Applescript: How to run a script once upon logon for multiple users

I'm deploying a NetRestore image to about 150 Macs which will be using Active Directory and I've designed a custom default user for each new user. However, our system requires a specialized certificate that has to be installed on the local login.keychain for each user otherwise network connectivity is impacted.
I've tried to use the security command through Terminal to install the certificate, but no matter what combination of commands, I cannot seem to get that to work properly even with an already-created user. While it will often say it's installed, the cert will not actually show up in the login keychain in Keychain Access. And the network connectivity is still impacted.
So instead, I created a brief AppleScript that just gives the user brief instructions to click "Add" on the prompt for which Keychain to add the cert and then "Always Trust" for the "This cert is not verified" prompt. Then it launches Keychain Access. Originally, I was going to have it actually click the buttons for the user, but I realized trying to get the whole Accessibility apps and assitive devices to work on every new user would be a nightmare.
I created the script on another 10.9 Mac using Automator to make it an actual application. I've used the instructions in OS X: Using AppleScript with Accessibility and Security features in Mavericks to sign it and I'm using root to move it from its network location into the Applications folder. I've adjusted the permissions to allow all Admin users to r/w (along with everyone else). To the root user, it shows as a usable application, but every other user on the Mac sees it as damaged/incomplete.
What I want to do is add it to the default Login Items, so I can run the final AppleScript command to simply remove the login items listing. That way I don't need to worry about it running again, but it's still available for the next user to sign onto the deployed Mac.
I know it's a little convoluted, but this is the final piece to the NetRestore deployment I've been working on for months. Any suggestions on how to make this work (or even a completely different solution) would be greatly appreciated.
Here was the original shell script in case you're curious.
#!/bin/bash
## Prompt for current user admin for use in Certificate Install
while :; do # Loop until valid input is entered or Cancel is pressed.
    localpass=$(osascript -e 'Tell application "System Events" to display dialog "Enter your password for Lync Setup:" default answer "" with hidden answer' -e 'text returned of result' 2>/dev/null)
    if (( $? )); then exit 1; fi  # Abort, if user pressed Cancel.
    localpass=$(echo -n "$localpass" | sed 's/^ *//' | sed 's/ *$//')  # Trim leading and trailing whitespace.
    if [[ -z "$localpass" ]]; then
        # The user left the password field blank.
        osascript -e 'Tell application "System Events" to display alert "You must enter the local user password; please try again." as warning' >/dev/null
        # Continue loop to prompt again.
    else
        # Valid input: exit loop and continue.
        break
    fi
done
echo $localpass | sudo security import /'StartupFiles'/bn-virtual.crt ~/Library/Keychain/login.keychain
osascript -e 'tell Application "System Events" to delete every login item whose name is "LyncCert"
And this is the AppleScript itself. (I used the \ to make it easier to read. The first line is actually one complete command)
display dialog "Click OK to start installing Mac Network Certificate." & return & return & \
"In the following prompts, click the 'Add' then 'Always Trust'." & return & return & \
After you have clicked 'Always Trust', quit Keychain Access." default button 1 with title \
"Mac Network Certificate Install"
activate application "Keychain Access"
tell application "Finder" to open POSIX file "/StartupFiles/bn-virtualcar.crt"
tell application "System Events" to delete login item "Lync-AppleScript"
end
Thank you for your help!

I have run into this same issue. Are you trying to run the script one time as a new  user logs in or everytime a user logs in?

Similar Messages

  • How can I create a folders of apps for multiple users?

    I use several iPads with my students and would like to set up a folder for each student. I want to place "an alias" of each app the student uses in their folder. On my Mac, I can "make alias" and place aliases in seperate folders. How can I do that on my iPad? Thanks!

    You can drag one app on top of another and make a folder. However the limit to this is, for your situation, there can be no sharing of apps....the app Fred can only be in one folder because it's only on the device once.  (so it may not work for what you need)
    and I cannot recall if you can edit the name of the folder.
    Unfortunately, for situations like yours, the iPad was created to be a single user device, so there's really not support for multiple users or multiple levels of access.

