With our upcoming one-to-one I'm trying to make the first login as easy as possible. So I'm wanting to have this AppleScript run to open Safari and then click on the extensions preference pane so the user can click on the checkbox.
It works when I test it from apple script editor...now just trying to get it to run as an shell script from jamf.@mm2270 You have always been able to nail these kind of things with such ease...would you mind taking a look?
Im sure its my non sleeping brain not working that is the main issue here.
#!/bin/sh
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
sudo - u $currentUser osascript -e "tell application "Safari" to activate
delay 4
tell application "System Events" to tell process "Safari"
keystroke "," using command down
tell window 1
click button "Extensions" of toolbar 1
activate "Extensions"
keystroke return
end tell
end tell"
Gabe Shackney Princeton Public Schools
Best answer by GabePPS
@gshackney , I think you are on the right track with the PPPC, but in testing your code on my machine, it looks like part of it is the way you are embedding AppleScript into shell. You may want to try the heredoc approach. A simple example for clarity would go something like this:
assetTag=$(osascript <<EOF
tell application "System Events" to return the text returned of (display dialog "$message" default answer "JS100144" buttons {"Search"} default button 1)
EOF)
echo $assetTag
But even with the heredoc, I still ran into issues with your sudo -u asking me for a password. Have you tried just letting it run? I think Jamf running the AppleScript will handle the user context just fine. I used to use things like above all the time without a problem.
I look forward to hearing how it goes.
I got this all working and figured I'd post the result. Since this is the first script I run as part of a policy to open safari, creative cloud, word and zoom it has a piece to wait for the login to complete first. I also had to change this recently to run once per user on the reoccurring checkin since it started failing to run during login on 11.4
#!/bin/bash
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
dockStatus=$(pgrep -x Dock)
echo "Waiting for Desktop..."
while [[ "$dockStatus" == "" ]]
do
echo "Desktop is not loaded. Waiting."
sleep 5
dockStatus=$(pgrep -x Dock)
done
sleep 5
echo "$currentUser has successfully logged on! The Dock appaears to be loaded with PID $dockStatus."
sleep 5
sudo -u $currentUser open http://link.princetonk12.org
sudo -u $currentUser osascript <<EOF
tell application "Safari"
activate
delay 3
tell application "System Events"
keystroke "$currentUser"
end tell
end tell
tell application "Safari" to activate
delay 4
tell application "System Events" to tell process "Safari"
keystroke "," using command down
tell window 1
click button "Extensions" of toolbar 1
activate "Extensions"
keystroke return
end tell
end tell
EOF
Sorry worked on this for a few hours and got both scripts baked into one and working to fill our login website with their username and then click on the preferences extensions to allow the user to check the box to enable our Classlink extension in Safari.
Here is the open extensions script:
#!/bin/bash
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
open http://link.princetonk12.org
sudo -u $currentUser osascript <<EOF
tell application "Safari"
activate
delay 3
tell application "System Events"
keystroke "$currentUser"
end tell
end tell
tell application "Safari" to activate
delay 4
tell application "System Events" to tell process "Safari"
keystroke "," using command down
tell window 1
click button "Extensions" of toolbar 1
activate "Extensions"
keystroke return
end tell
end tell
EOF
Looks like it was something with Jamf Remote's permissions. When run from the server in a policy its working to autofill the username and passwords correctly. Im sure its because I whitelisted apple scripts and the ssh-keygen wrapper in the system preferences security accessibility tab.
Final script to populate username with our domain and then populate again for the federated login since adobe doesnt seem to pass that info to the federation screen.
This will probably require giving terminal or Applescript full disk access in TCC land. Typically post Catalina, anything that uses tell application in Applescript is gonna generate a TCC prompt. YMMV
@tlarkin Yea, its loads of fun. But I Loaded up a PPPC Utility with a ton of TCCs until I got it to work. Since I have it triggered on login its really the login window and apple events and disk access. I figured once I saw it work I could start removing some of the tcc things one by one until it doesn't work again so I'm not just leaving it opened for attack.
However now my test machine keeps getting device signature errors on the one user im testing from but not on the local admin user. ARGH! It was right after I got the scripts to work once but still needed to change the delays and timing a bit. Wiping it and starting again. I hope this device signature issue is not a thing that is going to be coming back...
@gshackney , I think you are on the right track with the PPPC, but in testing your code on my machine, it looks like part of it is the way you are embedding AppleScript into shell. You may want to try the heredoc approach. A simple example for clarity would go something like this:
assetTag=$(osascript <<EOF
tell application "System Events" to return the text returned of (display dialog "$message" default answer "JS100144" buttons {"Search"} default button 1)
EOF)
echo $assetTag
But even with the heredoc, I still ran into issues with your sudo -u asking me for a password. Have you tried just letting it run? I think Jamf running the AppleScript will handle the user context just fine. I used to use things like above all the time without a problem.
@gshackney , I think you are on the right track with the PPPC, but in testing your code on my machine, it looks like part of it is the way you are embedding AppleScript into shell. You may want to try the heredoc approach. A simple example for clarity would go something like this:
assetTag=$(osascript <<EOF
tell application "System Events" to return the text returned of (display dialog "$message" default answer "JS100144" buttons {"Search"} default button 1)
EOF)
echo $assetTag
But even with the heredoc, I still ran into issues with your sudo -u asking me for a password. Have you tried just letting it run? I think Jamf running the AppleScript will handle the user context just fine. I used to use things like above all the time without a problem.
I look forward to hearing how it goes.
I got this all working and figured I'd post the result. Since this is the first script I run as part of a policy to open safari, creative cloud, word and zoom it has a piece to wait for the login to complete first. I also had to change this recently to run once per user on the reoccurring checkin since it started failing to run during login on 11.4
#!/bin/bash
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')
dockStatus=$(pgrep -x Dock)
echo "Waiting for Desktop..."
while [[ "$dockStatus" == "" ]]
do
echo "Desktop is not loaded. Waiting."
sleep 5
dockStatus=$(pgrep -x Dock)
done
sleep 5
echo "$currentUser has successfully logged on! The Dock appaears to be loaded with PID $dockStatus."
sleep 5
sudo -u $currentUser open http://link.princetonk12.org
sudo -u $currentUser osascript <<EOF
tell application "Safari"
activate
delay 3
tell application "System Events"
keystroke "$currentUser"
end tell
end tell
tell application "Safari" to activate
delay 4
tell application "System Events" to tell process "Safari"
keystroke "," using command down
tell window 1
click button "Extensions" of toolbar 1
activate "Extensions"
keystroke return
end tell
end tell
EOF
