LaunchAgent/Deamon - Script for starting jamf selfservice policy for user

Jacek_ADC
Contributor II

Hello Nation

I started to optimize a few things in our PreStages. Better said, i started with testing for our new PreStage.

Following problem for me:

After my prestage with jamf connect notify script (wich installs everyhing an user need) I need to start instantly after the desktop appears to user the device compliance registration steps for the user. 
In the past I have done this normally with a script and a policy which runs after the macbook is enrolled. The problem with this is that in most cases the script do not start always after the desktop appears. Although not with the login trigger in the policy. 

So my first idea was to do exactly the same but with an launchagent or deamon. So i created a package with an LaunchAgent which should run the script atload. This works fine, but the script doesnt do all the steps.

Because I want keep everything small, I decided to create the launchagent which open only the selfservice policy at load. I dont know why, but this doent really looks that it is working. I am not such experienced scripting jamf user but started now with a few things after my passed jamf 300 course. 

So the device compliance policy can be started automatically but the registration must be done through the user himself

This is like my LaunchAgent looks like: 

The LaunchAgent is stored in /Library/LaunchAgents -> The Launch Agent will be removed in a following policy after the user had registered the device compliance.

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>org.######.jamfselfservice.start.compliance</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/bin/open</string>
        <string>\"jamfselfservice://content?entity=policy&id=658&action=view"\</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>

 

Here is the script i tried as first. This one will be started also with an launchagent:

LaunchAgent:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>org.#####.jamfselfservice.start.compliance</string>
    <key>ProgramArguments</key>
    <array>
        <string>/bin/bash</string>
        <string>/Library/Scripts/DeviceComplianceRegistration.sh</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>

This is the script:

#!/bin/bash

sleep 10
echo > /var/log/DeviceComplianceRegistration.log

# Define Variables
brandIcon="/usr/local/V2ConstantLogos/logo_claim_anmeldung.png"
policyID="658"
#get logged in user
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

answer=$( osascript << EOF
button returned of (display dialog "Please finish setting up your computer by running the Device Compliance Registration policy in Self Service. Click OK to get started!" buttons {"OK"} default button 1 with icon POSIX file "$brandIcon")
EOF
)

echo "$answer"

if [[ $answer -eq "OK" ]]; then
	su "$loggedInUser" -c "killall Self\ Service"
	su "$loggedInUser" -c "open \"jamfselfservice://content?entity=policy&id=$policyID&action=view\""
fi

/usr/local/bin/jamf manage

#sudo jamf recon

exit 0

I like to deploy this directly with the prestage as pkg. 

 I appreciate for any ideas how to go further with this. 

2 REPLIES 2

mm2270
Legendary Contributor III

Instead of using 

su "$loggedInUser" -c

for the commands that need to run as the user, try using the method Armin Briegel outlines in his post here: https://scriptingosx.com/2020/08/running-a-command-as-another-user/

You may get better results. I use this method almost exclusively when I need run something from a root run script as the logged in user.

Jacek_ADC
Contributor II

Thank you, i know this post, but forget about that. Will give a try.