Show VPN on the Menu Bar

ShaunRMiller83
Contributor III

It took me a long time to find this code so I figured I would share it.

To enable the option to "Show VPN on the Menu Bar" I used the code below.

defaults write com.apple.systemuiserver menuExtras -array-add "/System/Library/CoreServices/Menu Extras/vpn.menu"

killall SystemUIServer -HUP

48 REPLIES 48

hcodfrie
Contributor

Nice one

chriscollins
Valued Contributor

Nice. Another way that we usually employ in scripts is to simply do an 'open <path to menu item>' and it will add it to the menu bar for the user.

ShaunRMiller83
Contributor III

@chriscollins][/url

I had tried doing it that way, but found it wasn't working consistently for me, but the command I posted was working every time. I guess its a case of more than one way to skin a cat.

Thanks
Shaun

chriscollins
Valued Contributor

@ShaunM9483 I totally agree. Your way is definitely guaranteed to be consistent and is what I think I'll use going forward. Thanks for posting :)

wmateo
Contributor

@ShaunM9483 how do you get this for all users? user template?

ShaunRMiller83
Contributor III

@wmateo

We have moved away from this method in favor of a config profile we converted from an MCX.

When we were using this we ran a policy scoped to our laptops which was enforced at check in - once per user and also had a self service policy for this as well set to on-going. We added the command above to the advance menu in the policy to enable the VPN menu bar on machines.

Hope this helps Shaun

bentoms
Release Candidate Programs Tester

FWIW, we deploy the above to a smart group with criteria "Model is like MacBook" via a Config profile.

sidhu_navdeep
New Contributor

Hi, I tried running below commands manually but it is still not adding VPN icon in menu bar. Mac OS is 10.9.5

defaults write com.apple.systemuiserver menuExtras -array-add "/System/Library/CoreServices/Menu Extras/vpn.menu"

killall SystemUIServer -HUP

Anything which I'm missing here?

Thanks

sidhu_navdeep
New Contributor

I tried running below command & it is working just fine.

open "/System/Library/CoreServices/Menu Extras/vpn.menu"

However I'm bit confused from above replies that this command is not consistent enough.
Please suggest

davidacland
Honored Contributor II
Honored Contributor II

Hi,

Using the open command is only likely to work if the user is logged in. As its not writing a preference key I don't think it would stick if the Mac was rebooted or the user logged out.

I would recommend using a custom configuration profile to set this one.

sidhu_navdeep
New Contributor

Hi,

Thanks for your reply. Please can you guide me how to use/configure a custom configuration profile to set this option. If there is any article/forum for this then it would be a great help. Thanks again.

davidacland
Honored Contributor II
Honored Contributor II

Hi @sidhu_navdeep,

I've added a config profile to the public part of our Github: https://github.com/amsysuk/public_config_profiles

You can upload it straight into your JSS. Just test it out before you scope to all devices, in case it doesn't do what you need!

justinrummel
Contributor III

Just posted this as I've noticed couple of VPN questions lately, hope it helps:

https://www.justinrummel.com/using-mcxtoprofile-with-the-casper-suite-for-advanced-configuration-pro...

- Justin

sidhu_navdeep
New Contributor

Thank you Justin for this wonderful article. Much appreciated.

I've just one quick question - I hope it will not remove the icons (battery, keyboard etc.) which are already showing in Menu bar because my requirement is to just add VPN icon in menu bar.

Thanks again!

justinrummel
Contributor III

@sidhu_navdeep I'm not sure. On my video at the bottom of the page I did not have battery/keyboard menu items enabled when deployed.

You'll need to test. Also, a Byhost file gets created when changing Menu Items manually:

justinrummel@Rummel-MBPr ~/D/G/jr.com-hpstr> defaults read ~/Library/Preferences/ByHost/com.apple.systemuiserver.0A64FD5C-7634-5BE4-B298-42354ED1FCE7.plist
{
    dontAutoLoad =     (
        "/System/Library/CoreServices/Menu Extras/Clock.menu",
        "/System/Library/CoreServices/Menu Extras/Battery.menu",
        "/System/Library/CoreServices/Menu Extras/AirPort.menu"
    );
}

davidacland
Honored Contributor II
Honored Contributor II

Hi @sidhu_navdeep, did the config profile not work?

sidhu_navdeep
New Contributor

Hi David,

The config profile shared by you did work but unfortunately it removed battery & keyboard icon from the menu bar. Any idea how can we retain these icons because I'm sure these icons might be already enabled by end users.

