How to test - Lock a Mac system via API if it has not updated Inventory in X days.

Question

I have a script to lock a Mac via API. No issues with that. It works very reliably.

I would like to use this script it to lock a Mac system when it has not updated inventory in over X days. Think of a Mac that has been shoved in a desk drawer for a while. This would force the user to contact the help desk to get it unlocked and explain why it has not bee online.

This is an easy enough policy and smart group to build. Last Inventory Update more than x days ago.

But testing is a pain in the butt. I have to wait 24 hours for “Last Inventory Update” to get to at least 1 day effectively test the policy.

Anyone know of a way to change “Last Inventory Update”?

AJPinto · Answer

You do not need to wait X days to test this. The smart group logic is already proven because it is based on inventory collection. You are not testing the trigger. You are testing the policy. For testing, either lower the threshold temporarily or manually scope the device so the policy runs immediately.

The larger issue is that policies targeting devices that have not updated inventory are rarely effective. If a Mac has not checked in, it is either offline or the Jamf binary is not working. No policy will reach it until the device checks in again, and that is the point where you should be doing remediation rather than locking the device. Keeping stale devices in Jamf just to catch a possible future check‑in also wastes licenses.

If the goal is to secure a long offline device, a Remote Lock or Remote Wipe command is more reliable since those do not depend on the Jamf binary. The device still has to come online, but at least the command will queue correctly.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded