Tutorial

Neue Updates und Verbesserungen zu Macfleet.

Wichtiger Hinweis

Die in diesen Tutorials bereitgestellten Codebeispiele und Skripte dienen nur zu Bildungszwecken. Macfleet ist nicht verantwortlich für Probleme, Schäden oder Sicherheitslücken, die durch die Verwendung, Änderung oder Implementierung dieser Beispiele entstehen können. Überprüfen und testen Sie Code immer in einer sicheren Umgebung, bevor Sie ihn in Produktionssystemen verwenden.

← Alle Beiträge

July 7, 2025

Login Window Customization on macOS

Customize and secure the login window on your MacFleet devices to enhance security, branding, and user experience. This tutorial covers user list management, power option control, custom messages, and enterprise login window configuration.

Understanding macOS Login Window

The macOS login window is the first interface users encounter when starting their device. It provides several customization options:

User display modes - Show user list or username/password fields
Power options - Control shutdown, restart, and sleep buttons
Custom messages - Display organizational notices or branding
Security settings - Hide sensitive information and control access

Enterprise Considerations

Hide user lists to prevent user enumeration
Disable power options to prevent unauthorized shutdowns
Display security notices for compliance requirements
Brand the interface for organizational identity

Basic Login Window Configuration

Display User List in Login Window

#!/bin/bash

# Show the list of users in the login window
defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false

echo "User list display enabled in login window"

Display Username/Password Dialog

#!/bin/bash

# Show username and password dialog instead of user list
defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true

echo "Username/password dialog enabled in login window"

Hide Power Options

#!/bin/bash

# Hide shutdown button
defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true

# Hide restart button
defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true

# Hide sleep button
defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true

echo "All power options hidden from login window"

Enable Power Options

#!/bin/bash

# Enable shutdown button
defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled false

# Enable restart button
defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false

# Enable sleep button
defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled false

echo "All power options enabled in login window"

Display Custom Message

#!/bin/bash

# Display a custom message on the login window
MESSAGE="Your device is managed by MacFleet. Contact IT for assistance."
defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$MESSAGE"

echo "Custom message set for login window"

Advanced Login Window Management

Comprehensive Login Window Configuration

#!/bin/bash

# Advanced login window configuration with validation
configure_login_window() {
    local config_type="$1"
    local custom_message="$2"
    
    # Validate admin privileges
    if [[ $EUID -ne 0 ]]; then
        echo "Error: This script requires administrator privileges"
        echo "Please run with sudo: sudo $0"
        exit 1
    fi
    
    case "$config_type" in
        "secure")
            echo "Applying secure login window configuration..."
            
            # Hide user list for security
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            
            # Disable all power options
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Set security message
            local security_msg="Authorized Personnel Only - All Activity Monitored"
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$security_msg"
            
            echo "✓ Secure configuration applied"
            ;;
        "corporate")
            echo "Applying corporate login window configuration..."
            
            # Show user list for convenience
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
            
            # Allow restart but disable shutdown and sleep
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Set corporate message
            local corp_msg="${custom_message:-Property of MacFleet Corporation}"
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$corp_msg"
            
            echo "✓ Corporate configuration applied"
            ;;
        "kiosk")
            echo "Applying kiosk login window configuration..."
            
            # Hide user list
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            
            # Disable all power options
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Hide additional elements for kiosk mode
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers true
            defaults write /Library/Preferences/com.apple.loginwindow HideMobileAccounts true
            
            # Set kiosk message
            local kiosk_msg="Kiosk Mode - Authorized Access Only"
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$kiosk_msg"
            
            echo "✓ Kiosk configuration applied"
            ;;
        "standard")
            echo "Applying standard login window configuration..."
            
            # Show user list
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
            
            # Enable all power options
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled false
            
            # Clear custom message
            defaults delete /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || true
            
            echo "✓ Standard configuration applied"
            ;;
        *)
            echo "Error: Unknown configuration type '$config_type'"
            echo "Available types: secure, corporate, kiosk, standard"
            return 1
            ;;
    esac
    
    # Verify configuration
    verify_login_window_config
}

# Verify current login window configuration
verify_login_window_config() {
    echo ""
    echo "=== Current Login Window Configuration ==="
    
    # Check user display mode
    local show_fullname
    show_fullname=$(defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || echo "false")
    
    if [[ "$show_fullname" == "true" ]]; then
        echo "User Display: Username/Password Dialog"
    else
        echo "User Display: User List"
    fi
    
