Tutorial

Novas atualizações e melhorias para a Macfleet.

Aviso importante

Os exemplos de código e scripts fornecidos nestes tutoriais são apenas para fins educacionais. A Macfleet não é responsável por quaisquer problemas, danos ou vulnerabilidades de segurança que possam surgir do uso, modificação ou implementação destes exemplos. Sempre revise e teste o código em um ambiente seguro antes de usá-lo em sistemas de produção.

← Todas as postagens

July 7, 2025

Login Window Customization on macOS

Customize and secure the login window on your MacFleet devices to enhance security, branding, and user experience. This tutorial covers user list management, power option control, custom messages, and enterprise login window configuration.

Understanding macOS Login Window

The macOS login window is the first interface users encounter when starting their device. It provides several customization options:

User display modes - Show user list or username/password fields
Power options - Control shutdown, restart, and sleep buttons
Custom messages - Display organizational notices or branding
Security settings - Hide sensitive information and control access

Enterprise Considerations

Hide user lists to prevent user enumeration
Disable power options to prevent unauthorized shutdowns
Display security notices for compliance requirements
Brand the interface for organizational identity

Basic Login Window Configuration

Display User List in Login Window

#!/bin/bash

# Show the list of users in the login window
defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false

echo "User list display enabled in login window"

Display Username/Password Dialog

#!/bin/bash

# Show username and password dialog instead of user list
defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true

echo "Username/password dialog enabled in login window"

Hide Power Options

#!/bin/bash

# Hide shutdown button
defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true

# Hide restart button
defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true

# Hide sleep button
defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true

echo "All power options hidden from login window"

Enable Power Options

#!/bin/bash

# Enable shutdown button
defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled false

# Enable restart button
defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false

# Enable sleep button
defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled false

echo "All power options enabled in login window"

Display Custom Message

#!/bin/bash

# Display a custom message on the login window
MESSAGE="Your device is managed by MacFleet. Contact IT for assistance."
defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$MESSAGE"

echo "Custom message set for login window"

Advanced Login Window Management

Comprehensive Login Window Configuration

#!/bin/bash

# Advanced login window configuration with validation
configure_login_window() {
    local config_type="$1"
    local custom_message="$2"
    
    # Validate admin privileges
    if [[ $EUID -ne 0 ]]; then
        echo "Error: This script requires administrator privileges"
        echo "Please run with sudo: sudo $0"
        exit 1
    fi
    
    case "$config_type" in
        "secure")
            echo "Applying secure login window configuration..."
            
            # Hide user list for security
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            
            # Disable all power options
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Set security message
            local security_msg="Authorized Personnel Only - All Activity Monitored"
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$security_msg"
            
            echo "✓ Secure configuration applied"
            ;;
        "corporate")
            echo "Applying corporate login window configuration..."
            
            # Show user list for convenience
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
            
            # Allow restart but disable shutdown and sleep
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Set corporate message
            local corp_msg="${custom_message:-Property of MacFleet Corporation}"
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$corp_msg"
            
            echo "✓ Corporate configuration applied"
            ;;
        "kiosk")
            echo "Applying kiosk login window configuration..."
            
            # Hide user list
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            
            # Disable all power options
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Hide additional elements for kiosk mode
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers true
            defaults write /Library/Preferences/com.apple.loginwindow HideMobileAccounts true
            
            # Set kiosk message
            local kiosk_msg="Kiosk Mode - Authorized Access Only"
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$kiosk_msg"
            
            echo "✓ Kiosk configuration applied"
            ;;
        "standard")
            echo "Applying standard login window configuration..."
            
            # Show user list
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
            
            # Enable all power options
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled false
            
            # Clear custom message
            defaults delete /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || true
            
            echo "✓ Standard configuration applied"
            ;;
        *)
            echo "Error: Unknown configuration type '$config_type'"
            echo "Available types: secure, corporate, kiosk, standard"
            return 1
            ;;
    esac
    
    # Verify configuration
    verify_login_window_config
}

# Verify current login window configuration
verify_login_window_config() {
    echo ""
    echo "=== Current Login Window Configuration ==="
    
