Tutorial

Nuevas actualizaciones y mejoras para Macfleet.

Aviso importante

Los ejemplos de código y scripts proporcionados en estos tutoriales son solo para propósitos educativos. Macfleet no es responsable de ningún problema, daño o vulnerabilidad de seguridad que pueda surgir del uso, modificación o implementación de estos ejemplos. Siempre revisa y prueba el código en un entorno seguro antes de usarlo en sistemas de producción.

← Todas las publicaciones

July 7, 2025

Login Window Customization on macOS

Customize and secure the login window on your MacFleet devices to enhance security, branding, and user experience. This tutorial covers user list management, power option control, custom messages, and enterprise login window configuration.

Understanding macOS Login Window

The macOS login window is the first interface users encounter when starting their device. It provides several customization options:

User display modes - Show user list or username/password fields
Power options - Control shutdown, restart, and sleep buttons
Custom messages - Display organizational notices or branding
Security settings - Hide sensitive information and control access

Enterprise Considerations

Hide user lists to prevent user enumeration
Disable power options to prevent unauthorized shutdowns
Display security notices for compliance requirements
Brand the interface for organizational identity

Basic Login Window Configuration

Display User List in Login Window

#!/bin/bash

# Show the list of users in the login window
defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false

echo "User list display enabled in login window"

Display Username/Password Dialog

#!/bin/bash

# Show username and password dialog instead of user list
defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true

echo "Username/password dialog enabled in login window"

Hide Power Options

#!/bin/bash

# Hide shutdown button
defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true

# Hide restart button
defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true

# Hide sleep button
defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true

echo "All power options hidden from login window"

Enable Power Options

#!/bin/bash

# Enable shutdown button
defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled false

# Enable restart button
defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false

# Enable sleep button
defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled false

echo "All power options enabled in login window"

Display Custom Message

#!/bin/bash

# Display a custom message on the login window
MESSAGE="Your device is managed by MacFleet. Contact IT for assistance."
defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$MESSAGE"

echo "Custom message set for login window"

Advanced Login Window Management

Comprehensive Login Window Configuration

#!/bin/bash

# Advanced login window configuration with validation
configure_login_window() {
    local config_type="$1"
    local custom_message="$2"
    
    # Validate admin privileges
    if [[ $EUID -ne 0 ]]; then
        echo "Error: This script requires administrator privileges"
        echo "Please run with sudo: sudo $0"
        exit 1
    fi
    
    case "$config_type" in
        "secure")
            echo "Applying secure login window configuration..."
            
            # Hide user list for security
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            
            # Disable all power options
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Set security message
            local security_msg="Authorized Personnel Only - All Activity Monitored"
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$security_msg"
            
            echo "✓ Secure configuration applied"
            ;;
        "corporate")
            echo "Applying corporate login window configuration..."
            
            # Show user list for convenience
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
            
            # Allow restart but disable shutdown and sleep
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Set corporate message
            local corp_msg="${custom_message:-Property of MacFleet Corporation}"
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$corp_msg"
            
            echo "✓ Corporate configuration applied"
            ;;
        "kiosk")
            echo "Applying kiosk login window configuration..."
            
            # Hide user list
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            
            # Disable all power options
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Hide additional elements for kiosk mode
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers true
            defaults write /Library/Preferences/com.apple.loginwindow HideMobileAccounts true
            
            # Set kiosk message
            local kiosk_msg="Kiosk Mode - Authorized Access Only"
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$kiosk_msg"
            
            echo "✓ Kiosk configuration applied"
            ;;
        "standard")
            echo "Applying standard login window configuration..."
            