    # Check power options
    local shutdown_disabled
    shutdown_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || echo "false")
    echo "Shutdown Button: $([ "$shutdown_disabled" == "true" ] && echo "Hidden" || echo "Visible")"
    
    local restart_disabled
    restart_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || echo "false")
    echo "Restart Button: $([ "$restart_disabled" == "true" ] && echo "Hidden" || echo "Visible")"
    
    local sleep_disabled
    sleep_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || echo "false")
    echo "Sleep Button: $([ "$sleep_disabled" == "true" ] && echo "Hidden" || echo "Visible")"
    
    # Check custom message
    local login_text
    login_text=$(defaults read /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || echo "None")
    echo "Custom Message: $login_text"
}

# Usage examples
configure_login_window "corporate" "Welcome to MacFleet Enterprise"

Login Window Branding and Customization

#!/bin/bash

# Advanced login window branding
customize_login_branding() {
    local company_name="$1"
    local support_info="$2"
    local logo_path="$3"
    
    echo "=== Customizing Login Window Branding ==="
    
    # Set company message
    if [[ -n "$company_name" ]]; then
        local branded_message="Property of $company_name"
        if [[ -n "$support_info" ]]; then
            branded_message="$branded_message | Support: $support_info"
        fi
        
        defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$branded_message"
        echo "✓ Company branding message set"
    fi
    
    # Set custom desktop background for login window
    if [[ -n "$logo_path" && -f "$logo_path" ]]; then
        defaults write /Library/Preferences/com.apple.loginwindow DesktopPicture "$logo_path"
        echo "✓ Custom background image set"
    fi
    
    # Configure additional branding options
    setup_login_window_styling "$company_name"
}

# Setup advanced login window styling
setup_login_window_styling() {
    local company_name="$1"
    
    # Hide computer name for cleaner appearance
    defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
    
    # Configure login window appearance
    defaults write /Library/Preferences/com.apple.loginwindow showInputMenu true
    
    # Set custom computer name display
    if [[ -n "$company_name" ]]; then
        scutil --set ComputerName "$company_name Workstation"
        scutil --set LocalHostName "$company_name-Mac"
    fi
    
    echo "✓ Login window styling configured"
}

# Usage
customize_login_branding "MacFleet Corporation" "help@macfleet.com" "/System/Library/Desktop Pictures/Big Sur.heic"

Security-Focused Login Configuration

#!/bin/bash

# High-security login window configuration
apply_security_hardening() {
    local security_level="$1"
    
    echo "=== Applying Security Hardening: $security_level ==="
    
    case "$security_level" in
        "maximum")
            # Hide all user information
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers true
            defaults write /Library/Preferences/com.apple.loginwindow HideMobileAccounts true
            defaults write /Library/Preferences/com.apple.loginwindow HideAdminUsers true
            
            # Disable all power options
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Hide additional UI elements
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu false
            defaults write /Library/Preferences/com.apple.loginwindow PowerOffDisabledWhileLoggedIn true
            
            # Set security warning
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "RESTRICTED ACCESS - AUTHORIZED PERSONNEL ONLY"
            
            echo "✓ Maximum security configuration applied"
            ;;
        "high")
            # Hide user list but allow some functionality
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers false
            defaults write /Library/Preferences/com.apple.loginwindow HideMobileAccounts true
            
            # Disable shutdown and sleep, allow restart
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Set moderate security message
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Corporate Device - Authorized Users Only"
            
            echo "✓ High security configuration applied"
            ;;
        "moderate")
            # Show user list but control power options
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers false
            
            # Allow restart, disable shutdown and sleep
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Set informational message
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Managed Device - Contact IT for Support"
            
            echo "✓ Moderate security configuration applied"
            ;;
        *)
            echo "Error: Unknown security level '$security_level'"
            echo "Available levels: maximum, high, moderate"
            return 1
            ;;
    esac
}

# Usage
apply_security_hardening "high"

Enterprise Login Window Management System

#!/bin/bash

# MacFleet Login Window Management Tool
# Comprehensive login window configuration and monitoring for fleet devices

# Configuration
SCRIPT_VERSION="1.0.0"
LOG_FILE="/var/log/macfleet_loginwindow.log"
REPORT_DIR="/etc/macfleet/reports/loginwindow"
CONFIG_DIR="/etc/macfleet/loginwindow"
TEMPLATE_DIR="/etc/macfleet/templates/loginwindow"

