Invalid chars that supposed to be a dash at line 188 :

/usr/sbin/softwareupdate -–install-rosetta -–agree-to-license

Produce errors while running the shellscript on ##MacOS (M1)

• /usr/sbin/softwareupdate $'-?\200\223install-rosetta' $'-?\200\223agree-to-license'
  softwareupdate: invalid option -- ?
  softwareupdate: invalid option -- ?
  softwareupdate: invalid option -- ?
  softwareupdate: invalid option -- n
  softwareupdate: invalid option -- s
  softwareupdate: invalid option -- t
  softwareupdate: unrecognized option `--rosetta'
  softwareupdate: invalid option -- ?
  softwareupdate: invalid option -- ?
  softwareupdate: invalid option -- ?
  softwareupdate: invalid option -- g
  softwareupdate: invalid option -- e
  softwareupdate: invalid option -- e
  softwareupdate: unrecognized option `--to-license'

cat -ve output line 88 :

/usr/sbin/softwareupdate -?M-^@M-^Sinstall-rosetta -?M-^@M-^Sagree-to-license$

Return 0 as exit code :

+exit 0

Submitting pull request #53

Script is downloading the 1.1.7.81411 version. Changing the weburl to something like the following should ensure it always grabs the latest.

nudgeLatestURL="https://github.com/macadmins/nudge/releases/latest/"
versionUrl=$(curl "${nudgeLatestURL}" -s -L -I -o /dev/null -w '%{url_effective}')
versionNumber=$(printf "%s" "${versionUrl[@]}" | sed 's@.*/@@' | sed 's/%20/-/g')
versionNumber=${versionNumber:1}
weburl="https://github.com/macadmins/nudge/releases/download/v$versionNumber/Nudge_Suite-$versionNumber.pkg"

Thx for all your work, looking a way to deploy rapid7 agent on mac (token install) via intune.

Would like to use existing template but i dont see any function to run .sh script with parameters.(only pkg dmg and zip seems supported)

Idea would be to download sh installer from an azure blob and run the install command with parameters that includes my enterprise token

Hi,
I've been testing this script and noticed that Line 78 (in the downgrade end-user script) appears to have been commented out. Is this 'by design' (a safety feature maybe?). As once I uncommented this line the script ran successfully on my test macOS device and downgraded the end-user to a standard one during an ADE (via Intune).
Many thanks for making the script available, it has helped resolve an issue for a customer of mine.

The sample script is able to download the file but fails to install it. If I rename the file - remove the -X.X.X.pkg in the file name, it works just fine. From log file (actual app name replaced with AppName and actual version number replaced with X.X.X):

##############################################################

Mon Nov 7 09:21:35 CET 2022 | Logging install of [AppName] to [/Library/Logs/Microsoft/IntuneScripts/AppName/AppName.log]

############################################################

Mon Nov 7 09:21:35 CET 2022 | Checking if we need Rosetta 2 or not
Mon Nov 7 09:21:35 CET 2022 | Waiting for other [/usr/sbin/softwareupdate] processes to end
Mon Nov 7 09:21:35 CET 2022 | No instances of [/usr/sbin/softwareupdate] found, safe to proceed
Mon Nov 7 09:21:35 CET 2022 | Rosetta is already installed and running. Nothing to do.
Mon Nov 7 09:21:35 CET 2022 | Checking if we need to install or update [AppName]
Mon Nov 7 09:21:35 CET 2022 | [AppName] not installed, need to download and install
Mon Nov 7 09:21:35 CET 2022 | Dock is here, lets carry on
Mon Nov 7 09:21:35 CET 2022 | Starting downlading of [AppName]
Mon Nov 7 09:21:35 CET 2022 | Waiting for other [curl -f] processes to end
Mon Nov 7 09:21:35 CET 2022 | No instances of [curl -f] found, safe to proceed
Mon Nov 7 09:21:35 CET 2022 | Downloading AppName [https://somethingsomething.blob.core.windows.net/something/AppName-X.X.X.pkg]
Mon Nov 7 09:21:35 CET 2022 | Downloaded [AppName.app] to [/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/tmp.AQTprJVD/AppName-X.X.X.pkg]
Mon Nov 7 09:21:35 CET 2022 | Detected install type as [PKG]
Mon Nov 7 09:21:35 CET 2022 | Waiting for other [/Applications/AppName.app/Contents/MacOS/AppName] processes to end
Mon Nov 7 09:21:35 CET 2022 | No instances of [/Applications/AppName.app/Contents/MacOS/AppName] found, safe to proceed
Mon Nov 7 09:21:35 CET 2022 | Installing AppName
installer: Error - the package path specified was invalid: '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/tmp.AQTprJVD/AppName-X.X.X.pkg'.
Mon Nov 7 09:21:35 CET 2022 | Failed to install AppName

