Posted on 09-01-2023 02:46 AM
Hello Nation
I started to optimize a few things in our PreStages. Better said, i started with testing for our new PreStage.
Following problem for me:
After my prestage with jamf connect notify script (wich installs everyhing an user need) I need to start instantly after the desktop appears to user the device compliance registration steps for the user.
In the past I have done this normally with a script and a policy which runs after the macbook is enrolled. The problem with this is that in most cases the script do not start always after the desktop appears. Although not with the login trigger in the policy.
So my first idea was to do exactly the same but with an launchagent or deamon. So i created a package with an LaunchAgent which should run the script atload. This works fine, but the script doesnt do all the steps.
Because I want keep everything small, I decided to create the launchagent which open only the selfservice policy at load. I dont know why, but this doent really looks that it is working. I am not such experienced scripting jamf user but started now with a few things after my passed jamf 300 course.
So the device compliance policy can be started automatically but the registration must be done through the user himself
This is like my LaunchAgent looks like:
The LaunchAgent is stored in /Library/LaunchAgents -> The Launch Agent will be removed in a following policy after the user had registered the device compliance.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.######.jamfselfservice.start.compliance</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/open</string>
<string>\"jamfselfservice://content?entity=policy&id=658&action=view"\</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Here is the script i tried as first. This one will be started also with an launchagent:
LaunchAgent:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.#####.jamfselfservice.start.compliance</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/Library/Scripts/DeviceComplianceRegistration.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
This is the script:
#!/bin/bash
sleep 10
echo > /var/log/DeviceComplianceRegistration.log
# Define Variables
brandIcon="/usr/local/V2ConstantLogos/logo_claim_anmeldung.png"
policyID="658"
#get logged in user
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
answer=$( osascript << EOF
button returned of (display dialog "Please finish setting up your computer by running the Device Compliance Registration policy in Self Service. Click OK to get started!" buttons {"OK"} default button 1 with icon POSIX file "$brandIcon")
EOF
)
echo "$answer"
if [[ $answer -eq "OK" ]]; then
su "$loggedInUser" -c "killall Self\ Service"
su "$loggedInUser" -c "open \"jamfselfservice://content?entity=policy&id=$policyID&action=view\""
fi
/usr/local/bin/jamf manage
#sudo jamf recon
exit 0
I like to deploy this directly with the prestage as pkg.
I appreciate for any ideas how to go further with this.
Posted on 09-01-2023 06:01 AM
Instead of using
su "$loggedInUser" -c
for the commands that need to run as the user, try using the method Armin Briegel outlines in his post here: https://scriptingosx.com/2020/08/running-a-command-as-another-user/
You may get better results. I use this method almost exclusively when I need run something from a root run script as the logged in user.
Posted on 09-05-2023 06:32 AM
Thank you, i know this post, but forget about that. Will give a try.