Help

Double Inventory Update after policy execution?

JureJerebic
Contributor

Posted on ‎09-27-2022 05:17 AM

Hi everyone!

We're looking for a workflow on how to do a double Inventory Update after the policy has run. Specifically, we're installing Jamf Connect via a policy, and while there is already an inventory update set to run as a maintenance task after the policies execution, this inventory update does not yet include Jamf Connect in the list of installed applications. So we need to have another one run a little bit later, which then reports Jamf Connect app as installed, which uninstalls other profiles from the computer. How could we go around doing that?

0 Kudos
8 REPLIES 8

sdagley
Esteemed Contributor II

Posted on ‎09-27-2022 05:46 AM

@JureJerebic If a .pkg is part of a policy it should definitely install before the Maintenance payload runs the inventory, so the behavior you're seeing is odd.  To force another inventory you can add a Files and Processes payload to your policy and have it execute the command '/usr/local/bin/jamf recon' which will run an immediate recon.

0 Kudos

JureJerebic
Contributor

Posted on ‎09-27-2022 05:56 AM

Jamf Connect is not part of the policy or its packages. In the policy, we only deploy Jamf Connect Launch Agent and the assets. Then we have a smart group configured that detects if the Launch Agent is installed, and when it is, it scopes the two configuration profiles to it: Jamf Connect app configuration (and as such the app itself as well), and the Jamf Connect Login window configuration. So it does make sense that the inventory update after the policy doesn't include Jamf Connect app.

0 Kudos

sdagley
Esteemed Contributor II
In response to JureJerebic

Posted on ‎09-27-2022 06:35 AM

@JureJerebic Thanks for the additional detail. We don't use Jamf Connect in my org, so I'm not familiar with he deployment process. If the Jamf Connect app doesn't get installed until sometime after you've deployed the installer .pkg for it you might set up a LaunchDaemon using a WatchPaths key to detect when the app actually gets installed and have that LaunchDaemon trigger a script to force a '/usr/local/bin/jamf recon' (and then remove the script and LaunchDaemon)

0 Kudos

JureJerebic
Contributor

Posted on ‎09-27-2022 06:48 AM

Don't LaunchDaemons only start at the system startup? And LaunchAgents at the user login? Or can they be set so that they launch immediatel after the installation?

0 Kudos

sdagley
Esteemed Contributor II
In response to JureJerebic

Posted on ‎09-27-2022 07:23 AM

@JureJerebic LaunchDaemons are loaded at system startup (if using FileVault system startup does not occur until the user enters their password to unlock the Mac) but that doesn't mean that's when they necessarily run. Using the WatchPaths key will trigger the LaunchDaemon only when there is a change to the specified path.

See https://www.launchd.info/ for details on how configure LaunchDaemons (or LaunchAgents). It's from the publishers of LaunchControl which is a utility that provides a GUI for building LaunchDaemons/Agents.

0 Kudos

mikesmithwsu
New Contributor II

Posted on ‎09-27-2022 07:55 AM

maybe create a smart group based on if the device has jamf connect installed, then deploy a policy to that group that schedules an inventory?

0 Kudos

JureJerebic
Contributor
In response to mikesmithwsu

Posted on ‎09-28-2022 02:38 AM

This would take 24 hours until the next inventory update is performed, Jamf Pro receives information that JC app is installed and then deploys a policy.

0 Kudos

JureJerebic
Contributor

Posted on ‎09-28-2022 05:10 AM

We sorted it out with a LaunchDaemon

0 Kudos