    # Check user display mode
    local show_fullname
    show_fullname=$(defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || echo "false")
    
    if [[ "$show_fullname" == "true" ]]; then
        echo "User Display: Username/Password Dialog"
    else
        echo "User Display: User List"
    fi
    
    # Check power options
    local shutdown_disabled
    shutdown_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || echo "false")
    echo "Shutdown Button: $([ "$shutdown_disabled" == "true" ] && echo "Hidden" || echo "Visible")"
    
    local restart_disabled
    restart_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || echo "false")
    echo "Restart Button: $([ "$restart_disabled" == "true" ] && echo "Hidden" || echo "Visible")"
    
    local sleep_disabled
    sleep_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || echo "false")
    echo "Sleep Button: $([ "$sleep_disabled" == "true" ] && echo "Hidden" || echo "Visible")"
    
    # Check custom message
    local login_text
    login_text=$(defaults read /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || echo "None")
    echo "Custom Message: $login_text"
}

# Usage examples
configure_login_window "corporate" "Welcome to MacFleet Enterprise"

Login Window Branding and Customization

#!/bin/bash

# Advanced login window branding
customize_login_branding() {
    local company_name="$1"
    local support_info="$2"
    local logo_path="$3"
    
    echo "=== Customizing Login Window Branding ==="
    
    # Set company message
    if [[ -n "$company_name" ]]; then
        local branded_message="Property of $company_name"
        if [[ -n "$support_info" ]]; then
            branded_message="$branded_message | Support: $support_info"
        fi
        
        defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$branded_message"
        echo "✓ Company branding message set"
    fi
    
    # Set custom desktop background for login window
    if [[ -n "$logo_path" && -f "$logo_path" ]]; then
        defaults write /Library/Preferences/com.apple.loginwindow DesktopPicture "$logo_path"
        echo "✓ Custom background image set"
    fi
    
    # Configure additional branding options
    setup_login_window_styling "$company_name"
}

# Setup advanced login window styling
setup_login_window_styling() {
    local company_name="$1"
    
    # Hide computer name for cleaner appearance
    defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
    
    # Configure login window appearance
    defaults write /Library/Preferences/com.apple.loginwindow showInputMenu true
    
    # Set custom computer name display
    if [[ -n "$company_name" ]]; then
        scutil --set ComputerName "$company_name Workstation"
        scutil --set LocalHostName "$company_name-Mac"
    fi
    
    echo "✓ Login window styling configured"
}

# Usage
customize_login_branding "MacFleet Corporation" "help@macfleet.com" "/System/Library/Desktop Pictures/Big Sur.heic"

Security-Focused Login Configuration

#!/bin/bash

# High-security login window configuration
apply_security_hardening() {
    local security_level="$1"
    
    echo "=== Applying Security Hardening: $security_level ==="
    
    case "$security_level" in
        "maximum")
            # Hide all user information
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers true
            defaults write /Library/Preferences/com.apple.loginwindow HideMobileAccounts true
            defaults write /Library/Preferences/com.apple.loginwindow HideAdminUsers true
            
            # Disable all power options
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Hide additional UI elements
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu false
            defaults write /Library/Preferences/com.apple.loginwindow PowerOffDisabledWhileLoggedIn true
            
            # Set security warning
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "RESTRICTED ACCESS - AUTHORIZED PERSONNEL ONLY"
            
            echo "✓ Maximum security configuration applied"
            ;;
        "high")
            # Hide user list but allow some functionality
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers false
            defaults write /Library/Preferences/com.apple.loginwindow HideMobileAccounts true
            
            # Disable shutdown and sleep, allow restart
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Set moderate security message
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Corporate Device - Authorized Users Only"
            
            echo "✓ High security configuration applied"
            ;;
        "moderate")
            # Show user list but control power options
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers false
            
            # Allow restart, disable shutdown and sleep
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            
            # Set informational message
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Managed Device - Contact IT for Support"
            
            echo "✓ Moderate security configuration applied"
            ;;
        *)
            echo "Error: Unknown security level '$security_level'"
            echo "Available levels: maximum, high, moderate"
            return 1
            ;;
    esac
}

