- Jamf Nation Community
- Products
- Jamf Pro
- Re: Custom Trigger Question
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-06-2019 02:09 PM
Hi Everyone,
I just recently learned about Custom Triggers and I think they are great. I have a question about how I can get this done though.
Policy 1: (made to be fast)
-install essential software
-force restart in 2 minutes
-next login enable FileVault 2
Policy 2:
-install supplemental software
-install printers
-install etc
How can i trigger Policy 2 to run after that restart?
Solved! Go to Solution.
Labels:
- Labels:
-
Jamf Pro
-
Policies
-
Software Distribution
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-07-2019 06:49 PM
From a diffrent perspective if you want to keep it all within JAMF.... You could add a "watermark" to the system ( touch /var/db/.Policy1Done ) that runs with policy 1, run a recon at the end of policy 1, have an extension attribute looking for the "watermark".
Then you can run Policy 2 scoped to "Watermark Present" at login or startup. The last steps you would want to do in policy 2 is add a "counter watermark" file ( touch /var/db/.Policy2Done ) have an extension attribute looking for that "counter watermark".
The logic for the "Watermark Present" Smart Group would be Policy1Done is Present and Policy2Done is Not Present
Reply
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-06-2019 05:08 PM
I'm assuming that Policy 1 & Policy 2 are intended to run in sequence back to back guaranteed everytime. Here is One Way to Skin This Cat!
As a part of Policy 1 you could package and a deploy a LaunchDaemon & a script that the LaunchDaemon calls on.
For Policy 2, set the trigger to only a Custom Event (for sake of post we will name the event "policy2triggername")
Policy 1 Runs and deploys the launchdaemon & script, along with everything else it is suppose to do and then restarts.
The LaunchDaemon will run at load, when the user logs in & call the script.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.example.app</string>
<key>Program</key>
<string>/Script/Location/SCRIPT.sh</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>The Script in /Script/Location/SCRIPT.sh will contain the policy trigger command
#!/bin/sh
sudo jamf policy -event policy2triggernameNow Policy 2 is Triggered at login. As a part of Policy 2, you need to run another script from the JPS at the end to unload & then remove the LaunchDaemon & /Script/Location/SCRIPT.sh.
________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________
Virtual MacAdmins Monthly Meetup - First Friday, Every Month
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________
Virtual MacAdmins Monthly Meetup - First Friday, Every Month
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-07-2019 01:31 PM
@Hugonaut I want them to run in sequence but I don't want Policy 2 to start until after the restart. Would this still work for that?
I currently have a script that will call Policy 2 and it works but I believe it starts Policy 2 but then the restart process of Policy 1 occurs then when the computer comes back up the Policy 2 process was terminated by the restart.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-07-2019 02:48 PM
You could package this up and place it into /Library/LaunchDaemons and call it com.yourcorp.example.plist
You could then in your policy that this kicks off, do you printer installations and whatnot and also remove this plist afterward. You'd want to test that my syntax is correct, as I just quickly threw it together.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.yourcorp.example</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/jamf</string>
<string>policy</string>
<string>-event</string>
<string>your_trigger_goes_here</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-07-2019 06:49 PM
From a diffrent perspective if you want to keep it all within JAMF.... You could add a "watermark" to the system ( touch /var/db/.Policy1Done ) that runs with policy 1, run a recon at the end of policy 1, have an extension attribute looking for the "watermark".
Then you can run Policy 2 scoped to "Watermark Present" at login or startup. The last steps you would want to do in policy 2 is add a "counter watermark" file ( touch /var/db/.Policy2Done ) have an extension attribute looking for that "counter watermark".
The logic for the "Watermark Present" Smart Group would be Policy1Done is Present and Policy2Done is Not Present
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-06-2022 12:59 PM
I'm looking to do something similar but I'm a scripting noobie(although investigating this has started me on a journey). Would you be able to expand a bit more on the code required to place and then remove the watermark? Same for the extension attributes to then look for those watermarks?
I think this is going to help solve a fairly big issue for us. Appreciate any guidance!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-06-2022 02:00 PM - edited 03-06-2022 02:00 PM
It's a bit hard to give specific details with such broad details but you could
deploy a policy to a scope of systems, in the policy run a script at the end with something like
if [ -e <path to file> ]; then
echo "File installed"
touch /var/db/.FileNameInstalled
elif [ ! -e <path to file> ]; then
echo "File installed"
touch /var/db/.FileNameNotInstalled
fi
The EA would be:
if [[ -e </var/db/.FileNameInstalled> ]]; then
echo "<result>yes</result>"
elif [[ -e /var/db/.FileNameNotInstalled ]] || [[ ! -e </var/db/.FileNameInstalled> ]]; ; then
echo "<result>no</result>"
fi
If you can give more details on what you're trying to do can be more helpful. Hopefully I am explaining that clear enough, and my formatting didn't get jacked up
-Shaun
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-08-2019 06:37 PM
@casafrancisco Yes, LaunchDaemons/Agents run at boot or login. Because you are just deploying and not manually loading the daemon in policy 1, it will then trigger once the computer restarts and initiate, then calling policy 2. Use @ryan.balls plist - his process is cleaner! As Always!!! haha ...now I just gotta go back and rethink my Daemons because I overlooked that! @ShaunRMiller83s process is also flawless. +1
________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________
Virtual MacAdmins Monthly Meetup - First Friday, Every Month
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________
Virtual MacAdmins Monthly Meetup - First Friday, Every Month
Reply
