Running Applescript and defaults script on a mac
Hello,
Please bear with me as I'm new to KACE and mac scripting (2.5 days so far).
I'm trying to accomplish the following:
1. enable screensaver to start with a delay of 15 minutes
2. enable password on wake
I've written the scripts to do this:
1. defaults -currentHost write com.apple.screensaver idleTime 900
2. osascript -e 'tell application ”System Events“ to set require password to wake of security preferences to true'
I have been successful to get this to run on my mac without any issues. i've tested by disabling and then running the script and it works well.
I tried pushing this out to the second mac, and it runs successfuly according to KACE 1000 appliance, but doesn't actually change the settings in the mac.
I spent some time trying to make that work by testing some more, then found if I run the scripts manually on the Mac, then run the KACE script, its successful.
Kind of defeats the purpose if I have to run around to the 125 macs we have to push this script out.
Does anyone have thoughts that might drive me in the right direction? Below is the order of the scripts running for me:
Verify
- Launch “” with params “”System Events“”/usr/bin\osascript-e 'tell application to set require password to wake of security preferences to true'
- Launch “/usr/bin\defaults” with params “-currentHost write com.apple.screensaver idleTime 900”.
On Success
Answers (6)
Don't know if this will help or not. I've found that using online shell scripts work a lot better when working with the macs. I found this on the 'net but can't remember its source and give credit to that person. Maybe it will help?
#!/bin/sh
# HARDCODED VALUES ARE SET HERE
startTime="900"
password="1"
passwordDelay="Immediately"
# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER AND, IF SO, ASSIGN
if [ "$4" != "" ] && [ "$startTime" == "" ];then
startTime=$4
fi
if [ "$5" != "" ] && [ "$password" == "" ];then
password=$5
fi
if [ "$6" != "" ] && [ "$passwordDelay" == "" ];then
passwordDelay=$6
fi
##########
# Get the Universally Unique Identifier (UUID)
#
# Check if hardware is PPC or early Intel
if [[ `ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-50` == "00000000-0000-1000-8000-" ]]; then
LEOUUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c51-62 | awk {'print tolower()'}`
# Check if hardware is new Intel
elif [[ `ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-50` != "00000000-0000-1000-8000-" ]]; then
LEOUUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-62`
fi
#
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
loggedInUserHome=`dscl . -read /Users/$loggedInUser | grep NFSHomeDirectory: | cut -c 19- | head -n 1`
# Sets time of screen saver to come on.
/usr/bin/defaults write "$loggedInUserHome"/Library/Preferences/ByHost/com.apple.screensaver."$LEOUUID" idleTime -int "$startTime"
#
# Sets screen saver to require password (not always needed)
/usr/bin/defaults write "$loggedInUserHome"/Library/Preferences/ByHost/com.apple.screensaver."$LEOUUID" askForPassword -int "$password"
#
# Sets screen saver to require password (not always needed)
/usr/bin/defaults write "$loggedInUserHome"/Library/Preferences/ByHost/com.apple.screensaver."$LEOUUID" "Require Password" -bool TRUE
#
#Correctng Permissions for /Users/loggedInUser/Library/Preferences/ByHost/com.apple.screensaver.UUID
chmod 777 "$loggedInUserHome"/Library/Preferences/ByHost/com.apple.screensaver."$LEOUUID".plist
#
# Sets screen saver to require password
/usr/bin/defaults write "$loggedInUserHome"/Library/Preferences/com.apple.screensaver askForPassword -int "$password"
#
# Sets screen saver password delay
/usr/bin/defaults write "$loggedInUserHome"/Library/Preferences/com.apple.screensaver askForPasswordDelay -int "$passwordDelay"
#
# Correct Permissions for /Library/Preferences/com.apple.screensaver
chmod 777 "$loggedInUserHome"/Library/Preferences/com.apple.screensaver.plist
#
echo "Set Screen Saver for user:" "$loggedInUser"". With home folder located:" "$loggedInUserHome".
Comments:
-
hello Fishyfew,
thanks for this script.
oddly, that does something. I've found that this script runs successfully
Running: /var/kace/SMMP/scripts/187/script.sh 2>&1
Set Screen Saver for user: damien.vince. With home folder located: /Users/damien.vince.
Activity Log
2012-09-25 16:41:04: Alert not enabled, moving to next phase....
2012-09-25 16:41:16: Sending script script.sh to client....
2012-09-25 16:41:26: Script sent
2012-09-25 16:41:26: Executing script....
