- Jamf Nation Community
- Products
- Jamf Pro
- Re: Osascript within bash ran from Jamf won't work...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Osascript within bash ran from Jamf won't work on non-admin AD accounts
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-08-2019 09:47 AM
Hi,
I need help with a script I want to run as a Jamf policy. It's a bash script with an Applescript entry. If I run the script from Jamf (as a policy) while logged-in with an AD account w/ admin privileges, the script works. If I run the script while logged-in with an AD account without admin privileges it fails. It provides this script result: 78:127: execution error: An error of type -10810 has occurred. (-10810)
If I run the script from the machine itself or through Apple Remote Desktop (as root), it runs as intended, whether the logged-in user has admin privileges or not.
Any help would be appreciated. Thanks.
Here's the script:
!/bin/bash
The user name of the logged-in user
LoggedInUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + " ");')
#########################################
This function mounts the network volume
#########################################
ServerMount()
{
/usr/bin/osascript << EOF
tell application "Finder"
mount volume "smb://$LoggedInUser@company.domain.com/path/to/folder/"
end tell
EOF
}
ServerMount
Labels:
- Labels:
-
Policies
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-08-2019 10:18 AM
@tnibbsjamf
Have you tried searching other admins scripts. This kind of thing has been answered a number of different ways.
Check out this link:
https://www.jamf.com/jamf-nation/discussions/15108/casper-based-share-mount-script
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-08-2019 11:16 AM
@amitvasani
Going to check out the link you posted. Thanks for answering.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-08-2019 11:26 AM
@amitvasani
I know the example I showed involves mounting a server but my question is about the relationship between an Applescript entry in a bash script, Jamf and the type of AD account.
The example I give above is part of a larger bash script that contains Applescript throughout it.
In the example of mounting a server (and I've used other examples), if I use straight bash to mount the server, it works fine. Once I use Applescript within the bash script, it fails.
The script above works fine through Remote Desktop or on the machine itself.
Thanks again for your help.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-17-2019 10:38 AM
@tnibbsjamf Do you have error logs?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-17-2019 11:10 AM
@tnibbsjamf I had nearly the same issue running an older user-input prompt. Terminal needed to access systemEvents. Apple PPPC enabling terminal to use SystemEvents. When manually initiated via "sudo jamf policy" it worked, but when ran by reoccurring check-in, it failed giving off nearly the same error. (sorry, I do not recall the exact error I have since moved over to pashua for user-input)
Jamf Pro now has a configuration profile payload to enable "com.apple.terminal" to use "com.apple.finder". Maybe turning on the Privacy Preference Policy Control (PPPC) will help. It worked for me sometime last year.
I used this Utility prior to Jamf releasing the payload in Config. Profiles.
https://github.com/jamf/PPPC-Utility
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-17-2019 11:11 AM
I believe
tell application "Finder"
mount volume "smb://$LoggedInUser@company.domain.com/path/to/folder/"
end tellis considered "user interaction" and that isn't allowed when run via jamf. I may be 10000% wrong, but i've had a few issues before with applescript and user interaction when ran via jamf.
my workaround has been creating a separate applescript .scptd containing the applescript that needs to run with the correct user permissions -saved as a run only file - deployed and hidden on the machine, then the shell script simply calls the run only .scptd instead of containing it.
________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________
Virtual MacAdmins Monthly Meetup - First Friday, Every Month
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________
Virtual MacAdmins Monthly Meetup - First Friday, Every Month
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-17-2019 11:18 AM
@Hugonaut I believe is correct, we both could be wrong.
My work around for a user-input script that used apple script was to first install the script in /private/tmp then call it using the "files and processes" payload execute command "/private/tmp/UsernamePrompt.sh"
PPPC payload also in configuration profiles.
