I am trying to install a newer version of what was Junos Pulse now its Pulse Secure without a reboot.
When Updating to the newer version via Casper over the old version when it reboots it automatically picks up the Connections preferences fine. The issue is when Installed and you don't reboot the connections preferences disapears nothing is deleted. So if I locally use these commands in the Terminal
This is to Quit Junos Pulse
launchctl unload -w /Library/LaunchAgents/net.juniper.pulsetray.plist
sudo launchctl unload -w /Library/LaunchDaemons/net.juniper.AccessService.plist
osascript -e 'tell application "Junos Pulse" to quit'
This is to Start it back up after Install:
sudo launchctl load -w /Library/LaunchDaemons/net.juniper.AccessService.plist
launchctl load -w /Library/LaunchAgents/net.juniper.pulsetray.plist
it works but if I put this into a policy the Line "launchctl unload -w /Library/LaunchAgents/net.juniper.pulsetray.plist" i get this for an error from the Policy:
Executing Policy Test FOR VPN Client...
Running script Quit Junos VPN Client...
Script exit code: 0
Script result: /Library/LaunchAgents/net.juniper.pulsetray.plist: Could not find specified service
I haven't tried the Startup script in a Policy but it works fine directly on a machine. I am running OS X 10.10.5 most of the Mac's are Yosemite, then we have a few stragglers of 10.9.5 as well as El Cap Machines. We are Running Casper 9.81.
I know that the commands have changed from Mavericks and older OS's to Yosemite and Higher, so I am looking for insight to what I might be doing wrong.
Thanks in advance.
LaunchAgents run as the user, not root.
If you run:
launchctl list| grep juniper
as both your user account and as root, you'll see different things back. Policies always run as root. In order to get it to work, you'll need to execute launchctl load for the LaunchAgent as the user using bsexec and prayers. It's a PITA.
The issue is that its trying to load a user level LaunchAgent while running from a script being called in a root context. As LaunchAgents are loaded in the user space, this fails if called from a Casper Suite policy (they run as root). You should take a look at this thread for information on how to script around that. The end solution will be a little different if done on 10.9 versus 10.10 and up, but its the same principal for both.
Here's the script I use to load LaunchAgents - different application, but concept still applies:
#!/bin/bash #Script loads the deployed user.launchkeep.GoogleDrive.plist that came from a Casper PKG. Using because Google Drive is randomly crashing on end-user devices. #Get User Name loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None]); username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + " ");'` #Confirms working echo $loggedInUser #Need to kill Google Drive - found is open load the .plist, the Google Drive Finder window continiously opens. killall Google Drive sleep 5s #moves the .plist to user's folder & ensures correct permissions. sudo -u $loggedInUser mkdir /Users/$loggedInUser/Library/LaunchAgents cp /var/mbca/user.launchkeep.GoogleDrive.plist /Users/$loggedInUser/Library/LaunchAgents chown -R $loggedInUser /Users/$loggedInUser/Library/LaunchAgents chmod 744 /Users/$loggedInUser/Library/LaunchAgents #user needs to be able to rx the script chmod 755 /private/var/mbca/KeepGoogleDriveAlive.sh #loads the .plist. Must be loaded as the user, not root. sudo -u $loggedInUser launchctl load /Users/$loggedInUser/Library/LaunchAgents/user.launchkeep.GoogleDrive.plist exit 0