            # Show user list
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
            
            # Enable all power options
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled false
            
            # Clear custom message
            defaults delete /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || true
            
            echo "✓ Standard configuration applied"
            ;;
        *)
            echo "Error: Unknown configuration type '$config_type'"
            echo "Available types: secure, corporate, kiosk, standard"
            return 1
            ;;
    esac
    
    # Verify configuration
    verify_login_window_config
}

# Verify current login window configuration
verify_login_window_config() {
    echo ""
    echo "=== Current Login Window Configuration ==="
    
    # Check user display mode
    local show_fullname
    show_fullname=$(defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || echo "false")
    
    if [[ "$show_fullname" == "true" ]]; then
        echo "User Display: Username/Password Dialog"
    else
        echo "User Display: User List"
    fi
    
    # Check power options
    local shutdown_disabled
    shutdown_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || echo "false")
    echo "Shutdown Button: $([ "$shutdown_disabled" == "true" ] && echo "Hidden" || echo "Visible")"
    
    local restart_disabled
    restart_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || echo "false")
    echo "Restart Button: $([ "$restart_disabled" == "true" ] && echo "Hidden" || echo "Visible")"
    
    local sleep_disabled
    sleep_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || echo "false")
    echo "Sleep Button: $([ "$sleep_disabled" == "true" ] && echo "Hidden" || echo "Visible")"
    
    # Check custom message
    local login_text
    login_text=$(defaults read /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || echo "None")
    echo "Custom Message: $login_text"
}

# Usage examples
configure_login_window "corporate" "Welcome to MacFleet Enterprise"

Login Window Branding and Customization

#!/bin/bash

# Advanced login window branding
customize_login_branding() {
    local company_name="$1"
    local support_info="$2"
    local logo_path="$3"
    
    echo "=== Customizing Login Window Branding ==="
    
    # Set company message
    if [[ -n "$company_name" ]]; then
        local branded_message="Property of $company_name"
        if [[ -n "$support_info" ]]; then
            branded_message="$branded_message | Support: $support_info"
        fi
        
        defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$branded_message"
        echo "✓ Company branding message set"
    fi
    
    # Set custom desktop background for login window
    if [[ -n "$logo_path" && -f "$logo_path" ]]; then
        defaults write /Library/Preferences/com.apple.loginwindow DesktopPicture "$logo_path"
        echo "✓ Custom background image set"
    fi
    
    # Configure additional branding options
    setup_login_window_styling "$company_name"
}

# Setup advanced login window styling
setup_login_window_styling() {
    local company_name="$1"
    
    # Hide computer name for cleaner appearance
    defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
    
    # Configure login window appearance
    defaults write /Library/Preferences/com.apple.loginwindow showInputMenu true
    
    # Set custom computer name display
    if [[ -n "$company_name" ]]; then
        scutil --set ComputerName "$company_name Workstation"
        scutil --set LocalHostName "$company_name-Mac"
    fi
    
    echo "✓ Login window styling configured"
}

# Usage
customize_login_branding "MacFleet Corporation" "help@macfleet.com" "/System/Library/Desktop Pictures/Big Sur.heic"

Security-Focused Login Configuration

#!/bin/bash

# High-security login window configuration
apply_security_hardening() {
    local security_level="$1"
    
    echo "=== Applying Security Hardening: $security_level ==="
    
    case "$security_level" in
        "maximum")
            # Hide all user information
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers true
            defaults write /Library/Preferences/com.apple.loginwindow HideMobileAccounts true
            defaults write /Library/Preferences/com.apple.loginwindow HideAdminUsers true
            
            # Disable all power options
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Hide additional UI elements
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu false
            defaults write /Library/Preferences/com.apple.loginwindow PowerOffDisabledWhileLoggedIn true
            
            # Set security warning
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "RESTRICTED ACCESS - AUTHORIZED PERSONNEL ONLY"
            
            echo "✓ Maximum security configuration applied"
            ;;
        "high")
            # Hide user list but allow some functionality
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers false
            defaults write /Library/Preferences/com.apple.loginwindow HideMobileAccounts true
            
            # Disable shutdown and sleep, allow restart
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Set moderate security message
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Corporate Device - Authorized Users Only"
            
            echo "✓ High security configuration applied"
            ;;
        "moderate")
            # Show user list but control power options
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers false
            
            # Allow restart, disable shutdown and sleep
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Set informational message
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Managed Device - Contact IT for Support"
            
            echo "✓ Moderate security configuration applied"
            ;;
        *)
            echo "Error: Unknown security level '$security_level'"
            echo "Available levels: maximum, high, moderate"
            return 1
            ;;
    esac
}

