Execute Script right after policy finished

jdshub
New Contributor

Hi,

I need my policy to finish and after the policy finished I want to call a shell script...let's better say just a line of code.
I've tried "AFTER" and "BEFORE" and also with a sleep-timer within...but it seems that the policy will not complete with the script in it.

Is there a chance to call the script right AFTER (not within the policy) the policy ran?

Thanks & best regards,
Dan

10 REPLIES 10

Joseph_Morris
Contributor

You should be able to create a second policy with a trigger, and have the trigger be the first policy.

dpertschi
Valued Contributor

Have you tried to run your code from the Files and Processes > Execute Command field?

That fires at the end of the policy.

mibrodt
New Contributor

The only way i know to do that is to create a smart group with criteria based on the completed policy (such as a file that is now in place or app now installed) and then create a second policy against that smart group.

jarednichols
Honored Contributor

+1 for dpertschi.

If it's a one-liner, no need to manage a script.

jdshub
New Contributor

Many thanks for your fast reply :)
Basically it is a one liner...but the one liner terminates the user session with osacript :/ so the policy does not complete.
Maybe there will have to be really a second policy.

jarednichols
Honored Contributor

If you're trying to jump into the user session you may be running into sandboxd blocking you. Watch Console on a target machine as the policy runs and you may see it happen.

Remember that your policy scripts (and Execute Command field) run with implied sudo. You may need to actually do a script, capture the user, then do a sudo -u $user so that you're killing the user session as the user.

Something like:

#!/bin/sh
#capture the user
$user = `ls -la /dev/console | cut -d " " -f 4`

sudo -u $user run_your_command_as_the_user_here.

Chris_Hafner
Valued Contributor II

+2 for dpertschi

nessts
Valued Contributor II

create a launch daemon to launch the script and pkg both that and the script in a package, load the launch daemon in the postinstall of the package , then have the script wait for jamf processes to exit so your policy gets a good exit, then let the script log out the user.

JPDyson
Valued Contributor

*launch agent; daemons run in the root context

jdshub
New Contributor

I've tried all your suggestions...the result was nearly all the time the same ;)

What I want to do exactly:
1) Run Policy for encryption - ok status gets deferred for user xxx
2) Logout the user to start the encryption

As I get the deferred status immediately, I thought the simple logout does the job...but in reality I have to restart my computer, login and log back out.
Is there another workaround?