According to the Microsoft website, the Company Portal app requires MacOS 10.12 or newer.

I checked, and I didn't see anything in the script that checks to make sure the current version of the OS is compatible.

So I checked to see if I can setup in Intune to only run the script with 10.12 or newer... but apparently that's not something scripts can be setup to do.

Is this an issue? We have a lot of older macs here, and I wanted to know before I deploy it to a bunch of them.

Im using the new script version 3.0.1.
im getting the error Failed to determine Temp file Type {}
Google drive and Adobereader worked with this but is not working with vonage

Its a .Dmg file then when opened has a .APP file

##############################################################

Mon Nov 22 14:39:53 EST 2021 | Logging install of [Vonage Business] to [/Library/Logs/Microsoft/IntuneScripts/VonageBusiness/Vonage Business.log]

############################################################

Mon Nov 22 14:39:53 EST 2021 | Checking if we need Rosetta 2 or not
Mon Nov 22 14:39:53 EST 2021 | Waiting for other [/usr/sbin/softwareupdate] processes to end
Mon Nov 22 14:39:53 EST 2021 | No instances of [/usr/sbin/softwareupdate] found, safe to proceed
Mon Nov 22 14:39:53 EST 2021 | [Intel(R) Core(TM) i5-4278U CPU @ 2.60GHz] found, Rosetta not needed
Mon Nov 22 14:39:53 EST 2021 | Checking if we need to install or update [Vonage Business]
Mon Nov 22 14:39:53 EST 2021 | [Vonage Business] not installed, need to download and install
Mon Nov 22 14:39:53 EST 2021 | Dock is here, lets carry on
Mon Nov 22 14:39:53 EST 2021 | Starting downlading of [Vonage Business]
Mon Nov 22 14:39:53 EST 2021 | Waiting for other [curl -f] processes to end
Mon Nov 22 14:39:53 EST 2021 | No instances of [curl -f] found, safe to proceed
Mon Nov 22 14:39:53 EST 2021 | Downloading Vonage Business
Mon Nov 22 14:39:55 EST 2021 | Found DMG, looking inside...
Mon Nov 22 14:39:55 EST 2021 | Mounting Image
Mon Nov 22 14:39:55 EST 2021 | Un-mounting [/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/tmp.q6OHFnBu/Vonage Business]
Failed to determine temp file type []
mactest@MacTests-Mac-mini Vonage %

User Defined variables

weburl="https://vbc-downloads.vonage.com/mac/VonageBusinessSetup.dmg" # What is the Azure Blob Storage URL?
appname="Vonage Business" # The name of our App deployment script (also used for Octory monitor)
app="Vonage Business.app" # The actual name of our App once installed
logandmetadir="/Library/Logs/Microsoft/IntuneScripts/VonageBusiness" # The location of our logs and last updated data
processpath="/Applications/Vonage Business.app/Contents/MacOS/Vonage Business" # The process name of the App we are installing
terminateprocess="true" # Do we want to terminate the running process? If false we'll wait until its not running
autoUpdate="true" # Application updates itself, if already installed we should exit

Before importing the script into InTune I tried running downgradeUsertoStandard.sh directly on a test Mac. After running I get the following in the log file:

##############################################################
# Fri Apr  7 12:45:29 EDT 2023 | Starting Downgrade Admin Users to Standard
############################################################

Checking MDM Profile Type
Enrolled via DEP: Yes
Device is ABM Managed
DemoteAccounts.sh: line 80: syntax error near unexpected token `<'
DemoteAccounts.sh: line 80: `  done < <(dscl . list /Users UniqueID | awk '$2 >= 501 {print $1}')'

I've not been able to figure out what this syntax error is. Does this script only work when run through InTune?

