-->
Question or issue on macOS: I am developping a simple Python application using a PySide2 GUI. It currently works fine in Windows, Linux and Mac. On Windows, I could use PyInstaller and InnoSetup to build a simple installer. Then I tried to do the same thing on Mac. It soon broke, because the system refused. Using launchd Scripts in launchd are triggered by job definitions which are.plist files stored in specific directories. These XML files give the job a name, specify the script that should be launched, and indicate when the script should be run.
There are two basic ways that you, as an administrator, can deploy the OneDrive sync app to Mac users in your organization:
A bit late, but for the record, you just need to specify the absolute path AND add the.plist extension to the filename. If you are running your script in same directory that the plist file, your case would be translated into: defaults write $PWD/YourPlistFilename.plist BundleIsRelocatable -bool false. First, create your program or application using python and then make setup file for your application. And then build the app using build command python setup.py build, according to your requirement you need to make some changes, to make mac bundle or mac app refer this. If the script fails to generate a SSDT then please attach the output of:./ssdtPRGen.sh -d 2 and compressed: /Library/ssdtPRGen/ACPI folder. If you are using processor data from Data/User Defined.cfg then I also need to know what that data is.
Have users install and set up the OneDrive sync app themselves by following the instructions in Sync files with OneDrive on Mac OS X. To install the OneDrive sync app for Mac, a user has to be an administrator on the Mac or know an administrator account name and password.
Download the installer package file to your local network, and then use your software distribution tools to deploy the app to your users. By using a software distribution tool, you have more control over the deployment, including which users get the sync app and when. The OneDrive sync app for Mac uses the Apple Installer technology for installation. This means you can continue to use the software distribution tools that you normally use to deploy software to Mac users. You can use Microsoft Intune. Other common tools are Jamf Pro, Munki, and AutoPkg. You can also use Apple Remote Desktop and AppleScript.
Manage OneDrive settings on macOS using property list (Plist) files
After the OneDrive sync app for Mac is installed, users can configure settings for the app. These settings are called preferences. As an administrator, you might want to provide users in your organization with a standard set of preferences. Preferences for the OneDrive sync app for Mac are stored in preference files. These files are often referred to as .plist files.
| Standalone | Mac App Store | |
|---|---|---|
| PList Location | ~/Library/Preferences/com.microsoft.OneDrive.plist | ~/Library/Containers/com.microsoft.OneDrive-mac/Data/Library/Preferences/com.microsoft.OneDrive-mac.plist |
| Domain | com.microsoft.OneDrive | com.microsoft.OneDrive-mac |
Configure sync app settings
Configure the settings on macOS as follows:
Quit the OneDrive app.
Define the settings you want to change by creating a Plist file with the values, or use a script to set the default values.
Deploy the settings onto the local computer.
Refresh the preferences cache.
On the next start of OneDrive, the new settings will be picked up.
Overview of settings
Use the following keys to preconfigure or change settings for your users. The keys are the same whether you run the standalone or Mac App Store edition of the sync app, but the Plist file name and domain name will be different. When you apply the settings, ensure that you target the appropriate domain depending on the edition of the sync app.
List of settings
AllowTenantList
This setting prevents the users from uploading files to other organizations by specifying a list of allowed tenant IDs. If you enable this setting, the user gets an error if they attempt to add an account from an organization that is not in the allowed tenants list. If the user has already added the account, the files stop syncing. This setting takes priority over Block syncing OneDrive accounts for specific organizations setting. Do NOT enable both settings at the same time.
The parameter for the AllowTenantList key is TenantID and its value is a string which determines the tenants for whom the Allow Tenant setting is applicable. For the setting to be complete, this parameter also requires a boolean value to be set to it. If the boolean value is set to True, the tenant is allowed to sync.
The example for this setting in the .plist file is:
<key>AllowTenantList</key>
<array>
<dict>
<key>TenantId1</key>
<Bool>True</Bool>
<key>TenantId2</key>
<Bool>True</Bool>
</dict>
</array>
AutomaticUploadBandwidthPercentage
This setting enables the sync app to automatically set the amount of bandwidth that can be used for uploading files, based on available bandwidth.
To enable this setting, you must define a number between 1 and 99 which determines the percentage of bandwidth the sync app can use out of the total available bandwidth.
The example for this setting in the .plist file is:
<key>AutomaticUploadBandwidthPercentage</key>
<int>(Bandwidth)</int>
BlockExternalSync
This setting prevents the sync app from syncing libraries and folders shared from other organizations.
If you set the setting's value to True, the users are prevented from syncing OneDrive and SharePoint libraries and folders with organizations other than the user's own organization. Set this value to False or do not enable the setting to allow the OneDrive and SharePoint files to be synced with other organizations also.
