Jamf Nation Community

ajamfadmin1810 · ‎03-24-2022

Hello all

I am running into an issue where some machines do not have Securetoken, I have a script that seems to be working with M1 machines but not Intel machines. I tried uploading the script but it didn't show up right so its posed below

Script to assign SecureTokens:

START OF SCRIPT

#!/bin/bash

#######################
###Admin credentials###
#######################
adminUser=$4
adminPassword=$5

##############################################################
###This will store the logged in user's name to a variable.###
##############################################################
userName=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");')

##############################################################################
###This will prompt the user for their password and store it in a variable.###
##############################################################################
userPassword=$(osascript -e '
tell application "Finder"
display dialog "Please enter your Computer password." with hidden answer default answer ""
set userPassword to the (text returned of the result)
end tell')

#####################################################################################################
###Store the output of the sysadminctl command into a variable to use it for error handling later.###
#####################################################################################################
output=$(sudo sysadminctl -adminUser "$adminUser" -adminPassword "$adminPassword" -secureTokenOn $userName -password $userPassword 2>&1)

######################################################################################################
###Error handling to see if the password entered is the same password used to log into the machine.###
######################################################################################################

##########################################################################################
###Searches for the output "Done". If this exist then the sysadminctl command will run.###
##########################################################################################
if [[ $output == *"Done"* ]]; then
############################################################################################################################
###Command used to provide the user a secureToken. The admin user must have a secure token or this command will not work.###
###You can always check the JAMF policy logs to see if the user is experiencing an issue.###################################
############################################################################################################################
sysadminctl -adminUser "$adminUser" -adminPassword "$adminPassword" -secureTokenOn $userName -password $userPassword

##############################
###GUI dialog for the user.###
##############################
title='MacOS Secure Token'
osascript -e "display dialog \"SecureToken has been assigned!\" buttons {\"OK\"} default button \"OK\" with title \"$title\""
else
##############################
###GUI dialog for the user.###
##############################
title='MacOS Secure Token'
osascript -e "display dialog \"The password entered did not match your password on this computer! Please quit and re-run the Self-Service policy to try again.\" buttons {\"Quit (Your password was not synced!)\"} default button \"Quit (No SecureToken Assigned!)\" with title \"$title\""
fi

END OF SCRIPT

I ran it on 5 M1 machines and it ran successfully and we were able to assign a secure-token to the user. But when I just tried on two intel machines and ran into this error, has anyone seen this error. Or does anyone know of a good way to assign secure-token to M1 and Intel machines

Error: "Script result: 0:274: execution error: Specified button does not exist. (-50)"

ajamfadmin1810 · ‎03-28-2022

Strange, i dont think its the python piece at it just worked for another user. Basically it seems to work only if users get an error first either "You need to be an owner to install software or the FV2 error". Once they see the error it seems they can run this, I tried to be proactive and have some other machines run it and it failed but it shows FV2 being enabled on those machines already. I changed out the python for bash just to be safe.

View solution in original post

ajamfadmin1810 · ‎03-24-2022

Update just failed on an M1 machine with this error

Script result: 30:120: execution error: Finder got an error: AppleEvent timed out. (-1712)
0:274: execution error: Specified button does not exist. (-50)

very weird and inconsistent.

AVmcclint · ‎03-25-2022

When you post your script, could you please use the Insert/Edit code button? That will make it way easier to read.

mainelysteve · ‎03-25-2022

The script also contain a python call to determine the logged in username so depending on the OS version that could be an underlying issue as well.

Instead use :

$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')

ajamfadmin1810 · ‎03-28-2022

Strange, i dont think its the python piece at it just worked for another user. Basically it seems to work only if users get an error first either "You need to be an owner to install software or the FV2 error". Once they see the error it seems they can run this, I tried to be proactive and have some other machines run it and it failed but it shows FV2 being enabled on those machines already. I changed out the python for bash just to be safe.

Jamf Nation Community

Error when running securetoken assign script