Posted on 07-15-2011 07:23 AM
Hi all,
We are currently in the testing phase of binding our Macs to AD, at the moment all our Mac users have admin rights which means they can install their own updates (or not as the case may be!) and obviously when we go over to AD this will no longer be the case. So we would like to have our Macs point to one of our internal software update servers and if their are any updates to be installed have these install on shutdown.
At the moment whenever a machine logs out of shut down and has updates to install there is just a blank screen with no information to the user. This isn't ideal and I was wondering about the use of lock screen to help us inform the user about what is happening. I am trying to write a script (not very successfully) that looks a bit like this:
#!/bin/sh
# Name: lockScreen.sh
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -lockHUD -description "Important updates are currently being installed. Please do not turn off your Mac."
I have a policy set to run on logout for some test machines and it is set to 'Install All Software Updates' and the script above set to 'Run Before'. The script works as far as displaying the message to the user but then it will just hang there forever and looking in the console after restarting the Mac forcefully shows the install all updates portion of the policy never came into effect.
I am new to Casper and scripting so I may have missed something obvious so any help would be appreciated!
Cheers,
Chris
Posted on 07-15-2011 07:43 AM
you need a postinstall script to do something like this
#!/bin/bash
killall jamfHelper
--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services
Posted on 07-15-2011 07:46 AM
i think it's because the lockscreen is awaiting some action to be done to it before the policy continues.
Can you add the jamf -softwareupdate command (or whatever it is) into the lockscreen.sh?
Posted on 07-15-2011 07:49 AM
You need to place an ampersand (&) at the end of that line or it will hang
there waiting for jamfhelper to finish.
If you look through the list archives you can see other discussions about
using jamfHelper to lock the screen.
Steve
Sent from Somewhere
Posted on 07-15-2011 07:53 AM
good catch.
--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services
Posted on 07-15-2011 07:54 AM
You don't need to do a "kill" on logout/shutdown. If you are running
it at login you do need to issue the kill but that can be done in the
run box on the advanced tab of the policy.
Steve
Sent from Somewhere
Posted on 07-15-2011 07:54 AM
Here is the script that I have running, I have created some custom graphics
that I have already pushed to my users, that I call from the script to give
them a better idea of what is going on. I have this script launch as a
before script and if there is a reboot then nothing else needs to happen, if
you are not rebooting then you need to add 'killall jamfHelper" to the end
of your policy. Attached is a sample of a graphic that I am using, as well
as a screenshot of what the user sees.
#!/bin/bash
# JamfHelper Screen Lock
# Alan Benedict - Integer Midwest
# Varibles
lastreboot=`uptime | awk '{print "Your last reboot was: " $3 " " $4 }' |
sed -e 's/.$//g'`
heading="$4" # This shows up above the image in a bigger bolder font than
the description field
image="$5" # Options are as follows [ maintenance | new | update | hello ]
each give you a diffrerent image to give the user better feedback of what is
happening on their system
description="$lastreboot ago. $6" # This shows up below the image in a
smaller lighter font than the heading field
iconpath="$7"
# Default description if none is passed through the variable
if [ "$4" == "" ]; then
heading="Installing Updates"
fi
if [ "$5" == "" ]; then
image="update"
fi
if [ "$6" == "" ]; then
description="$lastreboot ago. Please do not close your laptop or unplug
anything until this screen disappears. Feel free to call the help desk if
this screen does not go away after 5 minutes."
fi
if [ "$7" == "" ]; then
iconpath="/Library/IT Resources/HelperImages/"
fi
# Case statement to assign specific graphic.
case $image in
maintenance )
icon="maint.png"
;;
new )
icon="new.png"
;;
update )
icon="updt.png"
;;
hello ) #just for kicks and giggles ;)
icon="hello.png"
;;
esac
# Script contents
/Library/Application
Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs
-icon "$iconpath$icon" -heading "$heading" -description "$description" &
exit 0
![external image link](attachments/bd701541beeb4a40b7b9329e52dd09e8)
![external image link](attachments/387b2ba8c91b43399131ab4919b1b38e)
Posted on 07-15-2011 08:02 AM
Thank you all for your replies.
Steve that ampersand completed the script and is working as I hoped, thank
you again.