# Create directories if they don't exist
mkdir -p "$REPORT_DIR" "$CONFIG_DIR" "$TEMPLATE_DIR"

# Login window policy templates
declare -A LOGIN_POLICIES=(
    ["corporate_standard"]="user_list,restart_only,company_branding,moderate_security"
    ["corporate_secure"]="username_dialog,no_power,security_message,high_security"
    ["kiosk_mode"]="username_dialog,no_power,kiosk_branding,maximum_security"
    ["public_access"]="user_list,all_power,public_notice,low_security"
    ["executive"]="username_dialog,restart_only,executive_branding,high_security"
    ["guest_network"]="user_list,no_power,guest_notice,moderate_security"
    ["development"]="user_list,all_power,dev_environment,low_security"
    ["classroom"]="user_list,restart_only,educational_message,moderate_security"
    ["healthcare"]="username_dialog,no_power,hipaa_notice,maximum_security"
    ["financial"]="username_dialog,no_power,compliance_notice,maximum_security"
)

# Message templates for different scenarios
declare -A MESSAGE_TEMPLATES=(
    ["security_warning"]="RESTRICTED ACCESS - AUTHORIZED PERSONNEL ONLY - ALL ACTIVITY MONITORED"
    ["corporate_standard"]="Property of {COMPANY} | IT Support: {SUPPORT_CONTACT}"
    ["compliance_notice"]="This system contains confidential information. Unauthorized access is prohibited."
    ["guest_notice"]="Guest Access | Please contact reception for assistance"
    ["kiosk_mode"]="Kiosk Terminal | For assistance press F1"
    ["maintenance"]="System Under Maintenance | Contact IT Department"
    ["emergency"]="Emergency Access Only | Security Incident in Progress"
    ["educational"]="Educational Device | Students must follow acceptable use policy"
    ["hipaa_notice"]="HIPAA Protected System | Authorized Healthcare Personnel Only"
    ["financial_compliance"]="Financial Data System | SOX Compliance Required"
)

# Logging function
log_action() {
    local message="$1"
    local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
    echo "[$timestamp] $message" | tee -a "$LOG_FILE"
}

# Advanced login window policy enforcement
enforce_login_policy() {
    local policy_name="$1"
    local company_name="${2:-MacFleet}"
    local support_contact="${3:-IT Department}"
    local dry_run="${4:-false}"
    
    log_action "Enforcing login window policy: $policy_name (dry_run: $dry_run)"
    
    if [[ -z "${LOGIN_POLICIES[$policy_name]}" ]]; then
        log_action "ERROR: Unknown policy '$policy_name'"
        echo "Available policies: ${!LOGIN_POLICIES[*]}"
        return 1
    fi
    
    # Parse policy configuration
    IFS=',' read -ra POLICY_PARTS <<< "${LOGIN_POLICIES[$policy_name]}"
    local user_display="${POLICY_PARTS[0]}"
    local power_options="${POLICY_PARTS[1]}"
    local branding_type="${POLICY_PARTS[2]}"
    local security_level="${POLICY_PARTS[3]}"
    
    echo "=== Enforcing Policy: $policy_name ==="
    echo "User Display: $user_display"
    echo "Power Options: $power_options"
    echo "Branding: $branding_type"
    echo "Security Level: $security_level"
    
    if [[ "$dry_run" == "true" ]]; then
        echo "DRY RUN MODE - No changes will be applied"
        return 0
    fi
    
    # Apply user display settings
    apply_user_display_settings "$user_display"
    
    # Apply power option settings
    apply_power_option_settings "$power_options"
    
    # Apply branding and messaging
    apply_branding_settings "$branding_type" "$company_name" "$support_contact"
    
    # Apply security configurations
    apply_security_settings "$security_level"
    
    # Generate policy compliance report
    local report_file="$REPORT_DIR/policy_enforcement_${policy_name}_$(date +%Y%m%d_%H%M%S).json"
    generate_policy_report "$policy_name" "$report_file"
    
    log_action "Policy enforcement completed: $report_file"
    echo "$report_file"
}

