Help

Remote Management Active Extension Attempt

Go to solution
ahambidge
New Contributor II

Posted on ‎08-21-2013 05:21 AM

Hey guys. I have a script I wrote to use as an extension attribute to check and see if Remote Management is enabled on a machine or not. However, while it runs really well locally, it only returns 'On' when used in an extension attribute, even if I know for a fact Remote Management has been disabled.

I've included the script below. Anyone have any thoughts?

#!/bin/sh

Status=`launchctl list | grep '^d.*RemoteDesktop.*'`

if [ -z "${Status}" ]
    then echo "Off"
else
    echo "On"

fi
0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
mm2270
Legendary Contributor III

Posted on ‎08-21-2013 10:18 AM

The script in the EA is running as root. If you do the above launchctl list command as root you get no results, Doing it as the logged in user you get "-" That's likely why its not working. sudo launchctl list and launchctl list don't look at the same launchd items.

Try getting the logged in user and use that in the below. I didn't really test this, so you'll need to try it and see it it fixes the issue

#!/bin/sh

loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
Status=$( sudo -u $loggedInUser launchctl list | grep com.apple.RemoteDesktop.agent )

if [[ $Status == "-" ]] ; then
    echo "<result>On</result>"
else
    echo "<result>Off</result>"
fi

View solution in original post

0 Kudos

Go to solution
bentoms
Release Candidate Programs Tester

Posted on ‎08-21-2013 10:46 AM

What about: https://jamfnation.jamfsoftware.com/discussion.html?id=1989 then?

(I might have my own version somewhere hence the confusion).

View solution in original post

0 Kudos
11 REPLIES 11

Go to solution
talkingmoose
Moderator
Moderator

Posted on ‎08-21-2013 07:14 AM

If you grep for the process "com.apple.RemoteDesktop.agent" you'll either receive this when enabled:

40689   -   com.apple.RemoteDesktop.agent

or something like this when disabled:

-   0   com.apple.RemoteDesktop.agent

According to the launchctl man page the first column is the PID, the second is the exit status (if not running) and the third is the label or name of the agent. What's important to note is you'll receive some sort of status regardless of whether ARD is enabled in the Sharing pane.

One way to get what you need is to awk for the second text item. If it's " - " then you know Remote Management is running:

#!/bin/sh

Status=$( launchctl list | grep com.apple.RemoteDesktop.agent | awk '{ print $2 }' )

if [ $Status = "-" ] ; then
    echo "On"
else
    echo "Off"
fi
0 Kudos

Go to solution
ahambidge
New Contributor II

Posted on ‎08-21-2013 07:30 AM

talkingmoose, thanks for the script and the idea, and the script itself works. However, when I upload your script into the extension attributes area, the script still returns 'Off' instead of 'On' for a machine with it enabled. :/

0 Kudos

Go to solution
talkingmoose
Moderator
Moderator

Posted on ‎08-21-2013 08:22 AM

Wasn't paying attention this was an extension attribute. Are you making sure to include the result tags?

#!/bin/sh

Status=$( launchctl list | grep com.apple.RemoteDesktop.agent | awk '{ print $2 }' )

if [ $Status = "-" ] ; then
    echo "<result>On</result>"
else
    echo "<result>Off</result>"
fi
0 Kudos

Go to solution
ahambidge
New Contributor II

Posted on ‎08-21-2013 09:40 AM

Yes, I included the results tag. For some reason it appears that it's just not processing the logic correctly? I'm not sure.

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎08-21-2013 10:18 AM

The script in the EA is running as root. If you do the above launchctl list command as root you get no results, Doing it as the logged in user you get "-" That's likely why its not working. sudo launchctl list and launchctl list don't look at the same launchd items.

Try getting the logged in user and use that in the below. I didn't really test this, so you'll need to try it and see it it fixes the issue

#!/bin/sh

loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
Status=$( sudo -u $loggedInUser launchctl list | grep com.apple.RemoteDesktop.agent )

if [[ $Status == "-" ]] ; then
    echo "<result>On</result>"
else
    echo "<result>Off</result>"
fi
0 Kudos

Go to solution
bentoms
Release Candidate Programs Tester

Posted on ‎08-21-2013 10:23 AM

IIRC there is an ARD Status EA Template already in the JSS.

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎08-21-2013 10:33 AM

Not that I can see. There are the ARD Fields 1 -4 EAs, but I don't see anything on our 8.71 JSS that would display the On/Off Status. There could be something here on the Nation that someone already uploaded though.

0 Kudos

Go to solution
bentoms
Release Candidate Programs Tester

Posted on ‎08-21-2013 10:46 AM

What about: https://jamfnation.jamfsoftware.com/discussion.html?id=1989 then?

(I might have my own version somewhere hence the confusion).

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎08-21-2013 10:53 AM

The EA posted by pickerin on that thread should do the trick. Probably better to look for the process running with ps. Although the launchctl method is sound too, assuming the sudo -u trick actually works in an EA. Take your pick I guess.

0 Kudos

Go to solution
ahambidge
New Contributor II

Posted on ‎08-22-2013 05:21 AM

First and foremost, thank all of you for your assistance with this. I would never have remembered that the EA scripts run as root. That perfectly explains why it wasn't working. As a bonus, both scripts work. :)

0 Kudos

Go to solution
ChrisJScott-wor
New Contributor III

Posted on ‎07-11-2017 07:48 AM

Had to tweak mm270's script to get it to work w/ macOS 10.12:

#!/bin/sh

loggedInUser=$( ls -l /dev/console | awk '{print $3}' )
Status=$( sudo -u $loggedInUser launchctl list | grep com.apple.RemoteDesktop.agent  | awk '{ print $1 }')
echo $Status

if [[ $Status == "-" ]] ; then
    echo "<result>Off</result>"
else
    echo "<result>On</result>"
fi
0 Kudos