In our organization, I am trying to have a pop up window show up when the user is on the desktop where it will prompt for a selection of roles the user must choose. For instance, developers must choose DEV-1. After selecting their roles, I want it to update JAMF (with recon) to update their department. In doing this, I can have role-specific apps get pulled down from other policies that have specific software scoped out to these departments. DEV-1 gets java, IDES, Sublime text, and HR-1 would get Office 2016, etc etc.

In JAMF, I have the following script scoped out to all newly enroll laptops to run on enrollment. It is a script that creates a Launch Agent and an Application Support/SF folder. In thes script under application support/SF, it will check that the logged in user is not mbsetupuser, finder process is running, and a "done-file" is NOT created so it can run. After creating the script and running it through its process, I do get the popup asking about which role the user is, but after their input, it does not continue with jamf recon -department "$roleID". If I run that same exact script locally on a saved text edit, the script works perfectly, updating the $roleID to JAMF's department field. The problem I see is that if the script is created via a script, it doesn't work as intended, as its not able to do a recon to Jamf, even though I hardcode the path. Please help!

####################

!/bin/bash

cat > /Library/LaunchAgents/com.SF.roleid.plist << 'ENDSCRIPT'

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>StartInterval</key> <integer>10</integer> <key>RunAtLoad</key> <true/> <key>Label</key> <string>com.SF.roleid.plist</string> <key>ProgramArguments</key> <array> <string>/Library/Application Support/SF/roleid.launch.sh</string> </array>
</dict>
</plist>

ENDSCRIPT

chmod 755 /Library/LaunchAgents/com.SF.roleid.plist
/usr/sbin/chown -R root:wheel /Library/LaunchAgents/com.SF.roleid.plist

if [ ! -d /Library/Application Support/SF/ ]; then mkdir /Library/Application Support/SF/
fi

touch /Library/Application Support/SF/

chown -R root:wheel /Library/Application Support/SF/
/bin/cat > /Library/Application Support/SF/roleid.launch.sh << 'ENDSCRIPT'

!/bin/bash

loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + " ");')

doneFile="/Users/Shared/.roleid"

Check if User is on desktop (Finder process exists)

function finderRunning { /usr/bin/pgrep Finder && return 0 || return 1
}

Check if User is in control (not _mbsetupuser)

doneFile does not exist

if finderRunning && [ "$loggedInUser" != "_mbsetupuser" ] && [ ! -f "${doneFile}" ]; then

roleID=$(osascript -e 'tell application "SystemUIServer" choose from list {"DEV-1","DEV-2","QA-1","QA-2","QA-3","IT-1","IT-2", "ACC-1", "SOPS-1", "FA-1", "DS-1", "MA-1","PM-1", "HR-1"} end tell')

touch "$doneFile"
/usr/bin/local/jamf recon -department "$roleID"

fi

exit 0

ENDSCRIPT
chmod +x /Library/Application Support/SF/
chmod +x /Library/Application Support/SF/roleid.launch.sh

loggedInUser=python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + " ");'
loggedInUID=id -u ${loggedInUser}

if [[ ${loggedInUID} -gt 500 ]]; then echo "Launching RoleID for user ${loggedInUID}…" sudo -u #${loggedInUID} launchctl enable gui/${loggedInUID}/roleid.launch.sh sudo -u #${loggedInUID} launchctl bootstrap gui/${loggedInUID}/ /Library/LaunchAgents/com.sigfig.roleid.plist
fi

sleep 30
sudo -u #${loggedInUID} launchctl unload /Library/LaunchAgents/com.SF.roleid.plist

exit 0

#################