- Jamf Nation Community
- Products
- Jamf Pro
- Re: AppleScript prompt after DEP enrollment
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
AppleScript prompt after DEP enrollment
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-23-2020 06:33 AM
I've been banging my head against the wall with this one. What I'd like to happen is, after DEP enrollment, and we get to the desktop, an AppleScript dialog pops up asking the user a question. There are a few popups, but for troubleshooting purposes, let's just go with the first one. I understand the underlying issue is calling osascript from root. Hoping fresh eyes might see what's wrong or provide some further insight?
#!/bin/sh
# Wait until user is fully logged in & get user
dockStatus=$(pgrep -x Dock)
until [[ "$dockStatus" != "" ]]; do
echo "Waiting for login to complete..."
sleep 2
dockStatus=$(pgrep -x Dock)
done
LoggedInUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");' )
LoggedInUserPID=$(ps auxww | grep "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow" | grep $LoggedInUser | grep -v "grep" | awk '{print $2}')
# Ask if we want to run Setup now
Setup=$(sudo -u "$LoggedInUser" osascript << EOF
set theDialogText to "Thank you for enrolling this computer.
Run Setup now to configure your computer.
"
display dialog theDialogText with icon file "Macintosh HD:Library:Images:Setup.png" with title "Enrollment Complete" buttons {"Run Setup","Not Now"} default button 1
EOF
)So I've tried the above, and also using the PID and launchctl:
# Ask if we want to run Setup now
Setup=$(/bin/launchctl asuser $LoggedInUserPID osascript << EOF
set theDialogText to "Thank you for enrolling this computer.
Run Setup now to configure your computer.
"
display dialog theDialogText with icon file "Macintosh HD:Library:Images:Setup.png" with title "Enrollment Complete" buttons {"Run Setup","Not Now"} default button 1
EOF
)Using sudo -u gets me "execution error: No user interaction allowed. (-1713)"
Using launchctl asuser gets me "osascript[5156:34547] -[__NSCFConstantString objectAtIndex:]: unrecognized selector sent to instance 0x7fff8f328590", and a "first throw call stack", ending with "libc++abi.dylib: terminating with uncaught exception of type NSException".
Neither prompt the user.
Help?
NOTE: I'm using osascript as opposed to JamfHelper because the second pop-up asks for textbox input.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-23-2020 07:03 AM
You've got some things wrong with the second method - using launchctl asuser You need to get the logged in user's UID, not their PID. I also have better luck with using their UID and also instructing the user to run the command with a sudo -iu piece, as shown below.
LoggedInUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");' )
LoggedInUserUID=$(id -u "$LoggedInUser")
# Ask if we want to run Setup now
Setup=$(/bin/launchctl asuser $LoggedInUserUID sudo -iu "$LoggedInUser" /usr/bin/osascript << EOF
set theDialogText to "Thank you for enrolling this computer.
Run Setup now to configure your computer.
"
display dialog theDialogText with icon file "Macintosh HD:Library:Images:Setup.png" with title "Enrollment Complete" buttons {"Run Setup","Not Now"} default button 1
EOF)Give that a try and see if it helps. Note that you might still run into an issue where a prompt may ask if Jamf should be allowed to access osascript or something to that effect. That can be prevented with a properly crafted PPPC Profile.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-23-2020 07:53 AM
I just.... feel so sad. Why was I chasing PID? bsexec flashbacks?
Thank you very kindly, working like a charm.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-23-2020 07:59 AM
bsexec flashbacks?
Perhaps. PID was necessary back when we used to need to use launchctl bsexec, so that might have been why. Anyway, glad it got things working for you.
