Alma
Evans

A quick guide to executing custom Mac scripts via MDM

Alma Evans

Apr 1, 2020

14 min read

A quick guide to executing custom Mac scripts via MDM

While managing devices at the workplace it’s often the case that IT administrators grapple with tons of manual tasks particularly mundane and repetitive tasks pertaining to device configuration or app management. Most of these tasks have to be done iteratively over and over again. Manually managing all these configurations for only a handful of devices can be feasible. Now imagine having to perform the same set of daunting tasks on several thousands of endpoints. This is next to impossible taking up a huge amount of the ITs time. Errors occurring is almost certain – as the line of duty expands so does the probability of occurring errors! How well the IT respond to these management pains will literally contribute to the long-term success of your enterprise’s strategic plan on mobility.

Try Hexnode for mobility management

The agile way of working

IT administrators are always looking for quick and effective ways to tie over the hectic management tasks. There are many ways to tackle the burden on IT admins with varying degrees of success. Any approach towards automating the device management process lessens the admin’s burden, adds-on to ITs well-being at the workplace and free-up time for them to focus on things that matter. Running scripts or custom commands on endpoints is the best way possible to automate such boring stuff.

Having said that, how cool it would be to automate Mac management with custom scripts.

Automate Mac management with custom scripts
Automate Mac management with custom scripts
 

As Macs are forging their own path in IT with an ever-increasing number of endpoints to be managed, it’s imperative to adopt Mac scripting to chain together repetitive tasks and execute them without any user interaction. In this blog, we’ll be delving deeper into Mac’s side of scripting and how well a Mobile Device Management solution can work under the hood as a customizable automation tool to allow greater control over the device fleet.

What is Mac scripting?

Scripts, in general, are a series of written instructions used to automate repetitive or time-consuming tasks and create complex and powerful workflow solutions to enhance productivity. This small interpreted program consists of a set of statements each of which performing a specific operation based on the particular conditions they find. These commands which otherwise have to be executed one-by-one work together interacting with apps, processes, and the operating system to automate operations. Script also acts as an easy-to-use shortcut for convoluted commands.
Scripts can be essentially executed on Macs to perform any configuration or setting at the system level, which is considered as the inmost level of management. The terminal app command prompt in the Utility folder is used to execute scripts on Mac computers. This makes scripting much simpler as compared with the generic programming as you can use the commands you already know directly within your system’s interface: the command-line. And best of all, learning this powerful programming option can help you know the working of the command-line better.

How does Mac scripting work?

Typically, the inter-application communication in Mac devices takes place through Apple events, a kind of message designed to encapsulate commands and data. Using this data transport mechanism, the computer communicates the sequential instructions contained in a script to the application to automate actions. The targeted application interprets the commands and responds to the event by performing the desired operation or supplying data as the script demands.

Scripting languages

There are many different scripting languages used for extracting information from a set of data and for automating processes. Lua, Python, VBScript, PHP, etc. are examples. When it comes to Mac automation, the most important ones are AppleScript and JavaScript.

AppleScript

Developed by Apple in 1993, AppleScript is the official language of automation for Macintosh systems. AppleScript is an English-like scripting language designed to be easily understandable with a syntactic or grammatical construction that resembles written English. Scripts are generally written using the free utility, the Script editor app. Being the de facto standard for user interface scripting, AppleScript is much more than just a macro language. AppleScript can make decisions by parsing and analyzing data or by tracking user interactions.

JavaScript

JavaScript is the second scripting language used for user interface scripting since Mac OS X 10.10, Yosemite. It’s the most common cross-platform scripting language mainly used for implementing features on websites and web-based applications. Using the script editor which is included in every copy of macOS is the standard way for running JavaScript for automation.

Some sample scripts

  1. Moving one folder to another
    • AppleScript
    • JavaScript
  2. Reading the content of a file
    • AppleScript
    • JavaScript
  3. Displaying a dialog
    • AppleScript
    • JavaScript

Some essential concepts of Mac scripting

Terminal commands and shell scripts

The terminal app provides a command-line interface to control your Mac using a set of commands. Using an admin account and password, you can tweak almost anything related to your system’s software code.

Some basic terminal commands

  1. Function: Opens a file

    Example: open “filename”

  2. Function: Copies a file to another location

    Example: cp “filename” “new filename”

  3. Function: Removes a file

    Example: rm “filename”

  4. Function: Restarts the computer

However, executing these commands one by one can be really tedious at times. So, instead of running commands individually and waiting for the response, it’s better to consolidate them into a single shell script.
Being a ubiquitous feature of Unix or Unix-like operating systems shell scripts allows to program Unix commands in chains and have the system execute them as a scripted event just like a batch file. Tools like launchd and Apple remote desktop can be used to automate shell scripting and run scripts on a schedule.

Shell scripting guidelines

There are a few things you should bear in mind while creating a shell script for task automation.

  1. Begin with the characters # and ! (together known as shebang) to identify it as a shell script.
  2. Mention the shell which the script is going to run with after the shebang.
  3. Every new line is a new command.
  4. It’s good to add comments to the shell script. Every line of the comment should begin with the number sign (#).
  5. Use blank lines to separate different sections of the script.