# Usage
apply_security_hardening "high"

Enterprise Login Window Management System

#!/bin/bash

# MacFleet Login Window Management Tool
# Comprehensive login window configuration and monitoring for fleet devices

# Configuration
SCRIPT_VERSION="1.0.0"
LOG_FILE="/var/log/macfleet_loginwindow.log"
REPORT_DIR="/etc/macfleet/reports/loginwindow"
CONFIG_DIR="/etc/macfleet/loginwindow"
TEMPLATE_DIR="/etc/macfleet/templates/loginwindow"

# Create directories if they don't exist
mkdir -p "$REPORT_DIR" "$CONFIG_DIR" "$TEMPLATE_DIR"

# Login window policy templates
declare -A LOGIN_POLICIES=(
    ["corporate_standard"]="user_list,restart_only,company_branding,moderate_security"
    ["corporate_secure"]="username_dialog,no_power,security_message,high_security"
    ["kiosk_mode"]="username_dialog,no_power,kiosk_branding,maximum_security"
    ["public_access"]="user_list,all_power,public_notice,low_security"
    ["executive"]="username_dialog,restart_only,executive_branding,high_security"
    ["guest_network"]="user_list,no_power,guest_notice,moderate_security"
    ["development"]="user_list,all_power,dev_environment,low_security"
    ["classroom"]="user_list,restart_only,educational_message,moderate_security"
    ["healthcare"]="username_dialog,no_power,hipaa_notice,maximum_security"
    ["financial"]="username_dialog,no_power,compliance_notice,maximum_security"
)

# Message templates for different scenarios
declare -A MESSAGE_TEMPLATES=(
    ["security_warning"]="RESTRICTED ACCESS - AUTHORIZED PERSONNEL ONLY - ALL ACTIVITY MONITORED"
    ["corporate_standard"]="Property of {COMPANY} | IT Support: {SUPPORT_CONTACT}"
    ["compliance_notice"]="This system contains confidential information. Unauthorized access is prohibited."
    ["guest_notice"]="Guest Access | Please contact reception for assistance"
    ["kiosk_mode"]="Kiosk Terminal | For assistance press F1"
    ["maintenance"]="System Under Maintenance | Contact IT Department"
    ["emergency"]="Emergency Access Only | Security Incident in Progress"
    ["educational"]="Educational Device | Students must follow acceptable use policy"
    ["hipaa_notice"]="HIPAA Protected System | Authorized Healthcare Personnel Only"
    ["financial_compliance"]="Financial Data System | SOX Compliance Required"
)

# Logging function
log_action() {
    local message="$1"
    local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
    echo "[$timestamp] $message" | tee -a "$LOG_FILE"
}

# Advanced login window policy enforcement
enforce_login_policy() {
    local policy_name="$1"
    local company_name="${2:-MacFleet}"
    local support_contact="${3:-IT Department}"
    local dry_run="${4:-false}"
    
    log_action "Enforcing login window policy: $policy_name (dry_run: $dry_run)"
    
    if [[ -z "${LOGIN_POLICIES[$policy_name]}" ]]; then
        log_action "ERROR: Unknown policy '$policy_name'"
        echo "Available policies: ${!LOGIN_POLICIES[*]}"
        return 1
    fi
    
    # Parse policy configuration
    IFS=',' read -ra POLICY_PARTS <<< "${LOGIN_POLICIES[$policy_name]}"
    local user_display="${POLICY_PARTS[0]}"
    local power_options="${POLICY_PARTS[1]}"
    local branding_type="${POLICY_PARTS[2]}"
    local security_level="${POLICY_PARTS[3]}"
    
    echo "=== Enforcing Policy: $policy_name ==="
    echo "User Display: $user_display"
    echo "Power Options: $power_options"
    echo "Branding: $branding_type"
    echo "Security Level: $security_level"
    
    if [[ "$dry_run" == "true" ]]; then
        echo "DRY RUN MODE - No changes will be applied"
        return 0
    fi
    
