applescriptmdmprivacy-policy

Running apple script from bash


I have this apple script code that works fine from the Script Editor app:

tell application "Finder" to delete ((POSIX file "/Applications/Symantec Solutions/Symantec Endpoint Protection.app") as alias)

Now, I need to run that from my MDM solution (JAMF), so I'm trying to get it into a bash file as this:

osascript -e "tell application \"Finder\" to delete (POSIX file \"/Applications/Symantec Solutions/Symantec Endpoint Protection.app\") as alias"

but when run it from my editor (CodeRunner) it fails with: execution error: Not authorised to send Apple events to System Events. (-1743)

I think it's related with the Privacy Preferences Policy Control but I cannot make it work.

What I want to accomplish ultimately is that by running a script from my MDM I can get the same dialog that when I drag the app to the bin: "The application “Symantec Endpoint Protection” is hosting system extensions. These extensions will be removed if you continue." which I don't get if I just rm -rf the whole app.

Sorry if I can't be any clearer. Any clues?


Solution

  • Script Editor is (by default) authorized to apple events to other applications. If you want to run an AppleScript that controls other apps from some different context, you have to grant permission to that new context to control other apps. You do this by adding the controlling application to the 'Accessibility' section of System Preferences ➦ Security & Privacy ➦ Privacy.

    This gets a bit dicy when you shift contexts a lot. For instance, you seem to be using CodeRunner to execute a shell script to execute OSAScript, which might get a security violation at any level. Try giving permissions to CodeRunner and see if that clears things up.