Home > Casper, Mac administration, Mac OS X, macOS, Scripting > Providing website links via Casper Self Service policies

Providing website links via Casper Self Service policies

It’s often useful to provide a way for everyone in your shop to be able to look up commonly used websites. Methods I’ve seen of doing this include:

  • Wiki pages
  • Bookmarks deployed to browsers
  • Browser extensions

Another method is to use Casper’s Self Service plug-ins feature.

Screen Shot 2016 11 10 at 9 57 09 AM

Screen Shot 2016 11 10 at 9 56 55 AM

This makes it easy to set up website bookmarks, which then appear in a sidebar of Self Service.

Self Service URL plug in

The main drawback to this method is you can’t scope these bookmarks to appear only to certain users or computers. These will appear on on all managed computers and to all users. If you need to have one set of bookmarks available to Group A in your organization, and a different set of bookmarks appearing to Group B, the Self Service plug-ins feature may not be the best solution.

Fortunately, you can solve this scoping issue using Casper policies and Self Service. For more details, see below the jump.

To help address this issue in my own shop, I wanted to be able to do the following:

  1. Provide a way to opening a website page from Self Service
  2. Open the website using the logged-in user’s default web browser
  3. Open the browser using the logged-in user’s privileges, even if the script itself is being run as root.

To accomplish this, I wrote a script which uses launchctl to open the browser using the logged-in user’s privileges, and uses the best launchctl method for the customer’s version of OS X or macOS. It also is designed to use Casper’s Parameter 4 ($4) value for the website address, which allows the script to be used by multiple policies to open the policy’s desired website.

The script is available below, and is also available from my GitHub repo:


#!/bin/bash
# This script is designed to open a specified website, with the following conditions:
#
# A. Opening the website using the logged-in user's privileges, even if the script is being run as root
# B. Website is accessed using the logged-in user's default web browser
LaunchCtlMethod(){
# This function does an OS version check, to make sure it is using the correct method
# with the launchctl tool for the OS in question.
#
# For Macs running OS X 10.9.x and earlier, the launchctl's bsexec function was used for this purpose.
# bsexec allows you to start a process like a tool, script or application in a specific context.
# One way to get the correct context for the logged-in user is to identify the process identifier (PID)
# for the loginwindow process associated with the logged-in user.
#
# For Macs running OS X 10.10.x and later, launchctl's asuser function was used for this purpose.
# The asuser function is designed to take the place of the bsexec function, in the context of
# starting processes in the context of a specific user account. This makes it easier, as you now
# just need to figure out the username and do not have to figure out the PID of the user’s loginwindow process.
#
# For more information, see the links below:
# https://derflounder.wordpress.com/2016/03/25/running-processes-in-os-x-as-the-logged-in-user-from-outside-the-users-account/
# https://babodee.wordpress.com/2016/04/09/launchctl-2-0-syntax/
osvers_major=$(/usr/bin/sw_vers -productVersion | awk -F. '{print $1}')
osvers_minor=$(/usr/bin/sw_vers -productVersion | awk -F. '{print $2}')
# Identify the username of the logged-in user
logged_in_user=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'`
if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -lt 10 ]]; then
# The launchctl verb for the indicated OS version
launchctl_verb=bsexec
# Identify the loginwindow PID of the logged-in user
logged_in_user_id_method=$(ps auxww | grep "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow" | grep "$logged_in_user" | grep -v "grep" | awk '{print $2}')
fi
if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -ge 10 ]]; then
# The launchctl verb for the indicated OS version
launchctl_verb=asuser
# Identify the loginwindow PID of the logged-in user
logged_in_user_id_method=`id -u "$logged_in_user"`
fi
}
LaunchCtlMethod
website=$4
# Use the launchctl tool to open the specified website, using the logged-in user's account privileges
# and the user's default browser.
/bin/launchctl "$launchctl_verb" "$logged_in_user_id_method" /usr/bin/open "$website"

From there, I uploaded the script to Casper:

Screen Shot 2016 11 10 at 9 34 41 AM

Screen Shot 2016 11 10 at 9 34 48 AM

As part of adding the script to Casper, I set the script’s parameter label for Parameter 4 to the following:

Website address

Screen Shot 2016 11 10 at 9 34 51 AM

 

Once the script has been added to Casper, you can set up a Self Service policy in Casper to use the script and provide the appropriate website address:

Screen Shot 2016 11 10 at 9 50 48 AM

Screen Shot 2016 11 10 at 9 36 28 AM

Screen Shot 2016 11 10 at 9 50 52 AM

Screen Shot 2016 11 10 at 9 50 55 AM

Once the policies are built, the policy should be available in Self Service for your customers to access.

Screen Shot 2016 11 10 at 9 51 36 AM

Screen Shot 2016 11 10 at 9 51 45 AM

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: