Is there any documentation about adding a Python script to the JSS?
I have a Python script that takes a couple of parameters that id like to run at login. I have tried to add it but it doesn't seem to work.
So if there is something that covers this from end to end it would be greatly appreciated.
@gfawkes you can find more detailed info in the Casper Admin guide that came with your software. For version 9.65 you'll want to look at pages 317 thru 323.
Basically, if you're adding via the JSS, you add the script via Computer Management -> Scripts. Since you say the script takes a couple of parameters, you can add those on the Options tab. They will be sent to the script by Casper as parameter $4 through $11. On the Options tab, you can give the parameters a label that will help you identify them when adding the script to a policy (or running via Casper Remote).
In your script, you need to change the variables that use the parameters to use $4 through $11 instead. For example, if I had a variable named "myPassword" that read a password pass from the command line, I might make it read $4 and on the policy that I was running the script from, I'd put the password in the Parameter 4 box.
Hopefully that makes sense.
I make many of them. Post your script for advice.
What @stevewood was saying Parameter 4 is sys.arg in python. Be sure to have the proper header on the script: #!/usr/bin/python
Also your parameters can not be of the hyphen variety: Myscript.py -this -that other Does not work.
See line 131 in my script here to see an example. Modify Notification Center for Casper
I am sure that my problem is that i am not sure how to deal with the parameters in JSS.
Matt, its actually one of your scripts i believe! - changesidebarlists I have changed the Casper_mode to true, but honestly i am not sure what to put in the script parameters for the policy (currently parameter 4 is last and 5 is HOMEDIR), and i have not added any options in computer management / scripts - my understanding is that these are labels and have no functionality but I don't really know. The policy is currently set to run at login and refresh interval and to be ongoing.
@gfawkes There was an issue with that script. I found this week that the JSS passes all parameters blank or not, and my script was not expecting that. The github is updated.
However, the last part that updates the users preferences to reflect the changes does not work when sent from the JSS. I am trying to figure that one out.
If you push the script out in a package and run it directly it should work fine. Not sure why that is. I will spend some time today to figure it out. Thanks for the feedback!
This is an exceptional piece of work......
We are a secondary school in the U.K. and you have no idea how much difference this will make. Previously, if you were a teacher instructing your class to save you would have no chance because all the students would see a different sidebar.
As it is, the script is working for us in JSS but i have a couple of observations if you feel like it.....
1) Spaces in the paths - I know you say you have addressed this but i cant seem to add the following path using the JSS:- /volumes/share points/student resources
2) Our desktop and documents folders are redirected and so have alias's in the home area which wont add.
Thanks again Matt, we have noted your request at the top of the script and will see what we can do!
Thank you that is much appreciated!
1) I tested here and mounted volumes with spaces worked fine. Make sure the Volume is mounted first. Are you using a mount script? Perhaps call the sidebar policy after the mount script?
If you do not have one this should work:
osascript -e "tell application "Finder" to mount volume "$4""
$4 is the full path to mount "smb://example.com/hosts/share"
If the password is stored in Keychains or if Kerberos is being used it will mount automatically. Other wise the user is prompted.
Then call the policy with a custom trigger, the entire script would look like this:
osascript -e "tell application "Finder" to mount volume "$4""
jamf policy -event addHomeToSidebar #or whatever your custom trigger is called.
2) What does your redirect look like? The script could be modified for you environment, Line 34 sets the Homedir variable. Current is reading DSCL for it. If you are redirecting to something like /Volumes/homes/[USERNAME] you can substitute line 34 for:
CURRENT_FINDER_HOMEDIR = "/Volumes/homes/" + CURRENT_FINDER_USERNAME
Hope that points you in the right direction. Let me know if you need further clarification.
Hi @matt4836 ,
We do have a elaborate mount script. calling your script doesn't seem to work at all - for mounted or non-mounted volumes for some reason when run as root or user.... the command is being run but produces nothing and we're not getting any debug info. @dmcnaught is having a go as we speak. But it does run perfectly from the terminal. We have not tried the event method yet but i suspect this is going to be the answer. I am sure we will get it to work shortly.
btw, Cash.me doesn't work for us Brits as it requires a US zip code.