davidacland
Honored Contributor II
Honored Contributor II

Have you tried setting the key at the top from "Forced" to "Set-Once"? that is a bit more of a gentle approach.

sidhu_navdeep
New Contributor

I'm sorry...how do I do that? Where is the option?

davidacland
Honored Contributor II
Honored Contributor II

Just towards the top of the text in the mobileconfig file it should say <key>Forced</key>. Try it as <key>Set-Once</key> instead.

sidhu_navdeep
New Contributor

Ah ok, thanks :-)
I'll give it a shot & share the feedback on Monday. Have a great weekend!

sidhu_navdeep
New Contributor

Hi David,

I tried modifying mobileconfig file however when I try to upload the updated file, it is not allowing me to save because Property List File is missing. When I try uploading your original file, it gets uploaded without any problem. How can I resolve this please?
Sorry for all this trouble as I don't know much about this Casper/Mac & I'm learning the stuff here.

Thanks

davidacland
Honored Contributor II
Honored Contributor II

Hi, it sounds like the file is getting corrupted. What are you using to edit it?

sidhu_navdeep
New Contributor

Hi David,

Sorry I was pulled away by an urgent issue & could not respond. I managed to change the settings i.e. Set-Once however it is still removing battery & keyboard icons from the menu bar.

I tried to set this up via Managed Preferences (user level enforced) but it is also not getting applied properly.

Any further suggestions, please?

Thanks for all your help.

bpavlov
Honored Contributor

@justinrummel I found the same things you did as well. However, I'm doing this in 10.10.4, and weirdly enough I cannot get both the Status AND Time to be checked. It's the weirdest thing.

I also noticed that if you had the VPN.menu after the Clock.menu in the com.apple.systemuiserver.plist that it would actually show up between the clock and spotlight which is a really strange place to have it.

So here's what I ended up with in my mobileconfig file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>PayloadContent</key>
            <dict>
                <key>com.apple.networkConnect</key>
                <dict>
                    <key>Forced</key>
                    <array>
                        <dict>
                            <key>mcx_preference_settings</key>
                            <dict>
                                <key>VPNShowStatus</key>
                                <true/>
                                <key>VPNShowTime</key>
                                <true/>
                            </dict>
                        </dict>
                    </array>
                </dict>
            </dict>
            <key>PayloadEnabled</key>
            <true/>
            <key>PayloadIdentifier</key>
            <string>MCXToProfile.18a8b2bf-ff46-4265-973a-30e6364a8359.alacarte.customsettings.7fdcc843-9f91-43e2-9135-797633c7a202</string>
            <key>PayloadType</key>
            <string>com.apple.ManagedClient.preferences</string>
            <key>PayloadUUID</key>
            <string>7fdcc843-9f91-43e2-9135-797633c7a202</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
        <dict>
            <key>PayloadContent</key>
            <dict>
                <key>com.apple.systemuiserver</key>
                <dict>
                    <key>Forced</key>
                    <array>
                        <dict>
                            <key>mcx_preference_settings</key>
                            <dict>
                                <key>menuExtras</key>
                                <array>
                                    <string>/System/Library/CoreServices/Menu Extras/VPN.menu</string>
                                    <string>/System/Library/CoreServices/Menu Extras/Clock.menu</string>
                                </array>
                            </dict>
                        </dict>
                    </array>
                </dict>
            </dict>
            <key>PayloadEnabled</key>
            <true/>
            <key>PayloadIdentifier</key>
            <string>MCXToProfile.18a8b2bf-ff46-4265-973a-30e6364a8359.alacarte.customsettings.c4291a15-49fd-42cf-a849-2ea1f62a0d27</string>
            <key>PayloadType</key>
            <string>com.apple.ManagedClient.preferences</string>
            <key>PayloadUUID</key>
            <string>c4291a15-49fd-42cf-a849-2ea1f62a0d27</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Included custom settings:
com.apple.networkConnect
com.apple.systemuiserver
</string>
    <key>PayloadDisplayName</key>
    <string>Company - OS X VPN Menu</string>
    <key>PayloadIdentifier</key>
    <string>OS X VPN Menu</string>
    <key>PayloadOrganization</key>
    <string>Company</string>
    <key>PayloadRemovalDisallowed</key>
    <true/>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>18a8b2bf-ff46-4265-973a-30e6364a8359</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

Can you confirm whether your mobileconfig works in 10.10.4?

justinrummel
Contributor III

@bpavlov Sorry, I'm no longer in Mac Administration. I haven't tested/debug this since the beginning of this year.

