A quick guide to executing custom mac scripts via MDM

While managing devices at the workplace it’s often the case that IT administrators grapple with tons of manual tasks particularly mundane and repetitive tasks pertaining to device configuration or app management. Most of these tasks have to be done iteratively over and over again. Manually managing all these configurations for only a handful of devices can be feasible. Now imagine having to perform the same set of daunting tasks on several thousands of endpoints. This is next to impossible taking up a huge amount of the ITs time. Errors occurring is almost certain — as the line of duty expands so does the probability of occurring errors! How well the IT respond to these management pains will literally contribute to the long-term success of your enterprise’s strategic plan on mobility.

The agile way of working

IT administrators are always looking for quick and effective ways to tie over the hectic management tasks. There are many ways to tackle the burden on IT admins with varying degrees of success. Any approach towards automating the device management process lessens the admin’s burden, adds-on to ITs well-being at the workplace, and free-up time for them to focus on things that matter. Running scripts or custom commands on endpoints is the best way possible to automate such boring stuff.

Having said that, how cool it would be to automate Mac management with custom scripts.

Automate Mac management with custom scripts

As Macs are forging their own path in IT with an ever-increasing number of endpoints to be managed, it’s imperative to adopt Mac scripting to chain together repetitive tasks and execute them without any user interaction. In this blog, we’ll be delving deeper into Mac’s side of scripting and how well a Mobile Device Management solution can work under the hood as a customizable automation tool to allow greater control over the device fleet.

What is Mac scripting?

Scripts, in general, are a series of written instructions used to automate repetitive or time-consuming tasks and create complex and powerful workflow solutions to enhance productivity. This small interpreted program consists of a set of statements each of which performing a specific operation based on the particular conditions they find. These commands which otherwise have to be executed one-by-one work together interacting with apps, processes, and the operating system to automate operations. Script also acts as an easy-to-use shortcut for convoluted commands.
Scripts can be essentially executed on Macs to perform any configuration or setting at the system level, which is considered as the inmost level of management. The terminal app command prompt in the Utility folder is used to execute scripts on Mac computers. This makes scripting much simpler as compared with the generic programming as you can use the commands you already know directly within your system’s interface: the command-line. And best of all, learning this powerful programming option can help you know the working of the command-line better.

How does Mac scripting work?

Typically, the inter-application communication in Mac devices takes place through Apple events, a kind of message designed to encapsulate commands and data. Using this data transport mechanism, the computer communicates the sequential instructions contained in a script to the application to automate actions. The targeted application interprets the commands and responds to the event by performing the desired operation or supplying data as the script demands.

Scripting languages

There are many different scripting languages used for extracting information from a set of data and for automating processes. Lua, Python, VBScript, PHP, etc. are examples. When it comes to Mac automation, the most important ones are AppleScript and JavaScript.

AppleScript

Developed by Apple in 1993, AppleScript is the official language of automation for Macintosh systems. AppleScript is an English-like scripting language designed to be easily understandable with a syntactic or grammatical construction that resembles written English. Scripts are generally written using the free utility, the Script editor app. Being the de facto standard for user interface scripting, AppleScript is much more than just a macro language. AppleScript can make decisions by parsing and analyzing data or by tracking user interactions.

JavaScript

JavaScript is the second scripting language used for user interface scripting since Mac OS X 10.10, Yosemite. It’s the most common cross-platform scripting language mainly used for implementing features on websites and web-based applications. Using the script editor which is included in every copy of macOS is the standard way for running JavaScript for automation.

Some sample scripts

1. Moving one folder to another

• AppleScript
  tell application "Finder"
move folder someFolder to someOtherFolder replacing true
end tell
• JavaScript
  var Finder = Application("Finder")
Finder.move(someFolder, {
to: someOtherFolder,
replacing: true
})

2. Reading the content of a file

• AppleScript
  on readFile(theFile)
-- Convert the file to a string
set theFile to theFile as string -- Read the file and return its contents
return read file theFile
end readFile
• JavaScript
  var app = Application.currentApplication()
app.includeStandardAdditions = true function readFile(file) {// Convert the file to a string
var fileString = file.toString() // Read the file and return its contents
return app.read(Path(fileString))
}

3. Displaying a dialog

• AppleScript
  set theDialogText to "The curent date and time is " & (current date) & "."
display dialog theDialogText
--> Result: {button returned:"OK"}
• JavaScript
  var app = Application.currentApplication()
app.includeStandardAdditions = true var dialogText = "The current date and time is " + (app.currentDate())
app.displayDialog(dialogText)
// Result: {"buttonReturned":"OK"}

Some essential concepts of Mac scripting

Terminal commands and shell scripts

The terminal app provides a command-line interface to control your Mac using a set of commands. Using an admin account and password, you can tweak almost anything related to your system’s software code.

