Jamf Nation Community

jameson · ‎03-24-2020

So I started to use outset for 1st time login script. I have made a jamfhelper script that I have packaged
So when logging in the jamf helper script appears, so outset does the job - but when I then click on the "ok" button in that should trigger a policy nothing happens
If I run it direct in jamf it works fine, so guess the reason must be something with they way the script is executed?
I also added it to the previliged-once in outset, but there the jamf helper script does not even appear.

Any has some idea ? - or maybe other way I could do ?.

sdagley · ‎03-24-2020

@jameson If you're calling the Jamf binary to trigger a policy you have to be running as root, and if you're running something triggered via a LaunchAgent you'll only have user permissions. If you can re-build your script as something triggered via a LaunchDaemon you'll be running as root and can trigger a policy with the Jamf binary.

jameson · ‎03-24-2020

Well I guess in outset there is something called login-privileged-once that is run as root - or do I misunderstand?. However, nothing is executed when I run the jamfhelper script and nothing even appears

sdagley · ‎03-24-2020

@jameson If your script is in /usr/local/outset/login-privileged-once/ then yes, it looks like it should be run as root by Outset. Can you post your script here for review? (Please be sure to use the code block tag which is a ``` before and after your script so it displays correctly)

jameson · ‎03-24-2020

#!/bin/bash

## Set the variables
JamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"

icon_folder="/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/SharedSupport/Microsoft Error Reporting.app/Contents/Resources/office_threshold_arrow.icns"
icon_size=150
## PREP MESSAGE

afplay --volume 10 /System/Library/Components/CoreAudio.component/Contents/SharedSupport/SystemSounds/system/payment_success.aif

title="Information "
heading="One step left, before you can get access to your email"

descrip="You will need to register the mac in the company portal, before email access will work. 

When you Click 'OK' below the Company Portal will show up.

It will ask for sign in two times and keychain will also popup and ask for password. When Keychain popup appear type password and click 'always allow'.

Click ‘OK’ to register the mac now" 

## Displaying Notification Window (JAMFHelper)
RESULT=$("$JamfHelper" -startlaunchd -windowType utility -title "$title" -heading "$heading" -description "$descrip" -button1 "OK" lockHUD -icon "$icon_folder" -iconSize "$icon_size")

if [ $RESULT == 0 ]; then
    /usr/local/jamf/bin policy -trigger new19

    elif [ $RESULT == 2 ]; then
        exit 0

fi

jameson · ‎03-24-2020

It is placed in login-privileged-once but nothing happens. If I place exact same script in login-once it pops up

sdagley · ‎03-24-2020

@jameson A couple of things look wrong for your call to jamfHelper: -startlaunchd isn't needed, and lockHUD should be -lockHUD but you're not using a HUD windowType is so it's not appropriate. I can't say that's your problem, but try fixing those and see what happens.

jameson · ‎03-24-2020

The same script works fine in login-once, so if it where script error it would not work anywhere I guess

sdagley · ‎03-24-2020

One is running in user context, the other is running in the root context. The behavior is different between the two as you have discovered the hard way.

jameson · ‎03-25-2020

So tried a complete new installation on a new mac (not a VM) and now the jamf helper script is popping up in login-previleged. BUT - when I click OK nothing happens
If I do a terminal and do sudo and run the script file stored in login-previleged folder, it works

So something must be different ?!?

Jamf Nation Community

Outset - Jamf helper script