    # Apply user display settings
    apply_user_display_settings "$user_display"
    
    # Apply power option settings
    apply_power_option_settings "$power_options"
    
    # Apply branding and messaging
    apply_branding_settings "$branding_type" "$company_name" "$support_contact"
    
    # Apply security configurations
    apply_security_settings "$security_level"
    
    # Generate policy compliance report
    local report_file="$REPORT_DIR/policy_enforcement_${policy_name}_$(date +%Y%m%d_%H%M%S).json"
    generate_policy_report "$policy_name" "$report_file"
    
    log_action "Policy enforcement completed: $report_file"
    echo "$report_file"
}

# Apply user display settings
apply_user_display_settings() {
    local display_type="$1"
    
    case "$display_type" in
        "user_list")
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers false
            echo "✓ User list display enabled"
            ;;
        "username_dialog")
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            echo "✓ Username/password dialog enabled"
            ;;
        "hidden_users")
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers true
            defaults write /Library/Preferences/com.apple.loginwindow HideMobileAccounts true
            echo "✓ All users hidden from display"
            ;;
    esac
}

# Apply power option settings
apply_power_option_settings() {
    local power_config="$1"
    
    case "$power_config" in
        "all_power")
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled false
            echo "✓ All power options enabled"
            ;;
        "restart_only")
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            echo "✓ Only restart option enabled"
            ;;
        "no_power")
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            echo "✓ All power options disabled"
            ;;
    esac
}

# Apply branding and messaging settings
apply_branding_settings() {
    local branding_type="$1"
    local company_name="$2"
    local support_contact="$3"
    
    local message=""
    
    case "$branding_type" in
        "company_branding")
            message="${MESSAGE_TEMPLATES[corporate_standard]}"
            message="${message/\{COMPANY\}/$company_name}"
            message="${message/\{SUPPORT_CONTACT\}/$support_contact}"
            ;;
        "security_message")
            message="${MESSAGE_TEMPLATES[security_warning]}"
            ;;
        "kiosk_branding")
            message="${MESSAGE_TEMPLATES[kiosk_mode]}"
            ;;
        "executive_branding")
            message="Executive Workstation | $company_name | Confidential"
            ;;
        "guest_notice")
            message="${MESSAGE_TEMPLATES[guest_notice]}"
            ;;
        "educational_message")
            message="${MESSAGE_TEMPLATES[educational]}"
            ;;
        "hipaa_notice")
            message="${MESSAGE_TEMPLATES[hipaa_notice]}"
            ;;
        "compliance_notice")
            message="${MESSAGE_TEMPLATES[financial_compliance]}"
            ;;
        *)
            message="Managed by $company_name"
            ;;
    esac
    
    if [[ -n "$message" ]]; then
        defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$message"
        echo "✓ Custom message applied: $message"
    fi
}

# Apply security-specific settings
apply_security_settings() {
    local security_level="$1"
    
    case "$security_level" in
        "maximum_security")
            # Hide computer information
            defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo ""
            
            # Disable input menu
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu false
            
            # Disable auto login
            defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser 2>/dev/null || true
            
            # Enable login window delay
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            
            echo "✓ Maximum security settings applied"
            ;;
        "high_security")
            # Show minimal computer info
            defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
            
            # Enable input menu for language support
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu true
            
            # Disable guest account
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            
            echo "✓ High security settings applied"
            ;;
        "moderate_security")
            # Standard security with some convenience features
            defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu true
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            
            echo "✓ Moderate security settings applied"
            ;;
        "low_security")
            # Minimal restrictions for convenience
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu true
            
            echo "✓ Low security settings applied"
            ;;
    esac
}

# Generate comprehensive policy compliance report
generate_policy_report() {
    local policy_name="$1"
    local report_file="$2"
    
    # Get current login window settings
    local show_fullname=$(defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || echo "false")
    local shutdown_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || echo "false")
    local restart_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || echo "false")
    local sleep_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || echo "false")
    local login_text=$(defaults read /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || echo "")
    local hide_local_users=$(defaults read /Library/Preferences/com.apple.loginwindow HideLocalUsers 2>/dev/null || echo "false")
    local guest_enabled=$(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false")
    
