Closed jkerekes99 closed 3 weeks ago
wewenttothemoon
commented
1 month ago How can I check within the macOS device, what user Intune is using to run the shell scripts for signed on users?
jkerekes99
commented
4 weeks ago How can I check within the macOS device, what user Intune is using to run the shell scripts for signed on users?
You need to write out a log file in the script that you are running, in the log file write out the current user. Then review the log after Intune has executed the script, it will tell you what user was used to run the script.
wewenttothemoon
commented
4 weeks ago How can I check within the macOS device, what user Intune is using to run the shell scripts for signed on users?
You need to write out a log file in the script that you are running, in the log file write out the current user. Then review the log after Intune has executed the script, it will tell you what user was used to run the script.
Got it. So, I added echo "Current user: $(whoami)" to the shell script and it returns back the correctly logged on user. However, when the script calls pluginkit it fails with "match: connection invalid". I have raised a ticket with MS about this.
jkerekes99
commented
3 weeks ago Closing as addAppstoDock script has been updated to run as root using dockutil.
s-crypt
commented
3 weeks ago The dock is not updating for me following the directions and the new script. Dockutil is installed. The apps were not cleared from the dock and the dock is still in its default state.
It looks like it is still running the command as _mbsetupuser.
jkerekes99
commented
3 weeks ago It looks like it is still running the command as
_mbsetupuser.
Have you set the script to NOT run as the user in Intune?
s-crypt
commented
3 weeks ago Yes, I followed the instructions and Run as signed in user is no. The test device I am using is an Intel Mac on MacOS 14.5.
theneiljohnson
commented
2 weeks ago Can you re-check please? The running user should root if it’s set to run as root.
From: s-crypt @.> Date: Tuesday, 18 June 2024 at 17:39 To: microsoft/shell-intune-samples @.> Cc: Subscribed @.***> Subject: Re: [microsoft/shell-intune-samples] macOS - Intune executing addAppstoDock.sh shell script as _mbsetupuser instead of logged in user (Issue #125)
Yes, I followed the instructions and Run as signed in user is no
— Reply to this email directly, view it on GitHubhttps://github.com/microsoft/shell-intune-samples/issues/125#issuecomment-2176532007 or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGOC2JMJMET3U34KO6LMPPDZIBPC7BFKMF2HI4TJMJ2XIZLTSOBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDUOJ2WLJDOMFWWLLTXMF2GG2C7MFRXI2LWNF2HTAVFOZQWY5LFUVUXG43VMWSG4YLNMWVXI2DSMVQWIX3UPFYGLLDTOVRGUZLDORPXI6LQMWWES43TOVSUG33NNVSW45FGORXXA2LDOOJIFJDUPFYGLKTSMVYG643JORXXE6NFOZQWY5LFVEZDONRVGE4TQNRQQKSHI6LQMWSWS43TOVS2K5TBNR2WLKRSGIZTSMZRGM4TSNFHORZGSZ3HMVZKMY3SMVQXIZI. You are receiving this email because you are subscribed to this thread.
Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
s-crypt
commented
2 weeks ago From the logs, it is running as root, but the desktop user it is targeting is _mbsetupuser. I tried again on a fresh device and same error occurs.
There is also the seemingly random issue with docutil failing install as an unmanaged pkg. Sometimes it will install, sometimes it will fail. I think waiting for dockutil in the loop for waiting for apps might be useful to prevent premature exits of the script.
EDIT: Well it worked... only after setup assistant randomly crashed to desktop. Not sure how I can replicate that. The logged in user and home folder were the same as the error.
EDIT 2: Cannot replicate. The script fails with the same error as before.
jkerekes99
commented
2 weeks ago @s-crypt I haven't personally had time to test the new script yet (still using Outset to run the original script), however regarding your random issue with docutil pkg, as far as I know Intune will only mark a successful installation if it can find the app bundle ID present under /Applications .
If the binary is stored anywhere else, Intune won't find it and it will show as failed (even if the app is installed successfully).
Sometimes will initially show it as successful (before it has checked to see if the app bundle ID is located in /Applications ) but later after further check ins, it will show it as failed.
s-crypt
commented
2 weeks ago In this case, dockutil is actually randomly installing or failing. I am verifying by running dockutil -h on the device, though thanks for the information! So far I am seeing more successes than failures.
theneiljohnson
commented
2 weeks ago I think I can see what’s happening. The script is first launched under setup assistant and we’re detecting the current console user as _mbsetupuser and then not updating that after the desktop appears.
