Skip to main content
Question

New created accounts policy script

  • December 27, 2018
  • 1 reply
  • 0 views

Forum|alt.badge.img+6

Hi all,

Wondering if some of you good wise folk could give some advise on a script i'm trying to run.

I'll firstly explain what i'm trying to achieve. When we login via NoLoad i have EnableFDE on, which is fine but the users don't get a securetoken. I have a nice working policy to grant the securetoken, i would just like to trigger this when a new account logs in. I'd also like to pull down dock items, e.c.t. but the secure token is what i want to achieve.

So how i've tried to achieve this, is via a Launch Daemon that runs a script. I then want this script to create a reference file, so that the next time it tries to run it exit's. I've had this working, it appears tho that the script will not exit and it just continues to run.

I don't want to use the user template and the Jamf login hook appears to try to run the policy but nothing happens. I don't really like using login hooks anyway due to their unreliability so i would rather avoid that.

The script i have it as below:

#!/bin/bash

currentuser=`stat -f "%Su" /dev/console`

        #Current user
        CurrentUser=$(logname)

if [ -f "/Users/"$CurrentUser"/Library/Preferences/newaccountprefs.txt" ]; then
    exit 0
fi

#Preferences to set

touch /Users/$CurrentUser/Library/Preferences/newaccountprefs.txt

#Policies to run

/usr/local/jamf/bin/jamf policy -event dockitems
/usr/local/jamf/bin/jamf policy -event securetoken

/bin/launchctl load /Library/LaunchDaemons/com.newaccountsetup.plist

Does the above script look workable? When i run the script manually as root it does as i want, seems tho when its triggered from the launchd it just runs constantly.

I could be going down the complete wrong road on this one, so i'm happy to listen to any suggestions.

Ultimately all i'd like to achieve is being able to get the created account a securetoken without manually having to run my Self Service script.

1 reply

Forum|alt.badge.img+10
  • Contributor
  • 126 replies
  • December 28, 2018

Could you just run this with it set to run at Trigger: Recurring Check In and Frequency: Once Per User Per Computer


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings