Jamf Nation Community

Cool. I'd try adding -startlaunchd to your jamfhelper command.

Apparently the JAMFhelper isn't all-inclusive. You need to add logic commands. Which makes sense if you know you need to do it- I thought it was built into the JAMFHelper.
I know it outputs some codes and prints the return values to stdout- but I don't know how to utilize those codes to make stuff happen.

Got it. Maybe this can be a starting point then .. For a dialog with a defer button like this:

external image link

Your script would look something like this:

# Keep looping to delay while screensaver is active, preventing the dialog from displaying until the user has logged back in.
delayWhileScreensaver (){
pidSaver=0
while [[ $pidSaver != "" ]]; do
    sleep 5
    echo "Looping, pidSaver=" "$pidSaver"
    pidSaver=$(ps -ef | grep [S]creenSaverEngine | awk '{print $2}')
done
}

delayWhileScreensaver

level=`/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -startlaunchd -windowType hud -timeout 3600 -title 'Cisco CCIT Courtesy Message [CM/SEC091712]' -heading '                            Your Privacy. Upgraded.                      ' -description "Your Mac at Cisco is now eligible for FileVault full disk encryption, designed to protect your privacy and safeguard corporate intellectual property.

With FileVault 2 and the Cisco AMP Encryption Key Escrow, your data is safe and secure – even if it falls in the wrong hands – using XTS-AES128 encryption.

When clicking Encrypt Now, you'll be prompted to sign out and begin the unobtrusive initial encryption. Should you decline, we'll remind you in the days ahead.

Visit mac-wiki for more information, or, in the unlikely event you require support, contact the Cisco Global Technical Response Centre." -icon /System/Library/Resources/CiscoExperience/Message_CE.png -lockHUD -countdown -button2 'Defer' -button1 'Encrypt Now'`

echo "LEVEL (BUTTON):" "$level"

if [ "$level" == "0" ]; then

# Create lock file containing the reboot command so that 1) to check so dialog box is not redisplayed between user clicking "Encrypt Now" and system reboot .. Important: file is removed at end of fvActivate policy, see policy > command field.
touch /private/tmp/fvLogoutPending.csco

# Call to fvActivate which includes the osascript logout in the Policy Command String
# But first wait via while-loop for screensaver to end
delayWhileScreensaver
echo "Calling fvActivate Policy"
/usr/sbin/jamf policy -trigger fvactivate

fi
if [ "$level" == "2" ]; then
    # If level=2, then do something else, in our case:
    deferralVisaStamp=$(date "+%Y-%m-%d %H:%M:%S")
    echo "User Selected Defer"
    echo "Stamping fvDeferralVisa.csco with Visa $deferralVisaStamp"
    echo "$deferralVisaStamp" >> /var/log/fvDeferralVisa.csco
    visaCount=$(wc -l /var/log/fvDeferralVisa.csco | awk '{print $1}')
    echo "User Has Now Deferred $visaCount times"
    firstDeferral=$(head -1 /var/log/fvDeferralVisa.csco)
    firstDeferralSeconds=$(date -j -f '%Y-%m-%d %H:%M:%S' "$firstDeferral" +%s)
    todaySeconds=$(date "+%s")
    deltaSeconds=$(expr $todaySeconds - $firstDeferralSeconds)
    deltaDays=$(expr $deltaSeconds / 86400)
    echo "User first declined encryption $deltaDays days ago"
    echo "======================================"
fi

Hello. Nicktong this is a great script and I am sculpting it to fit my env. One thing I noticed is I was getting errors about the time syntax. Did you have errors with that part of the script? I am running it on 10.9.1. It seemed in setting it to fit my environment I messed up the "deferralVisaStamp" variable and I caught that. Then I added a "" to the second date syntax '%Y-%m-%d %H:%M:%S' thinking I need that to match up, I was wrong. I also need to add quotes around the following: "%s")
to get it to properly add lines to the /var/log/(file) and delay without errors. Question, what is your time logic if I may ask. Also with the delay how are you handling that with policy, meaning does your delay actually delay or does the trigger or execution frequency take precedent in policy. Thank you for your help and for posting the script. Sorry if anything does not make sense here.

Another question and probably the key to the defer is what is in that policy that checks the lock file and enables defer. I am trying to use this to trigger Apple updates but allowing the users to delay updates. It seems that my policy execution frequency is taking precedent.