Jamf Nation Community

ImAMacGuy · ‎07-10-2017

We have an osa script that prompts for the machine names (country, location, asset tag, etc), then combines the entries to the machine name. it works fine as a self service script individually or through our DEP process (again a SS workflow).

However when I run it through a policy, the first couple prompts error out but the last few work fine.

I've tried adding a sleep function to it, but it didn't seem to help.

Below is the verbose bash output that was uploaded to the JSS logs (machine name was <scrubbed>).

I've tried making it the 1st or 2nd policy run, but it didn't seem to matter.

Executing Policy 01 Prompt for Computer Name
Running script #Prompt for Computer Name.sh...
Script exit code: 0
Script result: + sleep 10<br/>
++ /usr/bin/osascript<br/>
38:46: execution error: An error of type -10810 has occurred. (-10810)<br/>
+ COUNTRY=<br/>
++ /usr/bin/osascript<br/>
38:46: execution error: System Events got an error: Application isn’t running. (-600)<br/>
+ REGION=<br/>++ /usr/bin/osascript<br/>+ MODEL=<scrubbed><br/>
++ /usr/bin/osascript<br/>
+ TAG=<br/>
+ ComputerName=<scrubbed><br/>
+ echo ushofml65432<br/>
<scrubbed><br/>
+ scutil --set HostName <scrubbed><br/>
+ scutil --set LocalHostName <scrubbed><br/>
+ scutil --set ComputerName <scrubbed><br/>
+ echo Rename Successful<br/>
Rename Successful<br/>

mm2270 · ‎07-10-2017

error of type -10810 basically means an Applescript user interaction prompt from an account other than the logged in user was intercepted and stopped by the OS. For a while now user input prompts run from Jamf Pro scrips (executed as root) have failed. It's a common issue. You don't see the problem when running the script locally because it's running under your account. But when run as root and it tries to do something to interact with the user space, it typically gets stopped by the OS.

Can you post the script? Or at least the relevant parts that aren't executing when done from a policy?

ImAMacGuy · ‎07-10-2017

I can / have run it locally, but usually it's through self service..
it should be okay as root.

#!/bin/bash
#Freddie Cox for Knox County Schools
#Edited by Justin Ellis
#2012
set -x

sleep 10

COUNTRY=`/usr/bin/osascript <<'EOT'
 tell application "System Events"
    activate
    set COUNTRY to text returned of (display dialog "Please Input The Country - " default answer "" with icon 2)
end tell
EOT`
REGION=`/usr/bin/osascript <<'EOT'
 tell application "System Events"
    activate
    set REGION to text returned of (display dialog "Please Input Region - " default answer "" with icon 2)
end tell
EOT`
MODEL=`/usr/bin/osascript <<'EOT'
 tell application "System Events"
    activate
    set MODEL to text returned of (display dialog "Please Input Model - Desktop or Laptop? (ML = laptop, MD = desktop)" default answer "" with icon 2)
end tell
EOT`
TAG=`/usr/bin/osascript <<'EOT'
 tell application "System Events"
    activate
    set TAG to text returned of (display dialog "Please Input The Asset Tag - " default answer "" with icon 2)
end tell
EOT`

ComputerName=$COUNTRY$REGION$MODEL$TAG

#Set New Computer Name
echo $ComputerName
scutil --set HostName $ComputerName
scutil --set LocalHostName $ComputerName
scutil --set ComputerName $ComputerName

echo Rename Successful

mm2270 · ‎07-10-2017

it should be okay as root.

Ah, but it's (usually) not, and it's a common issue as I said. There is actually a difference between running it from Self Service and when it gets called from a regular policy. Is the trigger for the policy where it's failing the Recurring check-in? If so, that gets run by the Jamf LaunchDaemon, so it runs everything as root. With Self Service, some parts run as the user or are able to interact with the console space.
Applescript input dialogs are notorious for having this problem in Casper/Jamf Pro type scripts.

Not that I'm trying to direct you away from Applescript stuff, but have you considered using something like cocoaDialog for this? Despite being ancient as software goes, it still works fine under Sierra. And it doesn't run into the same issue as Applescript does in these cases. (We'll need to see how High Sierra handles it)
If you want to stick with Applescript, you may need to use the su <user> -c type syntax to run these as the user so the OS doesn't step in and block it. There's also the launchctl asuser syntax, which is my preference since it's more reliable, though a little harder to use. But it's possible and works.

Try the below modified script. I simplified all the calls to start with. Second, this uses that launchctl asuser syntax for each prompt so it tries running each one as the user. It should still be able to store all the responses and do the rename.
Also, I would consider using the jamf binary for the rename as I have below, since it handles all 3 types of names I believe in one command.

