Adding a Python Script to JSS

gfawkes
New Contributor II

Is there any documentation about adding a Python script to the JSS?

I have a Python script that takes a couple of parameters that id like to run at login. I have tried to add it but it doesn't seem to work.

So if there is something that covers this from end to end it would be greatly appreciated.

32 REPLIES 32

stevewood
Honored Contributor II
Honored Contributor II

@gfawkes you can find more detailed info in the Casper Admin guide that came with your software. For version 9.65 you'll want to look at pages 317 thru 323.

Basically, if you're adding via the JSS, you add the script via Computer Management -> Scripts. Since you say the script takes a couple of parameters, you can add those on the Options tab. They will be sent to the script by Casper as parameter $4 through $11. On the Options tab, you can give the parameters a label that will help you identify them when adding the script to a policy (or running via Casper Remote).

In your script, you need to change the variables that use the parameters to use $4 through $11 instead. For example, if I had a variable named "myPassword" that read a password pass from the command line, I might make it read $4 and on the policy that I was running the script from, I'd put the password in the Parameter 4 box.

Hopefully that makes sense.

matt4836
Contributor II

I make many of them. Post your script for advice.

What @stevewood was saying Parameter 4 is sys.arg[4] in python. Be sure to have the proper header on the script: #!/usr/bin/python

Also your parameters can not be of the hyphen variety: Myscript.py -this -that other Does not work.

See line 131 in my script here to see an example. Modify Notification Center for Casper

gfawkes
New Contributor II

Thanks both,

I am sure that my problem is that i am not sure how to deal with the parameters in JSS.

Matt, its actually one of your scripts i believe! - changesidebarlists I have changed the Casper_mode to true, but honestly i am not sure what to put in the script parameters for the policy (currently parameter 4 is last and 5 is HOMEDIR), and i have not added any options in computer management / scripts - my understanding is that these are labels and have no functionality but I don't really know. The policy is currently set to run at login and refresh interval and to be ongoing.

Thanks again.

matt4836
Contributor II

@gfawkes There was an issue with that script. I found this week that the JSS passes all parameters blank or not, and my script was not expecting that. The github is updated.

However, the last part that updates the users preferences to reflect the changes does not work when sent from the JSS. I am trying to figure that one out.

If you push the script out in a package and run it directly it should work fine. Not sure why that is. I will spend some time today to figure it out. Thanks for the feedback!

matt4836
Contributor II

@gfawkes After goofing with it all day I was able to get working properly with Casper.
Be sure to use this version

2052246214dc44a8aa65b24adf36d2df

Be sure to change line 2 to True

matt4836
Contributor II

Rename your Parameters

0cee977d18c6410baf1ac46d8dc0c04d

matt4836
Contributor II

Here is adding a item to the last positionb537a201bbd449ebb2a39a66b93141b8

matt4836
Contributor II

Here is moving an item
2ecd557843d744d5b1754bb956a7df9a

matt4836
Contributor II

Here is removing, notice you use the name not path!
0052de411904428e93960ea5e5974d26

gfawkes
New Contributor II

Hi Matt,

This is an exceptional piece of work......

We are a secondary school in the U.K. and you have no idea how much difference this will make. Previously, if you were a teacher instructing your class to save you would have no chance because all the students would see a different sidebar.

As it is, the script is working for us in JSS but i have a couple of observations if you feel like it.....
1) Spaces in the paths - I know you say you have addressed this but i cant seem to add the following path using the JSS:- /volumes/share points/student resources
2) Our desktop and documents folders are redirected and so have alias's in the home area which wont add.

Thanks again Matt, we have noted your request at the top of the script and will see what we can do!

GF.

matt4836
Contributor II

Thank you that is much appreciated!

1) I tested here and mounted volumes with spaces worked fine. Make sure the Volume is mounted first. Are you using a mount script? Perhaps call the sidebar policy after the mount script?

If you do not have one this should work:

!/bin/bash

osascript -e "tell application "Finder" to mount volume "$4""

$4 is the full path to mount "smb://example.com/hosts/share"
If the password is stored in Keychains or if Kerberos is being used it will mount automatically. Other wise the user is prompted.

Then call the policy with a custom trigger, the entire script would look like this:

!/bin/bash

osascript -e "tell application "Finder" to mount volume "$4""
jamf policy -event addHomeToSidebar #or whatever your custom trigger is called.

2) What does your redirect look like? The script could be modified for you environment, Line 34 sets the Homedir variable. Current is reading DSCL for it. If you are redirecting to something like /Volumes/homes/[USERNAME] you can substitute line 34 for:

CURRENT_FINDER_HOMEDIR = "/Volumes/homes/" + CURRENT_FINDER_USERNAME

Hope that points you in the right direction. Let me know if you need further clarification.

gfawkes
New Contributor II

Hi @matt4836 ,

We do have a elaborate mount script. calling your script doesn't seem to work at all - for mounted or non-mounted volumes for some reason when run as root or user.... the command is being run but produces nothing and we're not getting any debug info. @dmcnaught is having a go as we speak. But it does run perfectly from the terminal. We have not tried the event method yet but i suspect this is going to be the answer. I am sure we will get it to work shortly.

btw, Cash.me doesn't work for us Brits as it requires a US zip code.