# Usage
apply_security_hardening "high"

Enterprise Login Window Management System

#!/bin/bash

# MacFleet Login Window Management Tool
# Comprehensive login window configuration and monitoring for fleet devices

# Configuration
SCRIPT_VERSION="1.0.0"
LOG_FILE="/var/log/macfleet_loginwindow.log"
REPORT_DIR="/etc/macfleet/reports/loginwindow"
CONFIG_DIR="/etc/macfleet/loginwindow"
TEMPLATE_DIR="/etc/macfleet/templates/loginwindow"

# Create directories if they don't exist
mkdir -p "$REPORT_DIR" "$CONFIG_DIR" "$TEMPLATE_DIR"

# Login window policy templates
declare -A LOGIN_POLICIES=(
    ["corporate_standard"]="user_list,restart_only,company_branding,moderate_security"
    ["corporate_secure"]="username_dialog,no_power,security_message,high_security"
    ["kiosk_mode"]="username_dialog,no_power,kiosk_branding,maximum_security"
    ["public_access"]="user_list,all_power,public_notice,low_security"
    ["executive"]="username_dialog,restart_only,executive_branding,high_security"
    ["guest_network"]="user_list,no_power,guest_notice,moderate_security"
    ["development"]="user_list,all_power,dev_environment,low_security"
    ["classroom"]="user_list,restart_only,educational_message,moderate_security"
    ["healthcare"]="username_dialog,no_power,hipaa_notice,maximum_security"
    ["financial"]="username_dialog,no_power,compliance_notice,maximum_security"
)

# Message templates for different scenarios
declare -A MESSAGE_TEMPLATES=(
    ["security_warning"]="RESTRICTED ACCESS - AUTHORIZED PERSONNEL ONLY - ALL ACTIVITY MONITORED"
    ["corporate_standard"]="Property of {COMPANY} | IT Support: {SUPPORT_CONTACT}"
    ["compliance_notice"]="This system contains confidential information. Unauthorized access is prohibited."
    ["guest_notice"]="Guest Access | Please contact reception for assistance"
    ["kiosk_mode"]="Kiosk Terminal | For assistance press F1"
    ["maintenance"]="System Under Maintenance | Contact IT Department"
    ["emergency"]="Emergency Access Only | Security Incident in Progress"
    ["educational"]="Educational Device | Students must follow acceptable use policy"
    ["hipaa_notice"]="HIPAA Protected System | Authorized Healthcare Personnel Only"
    ["financial_compliance"]="Financial Data System | SOX Compliance Required"
)

# Logging function
log_action() {
    local message="$1"
    local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
    echo "[$timestamp] $message" | tee -a "$LOG_FILE"
}

# Advanced login window policy enforcement
enforce_login_policy() {
    local policy_name="$1"
    local company_name="${2:-MacFleet}"
    local support_contact="${3:-IT Department}"
    local dry_run="${4:-false}"
    
    log_action "Enforcing login window policy: $policy_name (dry_run: $dry_run)"
    
    if [[ -z "${LOGIN_POLICIES[$policy_name]}" ]]; then
        log_action "ERROR: Unknown policy '$policy_name'"
        echo "Available policies: ${!LOGIN_POLICIES[*]}"
        return 1
    fi
    
    # Parse policy configuration
    IFS=',' read -ra POLICY_PARTS <<< "${LOGIN_POLICIES[$policy_name]}"
    local user_display="${POLICY_PARTS[0]}"
    local power_options="${POLICY_PARTS[1]}"
    local branding_type="${POLICY_PARTS[2]}"
    local security_level="${POLICY_PARTS[3]}"
    
    echo "=== Enforcing Policy: $policy_name ==="
    echo "User Display: $user_display"
    echo "Power Options: $power_options"
    echo "Branding: $branding_type"
    echo "Security Level: $security_level"
    
    if [[ "$dry_run" == "true" ]]; then
        echo "DRY RUN MODE - No changes will be applied"
        return 0
    fi
    
    # Apply user display settings
    apply_user_display_settings "$user_display"
    
    # Apply power option settings
    apply_power_option_settings "$power_options"
    
    # Apply branding and messaging
    apply_branding_settings "$branding_type" "$company_name" "$support_contact"
    
    # Apply security configurations
    apply_security_settings "$security_level"
    
    # Generate policy compliance report
    local report_file="$REPORT_DIR/policy_enforcement_${policy_name}_$(date +%Y%m%d_%H%M%S).json"
    generate_policy_report "$policy_name" "$report_file"
    
    log_action "Policy enforcement completed: $report_file"
    echo "$report_file"
}