The example for this setting in the .plist file is:
<key>BlockExternalSync</key>
<(Bool)/>
BlockTenantList
This setting prevents the users from uploading files to organizations that are included in the blocked tenant IDs list that is specified.
If you enable this setting, the users get an error if they attempt to add an account from an organization that is blocked. If a user has already added an account for a blocked organization, the files stop syncing. This setting does NOT work if you have Allow syncing OneDrive accounts for only specific organizations setting enabled. Do NOT enable both settings at the same time.
You must enable this setting by defining IDs for the TenantID parameter which determines the tenants to whom the block tenant setting is applicable. You must also set the boolean value to True for the ID of every tenant you want to prevent from syncing with the OneDrive and SharePoint files and folders.
Apple Plist Files
Note: In the list, inclusion of the tenant ID alone does not suffice. It is mandatory to set the boolean value to True for the ID of each tenant who is to be blocked.
The example for this setting in the .plist file is:
<key>BlockTenantList</key>
<array>
<dict>
<key>TenantId1</key>
<Bool>True</Bool>
<key>TenantId2</key>
<Bool>True</Bool>
</dict>
</array>
DefaultFolderLocation
This setting specifies the default location of the OneDrive folder for each organization.
The parameters are TenantID and DefaultFolderPath.The TenantID value is a string that determines the tenants to whom the default folder location setting is applicable.The DefaultFolderPath value is a string that specifies the default location of the folder.
The following are the conditions governing the default folder location:-Mac app store: The path must already exist when the user is setting up the sync app.-Standalone: The path will be created (if it doesn't already exist) after the user sets up the sync app. Only with the Standalone sync app you can prevent users from changing the location.
The example for this setting in the .plist file is:
<key>DefaultFolder</key>
<array>
<dict>
<key>Path</key>
<string>(DefaultFolderPath)</string>
<key>TenantId</key>
<string>(TenantID)</string>
</dict>
</array>
DisableHydrationToast
This setting prevents toasts from appearing when applications cause file contents to be downloaded.
If you set the setting's value to True, toasts do not appear when applications trigger the download of file contents.
The example for this setting in the .plist file is:
<key>DisableHydrationToast</key>
<(Bool)/>
DisablePersonalSync
This setting blocks users from signing in and syncing files in personal OneDrive accounts. If this setting has been configured after a user has set up sync with a personal account, the user gets signed out.
If you set the setting's value to True, the users are prevented from adding or syncing personal accounts.
The example for this setting in the .plist file is:
<key>DisablePersonalSync</key>
<(Bool)/>
DisableTutorial
This setting prevents the tutorial from being shown to the users after they set up OneDrive.
If you set this setting's value to True, the tutorial is blocked from being shown to the users after they set up the OneDrive.
The example for this setting in the .plist file is:
<key>DisableTutorial</key>
<(Bool)/>
DownloadBandwidthLimited
This setting sets the maximum download throughput rate in kilobytes (KB)/sec for computers running the OneDrive sync app.
You must set this setting's value to an integer between 50 KB/sec and the maximum rate is 100,000 KB/sec which determines the download throughput in KB/sec which the sync app can use.
The example for this setting in the .plist file is:
<key>DownloadBandwidthLimited</key>
<int>(Download Throughput Rate in KB/sec)</int>
FilesOnDemandEnabled
This setting specifies whether Files On-Demand is enabled.
If you don't set this setting, Files On-Demand will be enabled automatically as we roll out the feature, and users can turn the setting on or off.
If you set this setting to True, FilesOnDemand is enabled and the users who set up the sync app can view the online-only files, by default.
If you set this setting to False, FilesOnDemand is disabled and the users won't be able to turn it on.
The example for this setting in the .plist file is:
<key>FilesOnDemandEnabled</key>
<(Bool)/>
HideDockIcon
This setting specifies whether a dock icon for OneDrive is shown.
If you set this setting's value to True, the OneDrive dock icon is hidden even if the app is running.
The example for this setting in the .plist file is:
<key>HideDockIcon</key>
<(Bool)/>
HydrationDisallowedApps
This setting prevents apps from automatically downloading online-only files. You can use this setting to lock down apps that don't work correctly with your deployment of Files On-Demand.
To enable this setting, you must define a string in JSON format as described below:[{'ApplicationId':'appId','MaxBundleVersion':'1.1','MaxBuildVersion':'1.0'}]
'appID' can be either the BSD process name or the bundle display name. 'MaxBuildVersion' denotes the maximum build version of the app that will be blocked. 'MaxBundleVersion' denotes the maximum bundle version of the app that will be blocked.
