Jamf Nation Community

brussell · ‎03-12-2014

Can anybody offer any insight as to how to go about scripting Keychain First Aid? I would like to add it as a Self Service Policy to repair keychain issues. Thanks!

krichterjr · ‎03-12-2014

They may or may not help.

Here is an Apple Script that opens KeyChain Access and then KeyChain First Aid. The catch is Apple Script needs to be enabled for Assistive Devices. See more here https://jamfnation.jamfsoftware.com/discussion.html?id=9176#responseChild49975

tell application "Keychain Access" to activate
tell application "System Events"
    tell process "Keychain Access"
        click menu item "Keychain First Aid" of menu "Keychain Access" of menu bar 1
    end tell
end tell

View solution in original post

mm2270 · ‎03-12-2014

Not clear if there's a way to really "script" Keychain First Aid. It seems to be an embedded part of Keychain Access, not a separate app unto itself. You may be able to do something like this-

tell application "System Events"
    tell application "Keychain Access" to activate
    keystroke "a" using {command down, option down}
end tell

Only issue may be when running as a policy I don't know if it will correctly identify the current user, since it displays the logged in user's name and a password field when that comes up. You might need to put that code into a HEREDOC block and call it as the logged in user. Not really sure.

I also took a quick peek at the man page for "security" and I don't see anything about doing verify's or repairs on keychains. So it seems to be a GUI related function only from what I can tell.

krichterjr · ‎03-12-2014

They may or may not help.

Here is an Apple Script that opens KeyChain Access and then KeyChain First Aid. The catch is Apple Script needs to be enabled for Assistive Devices. See more here https://jamfnation.jamfsoftware.com/discussion.html?id=9176#responseChild49975

tell application "Keychain Access" to activate
tell application "System Events"
    tell process "Keychain Access"
        click menu item "Keychain First Aid" of menu "Keychain Access" of menu bar 1
    end tell
end tell

Matt · ‎03-12-2014

I'm just commenting on the Ferret.

Its bossy.

Matt · ‎03-12-2014

I just looked through some terminal commands and none of them seem to coincide with Keychain so you might be stuck to Applescripting.

brussell · ‎03-12-2014

@mattlee, yes, ferrets rock. Thank you all for the help. I will have to go the applescript route.

acdesigntech · ‎03-12-2014

Keychain first aid only helps with the password for the keychain itself. It doesn't do anything for items inside the keychain.

rcorbin · ‎03-12-2014

Didn't @Andrina show a great example of this at JNUC this year. I think she published the script somewhere as well. http://www.youtube.com/watch?v=AzlWdrRc1rY&list=PLlxHm_Px-Ie01lK6FgfdXhk-YuByY6X27&index=15

krichterjr · ‎03-12-2014

I believe her script deletes the keychain and recreates it.

It too is nice to have available. If not for your users but for L1 techs.

https://github.com/andrina/JNUC2013/blob/master/Users%20Do%20Your%20Job/deleteAndcreateKeychain.sh

sardesm · ‎03-19-2015

Does Andrina's script require a restart after running?

stevewood · ‎03-19-2015

@sardesm from what I've seen, yes, for maximum effectiveness a restart is required.

ryan_s · ‎03-24-2015

@krichterjr -- I have read a few of your posts regarding Keychain repair and it's been quite helpful! However, I am currently stuck on how exactly to enable Script Editor for assistive devices. I have tried variations of this:

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceAccessibility','/Applications/Utilities/Script Editor',1,1,1,NULL)"

But so far I have not had luck (referencing http://work.chrisdietrich.de)...it's going to sound dumb but I don't know how to reference Script Editor in this sqlite logic... there is a com.apple.scripteditor or something that I cannot find?

krichterjr · ‎03-25-2015

@rseys I haven't touched this since I originally worked on it and I have actually changed jobs since. With that said, I remember having difficulty with this part as well. I think I ended up saving the script as an Application and then added that Application to the Accessibility db instead of just ScriptEditor.

krichterjr · ‎03-25-2015

@rseys I just tested this out and I believe this should work you. I made a couple of small changes to what you had and this appears to work fine on my machine running 10.10.2. Hope this helps!

sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "INSERT INTO access VALUES('kTCCServiceAccessibility','com.apple.ScriptEditor2',0,1,1,NULL)"

ryan_s · ‎03-25-2015

Worked like a champ! Thank you sir -- I wasn't quite sure how to find the Bundle Identifier (or that "Bundle Identifier" was what I was looking for specifically embarrassed). I looked at the contents of Script Editor and saw com.apple.scripteditor mentioned and assumed that was it.

Anyway, enjoy the new(?) role @krichterjr! I appreciate the assist

Jamf Nation Community

Scripting Keychain First Aid