Skip to main content

Hey there,



I edited a /bin/bash script that automatically checks the devices uptime and tells the user to restart his computer after 2weeks uptime (with the help of https://www.jamf.com/jamf-nation/discussions/17336/user-has-not-restarted-in-x-number-of-days)



The following part generates the ""jamf" wants access to control "system events"" message for end users:



#!/bin/bash



# Discover logged in user

user=`stat -f%Su /dev/console`



#Execute code as logged in user (instead of root)

sudo -u $user /usr/bin/osascript <<-EOF



tell application "System Events"

    activate

    set question to display dialog "The device has not been restared for [...]"

with title "RESTART YOUR COMPUTER" buttons {"Shut Down", "Restart", "Cancel"} ¬

cancel button "Cancel" with icon caution

    set answer to button returned of question

    if answer is equal to "Shut Down" then

        tell application "System Events"

            shut down

        end tell

    end if

    if answer is equal to "Restart" then

        tell application "System Events"

            restart

        end tell

    end if

    if answer is equal to "Cancel" then

        return

    end if

end tell

EOF

exit 0

fi


I already read the thread (https://www.jamf.com/jamf-nation/discussions/30388/loginwindow-wants-access-to-control-system-events) but couldn't find the solution there.
The issue seems to be the tell / end tell statement but I can't find a way to change the script.
I tried several PPPCs and gave JAMF access to Accessibility, System Events and everything else that's required.



The script itself works fine.
Can someone help me out here?



@GabePPS wrote:

Yea, unfortunately it still doesnt seem to work for me.  I think its all related to accessibility which cant get the same path for osascripts.  At one point with @Bol hints, I was able to have the jamf wants access message suppressed but then it popped the accessibility message for osascript.  So I never got them both working together and its because my script wants to type info in the keyboard which Apple really does't want anything to do anymore lol.

@GabePPS Well, if you haven't given up on your Apple Script dreams yet.. It's just been acknowledged in testing so hopefully next major release, you could be back in business! 

  • Resolves an issue where PPPC payloads for Accessibility and AppleEvents do not suppress user approval prompts.

I believe this is in regard to an open radar i got escalated up the the MacOS security team.  (Or at least id like to think I had something to do with it lol.)

Apparently they listen when someone brings up issues listed as "security related" lol.

@Bol Actually I just got confirmation that Apple did fix this bug per my escalation from my SE.  They are asking me to test it...so now i need to get a machine on the beta and test my enrollment!

@Bol Actually I just got confirmation that Apple did fix this bug per my escalation from my SE.  They are asking me to test it...so now i need to get a machine on the beta and test my enrollment!


@GabePPS wrote:

I believe this is in regard to an open radar i got escalated up the the MacOS security team.  (Or at least id like to think I had something to do with it lol.)

Apparently they listen when someone brings up issues listed as "security related" lol.

Well it's security related x 1000 from now on then. :D

Honestly though, it's to do with their Transparency, Consent, and Control security and has been bugged for a length of time now, it's a great thing finally been acknowledged, worked on and hopefully resolved.


Kudos to you for the radar rocket sent and let us know as soon as you've had the chance to test with your results! 

@Bol Actually I just got confirmation that Apple did fix this bug per my escalation from my SE.  They are asking me to test it...so now i need to get a machine on the beta and test my enrollment!


@GabePPS Very curious about your results after your test, how did things go?

Any news here? I still try to figure out how to fix this

What are you trying to fix, it was mentioned Apple did sort the system events bug filed by @GabePPS 

https://community.jamf.com/t5/jamf-pro/quot-jamf-quot-wants-access-to-control-quot-system-events-quot/m-p/267613/highlight/true#M245041

 

As I have tested this since Apple told me it was fixed, it still seems to be broken

I was going to post here last night it seems to be working for me. Very buggy getting there and I found whitelisting the binary worked better, somehow.
I wrote a script on login / self service that launches Safari homepage / MS SSO dialogue box, then pre fill the users email address and hits enter. There are other profiles at play though, I haven't yet pulled what I think is not needed to see if it breaks it yet.

 

Reply


Terms & ConditionsCookie settings