Posted on 07-15-2011 08:26 AM
Brilliant! I'd buy you a beer if you were here, and I am a poet and I didnt knowit!
--
Matt Lee, CCA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group
Posted on 07-18-2011 12:52 AM
I've been tinkering with the same procedure lately (installing Software
Updates on logout/shutdown with a notification/lockscreen).
Using jamfHelper works fine, however, it only worked for me on logout.
If the user chooses shutdown instead, it would not display the lockscreen
(SU still runs, but only a blue screen is displayed).
My script (triggered by logout) for jamfHelper looked like this:
#!/bin/sh
#########################
#
#
#Lock the screen with jamfHelper
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -description "Updates are being installed, please wait." -icon /pathtoimage.png &
#Run Software Update
/usr/sbin/softwareupdate COMMAND_LINE_INSTALL -i -a
#reboot the machine
shutdown -r now
Better in my opinion: Use iHook. It also works on shutdown.
It's a little more complicated, but nothing impossible.
You need
- iHook installed somewhere on the client machine
- a Casper script triggered by logout launching the iHook script (which
must also be saved to the client, just build a Composer package for it),
may look like this:
#! /bin/sh
/pathtoiHook/iHook.app/Contents/MacOS/iHook --no-titlebar --script=/pathtoiHookUpdateScript/iHookUpdateScript.hook
- the iHook update script, may look like this:
#!/bin/sh
echo %BACKGROUND /pathToBackgroundImage/image.png
echo %WINDOWSIZE 1024 512
echo %BEGINPOLE
jamf runSoftwareUpdate
As mentioned above, this works, no matter if the user chooses "logout" or "shutdown".
Hope this helps,
Chris
PUMA AG Rudolf Dassler Sport - PUMA-Way 1 - D-91074 Herzogenaurach - Tel. +49 9132 81 0 - Fax +49 9132 81 22 46
Vorsitzender des Aufsichtsrats / Chairman of the supervisory board: Francois-Henri Pinault
Sitz der Gesellschaft / Registered office: Herzogenaurach - Handels- / Commercial Register: Fuerth HR B 3175
Vorstandsmitglieder / Board of Management:
Jochen Zeitz, Vorsitzender / Chairman and CEO
Melody Harris-Jensbach, Klaus Bauer, Stefano Caroti, Franz Koch
Stellvertretende Vorstandsmitglieder / Deputy Members of the Board of Management:
Antonio Bertone, Reiner Seiz
Posted on 07-18-2011 03:40 AM
Use the locksreen instead of jamfhelper, works flawlessly for me, I can't send u mine as I'm on holidays but it's much better than jamfhelper and I think it's what jamf now use for adobe installs since version 7
To stop run
Killall LockScreen
Simple, and u can edit or make custom lockscreen images , that'd what I do
Criss Myers
Posted on 08-01-2011 06:29 AM
I was trying this out, and I seem to be having a problem where the fullscreen logo won’t go away and I’m not sure where the log file is for the software updates to see if they are still installing or if it’s just hung somewhere…
I did have to modify the script slightly on the lastreboot line to get it to work
lastreboot=`uptime | awk '{print "Your last reboot was: " $3 $4 }' | sed -e 's/.$//g'
John Wojda
Lead System Engineer, DEI & Mobility
3333 Beverly Rd. B2-338B
Hoffman Estates, IL 60179
Phone: (847)286-7855
Page: (224)532.3447
Team Lead DEI: Matt Beiriger <mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Feedback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>
Team Lead Mobility: Chris <mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Feedback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.> Sta Ana
Mac Tip/Tricks/Self Service & Support <http://bit.ly/gMa7TB>
“Any time you choose to be inflexible in your approach to an unpredictable project you are already building failure into your plan”
![external image link](attachments/0f03f25b67da45ffa173090bbea78d12)
![external image link](attachments/77c0838f3ad34f2f8d34a5f219d006ad)
Posted on 08-01-2011 07:02 AM
As per alan's e-mail: "I have this script launch as a before script and if there is a reboot then nothing else needs to happen, if you are not rebooting then you need to add 'killall jamfHelper" to the end of your policy."
Regards,
Ben.