Should be an easy fix, i’ll try and update later today.
From: s-crypt @.> Date: Wednesday, 19 June 2024 at 01:23 To: microsoft/shell-intune-samples @.> Cc: Subscribed @.>, Comment @.> Subject: Re: [microsoft/shell-intune-samples] macOS - Intune executing addAppstoDock.sh shell script as _mbsetupuser instead of logged in user (Issue #125)
In this case, dockutil is actually randomly installing or failing. I am verifying by running dockutil -h on the device, though thanks for the information! So far I am seeing more successes than failures.
— Reply to this email directly, view it on GitHubhttps://github.com/microsoft/shell-intune-samples/issues/125#issuecomment-2177294698 or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGOC2JNNVBIXPLTJSCVR2XLZIDFQTBFKMF2HI4TJMJ2XIZLTSOBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDUOJ2WLJDOMFWWLLTXMF2GG2C7MFRXI2LWNF2HTAVFOZQWY5LFUVUXG43VMWSG4YLNMWVXI2DSMVQWIX3UPFYGLLDTOVRGUZLDORPXI6LQMWWES43TOVSUG33NNVSW45FGORXXA2LDOOJIFJDUPFYGLKTSMVYG643JORXXE6NFOZQWY5LFVEZDONRVGE4TQNRQQKSHI6LQMWSWS43TOVS2K5TBNR2WLKRSGIZTSMZRGM4TSNFHORZGSZ3HMVZKMY3SMVQXIZI. You are receiving this email because you commented on the thread.
Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
s-crypt
commented
2 weeks ago Just an additional tidbit of info if its of any use, I am able to confirm the error on both Intel and ARM macs.
s-crypt
commented
1 week ago @theneiljohnson have you had a chance to work on this? I have tried my own user-switching methods and have not been successful so far, probably because my bash scripting is... not great.
theneiljohnson
commented
1 week ago I keep having a look. Right now I have a script that I think is doing all of the right things but I am getting a trap error when executing dockutil via our agent.
From: s-crypt @.> Date: Friday, 28 June 2024 at 23:21 To: microsoft/shell-intune-samples @.> Cc: Subscribed @.>, Mention @.>, Comment @.***> Subject: Re: [microsoft/shell-intune-samples] macOS - Intune executing addAppstoDock.sh shell script as _mbsetupuser instead of logged in user (Issue #125)
@theneiljohnsonhttps://github.com/theneiljohnson have you had a chance to work on this? I have tried my own user-switching methods and have not been successful so far, probably because my bash scripting is... not great.
— Reply to this email directly, view it on GitHubhttps://github.com/microsoft/shell-intune-samples/issues/125#issuecomment-2197726935 or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGOC2JI7Y7JZHL5YX2UGJWDZJXOVTBFKMF2HI4TJMJ2XIZLTSOBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDUOJ2WLJDOMFWWLLTXMF2GG2C7MFRXI2LWNF2HTAVFOZQWY5LFUVUXG43VMWSG4YLNMWVXI2DSMVQWIX3UPFYGLLDTOVRGUZLDORPXI6LQMWWES43TOVSUG33NNVSW45FGORXXA2LDOOJIFJDUPFYGLKTSMVYG643JORXXE6NFOZQWY5LFVEZDONRVGE4TQNRQQKSHI6LQMWSWS43TOVS2K5TBNR2WLKRSGIZTSMZRGM4TSNFHORZGSZ3HMVZKMY3SMVQXIZI. You are receiving this email because you were mentioned.
Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
s-crypt
commented
6 days ago Thanks for the update! I have a script that works when run locally as root, so it sounds like this may be an issue or quirk with how the intune agent executes scripts.
I can open a PR for this if you think it is appropriate. Link to modified script
edtrax
commented
22 hours ago Any update on this? I continue to see the script being executed as _mbsetupuser.
After updating to macOS 14.4.1 Intune now runs the addAppstoDock.sh as the Setup Assistant user ( _mbsetupuser ).
This is problematic because the user doesn't get the dock changes. The script needs to be run as the current user who is logged in.