I use the installOfficeBusinessPro.sh script to install Office for Mac and upon launching OneDrive and logging in it will go through a few updates and OneDrive will close and reopen requiring login 1-2 additional times. Is there any way to guarantee the latest OneDrive is installed and this login process is more seamless? Does this have to do with Consumer vs Enterprise and tenant features? Would be ideal if there was a way to just install the latest final version for my tenant.

Intune > MacOS > Add Script

"Selected file 'installCompanyPortal.sh' must be between 1 and 200000 bytes."

https://docs.microsoft.com/en-us/mem/intune/apps/apps-company-portal-macos

I would love to see a way to set the default web browser. For instance, I would prefer if all my users set their default browser to Edge (for password and bookmark syncing reasons). I'm already successfully installing Edge, would be nice if after edge was downloaded and installed, it set Edge as the default.

Hi all,
I am using the shell-intune script to install MS Teams as specified:

Run script as logged in user : No
Hide script notifications on devices : Not configured
Script frequency : Not configured
Number of retries if script fails : 3

Nevertheless, I get the following error message in the log:

##############################################################
# Mon May  2 14:49:44 CEST 2022 | Logging install of [Microsoft Teams] to [/Library/Logs/Microsoft/IntuneScripts/installTeams/Microsoft Teams.log]
############################################################

Mon May  2 14:49:44 CEST 2022 | Checking if we need Rosetta 2 or not
Mon May  2 14:49:44 CEST 2022 | Waiting for other [/usr/sbin/softwareupdate] processes to end
Mon May  2 14:49:44 CEST 2022 | No instances of [/usr/sbin/softwareupdate] found, safe to proceed
usage: softwareupdate <cmd> [<args> ...]

** Manage Updates:
	-l | --list		List all appropriate update labels (options:  --no-scan, --product-types)
	-d | --download		Download Only
	-i | --install		Install
		<label> ...	specific updates
		-a | --all		All appropriate updates
		-R | --restart		Automatically restart (or shut down) if required to complete installation.
		-r | --recommended	Only recommended updates
		     --os-only	Only OS updates
		     --safari-only	Only Safari updates
		     --stdinpass	Password to authenticate as an owner. Apple Silicon only.
		     --user	Local username to authenticate as an owner. Apple Silicon only.
	--list-full-installers		List the available macOS Installers
	--fetch-full-installer		Install the latest recommended macOS Installer
		--full-installer-version	The version of macOS to install. Ex: --full-installer-version 10.15
	--install-rosetta	Install Rosetta 2
	--background		Trigger a background scan and update operation

** Other Tools:
	--dump-state		Log the internal state of the SU daemon to /var/log/install.log
	--evaluate-products	Evaluate a list of product keys specified by the --products option 
	--history		Show the install history.  By default, only displays updates installed by softwareupdate.  
	--all 			Include all processes in history (including App installs) 

** Options:
	--no-scan		Do not scan when listing or installing updates (use available updates previously scanned)
	--product-types <type>		Limit a scan to a particular product type only - ignoring all others
		Ex:  --product-types macOS  || --product-types macOS,Safari 
	--products		A comma-separated (no spaces) list of product keys to operate on. 
	--force			Force an operation to complete.  Use with --background to trigger a background scan regardless of "Automatically check" pref 
	--agree-to-license		Agree to the software license agreement without user interaction.

