Help

Apple Script fails through Jamf Pro

CesarT_T
New Contributor III

Posted on ‎08-03-2021 02:41 PM

Thanks for reading in advance.

We roll out Macs with local accounts, a password configuration gets pushed to enforce requirements. it is set to every 90days.

in conjunction with an EA, I created a smart group that will get a notification pop up telling them know that their password is about to expire and they need to change/update it. The script that I have is fairly simple:

 

#!/bin/bash

jamf displayMessage -message "Your password will expire soon. You must change it soon to avoid becoming locked out.

You can change it in System Preferences under Users & Groups."




/usr/bin/osascript <<EOF
tell application "System Preferences"
 activate
set the current pane to pane id "com.apple.preferences.users"
reveal anchor "passwordPref" of pane id "com.apple.preferences.users"
tell application "System Events"
 tell process "System Preferences"
 delay 2
 click button "Change Password…" of tab group 1 of window 1
end tell
 end tell
end tell
EOF

 

it works well when pushing it locally, but when pushing through Jamf Pro it errors out.

Essentially, I want the user to receive the pop up stating their password is about to expire, wait for them to click Ok on the pop up, then have system preferences and auto navigate over to changing their password.

 

Any thoughts on this? Thanks!

 

0 Kudos
3 REPLIES 3

cbrewer
Valued Contributor II

‎08-03-2021 03:20 PM - edited ‎08-03-2021 03:21 PM

Jamf scripts run as root. You might want to look into having your script call osascript as the logged in user.

 

# Get currently logged in user
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name  && ! /loginwindow/ { print $3 }' )

# Get the logged in UID
loggedInUID=$(id -u $loggedInUser)

/bin/launchctl asuser "${loggedInUID}" sudo -iu "${loggedInUser}" /usr/bin/osascript <<-EOF

 

CesarT_T
New Contributor III
In response to cbrewer

Posted on ‎08-04-2021 09:10 AM

doing this adds more steps, I had to allow Jamf.app to allow access to about 5 things.

Right after using PPPC and allow Jamf.app those rights, Terminal.app also prompted.

Used PPPC for Terminal as well, pushed those Config Profiles to another test Mac, still getting the same pop ups.

I thought there was a way to run it without needing to tell it execute as the logged in user. Replacing the osascript with the following worked in order to show the system preferences pane.

open /System/Library/PreferencePanes/Accounts.prefPane

 

Essentially, the "new" script would be this:

#!/bin/bash

jamf displayMessage -message "Your password will expire soon. You must change it soon to avoid becoming locked out.

You can change it in System Preferences under Users & Groups."


open /System/Library/PreferencePanes/Accounts.prefPane
0 Kudos

user-joRWFBbOUw
New Contributor

Posted on ‎08-04-2021 04:07 AM

But when it runs in a recurring check-in trigger, the dialog box fails to display and an AppleScript error is thrown.

 

My Balance Now

0 Kudos