Jamf Nation Community

I agree with @mm2270 it seems a bit complicated. Why not run the script as part of step 1? Then scope your SG based on successful completion of the policy.

Or, as Mike suggested, use an EA to check for the existence of said file.

Or, scope your SG based on successful completion of the policy that runs the script in step 2.

@stevewood We are currently running JSS 9.32. In newer versions is there a smart group criteria for "successful completion of a policy"?

@frozenarse no, sorry, there isn't a criteria for that. However if you are installing a package you can scope to "Packages Installed By Casper". That won't necessarily provide exact info if a policy is successful, but it would be close. Same is true of the EA method.

Bummer... I was excited for a minute. Typically I would just create a dummy receipt as Emily suggested.

Yeah, that's a real shame. It would be great to have a built in dependency engine for policies rather than having to hack up criteria with dummy receipts, extension attributes etc.

@danf_burberry On the surface I agree though I'm not too sure how that would be laid out. I find receipts rather easy to deal with as I wouldn't want a source external form the local machine maintaining that log. My current thinking is that in the end, we might end up with a single master receipt or other local JAMF log on the client instead of a directory with a bunch of receipts. I'd love to know if I'm dead wrong here and that there would be another really simple way of handling the dependencies (Broad description I know).

It would definitely take a bit of thinking @Chris_Hafner but my feeling is that it is overdue that there was some form of dependency model built in to the system.

I'm currently working on scripts to run at the end of a policy which add a machine to a static group so the next policy can be scoped against this group. This is far from perfect though, I would really prefer something that would enable us to have a nice clean view of which machines are due to run what.

You know, I kind of wonder what may end up getting built into JAMF version of version control. I mean, it may not end up having anything to do with the multitude of dependencies we all either deal with or have created but it was at least a part of the discussion in the feature request.

Hi - Your initial workflow description is a little vague so you will have to forgive me for posting a response that is a little vague. ;-)

I've spent years messing around with this sort of thing because I want my Macs to do everything for me because they know they should... I carry the title "Lazy SysAdmin" with pride!

The easiest, as mentioned is to create a receipt file that you stash somewhere then have Casper look for the file. Another way is to interrogate the installer (or other more appropriate log) to see if the action is present in the logs. A third way is to use the "Version Number" capabilities of Casper for Smart Group creation. That's a fun one if you think about it. You can even use the JAMF binary to trigger a status change that is your policy trigger.

And in a less fancy but sometimes effective move, I would force the first task to run on command then let Casper run the follow up workflow on its own pace. The wisdom of this depends on a bunch of factors including how much latitude you have over the Macs in question, how sensitive the users are, whether the users will notice, and so on... Are you a Ninja? Is it super urgent? If not, sometimes its easier to just run the jobs one at a time and let them all get re-baselined. And Self Service can be your friend too. ;-)

Wayne

Oh one last thought. If you don't have a /Library/<Organization Name> (or similar directory someplace else) on your Macs already, you are making things hard on yourself needlessly. Its old school but there are countless uses.... ;-)