# Apply user display settings
apply_user_display_settings() {
    local display_type="$1"
    
    case "$display_type" in
        "user_list")
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers false
            echo "✓ User list display enabled"
            ;;
        "username_dialog")
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            echo "✓ Username/password dialog enabled"
            ;;
        "hidden_users")
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow HideLocalUsers true
            defaults write /Library/Preferences/com.apple.loginwindow HideMobileAccounts true
            echo "✓ All users hidden from display"
            ;;
    esac
}

# Apply power option settings
apply_power_option_settings() {
    local power_config="$1"
    
    case "$power_config" in
        "all_power")
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled false
            echo "✓ All power options enabled"
            ;;
        "restart_only")
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            echo "✓ Only restart option enabled"
            ;;
        "no_power")
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            echo "✓ All power options disabled"
            ;;
    esac
}

# Apply branding and messaging settings
apply_branding_settings() {
    local branding_type="$1"
    local company_name="$2"
    local support_contact="$3"
    
    local message=""
    
    case "$branding_type" in
        "company_branding")
            message="${MESSAGE_TEMPLATES[corporate_standard]}"
            message="${message/\{COMPANY\}/$company_name}"
            message="${message/\{SUPPORT_CONTACT\}/$support_contact}"
            ;;
        "security_message")
            message="${MESSAGE_TEMPLATES[security_warning]}"
            ;;
        "kiosk_branding")
            message="${MESSAGE_TEMPLATES[kiosk_mode]}"
            ;;
        "executive_branding")
            message="Executive Workstation | $company_name | Confidential"
            ;;
        "guest_notice")
            message="${MESSAGE_TEMPLATES[guest_notice]}"
            ;;
        "educational_message")
            message="${MESSAGE_TEMPLATES[educational]}"
            ;;
        "hipaa_notice")
            message="${MESSAGE_TEMPLATES[hipaa_notice]}"
            ;;
        "compliance_notice")
            message="${MESSAGE_TEMPLATES[financial_compliance]}"
            ;;
        *)
            message="Managed by $company_name"
            ;;
    esac
    
    if [[ -n "$message" ]]; then
        defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$message"
        echo "✓ Custom message applied: $message"
    fi
}

# Apply security-specific settings
apply_security_settings() {
    local security_level="$1"
    
    case "$security_level" in
        "maximum_security")
            # Hide computer information
            defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo ""
            
            # Disable input menu
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu false
            
            # Disable auto login
            defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser 2>/dev/null || true
            
            # Enable login window delay
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            
            echo "✓ Maximum security settings applied"
            ;;
        "high_security")
            # Show minimal computer info
            defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
            
            # Enable input menu for language support
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu true
            
            # Disable guest account
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            
            echo "✓ High security settings applied"
            ;;
        "moderate_security")
            # Standard security with some convenience features
            defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu true
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            
            echo "✓ Moderate security settings applied"
            ;;
        "low_security")
            # Minimal restrictions for convenience
            defaults write /Library/Preferences/com.apple.loginwindow showInputMenu true
            
            echo "✓ Low security settings applied"
            ;;
    esac
}

# Generate comprehensive policy compliance report
generate_policy_report() {
    local policy_name="$1"
    local report_file="$2"
    
    # Get current login window settings
    local show_fullname=$(defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || echo "false")
    local shutdown_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || echo "false")
    local restart_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || echo "false")
    local sleep_disabled=$(defaults read /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || echo "false")
    local login_text=$(defaults read /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || echo "")
    local hide_local_users=$(defaults read /Library/Preferences/com.apple.loginwindow HideLocalUsers 2>/dev/null || echo "false")
    local guest_enabled=$(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false")
    
    cat > "$report_file" << EOF
{
    "policy_report": {
        "policy_name": "$policy_name",
        "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
        "hostname": "$(hostname)",
        "script_version": "$SCRIPT_VERSION",
        "current_settings": {
            "show_fullname": $show_fullname,
            "shutdown_disabled": $shutdown_disabled,
            "restart_disabled": $restart_disabled,
            "sleep_disabled": $sleep_disabled,
            "custom_message": "$login_text",
            "hide_local_users": $hide_local_users,
            "guest_enabled": $guest_enabled
        },
        "display_mode": "$([ "$show_fullname" == "true" ] && echo "username_dialog" || echo "user_list")",
        "security_level": "unknown",
        "compliance_status": "compliant"
    }
}
EOF
    
    log_action "Policy report generated: $report_file"
}

# Monitor login window configuration
monitor_login_window() {
    local detailed="${1:-false}"
    
    echo "=== Login Window Configuration Monitor ==="
    
