{"id":13586343,"url":"https://github.com/macadmins/umad","last_synced_at":"2026-02-07T09:03:46.171Z","repository":{"id":43052950,"uuid":"146475118","full_name":"macadmins/umad","owner":"macadmins","description":"A tool to help users with pre-existing devices enroll into MDM","archived":false,"fork":false,"pushed_at":"2024-07-28T14:46:36.000Z","size":1484,"stargazers_count":278,"open_issues_count":16,"forks_count":34,"subscribers_count":21,"default_branch":"main","last_synced_at":"2024-08-02T16:03:10.704Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/macadmins.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-08-28T16:22:26.000Z","updated_at":"2024-07-24T04:20:45.000Z","dependencies_parsed_at":"2023-01-25T06:30:10.696Z","dependency_job_id":null,"html_url":"https://github.com/macadmins/umad","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macadmins%2Fumad","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macadmins%2Fumad/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macadmins%2Fumad/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/macadmins%2Fumad/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/macadmins","download_url":"https://codeload.github.com/macadmins/umad/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223285329,"owners_count":17119883,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T15:05:29.685Z","updated_at":"2026-02-07T09:03:46.165Z","avatar_url":"https://github.com/macadmins.png","language":"Python","funding_links":[],"categories":["Python","Utilities"],"sub_categories":["umad"],"readme":"# UMAD (macadmin's Slack #umad)\n[U]niversal\n[M]DM\n[A]pproval\n[D]ialog\n\n## Embedded Python\nAs of v2.0, UMAD now uses its own embedded python (currently v3.8). This is due to Apple's upcoming removal of Python2.\n\n`FoundationPlist` has been replaced by Python 3's version of `plistlib`\n\nNibbler has been updated to support python 3.\n\n### Building embedded python framework\n\nTo reduce the size of the git repository, you **must** create your own Python. To do this, simply run the `./build_python_framework` script within the repository.\n\nThis process was tested on Catalina only.\n\n```\n./build_python_framework\n\nCloning relocatable-python tool from github...\nCloning into '/tmp/relocatable-python-git'...\nremote: Enumerating objects: 28, done.\nremote: Counting objects: 100% (28/28), done.\nremote: Compressing objects: 100% (19/19), done.\nremote: Total 78 (delta 12), reused 19 (delta 9), pack-reused 50\nUnpacking objects: 100% (78/78), done.\nDownloading https://www.python.org/ftp/python/3.8.0/python-3.8.0-macosx10.9.pkg...\n\n...\n\nDone!\nCustomized, relocatable framework is at /Library/umad/Python.framework\nMoving Python.framework to umad munki-pkg payload folder\nTaking ownership of the file to not break git\n```\n\n## Purpose\nA Professional Tool to help users with getting pre-existing devices enrolled into MDM.\n\n## Screenshots\n\n### DEP\n![Screenshot DEP](/images/ss_dep.png?raw=true)\n\n### Manual\n![Screenshot Manual](/images/ss_manual.png?raw=true)\n\n### UAMDM\n![Screenshot UAMDM](/images/ss_uamdm.png?raw=true)\n\n### Simplified Diagram\n![Simplified Diagram](/images/umad_diagram.png?raw=true)\n\n### Notes\nYou will need to use [munki-pkg](https://github.com/munki/munki-pkg) to build this package.\n\nBecause of the way git works, umad will not contain the `Logs` folder required for the postinstall to complete.\nIn order to create a properly working package, you will need to run the following command:\n`munkipkg --sync /path/to/cloned_repo/mdm/umad`\n\n## OS Support v1\nThe following operating system and versions have been tested.\n- 10.10.0 [Note 1](https://github.com/AnotherToolAppleShouldHaveProvided/umad/issues/11), 10.10.5 - [Note 2](https://github.com/AnotherToolAppleShouldHaveProvided/umad/issues/10)\n- 10.11.0, 10.11.6\n- 10.12.0, 10.12.6 (10.12 is very unreliable with DEP nagging)\n- 10.13.0 10.13.3, 10.13.6\n- 10.14.0\n- 10.15\n\n## OS Support v2 (embedded python)\nThe following operating system and versions have been tested with the embedded python.