Sample scripts for some common use cases

    1. Use case – Volume adjusting

      eg:

    2. Use case – To read a file line by line
    3. Use case – To install Xcode command line tools

      Note:

      This script gets executed only if the .dmg file for the tool is stored in “HOME/Downloads”.

    4. Use case – Check and install OS updates
    5. Use case – Restart device
    6. Use case – Rename a file

      eg:

    7. Use case – Delete a file or folder

      eg:

      Note:

      While using this command, please make sure that the path to the file or folder is given correctly as the data deleted in this manner cannot be retrieved.

    8. Use case – Delete contents of a folder

      eg:

    9. Use case – Copy to clipboard

      eg:

    10. Use case – Uninstall an app

      eg:

    11. Use case – Creating a new user
    12. Use case – Check encryption

      Sample output

What is a shell?

A shell is the command interpreter that provides ways to interact with the underlying operating system. The shell scans the command-line, analyzes it and determines what to do. Prior to Catalina, macOS came with Bourne again shell (bash) as the default user shell and also included other shells like the TENEX C shell (tcsh), the Korn shell (ksh), and the Z shell (zsh). In macOS 10.15 Catalina, bash has been replaced by zsh as the default login and interactive shell.

Bourne again shell vs Z shell in Mac
Bourne again shell vs Z shell in Mac
 

How scripting can help admins in Mac management?

Running scripts on Macs is widely used by administrators to activate or uninstall applications, as well as for setting app configurations and even changing user or system settings, shutting down or restarting the device and so forth. Many of these tasks which must be performed frequently, maybe several times a day can be easily automated using this handy tool.

Mac scripting help admins in Enterprise Mac management
Mac scripting help admins in Enterprise Mac management

Scripting lets you:
  • Save time and money – Without any third-party intervention, complex tasks can be easily invoked in a short time.
  • Reduce human errors – Scripts are consistent and less prone to errors and confusion.
  • Be flexible – Standardized scripts can be used for a variety of use cases giving it unprecedented usability.

Your imagination is the only limit to scripting. With that being said, it’s obvious that learning and mastering scripting is well worth the effort, but you have to get through some serious challenges which are quite difficult to overcome.

Challenges of scripting

Scripting acts as a powerful tool for bootstrapping new technologies but also unleashes bold new challenges for the enterprises few of which are listed below:

  1. When you have a huge fleet of Macs to be managed and a variety of scripts to be executed, it’s historically been difficult to get them organized. Admins have to coordinate various scripts sent to the devices as well as their responses.
  2. Before sending the scripts to the devices, admins also have to make sure that the scripts are correctly coded which would be a herculean task as well.
  3. Another important concern is the scope of the script running. Some scripts like the one to change Mac preferences should run at the user level but the script for shutting down/restarting a device should run at the system level. So, running a script at the correct permission level is also a hurdle that admins are likely to deal with.

Challenges are many but the good news is that there are solutions like Hexnode to assist you the way along and make inroads into your goal.

MDM takes the hassle out of scripting

Executing custom Mac scripts via MDM
Executing custom Mac scripts via MDM
 

With an MDM solution like Hexnode, Mac scripting turns out to be surprisingly easy. Hexnode allows you to remotely push custom scripts to your Mac devices and users to execute additional management settings that may not be available in the MDM’s features stack. Using Hexnode, you can push scripts to several thousands of endpoints with just a click saving your time and effort taking Mac management to the next level.
When you have scripts to be pushed to a specific category of devices you can create criteria-based groups and send the run script action accordingly. Scripts can be executed according to the scope-level as Hexnode supports the feature for managed devices and users. You can keep track of the script’s response and execution status remotely right from the MDM console. Above all, executing custom Mac scripts via Hexnode MDM gives you the added benefit of keeping your set of custom scripts and responses organized allowing you to perform repetitive tasks as configurations at ease.

Executing custom Mac scripts via Hexnode MDM

Supported script types

  1. Perl (.pl)
  2. Bash (.sh)
  3. Shell (.sh)
  4. C Shell (.csh)
  5. Zsh (.zsh)
  6. Korn Shell (.ksh)
  7. Hypertext Preprocessor (.php)
  8. Ruby (.rb)
  9. Python (.py)

Requirements

  • The script file name shouldn’t contain characters like / : ? < > \ * | “ [ ] @ ! % ^ #
  • Hexnode agent app should be installed
  • Make sure that the binary which is used to run the script is installed in the system

Best practices

  • Validate the script manually before uploading it to Hexnode.
  • The best practice is to run the script in any of the managed devices and make sure that the scripts are rightly coded before pushing them to the entire device fleet.

If you are a Mac administrator encountering difficulties with handling multiple tasks, have you ever considered evaluating an MDM solution supporting custom Mac scripting?
Go here for confidently evaluating Hexnode for your device fleet and executing custom mac scripts via MDM.

Share

Alma Evans

Product Evangelist @ Hexnode. Already lost up in the whole crazy world of tech... Looking to codify my thoughts for now...