Some basic terminal commands

1. Command: open
   Function: Opens a file
   Example: open “filename”
   open ./Desktop/macscripting.pdf
2. Command: cp
   Function: Copies a file to another location
   Example: cp “filename” “new filename” cp ./Desktop/Marketing.pdf Sales.pdf
3. Command: rm
   Function: Removes a file
   Example: rm “filename”
   rm ./Desktop/macscripting.pdf
4. Command: sudo shutdown –r now
   Function: Restarts the computer
   sudo shutdown –r now

However, executing these commands one by one can be really tedious at times. So, instead of running commands individually and waiting for the response, it’s better to consolidate them into a single shell script.
Being a ubiquitous feature of Unix or Unix-like operating systems shell scripts allows to program Unix commands in chains and have the system execute them as a scripted event just like a batch file. Tools like launchd and Apple remote desktop can be used to automate shell scripting and run scripts on a schedule.

Shell scripting guidelines

There are a few things you should bear in mind while creating a shell script for task automation.

1. Begin with the characters # and ! (together known as shebang) to identify it as a shell script.
2. Mention the shell which the script is going to run with after the shebang.
3. Every new line is a new command.
4. It’s good to add comments to the shell script. Every line of the comment should begin with the number sign (#).
5. Use blank lines to separate different sections of the script.

Sample scripts for some common use cases

1. Use case — Volume adjusting
   #!/bin/bash
-l/usr/bin/osascript -e "set Volume 1.7"
2. Use case — To read a file line by line
   #!/bin/bash
input="/path/to/txt/file"
while IFS= read -r line
do
echo "$line"
done < "$input"
3. Use case — To install Xcode command line tools
   #!/bin/sh
   # This script will install Command Line Tools for Xcode on a fresh installation of OS X.
   # Usage: curl https://raw.github.com/gist/3053979/install-command-line-tools-for-xcode.sh | sh
DMG='command_line_tools_for_xcode_june_2012.dmg'
cd $HOME/Downloads
if [ ! -f ./$DMG ]; then
echo 'Command Line Tools for Xcode not downloaded.'
exit 1
fi
hdiutil attach $DMG
sudo installer -pkg '/Volumes/Command Line Tools/Command Line Tools.mpkg' -target /
hdiutil detach "/Volumes/Command Line Tools"
rm -i $DMG
cd -
echo 'Finished install Command Line Tools for Xcode'
4. Use case — Check and install OS updates
   #!/bin/bash
getosupd=$(softwareupdate -l | grep OSXupd | awk 'NR==1 {print $2}')
softwareupdate -i $getosupd
5. Use case — Restart device
   #!/bin/bash
osascript -e 'tell application "System Events" to restart’
6. Use case — Rename a file
   #!/bin/bash
mv /current file name(specify including path) new file name(specify including path)
   eg: mv /Users/alma.evans/Downloads/test.mov /Users/alma.evans/Downloads/scripting.mov
7. Use case — Delete a file or folder
   #!/bin/bash
rm /path of the file/folder
   eg: rm /Users/alma.evans/Downloads/scripting.mov
8. Use case — Delete contents of a folder
   #!/bin/bash
rm/ path to the folder/*
   eg: rm /Users/alma.evans/Downloads/test/*
9. Use case — Copy to clipboard
   #!/bin/bash
echo “Content to be copied to clipboard” | pbcopy
   eg: echo “test” | pbcopy
10. Use case — Uninstall an app
    #!/bin/bash
sudo rm -rf /path to the app
    eg: sudo rm -rf /Applications/VMware\ Fusion.app
11. Use case — Creating a new user
    #!/bin/shsudo dscl . -create /Users/username
    #specify the required username and replace the same name with “username” in the following commandssudo dscl . -create /Users/username UserShell /bin/bash
12. sudo dscl . -create /Users/username RealName "Alma Evans"
    #specify the real name of the user
13. sudo dscl . -create /Users/username UniqueID 1088
    #the number followed by UniqueID should be specific for each user
14. sudo dscl . -create /Users/username PrimaryGroupID 1098
    #the number followed by PrimaryGroupID should be specific for each user
15. sudo dscl . -create /Users/username NFSHomeDirectory /Local/Users/username
    #use the line to create a home folder for the user
16. sudo dscl . -passwd /Users/username password
    #replace “password” with the required password for the user
17. sudo dscl . -append /Groups/admin GroupMembership username
    #the command is used to provide admin privileges
18. eg: sudo dscl . -create /Users/Alma
sudo dscl . -create /Users/Alma UserShell /bin/bash
sudo dscl . -create /Users/Alma RealName "Alma Evans"
sudo dscl . -create /Users/Alma UniqueID 1088
sudo dscl . -create /Users/Alma PrimaryGroupID 1098
sudo dscl . -create /Users/Alma NFSHomeDirectory /Local/Users/Alma
sudo dscl . -passwd /Users/Alma qwerty
sudo dscl . -append /Groups/admin GroupMembership Alma