\n- 10.14\n- 10.15\n\n## Getting started\nTo start, you can use the default settings in `/Library/LaunchAgent/com.anothertoolappleshouldhaveprovided.umad.plist`\n\nEssentially every component of the UI is customizable, using the above LaunchAgent.  \n* Create your .pkg with munki-pkg and install on your target workstation.\n* Open terminal.\n\u003ci\u003eexample\u003c/i\u003e\n\n`/Library/Application Support/umad/Resources/umad --cutoffdate 2018-9-7-17:00\n`\n\u003ci\u003esets the cutoff date to September 7th at 5pm\u003c/i\u003e\n\n### Cutoff date\nCut off date in UTC.\n\n```xml\n\u003cstring\u003e--cutoffdate\u003c/string\u003e\n\u003cstring\u003e2018-12-31-17:00\u003c/string\u003e\n```\n\n### Cut off date warning\nThis is the number, in days, of when to start the initial UI warning. When this set of days passes, the user will be required to hit an \"I Understand\" button, followed by the \"Close\" button to exit out of the UI.\n\n```xml\n\u003cstring\u003e--cutoffdatewarning\u003c/string\u003e\n\u003cstring\u003e14\u003c/string\u003e\n```\n\n### Due date text\nThis is the bolded portion of the UI towards the top under the [\"titletext\".](#title-text)\n\n```xml\n\u003cstring\u003e--duedatetext\u003c/string\u003e\n\u003cstring\u003eMDM Enrollment is required by 12/31/2018 (No Restart Required)\u003c/string\u003e\n```\n\n### DEP failure text\nIf a user has a DEP capable device, but they are past the enrollment window, they will have an option to manually enroll.\n\nThis is the first set of text above the enrollment button.\n\n```xml\n\u003cstring\u003e--depfailuretext\u003c/string\u003e\n\u003cstring\u003eNot getting this notification?\u003c/string\u003e\n```\n\n### DEP failure subtext\nIf a user has a DEP capable device, but they are past the enrollment window, they will have an option to manually enroll.\n\nThis is the second set of text above the enrollment button.\n\n```xml\n\u003cstring\u003e--depfailuresubtext\u003c/string\u003e\n\u003cstring\u003eYou can also enroll manually below:\u003c/string\u003e\n```\n\n### Enable enrollment button\nAlways show the manual enrollment button, DEP or not.\n\n```xml\n\u003cstring\u003e--enableenrollmentbutton\u003c/string\u003e\n```\n\n### Honor DND settings\nIf a device is DEP capable, umad will not honor DoNotDisturb settings so the nag can actually appear.\n\nIf the admin wants to honor DoNotDisturb for DEP devices, use this feature.\n\nNon-DEP devices will honor the users DND settings\n\n```xml\n\u003cstring\u003e--honordndsettings\u003c/string\u003e\n```\n\n### Logo path\nYou can replace the included company_logo.png with your own company_logo.png or you can configure a custom Path\nwith the following string:\n\n```xml\n\u003cstring\u003e--logopath\u003c/string\u003e\n\u003cstring\u003e/Some/Custom/Path/company_logo.png\u003c/string\u003e\n```\n\n### Manual enrollment text\nIf a user does not have a DEP capable device, they will have the option to manually enroll.\n\u003ci\u003eAuthentication may be required for manual enrollment.\u003c/i\u003e\n\nThis is the bolded text that takes place of the DEP or UAMDM screenshot.\n\n```xml\n\u003cstring\u003e--manualenrollmenttext\u003c/string\u003e\n\u003cstring\u003eManual Enrollment Required\u003c/string\u003e\n```\n\n### Manual enrollment h1 text\nIf a user does not have a DEP capable device, they will have the option to manually enroll.\n\u003ci\u003eAuthentication may be required for manual enrollment.\u003c/i\u003e\n\nThis is the first set of text above the enrollment button.\n\n```xml\n\u003cstring\u003e--manualenrollh1text\u003c/string\u003e\n\u003cstring\u003eWant this box to go away?\u003c/string\u003e\n```\n\n### Manual enrollment h2 text\nIf a user does not have a DEP capable device, they will have the option to manually enroll.\n\u003ci\u003eAuthentication may be required for manual enrollment.\u003c/i\u003e\n\nThis is the second set of text above the enrollment button.\n\n```xml\n\u003cstring\u003e--manualenrollh2text\u003c/string\u003e\n\u003cstring\u003eClick on the Manual Enrollment button below.\u003c/string\u003e\n```\n\n### Manual enrollment URL\nConfigure the Manual Enrollment button with a custom URL.\n```xml\n\u003cstring\u003e--manualenrollmenturl\u003c/string\u003e\n\u003cstring\u003ehttps://apple.com\u003c/string\u003e\n```\n\n### More info URL\nWhen you see the Manual Enrollment button, you can customize a URL directing the users to more information.