New created accounts policy script

leeskade
New Contributor III

Hi all,

Wondering if some of you good wise folk could give some advise on a script i'm trying to run.

I'll firstly explain what i'm trying to achieve. When we login via NoLoad i have EnableFDE on, which is fine but the users don't get a securetoken. I have a nice working policy to grant the securetoken, i would just like to trigger this when a new account logs in. I'd also like to pull down dock items, e.c.t. but the secure token is what i want to achieve.

So how i've tried to achieve this, is via a Launch Daemon that runs a script. I then want this script to create a reference file, so that the next time it tries to run it exit's. I've had this working, it appears tho that the script will not exit and it just continues to run.

I don't want to use the user template and the Jamf login hook appears to try to run the policy but nothing happens. I don't really like using login hooks anyway due to their unreliability so i would rather avoid that.

The script i have it as below:

#!/bin/bash

currentuser=`stat -f "%Su" /dev/console`

        #Current user
        CurrentUser=$(logname)

if [ -f "/Users/"$CurrentUser"/Library/Preferences/newaccountprefs.txt" ]; then
    exit 0
fi

#Preferences to set

touch /Users/$CurrentUser/Library/Preferences/newaccountprefs.txt

#Policies to run

/usr/local/jamf/bin/jamf policy -event dockitems
/usr/local/jamf/bin/jamf policy -event securetoken

/bin/launchctl load /Library/LaunchDaemons/com.newaccountsetup.plist

Does the above script look workable? When i run the script manually as root it does as i want, seems tho when its triggered from the launchd it just runs constantly.

I could be going down the complete wrong road on this one, so i'm happy to listen to any suggestions.

Ultimately all i'd like to achieve is being able to get the created account a securetoken without manually having to run my Self Service script.

1 REPLY 1

ammonsc
Contributor II

Could you just run this with it set to run at Trigger: Recurring Check In and Frequency: Once Per User Per Computer