Posted on 08-31-2021 12:59 PM
I posted previously asking if it's possible to add more text fields to DEPNotify. It doesn't seem possible, so after getting some input from others here in Jamf Nation, I wrote this script that uses osascript to prompt for the user (or whoever is setting up the Mac) to give the user's full name and email address. The script works when ran as a normal policy on check-in, and I just got it to work on enrollment. What I was hoping to do was to add it to the policy array in DEPNotify. When I do this, I see that the policy containing the script is running, but I never see the prompt appear. Eventually, the osascript prompt will just time out while DEPNotify is running. Am I wasting my time with this? Is it even possible to have osascript display a message while DEPNotify is running? Script is below:
#!/bin/sh
#Prompts for the user's full name and email address then sends the submitted information to the Mac's inventory in User and Location.
#Prompt user for their name.
nameSubmitted=$(osascript -e 'Tell application "system events" to display dialog "Please enter your name. When prompted, please enter your email address. These will be included in the inventory record for your Mac." default answer "" buttons {"Continue"} default button "Continue"')
echo $nameSubmitted
#Prompt user for their email address.
emailSubmitted=$(osascript -e 'Tell application "system events" to display dialog "Please enter email address." default answer "" buttons {"Continue"} default button "Continue"')
echo $emailSubmitted
#Convert the results from user inputs to a form usable by Jamf Pro.
realName=$(echo $nameSubmitted | sed 's/button returned:Continue, text returned://')
echo $realName
emailAddress=$(echo $emailSubmitted | sed 's/button returned:Continue, text returned://')
echo $emailAddress
#Send the user's name and email address to the Mac's inventory record. Use double quotes for realName to capture first and last name entered by the user.
jamf recon -realname "$realName"
jamf recon -email $emailAddress
Posted on 08-31-2021 01:27 PM
On newer macOS versions, you may need to explicitly run this as the currently logged in user. Something like:
#!/bin/zsh
# get currently logged in user
currentUser=$( /usr/bin/stat -f "%Su" /dev/console )
theCommand='tell application "System Events" to text returned of (display dialog "Please enter your name. When prompted, please enter your email address. These will be included in the inventory record for your Mac." default answer "" buttons {"Continue"} default button "Continue")'
nameSubmitted=$( /bin/launchctl asuser "$currentUser" sudo -iu "$currentUser" /usr/bin/osascript -e "$theCommand" )
Posted on 08-31-2021 02:44 PM
Good idea. I have written scripts that run as the current logged in user so it will be easy to add that.
08-31-2021 01:30 PM - edited 08-31-2021 01:31 PM
@howie_isaacks If you look at the DEPNotify source you'll see that when run in full screen mode the DEPNotify window level is set to maximumWindow which means no normal window can be in front of it. If you want your prompt to be visible you'll need to find a way to display it with a higher window level, possibly overlayWindow or utilityWindow (I haven't tried it myself, so how you'd do that I can't say)
Posted on 08-31-2021 02:43 PM
Interesting. I will look into that. I suspected that may be the cause of the issue.
08-31-2021 03:24 PM - edited 08-31-2021 03:29 PM
I thought that I read a thread on Slack today about this double-window issue...I'll see if I can find the thread.
Apologies is this is not related...
09-01-2021 09:28 AM - edited 09-01-2021 09:30 AM
@howie_isaacks what do you think about not prompting them at all? My script below just uses the information from the logged in user. All you have to do is provide the email domain for your company.
# jamfProUserInfo.sh
# Brandon Woods
# June 2021
# This script locates the current user and updates Jamf Pro with user details
jamfBinary="/usr/local/bin/jamf"
currentUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'`
fullName=`dscl . -read /Users/$currentUser RealName | tail -1`
emailAddress="$currentUser@domain.com"
# Declare variables
echo $currentUser
echo $fullName
echo $emailAddress
# Set username in Jamf Pro
sudo $jamfBinary recon -endUsername "$currentUser"
# Set full name in Jamf Pro
sudo $jamfBinary recon -realname "$fullName"
# Set email address in Jamf Pro
sudo $jamfBinary recon -email "$emailAddress"
# Exit Script
exit 0 ## Success
exit 1 ## Failure
Posted on 09-01-2021 09:38 AM
That's an idea I was going to explore today. I just needed to figure out the best method to do this. Ideally, having it automated is better than prompting. I noticed that the osascript prompts will time out if no input is given. The email address is not as needed as the full name, but one problem I see with using this method is that not all of my clients use the same username format for email address. Most use first initial last name, and another uses firstname.lastname@. The username format used on the Mac would need to match the one used for email. Thanks for posting this.
09-01-2021 09:47 AM - edited 09-01-2021 09:51 AM
This will give you the full name.