\n```xml\n\u003cstring\u003e--moreinfourl\u003c/string\u003e\n\u003cstring\u003ehttps://google.com\u003c/string\u003e\n```\n\n### Nag screenshot path\nYou can modify the LaunchAgent adding your custom path or just replace the included nag_ss.png with your own .png.\n(remember to name the file nag_ss.png if you are not using a custom path)\n```xml\n\u003cstring\u003e--nagsspath\u003c/string\u003e\n\u003cstring\u003e/Some/Custom/Path/nag_ss.png\u003c/string\u003e\n```\n\n### No timer\nUse this setting if you \u003cb\u003eDO NOT\u003c/b\u003e want to restore the umad GUI to the front of a user's window.\n\n```xml\n\u003cstring\u003e--notimer\u003c/string\u003e\n```\n\n### Paragraph 1 text\nThis is the text for the first paragraph. 160 character limit.\n```xml\n\u003cstring\u003e--paragraph1\u003c/string\u003e\n\u003cstring\u003eIf you do not enroll into MDM you will lose the ability to connect to Wi-Fi, VPN and Managed Software Center.\u003c/string\u003e\n```\n\n### Paragraph 2 text\nThis is the text for the second paragraph. 160 character limit.\n```xml\n\u003cstring\u003e--paragraph2\u003c/string\u003e\n\u003cstring\u003eTo enroll, just look for the below notification, and click Details. Once prompted, log in with your username and password.\u003c/string\u003e\n```\n\n### Paragraph 2 text\nThis is the text for the third paragraph. 160 character limit.\n```xml\n\u003cstring\u003e--paragraph3\u003c/string\u003e\n\u003cstring\u003eTo enroll, just look for the below notification, and click Details. Once prompted, log in with your OneLogin username and password.\u003c/string\u003e\n```\n\n### Profile identifier\nThis is the profile identifier for \u003c 10.13 machines to check for enrollment. Should you not set this value, umad will attempt to look for a profile installed on the machine with the _PayloadType_ of `com.apple.mdm`\n\n```xml\n\u003cstring\u003e--profileidentifier\u003c/string\u003e\n\u003cstring\u003eB68ABF1E-70E2-43B0-8300-AE65F9AFA330\u003c/string\u003e\n```\n\nTo get this value, run the following command on a computer with your MDM profile installed: `profiles -C -o stdout-xml`\n\nLook for the MDM profile and notate the identifier. Some MDMs may use a UUID for this value.\n\nSome examples:\n```xml\n\u003cdict\u003e\n\t\u003ckey\u003eProfileDescription\u003c/key\u003e\n\t\u003cstring\u003eMDM profile\u003c/string\u003e\n\t\u003ckey\u003eProfileDisplayName\u003c/key\u003e\n\t\u003cstring\u003eMDM Profile\u003c/string\u003e\n\t\u003ckey\u003eProfileIdentifier\u003c/key\u003e\n\t\u003cstring\u003e220cad8d-c273-422f-afcb-9740857b38a0\u003c/string\u003e\n\u003c/dict\u003e\n```\n\n```xml\n\u003cdict\u003e\n\t\u003ckey\u003eProfileDescription\u003c/key\u003e\n\t\u003cstring\u003eMDM profile\u003c/string\u003e\n\t\u003ckey\u003eProfileDisplayName\u003c/key\u003e\n\t\u003cstring\u003eMDM Profile\u003c/string\u003e\n\t\u003ckey\u003eProfileIdentifier\u003c/key\u003e\n\t\u003cstring\u003ecom.awesome.mdm.profile\u003c/string\u003e\n\u003c/dict\u003e\n```\n\n### Sub-title text\nThis is the text right under the main title.\n```xml\n\u003cstring\u003e--subtitletext\u003c/string\u003e\n\u003cstring\u003eA friendly reminder from your local IT team\u003c/string\u003e\n```\n\n### System Preferences H1 text\nShould the user have a 10.13.4+ device that is not User Approved MDM, they will be notified that they need to approve the MDM.\n\nThis is the first set of text above the system preferences button.\n```xml\n\u003cstring\u003e--sysprefsh1text\u003c/string\u003e\n\u003cstring\u003eWant this box to go away?\u003c/string\u003e\n```\n\n### System Preferences H2 text\nShould the user have a 10.13.4+ device that is not User Approved MDM, they will be notified that they need to approve the MDM.\n\nThis is the second set of text above the system preferences button.\n```xml\n\u003cstring\u003e--sysprefsh2text\u003c/string\u003e\n\u003cstring\u003eOpen System Preferences and approve Device Management.\u003c/string\u003e\n```\n\n### Title text\nThis is the main, bolded text at the very top.