2012-09-25 16:41:51: Script executed
it changes the check box in the security and privacy window to Require password for sleep and screen saver, though it doesn't actually require the password after the screensaver comes on?
thoughts? - DamienVince 12 years ago -
hmmmm, seems as though it gets enabled after a reboot. I'm continuing to test. - DamienVince 12 years ago
-
Might be the OS itself. I don't have to reboot. Runs great on OS X.5.8 which I'm running tests on now because that's my lowest denominator. I will check OS X.6 shortly and work my way up. - thefishyfew 12 years ago
-
Yes, everything from KACE perspective supposedly works flawlessly for 10.6 and lower, but not 10.7+. The script you gave me earlier works well on 10.7 but requires the reboot.
I just got myself a Mac built with 10.6.8 i'm going to be testing your script and some others. Our problem is that more than 30% of 200 machines are 10.7 so if you hadn't provided that script, the KACE system for making setting changes on a mac might have been pointless. - DamienVince 12 years ago
Ok, doing some more testing this afternoon:
I have created a new script with the following:
Run as online shell script
Run as all logged in users
osascript -e 'tell application "finder" to display dialog "Programming in AppleScript is fun."'
osascript -e 'tell application "System Events" to set require password to wake of security preferences to false'
So with this script, I can get it to launch the Dialog box, but won't change the require password. Note that I'm trying this now on any Mac, whether it worked before or not, and it does not work.
I have been watching the Console screen as the script runs, and I have the following that I think is relevant:
12-09-20 1:15:37.955 PM com.apple.launchd: System: This API can only be used by a process running within an Aqua session.
12-09-20 1:15:37.955 PM osascript: spawn_via_launchd() failed, errno=5 label=[0x0-0x7a07a0].com.apple.systemevents path=/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events flags=0
any thoughts?
Comments:
-
is this leopard? - SMal.tmcc 12 years ago
-
I believe its Lion... version 10.7.4 is what it says. - DamienVince 12 years ago
-
try osascript -e 'tell application "System Events" -e tell security preferences to set require password to wake to false' - SMal.tmcc 12 years ago
-
Not successful.
Output Log
Running: /var/kace/SMMP/scripts/186/script.sh 2>&1
29:80: execution error: Finder got an error: AppleEvent timed out. (-1712)
36:40: syntax error: Expected end of line but found “tellâ€. (-2741)
40:48: execution error: An error of type -10810 has occurred. (-10810)
Activity Log
2012-09-20 23:04:22: Alert not enabled, moving to next phase....
2012-09-20 23:04:23: Sending script script.sh to client....
2012-09-20 23:04:25: Script sent
2012-09-20 23:04:25: Executing script....
2012-09-20 23:06:35: Error 256 received while executing script - DamienVince 12 years ago -
with lion try escaping the quotes
osascript -e 'tell application \"System Events\" to set require password to wake of security preferences to false' - SMal.tmcc 12 years ago -
SMal.tmcc thanks for the help (I am greatful for everyone that is looking at this)
not successful again
Running: /var/kace/SMMP/scripts/186/script.sh 2>&1
29:80: execution error: Finder got an error: AppleEvent timed out. (-1712)
17:18: syntax error: Expected expression, property or key form, etc. but found unknown token. (-2741)
40:48: execution error: An error of type -10810 has occurred. (-10810)
Activity Log
2012-09-20 23:16:26: Alert not enabled, moving to next phase....
2012-09-20 23:16:30: Sending script script.sh to client....
2012-09-20 23:16:34: Script sent
2012-09-20 23:16:34: Executing script....
2012-09-20 23:18:45: Error 256 received while executing script - DamienVince 12 years ago -
doing more research into this error "This API can only be used by a process running within an Aqua session." seems to be a common problem with 10.7 and security changes. - SMal.tmcc 12 years ago
-
I figured it was something like that, do you think there is a solution to the problem? I can't find much on the exact error or how to initiate an "Aqua session" from a shell script. - DamienVince 12 years ago
-
the little I found so far points to the "sandbox" security in this version, I will check with a friend who is a apple genius. - SMal.tmcc 12 years ago
-
So it looks like this isn't possible according to Dell Support. I spoke with a tech support agent this morning, he's saying the new security in Lion and Mountain Lion are preventing these scripts from running. Dell has no plans to support this until Apple changes their security requirements. This is truely unfortunate as there are a lot of things this could be useful for in our environment.
if anyone knows of another way to enforce password policies or pushing scripts out to Lion or Mountain Lion, I'd sure be appreciative of that conversation. - DamienVince 12 years ago -
This is from an apple guru:
He might need to enable "Remote Apple Events" in the Sharing preference panel.
or, compile his applescript into a GUI application with Applescript Editor
then it WILL be running in an Aqua session
"Aqua" is the GUI, so essentially it's telling him he's not allowed to do that from the command line
and "Remote Apple Events" is running Applescript over the network, so that might need to be enable for him to push applescript to the computer via KACE - SMal.tmcc 12 years ago -
Thanks for that.
