Posted on 03-26-2015 01:06 PM
Is there any documentation about adding a Python script to the JSS?
I have a Python script that takes a couple of parameters that id like to run at login. I have tried to add it but it doesn't seem to work.
So if there is something that covers this from end to end it would be greatly appreciated.
Posted on 03-26-2015 01:24 PM
@gfawkes you can find more detailed info in the Casper Admin guide that came with your software. For version 9.65 you'll want to look at pages 317 thru 323.
Basically, if you're adding via the JSS, you add the script via Computer Management -> Scripts. Since you say the script takes a couple of parameters, you can add those on the Options tab. They will be sent to the script by Casper as parameter $4 through $11. On the Options tab, you can give the parameters a label that will help you identify them when adding the script to a policy (or running via Casper Remote).
In your script, you need to change the variables that use the parameters to use $4 through $11 instead. For example, if I had a variable named "myPassword" that read a password pass from the command line, I might make it read $4 and on the policy that I was running the script from, I'd put the password in the Parameter 4 box.
Hopefully that makes sense.
Posted on 03-26-2015 03:01 PM
I make many of them. Post your script for advice.
What @stevewood was saying Parameter 4 is sys.arg in python. Be sure to have the proper header on the script: #!/usr/bin/python
Also your parameters can not be of the hyphen variety: Myscript.py -this -that other Does not work.
See line 131 in my script here to see an example. Modify Notification Center for Casper
Posted on 03-27-2015 12:37 AM
I am sure that my problem is that i am not sure how to deal with the parameters in JSS.
Matt, its actually one of your scripts i believe! - changesidebarlists I have changed the Casper_mode to true, but honestly i am not sure what to put in the script parameters for the policy (currently parameter 4 is last and 5 is HOMEDIR), and i have not added any options in computer management / scripts - my understanding is that these are labels and have no functionality but I don't really know. The policy is currently set to run at login and refresh interval and to be ongoing.
Posted on 03-27-2015 07:44 AM
@gfawkes There was an issue with that script. I found this week that the JSS passes all parameters blank or not, and my script was not expecting that. The github is updated.
However, the last part that updates the users preferences to reflect the changes does not work when sent from the JSS. I am trying to figure that one out.
If you push the script out in a package and run it directly it should work fine. Not sure why that is. I will spend some time today to figure it out. Thanks for the feedback!
Posted on 03-27-2015 12:45 PM
@gfawkes After goofing with it all day I was able to get working properly with Casper.
Be sure to use this version
Be sure to change line 2 to True
Posted on 03-27-2015 12:46 PM
Rename your Parameters
Posted on 03-27-2015 12:47 PM
Here is adding a item to the last position
Posted on 03-27-2015 12:47 PM
Here is moving an item
Posted on 03-27-2015 12:48 PM
Here is removing, notice you use the name not path!
Posted on 03-31-2015 05:40 AM
This is an exceptional piece of work......
We are a secondary school in the U.K. and you have no idea how much difference this will make. Previously, if you were a teacher instructing your class to save you would have no chance because all the students would see a different sidebar.
As it is, the script is working for us in JSS but i have a couple of observations if you feel like it.....
1) Spaces in the paths - I know you say you have addressed this but i cant seem to add the following path using the JSS:- /volumes/share points/student resources
2) Our desktop and documents folders are redirected and so have alias's in the home area which wont add.
Thanks again Matt, we have noted your request at the top of the script and will see what we can do!
Posted on 03-31-2015 09:18 AM
Thank you that is much appreciated!
1) I tested here and mounted volumes with spaces worked fine. Make sure the Volume is mounted first. Are you using a mount script? Perhaps call the sidebar policy after the mount script?
If you do not have one this should work:
osascript -e "tell application "Finder" to mount volume "$4""
$4 is the full path to mount "smb://example.com/hosts/share"
If the password is stored in Keychains or if Kerberos is being used it will mount automatically. Other wise the user is prompted.
Then call the policy with a custom trigger, the entire script would look like this:
osascript -e "tell application "Finder" to mount volume "$4""
jamf policy -event addHomeToSidebar #or whatever your custom trigger is called.
2) What does your redirect look like? The script could be modified for you environment, Line 34 sets the Homedir variable. Current is reading DSCL for it. If you are redirecting to something like /Volumes/homes/[USERNAME] you can substitute line 34 for:
CURRENT_FINDER_HOMEDIR = "/Volumes/homes/" + CURRENT_FINDER_USERNAME
Hope that points you in the right direction. Let me know if you need further clarification.
Posted on 04-02-2015 12:32 AM
Hi @matt4836 ,
We do have a elaborate mount script. calling your script doesn't seem to work at all - for mounted or non-mounted volumes for some reason when run as root or user.... the command is being run but produces nothing and we're not getting any debug info. @dmcnaught is having a go as we speak. But it does run perfectly from the terminal. We have not tried the event method yet but i suspect this is going to be the answer. I am sure we will get it to work shortly.
btw, Cash.me doesn't work for us Brits as it requires a US zip code.
Do you have anything on setting the finder preferences for the default view (ie set the default view to column view and remove the icon preview from all views:)
Posted on 04-04-2015 06:53 AM
Just to clarify, the login script @gfawkes mentioned above is running from a LaunchDaemon in iHook. Launching the ChangeSidebarLists from this script fails for some reason (which I've seen with some commands running under a LaunchDaemon). I've got a couple of methods that launch it as the user (either as a LaunchAgent or using 'su [username]', which also seem to fail. Now we're calling it as a Custom Event as @matt4836 mentioned above... Will test this next week!