# Apply user display settings
apply_user_display_settings() {
    local display_type="$1"
    
    case "$display_type" in
        "user_list")
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers false
            echo "✓ User list display enabled"
            ;;
        "username_dialog")
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            echo "✓ Username/password dialog enabled"
            ;;
        "hidden_users")
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers true
            defaults write /Library/Preferences/com.apple.loginwindow HideMobileAccounts true
            echo "✓ All users hidden from display"
            ;;
    esac
}

# Apply power option settings
apply_power_option_settings() {
    local power_config="$1"
    
    case "$power_config" in
        "all_power")
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled false
            echo "✓ All power options enabled"
            ;;
        "restart_only")
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            echo "✓ Only restart option enabled"
            ;;
        "no_power")
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            echo "✓ All power options disabled"
            ;;
    esac
}

# Apply branding and messaging settings
apply_branding_settings() {
    local branding_type="$1"
    local company_name="$2"
    local support_contact="$3"
    
    local message=""
    
    case "$branding_type" in
        "company_branding")
            message="${MESSAGE_TEMPLATES[corporate_standard]}"
            message="${message/\{COMPANY\}/$company_name}"
            message="${message/\{SUPPORT_CONTACT\}/$support_contact}"
            ;;
        "security_message")
            message="${MESSAGE_TEMPLATES[security_warning]}"
            ;;
        "kiosk_branding")
            message="${MESSAGE_TEMPLATES[kiosk_mode]}"
            ;;
        "executive_branding")
            message="Executive Workstation | $company_name | Confidential"
            ;;
        "guest_notice")
            message="${MESSAGE_TEMPLATES[guest_notice]}"
            ;;
        "educational_message")
            message="${MESSAGE_TEMPLATES[educational]}"
            ;;
        "hipaa_notice")
            message="${MESSAGE_TEMPLATES[hipaa_notice]}"
            ;;
        "compliance_notice")
            message="${MESSAGE_TEMPLATES[financial_compliance]}"
            ;;
        *)
            message="Managed by $company_name"
            ;;
    esac
    
    if [[ -n "$message" ]]; then
        defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$message"
        echo "✓ Custom message applied: $message"
    fi
}

# Apply security-specific settings
apply_security_settings() {
    local security_level="$1"
    
    case "$security_level" in
        "maximum_security")
            # Hide computer information
            defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo ""
            
            # Disable input menu
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu false
            
            # Disable auto login
            defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser 2>/dev/null || true
            
            # Enable login window delay
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            
            echo "✓ Maximum security settings applied"
            ;;
        "high_security")
            # Show minimal computer info
            defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
            
            # Enable input menu for language support
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu true
            
            # Disable guest account
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            
            echo "✓ High security settings applied"
            ;;
        "moderate_security")
            # Standard security with some convenience features
            defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu true
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            
            echo "✓ Moderate security settings applied"
            ;;
        "low_security")
            # Minimal restrictions for convenience
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu true
            
            echo "✓ Low security settings applied"
            ;;
    esac
}

# Generate comprehensive policy compliance report
generate_policy_report() {
    local policy_name="$1"
    local report_file="$2"
    
    # Get current login window settings
    local show_fullname=$(defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || echo "false")
    local shutdown_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || echo "false")
    local restart_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || echo "false")
    local sleep_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || echo "false")
    local login_text=$(defaults read /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || echo "")
    local hide_local_users=$(defaults read /Library/Preferences/com.apple.loginwindow HideLocalUsers 2>/dev/null || echo "false")
    local guest_enabled=$(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false")
    
    cat > "$report_file" << EOF
{
    "policy_report": {
        "policy_name": "$policy_name",
        "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
        "hostname": "$(hostname)",
        "script_version": "$SCRIPT_VERSION",
        "current_settings": {
            "show_fullname": $show_fullname,
            "shutdown_disabled": $shutdown_disabled,
            "restart_disabled": $restart_disabled,
            "sleep_disabled": $sleep_disabled,
            "custom_message": "$login_text",
            "hide_local_users": $hide_local_users,
            "guest_enabled": $guest_enabled
        },
        "display_mode": "$([ "$show_fullname" == "true" ] && echo "username_dialog" || echo "user_list")",
        "security_level": "unknown",
        "compliance_status": "compliant"
    }
}
EOF
    
    log_action "Policy report generated: $report_file"
}

# Monitor login window configuration
monitor_login_window() {
    local detailed="${1:-false}"
    
    echo "=== Login Window Configuration Monitor ==="
    