DOWNLOAD

What is a shell?

A shell is the command interpreter that provides ways to interact with the underlying operating system. The shell scans the command-line, analyzes it and determines what to do. Prior to Catalina, macOS came with Bourne again shell (bash) as the default user shell and also included other shells like the TENEX C shell (tcsh), the Korn shell (ksh), and the Z shell (zsh). In macOS 10.15 Catalina, bash has been replaced by zsh as the default login and interactive shell.

Bourne again shell vs Z shell in Mac

How scripting can help admins in Mac management?

Running scripts on Macs is widely used by administrators to activate or uninstall applications, as well as for setting app configurations and even changing user or system settings, shutting down or restarting the device and so forth. Many of these tasks which must be performed frequently, maybe several times a day can be easily automated using this handy tool.

Mac scripting help admins in Enterprise Mac management

Scripting lets you:

• Save time and money — Without any third-party intervention, complex tasks can be easily invoked in a short time.
• Reduce human errors — Scripts are consistent and less prone to errors and confusion.
• Be flexible — Standardized scripts can be used for a variety of use cases giving it unprecedented usability.

Your imagination is the only limit to scripting. With that being said, it’s obvious that learning and mastering scripting is well worth the effort, but you have to get through some serious challenges which are quite difficult to overcome.

Challenges of scripting

Scripting acts as a powerful tool for bootstrapping new technologies but also unleashes bold new challenges for the enterprises few of which are listed below:

1. When you have a huge fleet of Macs to be managed and a variety of scripts to be executed, it’s historically been difficult to get them organized. Admins have to coordinate various scripts sent to the devices as well as their responses.
2. Before sending the scripts to the devices, admins also have to make sure that the scripts are correctly coded which would be a herculean task as well.
3. Another important concern is the scope of the script running. Some scripts like the one to change Mac preferences should run at the user level but the script for shutting down/restarting a device should run at the system level. So, running a script at the correct permission level is also a hurdle that admins are likely to deal with.

Challenges are many but the good news is that there are solutions like Hexnode to assist you the way along and make inroads into your goal.

MDM takes the hassle out of scripting

Executing custom Mac scripts via MDM

With an MDM solution like Hexnode, Mac scripting turns out to be surprisingly easy. Hexnode allows you to remotely push custom scripts to your Mac devices and users to execute additional management settings that may not be available in the MDM’s features stack. Using Hexnode, you can push scripts to several thousands of endpoints with just a click saving your time and effort taking Mac management to the next level.
When you have scripts to be pushed to a specific category of devices you can create criteria-based groups and send the run script action accordingly. Scripts can be executed according to the scope-level as Hexnode supports the feature for managed devices and users. You can keep track of the script’s response and execution status remotely right from the MDM console. Above all, executing custom Mac scripts via Hexnode MDM gives you the added benefit of keeping your set of custom scripts and responses organized allowing you to perform repetitive tasks as configurations at ease.

Executing custom Mac scripts via Hexnode MDM

Supported script types

1. Perl (.pl)
2. Bash (.sh)
3. Shell (.sh)
4. C Shell (.csh)
5. Zsh (.zsh)
6. Korn Shell (.ksh)
7. Hypertext Preprocessor (.php)
8. Ruby (.rb)
9. Python (.py)

Requirements

• The script file name shouldn’t contain characters like / : ? < > \ * | “ [ ] @ ! % ^ #
• Hexnode agent app should be installed
• Make sure that the binary which is used to run the script is installed in the system

Best practices

• Validate the script manually before uploading it to Hexnode.
• The best practice is to run the script in any of the managed devices and make sure that the scripts are rightly coded before pushing them to the entire device fleet.

If you are a Mac administrator encountering difficulties with handling multiple tasks, have you ever considered evaluating an MDM solution supporting custom Mac scripting?
Go here for confidently evaluating Hexnode for your device fleet and executing custom mac scripts via MDM.