Alma
Evans

A quick guide to executing custom mac scripts via MDM

Alma Evans

Apr 1, 2020

11 min read

While managing devices at the workplace it’s often the case that IT administrators grapple with tons of manual tasks particularly mundane and repetitive tasks pertaining to device configuration or app management. Most of these tasks have to be done iteratively over and over again. Manually managing all these configurations for only a handful of devices can be feasible. Now imagine having to perform the same set of daunting tasks on several thousands of endpoints. This is next to impossible taking up a huge amount of the ITs time. Errors occurring is almost certain – as the line of duty expands so does the probability of occurring errors! How well the IT respond to these management pains will literally contribute to the long-term success of your enterprise’s strategic plan on mobility.

The agile way of working

IT administrators are always looking for quick and effective ways to tie over the hectic management tasks. There are many ways to tackle the burden on IT admins with varying degrees of success. Any approach towards automating the device management process lessens the admin’s burden, adds-on to ITs well-being at the workplace and free-up time for them to focus on things that matter. Running scripts or custom commands on endpoints is the best way possible to automate such boring stuff.

Having said that, how cool it would be to automate Mac management with custom scripts.

Task automation on Macs
 

As Macs are forging their own path in IT with an ever-increasing number of endpoints to be managed, it’s imperative to adopt Mac scripting to chain together repetitive tasks and execute them without any user interaction. In this blog, we’ll be delving deeper into Mac’s side of scripting and how well an MDM solution can work under the hood as a customizable automation tool to allow greater control over the device fleet.

What is Mac scripting?

Scripts, in general, are a series of written instructions used to automate repetitive or time-consuming tasks and create complex and powerful workflow solutions to enhance productivity. This small interpreted program consists of a set of statements each of which performing a specific operation based on the particular conditions they find. These commands which otherwise have to be executed one-by-one work together interacting with apps, processes, and the operating system to automate operations. Script also acts as an easy-to-use shortcut for convoluted commands.
Scripts can be essentially executed on Macs to perform any configuration or setting at the system level, which is considered as the inmost level of management. The terminal app command prompt in the Utility folder is used to execute scripts on Mac computers. This makes scripting much simpler as compared with the generic programming as you can use the commands you already know directly within your system’s interface: the command-line. And best of all, learning this powerful programming option can help you know the working of the command-line better.

How does Mac scripting work?

Typically, the inter-application communication in Mac devices takes place through Apple events, a kind of message designed to encapsulate commands and data. Using this data transport mechanism, the computer communicates the sequential instructions contained in a script to the application to automate actions. The targeted application interprets the commands and responds to the event by performing the desired operation or supplying data as the script demands.

Scripting languages

There are many different scripting languages used for extracting information from a set of data and for automating processes. Lua, Python, VBScript, PHP, etc. are examples. When it comes to Mac automation, the most important ones are AppleScript and JavaScript.

AppleScript

Developed by Apple in 1993, AppleScript is the official language of automation for Macintosh systems. AppleScript is an English-like scripting language designed to be easily understandable with a syntactic or grammatical construction that resembles written English. Scripts are generally written using the free utility, the Script editor app. Being the de facto standard for user interface scripting, AppleScript is much more than just a macro language. AppleScript can make decisions by parsing and analyzing data or by tracking user interactions.

JavaScript

JavaScript is the second scripting language used for user interface scripting since Mac OS X 10.10, Yosemite. It’s the most common cross-platform scripting language mainly used for implementing features on websites and web-based applications. Using the script editor which is included in every copy of macOS is the standard way for running JavaScript for automation.

Some sample scripts

  1. Moving one folder to another
    • AppleScript
      tell application "Finder"
      move folder someFolder to someOtherFolder replacing true
      end tell
    • JavaScript
      var Finder = Application("Finder")
      Finder.move(someFolder, {
      to: someOtherFolder,
      replacing: true
      })
  2. Reading the content of a file
    • AppleScript
      on readFile(theFile)
       -- Convert the file to a string
      set theFile to theFile as string                         -- Read the file and return its contents
      return read file theFile
      end readFile
    • JavaScript
      var app = Application.currentApplication()
      app.includeStandardAdditions = true                  function readFile(file) {// Convert the file to a string
      var fileString = file.toString() // Read the file and return its contents
      return app.read(Path(fileString))
      }
  3. Displaying a dialog
    • AppleScript
      set theDialogText to "The curent date and time is " & (current date) & "."
      display dialog theDialogText
      --> Result: {button returned:"OK"}
    • JavaScript
      var app = Application.currentApplication()
      app.includeStandardAdditions = true                      var dialogText = "The current date and time is " + (app.currentDate())
      app.displayDialog(dialogText)
      // Result: {"buttonReturned":"OK"}

Some essential concepts of Mac scripting

Terminal commands and shell scripts

The terminal app provides a command-line interface to control your Mac using a set of commands. Using an admin account and password, you can tweak almost anything related to your system’s software code.

Some basic terminal commands

  1. Command: open
    Function: Opens a file
    Example: open “filename”
    open ./Desktop/macscripting.pdf
  2. Command: cp
    Function: Copies a file to another location
    Example: cp “filename” “new filename”                                               cp ./Desktop/Marketing.pdf Sales.pdf
  3. Command: rm
    Function: Removes a file
    Example: rm “filename”
    rm ./Desktop/macscripting.pdf
  4. Command: sudo shutdown –r now
    Function: Restarts the computer
     sudo shutdown –r now

However, executing these commands one by one can be really tedious at times. So, instead of running commands individually and waiting for the response, it’s better to consolidate them into a single shell script.
Being a ubiquitous feature of Unix or Unix-like operating systems shell scripts allows to program Unix commands in chains and have the system execute them as a scripted event just like a batch file. Tools like launchd and Apple remote desktop can be used to automate shell scripting and run scripts on a schedule.