	--verbose		Enable verbose output
	--help			Print this help

Mon May  2 14:49:44 CEST 2022 | Rosetta has been successfully installed.
Mon May  2 14:49:44 CEST 2022 | Checking if we need to install or update [Microsoft Teams]
Mon May  2 14:49:44 CEST 2022 | [Microsoft Teams] not installed, need to download and install
Mon May  2 14:49:44 CEST 2022 | Dock is here, lets carry on
Mon May  2 14:49:44 CEST 2022 | Starting downlading of [Microsoft Teams]
Mon May  2 14:49:44 CEST 2022 | Waiting for other [curl -f] processes to end
Mon May  2 14:49:44 CEST 2022 | No instances of [curl -f] found, safe to proceed
Mon May  2 14:49:44 CEST 2022 | Downloading Microsoft Teams
Mon May  2 14:49:46 CEST 2022 | Unknown file type [/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/tmp.Neo7RUCw/?linkid=869428], analysing metadata
Mon May  2 14:49:46 CEST 2022 | Downloaded [Microsoft Teams.app] to [/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/tmp.Neo7RUCw/install.pkg]
Mon May  2 14:49:46 CEST 2022 | Detected install type as [PKG]
Mon May  2 14:49:46 CEST 2022 | Waiting for other [/Applications/Microsoft Teams.app/Contents/MacOS/Teams] processes to end
Mon May  2 14:49:46 CEST 2022 | No instances of [/Applications/Microsoft Teams.app/Contents/MacOS/Teams] found, safe to proceed
Mon May  2 14:49:46 CEST 2022 | Installing Microsoft Teams
installer: This package requires Rosetta 2 to be installed.
                Please install Rosetta 2 and then try again.
                    `sudo softwareupdate --install-rosetta`

installer: Error - Microsoft Teams kann nicht auf diesem Computer installiert werden.
Mon May  2 14:49:46 CEST 2022 | Failed to install Microsoft Teams

I am unfortunately a complete beginner as far as shell scripting is concerned.
Could someone help me with troubleshooting.

best regards and thanks in advance

I am trying to deploy the Rosetta Install script on an M1 MacBook Pro 16 inch and the script gets an error on line 77.
/bin/bash: line 77: waitForProcess: command not found
softwareupdate: invalid option -- ?
softwareupdate: invalid option -- ?
softwareupdate: invalid option -- ?
softwareupdate: invalid option -- n
softwareupdate: invalid option -- s
softwareupdate: invalid option -- t
softwareupdate: unrecognized option --rosetta' softwareupdate: invalid option -- ? softwareupdate: invalid option -- ? softwareupdate: invalid option -- ? softwareupdate: invalid option -- g softwareupdate: invalid option -- e softwareupdate: invalid option -- e softwareupdate: unrecognized option --to-license'
usage: softwareupdate [ ...]

I am thinking that this Mac no longer includes the command waitForProcess. Anyone else having this issue?

I am trying to customize the SampleScript although I get a syntax error on the logging function:

line 921: syntax error near unexpected token `>'
line 921: `    exec > >(tee -a "$log") 2>&1'

Hi,

Is there a way to enable MAU for all users (change permissions) so that users do not have to manually do it or ask for.

Hello Neil,

we received a new M1 chipped MacBook and the custom profiles fail with 0x87d1271a error code.

Is there a workaround for that?

Line 74 does not work anymore on Monterey (at least 12.2.1, maybe on older versions as well) since the plist file is not existing anymore.
Better check for installed rosetta would be to check if the oahd deamon is running:
if [ ! pgrep oahd ]; then

Hi, I have been struggling to setup remote management on Big Sur and above (Apple Silicon), getting the below error

"setremotelogin: Turning Remote Login on or off requires Full Disk Access privileges."

I am using the below command to enable Remote management

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowaccessfor -specifiedusers -users administrator -on -privs -all -restart -agent -menu

Can someone help please.

Pushing script via Intune to MacOS 12.4 and throwing error after downloading MAU.