    # Basic configuration check
    local show_fullname=$(defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || echo "false")
    local display_mode=$([ "$show_fullname" == "true" ] && echo "Username/Password Dialog" || echo "User List")
    
    echo "Display Mode: $display_mode"
    
    # Power options status
    local shutdown_status=$([ "$(defaults read /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null)" == "true" ] && echo "Hidden" || echo "Visible")
    local restart_status=$([ "$(defaults read /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null)" == "true" ] && echo "Hidden" || echo "Visible")
    local sleep_status=$([ "$(defaults read /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null)" == "true" ] && echo "Hidden" || echo "Visible")
    
    echo "Power Options:"
    echo "  Shutdown Button: $shutdown_status"
    echo "  Restart Button: $restart_status"
    echo "  Sleep Button: $sleep_status"
    
    # Custom message
    local custom_message=$(defaults read /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || echo "None")
    echo "Custom Message: $custom_message"
    
    if [[ "$detailed" == "true" ]]; then
        echo ""
        echo "=== Detailed Configuration ==="
        
        # Additional settings
        local hide_local=$(defaults read /Library/Preferences/com.apple.loginwindow HideLocalUsers 2>/dev/null || echo "false")
        local hide_mobile=$(defaults read /Library/Preferences/com.apple.loginwindow HideMobileAccounts 2>/dev/null || echo "false")
        local guest_enabled=$(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false")
        local admin_info=$(defaults read /Library/Preferences/com.apple.loginwindow AdminHostInfo 2>/dev/null || echo "DSStatus")
        
        echo "Advanced Settings:"
        echo "  Hide Local Users: $hide_local"
        echo "  Hide Mobile Accounts: $hide_mobile"
        echo "  Guest Account Enabled: $guest_enabled"
        echo "  Admin Host Info: $admin_info"
        
        # Check for custom background
        local desktop_picture=$(defaults read /Library/Preferences/com.apple.loginwindow DesktopPicture 2>/dev/null || echo "Default")
        echo "  Desktop Picture: $desktop_picture"
    fi
}

# Main execution function
main() {
    local action="${1:-status}"
    local param1="${2:-}"
    local param2="${3:-}"
    local param3="${4:-}"
    local param4="${5:-}"
    
    log_action "=== MacFleet Login Window Management Started ==="
    log_action "Action: $action"
    
    # Ensure required privileges for configuration changes
    if [[ "$action" != "status" && "$action" != "help" && $EUID -ne 0 ]]; then
        echo "Error: This action requires administrator privileges"
        echo "Please run with sudo: sudo $0 $*"
        exit 1
    fi
    