Shell scripting guidelines

There are a few things you should bear in mind while creating a shell script for task automation.

  1. Begin with the characters # and ! (together known as shebang) to identify it as a shell script.
  2. Mention the shell which the script is going to run with after the shebang.
  3. Every new line is a new command.
  4. It’s good to add comments to the shell script. Every line of the comment should begin with the number sign (#).
  5. Use blank lines to separate different sections of the script.

Sample scripts for some common use cases

    1. Use case – Volume adjusting
      #!/bin/bash -l                                /usr/bin/osascript -e "set Volume 1.7"
    2. Use case – To read a file line by line
      #!/bin/bash                        input="/path/to/txt/file"
      while IFS= read -r line
      do
      echo "$line"
      done < "$input"
    3. Use case – To install Xcode command line tools
      #!/bin/sh                                                # This script will install Command Line Tools for Xcode on a fresh installation of OS X.
      # Usage: curl https://raw.github.com/gist/3053979/install-command-line-tools-for-xcode.sh | shDMG='command_line_tools_for_xcode_june_2012.dmg'cd $HOME/Downloads
      if [ ! -f ./$DMG ]; then
      echo 'Command Line Tools for Xcode not downloaded.'
      exit 1
      fi
      hdiutil attach $DMG
      sudo installer -pkg '/Volumes/Command Line Tools/Command Line Tools.mpkg' -target /
      hdiutil detach "/Volumes/Command Line Tools"
      rm -i $DMG
      cd -
      echo 'Finished install Command Line Tools for Xcode'

What is a shell?

A shell is the command interpreter that provides ways to interact with the underlying operating system. The shell scans the command-line, analyzes it and determines what to do. Prior to Catalina, macOS came with Bourne again shell (bash) as the default user shell and also included other shells like the TENEX C shell (tcsh), the Korn shell (ksh), and the Z shell (zsh). In macOS 10.15 Catalina, bash has been replaced by zsh as the default login and interactive shell.

bash vs zsh
 

How scripting can help admins in Mac management?

Running scripts on Macs is widely used by administrators to activate or uninstall applications, as well as for setting app configurations and even changing user or system settings, shutting down or restarting the device and so forth. Many of these tasks which must be performed frequently, maybe several times a day can be easily automated using this handy tool.

Mac scripting help admins in Mac management
Scripting lets you:
  • Save time and money – Without any third-party intervention, complex tasks can be easily invoked in a short time.
  • Reduce human errors – Scripts are consistent and less prone to errors and confusion.
  • Be flexible – Standardized scripts can be used for a variety of use cases giving it unprecedented usability.

Your imagination is the only limit to scripting. With that being said, it’s obvious that learning and mastering scripting is well worth the effort, but you have to get through some serious challenges which are quite difficult to overcome.

Challenges of scripting

Scripting acts as a powerful tool for bootstrapping new technologies but also unleashes bold new challenges for the enterprises few of which are listed below:

  1. When you have a huge fleet of Macs to be managed and a variety of scripts to be executed, it’s historically been difficult to get them organized. Admins have to coordinate various scripts sent to the devices as well as their responses.
  2. Before sending the scripts to the devices, admins also have to make sure that the scripts are correctly coded which would be a herculean task as well.
  3. Another important concern is the scope of the script running. Some scripts like the one to change Mac preferences should run at the user level but the script for shutting down/restarting a device should run at the system level. So, running a script at the correct permission level is also a hurdle that admins are likely to deal with.

Challenges are many but the good news is that there are solutions like Hexnode to assist you the way along and make inroads into your goal.

MDM takes the hassle out of scripting

MDM solution for Mac scripting
 

With an MDM solution like Hexnode, Mac scripting turns out to be surprisingly easy. Hexnode allows you to remotely push custom scripts to your Mac devices and users to execute additional management settings that may not be available in the MDM’s features stack. Using Hexnode, you can push scripts to several thousands of endpoints with just a click saving your time and effort taking Mac management to the next level.
When you have scripts to be pushed to a specific category of devices you can create criteria-based groups and send the run script action accordingly. Scripts can be executed according to the scope-level as Hexnode supports the feature for managed devices and users. You can keep track of the script’s response and execution status remotely right from the MDM console. Above all, using Hexnode gives you the added benefit of keeping your set of custom scripts and responses organized allowing you to perform repetitive tasks as configurations at ease.

Supported script types

  1. Perl (.pl)
  2. Bash (.sh)
  3. Shell (.sh)
  4. Non-compiled AppleScript (.applescript)
  5. C Shell (.csh)
  6. Zsh (.zsh)
  7. Korn Shell (.ksh)
  8. Hypertext Preprocessor (.php)
  9. Ruby (.rb)
  10. Python (.py)

 

Requirements

  • The script file name shouldn’t contain characters like / : ? < > \ * | “ [ ] @ ! % ^ #
  • Hexnode agent app should be installed
  • Make sure that the binary which is used to run the script is installed in the system

Best practices

  • Validate the script manually before uploading it to Hexnode.
  • The best practice is to run the script in any of the managed devices and make sure that the scripts are rightly coded before pushing them to the entire device fleet.

If you are a Mac administrator encountering difficulties with handling multiple tasks, have you ever considered evaluating an MDM solution supporting custom Mac scripting?
Go here to confidently evaluate Hexnode for your device fleet.

Alma Evans

Product Evangelist @ Hexnode. Already lost up in the whole crazy world of tech... Looking to codify my thoughts for now...

  •  
  •  
  •  
  •  
  •  

Leave a Comment

Your email address will not be published. Required fields are marked *