Log contents:

##############################################################
# Wed Jul 13 16:04:17 EDT 2022 | Logging install of [Company Portal] to [/Library/Logs/Microsoft/IntuneScripts/installCompanyPortal/Company Portal.log]
############################################################

Wed Jul 13 16:04:17 EDT 2022 | Checking if we need Rosetta 2 or not
Wed Jul 13 16:04:17 EDT 2022 | Waiting for other [/usr/sbin/softwareupdate] processes to end
Wed Jul 13 16:04:17 EDT 2022 | No instances of [/usr/sbin/softwareupdate] found, safe to proceed
Wed Jul 13 16:04:17 EDT 2022 | Rosetta is already installed and running. Nothing to do.
Wed Jul 13 16:04:17 EDT 2022 | Checking if we need to install or update [Company Portal]
Wed Jul 13 16:04:17 EDT 2022 | [Company Portal] not installed, need to download and install
Wed Jul 13 16:04:17 EDT 2022 | Dock is here, lets carry on
Wed Jul 13 16:04:17 EDT 2022 | Starting downlading of [Company Portal]
Wed Jul 13 16:04:17 EDT 2022 | Waiting for other [curl -f] processes to end
Wed Jul 13 16:04:17 EDT 2022 | No instances of [curl -f] found, safe to proceed
Wed Jul 13 16:04:17 EDT 2022 | Downloading Company Portal [https://go.microsoft.com/fwlink/?linkid=853070]
Wed Jul 13 16:04:19 EDT 2022 | Found downloaded tempfile [CompanyPortal-Installer.pkg]
Wed Jul 13 16:04:19 EDT 2022 | Downloaded [Company Portal.app] to [CompanyPortal-Installer.pkg]
Wed Jul 13 16:04:19 EDT 2022 | Detected install type as [PKG]
Wed Jul 13 16:04:19 EDT 2022 | Starting downlading of [MAU]
updateMAU:25: = not found

##############################################################

Problem in line 74: if [ $? == 0 ]; then
It should be in double brackets or perhaps quoted. Made the change to double brackets and it tested successfully. I'll send a pull request with update.

Install Acrobat.sh: line 770: syntax error near unexpected token `>'
Install Acrobat.sh: line 770: `    exec &> >(tee -a "$log")'

please tell me what I'm doing wrong because I'm sure I am :)
Running on Catalina.

On line 373-377 in your app installer scripts for mac where it says

    # App is installed, if it's updates are handled by MAU we should quietly exit
    if [[ $autoUpdate == "true" ]]; then
        echo "$(date) | [$appname] is already installed and handles updates itself, exiting"
        exit 0;
    fi

You may want to insert a updateOctory installed just before the exit 0 - otherwise Octory will eternally wait for the install to kick off, which if an app is marked as mandatory and users can't quit without mandatory apps installing, could result in a user being effectively locked out of their machine (partly due to an Octory bug where the force quit keys don't work in blurred mode).

I'd submit a pull request but it's a lot of different files that need to be edited 😄

With the recent change to Teams on macOS, changing the app name to Microsoft Teams classic.app, we are seeing the script force close and reinstall the entire suite.

Microsoft Teams.app is listed in the app array (line 350), but the application's name is now Microsoft Teams classic.app which means every time the script runs it will reinstall the whole suite. I just removed Teams from the app array to alleviate the problem.

In the install app scripts using dmg I have noticed some issues lately with dmg files with EULA's. Not sure how to get around this. I think for a small EULA you can put yes | hdiutil ......... but having issues with multipage EULA's and getting to the end to have it take the yes. Example is BrightAuthor:Connected from brightsign.biz

Hi, the script to add apps to the Mac Dock is great to use.
How about changing the behaviour a little bit, that it launches the Company Portal independent from the other apps (once installed)? When installing e.g. Office applications it might take quiet long until all apps that should be added to the dock are installed.

Hello, I have been having this trouble for some time trying to deploy a simple Adobe Creative Cloud Installer .pkg file for macOS for the district I work for via Intune Scripts, but keep running into issues.

Originally, I wrote my own script, and it works perfectly fine when running through Terminal on a test machine.

Then, as soon as I uploaded it to run through Intune, I kept getting an error after a successful install saying "Unable to reach Adobe servers" when launching the application. This led me here, where I customized this installIntuneApp4.0.zsh script in the examples, thinking there was something I wasn't accounting for in my own.
After testing and confirming my version of this script worked through Terminal without issues, I uploaded it to Intune and waited for it to run on my machine, only to get the exact same issue when launching the Creative Cloud application.