    case "$action" in
        "policy")
            if [[ -z "$param1" ]]; then
                echo "Available policies: ${!LOGIN_POLICIES[*]}"
                exit 1
            fi
            enforce_login_policy "$param1" "$param2" "$param3" "$param4"
            ;;
        "secure")
            apply_security_hardening "${param1:-high}"
            ;;
        "message")
            if [[ -z "$param1" ]]; then
                echo "Usage: $0 message <message_text>"
                exit 1
            fi
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$param1"
            echo "✓ Custom message set: $param1"
            ;;
        "power")
            case "$param1" in
                "disable")
                    defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
                    defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
                    defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
                    echo "✓ All power options disabled"
                    ;;
                "enable")
                    defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled false
                    defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
                    defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled false
                    echo "✓ All power options enabled"
                    ;;
                *)
                    echo "Usage: $0 power <enable|disable>"
                    exit 1
                    ;;
            esac
            ;;
        "display")
            case "$param1" in
                "userlist")
                    defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME false
                    echo "✓ User list display enabled"
                    ;;
                "dialog")
                    defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
                    echo "✓ Username/password dialog enabled"
                    ;;
                *)
                    echo "Usage: $0 display <userlist|dialog>"
                    exit 1
                    ;;
            esac
            ;;
        "status")
            monitor_login_window "$param1"
            ;;
        "reset")
            echo "Resetting login window to defaults..."
            defaults delete /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || true
            defaults delete /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || true
            defaults delete /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || true
            defaults delete /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || true
            defaults delete /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || true
            echo "✓ Login window reset to system defaults"
            ;;
        "help")
            echo "Usage: $0 [action] [options...]"
            echo "Actions:"
            echo "  policy <policy_name> [company] [support] [dry_run] - Apply policy"
            echo "  secure <level> - Apply security hardening (maximum/high/moderate)"
            echo "  message <text> - Set custom login message"
            echo "  power <enable|disable> - Control power button visibility"
            echo "  display <userlist|dialog> - Set user display mode"
            echo "  status [detailed] - Show current configuration"
            echo "  reset - Reset to system defaults"
            echo "  help - Show this help"
            echo ""
            echo "Policies: ${!LOGIN_POLICIES[*]}"
            echo "Message Templates: ${!MESSAGE_TEMPLATES[*]}"
            ;;
        *)
            log_action "ERROR: Unknown action: $action"
            echo "Use '$0 help' for usage information"
            exit 1
            ;;
    esac
    
    log_action "=== Login window management completed ==="
}

# Execute main function
main "$@"

Login Window Security Best Practices

Corporate Security Configuration

#!/bin/bash

# Implement corporate login window security
implement_corporate_security() {
    echo "=== Implementing Corporate Login Window Security ==="
    
    # Hide user enumeration
    defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
    
    # Disable power options to prevent unauthorized shutdowns
    defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
    defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
    
    # Allow restart for updates (optional)
    defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled false
    
    # Set corporate security message
    defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Corporate Property - Authorized Personnel Only"
    
    # Disable guest account
    defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
    
    # Hide computer information
    defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo ""
    
    echo "✓ Corporate security configuration applied"
}

implement_corporate_security

Compliance and Audit Configuration

#!/bin/bash

# Configure login window for compliance requirements
configure_compliance_login() {
    local compliance_type="$1"
    
    case "$compliance_type" in
        "hipaa")
            # Healthcare compliance configuration
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow ShutDownDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow RestartDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow SleepDisabled true
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "HIPAA Protected System - Healthcare Personnel Only"
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            echo "✓ HIPAA compliance configuration applied"
            ;;
        "pci_dss")
            # Payment card industry compliance
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "PCI DSS Secure Environment - Authorized Access Only"
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            echo "✓ PCI DSS compliance configuration applied"
            ;;
        "sox")
            # Financial compliance
            defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME true
            defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "Financial Data System - SOX Compliance Required"
            defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled false
            echo "✓ SOX compliance configuration applied"
            ;;
        *)
            echo "Unknown compliance type: $compliance_type"
            return 1
            ;;
    esac
}

# Usage
configure_compliance_login "hipaa"

Troubleshooting Login Window Issues

Verify Configuration

#!/bin/bash

# Comprehensive login window configuration verification
verify_login_config() {
    echo "=== Login Window Configuration Verification ==="
    
    # Check all current settings
    echo "Current Settings:"
    echo "  Show Full Name: $(defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || echo 'Not Set')"
    echo "  Shutdown Disabled: $(defaults read /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || echo 'Not Set')"
    echo "  Restart Disabled: $(defaults read /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || echo 'Not Set')"
    echo "  Sleep Disabled: $(defaults read /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || echo 'Not Set')"
    echo "  Login Text: $(defaults read /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || echo 'Not Set')"
    echo "  Guest Enabled: $(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo 'Not Set')"
    echo "  Hide Local Users: $(defaults read /Library/Preferences/com.apple.loginwindow HideLocalUsers 2>/dev/null || echo 'Not Set')"
    
    # Check file permissions
    echo ""
    echo "File Permissions:"
    ls -la /Library/Preferences/com.apple.loginwindow.plist 2>/dev/null || echo "Login window plist not found"
    