    cat > "$report_file" << EOF
{
    "policy_report": {
        "policy_name": "$policy_name",
        "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
        "hostname": "$(hostname)",
        "script_version": "$SCRIPT_VERSION",
        "current_settings": {
            "show_fullname": $show_fullname,
            "shutdown_disabled": $shutdown_disabled,
            "restart_disabled": $restart_disabled,
            "sleep_disabled": $sleep_disabled,
            "custom_message": "$login_text",
            "hide_local_users": $hide_local_users,
            "guest_enabled": $guest_enabled
        },
        "display_mode": "$([ "$show_fullname" == "true" ] && echo "username_dialog" || echo "user_list")",
        "security_level": "unknown",
        "compliance_status": "compliant"
    }
}
EOF
    
    log_action "Policy report generated: $report_file"
}

# Monitor login window configuration
monitor_login_window() {
    local detailed="${1:-false}"
    
    echo "=== Login Window Configuration Monitor ==="
    
    # Basic configuration check
    local show_fullname=$(defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || echo "false")
    local display_mode=$([ "$show_fullname" == "true" ] && echo "Username/Password Dialog" || echo "User List")
    
    echo "Display Mode: $display_mode"
    
    # Power options status
    local shutdown_status=$([ "$(defaults read /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null)" == "true" ] && echo "Hidden" || echo "Visible")
    local restart_status=$([ "$(defaults read /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null)" == "true" ] && echo "Hidden" || echo "Visible")
    local sleep_status=$([ "$(defaults read /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null)" == "true" ] && echo "Hidden" || echo "Visible")
    
    echo "Power Options:"
    echo "  Shutdown Button: $shutdown_status"
    echo "  Restart Button: $restart_status"
    echo "  Sleep Button: $sleep_status"
    
    # Custom message
    local custom_message=$(defaults read /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || echo "None")
    echo "Custom Message: $custom_message"
    
    if [[ "$detailed" == "true" ]]; then
        echo ""
        echo "=== Detailed Configuration ==="
        
        # Additional settings
        local hide_local=$(defaults read /Library/Preferences/com.apple.loginwindow HideLocalUsers 2>/dev/null || echo "false")
        local hide_mobile=$(defaults read /Library/Preferences/com.apple.loginwindow HideMobileAccounts 2>/dev/null || echo "false")
        local guest_enabled=$(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false")
        local admin_info=$(defaults read /Library/Preferences/com.apple.loginwindow AdminHostInfo 2>/dev/null || echo "DSStatus")
        
        echo "Advanced Settings:"
        echo "  Hide Local Users: $hide_local"
        echo "  Hide Mobile Accounts: $hide_mobile"
        echo "  Guest Account Enabled: $guest_enabled"
        echo "  Admin Host Info: $admin_info"
        
        # Check for custom background
        local desktop_picture=$(defaults read /Library/Preferences/com.apple.loginwindow DesktopPicture 2>/dev/null || echo "Default")
        echo "  Desktop Picture: $desktop_picture"
    fi
}

# Main execution function
main() {
    local action="${1:-status}"
    local param1="${2:-}"
    local param2="${3:-}"
    local param3="${4:-}"
    local param4="${5:-}"
    
    log_action "=== MacFleet Login Window Management Started ==="
    log_action "Action: $action"
    
    # Ensure required privileges for configuration changes
    if [[ "$action" != "status" && "$action" != "help" && $EUID -ne 0 ]]; then
        echo "Error: This action requires administrator privileges"
        echo "Please run with sudo: sudo $0 $*"
        exit 1
    fi
    
