Posted on 12-13-2018 10:22 AM
Hello,
I have a simple script that informs users that they need to enable the securetoken of the local admin account. It works perfectly when I run it locally, but fails when I deploy it via Jamf. I keep getting the error message "Script result: 20:334: execution error: No user interaction allowed. (-1713)"
My script is below:
#!/bin/bash/
messageToDisplay="$4"
policyToExecute="$5"
policyAction="$6"
buttonClicked=$(osascript << EOF
button returned of (display dialog "$messageToDisplay" buttons {"OK", "Cancel"} default button 1)
EOF)
if [[ "$buttonClicked" == "OK" ]];then
open "jamfselfservice://content?entity=policy&id=$5&action=$6"
fi
Solved! Go to Solution.
Posted on 12-14-2018 07:42 AM
Thank you everyone,
I was able resolve the issue by specifying the loggedInUser "$(stat -f%Su /dev/console)", userUID "$(id -u ${loggedInUser})" and by using "/bin/launchctl asuser" in combination with "sudo -iu $loggedInUser". My script is now working properly. Please see below:
messageToDisplay="$4"
policyToExecute="$5"
policyAction="$6"
loggedInUser=$(stat -f%Su /dev/console)
userUID=$(id -u ${loggedInUser})
buttonClicked=$(/bin/launchctl asuser "$userUID" sudo -iu $loggedInUser /usr/bin/osascript << EOF
button returned of (display dialog "$messageToDisplay" buttons {"OK", "Cancel"} default button 1)
EOF)
if [[ "$buttonClicked" == "OK" ]];then
sudo -iu $loggedInUser open "jamfselfservice://content?entity=policy&id=$5&action=$6"
fi
Hope this helps someone in the future!
Posted on 12-13-2018 10:53 AM
Scripts pushed via policy run as root. So root would need to be logged in for the finder to display that dialog.
You probably want to alter the script so you are either directly instructing the SystemUIServer to display the dialog (that way it will pop up for any open UI instance) or have it run as the current logged in user.
Posted on 12-13-2018 11:11 AM
This might work, a few issues with your script but I think I might have fixed them.
#!/bin/bash
messageToDisplay="$4"
policyToExecute="$5"
policyAction="$6"
buttonClicked=$(/usr/bin/osascript -e "button returned of (display dialog "$messageToDisplay" buttons {"Cancel", "OK"} default button 2)")
if [[ "$buttonClicked" == "OK" ]]; then
open "jamfselfservice://content?entity=policy&id=$policyToExecute&action=$policyAction"
fi
exit 0
Posted on 12-14-2018 02:52 AM
Firstly test your script with sudo to see if it works as root. If you find it doesn't, then you can add
thisUser=$(stat -f%Su /dev/console)
su - "$thisUser" -c '
'
to run it as the logged in user - which when dealing with UI stuff and AppleScript is usually quite a good idea anyway!
Otherwise, have a look in System Preferences > Security & Privacy > Privacy
See if there's something that Terminal's able to access for your machine that's not enabled on the test machine.
Hopefully this might be useful
Posted on 12-14-2018 07:42 AM
Thank you everyone,
I was able resolve the issue by specifying the loggedInUser "$(stat -f%Su /dev/console)", userUID "$(id -u ${loggedInUser})" and by using "/bin/launchctl asuser" in combination with "sudo -iu $loggedInUser". My script is now working properly. Please see below:
messageToDisplay="$4"
policyToExecute="$5"
policyAction="$6"
loggedInUser=$(stat -f%Su /dev/console)
userUID=$(id -u ${loggedInUser})
buttonClicked=$(/bin/launchctl asuser "$userUID" sudo -iu $loggedInUser /usr/bin/osascript << EOF
button returned of (display dialog "$messageToDisplay" buttons {"OK", "Cancel"} default button 1)
EOF)
if [[ "$buttonClicked" == "OK" ]];then
sudo -iu $loggedInUser open "jamfselfservice://content?entity=policy&id=$5&action=$6"
fi
Hope this helps someone in the future!
Posted on 12-14-2018 08:32 AM
I realize you already found a solution, which is great! But I wanted to mention that you shouldn't need to use Applescript for this. There's nothing in this that requires it to be applescript, such as choose from list or something. It's just a simple dialog with buttons. If you switch it to jamfHelper, you should have an easier time with it. Example:
#!/bin/bash
messageToDisplay="$4"
policyToExecute="$5"
policyAction="$6"
buttonClicked=$("/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" -windowType utility -description "$messageToDisplay" -button1 OK -button2 Cancel -defaultButton 1)
if [[ "$buttonClicked" == "0" ]]; then
open "jamfselfservice://content?entity=policy&id=$policyToExecute&action=$policyAction"
fi
exit 0
That said, you might still need to add that sudo -iu $loggedInUser
in front of the open command or it may not work due to the policy being run as root and all.