Do you have anything on setting the finder preferences for the default view (ie set the default view to column view and remove the icon preview from all views:)
Just to clarify, the login script @gfawkes mentioned above is running from a LaunchDaemon in iHook. Launching the ChangeSidebarLists from this script fails for some reason (which I've seen with some commands running under a LaunchDaemon). I've got a couple of methods that launch it as the user (either as a LaunchAgent or using 'su [username]', which also seem to fail. Now we're calling it as a Custom Event as @matt4836 mentioned above... Will test this next week!
@matt4836 Great script. If you want to add/remove multiple items from the sidebar per client, do you have to set a policy for every item individually?
For example, if I want to remove iCloud Drive, All Items, AirDrop from every client's Finder sidebar, do I need 3 separate policies?
Or do I need just one for remove and then one policy for add? Basically putting multiple values in a single parameter per policy? Hopefully that makes sense.
I am pretty certain you would need separate policies. You could install the script on the computer then use the files and processes tab of the policy to run it multiple times to keep it as one policy. Something like:
execute command: /path/to/script remove iCloud;/path/to/script add HOMEDIR
Hope that makes sense.
Precisely. I like to use the 'Execute command' portion of the policy to avoid having extra scripts. Extra scripts are without a doubt cleaner. This script is essentially the same as dockUtil. They are both written in Python. The main difference–I think you can only modify the sidebar while a user is logged in.
@matt4836 Yes that makes sense.
So planting both scripts on the Mac and then using a LaunchAgent to call script one which has all the references to your sidebar script in it should do the trick. I'll definitely try that out and report back if it works. Thanks for your quick responses and of course, for making the sidebar script to begin with.
@perrycj We created separate policies for each icon we wanted to add / remove. Although you can add more than one copy of the script in each policy I was unable to save different parameters. You can also control the order the policies are run because it seems they are run in alphanumeric order of their title.
The only mod we had to do was to add a small time delay in the script to allow our network homes to mount. the small delay accumulates, so we put the network mounts last.
We tried various other ways of running the script including an event triggered in our login script after the home was mounted, but the problem is that the script tries to work out the logged in user but was unsuccessful in our setup.
In the end, the time delay and running several polices at login has been reliable.
@gfawkes So if I set the policy to run at login or with check in, the policy runs but nothing happens in terms of the side bar and on the JSS it says it runs successfully.
However, if I initiate the policy from the command line (sudo jamf policy -id 8089) for example, it works like it should, removing or adding an item from the sidebar immediately. Have you seen this?
If it runs by check in or login, is it dependent on logging out for changes to show even though they show immediately when run the policy is run from terminal?
@perrycj I didn't have any success with running at check in, only at login command line or self service. This is because the username is not passed at check in.
I could only think of basic things which you probably have covered - execution frequency and scope? But if it's appearing in policy logs as you say then it's definitely running.
We had trouble with it identifying the logged in user. if you set the _debug to True it may help. The script runs itself again, so you should be able to see the user it is trying to run itself as.
Do you have local or network homes? if you are trying to add networked items they may not have been mounted yet. I overcame this by doing the removing and non-networked before the networked items.
I ran this ten seconds ago:
/Users/ms/Documents/GitHub/changeSidebarLists/Change_Sidebar_List.py last HOMEDIR/Documents
It worked as expected. The only thing I can assume is a spelling error?
Does anything else work? Are you sure you set it to "Casper Mode"?
Post your policy, script or terminal output.
The path is being redirected, and if I run the command manually it seems to work, it appears to be more of JSS issue. When I enter homedir/anything in the parameter box of jss and hit save
at that point it gets removed. (nothing wrong with the script I just don't understand why JSS is not allowing me to save parameters with '/' in them
I just stumbled on this thread I can really use your assistance in turning this script into something I can use for casper. Most importantly I would like to see and learn what you did....! Thank you.
I need to turn off the banner alerts and have them be alerts by default for the casper management app
I attached the script and basically through the arguments I just to need to have this ran.
NCutil.py -a alerts com.jamfsoftware.Management-Action
I can get it to work locally on the machine with no issues. Thank you so much.