Display Dialog/Notification at Login Event

boberito
Valued Contributor

I'm trying to build a script to show a notice to users once they login.

I'm running into 2 problems.
1) The Login event doesn't seem to execute reliably
2) Login event seems to be in this in-between where the desktop isn't up so you can't display a dialog box or anything easily.

Problem 1
To test problem one, I have a script scoped to just my computers that runs

echo "Hello" >> /hello.txt

This rarely seems to echo hello.

Problem 2
I haven't yet figured out the best way. One way

loggedInUser="$3"
x=1
while [ "$x" -eq "1" ]; do
        sleep 10
        dockActive=$(ps aux | grep "${loggedInUser}" | grep "/MacOS/Dock")
        if [ ! -z "$dockActive" ]; then
                sleep 5
                x=2
        fi
done

Then the rest of the script, displaying something with jamfHelper or osascript. But regardless of problem 2, I can't seem to get past problem 1.

Anyone have a solution for displaying a dialog box after a user logs in?

8 REPLIES 8

mm2270
Legendary Contributor III

@boberito Are you looking to have this display just once or on every login? If the latter, just go with a LaunchAgent + script if possible, as it will be more reliable. The main drawback to using a LaunchAgent and a script is that it's not as easy to make modifications to it later without redeploying a modified script, say, and you also don't have logs to look at to know it's actually working.

If you only need it once, you can still use a LaunchAgent + script, but have the script first check for a file or plist dropped into the current user's profile somewhere. If it sees the "breadcrumb", the script can simply exit. If it doesn't see it, then it assumes this is the first login for that account, so, show the message and then add the plist/file for the next run.

Outside of the above, I've done similar things in scripts to what you have there, looping/checking for the Dock running before continuing, and that usually works fine. Was there an issue when trying that?

Last item, looking at what you wrote, what exactly is this line for?

echo "Hello" >> /hello.txt

Are you looking to echo "Hello" into a local file and then you're checking on the file, or, was that just an example?

boberito
Valued Contributor

@mm2270 The hello, I was just trying to test the login trigger by doing something stupidly simple like that.

We're informing people of an upcoming change in how they login. I don't want a pop up at check in, I really want it when they login I think is most effective. This is going into affect in a month, so i'd prefer nothing that I have to clean up like a launchagent because it's quite temporary.

I think the biggest problem i'm having is that Login just isn't working reliably. I've noticed networkStateChange seems to kick off at Login, so maybe I can make a mess of a script to do it then and figure out if it was during login actually.

mm2270
Legendary Contributor III

I'd be careful with using network state change. That gets triggers a lot. Unless you craft your script pretty carefully, the users may end up seeing the message multiple times in a row.

And you're right, the login trigger isn't the most reliable, but just to be sure, you do have the "Check for policies triggered by login or logout" enabled in Computer Management settings right? I assume yes, since you said it works on occasion.

boberito
Valued Contributor

Yes. It is checked. And there's no config profiles blocking and mucking with login scripts either.

And ya it'll cause a lot of traffic and noise to run at network state change.......so i dunno, definitely don't have a good solution. I might just scrape the whole small project all together.

mm2270
Legendary Contributor III

One last thought on this. Are these Macs all wired into the network, or do they connect to Wi-Fi after login? If it's the latter, you should be able to use the recurring check-in trigger, as I believe that typically fires after the Mac logs in and establishes a network connection. But it's not as trigger happy as the Network State Change. That might work.
The dialog would not be immediate, so there would be a delay between login and when the dialog appeared, but it should come up pretty soon after they get into their account.

Maybe something to test?

boberito
Valued Contributor

I could go that route! They're a mix of wired and wireless.

boberito
Valued Contributor

Well it's ugly but it appears to work....I could try it with Check-in like you suggested.

#!/bin/bash

loggedInUser="$3"
computerName="$2"
userID=$(id -u ${loggedInUser})

networkDate=$(cat /var/log/jamf.log | grep "networkStateChange" | tail -1 | awk -F "$computerName" '{print $1}')

if cat /var/log/jamf.log | grep "$networkDate" -B 2 | grep "${loggedInUser}" | grep "login"; then
    x=1
    while [ $x -eq 1 ]; do
        sleep 3
        dockActive=$(pgrep Dock)
        if [ -n "$dockActive" ]; then
            x=2
        fi
    done

    smartcard=$(launchctl asuser ${userID} system_profiler SPSmartCardsDataType | grep "END CERTIFICATE")
    if [ -z "${smartcard}" ]; then

        imagePath="/Applications/Utilities/ActivID ActivClient for Mac Uninstaller.app/Contents/Resources/icon.icns"

        /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility 
        -title "PIV Enforcement Coming Soon" 
        -description "We will be requiring PIV for login on May 1st for all Macs. 

Please make sure you have a smartcard reader and your PIV card works properly before that." 
        -icon "$imagePath" 
        -button1 "Ok" 
        -defaultButton 1 
        -timeout 3600
    fi
fi

PaulHazelden
Valued Contributor

For me I would say the LaunchAgent and script method would be the best method.
I use this to run a login script for all of my users. With notifications to them, I use Terminal Notifier, and Alerter to provide the notifications, but you can script a standard system notifications box to pop up if you want.
I too use a hidden bread crumb file to miss out sections of the script that only needs to be run once per user.
I have got round the problem of updating these scripts, by scripting an updater that mounts a drive where the scripts are stored and copies new versions to the Mac, then un-mounts the drive. Now if I want to change a script I change the version on the server, and the updater can then run and update the clients.