Posted on 09-08-2017 10:07 AM
We allow our upper-tier TSRs to execute scripts via Casper Remote, but we don't allow them to view the actual scripts in the JSS.
Occasionally, a TSR will execute a script via Casper Remote which I really wish they hadn't, so we came up with an "Authorization Key" for our more impactful scripts.
Use a Script Parameter to check for some random string of characters before allowing a script to execute.
Add an if then else
to your script which checks for some random string of characters. If the passed Script Parameter doesn't match, exit; if it does match, proceed.
The Casper Remote user must enter the correct random string of characters to execute the script. (Authorized JSS admins can easily lookup the random string of characters before adding the script to a policy.)
#!/bin/sh
####################################################################################################
#
# ABOUT
#
# This script will forcibly remove all Configuration Profiles. (Used in preparation to migrate
# a computer from the JAMF Software Server 9.x to the Jamf Pro Server 10.x
#
####################################################################################################
#
# HISTORY
#
# Version 1.0, 08-Sep-2017, Dan K. Snelson
#
####################################################################################################
### Variables
authorizationKey="$4"
# Check for a specified value in Parameter 4
if [ "$authorizationKey" != "rs2y3hng1O8kIsz2GiiAN" ]; then
echo "Error: Incorrect Authorization Key; exiting."
exit 1
else
echo "Removing Configuration Profiles ..."
/bin/rm -Rfv /var/db/ConfigurationProfiles
echo "Configuration Profiles removed."
fi
exit 0
...
Running script removeProfiles.sh...
Script exit code: 1
Script result: Error: Incorrect Authorization Key; exiting.
Error running script: return code was 1.
...
Posted on 02-10-2020 12:08 PM
@dan-snelson Thank you for sharing this ingenious usage to be able to give techs enough power to do their jobs but not so much power that they can cause real harm without at least some opportunity for oversight!