Jamf Nation Community

rhs615 · ‎01-18-2013

I am looking to refresh self-service at the end of one my scripts in order to detect the new network range.

Some background:
We currently run an applescript that prompts a user for a username and password, connects the Cisco IPSec VPN, and runs "kinit" in order to initialize a kerberos ticket to mount drives off campus. Right now, we scope the VPN and Drives to "off-campus" network segment, so Self-Service shows them 2 policies when they open it (1) Connect VPN and (2) Mount Cloud Drives.

If a user clicks (2) before clicking (1), they have no Kerberos ticket and no VPN connection in order to mount drives.

What I'd like to do is scope the (1) Connect VPN policy to the "Off-Campus" network range, and include something in the script after the VPN connection that refreshes Self-Service (Basically clicks the home button). Doing this will allow me to scope the second part (2) Mount Cloud Drives to the VPN range - only allowing users to attempt to use this when they have a successful VPN connection.

Any ideas how to do this? As mentioned the first script to connect the VPN is currently an AppleScript, but the second script to mount_smbfs is a .Sh script.

Thanks in Advance!

mm2270 · ‎01-18-2013

I'm pretty sure Command-R does a refresh of the Self Service window. At least when I hit that combo i see the window refresh. You can probably place some AS commands in your script to do that at the end, like:

tell application "Self Service"
    activate
    tell application "System Events"
        keystroke "r" using command down
    end tell
end tell

Outside of this, couldn't you just combine the 2 scripts or maybe call the second policy by its ID in the AppleScript when it completes, a la 'sudo jamf policy -id <id>? Is there a reason for having them as 2 separate policies and not just 1 that will connect them, then mount their drive?

rhs615 · ‎01-18-2013

I was just thinking about cmd + R also... I'll give that a shot. We don't combine the scripts because each type of user has their own path (mount_smbfs //fileshare/Students$/$userName OR mount_smbfs //fileshare/Faculty$/$userName. etc) and therefore different scripts for mounting the drive. We would need to do have multiple VPN scripts pointing at differed Policy -id. I guess we could have some logic with a drop down prompt for the user that says Are you a Faculty Member? Student? etc....

mschroder · ‎10-12-2018

Now that Apple has made Macs so secure they essentially become useless, is there still a way to trigger the refresh of the Self Service from a script? Even after I allow jamdAgent to use Accessibility features via a TCC profile I get "execution error: System Events got an error: osascript is not allowed to send keystrokes". Any way how to get around that restriction without opening the flood gates?

dan-snelson · ‎10-12-2018

@mschroder The following appears to be working under macOS 10.14 (18A391) and Jamf Pro 10.7.1 with the proper TCC profiles installed.

Refresh Self Service via Files and Processes Payload Execute Command

mschroder · ‎10-14-2018

@dan-snelson Thanks for the proposal. If it works for you I must be missing something in my TCC profile. I have the 'Jamf Processes - AppleEvent' profile installed, and I have added one for 'JamfAgent - Accessibility', but even with these two I still get "80:114: execution error: System Events got an error: osascript is not allowed to send keystrokes. (1002)" when trying to execute your payload.

Can you give me a hint how I would have to change the TCC profile to allow this? Of course I don't want to allow any osascript to send keystrokes...

dan-snelson · ‎10-17-2018

@mschroder I don't think I did anything special outside of Preparing Your Organization for User Data Protections on macOS 10.14.

Jamf Nation Community

Command to Refresh Self-Service