Here is a screenshot of the error:

I am posting to see if anyone else has had a similar issue, and if so how they got around this. It doesn't make sense to me that the exact same script ran as root from Terminal suddenly doesn't work when it's being ran as System in the background by Intune.
I have looked through the installer Log files and the Adobe Log files in macOS, and through the Microsoft Intune Logs on the Mac as well, but no errors are being reported throughout the installation.

This is the only program I have had any issues with deploying via Shell Scripts to macOS, as my other scripts I've written to install Google Chrome, Adobe Reader & Acrobat, Company Portal, Google Drive, and SentinelOne all work without any issue.

https://github.com/microsoft/shell-intune-samples/blob/master/macOS/Apps/gitHub%20Desktop/installGitHubDesktop.sh

Auto-update should be set to "true".

When URL changed to ARM app version - it is not possible to lunch the app as error occur.

Manual installation process works correctly.

We are having issues with Teams being out of date and no longer working without an update. The script aborts if the Application is already present, can the autoupdate variable be overridden so the modified date is checked and a version is installed anyway if the meta file is not present?

Hi, you have the plist file name for the scheduled scans as: com.microsoft.mdatp.schedquickscan.plist where the official documentation has com.microsoft.wdav.schedquickscan.plist listed as the file path. https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-schedule-scan?view=o365-worldwide#schedule-a-scan-with-intune

Not sure if both work or not.

Some references suggest using 'cd' with '|| exit' incase CD fails
https://github.com/koalaman/shellcheck/wiki/SC2164

I'm trying to set up a screensaver timeout and force password input on resume but no success yet. I'm configuring intune section "System Configuration -> Screensaver"
Can this be done with a script maybe ?

Ask For Password: True
Module Name: com.apple.screensaver
Login Window Idle Time: 10

I think the Yammer app has been removed by Microsoft in favour of using the browser-based interface.

The weburl in the sample script (https://aka.ms/yammer_desktop_mac) no longer points to an installer, and simply redirects to Bing, so the Yammer script may be redundant.

Uploading the script i Intune generates "The uploaded file is not a falid script"

Any tips ?

The dock script is still working fine on fresh machines running MacOS 12 Monterey, but I have not seen the dock successfully update for any new machines booting on MacOS 13 Ventura.

Is there something wrong on my side or is a change needed for the script?

Hi,

I'm trying to use the Quick Run script in Terminal but I receive the following error:

"Wed 21 Jul 2021 11:56:43 BST | Installing Company Portal
installer: Error trying to locate volume at /Applications
Wed 21 Jul 2021 11:56:44 BST | Failed to install Company Portal"

I'm not knowledgeable about scripting so I looked into this and all I can gather is that it may be an issue with line 379:

installer -pkg "$tempfile" -target /Applications

and I think perhaps it may have to be this instead:

installer -pkg "$tempfile" -target /

As I said, this definitely isn't my specialty and could be wrong but am eager to try to get this working so I can deploy the Quick Run script to multiple devices.

Thanks!

Mac\ Studio*) ModelCode=MS;;

Currently it uses this check to determinate if process is running or not
ps aux | grep "$processName" | grep -v grep
which is generally fine, but when it checks for just curl there might be issues, coz other processes (like Google Drive) may use same word curl in their full command line, so script will never ends waiting for curl exit :-(

Hi folks

I noticed you guys have some Linux script samples uploaded here, so I am hoping you can shed some light. I've spent hours on this issue, but can't figure out how to get custom compliance script working on Ubuntu 20.04.

I found some logs for Intune app under /var/log/syslog but its output is not helpful.
Tried following your script example, but the Intune app returns null values, what am I missing here?

detection.sh

#!/bin/bash
#set -x

(
    set -e
    echo "{"testVar", "True"}"
)

ERROR_CODE=$?
if [ $ERROR_CODE -ne 0 ]; then
    echo "There was an error. Please restart the script or contact your admin if the error persists."
    exit $ERROR_CODE
fi

rules.json

{
"Rules":[ 
    { 
       "SettingName":"testVar",
       "Operator":"IsEquals",
       "DataType":"Boolean",
       "Operand":true,
       "MoreInfoUrl":"https://bing.com",
       "RemediationStrings":[ 
          { 
             "Language": "en_US",
             "Title": "test value: {ActualValue}",
             "Description": "test description"
          }
       ]
    }
 ]
}

result:

The VS Code script does not install the app as "Universal App". The app is installed as "Application (Intel)". Would be great to fix this as there should be power and performance optimization.