    case "$action" in
        "policy")
            if [[ -z "$param1" ]]; then
                echo "Available policies: ${!LOGIN_POLICIES[*]}"
                exit 1
            fi
            enforce_login_policy "$param1" "$param2" "$param3" "$param4"
            ;;
        "secure")
            apply_security_hardening "${param1:-high}"
            ;;
        "message")
            if [[ -z "$param1" ]]; then
                echo "Usage: $0 message <message_text>"
                exit 1
            fi
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$param1"
            echo "✓ Custom message set: $param1"
            ;;
        "power")
            case "$param1" in
                "disable")
                    defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
                    defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
                    defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
                    echo "✓ All power options disabled"
                    ;;
                "enable")
                    defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled false
                    defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
                    defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled false
                    echo "✓ All power options enabled"
                    ;;
                *)
                    echo "Usage: $0 power <enable|disable>"
                    exit 1
                    ;;
            esac
            ;;
        "display")
            case "$param1" in
                "userlist")
                    defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
                    echo "✓ User list display enabled"
                    ;;
                "dialog")
                    defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
                    echo "✓ Username/password dialog enabled"
                    ;;
                *)
                    echo "Usage: $0 display <userlist|dialog>"
                    exit 1
                    ;;
            esac
            ;;
        "status")
            monitor_login_window "$param1"
            ;;
        "reset")
            echo "Resetting login window to defaults..."
            defaults delete /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || true
            defaults delete /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || true
            defaults delete /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || true
            defaults delete /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || true
            defaults delete /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || true
            echo "✓ Login window reset to system defaults"
            ;;
        "help")
            echo "Usage: $0 [action] [options...]"
            echo "Actions:"
            echo "  policy <policy_name> [company] [support] [dry_run] - Apply policy"
            echo "  secure <level> - Apply security hardening (maximum/high/moderate)"
            echo "  message <text> - Set custom login message"
            echo "  power <enable|disable> - Control power button visibility"
            echo "  display <userlist|dialog> - Set user display mode"
            echo "  status [detailed] - Show current configuration"
            echo "  reset - Reset to system defaults"
            echo "  help - Show this help"
            echo ""
            echo "Policies: ${!LOGIN_POLICIES[*]}"
            echo "Message Templates: ${!MESSAGE_TEMPLATES[*]}"
            ;;
        *)
            log_action "ERROR: Unknown action: $action"
            echo "Use '$0 help' for usage information"
            exit 1
            ;;
    esac
    
    log_action "=== Login window management completed ==="
}

# Execute main function
main "$@"

Login Window Security Best Practices

Corporate Security Configuration

#!/bin/bash

# Implement corporate login window security
implement_corporate_security() {
    echo "=== Implementing Corporate Login Window Security ==="
    
    # Hide user enumeration
    defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
    
    # Disable power options to prevent unauthorized shutdowns
    defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
    defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
    
    # Allow restart for updates (optional)
    defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
    
    # Set corporate security message
    defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Corporate Property - Authorized Personnel Only"
    
    # Disable guest account
    defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
    
    # Hide computer information
    defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo ""
    
    echo "✓ Corporate security configuration applied"
}

implement_corporate_security

Compliance and Audit Configuration

#!/bin/bash

# Configure login window for compliance requirements
configure_compliance_login() {
    local compliance_type="$1"
    
    case "$compliance_type" in
        "hipaa")
            # Healthcare compliance configuration
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "HIPAA Protected System - Healthcare Personnel Only"
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            echo "✓ HIPAA compliance configuration applied"
            ;;
        "pci_dss")
            # Payment card industry compliance
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "PCI DSS Secure Environment - Authorized Access Only"
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            echo "✓ PCI DSS compliance configuration applied"
            ;;
        "sox")
            # Financial compliance
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Financial Data System - SOX Compliance Required"
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            echo "✓ SOX compliance configuration applied"
            ;;
        *)
            echo "Unknown compliance type: $compliance_type"
            return 1
            ;;
    esac
}

# Usage
configure_compliance_login "hipaa"

Troubleshooting Login Window Issues

Verify Configuration

#!/bin/bash

# Comprehensive login window configuration verification
verify_login_config() {
    echo "=== Login Window Configuration Verification ==="
    
    # Check all current settings
    echo "Current Settings:"
    echo "  Show Full Name: $(defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || echo 'Not Set')"
    echo "  Shutdown Disabled: $(defaults read /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || echo 'Not Set')"
    echo "  Restart Disabled: $(defaults read /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || echo 'Not Set')"
    echo "  Sleep Disabled: $(defaults read /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || echo 'Not Set')"
    echo "  Login Text: $(defaults read /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || echo 'Not Set')"
    echo "  Guest Enabled: $(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo 'Not Set')"
    echo "  Hide Local Users: $(defaults read /Library/Preferences/com.apple.loginwindow HideLocalUsers 2>/dev/null || echo 'Not Set')"
    