bpavlov
Honored Contributor

@justinrummel Thanks for responding! Just read your blog post on that. Hope the new job is treating you well. I did manage to copy your profile and it works so it gives me something further to look at now.

bpavlov
Honored Contributor

After a little bit of testing it seems the difference that allows both ShowStatus and ShowTime to work is in the frequency. If you set it to ONCE rather than ALWAYs, it works fine. Weird, I know. I also found you can take out some pieces out of the com.apple.systemuiserver.plist

com.apple.networkConnect.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>VPNShowStatus</key>
    <true/>
    <key>VPNShowTime</key>
    <true/>
</dict>
</plist>

com.apple.systemuiserver.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>menuExtras</key>
    <array>
        <string>/System/Library/CoreServices/Menu Extras/VPN.menu</string>
    </array>
</dict>
</plist>

Profile:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>PayloadContent</key>
            <dict>
                <key>com.apple.networkConnect</key>
                <dict>
                    <key>Set-Once</key>
                    <array>
                        <dict>
                            <key>mcx_data_timestamp</key>
                            <date>2015-08-06T21:33:07Z</date>
                            <key>mcx_preference_settings</key>
                            <dict>
                                <key>VPNShowStatus</key>
                                <true/>
                                <key>VPNShowTime</key>
                                <true/>
                            </dict>
                        </dict>
                    </array>
                </dict>
            </dict>
            <key>PayloadEnabled</key>
            <true/>
            <key>PayloadIdentifier</key>
            <string>MCXToProfile.72daecd7-dac9-4bdb-b62a-a3e2d4b9523f.alacarte.customsettings.afb7ef3c-580a-416e-baa6-78493ff9e507</string>
            <key>PayloadType</key>
            <string>com.apple.ManagedClient.preferences</string>
            <key>PayloadUUID</key>
            <string>afb7ef3c-580a-416e-baa6-78493ff9e507</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
        <dict>
            <key>PayloadContent</key>
            <dict>
                <key>com.apple.systemuiserver</key>
                <dict>
                    <key>Set-Once</key>
                    <array>
                        <dict>
                            <key>mcx_data_timestamp</key>
                            <date>2015-08-06T21:33:07Z</date>
                            <key>mcx_preference_settings</key>
                            <dict>
                                <key>menuExtras</key>
                                <array>
                                    <string>/System/Library/CoreServices/Menu Extras/VPN.menu</string>
                                </array>
                            </dict>
                        </dict>
                    </array>
                </dict>
            </dict>
            <key>PayloadEnabled</key>
            <true/>
            <key>PayloadIdentifier</key>
            <string>MCXToProfile.72daecd7-dac9-4bdb-b62a-a3e2d4b9523f.alacarte.customsettings.7da2b7cd-1d11-4442-a059-4c8f56cd602a</string>
            <key>PayloadType</key>
            <string>com.apple.ManagedClient.preferences</string>
            <key>PayloadUUID</key>
            <string>7da2b7cd-1d11-4442-a059-4c8f56cd602a</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Included custom settings:
com.apple.networkConnect
com.apple.systemuiserver
</string>
    <key>PayloadDisplayName</key>
    <string>Company - OS X VPN Menu</string>
    <key>PayloadIdentifier</key>
    <string>OS X VPN Menu</string>
    <key>PayloadOrganization</key>
    <string>Company</string>
    <key>PayloadRemovalDisallowed</key>
    <true/>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>72daecd7-dac9-4bdb-b62a-a3e2d4b9523f</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

Very interesting results to say the least. It seems that in certain cases ONCE will do what you need it to do instead of trying to force it ALWAYS.

mjohnston
New Contributor

Hi all,
I have added the following syntax to a script
defaults write com.apple.systemuiserver menuExtras -array-add "/System/Library/CoreServices/Menu Extras/vpn.menu"

killall SystemUIServer -HUP

In testing I can see if empties and then repopulates the menu bar but without the VPN icon.

If I manually run the /System/Library/CoreServices/Menu Extras/vpn.menu file from the macbook it will add but I cannot for the life of me automate this process.

Anyone have any suggestions?