Not sure how much leverage you have at MS. But it would be nice to see MS and Adobe work together for Mac Admins to deploy their Adobe Creative Cloud Package. I have been unsuccessful getting it to work 100% correctly. I did manage to get it to work by putting their package in another package, signing it with Apple Developer ID, wrapping in Intune and uploading to Intune. It runs and installs fine, but reports back to intune that it didn't know the status.

This lead me to use one of your scripts and purpose it for the Adobe CC package, I can take the Adobe CC package and downloaded it. I have to put it on Amazon S3 which doesn't seem to like pkg files so I have to zip it first and then upload to S3 and then in your script I use the zip function to unzip it and changed one line in there to use installer to install the package after it's been unzipped and testing it twice now it has worked fine. I'm fine now that I have a solution, but not sure what others are doing. I have asked on slack and get no response. Seen posts on web that it just doesn't work and really no solution except to wrap it in another package and go that route, but for me it didn't report back correctly.

But seems to be a bunch of hoops to get it to work. Be nice to simply download the package, wrap it for Intune and upload it to Intune.

In the Manage Accounts scripts, the line that creates the password from serial is a small problem as it adds padding at the end with == for the password and if you have in the policy or configuration profile to now allow simple passwords it won't let you login as local admin because of the == at the end.

p=system_profiler SPHardwareDataType | awk '/Serial/ {print $4}' | tr '[A-Z]' '[K-WA-C]' | tr 3-6 4-90-3 | base64

Any idea on how to stop the padding or if it happens strip it so only the serial number of the computer is converted?

Running on macOS Monterey. Our users are standard users and Visual Studio Code has been installed using Intune via the script. Code prompts users with the message "An update is ready to install. Code is trying to add a new helper tool." It then asks for an administrator's name and password. The application is then not updated.

I'm assuming that the permissions of the Visual Studio Code application aren't correct:

drwxr-xr-x 3 root wheel 96B Nov 15 16:43 Visual Studio Code.app

Can the shell script be made to do fix the permissions issues? Should auto-update be disabled in the script for standard users? Will this get rid of the annoying prompt?

Hello, when running the create local account script (or the delete user script) if there is already an account setup with the same username the sysadminctl -deleteUser command does not fully work from the Intune agent's system context. The admin user gets demoted from admin to standard and the directory is deleted, but the user persists as standard and the create fails as the user is still present.

If I sudo -i to root and run the same sysadminctl -deleteUser command it fully deletes the user.

The error given at the end of the delete when Intune runs is as follows...

Error:-14120 File:/System/Volumes/Data/SWE/macOS/BuildRoots/5b2e67f8af/Library/Caches/com.apple.xbs/Sources/Admin/Admin-911/DSRecord.m Line:563

There are errors present in the createUser as well when running from Intune that are not present when running locally as root.

