Posted on 07-10-2017 01:26 PM
We have an osa script that prompts for the machine names (country, location, asset tag, etc), then combines the entries to the machine name. it works fine as a self service script individually or through our DEP process (again a SS workflow).
However when I run it through a policy, the first couple prompts error out but the last few work fine.
I've tried adding a sleep function to it, but it didn't seem to help.
Below is the verbose bash output that was uploaded to the JSS logs (machine name was <scrubbed>).
I've tried making it the 1st or 2nd policy run, but it didn't seem to matter.
Executing Policy 01 Prompt for Computer Name
Running script #Prompt for Computer Name.sh...
Script exit code: 0
Script result: + sleep 10<br/>
++ /usr/bin/osascript<br/>
38:46: execution error: An error of type -10810 has occurred. (-10810)<br/>
+ COUNTRY=<br/>
++ /usr/bin/osascript<br/>
38:46: execution error: System Events got an error: Application isn’t running. (-600)<br/>
+ REGION=<br/>++ /usr/bin/osascript<br/>+ MODEL=<scrubbed><br/>
++ /usr/bin/osascript<br/>
+ TAG=<br/>
+ ComputerName=<scrubbed><br/>
+ echo ushofml65432<br/>
<scrubbed><br/>
+ scutil --set HostName <scrubbed><br/>
+ scutil --set LocalHostName <scrubbed><br/>
+ scutil --set ComputerName <scrubbed><br/>
+ echo Rename Successful<br/>
Rename Successful<br/>
Posted on 07-10-2017 01:54 PM
error of type -10810
basically means an Applescript user interaction prompt from an account other than the logged in user was intercepted and stopped by the OS. For a while now user input prompts run from Jamf Pro scrips (executed as root) have failed. It's a common issue. You don't see the problem when running the script locally because it's running under your account. But when run as root and it tries to do something to interact with the user space, it typically gets stopped by the OS.
Can you post the script? Or at least the relevant parts that aren't executing when done from a policy?
Posted on 07-10-2017 01:57 PM
I can / have run it locally, but usually it's through self service..
it should be okay as root.
#!/bin/bash
#Freddie Cox for Knox County Schools
#Edited by Justin Ellis
#2012
set -x
sleep 10
COUNTRY=`/usr/bin/osascript <<'EOT'
tell application "System Events"
activate
set COUNTRY to text returned of (display dialog "Please Input The Country - " default answer "" with icon 2)
end tell
EOT`
REGION=`/usr/bin/osascript <<'EOT'
tell application "System Events"
activate
set REGION to text returned of (display dialog "Please Input Region - " default answer "" with icon 2)
end tell
EOT`
MODEL=`/usr/bin/osascript <<'EOT'
tell application "System Events"
activate
set MODEL to text returned of (display dialog "Please Input Model - Desktop or Laptop? (ML = laptop, MD = desktop)" default answer "" with icon 2)
end tell
EOT`
TAG=`/usr/bin/osascript <<'EOT'
tell application "System Events"
activate
set TAG to text returned of (display dialog "Please Input The Asset Tag - " default answer "" with icon 2)
end tell
EOT`
ComputerName=$COUNTRY$REGION$MODEL$TAG
#Set New Computer Name
echo $ComputerName
scutil --set HostName $ComputerName
scutil --set LocalHostName $ComputerName
scutil --set ComputerName $ComputerName
echo Rename Successful
Posted on 07-10-2017 02:45 PM
it should be okay as root.
Ah, but it's (usually) not, and it's a common issue as I said. There is actually a difference between running it from Self Service and when it gets called from a regular policy. Is the trigger for the policy where it's failing the Recurring check-in? If so, that gets run by the Jamf LaunchDaemon, so it runs everything as root. With Self Service, some parts run as the user or are able to interact with the console space.
Applescript input dialogs are notorious for having this problem in Casper/Jamf Pro type scripts.
Not that I'm trying to direct you away from Applescript stuff, but have you considered using something like cocoaDialog for this? Despite being ancient as software goes, it still works fine under Sierra. And it doesn't run into the same issue as Applescript does in these cases. (We'll need to see how High Sierra handles it)
If you want to stick with Applescript, you may need to use the su <user> -c
type syntax to run these as the user so the OS doesn't step in and block it. There's also the launchctl asuser syntax, which is my preference since it's more reliable, though a little harder to use. But it's possible and works.
Try the below modified script. I simplified all the calls to start with. Second, this uses that launchctl asuser
syntax for each prompt so it tries running each one as the user. It should still be able to store all the responses and do the rename.
Also, I would consider using the jamf binary for the rename as I have below, since it handles all 3 types of names I believe in one command.
