Posted on 12-11-2023 11:11 PM
hi,
So we have a custom pkg file that is used to set up a common shared printer. we have no control over the contents of the .pkg file but it seems to need admin access when installed interactively.
When we try to deploy the .pkg via self service (as a jamf policy), it fails and looking in the logs, it is complaining that it needs rosetta 2 to be installed. Unfortunately the mac itself has problems remotely installing rosetta (which is another issue altogether) but for now, is it possible to run and install this .pkg interactively via jamf or self service as admin inside/under the current logged in user's session?
Posted on 12-12-2023 04:53 AM
already tried this script to install rosetta2?
Rosetta-2-install/Rosetta-2-install.sh at main · grahampugh/Rosetta-2-install · GitHub
works like a charm. just add this script to jamf pro, make a policy and add the script...
maybe this already fixes the problem to be able to install the printer pkg?
Posted on 12-12-2023 06:12 AM
Ultimately the resolution to both your issues is likely to get your hands on the device (or remote in to it). Run the command to install Rosetta locally, if that works then run the package to install the printer drivers. If Rosetta still fails to install, you will need to reinstall macOS.
As far as your question. JAMF runs everything as root, this is what allows JAMF to run admin tasks like a package. You could cache the package and use a script to run it as the user. However, as the user does not have admin access they cannot install the package. You will still get an error about Rosetta not being installed if you did this.
Posted on 12-12-2023 01:33 PM
i dont think rosetta is the issue because when we try to install the .pkg manually and interactively, it doesnt ask for anything. usually it should ask to install rosetta as well, right?
also, i've tried to install with another .sh script to get rosetta installed but when we tried, we got a RosettaUpdateAuto error; even when doing it via terminal.
I know launching the .pkg interactively is somewhat tricky (but do-able), but the tricky part is if it is possible to run it as admin this way but also interactively so that the user can interact with it.
Posted on 12-13-2023 08:27 AM
I don't think it's possible to run the package with admin rights AND also as the logged in non admin user for interaction. It's one or the other. But if the user isn't admin, they won't have the authority to install the package.
I think the long answer is to consult with the vendor if you have any line into their support team, and explain the issue. Ultimately, vendors of software need to get with the program and design their installations so they can be done through a management tool, especially if they expect the software to be used in an enterprise type environment. There's no real excuse for packages these days that require the user to interact with them to get installed, or they don't work.
The only other possible avenue I can think to explore here would be to cache the package to the Mac, then run a post cache script that, after verifying the package is in place, temporarily elevates the logged in user to admin status, opens the package as them so they can install it and interact with it, then once done, drop them down to a standard account again. That would work, but whether this solution is palatable for you depends on how strict your environment is about giving any account admin rights, even if it's only for a couple of minutes. There is always some risk with something like this, but if it's done right, the user won't have any time to do anything unsanctioned with the Mac.