Posted on 12-08-2017 07:10 AM
Hi.
I was wondering if there's a script available that will allow me to trigger all of my policies in the order I desire.
Uploaded my current script (not fully grasped the usage of scripts yet)
I'd like it to be a manual trigger for all of my policies but ordered e.g. 10GoogleChrome,20IssueFilevaultkey etc
Please help :D
Solved! Go to Solution.
Posted on 12-10-2017 01:37 PM
Here's the one I created to run arguments $4 thru $11 as custom triggers.
Just put it in a policy and fill the parameters with the triggers in the order you want them run.
#!/bin/bash
echo START
date
for Custom_Policy in $(seq 4 11); do
if [[ "${!Custom_Policy}" ]]; then
echo Running trigger ${!Custom_Policy}
jamf policy -event "${!Custom_Policy}"
fi
done
echo FINISH
date
Posted on 12-08-2017 08:22 AM
There are a couple of things you can do here. You can build a global script that runs on enrollment complete, in this script you'd want to make sure that the user is actually logged in before the policies start running. (this sounds like what you're wanting to do, I've attached a script that I use, you can ignore the splashbuddy components.
or
To your first policy that runs at enrollment complete, add a files and processes payload to that policy. In your example, you have a custom event trigger set named to manual_trigger. So in the files and process payload in the last box you would type something like:
jamf policy -event manual_trigger
This will trigger the policy that you're calling, then in the next policy you'd add another file and processes payload to trigger the following policy and so on, this will set them off like a daisy chain.
I suggest you take a look at a tool called SplashBuddy even if you don't use it you could maybe get a better understanding on how you can manage the order in which you want your policies to run.
Let me know if you have any questions, if you do decide to use splashbuddy, head over the the splashbuddy channel on slack and there are plenty of people there to help you get it setup.
Here is a script that I run on Enrollment Complete, it's the only policy I run at Enrollment complete and it calls all my other policies in order, feel free to cannibalize it any way you want.
#!/bin/bash
jamfbinary=$(/usr/bin/which jamf)
doneFile="/Users/Shared/.SplashBuddyDone"
sleep 15
while true
do
loggedinuser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')
echo $loggedinuser
if [ "${loggedinuser}" == "root" ] || [ "${loggedinuser}" == "_mbsetupuser" ]; then
echo "is root or mbsetupuser"
sleep 10
else
echo "is local user"
break
fi
done
echo "Installing SplashBuddy"
${jamfbinary} policy -event "install-SplashBuddy"
echo "Drinking some Red Bull so the Mac doesn't fall asleep"
caffeinate -d -i -m -u &
caffeinatepid=$!
echo "Installing Enterpise Connect"
${jamfbinary} policy -event "install-enterpriseconnect"
echo "Installing BlueCoat Certificate"
${jamfbinary} policy -event "install-BCC"
echo "Installing BlueCoat Unified Agent"
${jamfbinary} policy -event "install-BCUA"
echo "Installing Cisco AnyConnect"
${jamfbinary} policy -event "install-AnyConnect"
echo "Installing Skype For Business"
${jamfbinary} policy -event "install-sfb"
echo "Installing Citrix Receiver"
${jamfbinary} policy -event "install-citrix"
echo "Pulling down FileVault 2 configuration"
${jamfbinary} policy -event "requireFV2"
echo "Setting up Dock"
${jamfbinary} policy -event "setDock"
echo "Adobe Reader"
${jamfbinary} policy -event "adobereader"
echo "Installing Microsoft Office"
${jamfbinary} policy -event "install-office"
echo "Installing VPN Settings"
${jamfbinary} policy -event "install-vpnsettings"
echo "Certificate Import"
${jamfbinary} policy -event "certimport"
echo "Enterprise Connect launcher"
${jamfbinary} policy -event "eclauncher"
serial_number=`ioreg -l | grep IOPlatformSerialNumber|awk '{print $4}' | cut -d " -f 2`
/usr/sbin/scutil --set ComputerName $serial_number
/usr/sbin/scutil --set LocalHostName $serial_number
/usr/sbin/scutil --set HostName $serial_number
sleep 10s
#adbind uses a files and processes payload to call "finalsetup"
echo "Active Directory Binding"
${jamfbinary} policy -event "adbind"
echo "Creating done file"
touch "$doneFile"
echo "Quitting SplashBuddy"
osascript -e 'quit app "SplashBuddy"'
echo "Unloading and removing Splashbuddy Launchagent"
launchctl unload /Library/LaunchDaemons/io.fti.splashbuddy.launch.plist
rm -f /Library/LaunchDaemons/io.fti.splashbuddy.launch.plist
echo "Deleting SplashBuddy"
rm -rf "/Library/Application Support/SplashBuddy"
echo "Deleting lunch agent"
launchctl remove io.fti.SplashBuddy.launch
echo "Drank waaaayyyyy too much Red Bull"
kill "$caffeinatepid"
# OS X Version check potential
sw_vers_MajorNumber=`/usr/bin/sw_vers -productVersion | /usr/bin/cut -d. -f 2`
# Restart in 5 seconds if version above 10.12
if [ $sw_vers_MajorNumber -ge 12 ]; then
echo "software is 10.12 or lower"
kill -9 `pgrep loginwindow`
else
echo "software is over 10.12"
/sbin/reboot
fi
Posted on 12-10-2017 01:37 PM
Here's the one I created to run arguments $4 thru $11 as custom triggers.
Just put it in a policy and fill the parameters with the triggers in the order you want them run.
#!/bin/bash
echo START
date
for Custom_Policy in $(seq 4 11); do
if [[ "${!Custom_Policy}" ]]; then
echo Running trigger ${!Custom_Policy}
jamf policy -event "${!Custom_Policy}"
fi
done
echo FINISH
date
Posted on 12-14-2017 08:23 AM
Thanks Guys!
Posted on 01-24-2018 07:07 AM
@LovelessinSEA
I am curious about the details of how splashbuddy works with your policies names and package names. i haven't delved into Splashbuddy very far, so excuse my ignorance. From your script you aren't using the naming scheme that is recommended on the Splashbuddy Kickstart guide for your policies.
Is this because you are not using the enrollment trigger for you software installation and instead using a custom script to fire off the installs?
Thanks for you post, it helped me break through some issues I was having.
Posted on 01-30-2018 10:53 AM
@matthew.johnson You are correct. I chose to use a global script to fire off all of the policies instead of relying on the 01, 02, 03 naming convention. I chose this method along with a files and process payload to handle other policies to they fire off in a very specific order. This allows me to troubleshoot any issues that arise with my enrollment workflow.
You still must use the required splashbuddy naming convention for the package names, ie anyconnect-4.5.pkg
Posted on 01-30-2018 02:52 PM
nice script @LovelessinSEA