\n```xml\n\u003cstring\u003e--titletext\u003c/string\u003e\n\u003cstring\u003eMDM Enrollment\u003c/string\u003e\n```\n\n### Timer Day 1\nThe time, in seconds, to restore the umad GUI to the front of a user's window. This will occur indefinitely until the UI is closed or MDM is enrolled.\n\nWhen the MDM cutoff date is one day or less, this timer becomes active.\n```xml\n\u003cstring\u003e--timerday1\u003c/string\u003e\n\u003cstring\u003e600\u003c/string\u003e\n```\n\n### Timer Day 3\nThe time, in seconds, to restore the umad GUI to the front of a user's window. This will occur indefinitely until the UI is closed or MDM is enrolled.\n\nWhen the MDM cutoff date is three days or less from current date.\n```xml\n\u003cstring\u003e--timerday3\u003c/string\u003e\n\u003cstring\u003e7200\u003c/string\u003e\n```\n\n### Timer Elapsed\nAfter the user interacts with umad GUI, (such as clicking the \"I understand\" button) timer elapsed controls when the UI\nwill display again.\n\nThis will occur indefinitely until the MDM is enrolled.\n```xml\n\u003cstring\u003e--timerelapsed\u003c/string\u003e\n\u003cstring\u003e10\u003c/string\u003e\n```\n\n### Timer Final\nThe time, in seconds, to restore the umad GUI to the front of a user's window. This will occur indefinitely until the UI is closed or MDM is enrolled.\n\nThis is when the MDM cutoff date is one hour or less\n```xml\n\u003cstring\u003e--timerfinal\u003c/string\u003e\n\u003cstring\u003e60\u003c/string\u003e\n```\n\n### Timer Initial\nThe time, in seconds, to restore the umad GUI to the front of a user's window. This will occur indefinitely until the UI is closed or MDM is enrolled.\n\nWhen the MDM cutoff date is over three days.\n```xml\n\u003cstring\u003e--timerinital\u003c/string\u003e\n\u003cstring\u003e14400\u003c/string\u003e\n```\n\n### Timer MDM\nThe time, in seconds, to check if the device is enrolled into MDM.\n\n```xml\n\u003cstring\u003e--timermdm\u003c/string\u003e\n\u003cstring\u003e5\u003c/string\u003e\n```\n\n### User Approved MDM paragraph 1 text\nThis is the text for the first paragraph on the user Approved MDM UI.\n```xml\n\u003cstring\u003e--uamdmparagraph1\u003c/string\u003e\n\u003cstring\u003eThank you for enrolling your device into MDM. We sincerely appreciate you doing this in a timely manner.\u003c/string\u003e\n```\n\n### User Approved MDM paragraph 2 text\nThis is the text for the second paragraph on the user Approved MDM UI.\n```xml\n\u003cstring\u003e--uamdmparagraph2\u003c/string\u003e\n\u003cstring\u003eUnfortunately, your device has been detected as only partially enrolled into our system.\u003c/string\u003e\n```\n\n### User Approved MDM paragraph 3 text\nThis is the text for the third paragraph on the user Approved MDM UI.\n```xml\n\u003cstring\u003e--uamdmparagraph3\u003c/string\u003e\n\u003cstring\u003ePlease go to System Preferences -\u003e Profiles, click on the Device Enrollment profile and click on the approve button.\u003c/string\u003e\n```\n\n### User Approved MDM screenshot path\nYou can customize the uamdm screenshot path. Option 2, just replace the included uamdm_ss.png with your own .png.  Make sure you name the .png the same as the original and place it back into `umad/Resources/`  .\n```xml\n\u003cstring\u003e--uasspath\u003c/string\u003e\n\u003cstring\u003e/Some/Custom/Path/uamdm_ss.png\u003c/string\u003e\n```\n\n## Tips, Tricks, and Troubleshooting\n\n* \u003cb\u003e\u003ci\u003eI made changes to the default LaunchAgent and now the UI isn't appearing?\u003c/b\u003e\u003c/i\u003e\n\n\tMake sure you unload, and reload the LaunchAgent after making changes.\n\n* \u003cb\u003e\u003ci\u003eWhere is the logging located?\u003c/b\u003e\u003c/i\u003e\n\n\t`/Library/Application Support/umad/umad.log`\n\n* \u003cb\u003e\u003ci\u003eWhy isn't the log file there?\u003c/b\u003e\u003c/i\u003e\n\n\tRemember to unload and reload the LaunchAgent.\n\n\n## Credits\nThis tool would not be possible without [nibbler](https://github.com/pudquick/nibbler), written by [Michael Lynn](https://twitter.com/mikeymikey)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmacadmins%2Fumad","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmacadmins%2Fumad","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmacadmins%2Fumad/lists"}