I've perfomed the enable "Remote Apple Events" and run getting the following error:
Output Log
Running: /var/kace/SMMP/scripts/186/script.sh 2>&1
17:18: syntax error: Expected expression, property or key form, etc. but found unknown token. (-2741)
40:48: execution error: An error of type -10810 has occurred. (-10810)
Activity Log
2012-09-24 17:50:55: Alert not enabled, moving to next phase....
2012-09-24 17:51:08: Sending script script.sh to client....
2012-09-24 17:51:20: Script sent
2012-09-24 17:51:20: Executing script....
2012-09-24 17:52:10: Error 256 received while executing script
I'm researching the GUI application now. - DamienVince 12 years ago -
have you reverted back to your original script? - SMal.tmcc 12 years ago
-
i have tried that yes. - DamienVince 12 years ago
-
can you see /var/kace/SMMP/scripts/186/script.sh is still there and list it - SMal.tmcc 12 years ago
-
was reading and looks like a format error and found a couple of blurbs about trying this again.....
try escaping the quotes
osascript -e 'tell application \"System Events\" to set require password to wake of security preferences to false' - SMal.tmcc 12 years ago -
http://hintsforums.macworld.com/archive/index.php/t-22711.html - SMal.tmcc 12 years ago
-
So I've done the following:
put the \"System Events\" in the script.
I've enabled the "remote apple events"
and I get the following on the error:
Output Log
Running: /var/kace/SMMP/scripts/186/script.sh 2>&1
17:18: syntax error: Expected expression, property or key form, etc. but found unknown token. (-2741)
40:48: execution error: An error of type -10810 has occurred. (-10810)
Activity Log
2012-09-24 21:54:11: Alert not enabled, moving to next phase....
2012-09-24 21:54:21: Sending script script.sh to client....
2012-09-24 21:54:44: Script sent
2012-09-24 21:54:44: Executing script....
2012-09-24 21:55:07: Error 256 received while executing script - DamienVince 12 years ago -
and yes the script.sh file is there
Damiens-MacBook-Pro:186 damien.vince$ pwd
/var/kace/SMMP/scripts/186
Damiens-MacBook-Pro:186 damien.vince$ sudo cat script.sh
osascript -e 'tell application \"System Events\" to set require password to wake of security preferences to false'
defaults -currentHost write com.apple.screensaver askForPasswordDelay -int 1000
osascript -e 'tell application "ScreenSaverEngine" to activate' - DamienVince 12 years ago -
lets try just doing the top half of the script only and see if it goes (osascript -e 'tell application "System Events" to set require password to wake of security preferences to false')
I think the second part needs different verbage like (defaults write com.apple.screensaver askForPasswordDelay -int 1000) - SMal.tmcc 12 years ago-
tell application "System Events"
set ss to screen saver "Random"
start ss
end tell - SMal.tmcc 12 years ago
-
Doesn't look like it. so only one line now in my script
osascript -e 'tell application \"System Events\" to set require password to wake of security preferences to true'
Running: /var/kace/SMMP/scripts/186/script.sh 2>&1
17:18: syntax error: Expected expression, property or key form, etc. but found unknown token. (-2741)
Activity Log
2012-09-25 14:47:53: Alert not enabled, moving to next phase....
2012-09-25 14:48:07: Sending script script.sh to client....
2012-09-25 14:48:32: Script sent
2012-09-25 14:48:32: Executing script....
2012-09-25 14:48:55: Error 256 received while executing script
2012-09-25 14:48:55: Uploading scripts/186/test.sh to K1000....