    # Verify settings will take effect
    echo ""
    echo "Verification Tests:"
    if defaults read /Library/Preferences/com.apple.loginwindow SHOWFULLNAME &>/dev/null; then
        echo "✓ Login window preferences are readable"
    else
        echo "⚠ Login window preferences may not be configured"
    fi
}

verify_login_config

Reset to Defaults

#!/bin/bash

# Reset login window to system defaults
reset_login_window() {
    echo "=== Resetting Login Window to Defaults ==="
    
    # Remove all custom settings
    defaults delete /Library/Preferences/com.apple.loginwindow SHOWFULLNAME 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow ShutDownDisabled 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow RestartDisabled 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow SleepDisabled 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow LoginwindowText 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow HideLocalUsers 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow HideMobileAccounts 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow AdminHostInfo 2>/dev/null || true
    defaults delete /Library/Preferences/com.apple.loginwindow DesktopPicture 2>/dev/null || true
    
    echo "✓ Login window reset to system defaults"
    echo "Note: Changes will take effect after logout or restart"
}

reset_login_window

Important Notes

Administrator privileges required for login window modifications
Changes take effect after logout or restart
Test thoroughly on individual devices before fleet deployment
Backup settings before making changes
Security implications - Consider hiding user lists in high-security environments
User experience - Balance security with usability
Compliance requirements - Some industries require specific login window configurations
Special characters - Avoid exclamation marks in custom messages due to shell interpretation

Tutorial

Novas atualizações e melhorias para a Macfleet.

Siga-nos no X.com

May 20, 2025

Configurando um Runner do GitHub Actions em um Mac Mini (Apple Silicon)

Runner do GitHub Actions

GitHub Actions é uma plataforma poderosa de CI/CD que permite automatizar seus fluxos de trabalho de desenvolvimento de software. Embora o GitHub ofereça runners hospedados, runners auto-hospedados fornecem maior controle e personalização para sua configuração de CI/CD. Este tutorial o guia através da configuração e conexão de um runner auto-hospedado em um Mac mini para executar pipelines do macOS.

Pré-requisitos

Antes de começar, certifique-se de ter:

Um Mac mini (registre-se no Macfleet)
Um repositório GitHub com direitos de administrador
Um gerenciador de pacotes instalado (preferencialmente Homebrew)
Git instalado em seu sistema

Passo 1: Criar uma Conta de Usuário Dedicada

Primeiro, crie uma conta de usuário dedicada para o runner do GitHub Actions:

# Criar a conta de usuário 'gh-runner'
sudo dscl . -create /Users/gh-runner
sudo dscl . -create /Users/gh-runner UserShell /bin/bash
sudo dscl . -create /Users/gh-runner RealName "GitHub runner"
sudo dscl . -create /Users/gh-runner UniqueID "1001"
sudo dscl . -create /Users/gh-runner PrimaryGroupID 20
sudo dscl . -create /Users/gh-runner NFSHomeDirectory /Users/gh-runner

# Definir a senha para o usuário
sudo dscl . -passwd /Users/gh-runner sua_senha

# Adicionar 'gh-runner' ao grupo 'admin'
sudo dscl . -append /Groups/admin GroupMembership gh-runner

Mude para a nova conta de usuário:

su gh-runner

Passo 2: Instalar Software Necessário

Instale Git e Rosetta 2 (se estiver usando Apple Silicon):

# Instalar Git se ainda não estiver instalado
brew install git

# Instalar Rosetta 2 para Macs Apple Silicon
softwareupdate --install-rosetta

Passo 3: Configurar o Runner do GitHub Actions

Vá para seu repositório GitHub
Navegue para Configurações > Actions > Runners

Runner do GitHub Actions

Clique em "New self-hosted runner" (https://github.com/<username>/<repository>/settings/actions/runners/new)
Selecione macOS como imagem do runner e ARM64 como arquitetura
Siga os comandos fornecidos para baixar e configurar o runner

Runner do GitHub Actions

Crie um arquivo .env no diretório _work do runner:

# arquivo _work/.env
ImageOS=macos15
XCODE_15_DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer

Execute o script run.sh em seu diretório do runner para completar a configuração.
Verifique se o runner está ativo e ouvindo por trabalhos no terminal e verifique as configurações do repositório GitHub para a associação do runner e status Idle.