  • Run Script Once through Group for All users

    Hello Everyone,
    We have 4 forests with one domain each having forest trusts. I want to run a script only once on all the windows 7 machines in all the domains.
    I have created the script and saved it in the .bat. how can i go ahead and do this.
    Need your help.
    Thanks in Advance

    Hello Everyone,
    We have 4 forests with one domain each having forest trusts. I want to run a script only once on all the windows 7 machines in all the domains.
    You need to apply your script 4 times since you have 4 domains. Just use WMI filters to apply the GPO on Windows 7 machines only. 
    Filtering Group Policy to Windows 7 Computers
    Mahdi Tehrani   |  
      |  
    www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as
    and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.
    How to query members of 'Local Administrators' group in all computers?

  • How to run sql scripts using batch file for a web dynpro data dictionary

    Hi,
    I want to develop a sql script to be executed on the server alongwith the installation of a product to pre-populate web dynpro data dictionary tables required for the application.
    I further require to make the scripts independent of the database name,so that it can be run at any client environment.
    Your help will be appreciated and rewarded.

    See shoblock's answer
    call sql script from unix
    masterfile.sql:
    @file1 &1
    @file2 &2
    @file3 &3
    @file4 &4
    then just call the master script:
    sqlplus userid/password @masterfile <p1> <p2> <p3> <p4>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  • How do I setup a MIT-Magic Cookie for multiple users?

    I need to be able to use TTauthority to allow mutliple users to have access to one main MIT-Magic Cookie random sequence. Currently, we have multiple cookies being created each time a user logs in. However, we cannot see each others processes. This is a huge drawback we are having with depending on Tooltalk. Any suggestions to setup ttauth to allow multiple users to share the same cookie?

    It might work if you don't leave mails on the server.
    In IMAP are the mails from the other accounts showing up at that accounts inbox on the server (webmail) If so you could as well redirect it on server level and not download and then upload.
    What happen if you want to un-delete a message?
    A solution would be send it to a local folder. That way it will be deleted on the mail server and you still have the opportunity to '''move''' it into one of the inboxes

  • How to disable a custom designed Tx code for multiple user at a time

    Hii ,
    I have designed a screen in module pool for end user to make entries in the screen and when he saves the data is saving in standard table and ztable. the main field in the screen is Batch number..from that batch  number bag number will be generated. and consumed quantity will be saved in that bag no.Bag number will be generated like first 5 digits of batch number and bag number series of that batch number. for example if batch number is 12345 and already 5 times packing is done for same batch..last bag number in the ztable will be 123450005.so next time when user tries to pack using same batch number the new bag number will be 123450006 for batch 12345.Problem here is when user tries to make enrties in that Tx code and at the same time if another user opens same Tx code to make packing for same batch both of them are getting same bag numbers before saving.
    I have called Enqueue and Dequeue FM's but still at a time for same batch user is able to do the packing.now my issue is i want to restrict 2 user to use same batch while packing in that Tx code.
    I have written following code for enqueue and dequeue technics
    data: B_matnr type mara-matnr,
           B_charg type mchb-charg.
    data : i_temp type TABLE OF zpackhdr WITH HEADER LINE,
           i_temp1 type TABLE OF zpackhdr WITH HEADER LINE.
    move : 1110 to WA_BCH-werks,
           chk_matnr1 to WA_BCH-matnr,
           v_bcharg to WA_BCH-charg,
           vgrade to WA_BCH-grade,
           new_batch to WA_BCH-bagno,
           m_baleno to WA_BCH-baleno,
           b_date to WA_BCH-indat.
    APPEND wa_bch to i_bch.
    clear b_date.
    READ TABLE i_bch INTO wa_bch INDEX 1.
        B_MATNR = WA_BCH-matnr.
        B_CHARG = WA_BCH-bagno.
    concatenate  B_matnr B_charg  into
        WA_BCH-objek respecting blanks .
       modify I_BCH from WA_BCH index sy-tabix.
    CLEAR: B_MATNR,
               B_CHARG.
    call function 'ENQUEUE_EMMCH1E'
    EXPORTING
       MODE_MCH1            = 'E'
       MANDT                = SY-MANDT
       MATNR                = WA_BCH-MATNR
       CHARG                = WA_BCH-BAGNO
    if sy-subrc <> 0.
    endif.
    call function 'DEQUEUE_EMMCH1E'
    EXPORTING
       MODE_MCH1       = 'E'
       MANDT           = SY-MANDT
       MATNR           = WA_BCH-MATNR
       CHARG           = WA_BCH-CHARG

