Skip to main content
Question

Execute Script right after policy finished

J
Forum|alt.badge.img+3
  • jdshub
  • New Contributor
  • 4 replies

Hi,

I need my policy to finish and after the policy finished I want to call a shell script...let's better say just a line of code.
I've tried "AFTER" and "BEFORE" and also with a sleep-timer within...but it seems that the policy will not complete with the script in it.

Is there a chance to call the script right AFTER (not within the policy) the policy ran?

Thanks & best regards,
Dan

    10 replies

    J
    Forum|alt.badge.img+5
    • Joseph_Morris
    • New Contributor
    • 43 replies
    • July 14, 2014

    You should be able to create a second policy with a trigger, and have the trigger be the first policy.

    dpertschi
    Forum|alt.badge.img+19
    • dpertschi
    • Contributor
    • 459 replies
    • July 14, 2014

    Have you tried to run your code from the Files and Processes > Execute Command field?

    That fires at the end of the policy.

    M
    Forum|alt.badge.img+3
    • mibrodt
    • New Contributor
    • 8 replies
    • July 14, 2014

    The only way i know to do that is to create a smart group with criteria based on the completed policy (such as a file that is now in place or app now installed) and then create a second policy against that smart group.

    J
    Forum|alt.badge.img+24
    • jarednichols
    • Valued Contributor
    • 1892 replies
    • July 14, 2014

    +1 for dpertschi.

    If it's a one-liner, no need to manage a script.

    J
    Forum|alt.badge.img+3
    • jdshub
    • Author
    • New Contributor
    • 4 replies
    • July 15, 2014

    Many thanks for your fast reply :)
    Basically it is a one liner...but the one liner terminates the user session with osacript :/ so the policy does not complete.
    Maybe there will have to be really a second policy.

    J
    Forum|alt.badge.img+24
    • jarednichols
    • Valued Contributor
    • 1892 replies
    • July 16, 2014

    If you're trying to jump into the user session you may be running into sandboxd blocking you. Watch Console on a target machine as the policy runs and you may see it happen.

    Remember that your policy scripts (and Execute Command field) run with implied sudo. You may need to actually do a script, capture the user, then do a sudo -u $user so that you're killing the user session as the user.

    Something like:

    #!/bin/sh
#capture the user
$user = `ls -la /dev/console | cut -d " " -f 4`

sudo -u $user run_your_command_as_the_user_here.
    Chris_Hafner
    Forum|alt.badge.img+23
    • Chris_Hafner
    • Jamf Heroes
    • 1718 replies
    • July 16, 2014

    +2 for dpertschi

    N
    Forum|alt.badge.img+18
    • nessts
    • Valued Contributor
    • 1007 replies
    • July 16, 2014

    create a launch daemon to launch the script and pkg both that and the script in a package, load the launch daemon in the postinstall of the package , then have the script wait for jamf processes to exit so your policy gets a good exit, then let the script log out the user.

    J
    Forum|alt.badge.img+13
    • JPDyson
    • Valued Contributor
    • 478 replies
    • July 16, 2014

    *launch agent; daemons run in the root context

    J
    Forum|alt.badge.img+3
    • jdshub
    • Author
    • New Contributor
    • 4 replies
    • July 17, 2014

    I've tried all your suggestions...the result was nearly all the time the same ;)

    What I want to do exactly:
    1) Run Policy for encryption - ok status gets deferred for user xxx
    2) Logout the user to start the encryption

    As I get the deferred status immediately, I thought the simple logout does the job...but in reality I have to restart my computer, login and log back out.
    Is there another workaround?

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings