Hello there! I hope everyone is doing great. Today, I want to discuss How to Deploy Shell Scripts using Intune. We’ll review what you must do before deploying shell scripts and some important things to remember when working with them on Intune. Additionally, we’ll deploy a sample script and observe how it operates on end-user devices.
Our previous blog post covered the most effective method for setting wallpaper in macOS through Intune. We explained the importance of organizations setting specific desktop wallpapers. We provided step-by-step instructions for deploying a configuration profile and shell script on Intune to set the wallpaper on all managed macOS devices. Additionally, we demonstrated the end-user experience clearly and concisely.
To better understand the topic at hand, it is important first to define what a shell script is and why it is necessary for macOS devices. Essentially, a shell script is a text file containing one or multiple UNIX commands.
It is used to perform tasks that are typically carried out through the command line. By allowing users to merge various tasks into a single script, it facilitates time-saving and prevents errors that may arise from performing similar tasks repeatedly.
Mac shell scripts may not be the go-to for creating complex programs, but they can definitely make your life easier by automating basic software tasks. With its powerful command-line tools, you can create scripts to help you navigate and access your OS, edit text files, and search through directories.
- How to deploy Microsoft Defender for macOS using Intune
- Learn How to Configure macOS Antivirus Policy Using Intune
Pre-Requisites for Deploy Shell Scripts
Before assigning shell scripts to macOS devices, IT Administrators must ensure that specific prerequisites are met. Here are the pre-requisites points to keep in mind:
- MacOS versions supported on Big Sur or later
- Devices are managed by Intune
- Devices should be connected to direct Internet, as for now, proxy connections are not supported.
- Shell scripts begin with
#!
and must be in a valid location ( e.g.,#!/bin/sh
) - Command-line interpreters for the applicable shells should be installed.
Important Considerations Before Deploying Shell Scripts using Intune
IT admins need to be aware of the limitations and considerations before deploying shell scripts on end-user macOS devices. Before using shell scripts, it’s crucial to check the prerequisites. Here are some essential points to keep in mind:
- Microsoft Intune management agent must be installed to run shell scripts on a macOS.
- The scripts will run as separate processes and in parallel on devices.
- If you run the script as the signed-in user, it will execute for all currently signed-in users on the device at the time of the run.
- To execute scripts as a signed-in user, sign in to the device.
- If the script requires changes that a standard user account cannot make, root user privileges are necessary.
- Certain conditions, such as a full disk or tampered storage location, may cause shell scripts to run more frequently than the chosen script frequency.
- If the local cache is deleted or the Mac device restarts, the scripts will attempt to run again.
- If a shell script runs for over 60 minutes, it is stopped and reported as “failed.”
How to Create, Edit, and Test Shell Script in MacOS
Now that we have understood the prerequisites and important things to consider while creating shell scripts in macOS, let us test the commands in real-time in a test macOS.
As an initial step, let us create a shell script in the terminal by running the below command, after running the command, it will ask for your Mac login password, and once entered, it will create a new file and let you enter the commands while opened in terminal app.
$ sudo vi New_script.sh
After entering the commands in the terminal as shell commands, we can save the logged output to a text file by running the below commands :
#!/bin/bash exec > /Terminal_Saved_Output.txt 2>&1 #enter commands below
To make the script executable, run the below commands:
$ sudo chmod +x New_script.sh
And lastly, to run and test the script, we can just simply type the commands below
$ ./New_script.sh
To open the logged output file, we can run the below command in the terminal:
$ cat /Terminal_Saved_Output.txt
How to Deploy Shell Script using Intune
Now that we understand how to create a shell script, Without further ado, let’s delve into the steps of how to deploy shell scripts using Intune using the below methods.
For the sample we have created and tested our sample.sh file and saved it on our Mac, as part of the process, we will upload it into Intune and deploy it to all macOS devices. To deploy the script, please follow the steps outlined below.
#!/bin/bash
#set -x
# Define variables
app=”Microsoft Edge”
site=”https://www.anoopcnair.com/author/snehasis/”
log=”/var/log/sample_script.log”
# start logging
exec 1>> $log 2>&1
open -a $app –args $site
- Sign in to the Microsoft Intune admin centre https://intune.microsoft.com/.
- Select Devices > macOS > Shell Scripts and click on Add to upload a new script.
Once you click on Add button from the above page, Provide the Name and Description and click on Next.
Under the Script settings tab, upload the Script with .sh extension, and once uploaded, you should be able to view the commands in the text window below. Once everything is set, please make sure to set the below settings as well.
- Run Script as singed-in User: To run the script with the user’s credentials, select Yes. Or, to run the script as the root user, choose No (default option)
- Hide Script notifications on devices: Notifications for running scripts will appear on macOS devices, with a message from Intune about IT configuration
- Script Frequency: Select the script frequency. Choose “Not configured” for a one-time run (default option)
- Max number of times to retry the script: Select how often to run the script if it fails (not configured is the default).
To deploy the Shell script on HTMD Mac devices, we have selected the options below:
Settings | Value |
---|---|
Run Script as singed-in User | No |
Hide Script notifications on devices | Yes |
Script Frequency | Every 1 Week |
Max number of times to retry if the script fails | 2 times |
Scope tags are filtering options provided in Intune to ease the admin jobs. In the scope tag section, you will get an option to configure scope tags for the policy. Click on Next.
On the next page, select Assignments group (Included groups and Excluded groups) and click Next.
Note! Assignment Group: It determines who has access to any app, policy, or configuration profile by assigning groups of users to include and exclude. In this case, we have selected All Devices under Assignments.
On the Review+create page, please review if any settings need to be changed, or else go ahead and create the Script.
Once the Shell Script is created, it will take a few minutes to get pushed to all the devices in the organization; also, to monitor the status of the list of targeted devices, we can check as per the below steps.
Steps to Monitor Deployed Shell Scripts
To see if the script has been successfully pushed to all the devices and check its success and failure ratio, let us navigate to Devices > under macOS > Select Shell Scripts, once you see the script, click on the link and go to the Overview page to view the graphical format of User and Device Status with status shown under the category Succeded and Error.
Also the same status also can be viewed in detailed format under the Monitor category. To check if the script ran successfully on the devices, click on Device Status, and we can get the status as Succeded or Error along with Device details, User Name, OS Version, and Last Updated Date and time stamp.
Once a script runs, it returns one of the following statuses:
- “Failed” script status indicates errors or improper execution due to a non-zero exit code or a malformed script.
- If marked as Success, the script has returned an exit code of zero.
Regardless of the frequency chosen for the script, the status of the script’s initial run only will be reported. However, the status will not be updated for subsequent runs. If the script is updated, it will be treated as a new script, and the run status will be reported again.
To view User Status, we can get the status as Succeded or Error along with User details as shown in the below image.
End User Experience
After successfully pushing the Shell scripts to all macOS devices in the organization, we checked to see what happens when the script runs, and as instructed to go to the HTMD site in Edge, it worked the same way on the end-user device.
Conclusion
After reading the article above, you should have a solid understanding of the steps required to create and deploy a shell script using Intune. Shell scripts are commonly used to automate tasks, allowing IT administrators to run multiple commands in a specific order. If you’re interested in creating your own script, try following the steps outlined above and let us know how it worked out for you. We appreciate your feedback on the use case of shell scripts.
Author
Snehasis Pani is currently working as a JAMF Admin. He loves to help the community by sharing his knowledge on Apple Mac Devices Support. He is an M.Tech graduate in System Engineering with over 6+ years of IT Experience.