# the least significant bit (LSB) specifies the boot method. 0 means "local" and 1 means "Internet".
	# so "01" would set the boot mode to "Internet Recovery" and "10" would boot local diagnostics.
	bootMode=
	
	# to set the MSB (as explained above) we ask the users if the
	# Mac should be started in recovery or diagnostics mode and
	# then set the MSB accordingly.
	buttonPressed=$(displayDialog "Would you like to restart your Mac in recovery or diagnostics mode?" "Cancel,Diagnostics,Recovery" "" "" "60")

	if [[ "$buttonPressed" = "Recovery" ]]; then
		bootMode="0"
	elif [[ "$buttonPressed" = "Diagnostics" ]]; then
		bootMode="1"
	fi
	
	# we go ahead, if the user did not click "cancel" in the previous dialog ...
	if [[ -n "$bootMode" ]]; then
	
		# ... and ask the user if the Mac should be booted from the local
		# disk or from Internet. So we can set our LSB now.
		buttonPressed=$(displayDialog "Would you like to boot from your Mac's local disk or from the Internet?" "Cancel,Internet,Local" "" "" "60")

		if [[ "$buttonPressed" = "Local" ]]; then
			bootMode="${bootMode}0"
		elif [[ "$buttonPressed" = "Internet" ]]; then
			bootMode="${bootMode}1"
		fi

		# we convert our binary number into an integer and 
		# select the actual argument for the nvram command
		bootArg=
		case "$((2#$bootMode))" in
		
			0)
				bootArg="RecoveryModeDisk"
				;;
			1)
				bootArg="RecoveryModeNetwork"
				;;
			2)
				bootArg="DiagsModeDisk"
				;;
			3)
				bootArg="DiagsModeNetwork"
				;;
		esac
		
		if [[ -n "$bootArg" ]]; then

			# we ask the user to restart the Mac
			buttonPressed=$(displayDialog "Please click \"Restart\" to restart your Mac." "Cancel,Restart" "" "" "60")
	
			if [[ "$buttonPressed" = "Restart" ]]; then
			
				# the user clicked the "Restart" button so we use 
				# the nvram tool to set the boot options ...
				log "Setting boot mode to \"$bootArg\""
				/usr/sbin/nvram "internet-recovery-mode=$bootArg"
				
				# if the user want to boot into recovery mode, we have to
				# make sure the user has admin rights
				if [[ "$bootArg" =~ ^Recovery ]]; then

					isNotAdmin=$(/usr/bin/dsmemberutil checkmembership -U "$currentUser" -G admin | /usr/bin/grep -i "is not")

					if [[ -n "$isNotAdmin" ]]; then
						/usr/sbin/dseditgroup -o edit -a "$currentUser" -t user admin
					fi
					
					# make sure the Recovery environment is aware the user
					# has admin rights, by updating the preboot volume
					/usr/sbin/diskutil apfs updatepreboot / >/dev/null 2>&1
				fi
				
				# ... and restart the machine a few seconds after 
				# this script exited
				(/bin/sleep 5 && /sbin/shutdown -r now) &
			fi
		fi
	fi

else
	log "ERROR! You must be root in order to run this script!"
	exitCode=1
fi

exit $exitCode`

As far as I can see the existing script to install Xcode commandlinttools does not do a check to see if these tools are already installed. Apart from the potential fact that this would unnecessarily reinstall the tools if they are already installed there is also the possibility that the touch command used will at least temporarily overwrite part of the tools.

Apple have unfortunately made it harder than it need be to via a script determine if the tools are already installed, sadly a trend that seems to be more and more common these days with Apple.

However the following script does I believe provide a reliable method of checking.

Basically it boils down to using the well known xcode-select -p command but makes it clearer that this command returns 0 if they are NOT installed and 1 if they ARE installed. These numbers are normally only output to stderr and hence not normally visible.

I am suggesting that similar code be added to the script written by @rtrouton

#!/bin/sh

if ! command xcode-select -p &> /dev/null
then
	echo $?
    echo "\t xcode was not found! You need to manually install it :/ "
else
	echo $?
    echo "xcode is installed, checking other IOS build tools"
fi
exit

The script breaks if you enter your username in Domain\Username or Username@Domain formats :)

In our case this is necessary because we have multiple forests. It's quite probable that the machine is joined to the correct domain but not guaranteed.

The problem is that in this case it fails to create the new user correctly but it does delete the old one so it's a mess to clean up :)

Also, why not check for a functioning ID by checking whether the given username exists instead of another account? Then this wouldn't happen.

I can't say for sure if this is a 'just us' thing, but the IT team at my workplace has been using your awesome script for fetching the jdk (albeit a slightly older version of your script) for a while - thanks by the way! - but it stopped working a few weeks ago, I suspect because Oracle updated their pages.

I figured out that the main page it curls had changed its various jdk link URLs, compared to the older URL style parsed for in the script version we were using, to contain https instead of http, otn instead of otn-pub, and contained a new sequence of alphnumeric characters between forward slashes. I made the regex changes manually before discovering your latest script made the exact same change in the script for parsing the URLs. At least I was on the right track and got further... At that point I just downloaded and used your latest released script.

So I got past that point, but then I noticed that once it grabs the ultimate URL it wants to curl down into a DMG it's just pulling HTML and outputting it into the file whenever I try it.

