Jamf Nation Community

lpadmin · ‎08-11-2014

Hello, I have created a policy to push a local account to all of our enrolled computers. I have labled the Username and Full Name as "Student". The issue is that our students can not go into that account and change the name to their name. After speaking with customer support they do not know of any scripts that would allow a standard user to make the change without a Admin password.

So I am coming here to see if anyone has created a script or has seen one that will allow students to change the name of their account.

mm2270 · ‎08-14-2014

@lpadmin,
Change the line for the "CurrName" from-

CurrName=$(dscl . read /Users/${loggedInUser} RealName | awk '{getline; print}' | sed 's/^ *//')

To

CurrName=$(dscl . read /Users/${loggedInUser} RealName | awk -F: '{print $NF}' | sed -e 's/^ *//;/^$/d')

The "student" accounts may not be putting the full name on a new line, in which case my getline in the awk part would grab the wrong information, hence the eDsAttributeNotFound error (just a theory).

The above new line should work if the name is short and appears on the same line in dscl or on a second line.

View solution in original post

mm2270 · ‎08-11-2014

You spoke to support where? At JAMF? Apple?

Barring possibly modifying the auth.db, or authorization database (which may allow you to grant standard users the ability to modify their own account information), you could do something with Self Service for this. Using either Applescript for the input or another tool like cocoaDialog, pop up a message asking the student for their full name, then use dscl with the captured information to rename the account they are logged in with.
You cannot really easily change the short name or username, but could easily change the Full Name.
The basic syntax, once the full name is captured, would be something like-

dscl . change /Users/student RealName "Student" "$New_Value"

lpadmin · ‎08-11-2014

I spoke with JAMF.

Okay. I am not familiar with using Applescript or cocoaDialog. How would I go about creating this an putting it in Self Service?

mm2270 · ‎08-11-2014

I'll provide an example using cocoaDialog, which you can find here: http://mstratman.github.io/cocoadialog/
I recommend grabbing the download under the cocoaDialog (Development) link, which is a version 3.0 beta.
The app would need to be deployed to all your Macs, whereas Applescript is built in, so that may help you determine which you want to go with. The basic principle will be similar though.

#!/bin/sh

##Path to where cocoaDialog is deployed. The example uses /Applications/Utilities/
CD="/Applications/Utilities/cocoaDialog.app/Contents/MacOS/cocoaDialog"

## Get the logged in user short name (may not be needed if you know this will always run against the "Student" account"
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )

## Show cocoaDialog input box style to ask for the new full name. The dialog will not take blank input ("--value-required" flag)
getNewName=$( "$CD" inputbox --title "Put some title here or a blank space" --label "Enter your Full Name below to rename your account" --text "" --button1 "Enter" --button2 "Cancel" --value-required --icon user --quiet )

## If we got something back for the variable, then the user entered a name. Use it to rename the Student account FullName
if [[ ! -z "$getNewName" ]]; then
    decl . change /Users/$loggedInUser FullName "Student" "$getNewName"
else
    ## The variable was blank so they must have cancelled. Exit
    echo "No new name provided"
    exit 0
fi

bentoms · ‎08-11-2014

Why are you renaming the account at all?

You should be able to use Casper to fill user templates & existing users, so the next thing would be creating the user accounts.

I guess you don't have an directory system? (OD or AD).

calumhunter · ‎08-11-2014

+1 just bind it to a directory service... any directory service, its worth it

lpadmin · ‎08-12-2014

We do not have a directory service set up yet, it is something I will be setting in the near future.

@mm2270, would the script you provided be the same for Applescript? For me it would be easier to get this working in Applescript, since it would less things to push and less things to go wrong.

mm2270 · ‎08-12-2014

@lpadmin - No, it would need to be reworked to use Applescript, at least somewhat.
I'm not as good with Applescript, so give me a few minutes and I'll see what I can post up. You may also want to research it in the meantime. There are dozens of great Applescript resources on the web on how to send up dialogs and ask for input like that. Someone has likely already done something you can use with just a little bit of tweaking.

lpadmin · ‎08-12-2014

@mm2270 thanks for helping me out with this. I am currently looking around to see if someone has already created something that will work for my application. If I find something before you post your post what you worked on I will let you know.

mm2270 · ‎08-12-2014

@lpadmin][/url][/url-
Try this below.
When running from a policy, you might see an error about 'interaction not allowed' or something to that affect. Sometimes when just trying to get the Finder to send up a dialog, the OS gets in the way and stops it unless its being run as the user (instead of root)

This is still a shell script, but uses osascript to run Applescript code within it, just for the purpose of getting an input box dialog up for the user.
Keep in mind one thing I don't know how to do, or if its possible to do, is ensure something was entered. If the user click Submit with an empty field, the script will just exit and do nothing since it checks to make sure the result was not null.