#!/bin/bash

loggedInUser=$(stat -f%Su /dev/console)
loggedInUID=$(id -u $loggedInUser)

COUNTRY=$(/bin/launchctl asuser $loggedInUID sudo -iu $loggedInUser "/usr/bin/osascript -e 'tell application "System Events" to set COUNTRY to text returned of (display dialog "Please Input The Country - " default answer "" with icon 2)'")

REGION=$(/bin/launchctl asuser $loggedInUID sudo -iu $loggedInUser "/usr/bin/osascript -e 'tell application "System Events" to set REGION to text returned of (display dialog "Please Input Region - " default answer "" with icon 2)'")

MODEL=$(/bin/launchctl asuser $loggedInUID sudo -iu $loggedInUser "/usr/bin/osascript -e 'tell application "System Events" to set MODEL to text returned of (display dialog "Please Input Model - Desktop or Laptop? (ML = laptop, MD = desktop)" default answer "" with icon 2)'")

TAG=$(/bin/launchctl asuser $loggedInUID sudo -iu $loggedInUser "/usr/bin/osascript -e 'tell application "System Events" to set TAG to text returned of (display dialog "Please Input The Asset Tag - " default answer "" with icon 2)'")

ComputerName="$COUNTRY$REGION$MODEL$TAG"

#Set New Computer Name
/usr/local/bin/jamf -setComputerName -name "$ComputerName"

Last thing on this. You aren't checking for actual input before trying to rename the computer, which could be a little dangerous. I would probably test to make sure each prompt got a valid response, maybe by checking for non empty results, or results other than null.
Also, not sure if you bind to AD, but if so, keep in mind the 15 character computer name limitation.

hkabik · ‎07-10-2017

Just out of curiosity do you have any better results using application "SystemUIServer" instead of "System Events"?

I never run osascript as user in policies but I always use SystemUIServer.

cjstandley · ‎10-06-2021

Thanks so much for this @hkabik , switched my apple script to use "SystemUIServer" and got my reset hostname policy to work as part of my DEPNotify setup.

ImAMacGuy · ‎07-11-2017

@mm2270 I tried it, the script errors out (see below). Full disclosure, I didn't write the original script. I just found it and was able to tweak it to suit my needs. I'm open to other methods, but at this particular use case that I'm solving for, is for DEP enrollment using splash buddy , I don't have cD installed at the stage that this is running, but it's not out of the realm of possibility to get loaded, but would lean more towards jamfhelper if possible since it's loaded already from the DEP stuff.

cript result: -bash: /usr/bin/osascript -e 'tell application "System Events" to set COUNTRY to text returned of (display dialog "Please Input The Country - " default answer "" with icon 2)': No such file or directory -bash: /usr/bin/osascript -e 'tell application "System Events" to set REGION to text returned of (display dialog "Please Input Region - " default answer "" with icon 2)': No such file or directory -bash: /usr/bin/osascript -e 'tell application "System Events" to set MODEL to text returned of (display dialog "Please Input Model - Desktop or Laptop? (ML = laptop, MD = desktop)" default answer "" with icon 2)': No such file or directory -bash: /usr/bin/osascript -e 'tell application "System Events" to set TAG to text returned of (display dialog "Please Input The Asset Tag - " default answer "" with icon 2)': No such file or directory There was an error. You must specify a computer name. Use the -name flag Error running script: return code was 1.

mm2270 · ‎07-11-2017

Hmm, yeah, I see the same error. This, again, has to do with the fact that the natural recurring check-in gets called by a LaunchDaemon, so it's run entirely in a root context. Funnily enough, if you call that same policy that runs the script using sudo jamf policy, the darn thing works, I assume since you are calling the check-in from a user space.

So, give this modification a try. This is a whacky roundabout way of doing it, but I had posted something similar to this on another thread, and it seems to work more reliably. Basically this creates a script in /tmp/ that then gets run as the user, takes the text input and sends it to a local file in /tmp/ which then gets picked up by the main script and does the renaming bit.

#!/bin/bash

loggedInUser=$(stat -f%Su /dev/console)
loggedInUID=$(id -u $loggedInUser)

if [[ "$loggedInUser" != "root" ]] && [[ "$loggedInUser" != "_mbsetup" ]]; then
    ## Create local script
    cat << EOD > /private/tmp/computerrenamescript.sh
#!/bin/bash

COUNTRY=$(/usr/bin/osascript -e 'tell application "System Events" to set COUNTRY to text returned of (display dialog "Please Input The Country - " default answer "" with icon 2)')

REGION=$(/usr/bin/osascript -e 'tell application "System Events" to set REGION to text returned of (display dialog "Please Input Region - " default answer "" with icon 2)')

MODEL=$(/usr/bin/osascript -e 'tell application "System Events" to set MODEL to text returned of (display dialog "Please Input Model - Desktop or Laptop? (ML = laptop, MD = desktop)" default answer "" with icon 2)')

TAG=$(/usr/bin/osascript -e 'tell application "System Events" to set TAG to text returned of (display dialog "Please Input The Asset Tag - " default answer "" with icon 2)')

echo "${COUNTRY}${REGION}${MODEL}${TAG}" > /private/tmp/computerrenametext.txt

EOD

    ## Make script executable
    /bin/chmod +x /private/tmp/computerrenamescript.sh

    ## Run the script as logged in user
    /bin/launchctl asuser "$loggedInUID" sudo -iu "$loggedInUser" "/private/tmp/computerrenamescript.sh"

    ## Get the new name from the local file
    newcomputername=$(cat /tmp/computerrenametext.txt)

    if [ ! -z "$newcomputername" ]; then
        echo "$newcomputername"
        ## Rename the computer to the new name
        /usr/local/bin/jamf setComputerName -name "$newcomputername"

        ## Remove local script
        rm -f /private/tmp/computerrenamescript.sh

        exit 0
    else
        echo "No name was found to rename to"

        ## Remove local script
        rm -f /private/tmp/computerrenamescript.sh

        exit 1
    fi
else
    echo "No-one logged in. Exiting"
    exit 0
fi

Jamf Nation Community

script to prompt for computer names