charliwest · January 10, 2024 09:22
diff --git a/firstBootLogin.sh b/firstBootLogin.sh
 #!/bin/zsh
 organizationIdentifier=XXXX
 installerBaseString=${organizationIdentifier}.firstBoot
 tempUtilitiesPath=/var/tmp
 installerScriptName=${installerBaseString}-installer.zsh
 uninstallerScriptName=${installerBaseString}-cleanup.zsh
 launchDaemonName=${installerBaseString}.plist
 launchDaemonPath="/Library/LaunchDaemons"/${launchDaemonName}
 installerScriptPath=${tempUtilitiesPath}/${installerScriptName}
 uninstallerScriptPath=${tempUtilitiesPath}/${uninstallerScriptName}

 echo "Creating ${installerScriptPath}."
 (
 cat <<ENDOFINSTALLERSCRIPT
 #!/bin/zsh
 while true; do
    # Check if current user is root, admin, or otheradmin (change these as needed or remove). Also make sure it is not _mbsetupuser
    loggedInUser=\$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print \$3 }' )
    if [[ \${loggedInUser} == "root" || \${loggedInUser} == "admin" || \${loggedInUser} == "otheradmin" || \${loggedInUser} == "_mbsetupuser" || \${loggedInUser} == "" || \${loggedInUser} == "." ]]; then
        echo "Cannot run script as \${loggedInUser}. Waiting for 10 seconds."
        sleep 10
    else
    	sleep 5
        echo "Running script as \${loggedInUser}"
        # Set up Dock
        /usr/local/bin/jamf policy -event "setUpDock" &&
        # Set VPN URL
        /usr/local/bin/jamf policy -event "setVPNURL" &&
        # Set Wallpaper
        /usr/local/bin/jamf policy -event "setWallpaper" &&
        # Set User Permissions for Printer, Network and Date & Time
        /usr/local/bin/jamf policy -event "SetUserPermissions" &&
        # Set Correct Username
        /usr/local/bin/jamf policy -event "updateUsername" &&
        # Set FV2 Keyboard Correctly
        /usr/local/bin/jamf policy -event "fixKeyboardLayout" &&
        # Sets the device enrollment complete
        /usr/local/bin/jamf policy -event "SetDeviceEnrollmentCompleted" &&
        # Open Self Service
        sudo -u $loggedInUser open "jamfselfservice://" &&
        # Run a Recon
        /usr/local/bin/jamf recon
        # Open OneDrive, this makes it autostart each login
        open -a OneDrive
        # Clean up set up
        #rm /var/tmp/notifyJamf.sh

        # Exit the loop and the script
        break
    fi
 done
 ENDOFINSTALLERSCRIPT
 )  > "${installerScriptPath}"

 echo "Setting permissions for ${installerScriptPath}."
 chmod 700 "${installerScriptPath}"
 chown root:wheel "${installerScriptPath}"


 echo "Creating ${launchDaemonPath}."
 (
 cat <<ENDOFLAUNCHDAEMON
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
 	<key>Label</key>
 	<string>${launchDaemonName}</string>
 	<key>RunAtLoad</key>
 	<true/>
 	<key>UserName</key>
 	<string>root</string>
 	<key>ProgramArguments</key>
 	<array>
 		<string>/bin/zsh</string>
 		<string>${installerScriptPath}</string>
 	</array>
 	<key>StandardErrorPath</key>
 	<string>/var/tmp/${installerScriptName}.err</string>
 	<key>StandardOutPath</key>
 	<string>/var/tmp/${installerScriptName}.out</string>
 </dict>
 </plist>

 ENDOFLAUNCHDAEMON
 )  > "${launchDaemonPath}"

 echo "Setting permissions for ${launchDaemonPath}."
 chmod 644 "${launchDaemonPath}"
 chown root:wheel "${launchDaemonPath}"

 echo "Loading ${launchDaemonName}."
 launchctl load "${launchDaemonPath}"

 echo "Creating ${uninstallerScriptPath}."
 (
 cat <<ENDOFUNINSTALLERSCRIPT
 #!/bin/zsh
 # This is meant to be called by a Jamf Pro policy via trigger
 # Near the end of your setup for your mac script

 rm ${installerScriptPath}

 # Note that if you unload the LaunchDaemon this will immediately kill the setup your mac script script
 # Just remove the underlying plist file, and the LaunchDaemon will not run after next reboot/login.

 rm ${launchDaemonPath}
 rm ${uninstallerScriptName}
 rm /var/tmp/${installerScriptName}.err
 rm /var/tmp/${installerScriptName}.out

