Execution error: No User interaction allowed.

Question

Execution error: No User interaction allowed.

Genesis2kx opened this issue 6 years ago · comments

When testing from a Jamf Pro Policy I get the following error in the policy logs.

28:320: execution error: No user interaction allowed. (-1713).

Seems to work fine when I run the script locally from terminal. The only difference is it's running as root from JAMF and not root when local.

Any ideas?

Stephen Short · Answer 1 · Wed Feb 20 2019 08:50:37 GMT+0800 (China Standard Time)

Is this Mac on Mojave, and did that error happen when a user clicks the Change Password button? If so, then the Jamf binary (and/or) jamfagent need a PPPC profile for Accessibility access. Both are whitelisted in my environment, but this is a good call out. I’ll work on uploading a PPPC profile that whitelists for this purpose and add a note in the script.

…

On Feb 19, 2019, at 16:17, Alex Hylton ***@***.***> wrote: When testing from a Jamf Pro Policy I get the following error in the policy logs. 28:320: execution error: No user interaction allowed. (-1713). Seems to work fine when I run the script locally from terminal. The only difference is it's running as root from JAMF and not root when local. Any ideas? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

Stephen Short · Answer 2 · Wed Feb 20 2019 10:58:07 GMT+0800 (China Standard Time)

https://github.com/ducksrfr/mac_admin/blob/master/Privacy%20Preferences%20Policy%20Control%20Profiles/Jamf_accessibility.mobileconfig

Alex Hylton · Answer 3 · Thu Feb 21 2019 04:31:31 GMT+0800 (China Standard Time)

Yes, the mac in on Mojave and the error is only seen in the policy log in the Jamf Pro server when the policy runs. On the mac itself, no pop-ups appeared with the dialog stating the password was expired etc. and didn't open the system preferences window. It's as if the script could not execute at all on the machine. Tried another mojave machine and same error in the policy log, but no signs that the script ran at all on the target machine since no pop-ups appeared.

I uploaded the jamf accessibility config profile and got an error that it could not create an object from the file. Does the file need to be edited in some way before upload? @ducksrfr

Stephen Short · Answer 4 · Thu Feb 21 2019 08:04:14 GMT+0800 (China Standard Time)

Ok, if the dialog won't even appear let's make sure you have Jamf whitelisted for System Events, SystemUIServer, and Finder as well. Here's an example profile: https://github.com/rtrouton/privacy_preferences_control_profiles/tree/master/Privacy%20Settings%20Whitelist%20-%20Jamf%20Notifications

I would also try signing the profiles before uploading to Jamf so that it doesn't get altered in any way.

Stephen Short · Answer 5 · Fri Feb 22 2019 07:55:23 GMT+0800 (China Standard Time)

Ok, the script has been updated to reflect what I have in Jamf. sudo -u $currentUser is prepended on each osascript command. Added an additional note about PPPC whitelisting for AppleEvents to control System Events along with PPPC whitelisting for Accessibility.

Stephen Short · Answer 6 · Sat Mar 02 2019 14:50:31 GMT+0800 (China Standard Time)

Prefacing osascript command with sudo -u $currentUser resolves issue when running script via Jamf/as root.