2012-09-25 14:49:07: Error 99 received while uploading test.sh from client - DamienVince 12 years ago -
The syntax error is coming from \"System Events\". Take out the slashes and it works great. Even in OS X.8. - thefishyfew 12 years ago
-
that script does not work great in the KACE environment, 10.7+ generates errors with or without the slashes. - DamienVince 12 years ago
localUsers=$( dscl . list /Users UniqueID | awk '$2 >= 501 {print $1}' | grep -v admin )
hwUUID=$(/usr/sbin/system_profiler SPHardwareDataType 2>/dev/null | grep "Hardware UUID" 2>/dev/null | cut -c22-57 2>/dev/null)
echo "$localUsers" | while read userName; do
sudo -u $userName defaults write /Users/$userName/Library/Preferences/com.apple.screensaver askForPassword -int 1 2>/dev/null
sudo -u $userName defaults write /Users/$userName/Library/Preferences/com.apple.screensaver askForPasswordDelay -float 5 2>/dev/null
sudo -u $userName defaults write /Users/$userName/Library/Preferences/ByHost/com.apple.screensaver.$hwUUID.plist idleTime -int 300 2>/dev/null
sudo -u $userName defaults write /Users/$userName/Library/Preferences/ByHost/com.apple.screensaver idleTime -int 300 2>/dev/null
killall cfprefsd
done
Without the sudo -u $userName part at the beginning of each line, the files were getting updated but System Preferences wouldn't reflect the change until after you restarted. When sudoing as the local user, it is reflected in System Prefs immediately, and more importantly, it is enforced immediately.
Edit: had to fix the formatting in my code above.
For an offline script, just take the same code above, add #!/bin/sh to the top, save it as "macscreensaver.sh" and make it a dependency. In the tasks, set Verify to always fail, and Remediation to:
Launch “$(KACE_DEPENDENCY_DIR)\macscreensaver.sh” with params “”
One thing to make sure of is that you are using the right kind of whitespace characters for your platform. I had a lot of problems getting this script to work as an offline KScript, because I had originally composed it in the web browser on my PC. When I copied and pasted the text into a .sh file and tried to run it on my Mac directly, I got syntax errors due to the different kind of CRLF characters at the end of each line.
New Edit 11/16/2016:
So Apple decided to make things easier for people in macOS 10.12 Sierra -- you no longer need the $hwUUID part to mess with ByHost preferences. Since I want this script to work on both Sierra and earlier versions, I just added the line to the bottom above done.
I also added 'killall cfprefsd' just to be sure that it will pickup the new versions of the files and not the cached ones.
try taking the dot from in front of ./usr out
launch "/usr/bin\osascript" with params "-e 'tell application to set require password to wake of security preferences to true'"
Comments:
-
Sorry, that might have been a copy and paste problem, or something else, that period isn't there in KACE. Either I recreated the script and it existed at one time, but it doesn't exist there now.
I'm guessing this might be an authentication problem? All mac's are on the Domain, all users are administrators on their own machine, but i can't get this to run. Even in the logging, it isn't outputting the On Success read and get information. - DamienVince 12 years ago -
It occurred to me to post the log file here for the mac that it doesn't work on:
Log for Damien offline test on Dev4's Mac Pro[ Show All ]
Started: 2012/09/20 11:24:55
Finished: 2012/09/20 11:24:55
Elapsed Time: 0 second
Status: 1
Status Log
Kbot xml /var/kace/SMMP/kbots_cache/182-1348161891_expanded.xml, Validation Success
Kbot xml /var/kace/SMMP/kbots_cache/182-1348161891_expanded.xml, Validation Success
Kbot xml /var/kace/SMMP/kbots_cache/182-1348161891_expanded.xml, Validation Success
Kbot xml /var/kace/SMMP/kbots_cache/182-1348161891_expanded.xml, Validation Success
Activity Log
Launching program: /usr/bin osascript false -e 'tell application "System Events" to set require password to wake of security preferences to true' -e 'end tell'
Running kbot: krunkbot.exe 182 1348161892
Validating kbot xml
Launching program: /usr/bin osascript false -e 'tell application "System Events" to set require password to wake of security preferences to true' -e 'end tell'
Launching program: /usr/bin defaults false -currentHost write com.apple.screensaver idleTime 900
Running kbot: krunkbot.exe 182 1348161892
Validating kbot xml
Launching program: /usr/bin osascript false -e 'tell application "System Events" to set require password to wake of security preferences to true' -e 'end tell'
Launching program: /usr/bin defaults false -currentHost write com.apple.screensaver idleTime 900
I think this worked
Launching program: /usr/bin osascript false -e 'tell application "System Events" to get the properties of security preferences'
Running kbot: krunkbot.exe 182 1348161892
Validating kbot xml
Launching program: /usr/bin osascript false -e 'tell application "System Events" to set require password to wake of security preferences to true' -e 'end tell'
