Help

Policy error message

Go to solution
easyedc
Valued Contributor II

Posted on ‎07-12-2013 12:26 PM

I am using the JAMF Written "display message" script to display a security warning to my end Users. When I let the JAMF automated policy run, no matter what (I'd say 98.5% of the time) I seem to get the below:

/usr/sbin/jamf is version 8.62
Executing Policy Outlook Security Script Force...
Mounting smb://loujsslps01.humana.com/CasperShare to /Volumes/CasperShare...
Running script Microsoft Outlook alert Forced.sh...
Script exit code: 1
Script result: Displaying message to user...
36:758: execution error: An error of type -10810 has occurred. (-10810)
Unmounting file server...

As a work around I tried a variety of scenarios that all fail. I've copied the script to a JSS directory that I store certain local content on workstations for easier self service and have a policy that just calls that script file. I've also run the script directly from the policy both with a before and after execution. All fail.

If I run the script through Casper Remote or SSH into the box and run a JAMF Policy, it works. Has anyone else had something like this happen or can shed some light on that error code? It also works if I Casper Remote or SSH into the box and call the script that is stored locally.

As a note, the script is an acknowledgment message about clients private personal/financial detail and how send through a secure channel to others. I've tried to run the script forced in foreground to get the user to click the acceptance button (thinking it was some sort of timeout error). The only thing I did to the JAMF provided script other than adding my message was change the button from displaying "OK" to "I Understand" in the 'Don't modify below this section' but I don't see how that could be the cause.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
easyedc
Valued Contributor II

Posted on ‎07-15-2013 12:46 PM

Played around with just using a reboot Casper policy as outlined on the below site:

"The simplest way to display a message to users is by typing a message in the Message field on the Reboot tab in a policy or in Casper Remote. If you do not want the client to reboot, you can select the Display message if not rebooting checkbox. However, this method can only be used to display a message after the policy is executed."

https://jamfnation.jamfsoftware.com/article.html?id=107

Not sure why I didn't come up with this sooner. It's a stand alone policy that runs once a week, so if the message doesn't display until everything else in the policy has ran is not an issue.

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
mm2270
Legendary Contributor III

Posted on ‎07-12-2013 12:35 PM

I haven't looked at that Display Message script in a while now, but isn't it using an AppleScript dialog? If so, that may be part of the issue. More recent versions of OS X are more strict about what can be displayed to a user when being called from an acocunt other than theirs, meaning when trying to display dialogs not as the user it can sometimes fail because of sandboxing restrictions. Are these Macs on 10.7 or higher? That's about when a lot of the sandboxing started to show up in OS X.

In general, I don't run into this much when using tools like jamfHelper or cocoaDialog. They both seem to be OK with this, You might want to give one of those a try. Since jamfHelper.app is already on all your Macs, I'd go with that one first.

Search around here on JN for examples of scripts if you haven't used it already. Or, from Terminal, do:

sudo /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -help

To get a rundown of the options.

If you get stuck or need help, just holler. Many of us here have written all kinds of scripts using it.

0 Kudos

Go to solution
easyedc
Valued Contributor II

Posted on ‎07-12-2013 12:51 PM

@MM2270 - I saw your post regarding this (https://jamfnation.jamfsoftware.com/discussion.html?id=6819) but for the life of me I didn't see how it was any different since it becomes a script that I call via policy? Or am I missing the bigger point of JAMFHelper and how to implement it?

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎07-12-2013 12:55 PM

Yes, they are both shell scripts, but I believe the JAMF Display Message script uses osascript to call up an AppleScript dialog, not one from jamfHelper. I could be wrong and will need to dust off my copy of the Resource Kit to take a look.

If it is using an osascript line to call an AppleScript dialog, I would try just using jamfHelper.app to call the dialog instead. You may have better luck with it. I honestly rarely use Applescript dialogs anymore because they seem harder to get working from a Casper policy these days for whatever reason.

Edit: OK, I took a look and I'm wrong. displayMessage,sh, if that's what you used, is calling a jamfHelper dialog.

What could be happening is, you may need to add a flag to the line calling the dialog like this-

/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -description "$message" -button1 "OK" -startlaunchd ;;

The -startlaunchd flag sometimes resolves issues with jamfHelper dialogs not displaying or erroring. You could try that out and see what happens.

0 Kudos

Go to solution
easyedc
Valued Contributor II

Posted on ‎07-15-2013 12:46 PM

Played around with just using a reboot Casper policy as outlined on the below site:

"The simplest way to display a message to users is by typing a message in the Message field on the Reboot tab in a policy or in Casper Remote. If you do not want the client to reboot, you can select the Display message if not rebooting checkbox. However, this method can only be used to display a message after the policy is executed."

https://jamfnation.jamfsoftware.com/article.html?id=107

Not sure why I didn't come up with this sooner. It's a stand alone policy that runs once a week, so if the message doesn't display until everything else in the policy has ran is not an issue.

0 Kudos