-
Notifications
You must be signed in to change notification settings - Fork 545
/
Copy pathworkstations.yml
120 lines (120 loc) · 5.73 KB
/
workstations.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
name: $DOGFOOD_APPLE_BM_DEFAULT_TEAM
team_settings:
features:
enable_host_users: true
enable_software_inventory: true
host_expiry_settings:
host_expiry_enabled: false
host_expiry_window: 0
secrets:
- secret: $DOGFOOD_WORKSTATIONS_ENROLL_SECRET
integrations:
google_calendar:
enable_calendar_events: true
webhook_url: $DOGFOOD_CALENDAR_WEBHOOK_URL
agent_options:
config:
decorators:
load:
- SELECT uuid AS host_uuid FROM system_info;
- SELECT hostname AS hostname FROM system_info;
options:
disable_distributed: false
distributed_interval: 10
distributed_plugin: tls
distributed_tls_max_attempts: 3
logger_tls_endpoint: /api/osquery/log
logger_tls_period: 10
pack_delimiter: /
update_channels:
# We want to use these hosts to stick to stable releases
# to perform smoke tests after promoting edge to stable.
osqueryd: stable
orbit: stable
desktop: stable
controls:
enable_disk_encryption: true
macos_settings:
custom_settings:
- path: ../lib/macos/configuration-profiles/date-time.mobileconfig
- path: ../lib/macos/configuration-profiles/chrome-enrollment.mobileconfig
- path: ../lib/macos/configuration-profiles/disable-bluetooth-file-sharing.mobileconfig
- path: ../lib/macos/configuration-profiles/disable-content-caching.mobileconfig
- path: ../lib/macos/configuration-profiles/disable-guest-account.mobileconfig
- path: ../lib/macos/configuration-profiles/disable-guest-shares.mobileconfig
- path: ../lib/macos/configuration-profiles/disable-internet-sharing.mobileconfig
- path: ../lib/macos/configuration-profiles/disable-media-sharing.mobileconfig
- path: ../lib/macos/configuration-profiles/disable-safari-safefiles.mobileconfig
- path: ../lib/macos/configuration-profiles/enable-doh.mobileconfig
- path: ../lib/macos/configuration-profiles/enable-firewall-logging.mobileconfig
- path: ../lib/macos/configuration-profiles/enable-gatekeeper.mobileconfig
- path: ../lib/macos/configuration-profiles/enforce-library-validation.mobileconfig
- path: ../lib/macos/configuration-profiles/firewall.mobileconfig
- path: ../lib/macos/configuration-profiles/full-disk-access-for-fleetd.mobileconfig
- path: ../lib/macos/configuration-profiles/limit-ad-tracking.mobileconfig
- path: ../lib/macos/configuration-profiles/misc.mobileconfig
- path: ../lib/macos/configuration-profiles/prevent-autologon.mobileconfig
- path: ../lib/macos/configuration-profiles/secure-terminal-keyboard.mobileconfig
- path: ../lib/macos/declaration-profiles/passcode-settings.json
- path: ../lib/macos/declaration-profiles/software-update-settings.json
- path: ../lib/macos/configuration-profiles/1password-managed-settings.mobileconfig
labels_include_any:
- "Macs with 1Password8 installed"
macos_setup:
bootstrap_package: ""
enable_end_user_authentication: true
macos_setup_assistant: ../lib/macos/enrollment-profiles/automatic-enrollment.dep.json
software:
- package_path: ../lib/macos/software/google-chrome.yml # Google Chrome for macOS
- package_path: ../lib/macos/software/zoom.yml # Zoom for macOS
- package_path: ../lib/macos/software/1password.yml # 1Password for macOS
- app_store_id: '803453959' # Slack Desktop
macos_updates:
deadline: "2025-04-26"
minimum_version: "15.4"
windows_settings:
custom_settings: null
windows_updates:
deadline_days: 7
grace_period_days: 2
scripts:
- path: ../lib/macos/scripts/collect-fleetd-logs.sh
- path: ../lib/macos/scripts/see-automatic-enrollment-profile.sh
- path: ../lib/macos/scripts/remove-old-nudge.sh
- path: ../lib/macos/scripts/uninstall-fleetd-macos.sh
- path: ../lib/macos/scripts/install-wine.sh
- path: ../lib/windows/scripts/uninstall-fleetd-windows.ps1
- path: ../lib/windows/scripts/turn-off-mdm.ps1
- path: ../lib/windows/scripts/create-admin-user.ps1
- path: ../lib/linux/scripts/uninstall-fleetd-linux.sh
policies:
- path: ../lib/macos/policies/1password-emergency-kit-check.yml
- path: ../lib/macos/policies/update-firefox.yml
- path: ../lib/macos/policies/latest-macos.yml
- path: ../lib/macos/policies/all-software-updates-installed.yml
- path: ../lib/macos/policies/update-slack.yml
- path: ../lib/macos/policies/update-1password.yml
- path: ../lib/macos/policies/enrollment-profile-up-to-date.yml
- path: ../lib/macos/policies/disk-encryption-check.yml
- path: ../lib/macos/policies/1password-installed.yml
- path: ../lib/windows/policies/antivirus-signatures-up-to-date.yml
- path: ../lib/windows/policies/all-windows-updates-installed.yml
- path: ../lib/windows/policies/disk-encryption-check.yml
- path: ../lib/windows/policies/1password-installed.yml
- path: ../lib/windows/policies/update-1password.yml
- path: ../lib/linux/policies/disk-encryption-check.yml
queries:
- path: ../lib/macos/queries/detect-apple-intelligence.yml
software:
packages:
- path: ../lib/macos/software/zoom.yml # Zoom for macOS
- path: ../lib/macos/software/google-chrome.yml # Google Chrome for macOS
- path: ../lib/macos/software/1password.yml # 1Password for macOS
- path: ../lib/windows/software/slack.yml # Slack for Windows
- path: ../lib/windows/software/zoom-arm.yml # Zoom for Windows (ARM)
- path: ../lib/windows/software/zoom.yml # Zoom for Windows (x86)
- path: ../lib/windows/software/google-chrome.yml # Google Chrome for Windows
- path: ../lib/windows/software/google-chrome-arm.yml # Google Chrome for Windows (ARM)
- path: ../lib/windows/software/1password.yml # 1Password for Windows
app_store_apps:
- app_store_id: '803453959' # Slack Desktop