 ENDOFUNINSTALLERSCRIPT
 ) > "${uninstallerScriptPath}"

 echo "Setting permissions for ${uninstallerScriptPath}."
 chmod 700 "${uninstallerScriptPath}"
 chown root:wheel "${uninstallerScriptPath}"
	#!/bin/zsh
	organizationIdentifier=XXXX
	installerBaseString=${organizationIdentifier}.firstBoot
	tempUtilitiesPath=/var/tmp
	installerScriptName=${installerBaseString}-installer.zsh
	uninstallerScriptName=${installerBaseString}-cleanup.zsh
	launchDaemonName=${installerBaseString}.plist
	launchDaemonPath="/Library/LaunchDaemons"/${launchDaemonName}
	installerScriptPath=${tempUtilitiesPath}/${installerScriptName}
	uninstallerScriptPath=${tempUtilitiesPath}/${uninstallerScriptName}

	echo "Creating ${installerScriptPath}."
	(
	cat <<ENDOFINSTALLERSCRIPT
	#!/bin/zsh
	while true; do
	# Check if current user is root, admin, or otheradmin (change these as needed or remove). Also make sure it is not _mbsetupuser
	loggedInUser=\$( scutil <<< "show State:/Users/ConsoleUser" \| awk '/Name :/ && ! /loginwindow/ { print \$3 }' )
	if [[ \${loggedInUser} == "root" \|\| \${loggedInUser} == "admin" \|\| \${loggedInUser} == "otheradmin" \|\| \${loggedInUser} == "_mbsetupuser" \|\| \${loggedInUser} == "" \|\| \${loggedInUser} == "." ]]; then
	echo "Cannot run script as \${loggedInUser}. Waiting for 10 seconds."
	sleep 10
	else
	sleep 5
	echo "Running script as \${loggedInUser}"
	# Set up Dock
	/usr/local/bin/jamf policy -event "setUpDock" &&
	# Set VPN URL
	/usr/local/bin/jamf policy -event "setVPNURL" &&
	# Set Wallpaper
	/usr/local/bin/jamf policy -event "setWallpaper" &&
	# Set User Permissions for Printer, Network and Date & Time
	/usr/local/bin/jamf policy -event "SetUserPermissions" &&
	# Set Correct Username
	/usr/local/bin/jamf policy -event "updateUsername" &&
	# Set FV2 Keyboard Correctly
	/usr/local/bin/jamf policy -event "fixKeyboardLayout" &&
	# Sets the device enrollment complete
	/usr/local/bin/jamf policy -event "SetDeviceEnrollmentCompleted" &&
	# Open Self Service
	sudo -u $loggedInUser open "jamfselfservice://" &&
	# Run a Recon
	/usr/local/bin/jamf recon
	# Open OneDrive, this makes it autostart each login
	open -a OneDrive
	# Clean up set up
	#rm /var/tmp/notifyJamf.sh

	# Exit the loop and the script
	break
	fi
	done
	ENDOFINSTALLERSCRIPT
	) > "${installerScriptPath}"

	echo "Setting permissions for ${installerScriptPath}."
	chmod 700 "${installerScriptPath}"
	chown root:wheel "${installerScriptPath}"


	echo "Creating ${launchDaemonPath}."
	(
	cat <<ENDOFLAUNCHDAEMON
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>Label</key>
	<string>${launchDaemonName}</string>
	<key>RunAtLoad</key>
	<true/>
	<key>UserName</key>
	<string>root</string>
	<key>ProgramArguments</key>
	<array>
	<string>/bin/zsh</string>
	<string>${installerScriptPath}</string>
	</array>
	<key>StandardErrorPath</key>
	<string>/var/tmp/${installerScriptName}.err</string>
	<key>StandardOutPath</key>
	<string>/var/tmp/${installerScriptName}.out</string>
	</dict>
	</plist>

	ENDOFLAUNCHDAEMON
	) > "${launchDaemonPath}"

	echo "Setting permissions for ${launchDaemonPath}."
	chmod 644 "${launchDaemonPath}"
	chown root:wheel "${launchDaemonPath}"

	echo "Loading ${launchDaemonName}."
	launchctl load "${launchDaemonPath}"

	echo "Creating ${uninstallerScriptPath}."
	(
	cat <<ENDOFUNINSTALLERSCRIPT
	#!/bin/zsh
	# This is meant to be called by a Jamf Pro policy via trigger
	# Near the end of your setup for your mac script

	rm ${installerScriptPath}

	# Note that if you unload the LaunchDaemon this will immediately kill the setup your mac script script
	# Just remove the underlying plist file, and the LaunchDaemon will not run after next reboot/login.

	rm ${launchDaemonPath}
	rm ${uninstallerScriptName}
	rm /var/tmp/${installerScriptName}.err
	rm /var/tmp/${installerScriptName}.out

	ENDOFUNINSTALLERSCRIPT
	) > "${uninstallerScriptPath}"

	echo "Setting permissions for ${uninstallerScriptPath}."
	chmod 700 "${uninstallerScriptPath}"
	chown root:wheel "${uninstallerScriptPath}"