    I do understand what u say...mine is a custom designed screen...when i open that screen i have around 15 input fields in which batch is obligatroy...when i give batch and hit enter all the other fields will be filled automatically picking from the table which are relevant for that batch..for example..material,order etc are picked from table...and bag number field will be generated taking first 5 digits of batch and followed by 0001 if its afirst time entry for that batch....so when a user is opening that screen in 2 different windows and giving details without saving any of the screens...in both screens bag number is generating as 001...and when saving it ..its saving 2 entries with same bag number...so i have created a lock entry for afpo table taking order field...so when a user opens 2 screens with same batch...and giving entries in those 2 screens without saving..he is getting same bag numbers as 001.....now when user saving the first screen and coming to second screen to save...he is gettimg message 'ORDER CURRENTLY BEING PROCESSED'..but after the data gettng saved in first screen,then when he saves the second screen it is getting saved...with same bag numbers as 001.so my issue is here...when he saves first screen and comes to second screen to save it the user should get that error message and should come out of the screen....so that he can make a fresh entry for that batch and bag number will be generated as 002 for that batch...
    Regards,
    venkat.

  • How to run a script on Oracle server from isqlplus

    Hi I am trying to run a script on my workstation from Oracle server through isqlplus workarea. I entered following command and get the following error. i have enabled isqlplus URL by editing web.xml file already. Can please someone help how to run the script?
    @http://myaixserver.com:5560/scripts/Databasestartupstages.sql;
    SP2-0920: HTTP error 'page not found (505)' on attempt to open URL

    So far, you haven't specified your rdbms version and isqlplus behaved differently on a 9iR1, 9iR2 from the one release on 10gR1/R2. on 9i it was a servlet based on a JServ servlet executor machine, meanwhile on 10g it is a J2EE compliant application deployed on an OC4J container, so configuration is different.
    You may want to take a look at these references -->
    * Starting iSQL*Plus from a URL
    * Creating Reports using iSQL*Plus
    ~ Madrid

  • How to run a script from Calculation Manager

    Hi All,
    I would like to know how to run a script made by using Calculation Manager. I have converted a simple rule script which has just one statement(HS.EXP "A#Sales = 100") in "Sub Calculate()" by using FMRulesMigrator.exe and then imported, deployed to an application. when I execute "Calculate" from a Data Grid, the rule didn't take effect to application data. If I load the script by using classic rule editor, it works fine.
    Is there anything I have to know to run a rule script which is made by using Calculation Manager?
    Thanks in advance.
    CY.

    Hi,
    Refer the following the link for calling logic from new custom buttons using VBA.
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f085dd92-a40c-2c10-dcb1-a7c24476b23a
    hpe this ll help.
    thnks.

  • Question on "How-to invoke a method once upon application start"

    Hello everyone.
    I'm trying to implement what the article "How-to invoke a method once upon application start" by Frank suggests.
    https://blogs.oracle.com/jdevotnharvest/entry/how_to_invoke_a_method
    Suppose that I'm having a single point of entry, so in my login.jpsx I have the below:
    <f:view beforePhase="#{login.onBeforePhase}">In the method "onBeforePhase" I have to pass the phaseEvent, since the signature is the following:
    public void onBeforePhase(PhaseEvent phaseEvent)but how do I know the phaseEvent when calling the login.onBeforePhase? How the call should be?
    Thanks a lot!
    ps. I'm using jDev 11.1.2.1.0

