Posted on 02-27-2012 10:22 AM
Has anyone been able to run a policy to refresh OD MCX settings? I am trying to run a policy to force user machines to refresh their OD MCX settings via a policy that runs daily. This is what I have tried:
#!/bin/sh
PATH=/bin:/usr/bin:/sbin:/usr/sbin export PATH
username=$3
sudo mcxrefresh -n $username
I put this script into a policy set to run with from a self service trigger. it runs, but the problem is that it is failing with an exit code:4
Any ideas?
Solved! Go to Solution.
Posted on 02-27-2012 12:47 PM
Your problem is the Casper $3 variable. That ONLY works for policies using the login (or logout I think) trigger.
I use this line as a variable to determine who is currently logged in.
currentuser=/usr/bin/defaults read /Library/Preferences/com.apple.loginwindow lastUserName
It is 99% accurate. It can get confused if someone logs in via fast user switching.
Here is what you do...
Create a policy to run this script.
Triggered By: every15
Execution Frequency: Whatever you need.
Of course test this for your environment before going live.
#!/bin/sh
####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
# GetMCXForCurrentUser.sh
#
# Get the Casper Managed Prefs (MCX) for the currently logged in user.
#
####################################################################################################
#
# HISTORY
#
# Version: 1.0
#
# - Created by Eric Benfer on January 24th, 2012
#
####################################################################################################
#
# DEFINE VARIABLES & READ IN PARAMETERS
#
####################################################################################################
# HARDCODED VALUES ARE SET HERE
mountPoint=$1
computerName=$2
username=$3
currentuser=`/usr/bin/defaults read /Library/Preferences/com.apple.loginwindow lastUserName`
/bin/echo "currentuser is $currentuser"
####################################################################################################
#
# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
#
####################################################################################################
### Typical Functions you can call on. ###
#
### Ensure we are running this script as root ###
rootcheck () {
if [ "`/usr/bin/whoami`" != "root" ] ; then
echo "script must be run as root"
exit 0
fi
}
#################################################
#
rootcheck
# Use this line if you are using Caser to manage your MCX
#/usr/sbin/jamf mcx -username "$currentuser"
# Use this line If you are using Workgroup Manager and an OD server to manage your MCX
/usr/bin/mcxrefresh -n "$currentuser"
exit 0;
Posted on 02-27-2012 10:24 AM
How about
jamf mcx
the problem with mcx settings is that you want to do this before the user logs in. Or run this and log them out.
Posted on 02-27-2012 10:31 AM
My goal is to refresh MCX settings from Workgroup Manager on an OD server. I can successfully run mcxrefresh -n username from ARD or from a terminal without logging the user out. Doing it takes care of homesync issues and other permission settings like restricted applications. I am not sure what jamf mcx is trying to do. Can you provide some explanation?
Posted on 02-27-2012 10:33 AM
Sorry I assumed that you are using MCX settings from your JSS and not from OD.
If you are using MCX from your JSS
sudo jamf mcx
will refresh MCX settings that are applied via the JSS.
Posted on 02-27-2012 10:35 AM
Gotcha. I have not made the leap to using Casper for MCX control yet. Maybe this on more argument to make the change.
Posted on 02-27-2012 10:39 AM
Have you just though of running a script at logout that would delete the MCX settings locally then on login they would be refreshed by default.
I not 100% sure but MCX settings are applied at login and refreshing them when someone logs in doesn't apply those settings till they have logged out and in again.
Posted on 02-27-2012 12:47 PM
Your problem is the Casper $3 variable. That ONLY works for policies using the login (or logout I think) trigger.
I use this line as a variable to determine who is currently logged in.
currentuser=/usr/bin/defaults read /Library/Preferences/com.apple.loginwindow lastUserName
It is 99% accurate. It can get confused if someone logs in via fast user switching.
Here is what you do...
Create a policy to run this script.
Triggered By: every15
Execution Frequency: Whatever you need.
Of course test this for your environment before going live.
#!/bin/sh
####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
# GetMCXForCurrentUser.sh
#
# Get the Casper Managed Prefs (MCX) for the currently logged in user.
#
####################################################################################################
#
# HISTORY
#
# Version: 1.0
#
# - Created by Eric Benfer on January 24th, 2012
#
####################################################################################################
#
# DEFINE VARIABLES & READ IN PARAMETERS
#
####################################################################################################
# HARDCODED VALUES ARE SET HERE
mountPoint=$1
computerName=$2
username=$3
currentuser=`/usr/bin/defaults read /Library/Preferences/com.apple.loginwindow lastUserName`
/bin/echo "currentuser is $currentuser"
####################################################################################################
#
# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
#
####################################################################################################
### Typical Functions you can call on. ###
#
### Ensure we are running this script as root ###
rootcheck () {
if [ "`/usr/bin/whoami`" != "root" ] ; then
echo "script must be run as root"
exit 0
fi
}
#################################################
#
rootcheck
# Use this line if you are using Caser to manage your MCX
#/usr/sbin/jamf mcx -username "$currentuser"
# Use this line If you are using Workgroup Manager and an OD server to manage your MCX
/usr/bin/mcxrefresh -n "$currentuser"
exit 0;
Posted on 02-28-2012 07:12 AM
This works like a charm! Thanks for the reply.
Posted on 02-28-2012 01:44 PM
Just a little tip.
You can avoid the call to the external program whoami by doing something like this...
for sh:
rootcheck() {
if [ ${EUID} -ne 0 ]; then
echo "script must be run as root"
exit 1
fi
}
or bash:
rootcheck() {
if [[ ${EUID} != 0 ]]; then
echo "script must be run as root"
exit 1
fi
}
And you want a different exit code than 0 because that means there were no errors ;)