    # Check file permissions
    echo ""
    echo "File Permissions:"
    ls -la /Library/Preferences/com.apple.loginwindow.plist 2>/dev/null || echo "Login window plist not found"
    
    # Verify settings will take effect
    echo ""
    echo "Verification Tests:"
    if defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME &>/dev/null; then
        echo "✓ Login window preferences are readable"
    else
        echo "⚠ Login window preferences may not be configured"
    fi
}

verify_login_config

Reset to Defaults

#!/bin/bash

# Reset login window to system defaults
reset_login_window() {
    echo "=== Resetting Login Window to Defaults ==="
    
    # Remove all custom settings
    defaults delete /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow HideLocalUsers 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow HideMobileAccounts 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow AdminHostInfo 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow DesktopPicture 2>/dev/null || true
    
    echo "✓ Login window reset to system defaults"
    echo "Note: Changes will take effect after logout or restart"
}

reset_login_window

Important Notes

Administrator privileges required for login window modifications
Changes take effect after logout or restart
Test thoroughly on individual devices before fleet deployment
Backup settings before making changes
Security implications - Consider hiding user lists in high-security environments
User experience - Balance security with usability
Compliance requirements - Some industries require specific login window configurations
Special characters - Avoid exclamation marks in custom messages due to shell interpretation

Tutorial

Nuevas actualizaciones y mejoras para Macfleet.

Síguenos en X.com

May 20, 2025

Configurando un Runner de GitHub Actions en un Mac Mini (Apple Silicon)

Runner de GitHub Actions

GitHub Actions es una plataforma poderosa de CI/CD que te permite automatizar tus flujos de trabajo de desarrollo de software. Aunque GitHub ofrece runners hospedados, los runners auto-hospedados proporcionan mayor control y personalización para tu configuración de CI/CD. Este tutorial te guía a través de la configuración y conexión de un runner auto-hospedado en un Mac mini para ejecutar pipelines de macOS.

Prerrequisitos

Antes de comenzar, asegúrate de tener:

Un Mac mini (regístrate en Macfleet)
Un repositorio de GitHub con derechos de administrador
Un gestor de paquetes instalado (preferiblemente Homebrew)
Git instalado en tu sistema

Paso 1: Crear una Cuenta de Usuario Dedicada

Primero, crea una cuenta de usuario dedicada para el runner de GitHub Actions:

# Crear la cuenta de usuario 'gh-runner'
sudo dscl . -create /Users/gh-runner
sudo dscl . -create /Users/gh-runner UserShell /bin/bash
sudo dscl . -create /Users/gh-runner RealName "GitHub runner"
sudo dscl . -create /Users/gh-runner UniqueID "1001"
sudo dscl . -create /Users/gh-runner PrimaryGroupID 20
sudo dscl . -create /Users/gh-runner NFSHomeDirectory /Users/gh-runner

# Establecer la contraseña para el usuario
sudo dscl . -passwd /Users/gh-runner tu_contraseña

# Agregar 'gh-runner' al grupo 'admin'
sudo dscl . -append /Groups/admin GroupMembership gh-runner

Cambia a la nueva cuenta de usuario:

su gh-runner

Paso 2: Instalar Software Requerido

Instala Git y Rosetta 2 (si usas Apple Silicon):

# Instalar Git si no está ya instalado
brew install git

# Instalar Rosetta 2 para Macs Apple Silicon
softwareupdate --install-rosetta

Paso 3: Configurar el Runner de GitHub Actions

Ve a tu repositorio de GitHub
Navega a Configuración > Actions > Runners

Runner de GitHub Actions

Haz clic en "New self-hosted runner" (https://github.com/<username>/<repository>/settings/actions/runners/new)
Selecciona macOS como imagen del runner y ARM64 como arquitectura
Sigue los comandos proporcionados para descargar y configurar el runner

Runner de GitHub Actions

Crea un archivo .env en el directorio _work del runner:

# archivo _work/.env
ImageOS=macos15
XCODE_15_DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer

Ejecuta el script run.sh en tu directorio del runner para completar la configuración.
Verifica que el runner esté activo y escuchando trabajos en la terminal y revisa la configuración del repositorio de GitHub para la asociación del runner y el estado Idle.

