New to everything JAMF-Apple-Scripts-HELP

Roaming home directories is a very bad idea. Someone who knows their stuff well can get it to work, but it'll be a headache and you'll end up being lynched by your users.

Instead, you could have those shares auto-mounted. (https://jamfnation.jamfsoftware.com/discussion.html?id=14262). That's possible, but you'll need to know a little bash and applescript.

I recommend before trying to do much, you learn a little about those two languages. Mostly bash.... -t-

+1000 on learning bash, it will save your bacon! Also, talk to your Apple Rep about Enterprise Connect. It will help tremendously with Kerberos Tickets, & password changes, and is capable of auto-mounting file-shares for your users.

@thoule wrote:

Roaming home directories is a very bad idea.

Akin to having your nekked body dragged over broken glass.

Thanks everyone.
I think the struggle for us is we have a very weird setup and we are a financial institute, so we are locked down heavily to.
Ill take a look at the automounts and let you know how I get on

I did get this from MacMule but truthfully do not know where to run it from JSS or local to the mac

15 -- Get the logged in users username 16 set loggedInUser to do shell script "whoami" 17

18 -- Get the Users account UniqueID 19 set accountType to do shell script "dscl . -read /Users/" & loggedInUser & " | grep UniqueID | cut -c 11-" 20

21 -- Get the nodeName from the Users account 22 set nodeName to do shell script "dscl . -read /Users/" & loggedInUser & " | awk '/^OriginalNodeName:/,/^Password:/' | head -2 | tail -1 | cut -c 2-" 23

24 -- Get the Users group membership from AD 25 set ADGroups to do shell script "dscl " & quoted form of nodeName & " -read /Users/" & loggedInUser & " | awk '/^dsAttrTypeNative:memberOf:/,/^dsAttrTypeNative:msExchHomeServerName:/'" 26

27 -- Get the Users AD Home Folder 28 set ADHome to do shell script "dscl " & quoted form of nodeName & " -read /Users/" & loggedInUser & "| grep SMBHome: | cut -c 10- | sed 's/\\///g' " 29

30 -- Checks to see if account is an AD Account, if its not exit 31 if accountType is less than 1000 then 32 tell me to quit 33 end if 34

35 ------------------------------ 36 --- Drives 37 ------------------------------ 38 --Home Folder -- Maps the drive specified in the profile field for the AD User continue if user has no profile path set 39 try 40 41 mount volume "smb:" & ADHome 42 43 on error 44 45 end try 46

47 -- Checks Group Membership for ADGroups contains user & if they -- are in the correct groups, mount shares. --------- 48 if ADGroups contains "GroupName" then 49 mount volume "SMB://server/share" 50 end if

@MichaelH

Post the link where you found this. I'd like to help.

Hi

https://macmule.com/2011/09/08/how-to-map-drives-printers-based-on-ad-group-membership-on-osx/
As I would normally do in the windows world I tried to run each line of the script to see what was happening yet could not figure it out Should I run it through JSS ??

Any help is appreciated Thank you in advance

His script should work but I'm at home and don't have access to an AD environment to test. As for running the script to test, it's an Apple Script so you can't run it line by line in a Terminal window if that's what you have tried.

Going back to the scripting portion it should be packaged and "installed" to each client along with the LaunchDaemon he wrote about. These two files should be copied locally as the LaunchDaemon (think of those as Windows Startup Items) will point to the Applescript to run when someone logs on. Being that it's almost 5AM I need to get some sleep (plus refresh myself on that entire post MacMule made when I'm not in a zombie like state) but surely others will continue to help tomorrow. I'll check this when I get up and add whatever I can to help out. Surely with the great people on here we can get you going in the right direction.

Thanks for that mate Yeah get some sleep, ill keep looking at that and figure out how to package the script and the Launch daemon and have a play around with it Thanks @Snickasaurus

The best way to deploy those (any?) scripts that you want to keep on the machine would be to place them in the location they should run from and then drag them into Composer and create a package, first making sure all scripts have the appropriate permissions. Have you played around with Composer yet?

@MichaelH How's it going? Have you figured out how to deploy the scripts?

@Snickasaurus & @MichaelH FWIW, run is as a LaunchAgent, not a LaunchDaemon.

LaunchAgents run as the user logged in, so the AppleScript will then try & map the drives as the user.

But, to testing the mappings.. Just run the AppleScript app as a user.

Thanks for catching that @bentoms . I've not been sleeping well lately and I let that slip by.

@MichaelH

I am going to quote a favorite movie of mine

"just because you can do something doesn't mean you should.”

And the man who saved Apple

"you are holding it wrong"

Do you have Apple enterprise help? While you are going to get very very very good advice from Jamf Nation ( it's the best by far) ... I would still recommend that you get Apple enterprise support and professional services, we recommend many options here that Apple doesn't, can't and knows better than to recommend ....

If I was supporting a financial institution and I would want the support of Apple for every aspect of my deployment. When something goes wrong you are going to want Apple to have CYA, instead just telling your manager/boss "that is what they told me to do on Jamf Nation"...

I would also bet that Apple can help you a lot with the setting required by your security team.

Good Luck!!!
C

PS if you need an Apple contact let me know and I think rjlemmon is an Apple employee ....

https://jamfnation.jamfsoftware.com/discussion.html?id=17757