Posted on 04-09-2015 08:01 AM
@gfawkes At first glance that Finder plist looks like a mess easiest thing to do, would be to set Finder how you want and push out the plist :) I think there is a User Experience Composer Manifest.
Posted on 04-27-2015 12:55 PM
@matt4836 Great script. If you want to add/remove multiple items from the sidebar per client, do you have to set a policy for every item individually?
For example, if I want to remove iCloud Drive, All Items, AirDrop from every client's Finder sidebar, do I need 3 separate policies?
Or do I need just one for remove and then one policy for add? Basically putting multiple values in a single parameter per policy? Hopefully that makes sense.
Posted on 04-27-2015 01:02 PM
I am pretty certain you would need separate policies. You could install the script on the computer then use the files and processes tab of the policy to run it multiple times to keep it as one policy. Something like:
execute command: /path/to/script remove iCloud;/path/to/script add HOMEDIR
Hope that makes sense.
Posted on 04-27-2015 01:06 PM
@matt4836 That does make sense.
In theory if you put the script on the Mac, could you run another script that just calls your script to run multiple times? Kind of like how dockutil works? What do you think?
Posted on 04-27-2015 01:09 PM
Precisely. I like to use the 'Execute command' portion of the policy to avoid having extra scripts. Extra scripts are without a doubt cleaner. This script is essentially the same as dockUtil. They are both written in Python. The main difference–I think you can only modify the sidebar while a user is logged in.
Posted on 04-27-2015 01:13 PM
@matt4836 Yes that makes sense.
So planting both scripts on the Mac and then using a LaunchAgent to call script one which has all the references to your sidebar script in it should do the trick. I'll definitely try that out and report back if it works. Thanks for your quick responses and of course, for making the sidebar script to begin with.
Posted on 04-27-2015 01:15 PM
You caught me on a rare day when I am sitting at the computer :)
Yes LaunchAgent should work, or a login policy.
Posted on 04-28-2015 01:08 AM
@perrycj We created separate policies for each icon we wanted to add / remove. Although you can add more than one copy of the script in each policy I was unable to save different parameters. You can also control the order the policies are run because it seems they are run in alphanumeric order of their title.
The only mod we had to do was to add a small time delay in the script to allow our network homes to mount. the small delay accumulates, so we put the network mounts last.
We tried various other ways of running the script including an event triggered in our login script after the home was mounted, but the problem is that the script tries to work out the logged in user but was unsuccessful in our setup.
In the end, the time delay and running several polices at login has been reliable.
Posted on 04-28-2015 08:09 AM
Posted on 04-28-2015 11:57 AM
@gfawkes So if I set the policy to run at login or with check in, the policy runs but nothing happens in terms of the side bar and on the JSS it says it runs successfully.
However, if I initiate the policy from the command line (sudo jamf policy -id 8089) for example, it works like it should, removing or adding an item from the sidebar immediately. Have you seen this?
If it runs by check in or login, is it dependent on logging out for changes to show even though they show immediately when run the policy is run from terminal?
Posted on 04-29-2015 06:21 AM
@perrycj I didn't have any success with running at check in, only at login command line or self service. This is because the username is not passed at check in.
I could only think of basic things which you probably have covered - execution frequency and scope? But if it's appearing in policy logs as you say then it's definitely running.
We had trouble with it identifying the logged in user. if you set the _debug to True it may help. The script runs itself again, so you should be able to see the user it is trying to run itself as.
Do you have local or network homes? if you are trying to add networked items they may not have been mounted yet. I overcame this by doing the removing and non-networked before the networked items.
Posted on 05-03-2015 02:05 AM
@gfawkes This post may help it has a Pyhon command for getting the currently logged in user, & can be run anytime.
Posted on 06-10-2015 01:04 PM
When I try to use this script, it is not allowing me to include '/' in the parameter
I want to make sure documents is included but 'HOMEDIR/Documents' is changed to 'HOMEDIR'
any idea why?
Posted on 06-10-2015 01:09 PM
I ran this ten seconds ago:
/Users/ms/Documents/GitHub/changeSidebarLists/Change_Sidebar_List.py last HOMEDIR/Documents
It worked as expected. The only thing I can assume is a spelling error?
Does anything else work? Are you sure you set it to "Casper Mode"?
Post your policy, script or terminal output.
Posted on 06-10-2015 01:12 PM
HOMEDIR/Documents also works fine for me.
Are your Documents redirected? if so is the redirection finished before the script is run?
I put in a delay to overcome this.
Posted on 06-10-2015 01:25 PM
The path is being redirected, and if I run the command manually it seems to work, it appears to be more of JSS issue. When I enter homedir/anything in the parameter box of jss and hit save
at that point it gets removed. (nothing wrong with the script I just don't understand why JSS is not allowing me to save parameters with '/' in them
Posted on 06-10-2015 01:46 PM
Figured it out, I needed to run this command multiple times, so I added it into a policy twice, jss was having issues differing between these two entries and forces the same parameters
I removed one, and that seemed to resolve the issue and I can include the '/' in path
Posted on 08-18-2016 12:32 PM
I just stumbled on this thread I can really use your assistance in turning this script into something I can use for casper. Most importantly I would like to see and learn what you did....! Thank you.
I need to turn off the banner alerts and have them be alerts by default for the casper management app
I attached the script and basically through the arguments I just to need to have this ran.
NCutil.py -a alerts com.jamfsoftware.Management-Action
I can get it to work locally on the machine with no issues. Thank you so much.
Posted on 08-20-2016 10:45 AM
@charles.krivan you'll need to deploy the .py to he devices then call via a policy with the arguments.