Background
We allow our upper-tier TSRs to execute scripts via Casper Remote, but we don't allow them to view the actual scripts in the JSS.
Occasionally, a TSR will execute a script via Casper Remote which I really wish they hadn't, so we came up with an "Authorization Key" for our more impactful scripts.
Concept
Use a Script Parameter to check for some random string of characters before allowing a script to execute.
Implementation & Script
Add an if then else to your script which checks for some random string of characters. If the passed Script Parameter doesn't match, exit; if it does match, proceed.
Casper Remote
The Casper Remote user must enter the correct random string of characters to execute the script. (Authorized JSS admins can easily lookup the random string of characters before adding the script to a policy.)
Script
#!/bin/sh
####################################################################################################
#
# ABOUT
#
# This script will forcibly remove all Configuration Profiles. (Used in preparation to migrate
# a computer from the JAMF Software Server 9.x to the Jamf Pro Server 10.x
#
####################################################################################################
#
# HISTORY
#
# Version 1.0, 08-Sep-2017, Dan K. Snelson
#
####################################################################################################
### Variables
authorizationKey="$4"
# Check for a specified value in Parameter 4
if [ "$authorizationKey" != "rs2y3hng1O8kIsz2GiiAN" ]; then
echo "Error: Incorrect Authorization Key; exiting."
exit 1
else
echo "Removing Configuration Profiles ..."
/bin/rm -Rfv /var/db/ConfigurationProfiles
echo "Configuration Profiles removed."
fi
exit 0Casper Remote Log showing error to Casper Remote user
...
Running script removeProfiles.sh...
Script exit code: 1
Script result: Error: Incorrect Authorization Key; exiting.
Error running script: return code was 1.
...