-
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Change Log
118 lines (90 loc) · 7.17 KB
/
Change Log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
Change log of feature updates and improvments
# macLAPS - v2.3.1
# macLAPS Decoder - v2.3.3
## Debug mode
Debug mode has now been added. This allows the script to be run in debug mode for troubleshooting purposes. The script will echo out a number of extra items to the logs that usually are used behind the scenes. Passwords WILL NOT be echoed out.
## BugFix
Curl command for reading and writting the Secret Key has been updated to avoid potentially searching for similar named extension attributes.
# macLAPS Decoder - v2.3.2
## View order changed
The order of the dropdown box and text fields has now been reordered with the dropdown at the top of the window and the text fields at the bottom.
# macOSLAPS Decoder - v2.3.1
## Cloud branding bug
An issue was found with the cloud branding icons and banner image. This has now been fixed.
## LaunchDaemon always created
The LaunchDaemon to kick of the password reset was found to always be created even if a time had not been set. This has now been fixed to only be created if a time has been set to reset the password once viewed.
# macOSLAPS - v2.3
## Teams Integration added
Support for Teams webhooks has now been added and notification can be sent to either Teams, Slack or both.
## Media items moved to cloud
Icons and banner images have all now been moved to cloud storage so there is no longer a need to install the branding package.
## Slack Notification changes
Some changes have been made to the slack notification to bring them inline with the new Teams notifications.
# macOSLAPS - v2.2.4
## New log method
Logging has been adjusted to reduce the size of the script. No log information has been removed though and full logging is still available.
## Active Session check
A check has been added to the script to make sure the LAPS account doesn't have an active session before resetting the password.
## Support for device names with special charaters
Support has been added for device names with spaces and special characters. For example a space in a name with now be changed to %20
## Decode the password via Hostname or Serial number
Support has been added to retrive the LAPS password using either the serial number or Hostname of the device.
# macOSLAPS - v2.2.3
## New password rotation control
New functionality has been added to set a time (in minutes) to reset the LAPS password after it is viewed from the decoder script. This is controlled via a launch daemon which is created once the decoder app has run and is cleaned up after the creat & cycle script has been run.
## Password automatically copied to clipboard
Once the password is viewed in the decoder app it will automatically be copied to the clipboard to avoid missing the password or copying it incorrectly.
## Removed reset password Policy
One the password is viewed it is now cycled via a launch daemon. Now there is no need for the additional reset password extension attribute, smart group or 4th Policy. This streamlines the LAPS process and removes additional setup sets.
# macOSLAPS - v2.2.2
## Additional Error Checking added
Additional checks have been added to the script to check for previous failures and to clean up any existing LAPS logs and LAPS accounts which could cause issues during setup or cycling the password.
# macOSLAPS - v2.2.1
## Check for existing duplicate admin account
A failsafe has been put in to stop the creation of the LAPS account if an existing account exists with the same name on first run.
# - Password validation
Password validation has been added to the password reset section of the script. The script will now error out if password validation fails.
# - Decoder script now manages the installation and validation of Swift Dialog
You no longer have to install the LAPS.pkg to install the branding and Swift Dialog app. This is now done using automated script functions to validate the installation and version of Swift Dialog.
# macOSLAPS - v2.2
# - Require Device name and Reason
Device name is now a requirement of the decryption app along with a reason for viewing the password. These are all passed to the LAPS log along with the user requesting the password.
# - Fixed bug in escrow check
A bug was found that gave false positive results when either the CryptKey or SecretKey had failed to upload. This has now been fixed.
# - LAPS pkg updated
Generic branding was found to be the wrong image. This has now been fixed.
# - Slack WebHook intergration added (Thanks to https://github.com/ons-mart for the idea)
Both the Creation and Decryption scripts now have the option to add in a Slack webHooks app which will provide notifications and log info directly into a slack channel.
# macOSLAPS - v2.1
# - Cycle Password once viewed
You can now specify if the LAPS Password should be reset after being viewed. If set, the password will be reset at the next reboot from the reset Password policy.
# macOSLAPS - v2
# - API Calls rewritten
API calls for reading and writting to the extension attributes have been rewritten to free up JAMF Variables. General rewritting of API calls has also been done.
# - Additional Logs added
Additional logging has been added which creates a local log of the LAPS Setup process and shows any errors. There is also a log kept form the decryption app to view who has requested the LAPS password.
# - Decryption App Updated
The Decryption app has been updated to use swift Dialog which gives the user a nicer interface to request and view the LAPS password.
# - Password complexity added
You can now specify the length of the admin password and whether it has to contain a special character.
# - Cycle Password once viewed (**CURRENTLY ONLY WORKS IF PASSWORD IS VIEWED ON DEVICE TO BE RESET**)
You can now specify if the LAPS Password should be reset after being viewed. If set, the password will be reset at the next reboot.
# - Extension attribute names
The names of the extension attributes can no longer be set to any name. They must now be "LAPS CryptKey" and "LAPS Secret".
# macOSLAPS - v1.4
# - Account creation simplified
Account creation has be changed to use the sysadminctl command which simplifies the account creation process.
# - LAPS Account Hanging at log in issue resolved
An issue had come to my attention that the LAPS account would hang at log in. This has been resolved now by suppressing the setup assistant at first log in.
# macOSLAPS - v1.3
# - Temporary local storage of encrypted password and encryption secret removed
Local files are no longer created containing the variables for later use.
# - K flag removed from curl calls
The -k flag has been removed from all curl calls to help prevent MITM Attacks.
# macOSLAPS - v1.2
# - API access updated to use barer token
Encrypted API credentials will need to be provided as a variable in Jamf.
# - Decryption password no longer needed
You no longer need to set a known password to use as the decryption key. This is now randomised and encrypted and then automatically pulled from Jamf during the decryption process.
# - Use of second extension attribute added to manage random decryption secret
New Extension attribute added to store the encrypted decryption secret.