Help

Script to Run at Login 1x Per user, Per machine

tijones
New Contributor II

Posted on ‎10-20-2012 03:06 PM

Hey Guys,

Im doing it all wrong again (or must be)

I have setup a policy to run once per user at login to run the below script. It works for say me when i login to my own pc, However when I login to another pc it does not run as I think the policy thinks that it only needs to run 1x per user in total rather than 1x per user per machine

How do i create a login script using casper that will run 1x per user no matter how many machines i login to... I have a couple of scripts to run this way

Office Configuration for logged in User

#!/bin/bash
echo "Setting Up Office for logged in User"

/usr/libexec/PlistBuddy -c "set 14\\UserInfo\\UserName $3" /Users/$3/Library/Preferences/com.microsoft.office.plist
UserName=$3
FirstName=`dscl /Active Directory/AUTUNI/All Domains -read /Users/$3 FirstName | sed 's/FirstName://'`
LastName=`dscl /Active Directory/AUTUNI/All Domains -read /Users/$3 LastName  | sed 's/LastName://'`
FullName=`dscl /Active Directory/AUTUNI/All Domains -read /Users/$3 RealName | sed 's/RealName://'`

Initial1="$(echo $FirstName | head -c 1)"
Initial2="$(echo $LastName | head -c 1)"
Initial="$Initial1""$Initial2"
CompanyType="AUT University"
/usr/libexec/PlistBuddy -c "set First Name $FirstName" /Users/$3/Library/Application Support/Microsoft/Office/MeContact.plist
/usr/libexec/PlistBuddy -c "set Last Name $LastName" /Users/$3/Library/Application Support/Microsoft/Office/MeContact.plist
/usr/libexec/PlistBuddy -c "set Name $FullName" /Users/$3/Library/Application Support/Microsoft/Office/MeContact.plist
/usr/libexec/PlistBuddy -c "set Initials $Initial" /Users/$3/Library/Application Support/Microsoft/Office/MeContact.plist
/usr/libexec/PlistBuddy -c "set Business Company $CompanyType" /Users/$3/Library/Application Support/Microsoft/Office/MeContact.plist

exit 0

And adding the user to the admin group (targeted to laptops, staff user accounts) So when the AD staff user is offsite they have Full Admin rights. this again I want to run 1x per user but for that specific user on several machines.

#!/bin/sh

dscl . append /Groups/admin GroupMembership $3

exit 0

Also it seems that i just reimaged my machine here and the script has not run again so even though it has a new image on the device as the policy is user based it thinks it already has run...

0 Kudos
Reply
6 REPLIES 6

tijones
New Contributor II

Posted on ‎10-20-2012 04:41 PM

Oh bugger after a bit more digging looks like casper cant handle this,

https://jamfnation.jamfsoftware.com/featureRequest.html?id=45

How have other people got around this issue with runonce for specific users groups on multiple machines..

0 Kudos
Reply

tijones
New Contributor II

Posted on ‎10-20-2012 05:02 PM

Looks like ill just convert it to a ongoing script, If it slows down my login ill have to change it to apply to user template then self delete for the office one , dont know what ill do about the admin one yet

#!/bin/bash

if [ ! -f /Users/$3/Library/SetOfficeUsername.txt ]

then

    echo "Setting Up Office for logged in User"
    /usr/libexec/PlistBuddy -c "set 14\\UserInfo\\UserName $3" /Users/$3/Library/Preferences/com.microsoft.office.plist
    UserName=$3
    FirstName=`dscl /Active Directory/AUTUNI/All Domains -read /Users/$3 FirstName | sed 's/FirstName://'`
    LastName=`dscl /Active Directory/AUTUNI/All Domains -read /Users/$3 LastName  | sed 's/LastName://'`
    FullName=`dscl /Active Directory/AUTUNI/All Domains -read /Users/$3 RealName | sed 's/RealName://'`
    Initial1="$(echo $FirstName | head -c 1)"
    Initial2="$(echo $LastName | head -c 1)"
    Initial="$Initial1""$Initial2"
    CompanyType="AUT University"
    /usr/libexec/PlistBuddy -c "set First Name $FirstName" /Users/$3/Library/Application Support/Microsoft/Office/MeContact.plist
    /usr/libexec/PlistBuddy -c "set Last Name $LastName" /Users/$3/Library/Application Support/Microsoft/Office/MeContact.plist
    /usr/libexec/PlistBuddy -c "set Name $FullName" /Users/$3/Library/Application Support/Microsoft/Office/MeContact.plist
    /usr/libexec/PlistBuddy -c "set Initials $Initial" /Users/$3/Library/Application Support/Microsoft/Office/MeContact.plist
    /usr/libexec/PlistBuddy -c "set Business Company $CompanyType" /Users/$3/Library/Application Support/Microsoft/Office/MeContact.plist
    touch /Users/$3/Library/SetOfficeUsername.txt
else
    echo "User has been configured before"

fi

exit 0
0 Kudos
Reply

Cem
Valued Contributor

Posted on ‎10-22-2012 06:32 AM

only way I would think of to run this action is using launchd.

Create a LaunchAgent item and point to the script that gives the admin rights (which I would not recommend for the managed environment)

script should determine the logged in user is not already in admin group80. then run.

You can use Lingon to create launchd items. It is pretty staright forward.

0 Kudos
Reply

talkingmoose
Moderator
Moderator

Posted on ‎10-22-2012 08:00 AM

Launchd works well for this but remember that a Launch Agent runs under the user's account. He won't be able to run a script to give himself admin privileges.

A Launch Daemon can run at login just as well and give the user the privileges he needs.

Use this to help determine whether the member is a member of the local admin group:

/usr/sbin/dseditgroup -o checkmember -m userName admin
0 Kudos
Reply

Cem
Valued Contributor

Posted on ‎10-22-2012 10:20 AM

I stand corrected. Launch Daemon is the way to go.

0 Kudos
Reply

talkingmoose
Moderator
Moderator

Posted on ‎10-22-2012 10:44 AM

I have to stand corrected myself. RunAtLoad for a Launch Daemon wouldn't run at login for the user.

A different way of doing this would be to use an Extension Attribute to get a list of local admin users:

dscl . read /groups/admin GroupMembership

Then apply a policy to add the login user to the admin group if he's not a member of the result of the EA.

Be sure to re-inventory the machine to update the EA with the name of the newly added user.

0 Kudos
Reply