#!/bin/sh

## Get the logged in user short name (may not be needed if you know this will always run against the "Student" account"
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )

getNewName=$(/usr/bin/osascript << EOF
tell application "Finder"
activate
set theName to the text returned of (display dialog "Enter your Full Name below to rename your account" default answer "" buttons {"Enter", "Cancel"} with title "Account Rename")
end tell
EOF)

theAnswer=$(echo "$getNewName")

## If we got something back for the variable, then the user entered a name. Use it to rename the Student account FullName
if [[ ! -z "$theAnswer" ]]; then
    echo "User entered the full name of ${theAnswer}"
    dscl . change /Users/$loggedInUser FullName "Student" "$theAnswer"
else
    ## The variable was blank so they must have cancelled. Exit
    echo "No new name provided"
    exit 0
fi

Edit: Fixed the variable name used for renaming

lpadmin · ‎08-12-2014

@mm2270, thank you so much

I am gettting a compile error on this line at the $ symbol
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )

The error is Syntax Error
Expected expression but found unknown token

bentoms · ‎08-12-2014

@lpadmin it's a bash script calling applescript & not an applescript.

Save it as an .sh file & run via terminal.

Did you want it as an AppleScript.app?

lpadmin · ‎08-12-2014

Okay, running it in the terminal is fine.

Can I just copy and paste this into the terminal or do I have to save it first as a .sh file and run it? If so I do I run it. Sorry about all of the walk through questions I am very new to Mac.

bentoms · ‎08-12-2014

@lpadmin This is to be run by students that are not admins right? Do you use self service? If so, i'd set it as a policy in self service as it'll then be ran as root.

mm2270 · ‎08-12-2014

Yeah, what @bentoms][/url said. That's why I mentioned it was still a shell script. I should have made that more clear though.

If you want it as a pure Applescript, its certainly possible. Just keep in mind if users are not admins, just giving them a local Applescript .app won't do much since it would still need admin/root rights to rename their account. I was thinking more along the lines of dropping this shell script into a policy and enabling it for Self Service for your students to run. I'd recommend setting as a Once per Computer frequency. That way they get one shot at renaming the account (so they aren't tempted to keep changing their account name every week or something silly)

Edit: heh, looks like Ben and I had the same thought at the same time :)

lpadmin · ‎08-12-2014

Yes, this is going to be ran by the students and not admins. I do have self service. So would I run the .sh file in composer and make a dmg out of it. Then create the policy around that package?

mm2270 · ‎08-12-2014

Nope.

• Upload the .sh script into Casper Admin to get it into your JSS, and categorize it (do any syncs to distribution points if that's needed)
• Create a new policy in the JSS.
• For execution frequency, set it to either Once per Computer to whatever you'd like.
• Add something under the scope tab for what computers it should show up for, like a Smart or Static Group for example.
• Still in the policy, enable it for Self Service. Add it to a category, Add a description, icon, etc. Whatever you would normally do to make it appear in Self Service. Maybe force the description to appear so its clear to the students what it will do
• Under the scripts section, click the add button and locate the script and add it in. No need for any parameters or other stuff. Just add the script in.
• If you want, set the policy to collect new inventory.

That should basically be it, although not in front of a JSS right now so I might be missing something small.

Some advice - You should spend some time looking through the Casper Suite Administrators Guide if you aren't already planning to. Especially if some of the above is unfamiliar. You'll want to make sure you know how to set up policies to run items like scripts. You don't always have to have a package for a policy.

lpadmin · ‎08-12-2014

Okay, thanks. I will try this out and let you know if I have any problems.

lpadmin · ‎08-12-2014

Alright I saved the script as a .sh file using BBEdit, uploaded it into Casper Admin, assigned the script to a category. Then set up a policy to make it available in self service. Set the frequency to Once Per computer and checked the box to make it available in Self Service.

One my test computer I opened Self Service and click on the script it said it was running the policy but nothing happened after it was done downloading.

mm2270 · ‎08-12-2014

Check the policy log and copy/paste it here (Sanitize it beforehand by removing any server names/IP addresses, etc if you need to)
Also what OS version was this tested on? And what JSS version?

