-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathrmMDM.sh
84 lines (70 loc) · 2.15 KB
/
rmMDM.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/bin/bash
[ $UID = 0 ] || exec sudo "$0" "$@"
#[ $UID = 0 ] || exec sudo /"$(echo $0 | cut -c 2- )" "$@"
#uncomment 'set -e' to enable debugging mode
#set -e
sip=$(csrutil status)
if [[ "$sip" == *enabled* ]]; then
echo "Please disable SIP, then try again."
exit
fi
OS=$(sw_vers | head -n 2 | tail -n 1 | cut -f2 -d : | cut -c 2-)
if [ ! -e /System/Library/LaunchAgents/com.apple.ManagedClientAgent.agent.plist ]; then
choice=$(osascript -e 'display alert "Continue?" message "This OS already appears to be patched, are you sure you want to continue?" buttons {"Yes", "No"}')
if [[ $choice == 'button returned:No' ]]; then
exit
fi
fi
if [[ $OS == *"10.15"* ]]; then
mount -uw /
fi
echo $OS
if [[ "$OS" < 10.16 ]]; then
echo "Removing files from LaunchAgents"
cd /System/Library/LaunchAgents
if [ ! -d rmMDM ]; then
mkdir rmMDM
fi
mv com.apple.ManagedClientAgent.* rmMDM/
mv com.apple.mdmclient.* rmMDM/
echo "Removing files from LaunchDaemons"
cd ../LaunchDaemons
if [ ! -d rmMDM ]; then
mkdir rmMDM
fi
mv com.apple.ManagedClient.* rmMDM/
mv com.apple.mdmclient.* rmMDM/
exit
fi
echo 'Determining mount point of "Macintosh SSD"'
mountpoint=$(df "/" | tail -1 | sed -e 's@ .*@@'| sed 's/..$//')
echo "Macintosh SSD is mounted at $mountpoint"
echo ""
authroot=$(csrutil authenticated-root)
if [[ "$authroot" == *enabled* ]]; then
echo "Please disable authenticated-root, then try again."
exit
fi
#if [ ! -d ~/mount ]; then
#echo "Making temporary mountpoint"
#mkdir ~/mount
#fi
echo "Mounting snapshot as rewritable..."
mount -o nobrowse -t apfs $mountpoint /System/Volumes/Update/mnt1
echo "Removing files from LaunchAgents"
cd /System/Volumes/Update/mnt1/System/Library/LaunchAgents
if [ ! -d rmMDM ]; then
mkdir rmMDM
fi
mv com.apple.ManagedClientAgent.* rmMDM/
mv com.apple.mdmclient.* rmMDM/
echo "Removing files from LaunchDaemons"
cd ../LaunchDaemons
if [ ! -d rmMDM ]; then
mkdir rmMDM
fi
mv com.apple.ManagedClient.* rmMDM/
mv com.apple.mdmclient.* rmMDM/
echo "Creating new snapshot..."
bless --folder /System/Volumes/Update/mnt1/System/Library/CoreServices --bootefi --create-snapshot
echo "Done. Please reboot for the changes to take effect."