    You need not pass anything to this method , this method will get called before every Phase except ReStore View
    Just write the logic as Frank suggested for the phase in which you want the code to execute. You can get the PhaseId's like
    PhaseId.RENDER_RESPONSE
    public void onBeforePhase(PhaseEvent phaseEvent) {// from Frank's doc
    //render response is called on an initial page request
      if(phaseEvent.getPhaseId() == PhaseId.RENDER_RESPONSE){
    ... etc

  • How to run the the impersonation permission grant command for multiple users

    I have run below command earlier to grant the impersonation for a user called user1
    get-mailbox -identity user1 | add-adpermission -user domainname\service application user -ExtendedRights ms-Exch-EPI-May-Impersonate
    Now I want to run this command for multiple users like user2, user3, user 4 together. How should I run the command.
    This is for Exchange Server 2007 SP2
    Abhijeet M. Mohite

    Hi Abhijeet
    get-mailbox -identity user1 | add-adpermission -user domainname\service application user -ExtendedRights ms-Exch-EPI-May-Impersonate
    I am little bit confused with this command so can you please help me what to right inplace of User1 and domainname\service application user
    Example: I wanted to give Impersonate rights to
    [email protected] then can you please complete command for me.      Thanks in advance.
    Warm Regards, Pramod Kumar Singh Manager-IT

  • How to run the setup tables in CRM for 0CRM_LEAD_I datasource.

    Hi all,
    How to run the setup tables in CRM for 0CRM_LEAD_I datasource.
    what is the tcode and steps to follow.
    Thankyou.

    you dont have to do set up tables for 0CRM_LEAD_I.
    run the init infopack in BW and then subsequent delta's

  • How to turn on script in chinese (enabled) for sms

    how to turn on script in chinese (enabled) for sms

    I think this is what you are after > http://help.apple.com/iphone/8/#/iphadaaeb5f (International Keyboards) - ÇÇÇ

  • How do I set Firefox to be usable for all users on one computer?

    How do I set Firefox to be usable for all users on one computer?

    I would think the about:config entries discussed are ex-factory set to values each user has to change individually, after the installation has run its course. The solution could be to have patched files ready to install post factum:
    [https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/A_brief_guide_to_Mozilla_preferences A Brief Guide to Mozilla Preferences - MDN]

  • How to Enable password saving in SAP Logon for Windows

    how to Enable password saving in SAP Logon for Windows

    Even though password saving, in SAP Logon for Windows is disabled by default, this can be enabled following the steps listed below:
        Open the command prompt by navigating to Start → Run and by typing “cmd”.
        Go to the \SAP\FrontEnd\SAPgui directory (in Program Files), through the command prompt.
        Create the necessary value in Windows registry by typing: sapshcut -register An information message will appear.
        Open the registry editor, in order to access Windows registry, by navigating to Start → Run and by typing “regedit”.
        Go to the HKEY_CURRENT_USER\Software\SAP\SAPShortcut\Security registry key.
        Change the value data of “EnablePassword“ from 0 to 1.
        Close SAP Logon and open it again, in case it was open during the whole process.

  • How to use the same POWL query for multiple users

    Hello,
    I have defined a POWL query which executes properly. But if I map the same POWL query to 2 portal users and the 2 portal users try to access the same page simultaneously then it gives an error message to one of the users that
    "Query 'ABC' is already open in another session."
    where 'ABC' is the query name.
    Can you please tell me how to use the same POWL query for multiple users ?
    A fast reply would be highly appreciated.
    Thanks and Regards,
    Sandhya

    Batch processing usually involves using actions you have recorded.  In Action you can insert Path that can be used during processing documents.  Path have some size so you may want to only process document that have the same size.  Look in the Actions Palette fly-out menu for insert path.  It inserts|records the current document work path into the action being worked on and when the action is played it inserts the path into the document as the current work path..

Maybe you are looking for