#!/bin/bash
loggedInUser=$(stat -f%Su /dev/console)
loggedInUID=$(id -u $loggedInUser)
COUNTRY=$(/bin/launchctl asuser $loggedInUID sudo -iu $loggedInUser "/usr/bin/osascript -e 'tell application "System Events" to set COUNTRY to text returned of (display dialog "Please Input The Country - " default answer "" with icon 2)'")
REGION=$(/bin/launchctl asuser $loggedInUID sudo -iu $loggedInUser "/usr/bin/osascript -e 'tell application "System Events" to set REGION to text returned of (display dialog "Please Input Region - " default answer "" with icon 2)'")
MODEL=$(/bin/launchctl asuser $loggedInUID sudo -iu $loggedInUser "/usr/bin/osascript -e 'tell application "System Events" to set MODEL to text returned of (display dialog "Please Input Model - Desktop or Laptop? (ML = laptop, MD = desktop)" default answer "" with icon 2)'")
TAG=$(/bin/launchctl asuser $loggedInUID sudo -iu $loggedInUser "/usr/bin/osascript -e 'tell application "System Events" to set TAG to text returned of (display dialog "Please Input The Asset Tag - " default answer "" with icon 2)'")
ComputerName="$COUNTRY$REGION$MODEL$TAG"
#Set New Computer Name
/usr/local/bin/jamf -setComputerName -name "$ComputerName"
Last thing on this. You aren't checking for actual input before trying to rename the computer, which could be a little dangerous. I would probably test to make sure each prompt got a valid response, maybe by checking for non empty results, or results other than null.
Also, not sure if you bind to AD, but if so, keep in mind the 15 character computer name limitation.
Posted on 07-10-2017 03:00 PM
Just out of curiosity do you have any better results using application "SystemUIServer" instead of "System Events"?
I never run osascript as user in policies but I always use SystemUIServer.
Posted on 10-06-2021 10:39 AM
Thanks so much for this @hkabik , switched my apple script to use "SystemUIServer" and got my reset hostname policy to work as part of my DEPNotify setup.
Posted on 07-11-2017 06:26 AM
@mm2270 I tried it, the script errors out (see below). Full disclosure, I didn't write the original script. I just found it and was able to tweak it to suit my needs. I'm open to other methods, but at this particular use case that I'm solving for, is for DEP enrollment using splash buddy , I don't have cD installed at the stage that this is running, but it's not out of the realm of possibility to get loaded, but would lean more towards jamfhelper if possible since it's loaded already from the DEP stuff.
cript result: -bash: /usr/bin/osascript -e 'tell application "System Events" to set COUNTRY to text returned of (display dialog "Please Input The Country - " default answer "" with icon 2)': No such file or directory<br/>-bash: /usr/bin/osascript -e 'tell application "System Events" to set REGION to text returned of (display dialog "Please Input Region - " default answer "" with icon 2)': No such file or directory<br/>-bash: /usr/bin/osascript -e 'tell application "System Events" to set MODEL to text returned of (display dialog "Please Input Model - Desktop or Laptop? (ML = laptop, MD = desktop)" default answer "" with icon 2)': No such file or directory<br/>-bash: /usr/bin/osascript -e 'tell application "System Events" to set TAG to text returned of (display dialog "Please Input The Asset Tag - " default answer "" with icon 2)': No such file or directory<br/><br/>There was an error.<br/><br/> You must specify a computer name. Use the -name flag<br/> Error running script: return code was 1.
Posted on 07-11-2017 09:37 AM
Hmm, yeah, I see the same error. This, again, has to do with the fact that the natural recurring check-in gets called by a LaunchDaemon, so it's run entirely in a root context. Funnily enough, if you call that same policy that runs the script using sudo jamf policy
, the darn thing works, I assume since you are calling the check-in from a user space.
So, give this modification a try. This is a whacky roundabout way of doing it, but I had posted something similar to this on another thread, and it seems to work more reliably. Basically this creates a script in /tmp/ that then gets run as the user, takes the text input and sends it to a local file in /tmp/ which then gets picked up by the main script and does the renaming bit.
#!/bin/bash
loggedInUser=$(stat -f%Su /dev/console)
loggedInUID=$(id -u $loggedInUser)
if [[ "$loggedInUser" != "root" ]] && [[ "$loggedInUser" != "_mbsetup" ]]; then
## Create local script
cat << EOD > /private/tmp/computerrenamescript.sh
#!/bin/bash
COUNTRY=$(/usr/bin/osascript -e 'tell application "System Events" to set COUNTRY to text returned of (display dialog "Please Input The Country - " default answer "" with icon 2)')
REGION=$(/usr/bin/osascript -e 'tell application "System Events" to set REGION to text returned of (display dialog "Please Input Region - " default answer "" with icon 2)')
MODEL=$(/usr/bin/osascript -e 'tell application "System Events" to set MODEL to text returned of (display dialog "Please Input Model - Desktop or Laptop? (ML = laptop, MD = desktop)" default answer "" with icon 2)')
TAG=$(/usr/bin/osascript -e 'tell application "System Events" to set TAG to text returned of (display dialog "Please Input The Asset Tag - " default answer "" with icon 2)')
echo "${COUNTRY}${REGION}${MODEL}${TAG}" > /private/tmp/computerrenametext.txt
EOD
## Make script executable
/bin/chmod +x /private/tmp/computerrenamescript.sh
## Run the script as logged in user
/bin/launchctl asuser "$loggedInUID" sudo -iu "$loggedInUser" "/private/tmp/computerrenamescript.sh"
## Get the new name from the local file
newcomputername=$(cat /tmp/computerrenametext.txt)
if [ ! -z "$newcomputername" ]; then
echo "$newcomputername"
## Rename the computer to the new name
/usr/local/bin/jamf setComputerName -name "$newcomputername"
## Remove local script
rm -f /private/tmp/computerrenamescript.sh
exit 0
else
echo "No name was found to rename to"
## Remove local script
rm -f /private/tmp/computerrenamescript.sh
exit 1
fi
else
echo "No-one logged in. Exiting"
exit 0
fi