The example for this setting in the .plist file is:
<key>HydrationDisallowedApps </key>
<string> [{'ApplicationId':'appId','MaxBundleVersion':'1.1','MaxBuildVersion':'1.0'}, {'ApplicationId':'appId2','MaxBundleVersion':'3.2','MaxBuildVersion':'2.0'}]</string>
<(Bool)/>
OpenAtLogin
This setting specifies whether OneDrive starts automatically when the user logs in.
If you set this setting's value to True, OneDrive starts automatically when the user logs in on Mac.
The example for this setting in the .plist file is:
<key>OpenAtLogin</key>
<(Bool)/>
SharePointOnPremFrontDoorUrl
This setting specifies the SharePoint Server 2019 on-premises URL that the OneDrive sync app must try to authenticate and sync against.
To enable this setting, you must define a string containing the URL of the on-premises SharePoint Server.
The example for this setting in the .plist file is:
<key>SharePointOnPremFrontDoorUrl</key>
<string>https://Contoso.SharePoint.com</string>
SharePointOnPremPrioritizationPolicy
This setting determines whether or not the client should set up sync for SharePoint Server or SharePoint in Microsoft 365 first during the first-run scenario when the email is the same for both SharePoint Server on-premises and SharePoint in Microsoft 365 in a hybrid scenario.
If you set this setting's value to 1, it is an indication that OneDrive should set up SharePoint Server on-premises first, followed by SharePoint in Microsoft 365.
The example for this setting in the .plist file is:
<key>SharePointOnPremPrioritizationPolicy</key>
<int>(0 or 1)</int>
SharePointOnPremTenantName
This setting enables you to specify the name of the folder created for syncing the SharePoint Server 2019 files specified in the Front Door URL.
If this setting is enabled, you can specify a TenantName which is the name the folder will use in the following convention:
OneDrive – TenantName (specified by you)
TenantName (specified by you)
If you do not specify any TenantName, the folder will use the first segment of the FrontDoorURL as the its name. For example, https://Contoso.SharePoint.com will use Contoso as the Tenant Name in the following convention:
OneDrive – Contoso
Contoso
The example for this setting in the .plist file is:
<key>SharePointOnPremTenantName</key>
<string>Contoso</string>
UploadBandwidthLimited
This setting defines the maximum upload throughput rate in KB/sec for computers running the OneDrive sync app.
To enable this setting, set a value between 50 and 100,000 which is the upload throughput rate the sync app can use.
The example for this setting in the .plist file is:
<key>UploadBandwidthLimited</key>
<int>(Upload Throughput Rate in KB/sec)</int>
You can also configure the OneDrive Standalone sync app to receive delayed updates.
| PList Location | Domain |
|---|---|
| ~/Library/Preferences/com.microsoft.OneDriveUpdater.plist | com.microsoft.OneDriveUpdater |
| Setting | Description | Parameters | Example Plist Entry |
|---|---|---|---|
| Tier | Defines the update ring for the computer | UpdateRing (String): This parameter has two different values. Production - The default update ring for OneDrive updates. Insiders - This update ring receives updates that are 'pre-production' and that allow you to play with features before they are released. Note that builds from this ring may be less stable. Enterprise - This update ring (now called 'Deferred') receives updates after they have been rolled out through the Production ring. It also lets you control the deployment of updates. For more information about the update rings and the procedure used by the sync app for checking for updates, see The OneDrive sync app update process. | <key>Tier</key> <string>(UpdateRing)</string> |
The other day at work someone asked me if there was some way to have OS X run an rsync command to an external drive whenever it was plugged in. Well, given that we were talking about Mac OS 10.4, it was easy to answer. Of course you can do that.
Why would anyone want to do that? Well, when he plugged in the external drive, he wanted it to immediately start backing up his data to the disk, instead of having to type a command or run a script manually. No problem my friend, OS X can accommodate you!
New in 10.4 is a system daemon called launchd. Launchd is Apple’s replacement for a number of *NIX daemons that are typically used for launching system services at boot time or on demand after system launch. Launchd, although a work in progress, is extremely powerful. Process ID 1 in the system is in fact launchd. It’s always running, and always watching.
Launchd gets its configuration information for an agent or daemon from a Property List file (plist). Examples of plist files used by launchd for the system are located in:
/System/Library/LaunchDaemons (admin level system daemons)
/System/Library/LaunchAgents (admin level user agents)
At the user level, you can run launchd processes in user space in a number of ways. You can use launchctl (man launchctl) from the command line. Or you can create your own plist file and place it in a special location for launchd to use when you log in by creating the equivalent “Launch” directories in ~/Library (the /System/Library folders are typically where system admins place global configuration files). Alternatively, you can add the command to a $HOME/.launchd.conf file that you can create and modify (again, the launchctl man page has more information).
