Force Restart?

Sclewis
New Contributor III

Is there a way to force a computer to restart? I'm able to get OS updates to work where they download and then the restart prompt time starts. But if you click on the timer it stops the forced restart, and apparently delays it indefinitely, until the user restarts their computer, or I just resent the command over and over. I was hoping it was just for M1 computers, but it seems to be true for all. Is there a way to force a computer to restart from the Jamf platform?

7 REPLIES 7

sdagley
Esteemed Contributor II

@Sclewis If you don't care about prompting the user, or offering them a chance to save open files, the following command via a Files & Processes payload will force an immediate restart:

 

/sbin/shutdown -r now

 

Note that because the Mac will restart before returning to the Jamf binary you won't see a Policy running this command report as completed, so to prevent it running more than once you'll need to do something like set up an Extension Attribute that reports when the Mac last restarted, have the Mac report an inventory on login, and use a Smart Group based on that EA reporting the last restart being less than a day ago to exclude the Mac from your policy otherwise it will be triggered repeatedly.

AJPinto
Esteemed Contributor

If you are installing the updates with the SoftwareUpdate MDM Command that sounds like it could be a bug in Apples MDM Framework. No external reboot source will trigger the updates to install. If all you are wanting to accomplish is a reboot, then sudo shutdown -r now will accomplish that fine but it wont tell updates to install.

Sclewis
New Contributor III

Yes it's during the "Download and Install Software Updates" in the MDM profile. It also does the same thing with mass action command within a group. It restarts if the timer is allowed to count down, but if the user clicks on the timer, it stops the restart and the updates are installed on the next restart. I was just hoping to find away to force remote updates since that was the whole reason we started using Jamf Pro.

AJPinto
Esteemed Contributor

If you are using MaxUserDeferrals then I could see the user interacting as kicking the deferral to the next day. With macOS updates and how flaky the work flow is we are really just politely asking users to comply with OS updates. I have a set of software restrictions configured to lock down devices running out of compliance versions of macOS and give users popups that they need to run OS updates. I dont have time to track down every single device and grab logs from it locally to see what its doing stupid and why its not updating.

 

Use the InstallForceRestart command. The MaxUserDeferrals command will also change to the InstallForceRestart command when the deferrals are used up. JAMF also uses installASAP out of the box, but this command is functionally useless. 

 

Using the inventory record to issue updates uses the installASAP command so don't expect much from it. JAMF Displays the InstallForceRestart command as "Download and install the update, and restart computer for installation" as a mass action. This still can fail far more frequently than it should because of how Apple has things implemented.

 

AJPinto_0-1672759486862.png

JAMF Should do better with how updates are logged, both in results and command issuing. However, for how poorly the MDM workflow for OS updates functions, that is totally on Apple.

 

macOS Upgrades and Updates Using a Mass Action Command - Deploying macOS Upgrades and Updates with J...

ScheduleOSUpdateCommand.Command.UpdatesItem | Apple Developer Documentation

kbreed27
Contributor

Did you ever have luck forcing a restart via policy and then running the MDM commands to update the OS? I having basically the same problem as you. 

Sclewis
New Contributor III

No I didn't. My solution is looking at other MDMs.

You can force restarts with S.U.P.E.R.M.A.N. It is a MacOS Update tool, but you can also use it to force a reboot on a daily schedule. 

https://youtu.be/MjfMOhxQ5AM?t=1220