Thanks,
Matt

chrisbju
New Contributor III

@mjohnston Seeing the same issue here. :/

chrisbju
New Contributor III

Worked great with mcxToProfile :D

rstasel
Valued Contributor

Sorry to revive this ancient topic, but has anyone gotten this to work with 10.11? I tried @justinrummel's mobileconfig, but nada. =/

Chris_Hafner
Valued Contributor II

I've done this in two different ways. First, I'll just say that it did take me quite a bit of research last year. In these solutions, I'm going to skip talking about the profile and only talk about the menu extra item. Suffice to say that I am manually downloading a .mobileconfig to the /tmp directory and then applying it. Early in the process I tried the following:

#!/bin/sh
#!/bin/bash

loggedInUser=$(ls -l /dev/console | awk '{print $3}')

## Loads the Staff VPN profile
/usr/bin/profiles -I -F /private/tmp/VPN.mobileconfig

defaults write /Users/$loggedInUser/Library/Preferences/com.apple.systemuiserver menuExtras -array-add "/System/Library/CoreServices/Menu Extras/vpn.menu"

## Fix the permissions
chown "$loggedInUser" "/Users/$loggedInUser/Library/Preferences/com.apple.systemuiserver.plist"

killall SystemUIServer -HUP

exit 0

Unfortunately, the process did not reliably get the actual VPN menu extra to appear immediately and reliably. A restart of the system fixed this, but I figured that it wasn't a good way to go. Also, in tests a user could inadvertently cause multiple VPN menu items to appear by repeatedly applying the policy. So, with that attempt under my belt, and a lot more research (i.e. borrowing) of things I found here on the 'Nation', I came up with the following after having decided that I wanted to take a look at everything that I wanted in the menu bar:

#!/bin/sh
#!/bin/bash

## Loads the Student VPN profile
/usr/bin/profiles -I -F /private/tmp/VPN.mobileconfig

PreferredMenuExtras=(
"/System/Library/CoreServices/Menu Extras/AirPort.menu"
"/System/Library/CoreServices/Menu Extras/Battery.menu"
"/System/Library/CoreServices/Menu Extras/Bluetooth.menu"
"/System/Library/CoreServices/Menu Extras/Clock.menu"
"/System/Library/CoreServices/Menu Extras/VPN.menu"
)

currentUser=$( ls -l /dev/console | awk '{print $3}' )
userHome=$( dscl . read /Users/$currentUser NFSHomeDirectory | awk '{print $NF}' )

MenuExtras=$( defaults read "$userHome/Library/Preferences/com.apple.systemuiserver.plist" menuExtras | awk -F'"' '{print $2}' )

for menuExtra in "${PreferredMenuExtras[@]}"; do
    menuShortName=$( echo "${menuExtra}" | awk -F'/' '{print $NF}' )
    if [[ $( echo "${MenuExtras}" | grep "${menuExtra}" ) ]]; then
        echo "Menu Extra "${menuShortName}" present"
    else
        echo "Menu Extra "${menuShortName}" not in plist. Opening..."
        open "${menuExtra}"
    fi
done

exit 0

Someone could probably point out what I missed on the first attempt, but it works and it works well. Additionally, I apologize for my inconsistency in variable naming conventions.

mjohnston
New Contributor

@staze I use the following single line script which will enable VPN status in menu bar regardless of weather or not you have a VPN configuration.

open "/System/Library/CoreServices/Menu Extras/vpn.menu"

I have this script run via policy, once per day on all laptops.

My VPN connections are pushes as a Config Profile.

This method has worked flawlessly across 10.10 and 10.11

Chris_Hafner
Valued Contributor II

@mjohnston ... well that was simple. I like it!

ruyrybeyro
New Contributor

Hi...has anyone succeed into showing VPN in the menu bar with menuconfig? I am following the suggestions for the xml file, and it is not working.

ncworster
New Contributor III

@mjohnston Awesome! This worked great for me.

steve_summarell
New Contributor

@mjohnston works well with Mojave and Sierra. Only other item that would be beneficial is to set "Show Time Connected" using a script as well. This is a great visual to show people if they are or not connected to the VPN.

beemanaged
New Contributor II

@steve.summarell I found the preference for Show Time Connected. And I was able to change it once via terminal on Mojave but could not replicate it again even on another machine.

This will show you the value for VPNShowTime

defaults read com.apple.networkconnect

I have tried changing this value several times and while I can get the value to change ( defaults write com.apple.networkconnect VPNShowTime 1 ), it doesn't seem to actually take effect. Maybe someone else has an idea of why.

EDIT:

Figured out it was because the c in com.apple.networkconnect was not capitalized. It works if you capitalize it.

defaults write com.apple.networkConnect VPNShowTime 1; killall SystemUIServer

It only appears to work locally for some reason though and not as a policy.