Jamf Nation Community

@fbaker take a look at this https://macmule.com/2011/09/08/how-to-map-drives-printers-based-on-ad-group-membership-on-osx/

@davidacland

-------------------------------
--- User Information

-- Get the logged in users username
set loggedInUser to do shell script "whoami"

-- Get the Users account UniqueID
set accountType to do shell script "dscl . -read /Users/" & loggedInUser & " | grep UniqueID | cut -c 11-"

-- Get the nodeName from the Users account
set nodeName to do shell script "dscl . -read /Users/" & loggedInUser & " | awk '/^OriginalNodeName:/,/^Password:/' | head -2 | tail -1 | cut -c 2-"

-- Get the Users group membership from AD
set ADGroups to do shell script "dscl " & quoted form of nodeName & " -read /Users/" & loggedInUser & " | awk '/^dsAttrTypeNative:memberOf:/,/^dsAttrTypeNative:msExchHomeServerName:/'"

-- Get the Users AD Home Folder
set ADHome to do shell script "dscl " & quoted form of nodeName & " -read /Users/" & loggedInUser & "| grep SMBHome: | cut -c 10- | sed 's/\\/\//g' "

-- Checks to see if account is an AD Account, if its not exit
if accountType is less than 1000 then
    tell me to quit
end if

-- Checks Group Membership for ADGroups contains user & if they -- are in the correct groups, mount shares.

--Staff Mappings
All my shared drives for staff mapped here


--Student Mappings

All shared student drives mapped here.

I've tried deleting the old .app file out, and getting it from self service, and it still starts to launch, then quits again.

I just created a simple configuration profile that launched the loginscript.app on login. Not sure if there is a better way to do that or not.

Launchd to fire up the app at login is fine, we do the same. Is there any issues with permissions or quarantine flags on the .app?

You can use this command to set the permissions:

chmod -R 755 /path/to/AppleScript.app

And this one to remove the quarantine flag:

xattr -c -R /path/to/AppleScript.app

@fbaker the times it stops immediately. Are they local accounts?

@davidacland I'll check that out Monday morning.

@bentoms they are all logged in to their AD account. Only local account is the admin account.

@fbaker cool. The script will quit if a local account runs it.

If you navigate to the script in the app bundle & run it in Script Editor.. You should be able to run the script & under one of the views it will show you what's being passed when running the commands & could help track down the issue.

@bentoms I've tried and it acts like it's not even running. It starts then stops again. I just get the quick spinning wheel at the bottom when it starts then it stops.

@fbaker Applescript editor will give you SOME feedback.

@bentoms Well on the device that was giving me issues I removed the profiles, unenrolled the device and ran my quickadd back on it. After going through the enrollment process again, it worked just fine. I'll have to look at some of the other laptops that are giving me the same symptoms and look and see what Applescript says.

@fbaker odd. Are you binding via profiles to AD?

@bentoms Yes, the directory binding takes place during my deployment package through self service.

@fbaker is the directory binding taking place via a config profile?

@bentoms No, it's a policy.

@fbaker AD binding was the only profile off the top of my head that might have impacted this.

I have no idea what other profiles you're installing, so no idea what could be being set that might impact things.

@bentoms Only configuration profiles I have are

Finder Preferences
Network for wifi
Login Items (to launch the .app on login)
Login Banner
Default MDM Profile

All very basic things, so it leaves me scratching my head. I think I know of one more MacBook Air that is having this same issue. I'll stop over and take a look, and maybe I can get a clue from Applescript.

At this point I'm just beyond stumped. I've even tried moving the computer in AD to a different OU, which shouldn't make a difference since it's based off a user for the script, and not the actual computer itself.

I'd probably work through a split half search if you can. As you said it worked after removing the profiles, unenrolling and re-enrolling. So if you test after each stage you should be able to determine which step resolved (or is causing) the issue.

If it's the profiles, start with none, then scope them to the Mac one at a time to see what's which one is at fault.

Possibly another unrelated setting that is getting lumped in with one of the config profiles.

@fbaker What @davidacland articulated was what I was trying to say!

It would also be worth testing just the "User Information" part of the script to see if anything comes back from that.