Jamf Nation Community

Have you tried to run your code from the Files and Processes > Execute Command field?

That fires at the end of the policy.

The only way i know to do that is to create a smart group with criteria based on the completed policy (such as a file that is now in place or app now installed) and then create a second policy against that smart group.

+1 for dpertschi.

If it's a one-liner, no need to manage a script.

Many thanks for your fast reply :)
Basically it is a one liner...but the one liner terminates the user session with osacript :/ so the policy does not complete.
Maybe there will have to be really a second policy.

If you're trying to jump into the user session you may be running into sandboxd blocking you. Watch Console on a target machine as the policy runs and you may see it happen.

Remember that your policy scripts (and Execute Command field) run with implied sudo. You may need to actually do a script, capture the user, then do a sudo -u $user so that you're killing the user session as the user.

Something like:

#!/bin/sh
#capture the user
$user = `ls -la /dev/console | cut -d " " -f 4`

sudo -u $user run_your_command_as_the_user_here.

+2 for dpertschi

create a launch daemon to launch the script and pkg both that and the script in a package, load the launch daemon in the postinstall of the package , then have the script wait for jamf processes to exit so your policy gets a good exit, then let the script log out the user.

*launch agent; daemons run in the root context

I've tried all your suggestions...the result was nearly all the time the same ;)

What I want to do exactly:
1) Run Policy for encryption - ok status gets deferred for user xxx
2) Logout the user to start the encryption

As I get the deferred status immediately, I thought the simple logout does the job...but in reality I have to restart my computer, login and log back out.
Is there another workaround?