- Jamf Nation Community
- Products
- Jamf Pro
- Load, Unload or Enable, Disable Launch Agents and ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Load, Unload or Enable, Disable Launch Agents and Daemons for Junos Pulse Update.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-03-2016 11:02 AM
Hello,
I am trying to install a newer version of what was Junos Pulse now its Pulse Secure without a reboot.
When Updating to the newer version via Casper over the old version when it reboots it automatically picks up the Connections preferences fine. The issue is when Installed and you don't reboot the connections preferences disapears nothing is deleted. So if I locally use these commands in the Terminal
This is to Quit Junos Pulse
#!/bin/sh{
launchctl unload -w /Library/LaunchAgents/net.juniper.pulsetray.plist
sudo launchctl unload -w /Library/LaunchDaemons/net.juniper.AccessService.plist
osascript -e 'tell application "Junos Pulse" to quit'
}
This is to Start it back up after Install:
#!/bin/sh{
sudo launchctl load -w /Library/LaunchDaemons/net.juniper.AccessService.plist
launchctl load -w /Library/LaunchAgents/net.juniper.pulsetray.plist
}
it works but if I put this into a policy the Line "launchctl unload -w /Library/LaunchAgents/net.juniper.pulsetray.plist" i get this for an error from the Policy:
Executing Policy Test FOR VPN Client...
Running script Quit Junos VPN Client...
Script exit code: 0
Script result: /Library/LaunchAgents/net.juniper.pulsetray.plist: Could not find specified service
I haven't tried the Startup script in a Policy but it works fine directly on a machine. I am running OS X 10.10.5 most of the Mac's are Yosemite, then we have a few stragglers of 10.9.5 as well as El Cap Machines. We are Running Casper 9.81.
I know that the commands have changed from Mavericks and older OS's to Yosemite and Higher, so I am looking for insight to what I might be doing wrong.
Thanks in advance.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-03-2016 11:36 AM
LaunchAgents run as the user, not root.
If you run:
launchctl list| grep juniperas both your user account and as root, you'll see different things back. Policies always run as root. In order to get it to work, you'll need to execute launchctl load for the LaunchAgent as the user using bsexec and prayers. It's a PITA.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-03-2016 11:52 AM
The issue is that its trying to load a user level LaunchAgent while running from a script being called in a root context. As LaunchAgents are loaded in the user space, this fails if called from a Casper Suite policy (they run as root). You should take a look at this thread for information on how to script around that. The end solution will be a little different if done on 10.9 versus 10.10 and up, but its the same principal for both.
https://jamfnation.jamfsoftware.com/discussion.html?id=7555
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-04-2016 05:31 AM
Thanks thoule, mm2270, I will look at both, do some reading and see if I can get it to work. I appreciate the Help and I will post what I find works.
Thanks
Chris
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-04-2016 08:59 AM
Here's the script I use to load LaunchAgents - different application, but concept still applies:
#!/bin/bash
#Script loads the deployed user.launchkeep.GoogleDrive.plist that came from a Casper PKG. Using because Google Drive is randomly crashing on end-user devices.
#Get User Name
loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`
#Confirms working
echo $loggedInUser
#Need to kill Google Drive - found is open load the .plist, the Google Drive Finder window continiously opens.
killall Google Drive
sleep 5s
#moves the .plist to user's folder & ensures correct permissions.
sudo -u $loggedInUser mkdir /Users/$loggedInUser/Library/LaunchAgents
cp /var/mbca/user.launchkeep.GoogleDrive.plist /Users/$loggedInUser/Library/LaunchAgents
chown -R $loggedInUser /Users/$loggedInUser/Library/LaunchAgents
chmod 744 /Users/$loggedInUser/Library/LaunchAgents
#user needs to be able to rx the script
chmod 755 /private/var/mbca/KeepGoogleDriveAlive.sh
#loads the .plist. Must be loaded as the user, not root.
sudo -u $loggedInUser launchctl load /Users/$loggedInUser/Library/LaunchAgents/user.launchkeep.GoogleDrive.plist
exit 0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-30-2016 02:48 PM
@Chris.Lyons What ended up working for you? I'm curious because I'm in the same predicament with different plists.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-05-2016 05:22 AM
jenieze
I had to stop working on this for a short time, I should be back to this some time this week. I will post the results.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-15-2017 11:08 AM
@Chris.Lyons Did you ever figure out how to do this without a reboot? I'm working on updating Pulse Secure and changing connections config and it only seems to work when I reboot.