    # Basic configuration check
    local show_fullname=$(defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || echo "false")
    local display_mode=$([ "$show_fullname" == "true" ] && echo "Username/Password Dialog" || echo "User List")
    
    echo "Display Mode: $display_mode"
    
    # Power options status
    local shutdown_status=$([ "$(defaults read /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null)" == "true" ] && echo "Hidden" || echo "Visible")
    local restart_status=$([ "$(defaults read /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null)" == "true" ] && echo "Hidden" || echo "Visible")
    local sleep_status=$([ "$(defaults read /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null)" == "true" ] && echo "Hidden" || echo "Visible")
    
    echo "Power Options:"
    echo "  Shutdown Button: $shutdown_status"
    echo "  Restart Button: $restart_status"
    echo "  Sleep Button: $sleep_status"
    
    # Custom message
    local custom_message=$(defaults read /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || echo "None")
    echo "Custom Message: $custom_message"
    
    if [[ "$detailed" == "true" ]]; then
        echo ""
        echo "=== Detailed Configuration ==="
        
        # Additional settings
        local hide_local=$(defaults read /Library/Preferences/com.apple.loginwindow HideLocalUsers 2>/dev/null || echo "false")
        local hide_mobile=$(defaults read /Library/Preferences/com.apple.loginwindow HideMobileAccounts 2>/dev/null || echo "false")
        local guest_enabled=$(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false")
        local admin_info=$(defaults read /Library/Preferences/com.apple.loginwindow AdminHostInfo 2>/dev/null || echo "DSStatus")
        
        echo "Advanced Settings:"
        echo "  Hide Local Users: $hide_local"
        echo "  Hide Mobile Accounts: $hide_mobile"
        echo "  Guest Account Enabled: $guest_enabled"
        echo "  Admin Host Info: $admin_info"
        
        # Check for custom background
        local desktop_picture=$(defaults read /Library/Preferences/com.apple.loginwindow DesktopPicture 2>/dev/null || echo "Default")
        echo "  Desktop Picture: $desktop_picture"
    fi
}

# Main execution function
main() {
    local action="${1:-status}"
    local param1="${2:-}"
    local param2="${3:-}"
    local param3="${4:-}"
    local param4="${5:-}"
    
    log_action "=== MacFleet Login Window Management Started ==="
    log_action "Action: $action"
    
    # Ensure required privileges for configuration changes
    if [[ "$action" != "status" && "$action" != "help" && $EUID -ne 0 ]]; then
        echo "Error: This action requires administrator privileges"
        echo "Please run with sudo: sudo $0 $*"
        exit 1
    fi
    
    case "$action" in
        "policy")
            if [[ -z "$param1" ]]; then
                echo "Available policies: ${!LOGIN_POLICIES[*]}"
                exit 1
            fi
            enforce_login_policy "$param1" "$param2" "$param3" "$param4"
            ;;
        "secure")
            apply_security_hardening "${param1:-high}"
            ;;
        "message")
            if [[ -z "$param1" ]]; then
                echo "Usage: $0 message <message_text>"
                exit 1
            fi
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$param1"
            echo "✓ Custom message set: $param1"
            ;;
        "power")
            case "$param1" in
                "disable")
                    defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
                    defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
                    defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
                    echo "✓ All power options disabled"
                    ;;
                "enable")
                    defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled false
                    defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
                    defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled false
                    echo "✓ All power options enabled"
                    ;;
                *)
                    echo "Usage: $0 power <enable|disable>"
                    exit 1
                    ;;
            esac
            ;;
        "display")
            case "$param1" in
                "userlist")
                    defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
                    echo "✓ User list display enabled"
                    ;;
                "dialog")
                    defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
                    echo "✓ Username/password dialog enabled"
                    ;;
                *)
                    echo "Usage: $0 display <userlist|dialog>"
                    exit 1
                    ;;
            esac
            ;;
        "status")
            monitor_login_window "$param1"
            ;;
        "reset")
            echo "Resetting login window to defaults..."
            defaults delete /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || true
            defaults delete /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || true
            defaults delete /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || true
            defaults delete /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || true
            defaults delete /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || true
            echo "✓ Login window reset to system defaults"
            ;;
        "help")
            echo "Usage: $0 [action] [options...]"
            echo "Actions:"
            echo "  policy <policy_name> [company] [support] [dry_run] - Apply policy"
            echo "  secure <level> - Apply security hardening (maximum/high/moderate)"
            echo "  message <text> - Set custom login message"
            echo "  power <enable|disable> - Control power button visibility"
            echo "  display <userlist|dialog> - Set user display mode"
            echo "  status [detailed] - Show current configuration"
            echo "  reset - Reset to system defaults"
            echo "  help - Show this help"
            echo ""
            echo "Policies: ${!LOGIN_POLICIES[*]}"
            echo "Message Templates: ${!MESSAGE_TEMPLATES[*]}"
            ;;
        *)
            log_action "ERROR: Unknown action: $action"
            echo "Use '$0 help' for usage information"
            exit 1
            ;;
    esac
    