I'm going to guess this is the "user interaction not allowed" error that I mentioned could rear its head. But post what you can so we can see what's going on.

lpadmin · ‎08-12-2014

Here is the policy log

Executing Policy Change User Name Script...
Running script changeusername.sh...
Script exit code: 54
Script result: User entered the full name of Jane Doe
attribute status: eDSAttributeNotFound DS Error: -14134 (eDSAttributeNotFound)
Running Recon...
Retrieving inventory preferences from https://mdm.server.org:8443/...
Locating accounts...
Locating package receipts...
Searching path: /Users
Locating software updates...
Locating plugins...
Locating printers...
Searching path: /Applications
Gathering application usage information...

mm2270 · ‎08-12-2014

Thanks. I see the issue, and its my mistake. I used the wrong attribute for the rename. Its supposed to be "RealName" not "FullName". So in the line that uses dscl, change it from-

dscl . change /Users/$loggedInUser **FullName** "Student" "$theAnswer"

to

dscl . change /Users/$loggedInUser **RealName** "Student" "$theAnswer"

I bolded the one item that was wrong and should change. Make that change, re-uploaad the script and try it again.

lpadmin · ‎08-12-2014

@mm2270 thank you so much it has worked.

lpadmin · ‎08-14-2014

Hello again, I was wondering if there is a way for this to not accept a Null value?

lpadmin · ‎08-14-2014

So this worked for about a day, and now for some reason it is no longer working. If I set this up in Self Service it runs and I can put a name and hit enter. Even though I put a new name in it never gets changed in the Users & Groups preferences, it just stays as student.

If I set the policy to happen at login and once per user it will run with the same results as above.

If I copy and paste the code into the terminal, I get the pop up and I enter a name and click enter. In the terminal i get the following

## The variable was blank so they must have cancelled. Exit
> echo "No new name provided"
> exit 0[/script]

mm2270 · ‎08-14-2014

Hi @lpadmin.

So just in case this is what you were doing, you can't just copy and paste a script into the Terminal to run it. For something like this, you need to run the script file from Terminal by doing the following-

sudo /path/to//your/script.sh

Enter an admin password when asked to (you can't do this from a non admin account though) and it'll run the local script file.

Second thing is, are you certain all of the accounts are actually named "Student" for the full name and not some variation? The script I posted has that information hardcoded in it, because that's what you said they are all named to, but if they are named anything else it will fail since its expecting to change the name from "Student" to whatever was entered by the user.

Just in case, here's a modified version that will get the logged in users full name, store it in a variable that then gets used for the rename, so even if its something slightly different it should work.

#!/bin/sh

## Get the logged in user's short name
loggedInUser=$( ls -l /dev/console | awk '{print $3}' )

## Get the logged in user's full name
CurrName=$(dscl . read /Users/${loggedInUser} RealName | awk '{getline; print}' | sed 's/^ *//')

getNewName=$(/usr/bin/osascript << EOF
tell application "Finder"
activate
set theName to the text returned of (display dialog "Enter your Full Name below to rename your account" default answer "" buttons {"Enter", "Cancel"} with title "Account Rename")
end tell
EOF)

theAnswer=$(echo "$getNewName")

## If we got something back for the variable, then the user entered a name. Use it to rename the Student account FullName
if [[ ! -z "$theAnswer" ]]; then
    echo "User entered the full name of ${theAnswer}"
    dscl . change /Users/$loggedInUser RealName "${CurrName}" "$theAnswer"
else
    ## The variable was blank so they must have cancelled. Exit
    echo "No new name provided"
    exit 0
fi

Let me know how that works.

As for your other question about not accepting a null value I'm sure there is a way, using AS run handlers or bash functions, etc, but I don't actually have the time to work on that right now. Not sure if someone else wants to step in and take a shot though.

lpadmin · ‎08-14-2014

Thanks, I put this script in my server and tried it with the trigger of once per user. This is the log I got on from my test computer.

Executing Policy Name Change...
Running script accountchange.sh...
Script exit code: 54
Script result: User entered the full name of please work
attribute status: eDSAttributeNotFound DS Error: -14134 (eDSAttributeNotFound)
Running Recon...
Retrieving inventory preferences from https://server.org:8443/...
Locating accounts...
Locating package receipts...
Searching path: /Users
Locating software updates...
Locating plugins...
Locating printers...
Searching path: /Applications
Gathering application usage information...

mm2270 · ‎08-14-2014

@lpadmin,
Change the line for the "CurrName" from-

CurrName=$(dscl . read /Users/${loggedInUser} RealName | awk '{getline; print}' | sed 's/^ *//')

To

CurrName=$(dscl . read /Users/${loggedInUser} RealName | awk -F: '{print $NF}' | sed -e 's/^ *//;/^$/d')

The "student" accounts may not be putting the full name on a new line, in which case my getline in the awk part would grab the wrong information, hence the eDsAttributeNotFound error (just a theory).

The above new line should work if the name is short and appears on the same line in dscl or on a second line.

lpadmin · ‎08-14-2014

That works, again I can not thank you enough for writing these scripts for me.

Jamf Nation Community

Rename User Account