MacOS
View all Worklets
MacOSmacOS

macOS Notifier

Notify macOS end users with osascript modal alert dialogs that interrupt the active session until acknowledged

Worklet Details

What the macOS end user notifier does

This Automox Worklet™ surfaces a native macOS alert dialog to the user sitting in front of the endpoint. The Worklet runs osascript with the display alert command and shows the configured title in bold above the message body. The alert appears as a mid-screen sheet and stays on top until the user clicks a button, which prevents the prompt from being missed in the way a Notification Center banner often is.

The script is intentionally simple. You set two variables at the top, titleText and messageText, and the remediation calls osascript -e 'display alert "$titleText" message "$messageText"'. Embedded double quotes are escaped at runtime so end users can include quoted strings in either field without breaking the AppleScript.

The remediation file also ships with commented examples that extend the base dialog: a single custom button, multiple buttons with default and cancel assignments, an alertType set to informational, warning, or critical, a giving up after timeout in seconds, and a URL-redirect block that opens a configured link in Safari or the user's default browser when a specific button is clicked. Uncomment the section you need and replace the active osascript line.

Why surface admin messages on the endpoint

Email and Slack rarely reach end users in time when a Worklet is about to reboot the laptop, kill a running process, or install a security patch. Mac admins routinely ship a maintenance policy and then field tickets from users who say their machine just restarted on its own. A mid-screen modal alert rendered minutes before the action runs closes that gap.

The built-in Automox notifier renders in the upper corner of the screen, where it is easy to overlook during a meeting or a focused task. Chain this Worklet ahead of a forced restart, patch group, or compliance Worklet so the user sees a center-of-screen prompt that does not disappear until acknowledged. You control the exact message text from the script variables, which keeps wording consistent across every endpoint in scope.

How the macOS alert dialog works

  1. Evaluation phase: The evaluation script exits with code 1 unconditionally. A notification is an action, not a state, so there is nothing on the endpoint to inspect. The evaluation simply tells Automox to schedule the remediation every time the policy runs.

  2. Remediation phase: The remediation script sets titleText and messageText, then invokes osascript -e 'display alert "$titleText" message "$messageText"' to render the alert. Double quotes inside either string are escaped with bash parameter expansion (${titleText//\"/\\\"}) so quoted content does not break the AppleScript. The script exits 0 after the user dismisses the alert or after the optional giving up after timeout elapses.

Requirements for the macOS notifier

  • macOS endpoint with the Automox agent installed and bash available

  • osascript present at /usr/bin/osascript (default on all supported macOS releases)

  • An active console user logged in at the time of remediation, otherwise the alert has no GUI session to render in

  • Set the titleText and messageText variables in the remediation script to the strings you want the user to see

  • Optional: enable the commented blocks in the script for custom buttonText, defaultButton, cancelButton, alertType (informational, warning, critical), or dialogueTimeout in seconds

  • Optional: enable the URL-redirect block to open a configured link in Safari, or use the default-browser variant that resolves the active browser via NSWorkspace before running open -a

Expected behavior after the notifier runs

The end user sees a modal alert at the center of the active display with the configured title in bold and your message body underneath. The default OK button dismisses the alert; if you enable the multi-button block, the user picks from the labels you defined. The alert stays on top of other windows until it is clicked or, if you set dialogueTimeout, until the giving up after seconds elapse.

Automox activity logs record exit code 0 for a successful run. If you enabled the URL-redirect block, validate the click handoff on a pilot endpoint by confirming that Safari (or the user's default browser when the NSWorkspace variant is enabled) opens to the configured URL after the matching button is pressed. If the remediation runs while no user is logged in, the alert has no GUI session to attach to and will not render – schedule the Worklet during business hours or chain it behind an evaluation that checks for an active console session.

View in app
evalutation image
remediation image

Consider Worklets your easy button

What's a Worklet?

A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklets deploy named-CVE mitigations within hours of disclosure, perform configuration, remediation, and install or remove applications and settings across Windows, macOS, and Linux.

do more with worklets