Executing terminal commands through FileWave

[Tobias.vonLienen]

I want to execute the following terminal commands remotely through FileWave to enable SSO for Edge on Mac:

 

defaults write com.microsoft.edge RestoreOnStartup -int 1

defaults write com.microsoft.edge AuthServerAllowlist *.DOMAIN

 

What is the best practice to do this?

[Sean]

The defaults command references the user's domain when you do no specify a path.  Is this intentional?

FileWave runs as the root user, so if you do not specify paths, then this will only impact the root user.  With that in mind, are these global settings in /Library/Preferences or are these desired to be user settings?

If you wish for them to be in /Library, they you may merely specify the path with the file name when running the command.  If they need to belong each user's Preferences though, then you will need to script a way to identify those files or a way to run the scripts as the current user, noting that there may not be any user logged in at that time.

However, if your devices are MDM enrolled, they you can set these within a Custom Settings Profile Payload instead.  Profiles of this type can be set as either User or System.

 

 

 

 

 

[Tobias.vonLienen]

Thank you Sean for the quick reply,

a custom settings profile seems to be the easiest solution, unfortunately not all of our Macs are MDM enrolled (yet), meaning I still have to find a way to execute the command on the other Macs.

I found this Execute macOS scripts ... | FileWave KB and inserted it on top of my script, but this also did not work.

The Client Log tells me this:

Quote

2023-12-06 8:26:10.302|main|INFO|CLIENT|Fileset Container ID 8254, revision ID 8254 has version 3. It contains 1 files and 3 folders
2023-12-06 8:26:10.303|main|INFO|CLIENT|Done processing Container Fileset Edge SSO, ID 8254, revision v1.0 TvL, ID 8254
2023-12-06 8:26:10.605|main|INFO|CLIENT|about to downloadAllFileset files for Fileset Edge SSO, ID 8254, revision v1.0 TvL, ID 8254
2023-12-06 8:26:10.719|main|INFO|CLIENT|Downloading Fileset Edge SSO, ID 8254, revision v1.0 TvL, ID 8254
2023-12-06 8:26:10.966|main|INFO|CLIENT|finished downloadFileset files for Fileset Edge SSO, ID 8254, revision v1.0 TvL, ID 8254
2023-12-06 8:26:10.970|main|INFO|CLIENT|Create all folders of fileset ID Fileset Edge SSO, ID 8254, revision v1.0 TvL, ID 8254, version 3
2023-12-06 8:26:10.971|main|FATAL|CLIENT|Filesystem object at /var already exists but it is not a folder
2023-12-06 8:26:10.977|main|INFO|CLIENT|Activate all files of Fileset Edge SSO, ID 8254, revision v1.0 TvL, ID 8254, version 3
2023-12-06 8:26:11.086|main|INFO|CLIENT|Done activating all 1 files of Fileset Edge SSO, ID 8254, revision v1.0 TvL, ID 8254, version 3
2023-12-06 8:26:11.337|main|INFO|CLIENT|Executed /var/scripts/8254/EdgeSSO.sh Return Code: 0
2023-12-06 8:26:11.564|main|INFO|CLIENT|Installation(s) Completed.

 

[Sean]

The details in the KB assume a user is currently logged in; it relies upon the owner of the console at the time it is ran.

If no user is logged in at that time, it will not be the a user on the device, but root or perhaps another hidden OS account.

I have also adapted the script example, since some commands will work with 'sudo -u', but some commands will require 'launchctl asuser'.  However, both may be supplied at the same time, which should ensure all eventualities are covered.

What does not work mean?  The script failed or it didn't do as you hoped?  Perhaps you could post the script.