Skip to main content
Question

Terminal Command in Self Service

  • December 19, 2025
  • 4 replies
  • 72 views
Rahul Sagar
Forum|alt.badge.img

Hello Everyone, 

I have recently completed Jamf 200 and I am trying to fix an existing issue which Employees faces time to time on Company Provided Mac.


We have a Microsoft Device Compliance Policy in place, where User registered their Mac (once per computer policy in Self Service) to make the laptop complaint as of the criteria to access company resources.

However, this Policy always get stuck in Pending status when checked over Jamf Admin Portal and device fails to become compliant and hence No access to company resources. 

When we try to run Sudo Jamf Policy - it does not show any policy to run.

But when we run MS Device Compliance policy using the Policy ID it runs successfully and helps to register the device and access to company resources. Sudo jamf policy -id xxx

 

As a workaround I want to make this policy (using Policy ID) available in Self service so that Employees can run it from there to fix the issue of their own. 

Can someone please suggest me the steps to make this Policy Available in self service. 

 

Thank you 

Rahul

 

    4 replies

    sharriston
    Forum|alt.badge.img+10
    • sharriston
    • Valued Contributor
    • December 19, 2025

    You would need to create a policy and use the “Files and Processes” payload. Click “Configure” and there is a line at the bottom labeled “Execute Command”. Put your command in as 

    /usr/local/bin/jamf policy -id xxx

    No need for sudo, Jamf runs commands as root. 

    Then scope it, then go to the Self Service tab and set it up how you like. 

    Should be good to go. 

     

    I misread the initial explanation. In order for a policy to run when you do:

    sudo jamf policy

    You will need a scope (either smart groups or directly assigned to devices) and the trigger “Recurring Check-In” checked off.

    Otherwise you can configure the policy to be a Self Service install but it will show as pending until the end user runs the policy from Self Service. 

      easyedc
      Forum|alt.badge.img+16
      • easyedc
      • Esteemed Contributor
      • December 19, 2025

      If you’re not getting a policy execution when running just 

      sudo jamf policy

      Then most likely the policy itself is misconfigured.  Either your scope hasn’t identified the targets properly, or your trigger mechanism is wrong. Can you provide more details? When you check logs for the policy, does it show the list of workstations you expect to be targeted (ie they meet the criteria you expected whether it’s all, missing XXY rule?, etc).  The other thing to check is what is your trigger and limitations? Are there any pre-requirements to the scoping? IE must have company portal installed, must have AV software, etc, that would delay the policy from running? 

        Rahul Sagar
        Forum|alt.badge.img
        • Rahul Sagar
        • Author
        • New Contributor
        • December 22, 2025

        Hello ​@easyedc 

        Thanks for your time and suggestion.

        Our Device Compliance Policy is 

        Once per computer = Execution Frequency 

        Trigger = Self Service

        Scope = All computers

         

        Its for all new computer who register their devices to meet Company Compliance criteria  however, most of the devices gets the error “ this device is enrolled with another device management provider”.

        And when we go to Jamf Portal and check the MS Device Compliance Policy logs for the serial number - its says Policy is pending and it stays on pending until executed with Policy ID on terminal.

         

        `That's the reason I wanted to create another self service policy where policy will be available to execute via Policy ID.

        Thank you 

        easyedc
        Forum|alt.badge.img+16
        • easyedc
        • Esteemed Contributor
        • December 22, 2025

        You could add a second trigger to the same policy with a custom trigger name to execute. At that point, you would run 

        sudo jamf policy -event “mypolicyname”

        and it would execute the same policy, which could also keep your logs organized if you’re trying to track log execution as well. In your policy editor, Under General > Trigger > Custom and give it a trigger word/phrase. Was this policy cloned from another policy? I’ve seen weird things like that happen and once a new policy is created from scratch things seem to magically work as expected. 

         

        Terms & ConditionsCookie settingsAccessibility statement