Posted on 06-05-2020 07:27 AM
instead of waiting for jamf policy to run at the jamf execution frequency Is there a way to force a policy to run instantly?
Posted on 06-05-2020 07:54 AM
@dtekum If you have physical, screen share or ssh capability to the computer this may help you.
Have look at this page:
https://www.jamf.com/jamf-nation/articles/52/manually-initiating-a-policy
I personally use sudo jamf policy none -verbose often
Posted on 06-06-2020 08:53 AM
@Mhomar the problem screen share or ssh is that the computers must be in the same physical call network but our users work from home around the country.
Posted on 08-16-2020 08:48 PM
This would seem to mne a extremely basic and needed feature, how did this get ignored for so many years?
Posted on 08-17-2020 09:00 AM
Would this need to be triggered while working with your user? If so, you could always publish a policy that runs the policy while you're on the phone with them. I would even recommend that you scope the policy to a static group. They call, you add them to the group, you have them launch Self Service (log in, if necessary) and have them run the policy.
That'd be the easiest way I think you'd be able to accomplish this if you're not able to get them on VPN or remote into their machine(s).
Good luck!
Posted on 08-17-2020 04:00 PM
@dtekum If I understand the situation and requirements correctly, you would like the ability to force running of policy. I dont believe this can be initiated from the JAMF Pro/JSS interface, however.... I included a Self Service item that a user can run to "check in to JAMF" which then just runs a script to, 1. Runs a jamf recon - which picks up any changes and hence smart group memberships, 2, Runs a jamf policy - forces policy to run. 3. Runs a jamf manage - forces install of the framework - applies any restricted applications. You coud also use JAMF RMT/Jamf REMOTE to target an individual device, or the whole mac fleet (or selective smart group of devices, and run a checkin, which would then force policies to apply remotely.
Posted on 10-14-2021 06:09 AM
Hi RJH,
I have doubt that if the users don't update the latest software update or latest security update through jamf pro, then how can I forcely update the latest version into their systems? Can I get the solution?
Posted on 10-14-2021 03:00 PM
hi Harsha,
Your requirements vary a little from the initial requirement, but can be achieved via a JAMF policies, depending on the specific update you are trying to enforce. For security/OS patches - this can be achieved using the JAMF Policy with the payload "Software Updates" - which you can set to forcibly apply IF an update is pending, and a set timer.
For software updates, if you are referring to Applications software updates, this would need to be managed by patch policies, that would trigger on check-in at the end of the policy check -
ie.
"Checking for patches...
No patch policies were found."
hope this gives you an idea of way forward...
Posted on 10-14-2021 06:59 PM
Hi RJH,
May I get the screen shots plz, so that I can add as it is.
Posted on 10-14-2021 07:19 PM
check in your JSS with the softwareupdates payload. Have you completed your JAMF Jumpstart and/or JAMF 200 course? if not I recommend you complete so you can be across these sorts of policies so you can manage your environment more effectively.
Posted on 11-15-2021 06:21 PM
Hello,
What is the script you use to run all three of those commands? Do you mind posting it here? Thank you!
Posted on 07-25-2024 01:01 PM
the commands are literally just:
sudo jamf recon
sudo jamf policy
sudo jamf manage
Thats all you need. If you want to make a "script" out of it, just add #!/bin/bash at the top.
#!/bin/bash
sudo jamf recon
sudo jamf policy
sudo jamf manage
Posted on 08-18-2020 05:56 AM
As mentioned by cgiordano above, we just have a Self Service policy in our maintenance section called "Check for new policies" so the user can run a jamf policy command anytime themselves (normally when the service desk add their device to a deployment group, but the user needs it asap rather than waiting upto a hour for next checkin)
Alternatively there something that need immediate action on to the whole fleet then see if you can use a Config Profile instead of a Policy, as thats as fast as APNs works (i.e near instant)