Leverage Jamf Pro’s Execute Command to auto-close the Self Service description, auto-reload Self Service and auto-reveal an app after user installation
Background
Like nearly all Jamf Pro customers, we leverage Self Service to allow Standard Users to easily install apps at the users’ discretion.
However, the out-of-the-box Self Service experience didn’t exactly meet all of our requirements.
We received three apparently simple requirements for each time a user installed an app via Jamf Pro’s Self Service:
- Auto-close the Self Service description
- Auto-reload Self Service
- Auto-reveal the installed app
Auto-close the Self Service description
Ensuring users view a Self Service description is straight forward; closing the description is another matter.
- View Self Service Description: Jamf Pro > Policy > Self Service > Make the policy available in Self Service > Description > Ensure that users view the description
- Close Self Service Description: Simulate pressing the Escape key as the currently logged-in user, or:
/usr/bin/su \- "`/usr/bin/stat -f%Su /dev/console`" -c "/usr/bin/osascript -e 'tell application \"Self Service\" to activate' -e 'tell application \"System Events\" to key code 53'"
Add the Files and Processes Payload to your Jamf Pro Policy and in the Execute Command field, add the above command.
Privacy Preferences Policy Control Settings
To simulate pressing the Escape key, you’ll first need two Privacy Preferences Policy Control settings. (My personal favorite is the com.jamf.management.service
identifier with the com.jamf.management.Jamf
code requirement.)
Auto-reload Self Service
With the heavy lifting of deploying the PPPC Configuration Profiles and the Execute Command to close the Self Service description complete, simulating Self Service > View > Reload, or Command-R, only requires the addition of: -e 'tell application \"System Events\" to keystroke \"r\" using {command down}'
Here’s the complete Execute Command to both close the Self Description and reload Self Service:
/usr/bin/su \- "`/usr/bin/stat -f%Su /dev/console`" -c "/usr/bin/osascript -e 'tell application \"Self Service\" to activate' -e 'tell application \"System Events\" to key code 53' -e 'tell application \"System Events\" to keystroke \"r\" using {command down}'"
Auto-reveal the Installed App
Per-app Customization
Revealing the installed app was straight-forward enough, too, but it was customized for each app:
# Adobe Acrobat Reader /usr/bin/su \- "`/usr/bin/stat -f%Su /dev/console`" -c "/usr/bin/open -R '/Applications/Adobe Acrobat Reader DC.app'" # Microsoft Edge /usr/bin/su \- "`/usr/bin/stat -f%Su /dev/console`" -c "/usr/bin/open -R '/Applications/Microsoft Edge.app'" # Mozilla Firefox /usr/bin/su \- "`/usr/bin/stat -f%Su /dev/console`" -c "/usr/bin/open -R '/Applications/Firefox.app'"
Installomator
Once we started using Installomator, we wanted a more generic method to auto-reveal the installed app.
The following command sets the variable appName
to the most recent Jamf Pro Policy execution (per jamf.log
) and then reveals it via the open
binary.
Note: This is keyed-off the Jamf Pro Policy Display Name, not based on the Self Service Display Name; our policy names begin with Installomator:
.
appName=$( grep "Executing Policy" /private/var/log/jamf.log | sed -n -e 's/^.*Executing Policy Installomator: //p' | tail -1 ) ; /usr/bin/open -R "/Applications/${appName}.app"
App Name (version)
If your policy names include the app name
and the version
number, the following command should prove helpful:
appName=$( grep "Executing Policy" /private/var/log/jamf.log | sed -n -e 's/^.*Executing Policy //p' -n -e 's/ (.*//p' | tail -1 ) ; /usr/bin/open -R "/Applications/${appName}.app"
Possible Gotchas
Since appName
is based on the policy’s Display Name, we did have to rename our Mozilla Firefox (102.0.1)
policy to Firefox (102.0.1)
since the popular Web browser app is Firefox.app
; our Self Service Display Name still includes the vendor’s name.
Running command appName=$( grep "Executing Policy" /private/var/log/jamf.log | sed -n -e 's/^.*Executing Policy //p' -n -e 's/ (.*//p' | tail -1 ) ; /usr/bin/open -R "/Applications/${appName}.app"... Result of command: The file /Applications/Mozilla Firefox.app does not exist.
Complete Execute Command
The following command accomplishes all three requirements, plus updates computer inventory in the background:
- Auto-close the Self Service description
- Auto-reload Self Service
- Auto-reveal the installed app
- Update Computer Inventory
/usr/bin/su \- "`/usr/bin/stat -f%Su /dev/console`" -c "/usr/bin/osascript -e 'tell application \"Self Service\" to activate' -e 'tell application \"System Events\" to key code 53' -e 'tell application \"System Events\" to keystroke \"r\" using {command down}'" ; appName=$( grep "Executing Policy Installomator: " /private/var/log/jamf.log | sed -n -e 's/^.*Executing Policy Installomator: //p' | tail -1 ) ; /usr/bin/open -R "/Applications/${appName}.app" ; /usr/local/bin/jamf recon