#!/bin/bash
currentUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'`
fullName=`dscl . -read /Users/$currentUser RealName | tail -1`
Posted on 09-01-2021 10:28 AM
I could not get that to work but... I did a search for how to use dscl to get the real name of the current logged in user. I found a command somewhat similar to yours, and tested it. When I saw that it worked, I wrote this script.
#!/bin/sh
#Get the full name of the current logged in user.
#who is the current logged in user?
currentUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
echo $currentUser
#What is the full name of the current logged in user?
realName="$(dscl . -read /Users/$currentUser RealName | cut -d: -f2 | sed -e 's/^[ \t]*//' | grep -v "^$")"
echo $realName
#Send the user's full name to the Mac's inventory record. Use double quotes for realName to capture first and last name gathered above.
jamf recon -realname "$realName"
The dscl command came from here.
Posted on 09-01-2021 11:20 AM
<Pedantic Mode> Anyone using a Python call to determine the current user really needs to update that code Python isn't a default install with macOS Monterey, and there are other ways that will work without Python. See https://scriptingosx.com/2020/02/getting-the-current-user-in-macos-update/ for an example. </Pedantic Mode>
Posted on 09-01-2021 11:38 AM
This command has worked well for me when I need to get the current logged in user:
currentuser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
echo $currentuser
I go to that site a lot and I did read that article. Before I deploy any script I test it, test it again, and then test it yet again before I scope it to any production systems. I lost the Mac I was using to test Monterrey. Someone needed it.
Posted on 09-01-2021 10:33 AM
Thanks to everyone who replied to this. For now, I'm going to take the suggestion from @bwoods and just gather the full name automatically, then figure out how to get the email address. I may just sacrifice the asset tag field in DEPNotify and use it instead for getting the email address. I'm really disappointed that the people who created DEPNotify decided to limit the number of text fields to only 2. I will reach out to them and ask them to make this change. Not everyone uses LDAP. We all have our own ways of doing things, and reasons for doing so. I have to work with what I have. I can't work with what I want to have.
Posted on 09-03-2021 12:57 PM
I'm curious if this information already exists somewhere else... say in your IdP directory for instance. It may be worthwhile looking into authenticated enrollment with an enrollment customization. Users are prompted to authenticate using their existing directory credentials during Setup Assistant and Jamf pulls full name, email and even phone number from the directory into the user record and assigns the device to that user.
Posted on 09-07-2021 06:51 AM
I agree. That would be the better solution. Right now, that isn't doable. I want to implement this soon, but I have to first get my clients on board with it.
Posted on 12-28-2021 08:31 AM
Here's what I ultimately ended up doing... I changed the DEPNotify starter script to ask for the user's full name, email address, and their location. The location drop-down will assign the Mac to the building associated with the location chosen. To name the Mac, I wrote a script that first queries the user's full name from their local Mac login account, then it takes their first and last initials, and adds them to the naming scheme I came up with. So far, the change I made to the starter script and the Mac naming script I wrote have achieved the goal that I set out to achieve. I am now writing a totally new enrollment script to replace the DEPNotify starter script. The new script will do everything at once.
Posted on 04-05-2022 02:17 PM
Would you mind sharing the script that you ultimately ended up with? I've been dealing with this issue for the last two weeks. We don't have an LDAP server and our email addresses are first.last@domain.com so i'm trying to figure out how to automatically generate all this information instead of prompting the users.
Posted on 04-05-2022 02:36 PM
You will need to modify this for your needs. My goal was to auto name Macs to use my client company's initials, M for Mac, and then the user's initials. The script checks who the logged in user is, then generates the initials for the end of the computer name. Next, it combines the user info with the naming scheme defined in the script. So if the computer belonged to a company named Dunder Mifflin, and the user's name was Dwight Schrute, the computer name would be DM-M-DS. I was able to include a policy that runs this script in my DEPNotify setup so the computer gets named during setup. It has worked flawlessly each time.
#!/bin/sh
#Rename the Mac using the first and last initial of the user's name. Before using this script, replace "XX" in line 12 with the client company's initials
#Who is the current logged in user?
currentUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
echo $currentUser
#Generate computer name - Replace "XX" with the client company's initials
firstInitial=$(finger -s $currentUser | head -2 | tail -n 1 | awk '{print toupper ($2)}' | cut -c 1)
lastInitial=$(finger -s $currentUser | head -2 | tail -n 1 | awk '{print toupper ($3)}' | cut -c 1)
computerName=$"XX-M-$firstInitial$lastInitial"
echo $computerName
#Send the computer name to inventory record. Wait 5 seconds after each command.
scutil --set ComputerName $computerName
sleep 5
scutil --set LocalHostName $computerName
sleep 5
scutil --set HostName $computerName
sleep 5
#Clear the directory service cache then run a current inventory to send the new Mac name to Jamf Pro
dscacheutil -flushcache
/usr/local/jamf/bin/jamf recon