    log_action "=== Login window management completed ==="
}

# Execute main function
main "$@"

Login Window Security Best Practices

Corporate Security Configuration

#!/bin/bash

# Implement corporate login window security
implement_corporate_security() {
    echo "=== Implementing Corporate Login Window Security ==="
    
    # Hide user enumeration
    defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
    
    # Disable power options to prevent unauthorized shutdowns
    defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
    defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
    
    # Allow restart for updates (optional)
    defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
    
    # Set corporate security message
    defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Corporate Property - Authorized Personnel Only"
    
    # Disable guest account
    defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
    
    # Hide computer information
    defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo ""
    
    echo "✓ Corporate security configuration applied"
}

implement_corporate_security

Compliance and Audit Configuration

#!/bin/bash

# Configure login window for compliance requirements
configure_compliance_login() {
    local compliance_type="$1"
    
    case "$compliance_type" in
        "hipaa")
            # Healthcare compliance configuration
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "HIPAA Protected System - Healthcare Personnel Only"
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            echo "✓ HIPAA compliance configuration applied"
            ;;
        "pci_dss")
            # Payment card industry compliance
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "PCI DSS Secure Environment - Authorized Access Only"
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            echo "✓ PCI DSS compliance configuration applied"
            ;;
        "sox")
            # Financial compliance
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Financial Data System - SOX Compliance Required"
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            echo "✓ SOX compliance configuration applied"
            ;;
        *)
            echo "Unknown compliance type: $compliance_type"
            return 1
            ;;
    esac
}

# Usage
configure_compliance_login "hipaa"

Troubleshooting Login Window Issues

Verify Configuration

#!/bin/bash

# Comprehensive login window configuration verification
verify_login_config() {
    echo "=== Login Window Configuration Verification ==="
    
    # Check all current settings
    echo "Current Settings:"
    echo "  Show Full Name: $(defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || echo 'Not Set')"
    echo "  Shutdown Disabled: $(defaults read /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || echo 'Not Set')"
    echo "  Restart Disabled: $(defaults read /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || echo 'Not Set')"
    echo "  Sleep Disabled: $(defaults read /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || echo 'Not Set')"
    echo "  Login Text: $(defaults read /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || echo 'Not Set')"
    echo "  Guest Enabled: $(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo 'Not Set')"
    echo "  Hide Local Users: $(defaults read /Library/Preferences/com.apple.loginwindow HideLocalUsers 2>/dev/null || echo 'Not Set')"
    
    # Check file permissions
    echo ""
    echo "File Permissions:"
    ls -la /Library/Preferences/com.apple.loginwindow.plist 2>/dev/null || echo "Login window plist not found"
    
    # Verify settings will take effect
    echo ""
    echo "Verification Tests:"
    if defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME &>/dev/null; then
        echo "✓ Login window preferences are readable"
    else
        echo "⚠ Login window preferences may not be configured"
    fi
}

verify_login_config

Reset to Defaults

#!/bin/bash

# Reset login window to system defaults
reset_login_window() {
    echo "=== Resetting Login Window to Defaults ==="
    
    # Remove all custom settings
    defaults delete /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow HideLocalUsers 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow HideMobileAccounts 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow AdminHostInfo 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow DesktopPicture 2>/dev/null || true
    
    echo "✓ Login window reset to system defaults"
    echo "Note: Changes will take effect after logout or restart"
}

reset_login_window

Important Notes

Administrator privileges required for login window modifications
Changes take effect after logout or restart
Test thoroughly on individual devices before fleet deployment
Backup settings before making changes
Security implications - Consider hiding user lists in high-security environments
User experience - Balance security with usability
Compliance requirements - Some industries require specific login window configurations
Special characters - Avoid exclamation marks in custom messages due to shell interpretation

Tutorial

Neue Updates und Verbesserungen zu Macfleet.