I have mainly been testing that final step/curl by instantiating the values myself and typing it in as a one-liner on a bash shell, like this:

/usr/bin/curl --retry 3 -Lo "jdk.dmg" "https://download.oracle.com/otn/java/jdk/8u212-b10/59066701cf1a433da9770636fbc4c9aa/jdk-8u212-macosx-x64.dmg" -H "Cookie: oraclelicense=accept-securebackup-cookie"

I get a non-zero size file for the output of the curl which becomes the .dmg file, but what shows up as the contents of the .dmg file is the HTML for an oracle signon page which was captured in the curl:

<html>
<script language="javascript" type="text/javascript">
function submitForm()
{
var hash = location.hash;
if (hash) {
if(hash.indexOf("#") == -1){
hash="#"+hash
}
document.myForm.action = document.myForm.action+hash;
}
document.myForm.submit();
}
</script><head><base target="_self"></head><body onLoad="submitForm()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="post" name="myForm"><!------------ DO NOT REMOVE -------------><!----- loginform renderBrowserView -----><!-- Required for SmartView Integration --><input type="hidden" name="bmctx" value="05C65B855F507509F2A50E4187F746B908003F815E8CAC65124394831AC5D9EF"><input type="hidden" name="contextType" value="external"><input type="hidden" name="username" value="string"><input type="hidden" name="contextValue" value="%2Foam"><input type="hidden" name="password" value="secure_string"><input type="hidden" name="challenge_url" value="https%3A%2F%2Flogin.oracle.com%2Fmysso%2Fsignon.jsp"><input type="hidden" name="request_id" value="5894995367757985692"><input type="hidden" name="authn_try_count" value="0"><input type="hidden" name="OAM_REQ" value="VERSION_4~… [Clipped for space reasons]…wHQ3o"><input type="hidden" name="locale" value="en"><input type="hidden" name="resource_url" value="https%253A%252F%252Fedelivery.oracle.com%252Fakam%252Fotn%252Fjava%252Fjdk%252F8u212-b10%252F59066701cf1a433da9770636fbc4c9aa%252Fjdk-8u212-macosx-x64.dmg"></form></body></html>

So, am I doing something wrong or is this happening for others as well?

-Josh

Hi. I got the script (unchanged) running at first during the enrollment process, and although the Jamfs logs properly indicates "Rosetta has been successfully installed.", all the following Non-UB-Apps installations fail with the message: "installation failed. The installer reported: installer: This package requires Rosetta 2 to be installed.
Please install Rosetta 2 and then try again.
sudo softwareupdate --install-rosetta"
Google Chrome, which is installed by a script itself, also brings up the "you need to install Rosetta 2 first" window while trying to launch.
Where do I might be wrong with?
MacBook Air M1, macOS 11.1.0, JamfCloud 10.26.1
Thanks.

I found your uninstall_mackeeper.sh script to be quite helpful in getting rid of MacKeeper in our environment when it appeared on various machines. Thanks!

Wanted to let you know that I did modify your script for our use and added Applications/MacKeeper.app to the userItems array, since that was the only location we saw it installed.

• [ add 'Applications/MacKeeper.app to userItems array of rtrouton_scripts/Casper_Scripts/uninstall_scripts/uninstall_mackeeper/uninstall_mackeeper.sh ]

Testing the script with an install of macOS 11.5.0 (20G71) will install Rosetta 2 each time its run as the location its testing for the install is no longer valid.

location /Library/Apple/System/Library/LaunchDaemons/ no longer has the plist com.apple.oahd.plist so install will happen if Rosetta 2 is installed or not.

This:
disable_apple_icloud_data_privacy_diagnostic_touch_id_siri_activation_lock_and_screentime_pop_ups
seems to no longer work with latest Mojave update, only profile route seems to work now:
https://github.com/rtrouton/profiles/tree/master/SkipiCloudSetup

Still trying to figure out what the issue is exactly but I get Script result: Unrecognized subcommand: when it runs on 11.2 or 11.3. Seems to work okay on 11.1 and older. I'm not sure what changed (yet).

Hi there,

Every time I try to run this script, I get a permission denied error. Multiple Users, multiple computers. I have been able to skirt around it, by copying the text and creating a new document on the local computer, but this doesn't seem to be working at this point either.

Any ideas? Below is a screen cap of the error, when walking a user thru the script save/execution.

Switching to our top lvl admin account in terminal, and trying to execute it doesn't seem to work either.

It appears not all items that are supposed to be deleted from the Users ddcl record are.

I run this is on 10.12 Macs before upgrading to 10.14.

PrimaryNTDomain
AppleMetaRecordName

are both still present in the Record after the script finishes. No errors.

Running /usr/bin/dscl . -delete manually reports not errors but also does not remove the items.

Can you add the tick box on Mojave for "Install app updates from App Store"?

I've been playing around with your "disable_apple_icloud_and_diagnostic_pop_ups.sh" script. I got the following error whilst executing it (sudo bash ~/path/to/script.sh):

chown: basename "${USER_HOME}": illegal user name

I was able to rectify the issue by editing line 36:

USER_UID='basename "${USER_HOME}"'

to:

USER_UID=$(basename "${USER_HOME}")

I'm using OS X 10.10.1.

Not 100% sure why this fixed the issue and I haven't done any extensive testing, but after making the change the script executes without any problems.

Thanks!

There appears to be a new prompt for Enhanced Error reporting that is not suppressed by the script in at least version 16.15 (180709):

Adding the following line in the DisableOffice2016FirstRun function seems to suppress
/usr/bin/defaults write /Library/Preferences/com.microsoft."$app" kFRETelemetryConsentKey -bool true

Beyond that I do not know how to validate if that fully disables error reporting but it at least disabled the prompt upon first app run.