Jamf Nation Community

Hello Franton,

Thank you for your response - yes, you're right - I think that would work as a single instance only (I guess opening URL/App on command) - what I need is a steady/permanent implementation that every time a user receives a www.abc.com URL for example, through e-mail, a word doc, etc; Chrome would open this specific URL, even though, the user's default browser is Safari, FF, Opera, etc. All other non-specfic/specified URLs can open on the default browser.

Thank you.

I used to accomplish this with Choosy; it sits as the default browser on the machine, and you can set up rules and hotkeys that determine how it works. http://www.choosyosx.com

Hello JPDyson,

Thank you for your response - yes, I know about Choosy and quite love it!

The thing is that I believe it costs $12 per license - and I know if I present it to Management they won't be onboard with the cost for mass deployment. They feel that's why we have JSS/Casper for.

If you can think of anything (preferably not including additional costs), please let me know. Thank you.

Related, but backwards…

We have an intranet page that we have to open for our users once per day (at login), per management. To minimize disruption, we created a policy to open the page in their default browser that runs once per day, at login and it is one simple line:

$3 open http://intranet_home

Almost works perfectly; Safari opens to this page at login once every day.

The problem is that we don't want it to open Safari, we want it to open in the users' default browser. For those that use Firefox or Chrome, this is an annoyance. This is not on just one system– it is across multiple systems that have been verified to have Firefox or Chrome set as the default browser.

Why is this simple "open" command opening Safari?

@Kevin, not really sure, but its possible this is happening because when the policy runs, its reading the launchservices preferences from your service account, not the logged in user. In other words, your Casper service account is likely "set" to use Safari as the default browser and the policy just reads that and assumes opening it in Safari.

What might work is a more involved script that gets the default browser settings for the logged in user and then uses that in the open command
I literally wrote this direct in the browser window, so not at all tested, but take a look at this to see if it helps-

#!/bin/sh

currUser=$( /usr/bin/who | /usr/bin/awk '/console/{print $1}' )

browser=$( defaults read /Users/$currUser/Library/Preferences/com.apple.LaunchServices | grep -A1 "public.html" | awk '/LSHandlerRoleAll/{ print $NF }' | sed -e 's/"//g;s/;//' )

open -b $browser http://intranet_home

Mike, that appears to have done the trick!

I thought I had that covered by specifying $3 in the original script… My skills exposed!

Thank you-

Edit/Update: I tested this on a couple of boxes and it worked OK. I made it live and now several systems have returned this error:
LSGetApplicationForInfo() failed with error -10814 while trying to determine the application with bundle identifier http://intranet_home

@Kevin,

What I suspect may be happening there is, those users don't actually have a default browser set in their LaunchServices.plist. I'm not 100% sure, but I believe the setting in the plist we're targeting may not exist until you actually go into say, Safari's preferences and set a default browser. If none exists, the OS assumes Safari.

So, because the script is trying to determine the bundle identifier for something not actually set it would error. If it returned an empty string the open command assumed you were trying to use your intranet site as the Bundle Identifier.

What I would try is, using Casper Remote on the Macs that had that failure, send this to them in the Advanced > Run Command field and look at the logs afterwards-

defaults read /Users/<username>/Library/Preferences/com.apple.LaunchServices

Replace <username> with the logged in user of course

I'd be interested to see what's returned, or if there's actually a section for "LSHandlerContentType = "public.html"; If there isn't then it might mean nothing has been explicitly set in the user space, and the OS is just using its own defaults.

If that's the case, a simple if/then check should help. Meaning, read the users default settings from LaunchServices.plist for html documents. If its blank, use a normal 'open' command and don't specify the browser. If its not blank, use whatever bundle identifier was returned with an open -b [bundleid] your.intranet.page

OK, so I went and did a quick check on my theory and looks like I was mostly correct. I created a new local account on my Mac and used Terminal to read its LaunchServices.plist file. What I found was, the file exists, but is essentially empty. The command:

defaults read /Users/localuser/Library/Preferences/com.apple.LaunchServices

returned this:

{
    LSHandlers =     (
    );
}

As such, the longer script line would yield an empty result. It seems those settings in the plist aren't created unless a user specifies a different default browser or email application, etc.
So the open command was doing something like this-

open -b  http://intranet_home

Hence the error you got. It thought you were specifying http://intranet.home as the Bundle Identifier for the open command and that obviously fails.

So, something like this should help catch those instances-

#!/bin/sh

currUser=$( /usr/bin/who | /usr/bin/awk '/console/{print $1}' )

browser=$( defaults read /Users/$currUser/Library/Preferences/com.apple.LaunchServices | grep -A1 "public.html" | awk '/LSHandlerRoleAll/{ print $NF }' | sed -e 's/"//g;s/;//' )
defBrowser="com.apple.safari"

if [ "$browser" != "" ]; then
     open -b $browser http://intranet_home
else
     open -b $defBrowser http://intranet.home
fi

OK, that looks like it does catch those exceptions. Most of my users that are going to log in today have already done so, and this script only runs once per day. By 9AM Tuesday, I will know if it catches 'em all.

Thank you!

Everything looked good today.

Thank you!

@Kevin, glad that worked out for you!

I was searching for something along these lines. Unfortunately, this "method" doesn't seem to work well with Sierra...

But thanks to this thread, I came up with an alternative solution that reflects the times!

Here is a more universal method that works on pretty much all OS X versions...

Local User Accounts

#!/bin/sh

# Get username of locally logged in user
userName=$(/usr/bin/stat -f%Su /dev/console)

# Open page in locally logged in user's default web browser
sudo -u $userName open https://some_web_page.com/

So essentially, we are obtaining the name of the locally logged in user (assuming it's a local account and not some Active Directory / Network account).

Then we are telling the "open" command to run as that user.

No need to query plist files or anything.

Whatever the user's default web browser happens to be is what will be launched.

Active Directory Network Accounts
If you're using Active Directory Network Accounts, you can do something like this...

jamf checkJSSConnection

    if [ $? -eq 0 ]; then

        # Get JSS Computer ID
        # echo "User is ${4} and password is ${5}"

        echo "Getting JSS Computer ID"
        curl -u ${4}:${5} https://jss.domain.com:8443/JSSResource/computers/serialnumber/$SerialNumber > /tmp/jssAPIquery.xml

        # Get User's Active Directory Username
        echo "Getting User's Active Directory Username"
        ADUserName="$(xmllint --xpath "string(//location/username)" /tmp/jssAPIquery.xml)"

                # echo will show up in policy logs to assist in troubleshooting any errors...
                echo $ADUserName

        if [ "$ADUserName" != "" ]; then
            sudo -u $ADUserName open https://some_web_page.com/
        else
                    # echo will show up in policy logs to assist in troubleshooting any errors...
            echo "ERROR: Couldn't retrieve AD user name from JSS"
        fi
    else 
            # echo will show up in policy logs to assist in troubleshooting any errors...
        echo "ERROR: Could not connect to JSS."
    fi

Remember to set ${4} ${5} variables in your policy.

${4} = username
${5} = password

@cainehorr I was just curious if you've had any success with the first script you've posted for Local User Accounts. I've tried implementing it into a self service policy to direct users to a specific url (using the parameters in jamf to have the script run in multiple policies ideally). Every time I run it I receive the "Cannot Install Item, contact your administrator error within self service.