Folgen Sie uns auf X.com

May 20, 2025

Konfiguration eines GitHub Actions Runners auf einem Mac Mini (Apple Silicon)

GitHub Actions Runner

GitHub Actions ist eine leistungsstarke CI/CD-Plattform, die es Ihnen ermöglicht, Ihre Software-Entwicklungsworkflows zu automatisieren. Während GitHub gehostete Runner anbietet, bieten selbst-gehostete Runner erhöhte Kontrolle und Anpassung für Ihr CI/CD-Setup. Dieses Tutorial führt Sie durch die Einrichtung, Konfiguration und Verbindung eines selbst-gehosteten Runners auf einem Mac mini zur Ausführung von macOS-Pipelines.

Voraussetzungen

Bevor Sie beginnen, stellen Sie sicher, dass Sie haben:

Einen Mac mini (registrieren Sie sich bei Macfleet)
Ein GitHub-Repository mit Administratorrechten
Einen installierten Paketmanager (vorzugsweise Homebrew)
Git auf Ihrem System installiert

Schritt 1: Ein dediziertes Benutzerkonto erstellen

Erstellen Sie zunächst ein dediziertes Benutzerkonto für den GitHub Actions Runner:

# Das 'gh-runner' Benutzerkonto erstellen
sudo dscl . -create /Users/gh-runner
sudo dscl . -create /Users/gh-runner UserShell /bin/bash
sudo dscl . -create /Users/gh-runner RealName "GitHub runner"
sudo dscl . -create /Users/gh-runner UniqueID "1001"
sudo dscl . -create /Users/gh-runner PrimaryGroupID 20
sudo dscl . -create /Users/gh-runner NFSHomeDirectory /Users/gh-runner

# Das Passwort für den Benutzer setzen
sudo dscl . -passwd /Users/gh-runner ihr_passwort

# 'gh-runner' zur 'admin'-Gruppe hinzufügen
sudo dscl . -append /Groups/admin GroupMembership gh-runner

Wechseln Sie zum neuen Benutzerkonto:

su gh-runner

Schritt 2: Erforderliche Software installieren

Installieren Sie Git und Rosetta 2 (wenn Sie Apple Silicon verwenden):

# Git installieren, falls noch nicht installiert
brew install git

# Rosetta 2 für Apple Silicon Macs installieren
softwareupdate --install-rosetta

Schritt 3: Den GitHub Actions Runner konfigurieren

Gehen Sie zu Ihrem GitHub-Repository
Navigieren Sie zu Einstellungen > Actions > Runners

GitHub Actions Runner

Klicken Sie auf "New self-hosted runner" (https://github.com/<username>/<repository>/settings/actions/runners/new)
Wählen Sie macOS als Runner-Image und ARM64 als Architektur
Folgen Sie den bereitgestellten Befehlen, um den Runner herunterzuladen und zu konfigurieren

GitHub Actions Runner

Erstellen Sie eine .env-Datei im _work-Verzeichnis des Runners:

# _work/.env Datei
ImageOS=macos15
XCODE_15_DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer

Führen Sie das run.sh-Skript in Ihrem Runner-Verzeichnis aus, um die Einrichtung abzuschließen.
Überprüfen Sie, dass der Runner aktiv ist und auf Jobs im Terminal wartet, und überprüfen Sie die GitHub-Repository-Einstellungen für die Runner-Zuordnung und den Idle-Status.

GitHub Actions Runner

Schritt 4: Sudoers konfigurieren (Optional)

Wenn Ihre Actions Root-Privilegien benötigen, konfigurieren Sie die sudoers-Datei:

sudo visudo

Fügen Sie die folgende Zeile hinzu:

gh-runner ALL=(ALL) NOPASSWD: ALL

Schritt 5: Den Runner in Workflows verwenden

Konfigurieren Sie Ihren GitHub Actions Workflow, um den selbst-gehosteten Runner zu verwenden:

name: Beispiel-Workflow

on:
  workflow_dispatch:

jobs:
  build:
    runs-on: [self-hosted, macOS, ARM64]
    steps:
      - name: NodeJS installieren
        run: brew install node

Der Runner ist bei Ihrem Repository authentifiziert und mit self-hosted, macOS und ARM64 markiert. Verwenden Sie ihn in Ihren Workflows, indem Sie diese Labels im runs-on-Feld angeben:

runs-on: [self-hosted, macOS, ARM64]

