Force policy Update ( sudo jamf policy)

dtekum
New Contributor III

instead of waiting for jamf policy to run at the jamf execution frequency Is there a way to force a policy to run instantly?

11 REPLIES 11

Mhomar
Contributor

@dtekum If you have physical, screen share or ssh capability to the computer this may help you.
Have look at this page:

https://www.jamf.com/jamf-nation/articles/52/manually-initiating-a-policy

I personally use sudo jamf policy none -verbose often

dtekum
New Contributor III

@Mhomar the problem screen share or ssh is that the computers must be in the same physical call network but our users work from home around the country.

kahuna
New Contributor II

This would seem to mne a extremely basic and needed feature, how did this get ignored for so many years?

cgiordano
Contributor

Would this need to be triggered while working with your user? If so, you could always publish a policy that runs the policy while you're on the phone with them. I would even recommend that you scope the policy to a static group. They call, you add them to the group, you have them launch Self Service (log in, if necessary) and have them run the policy.

That'd be the easiest way I think you'd be able to accomplish this if you're not able to get them on VPN or remote into their machine(s).

Good luck!

RJH
Contributor

@dtekum If I understand the situation and requirements correctly, you would like the ability to force running of policy. I dont believe this can be initiated from the JAMF Pro/JSS interface, however.... I included a Self Service item that a user can run to "check in to JAMF" which then just runs a script to, 1. Runs a jamf recon - which picks up any changes and hence smart group memberships, 2, Runs a jamf policy - forces policy to run. 3. Runs a jamf manage - forces install of the framework - applies any restricted applications. You coud also use JAMF RMT/Jamf REMOTE to target an individual device, or the whole mac fleet (or selective smart group of devices, and run a checkin, which would then force policies to apply remotely.

harsha
New Contributor III

Hi RJH,

I have doubt that if the users don't update the latest software update or latest security update through jamf pro, then how can I forcely update the latest version into their systems? Can I get the solution?

hi Harsha, 

Your requirements vary a little from the initial requirement, but can be achieved via a JAMF policies, depending on the specific update you are trying to enforce.  For security/OS patches - this can be achieved using the JAMF Policy with the payload "Software Updates" - which you can set to forcibly apply IF an update is pending, and a set timer. 
For software updates, if you are referring to Applications software updates, this would need to be managed by patch policies, that would trigger on check-in at the end of the policy check -

ie.  
"Checking for patches...
No patch policies were found."

hope this gives you an idea of way forward... 

harsha
New Contributor III

Hi RJH,

May I get the screen shots plz, so that I can add as it is.

check in your JSS with the softwareupdates payload.    Have you completed your JAMF Jumpstart and/or JAMF 200 course? if not I recommend you complete so you can be across these sorts of policies so you can manage your environment more effectively. 

RamosC
New Contributor II

Hello,

What is the script you use to run all three of those commands? Do you mind posting it here? Thank you!

garybidwell
Contributor III

As mentioned by cgiordano above, we just have a Self Service policy in our maintenance section called "Check for new policies" so the user can run a jamf policy command anytime themselves (normally when the service desk add their device to a deployment group, but the user needs it asap rather than waiting upto a hour for next checkin)
Alternatively there something that need immediate action on to the whole fleet then see if you can use a Config Profile instead of a Policy, as thats as fast as APNs works (i.e near instant)