Runner de GitHub Actions

Paso 4: Configurar Sudoers (Opcional)

Si tus acciones requieren privilegios de root, configura el archivo sudoers:

sudo visudo

Agrega la siguiente línea:

gh-runner ALL=(ALL) NOPASSWD: ALL

Paso 5: Usar el Runner en Flujos de Trabajo

Configura tu flujo de trabajo de GitHub Actions para usar el runner auto-hospedado:

name: Flujo de trabajo de muestra

on:
  workflow_dispatch:

jobs:
  build:
    runs-on: [self-hosted, macOS, ARM64]
    steps:
      - name: Instalar NodeJS
        run: brew install node

El runner está autenticado en tu repositorio y etiquetado con self-hosted, macOS, y ARM64. Úsalo en tus flujos de trabajo especificando estas etiquetas en el campo runs-on:

runs-on: [self-hosted, macOS, ARM64]

Mejores Prácticas

Mantén tu software del runner actualizado
Monitorea regularmente los logs del runner para problemas
Usa etiquetas específicas para diferentes tipos de runners
Implementa medidas de seguridad apropiadas
Considera usar múltiples runners para balanceo de carga

Solución de Problemas

Problemas comunes y soluciones:

Runner no conectando:
- Verifica conectividad de red
- Verifica validez del token de GitHub
- Asegúrate de permisos apropiados
Fallas de construcción:
- Verifica instalación de Xcode
- Verifica dependencias requeridas
- Revisa logs del flujo de trabajo
Problemas de permisos:
- Verifica permisos de usuario
- Verifica configuración de sudoers
- Revisa permisos del sistema de archivos

Conclusión

Ahora tienes un runner auto-hospedado de GitHub Actions configurado en tu Mac mini. Esta configuración te proporciona más control sobre tu entorno de CI/CD y te permite ejecutar flujos de trabajo específicos de macOS de manera eficiente.

Recuerda mantener regularmente tu runner y mantenerlo actualizado con los últimos parches de seguridad y versiones de software.

May 14, 2025

Aplicación Nativa

Aplicación nativa de Macfleet

Guía de Instalación de Macfleet

Macfleet es una solución poderosa de gestión de flota diseñada específicamente para entornos de Mac Mini alojados en la nube. Como proveedor de hosting en la nube de Mac Mini, puedes usar Macfleet para monitorear, gestionar y optimizar toda tu flota de instancias Mac virtualizadas.

Esta guía de instalación te llevará a través de la configuración del monitoreo de Macfleet en sistemas macOS, Windows y Linux para asegurar una supervisión integral de tu infraestructura en la nube.

🍎 macOS

Descarga el archivo .dmg para Mac aquí
Haz doble clic en el archivo .dmg descargado
Arrastra la aplicación Macfleet a la carpeta Aplicaciones
Expulsa el archivo .dmg
Abre Preferencias del Sistema > Seguridad y Privacidad
- Pestaña Privacidad > Accesibilidad
- Marca Macfleet para permitir el monitoreo
Inicia Macfleet desde Aplicaciones
El seguimiento comienza automáticamente

🪟 Windows

Descarga el archivo .exe para Windows aquí
Haz clic derecho en el archivo .exe > "Ejecutar como administrador"
Sigue el asistente de instalación
Acepta los términos y condiciones
Permite en Windows Defender si se solicita
Concede permisos de monitoreo de aplicaciones
Inicia Macfleet desde el Menú Inicio
La aplicación comienza el seguimiento automáticamente

🐧 Linux

Descarga el paquete .deb (Ubuntu/Debian) o .rpm (CentOS/RHEL) aquí
Instala usando tu gestor de paquetes
- Ubuntu/Debian: sudo dpkg -i Macfleet-linux.deb
- CentOS/RHEL: sudo rpm -ivh Macfleet-linux.rpm
Permite permisos de acceso X11 si se solicita
Agrega el usuario a los grupos apropiados si es necesario
Inicia Macfleet desde el menú de Aplicaciones
La aplicación comienza el seguimiento automáticamente

Nota: Después de la instalación en todos los sistemas, inicia sesión con tus credenciales de Macfleet para sincronizar datos con tu panel de control.