Do you have anything on setting the finder preferences for the default view (ie set the default view to column view and remove the icon preview from all views:)

Thanks

danielmcnaught
New Contributor

Just to clarify, the login script @gfawkes mentioned above is running from a LaunchDaemon in iHook. Launching the ChangeSidebarLists from this script fails for some reason (which I've seen with some commands running under a LaunchDaemon). I've got a couple of methods that launch it as the user (either as a LaunchAgent or using 'su [username]', which also seem to fail. Now we're calling it as a Custom Event as @matt4836 mentioned above... Will test this next week!

matt4836
Contributor II

@gfawkes At first glance that Finder plist looks like a mess easiest thing to do, would be to set Finder how you want and push out the plist :) I think there is a User Experience Composer Manifest.

perrycj
Contributor III

@matt4836 Great script. If you want to add/remove multiple items from the sidebar per client, do you have to set a policy for every item individually?

For example, if I want to remove iCloud Drive, All Items, AirDrop from every client's Finder sidebar, do I need 3 separate policies?

Or do I need just one for remove and then one policy for add? Basically putting multiple values in a single parameter per policy? Hopefully that makes sense.

matt4836
Contributor II

I am pretty certain you would need separate policies. You could install the script on the computer then use the files and processes tab of the policy to run it multiple times to keep it as one policy. Something like:

execute command: /path/to/script remove iCloud;/path/to/script add HOMEDIR

Hope that makes sense.

perrycj
Contributor III

@matt4836 That does make sense.

In theory if you put the script on the Mac, could you run another script that just calls your script to run multiple times? Kind of like how dockutil works? What do you think?

matt4836
Contributor II

Precisely. I like to use the 'Execute command' portion of the policy to avoid having extra scripts. Extra scripts are without a doubt cleaner. This script is essentially the same as dockUtil. They are both written in Python. The main difference–I think you can only modify the sidebar while a user is logged in.

perrycj
Contributor III

@matt4836 Yes that makes sense.

So planting both scripts on the Mac and then using a LaunchAgent to call script one which has all the references to your sidebar script in it should do the trick. I'll definitely try that out and report back if it works. Thanks for your quick responses and of course, for making the sidebar script to begin with.

matt4836
Contributor II

You caught me on a rare day when I am sitting at the computer :)

Yes LaunchAgent should work, or a login policy.

gfawkes
New Contributor II

@perrycj We created separate policies for each icon we wanted to add / remove. Although you can add more than one copy of the script in each policy I was unable to save different parameters. You can also control the order the policies are run because it seems they are run in alphanumeric order of their title.

The only mod we had to do was to add a small time delay in the script to allow our network homes to mount. the small delay accumulates, so we put the network mounts last.

We tried various other ways of running the script including an event triggered in our login script after the home was mounted, but the problem is that the script tries to work out the logged in user but was unsuccessful in our setup.

In the end, the time delay and running several polices at login has been reliable.

perrycj
Contributor III

@gfawkes That works pretty well. Separate policies seem to do the trick.

perrycj
Contributor III

@gfawkes So if I set the policy to run at login or with check in, the policy runs but nothing happens in terms of the side bar and on the JSS it says it runs successfully.

However, if I initiate the policy from the command line (sudo jamf policy -id 8089) for example, it works like it should, removing or adding an item from the sidebar immediately. Have you seen this?

If it runs by check in or login, is it dependent on logging out for changes to show even though they show immediately when run the policy is run from terminal?

gfawkes
New Contributor II

@perrycj I didn't have any success with running at check in, only at login command line or self service. This is because the username is not passed at check in.

I could only think of basic things which you probably have covered - execution frequency and scope? But if it's appearing in policy logs as you say then it's definitely running.

We had trouble with it identifying the logged in user. if you set the _debug to True it may help. The script runs itself again, so you should be able to see the user it is trying to run itself as.

Do you have local or network homes? if you are trying to add networked items they may not have been mounted yet. I overcame this by doing the removing and non-networked before the networked items.

bentoms
Release Candidate Programs Tester

@gfawkes This post may help it has a Pyhon command for getting the currently logged in user, & can be run anytime.

ngidzak
New Contributor

When I try to use this script, it is not allowing me to include '/' in the parameter

I want to make sure documents is included but 'HOMEDIR/Documents' is changed to 'HOMEDIR'

any idea why?

matt4836
Contributor II

I ran this ten seconds ago:

/Users/ms/Documents/GitHub/changeSidebarLists/Change_Sidebar_List.py last HOMEDIR/Documents

It worked as expected. The only thing I can assume is a spelling error? Does anything else work? Are you sure you set it to "Casper Mode"?
Post your policy, script or terminal output.

gfawkes
New Contributor II

HOMEDIR/Documents also works fine for me.

Are your Documents redirected? if so is the redirection finished before the script is run?

I put in a delay to overcome this.

ngidzak
New Contributor

The path is being redirected, and if I run the command manually it seems to work, it appears to be more of JSS issue. When I enter homedir/anything in the parameter box of jss and hit save
at that point it gets removed. (nothing wrong with the script I just don't understand why JSS is not allowing me to save parameters with '/' in them

ngidzak
New Contributor

Figured it out, I needed to run this command multiple times, so I added it into a policy twice, jss was having issues differing between these two entries and forces the same parameters
I removed one, and that seemed to resolve the issue and I can include the '/' in path

charles_krivan
New Contributor

I just stumbled on this thread I can really use your assistance in turning this script into something I can use for casper. Most importantly I would like to see and learn what you did....! Thank you.

I need to turn off the banner alerts and have them be alerts by default for the casper management app

https://1drv.ms/u/s!AsQSVIJSCA-VgdBmIAkn_cxYEOwobQ

I attached the script and basically through the arguments I just to need to have this ran.

NCutil.py -a alerts com.jamfsoftware.Management-Action

I can get it to work locally on the machine with no issues. Thank you so much.

bentoms
Release Candidate Programs Tester

@charles.krivan you'll need to deploy the .py to he devices then call via a policy with the arguments.