##############################################################

Wed Dec 22 12:30:12 CST 2021 | Starting Create Local Admin Account

############################################################

Creating new local admin account [user]
Adding user to hidden users list
Deleting the account if it already exists...
2021-12-22 12:30:13.081 sysadminctl[24785:186509] ----------------------------
2021-12-22 12:30:13.082 sysadminctl[24785:186509] No clear text password or interactive option was specified (adduser, change/reset password will not allow user to use FDE) !
2021-12-22 12:30:13.082 sysadminctl[24785:186509] ----------------------------
2021-12-22 12:30:13.085 sysadminctl[24785:186509] User user not found.
Creating the account...
2021-12-22 12:30:13.472 sysadminctl[24787:186530] ### Error:-14090 File:/System/Volumes/Data/SWE/macOS/BuildRoots/5b2e67f8af/Library/Caches/com.apple.xbs/Sources/Admin/Admin-911/DSAuthenticator.m Line:94
2021-12-22 12:30:13.480 sysadminctl[24787:186530] ----------------------------
2021-12-22 12:30:13.481 sysadminctl[24787:186530] No clear text password or interactive option was specified (adduser, change/reset password will not allow user to use FDE) !
2021-12-22 12:30:13.481 sysadminctl[24787:186530] ----------------------------
2021-12-22 12:30:13.844 sysadminctl[24787:186530] Creating user record…
2021-12-22 12:30:15.740 sysadminctl[24787:186530] Assigning UID: 501 GID: 20
2021-12-22 12:30:15.843 sysadminctl[24787:186530] ### Error:-14120 File:/System/Volumes/Data/SWE/macOS/BuildRoots/5b2e67f8af/Library/Caches/com.apple.xbs/Sources/Admin/Admin-911/DSRecord.m Line:418
2021-12-22 12:30:15.983 sysadminctl[24787:186530] Creating home directory at /Users/user

This is running on macOS Monterey 12.1.

Then current version of the InstallNudge.zsh script has an error in the updateCheck function. The path it is checking is /Applications/$app when it should be checking /Applications/Utilities/$app. This is the same issue in the installPKG, installDMG, and installZIP functions. Unless the intention of this new version of the script is to change the location Nudge is normally installed to.

This issue seems to be present in the InstallNudge.sh file as well.

An example of where this is occurring is lines 462-465 of the zsh file. Even if Nudge it already installed it will not be removing the existing version.

Remove existing files if present

if [[ -d "/Applications/$app" ]]; then
    rm -rf "/Applications/$app"
fi

https://github.com/microsoft/shell-intune-samples/blob/master/macOS/Config/Dock/addAppstoDock.sh

After the execution Dock crashes and default values are restored. Company Portal starts correctly.

MacOS version: 13.1

I guess it would be almost the same as zip files.

Hey Guys!

Thank you very much for this project, it helps a lot. I was wondering, have you ever tried to package Cisco AMP this way?

I have tried everything, but it will never install successfully :(

Thanks in advance!

If I manually browse to the URL in the script, Edge successfully downloads, but it keeps failing from the script.

##############################################################

Fri Feb 10 10:42:23 EST 2023 | Logging install of [Microsoft Edge] to [/Library/Logs/Microsoft/IntuneScripts/installEdge/Microsoft Edge.log]

############################################################

Fri Feb 10 10:42:23 EST 2023 | Checking if we need Rosetta 2 or not
Fri Feb 10 10:42:23 EST 2023 | Waiting for other [/usr/sbin/softwareupdate] processes to end
Fri Feb 10 10:42:23 EST 2023 | No instances of [/usr/sbin/softwareupdate] found, safe to proceed
Fri Feb 10 10:42:23 EST 2023 | Rosetta is already installed and running. Nothing to do.
Fri Feb 10 10:42:23 EST 2023 | Checking if we need to install or update [Microsoft Edge]
Fri Feb 10 10:42:23 EST 2023 | [Microsoft Edge] not installed, need to download and install
Fri Feb 10 10:42:23 EST 2023 | Dock is here, lets carry on
Fri Feb 10 10:42:23 EST 2023 | Starting downlading of [Microsoft Edge]
Fri Feb 10 10:42:23 EST 2023 | Waiting for other [curl -f] processes to end
Fri Feb 10 10:42:23 EST 2023 | No instances of [curl -f] found, safe to proceed
Fri Feb 10 10:42:23 EST 2023 | Downloading Microsoft Edge
Fri Feb 10 10:42:23 EST 2023 | Failure to download [https://go.microsoft.com/fwlink/?linkid=2093504] to []

MPKG files are not supported, is it possible to support this file type.

Error below:
"Detected both APP and PKG in same DMG, exiting gracefully Wed Feb 2 07:51:30 EST 2022 | Un-mounting [/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/tmp.q8EamKtI/ Failed to determine temp file type []"

Thanks.