Best Practices

Halten Sie Ihre Runner-Software auf dem neuesten Stand
Überwachen Sie regelmäßig Runner-Logs auf Probleme
Verwenden Sie spezifische Labels für verschiedene Runner-Typen
Implementieren Sie angemessene Sicherheitsmaßnahmen
Erwägen Sie die Verwendung mehrerer Runner für Lastverteilung

Fehlerbehebung

Häufige Probleme und Lösungen:

Runner verbindet sich nicht:
- Überprüfen Sie die Netzwerkverbindung
- Überprüfen Sie die Gültigkeit des GitHub-Tokens
- Stellen Sie angemessene Berechtigungen sicher
Build-Fehler:
- Überprüfen Sie die Xcode-Installation
- Überprüfen Sie erforderliche Abhängigkeiten
- Überprüfen Sie Workflow-Logs
Berechtigungsprobleme:
- Überprüfen Sie Benutzerberechtigungen
- Überprüfen Sie sudoers-Konfiguration
- Überprüfen Sie Dateisystem-Berechtigungen

Fazit

Sie haben jetzt einen selbst-gehosteten GitHub Actions Runner auf Ihrem Mac mini konfiguriert. Diese Einrichtung bietet Ihnen mehr Kontrolle über Ihre CI/CD-Umgebung und ermöglicht es Ihnen, macOS-spezifische Workflows effizient auszuführen.

Denken Sie daran, Ihren Runner regelmäßig zu warten und ihn mit den neuesten Sicherheitspatches und Software-Versionen auf dem neuesten Stand zu halten.

May 14, 2025

Native App

Macfleet native App

Macfleet Installationsanleitung

Macfleet ist eine leistungsstarke Flottenmanagement-Lösung, die speziell für Cloud-gehostete Mac Mini-Umgebungen entwickelt wurde. Als Mac Mini Cloud-Hosting-Anbieter können Sie Macfleet verwenden, um Ihre gesamte Flotte virtualisierter Mac-Instanzen zu überwachen, zu verwalten und zu optimieren.

Diese Installationsanleitung führt Sie durch die Einrichtung der Macfleet-Überwachung auf macOS-, Windows- und Linux-Systemen, um eine umfassende Übersicht über Ihre Cloud-Infrastruktur zu gewährleisten.

🍎 macOS

Laden Sie die .dmg-Datei für Mac hier herunter
Doppelklicken Sie auf die heruntergeladene .dmg-Datei
Ziehen Sie die Macfleet-App in den Anwendungsordner
Werfen Sie die .dmg-Datei aus
Öffnen Sie Systemeinstellungen > Sicherheit & Datenschutz
- Datenschutz-Tab > Bedienungshilfen
- Aktivieren Sie Macfleet, um Überwachung zu erlauben
Starten Sie Macfleet aus den Anwendungen
Die Verfolgung startet automatisch

🪟 Windows

Laden Sie die .exe-Datei für Windows hier herunter
Rechtsklick auf die .exe-Datei > "Als Administrator ausführen"
Folgen Sie dem Installationsassistenten
Akzeptieren Sie die Allgemeinen Geschäftsbedingungen
Erlauben Sie in Windows Defender, wenn aufgefordert
Gewähren Sie Anwendungsüberwachungsberechtigungen
Starten Sie Macfleet aus dem Startmenü
Die Anwendung beginnt automatisch mit der Verfolgung

🐧 Linux

Laden Sie das .deb-Paket (Ubuntu/Debian) oder .rpm (CentOS/RHEL) hier herunter
Installieren Sie mit Ihrem Paketmanager
- Ubuntu/Debian: sudo dpkg -i Macfleet-linux.deb
- CentOS/RHEL: sudo rpm -ivh Macfleet-linux.rpm
Erlauben Sie X11-Zugriffsberechtigungen, wenn aufgefordert
Fügen Sie den Benutzer zu entsprechenden Gruppen hinzu, falls erforderlich
Starten Sie Macfleet aus dem Anwendungsmenü
Die Anwendung beginnt automatisch mit der Verfolgung

Hinweis: Nach der Installation auf allen Systemen melden Sie sich mit Ihren Macfleet-Anmeldedaten an, um Daten mit Ihrem Dashboard zu synchronisieren.