The plist file contains information that launchd is going to use to figure out exactly what it’s supposed to do. It could perform a system task or run a custom script.
Ok, enough blabbing, let me illustrate with an example geared toward the request from my co-worker. It’s easier to understand that way. The example assumes you have a firewire/usb external drive to attach to your system.
Basic Setup
1) In terminal cd to ~/Library
2) If you don’t have a LaunchAgents directory create one:
3) While you are at it create a folder called Scripts
Remember, at login, launchd will scan the contents of the ~/Library/LaunchAgents folder for plist files to process. Once you put one in there launchd will take over for you everytime you log in.
Property List
1) Launch Terminal.app and in the terminal cd into ~/Library/LaunchAgents and issue the following commands:
2) With the new file open in TextEdit add the following content to it:
Let’s go over this as a lot of important stuff is here. All of the important information is between the dictionary statements (<dict></dict>).
This is a unique identifier that launchd will use when it loads up the plist file (once launchd loads a configuration file you can issue “launchctl list” at the command line to see what tasks it is monitoring. This is the string it will report). Make this string meaningful, as it’s the quickest way to tell what a launchd command is designed to do.
Since we are doing file IO, and we may need to use the computer for something more important like…playing online Poker, we want to minimize the system resources diverted to the backup. This is entirely optional.
This tells launchd what program we want it to….well launch.
The program arguments are important. The first argument listed is always the program itself. If you want to pass in additional arguments, you simply add more <string></string> statements between the array delimiters.
Finally we tell launchd what we want to use as a trigger for launching the script. In this example we are telling it to watch the path /Volumes. Why? Well anytime we mount a device on the file system a link is placed in /Volumes. From this point on, launchd knows to watch /Volumes for ANY changes. If it detects a change it will then launch the backup script (our “program”). Again, you can add multiple paths for it to watch by adding path strings between the array delimiters. You can check the man pages for launchd for more options (man launchd).
The important thing to remember here is that launchd will execute the script regardless of what is added or removed from the /Volumes path. This includes CD/DVD’s, USB devices, disk images, or even if you create a folder in /Volumes. Launchd is powerful, but it’s stupid (for now). So we need to build some smarts into our program (or script in this case) to make sure the script does the right thing.
Script
I’m going to create a tcsh script for this example. If you are more comfortable
with bash (or even AppleScript), you can convert this example to those forms as well.
1) In Terminal cd ~/Library/Scripts
2) Copy the following into the document:
Ok. let’s go through this.
These are convenience variables defining what I want to backup (the Expenses folder in /Users/Shared). The volume name (in this case my firewire drive has a volume called BACKUP). And the location on the backup drive I want to backup the Expenses folder to (in this case in a folder called backup). Obviously if your drive is named something else (and the folder to backup is as well), you’ll need to change these lines.
On my PowerBook it takes about 10 seconds from the time I plug in the device and the device is mounted in /Volumes to the time the device is ready to accept modifications (that is, for the device to be capable of being written to). Put another way, launchd won’t launch the script until it sees the device appear in /Volumes. However, it can still take a few seconds before anything can be written to the drive. So this sleep is just a buffer to ensure the device is ready.
This set of instructions is designed to make sure that we don’t try and write to the device during the unmounting stage. Remember launchd will execute this script ANY time a change is made in /Volumes. When we “eject” the disk, launchd will run again. This test is designed to make sure that if we have ejected the volume, rsync won’t copy files directly in the /Volumes directory.
rsync should create the directory structure for us in general, but it’s not bad to make sure it’s already in place. And if it isn’t, make it so.
Finally let’s do the backup.
One optional step is to unmount the disk when process is complete. To do this, you could add the following line:
Register the Script with Launchd
There are two ways to register the script with launchd. From the command line or by simply logging out and then back in. To save some effort let’s register it from the command line:
Edit Plist Mac
Now issue the command:
Script To Generate The Plist For Mac Os
You should see something like this:
Ok. Launchd is aware and ready to go.
Plug in the Drive
Script To Generate The Plist For Mac Shortcut
Once you plug in the drive (and wait ~30 seconds) what you should notice is that the folder (and its contents) you designated to be backed up will begin appearing on the drive at the specified path. Pretty cool huh?
Once the process is complete you can safely eject the disk.
Afterthoughts
Plist Editor Mac Os
The WatchPath directive is very powerful. Imagine you have a folder that you want occasionally dump files into. Maybe those files are data that is being generated by some other program. You can specify to launchd to watch that folder, and whenever data appears there (or any modifications made really) launchd can run a command/script/program to do something with that data. For example, you could have launchd run a script that will convert the data, pass it into a plotting program, generate plots, and then email the plots to you or a colleague. Pretty cool stuff!