I need help with a script I want to run as a Jamf policy. It's a bash script with an Applescript entry. If I run the script from Jamf (as a policy) while logged-in with an AD account w/ admin privileges, the script works. If I run the script while logged-in with an AD account without admin privileges it fails. It provides this script result: 78:127: execution error: An error of type -10810 has occurred. (-10810)
If I run the script from the machine itself or through Apple Remote Desktop (as root), it runs as intended, whether the logged-in user has admin privileges or not.
Any help would be appreciated. Thanks.
Here's the script:
LoggedInUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None]); username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + " ");')
/usr/bin/osascript << EOF
tell application "Finder"
mount volume "smb://$LoggedInUser@company.domain.com/path/to/folder/"
I know the example I showed involves mounting a server but my question is about the relationship between an Applescript entry in a bash script, Jamf and the type of AD account.
The example I give above is part of a larger bash script that contains Applescript throughout it.
In the example of mounting a server (and I've used other examples), if I use straight bash to mount the server, it works fine. Once I use Applescript within the bash script, it fails.
The script above works fine through Remote Desktop or on the machine itself.
Thanks again for your help.
@tnibbsjamf I had nearly the same issue running an older user-input prompt. Terminal needed to access systemEvents. Apple PPPC enabling terminal to use SystemEvents. When manually initiated via "sudo jamf policy" it worked, but when ran by reoccurring check-in, it failed giving off nearly the same error. (sorry, I do not recall the exact error I have since moved over to pashua for user-input)
Jamf Pro now has a configuration profile payload to enable "com.apple.terminal" to use "com.apple.finder". Maybe turning on the Privacy Preference Policy Control (PPPC) will help. It worked for me sometime last year.
I used this Utility prior to Jamf releasing the payload in Config. Profiles.
tell application "Finder" mount volume "smb://$LoggedInUser@company.domain.com/path/to/folder/" end tell
is considered "user interaction" and that isn't allowed when run via jamf. I may be 10000% wrong, but i've had a few issues before with applescript and user interaction when ran via jamf.
my workaround has been creating a separate applescript .scptd containing the applescript that needs to run with the correct user permissions -saved as a run only file - deployed and hidden on the machine, then the shell script simply calls the run only .scptd instead of containing it.
@Hugonaut I believe is correct, we both could be wrong.
My work around for a user-input script that used apple script was to first install the script in /private/tmp then call it using the "files and processes" payload execute command "/private/tmp/UsernamePrompt.sh"
PPPC payload also in configuration profiles.