Runner do GitHub Actions

Passo 4: Configurar Sudoers (Opcional)

Se suas ações requerem privilégios de root, configure o arquivo sudoers:

sudo visudo

Adicione a seguinte linha:

gh-runner ALL=(ALL) NOPASSWD: ALL

Passo 5: Usar o Runner em Fluxos de Trabalho

Configure seu fluxo de trabalho do GitHub Actions para usar o runner auto-hospedado:

name: Fluxo de trabalho de exemplo

on:
  workflow_dispatch:

jobs:
  build:
    runs-on: [self-hosted, macOS, ARM64]
    steps:
      - name: Instalar NodeJS
        run: brew install node

O runner está autenticado em seu repositório e rotulado com self-hosted, macOS, e ARM64. Use-o em seus fluxos de trabalho especificando estes rótulos no campo runs-on:

runs-on: [self-hosted, macOS, ARM64]

Melhores Práticas

Mantenha seu software do runner atualizado
Monitore regularmente os logs do runner para problemas
Use rótulos específicos para diferentes tipos de runners
Implemente medidas de segurança adequadas
Considere usar múltiplos runners para balanceamento de carga

Solução de Problemas

Problemas comuns e soluções:

Runner não conectando:
- Verifique conectividade de rede
- Verifique validade do token GitHub
- Certifique-se de permissões adequadas
Falhas de build:
- Verifique instalação do Xcode
- Verifique dependências necessárias
- Revise logs do fluxo de trabalho
Problemas de permissão:
- Verifique permissões do usuário
- Verifique configuração sudoers
- Revise permissões do sistema de arquivos

Conclusão

Agora você tem um runner auto-hospedado do GitHub Actions configurado em seu Mac mini. Esta configuração fornece mais controle sobre seu ambiente CI/CD e permite executar fluxos de trabalho específicos do macOS de forma eficiente.

Lembre-se de manter regularmente seu runner e mantê-lo atualizado com os patches de segurança e versões de software mais recentes.

May 14, 2025

Aplicativo Nativo

Aplicativo nativo do Macfleet

Guia de Instalação do Macfleet

Macfleet é uma solução poderosa de gerenciamento de frota projetada especificamente para ambientes Mac Mini hospedados na nuvem. Como provedor de hospedagem na nuvem Mac Mini, você pode usar o Macfleet para monitorar, gerenciar e otimizar toda sua frota de instâncias Mac virtualizadas.

Este guia de instalação o conduzirá através da configuração do monitoramento do Macfleet em sistemas macOS, Windows e Linux para garantir supervisão abrangente de sua infraestrutura na nuvem.

🍎 macOS

Baixe o arquivo .dmg para Mac aqui
Clique duas vezes no arquivo .dmg baixado
Arraste o aplicativo Macfleet para a pasta Aplicativos
Ejete o arquivo .dmg
Abra Preferências do Sistema > Segurança e Privacidade
- Aba Privacidade > Acessibilidade
- Marque Macfleet para permitir monitoramento
Inicie o Macfleet a partir de Aplicativos
O rastreamento inicia automaticamente

🪟 Windows

Baixe o arquivo .exe para Windows aqui
Clique com o botão direito no arquivo .exe > "Executar como administrador"
Siga o assistente de instalação
Aceite os termos e condições
Permita no Windows Defender se solicitado
Conceda permissões de monitoramento de aplicativo
Inicie o Macfleet a partir do Menu Iniciar
O aplicativo começa o rastreamento automaticamente

🐧 Linux

Baixe o pacote .deb (Ubuntu/Debian) ou .rpm (CentOS/RHEL) aqui
Instale usando seu gerenciador de pacotes
- Ubuntu/Debian: sudo dpkg -i Macfleet-linux.deb
- CentOS/RHEL: sudo rpm -ivh Macfleet-linux.rpm
Permita permissões de acesso X11 se solicitado
Adicione o usuário aos grupos apropriados se necessário
Inicie o Macfleet a partir do menu Aplicativos
O aplicativo começa o rastreamento automaticamente

Nota: Após a instalação em todos os sistemas, faça login com suas credenciais do Macfleet para sincronizar dados com seu painel de controle.