Refresh MCX settings via Casper Policy

kirk_magill
New Contributor

Has anyone been able to run a policy to refresh OD MCX settings? I am trying to run a policy to force user machines to refresh their OD MCX settings via a policy that runs daily. This is what I have tried:

#!/bin/sh
PATH=/bin:/usr/bin:/sbin:/usr/sbin export PATH
username=$3
sudo mcxrefresh -n $username

I put this script into a policy set to run with from a self service trigger. it runs, but the problem is that it is failing with an exit code:4

Any ideas?

1 ACCEPTED SOLUTION

ericbenfer
Contributor II

Your problem is the Casper $3 variable. That ONLY works for policies using the login (or logout I think) trigger.

I use this line as a variable to determine who is currently logged in.
currentuser=/usr/bin/defaults read /Library/Preferences/com.apple.loginwindow lastUserName
It is 99% accurate. It can get confused if someone logs in via fast user switching.

Here is what you do...
Create a policy to run this script.
Triggered By: every15
Execution Frequency: Whatever you need.

Of course test this for your environment before going live.

#!/bin/sh
####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#   GetMCXForCurrentUser.sh
#
#   Get the Casper Managed Prefs (MCX) for the currently logged in user.
#
####################################################################################################
#
# HISTORY
#
#   Version: 1.0
#
#   - Created by Eric Benfer on January 24th, 2012
# 
####################################################################################################
#
# DEFINE VARIABLES & READ IN PARAMETERS
#
####################################################################################################


# HARDCODED VALUES ARE SET HERE
mountPoint=$1
computerName=$2
username=$3
currentuser=`/usr/bin/defaults read /Library/Preferences/com.apple.loginwindow lastUserName`

/bin/echo "currentuser is $currentuser"

####################################################################################################
# 
# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
#
####################################################################################################


### Typical Functions you can call on. ###

#
### Ensure we are running this script as root ###
rootcheck () {
if [ "`/usr/bin/whoami`" != "root" ] ; then
  echo "script must be run as root"
  exit 0
fi
}
#################################################
#

rootcheck

# Use this line if you are using Caser to manage your MCX
#/usr/sbin/jamf mcx -username "$currentuser"

# Use this line If you are using Workgroup Manager and an OD server to manage your MCX
/usr/bin/mcxrefresh -n "$currentuser" 

exit 0;

View solution in original post

8 REPLIES 8

rob_potvin
Contributor III

How about

jamf mcx

the problem with mcx settings is that you want to do this before the user logs in. Or run this and log them out.

kirk_magill
New Contributor

My goal is to refresh MCX settings from Workgroup Manager on an OD server. I can successfully run mcxrefresh -n username from ARD or from a terminal without logging the user out. Doing it takes care of homesync issues and other permission settings like restricted applications. I am not sure what jamf mcx is trying to do. Can you provide some explanation?

rob_potvin
Contributor III

Sorry I assumed that you are using MCX settings from your JSS and not from OD.

If you are using MCX from your JSS

sudo jamf mcx
will refresh MCX settings that are applied via the JSS.

kirk_magill
New Contributor

Gotcha. I have not made the leap to using Casper for MCX control yet. Maybe this on more argument to make the change.

rob_potvin
Contributor III

Have you just though of running a script at logout that would delete the MCX settings locally then on login they would be refreshed by default.

I not 100% sure but MCX settings are applied at login and refreshing them when someone logs in doesn't apply those settings till they have logged out and in again.

ericbenfer
Contributor II

Your problem is the Casper $3 variable. That ONLY works for policies using the login (or logout I think) trigger.

I use this line as a variable to determine who is currently logged in.
currentuser=/usr/bin/defaults read /Library/Preferences/com.apple.loginwindow lastUserName
It is 99% accurate. It can get confused if someone logs in via fast user switching.

Here is what you do...
Create a policy to run this script.
Triggered By: every15
Execution Frequency: Whatever you need.

Of course test this for your environment before going live.

#!/bin/sh
####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#   GetMCXForCurrentUser.sh
#
#   Get the Casper Managed Prefs (MCX) for the currently logged in user.
#
####################################################################################################
#
# HISTORY
#
#   Version: 1.0
#
#   - Created by Eric Benfer on January 24th, 2012
# 
####################################################################################################
#
# DEFINE VARIABLES & READ IN PARAMETERS
#
####################################################################################################


# HARDCODED VALUES ARE SET HERE
mountPoint=$1
computerName=$2
username=$3
currentuser=`/usr/bin/defaults read /Library/Preferences/com.apple.loginwindow lastUserName`

/bin/echo "currentuser is $currentuser"

####################################################################################################
# 
# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
#
####################################################################################################


### Typical Functions you can call on. ###

#
### Ensure we are running this script as root ###
rootcheck () {
if [ "`/usr/bin/whoami`" != "root" ] ; then
  echo "script must be run as root"
  exit 0
fi
}
#################################################
#

rootcheck

# Use this line if you are using Caser to manage your MCX
#/usr/sbin/jamf mcx -username "$currentuser"

# Use this line If you are using Workgroup Manager and an OD server to manage your MCX
/usr/bin/mcxrefresh -n "$currentuser" 

exit 0;

kirk_magill
New Contributor

This works like a charm! Thanks for the reply.

rmanly
Contributor III

Just a little tip.

You can avoid the call to the external program whoami by doing something like this...

for sh:

rootcheck() {
    if [ ${EUID} -ne 0 ]; then
        echo "script must be run as root"
        exit 1
    fi
}

or bash:

rootcheck() {
    if [[ ${EUID} != 0 ]]; then
        echo "script must be run as root"
        exit 1
    fi
}

And you want a different exit code than 0 because that means there were no errors ;)