- Jamf Nation Community
- Products
- Jamf Pro
- Re: Locking down JamfHelper + LockScreen
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Locking down JamfHelper + LockScreen
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-28-2013 05:41 AM
We had a situation at work where we needed to lock down a few laptops over the summer break. The problem with jamfHelper and OS 10.7 and 10.8 is that you can CMD+Q and it will quit. That is okay if you just want to be annoying, but I want to lock down the computer so you can't CMD+Q the message.
I played around with a few things, like setting the keyboard to some strange language where the Q was located somewhere else but I found a better way.
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/MacOS/LockScreenThis is what Remote Desktop calls when you lock the screen, but it doesn't run on top of JamfHelper and it locks out the keyboard when it is running.
LockScreen supports an attribute tag called -msgHex and if you convert your message to hex it will display fine. But it is easier to use jamfHelper with that, as long as I run LockScreen after it locks out the keyboard and locks down the computer with my custom jamfHelper message.
Example script below..
#!/bin/sh
iconpath=""
icon=""
heading=""
description=""
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -icon "$iconpath$icon" -heading "$heading" -description "$description" &
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/MacOS/LockScreen -session 256 &Now you could use this with your software update routines or other installer routines, just remember you have to kill the process if you want to get keyboard control back
/usr/bin/killall LockScreenAnyway it is working for us rather well, just wanted to share... let me know if I missed anything or it is working for you.
Cheers
Reply
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-24-2013 09:09 AM
On 10.8 and 10.9, you can just use -msg to have lockscreen print out your message e.g.
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/MacOS/LockScreen -session 256 -msg "Hello World!" &I also found that on 10.9, you can launch LockScreen.app if the computer is at the Login Window. This doesn't work on 10.8 though so I'm not sure if this is a new feature or a bug ;)
Here's how you do it:
open /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.appThe only thing is you can't pass any arguments to LockScreen.app (at least I couldn't figure out how to). My kludgey workaround is to change the image that lockscreen displays to include some text. The location of this file is:
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpgI haven't found any size restrictions on this file, but I also haven't tried to do anything too crazy... I just added some text to the default image using Preview.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2014 01:12 AM
Hi
thanks for this. I trying to use it to stop users from opening up applications when doing the office update. But I'm having problems unlocking the screen.
I've got a policy that runs the lock screen script 'Before" and another script with the 'After' tag set to /usr/bin/killall LockScreen but the screen stays locked. Any ideas where i might be going wrong?
thanks
As
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2014 01:36 AM
@designbridge could you post your before script?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-19-2014 09:43 AM
Hi Rob,
thanks for replying. I'm using the same script in your example.
#!/bin/sh
iconpath=""
icon=""
heading=""
description="Dear all, Casper is updating your computer"
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -icon "$iconpath$icon" -heading "$heading" -description "$description" &
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/MacOS/LockScreen -session 256 &
thanks As
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-10-2014 01:23 PM
@rpotvin Thanks for your script! Works great on 10.10 while a user is logged in. However, I haven't been able to get it to work at the login screen. Any suggestions?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-27-2016 08:51 PM
Try killing jamfHelper as well. It worked for me.
My kill script.
#!/bin/sh
/usr/bin/killall LockScreen
/usr/bin/killall jamfHelper
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-20-2016 01:11 PM
I know this is an old thread but it seems to get responses still so I'll add my bit.
I created a customisable set of scripts for use with casper polices for screen locking.
one script, the worker script, is dropped on the machine and the other, the modifier, is run from a policy meaning you can change various values so it can be reused for many uses.
my link text