Launching program: /usr/bin defaults false -currentHost write com.apple.screensaver idleTime 900
I think this worked
Launching program: /usr/bin osascript false -e 'tell application "System Events" to get the properties of security preferences'
Launching program: /usr/bin defaults false -currentHost read com.apple.screensaver
Running kbot: krunkbot.exe 182 1348161892
Validating kbot xml
Launching program: /usr/bin osascript false -e 'tell application "System Events" to set require password to wake of security preferences to true' -e 'end tell'
Launching program: /usr/bin defaults false -currentHost write com.apple.screensaver idleTime 900
I think this worked
Launching program: /usr/bin osascript false -e 'tell application "System Events" to get the properties of security preferences'
Launching program: /usr/bin defaults false -currentHost read com.apple.screensaver
Debug Log
Kbot Config Info - Start
id=182 name=Damien offline test version=1348161891 type=policy
execute disconnected=false logged_off=true
execute events
Kbot Config Info - Finish
Kbot Config Info - Start
id=182 name=Damien offline test version=1348161891 type=policy
execute disconnected=false logged_off=true
execute events
Kbot Config Info - Finish
Kbot Config Info - Start
id=182 name=Damien offline test version=1348161891 type=policy
execute disconnected=false logged_off=true
execute events
Kbot Config Info - Finish
Kbot Config Info - Start
id=182 name=Damien offline test version=1348161891 type=policy
execute disconnected=false logged_off=true
execute events
Kbot Config Info - Finish
Kbot Config Info - Start
id=182 name=Damien offline test version=1348161891 type=policy
execute disconnected=false logged_off=true
execute events
Kbot Config Info - Finish - DamienVince 12 years ago
When you ran it on your machine did it require sudo?
How do you have the script configured? Is it an online script or offline? If online, what user option are you running this under?
Also, it looks like you have a pretty old version of the agent if it still has SMMP. I don't think that has anything to do with the problem, just thought i would mention it.
Comments:
-
it is configured as an offline script, I have tried it as an online scripts as well.
it did not require sudo
So as an online user, I've tried all 4 options, including a user who has domain macadmin privileges. - DamienVince 12 years ago
So moving on to another potential fix. KAce techsupport called me yesterday and sent me some of their ideas over night. Some aren't relevant, because as Steve said above, the sandbox thing looks to be the problem. Dell has also confirmed this as they've mentioned a new security feature in OS X 10.7+ that includes the .lockfile... so one suggestion was to try the following shell command:
could you please also try the shell command below:
do shell script "/System/Library/CoreServices/'Menu Extras'/User.menu/Contents/Resources/CGSession -suspend"
I can't seem to get this to run
I have the line in the script as follows:
/System/Library/CoreServices/'Menu Extras'/User.menu/Contents/Resources/CGSession -suspend
and get the output:
Running: /var/kace/SMMP/scripts/186/script.sh 2>&1 17:18: syntax error: Expected expression, property or key form, etc. but found unknown token. (-2741)
Activity Log
2012-09-25 16:36:24: Alert not enabled, moving to next phase.... 2012-09-25 16:36:38: Sending script script.sh to client.... 2012-09-25 16:36:51: Script sent 2012-09-25 16:36:51: Executing script....
2012-09-25 16:37:18: Error 256 received while executing script
Comments:
-
If you're using an online shell script, you shouldn't need the "do shell script" in front of the whole statement. Try taking those 3 words out and running it then. - thefishyfew 12 years ago
-
Just something to keep in mind: I ran into this while trying to create a dialog box that I thought would keep the script from running until it received user input. The dialog box stayed on the screen but after about 2 minutes, the script jumped to the next line and continued to run.
So, if you get this error "29:80: execution error: Finder got an error: AppleEvent timed out. (-1712)", its generally because System Events won't wait any longer and will continue with the rest of the script. You have to define how long for it to delay before continuing or giving up. - thefishyfew 12 years ago -
try
/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -suspend
http://superuser.com/questions/44433/create-a-keyboard-shortcut-for-fast-user-switching-in-mac-os-x - SMal.tmcc 12 years ago -
Running that CGSession -suspend command doesn't work in 10.7+ pushed from a KACE 1000 unit - DamienVince 12 years ago
-
Really hate to revive a thread that's been dead for four months, but were you ever able to find a method to get around the sandboxing and require the password via KACE? I'm trying to do the same thing for several hundred Macs. - asf04a 11 years ago