Deleting and recreating the login keychain via Self Service

In Andrina Kelly's great JNUC 2013 talk, she included a handful of examples of how to use Self Service to give customers the ability to self-solve recurring issues. One of the examples is recreating the login keychain. Her script is on Github here. It gets the currently logged-in user, detects their login keychain, then deletes it and creates a new one. This requires the user's password, which the script prompts for using cocoaDialog.

I've wanted to get something similar going at my workplace, but I've been trying to avoid deploying cocoaDialog to machines as all of our machines already have jamfHelper and AppleScript available. It seems like overkill to install yet another dialog tool if I can get the ones already there to do what I want.

Based on my previous work (which is in turn based on Elliot Jordan's) I decided to utilize jamfHelper and AppleScript to do the heavy-lifting of prompting for the password and passing it along.

From the user's point of view, it will work like this:

They'll open Self Service, and find the Fix Keychain policy (or whatever you want to call it).



Then, they'll see a prompt to inform them of the coming password prompt.


After that is the password prompt, with hidden answer enabled.


The new login keychain will be created, and they'll get a success message.


If they enter their password incorrectly, they'll see the following.


If they really just can't type in their password correctly, they'll get a failure message and Self Service will record that the policy failed. If you have policy fail notifications enabled in your JSS, you'll get an email about it.


In terms of the script, you can review it below.

The components are really straightforward, and all you should have to modify if you choose to use this is the logo location (if you don't have a custom/company logo on the computer or if you just feel lazy, using the .icns from the Keychain Access.app bundle works ("/Applications/Utilities/Keychain Access.app/Contents/Resources/AppIcon.icns") as displayed in the above prompts. You may also want to edit some of the wording on the prompts, including whatever way you'd want a customer to contact your team in the event that something goes awry.

The JSS policy is relatively simple, just the script scoped to whatever computers you want, configured for Self Service.



Thanks to Andrina for the original script and Elliot for the great use of jamfHelper and AppleScript for user prompts.


Did you find this post useful? Leave me a tip!
💖

0 comments:

Post a Comment

Thanks for commenting! Don't forget to follow along on Bloglovin and on Twitter at @emilyooo!