I've been taking a look at about a dozen restart scripts that have been shared with the community over the last several years. Unfortunately it's looking like forcing a restart on a MacBook with an M1 processor is no longer a viable option? Is there a new way to do this through JAMF with a simply policy, or with a script compatible with the new macs?
What we find is students rarely restart their devices, and sometimes we need them to (to force quit certain apps for instance so policy changes can be made). We aren't talking about post software updates, just a way to scope a policy to prompt the user to restart their device, and offer some sort of short deferral, but ultimately enforce the restart with an automatic shutdown, if the last deferral expires.
I've tried the one from @m_donovan at https://community.jamf.com/t5/jamf-pro/jamf-helper-reboot-script-with-deferral/td-p/188511#responseChild164611%3Cbr%3E but that does not seem to work anymore. If anyone has any thoughts, please let me know! I would greatly appreciate the help!
Thanks!
Keith
1. Create a policy with user interaction and a recurring check-in trigger.
2. In the Files and Processes payload run "sudo shutdown -r now"
3. Use an extension attribute to track Uptime, to see if it actually rebooted.
or you could just create a luanch daemon that activates at a specific time and day of the week.
Thanks for the reply! I was able to see what you were talking about in the policy options. This will hopefully work for what we need!
Thanks again!
Keith
1. Create a policy with user interaction and a recurring check-in trigger.
2. In the Files and Processes payload run "sudo shutdown -r now"
3. Use an extension attribute to track Uptime, to see if it actually rebooted.
or you could just create a luanch daemon that activates at a specific time and day of the week.
After further testing, I'm wondering if we may benefit from using "sudo shutdown -h +1 &" in order to provide enough time to submit the policy results to JAMF. I have noticed some devices do not appear to be submitting their info after the policy has run. Do you see any issues with using the above command?
Thanks!
Keith
After further testing, I'm wondering if we may benefit from using "sudo shutdown -h +1 &" in order to provide enough time to submit the policy results to JAMF. I have noticed some devices do not appear to be submitting their info after the policy has run. Do you see any issues with using the above command?
Thanks!
Keith
Correct, that will give your machine enough time to update inventory.
Correct, that will give your machine enough time to update inventory.
Thank you! By the way, being new to terminal commands, exactly what is the difference between -h and -r? I understand -r is to indicate recursion for paths?
Thank you! By the way, being new to terminal commands, exactly what is the difference between -h and -r? I understand -r is to indicate recursion for paths?
@KAndrews5725 here's a pro tip: whenever you need to know what the flags of a specific command do...you can open terminal and type "man + the command you need to learn more about"
In this case you would run "man shutdown" to learn more about the shutdown command.
@KAndrews5725 here's a pro tip: whenever you need to know what the flags of a specific command do...you can open terminal and type "man + the command you need to learn more about"
In this case you would run "man shutdown" to learn more about the shutdown command.
Ok great! Thanks again!
@KAndrews5725 here's a pro tip: whenever you need to know what the flags of a specific command do...you can open terminal and type "man + the command you need to learn more about"
In this case you would run "man shutdown" to learn more about the shutdown command.
I was looking at that, thanks! So +1 indicates one minute. So ideally I'd probably want "sudo shutdown -r +1 &"
I was looking at that, thanks! So +1 indicates one minute. So ideally I'd probably want "sudo shutdown -r +1 &"
Correct. Good luck on the you scripting journey! It gets easier with time and practice.
Correct. Good luck on the you scripting journey! It gets easier with time and practice.
Thank you! Yes, I am learning a little more each time, which I have enjoyed.
Correct. Good luck on the you scripting journey! It gets easier with time and practice.
One more thing, if you want to see that your policy actually ran in the dashboard, you would need to have a launch daemon run the shutdown command on your behalf.
One more thing, if you want to see that your policy actually ran in the dashboard, you would need to have a launch daemon run the shutdown command on your behalf.
#!/bin/bash
# Create restartcomputer.sh
echo > /tmp/restartcomputer.sh '#!/bin/bash
# Sleep for 50 seconds
sleep 50
# Shutdown Immediately
sudo shutdown -r now'
# Create and load a LaunchDaemon to fork restart
echo "<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.company.restart</string>
<key>UserName</key>
<string>root</string>
<key>ProgramArguments</key>
<array>
<string>sh</string>
<string>/tmp/restartcomputer.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>" > /tmp/restart.plist
sudo chown root:wheel /tmp/restart.plist
sudo chmod 755 /tmp/restart.plist
sudo launchctl unload /tmp/restart.plist
sudo launchctl load /tmp/restart.plist
exit 0
One more thing, if you want to see that your policy actually ran in the dashboard, you would need to have a launch daemon run the shutdown command on your behalf.
Ok, good to know. Right now I am collecting inventory from an extension attribute called "Uptime" and that has allowed me to generate a smart group of devices that have not restarted in X number of days. From that group I can determine how many laptops have restarted, but ultimately it doesn't tell me if the policy ran, or not. I guess I just really want the laptops to be restarted one way or the other, and the smart group gives me a pretty good idea as to how many devices have, and how many are left to be done.
#!/bin/bash
# Create restartcomputer.sh
echo > /tmp/restartcomputer.sh '#!/bin/bash
# Sleep for 50 seconds
sleep 50
# Shutdown Immediately
sudo shutdown -r now'
# Create and load a LaunchDaemon to fork restart
echo "<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.company.restart</string>
<key>UserName</key>
<string>root</string>
<key>ProgramArguments</key>
<array>
<string>sh</string>
<string>/tmp/restartcomputer.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>" > /tmp/restart.plist
sudo chown root:wheel /tmp/restart.plist
sudo chmod 755 /tmp/restart.plist
sudo launchctl unload /tmp/restart.plist
sudo launchctl load /tmp/restart.plist
exit 0Thanks again for your help! So far I am liking the way the script works and I am seeing the log info in JAMF. One error, that doesn't appear to be affecting the functionality:
"Script result: /tmp/restart.plist: Could not find specified service
Unload failed: 113: Could not find specified service"
Anything I should try differently. Someone suggested removing the "SUDO" command from the beginning of the command lines at the bottom of the script. That doesn't appear to have changed the error code.
Thanks again!
Keith
Thanks again for your help! So far I am liking the way the script works and I am seeing the log info in JAMF. One error, that doesn't appear to be affecting the functionality:
"Script result: /tmp/restart.plist: Could not find specified service
Unload failed: 113: Could not find specified service"
Anything I should try differently. Someone suggested removing the "SUDO" command from the beginning of the command lines at the bottom of the script. That doesn't appear to have changed the error code.
Thanks again!
Keith
@KAndrews5725, I predominantly use that for testing in code runner. The issue you're seeing is the unload and load near the end of the script. You should be able to remove the unload to fix the issue.
@KAndrews5725, I predominantly use that for testing in code runner. The issue you're seeing is the unload and load near the end of the script. You should be able to remove the unload to fix the issue.
Ok I will give that a shot! Appreciate the help!
I'm trying to accomplish something similar, I have a script and created an extension attribute for uptime, and a script in a policy, but I'm unclear as to how it's all tied together.
