Help

Having trouble activating a launchAgent correctly

DREW1990
New Contributor

Posted on ‎12-15-2016 02:44 PM

Hello JAMF peeps,

I'm running into a wall on this. I'm trying to create a script that will run some policies after a user logs in after the computer has been imaged. Pretty much a first boot / log in script.

I created a launchAgent using Lingon X and chose the option "At startup and when saving." I packaged it with Composer and followed the steps in this thread to add a post flight script: https://www.jamf.com/jamf-nation/discussions/15401/is-there-a-way-to-deploy-a-launchagent-to-several-machines-through-jss-or-casper-remote

However, it doesn't look like the launchAgent is loading. I'm currently installing it on my test computers through Casper Remote. But essentially I want the .pkg to be installed during Casper Imaging and work once the user gets their computer and logs in.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>EnvironmentVariables</key>
    <dict>
        <key>PATH</key>
        <string>/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/git/bin:/usr/local/MacGPG2/bin:/usr/local/sbin</string>
    </dict>
    <key>Label</key>
    <string>com.companyname.jamf.firstLogin</string>
    <key>LaunchOnlyOnce</key>
    <false/>
    <key>ProgramArguments</key>
    <array>
        <string>/Users/Shared/firstLogin.sh</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>StartOnMount</key>
    <false/>
</dict>
</plist>

Here's the script that it's pointing to:

#!/bin/sh


# Grab current user
user=`ls -la /dev/console | cut -d " " -f 4`

# If the logged in user is not Admin, do this...
if [ $user != admin ]; then

    # Run firstLogin trigger policies
    sudo jamf policy -event firstLogin

    # Wait 10 seconds to make sure everything runs
    sleep 10

    # Grab current user

    echo "Deleting launch agent and script."

    rm /Users/Shared/firstLogin.sh
    rm /Library/LaunchAgents/com.companyname.jamf.firstLogin.plist

    exit 0

fi

Any thoughts?

0 Kudos
Reply
5 REPLIES 5

CapU
Contributor III

Posted on ‎12-15-2016 02:54 PM

Did you load the plist and change the permissions?

!/bin/sh

chown root "/Library/LaunchAgents/com.companyname.jamf.firstLogin.plist"
chmod 644 "/Library/LaunchAgents/com.companyname.jamf.firstLogin.plist"
launchctl load -w "/Library/LaunchAgents/com.companyname.jamf.firstLogin.plist

0 Kudos
Reply

DREW1990
New Contributor

Posted on ‎12-15-2016 02:59 PM

@CapU Yup! I follow the instruction in this thread. I created a post flight script for the .pkg in composer and used the exact lines.

0 Kudos
Reply

Look
Valued Contributor III

Posted on ‎12-15-2016 03:51 PM

I'm interested why you don't just use Casper directly to do this?
Could you not just just create a login triggered policy set to once per computer and scoped to the users allowed to run first run that ran everything directly.
This would run once when the first valid user logged in.

0 Kudos
Reply

CapU
Contributor III

Posted on ‎12-16-2016 01:48 PM

I used Composer to create a dummy receipts, named something useful, uploaded to the JSS. Casper see that and associates with installed software. I then created a Smart Group scoped to that dummy receipts and put scripts in the policy I wanted triggered after the machine completed imaging.
Works great

https://www.jamf.com/jamf-nation/discussions/2028/dummy-receipts

0 Kudos
Reply

Josh_Smith
Contributor III

Posted on ‎12-19-2016 04:31 AM

Here is an example of a working LaunchAgent I use to run a script:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.company.scriptname</string>
    <key>Program</key>
    <string>/Library/Application Support/company/Scripts/scriptname.sh</string>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>

Maybe simplifying your LaunchAgent will help identify any issues with it.

Note: This shouldn't affect the LaunchAgent, but I think your script will require the users to have admin rights to work as intended. Given that and the nature of the script it may make more sense to run this as a login policy or as a LaunchDaemon.

0 Kudos
Reply