Posted on 07-18-2018 07:25 AM
I'm looking for some advice on the best way to implement a weekly reboot policy on our Macs. Current policy in our organization requires machines to be restarted at least once every seven days and the smart groups I have set up show about 50% compliance with that. To ensure greater compliance, I was asked to install a Launch Daemon on all computers that would force a machine to reboot immediately at 2AM every Sunday. This of course provides zero warning to a user that may be working remotely at that hour. It also is punitive in that it forces a reboot on machines that already have been restarted in the last seven days.
What I would like to do is set a policy that would be scoped only to machines that are out of compliance and also allow a logged in user a a one-time five minute deferral before rebooting. If there is no request for deferral after five minutes, the machine would automatically reboot. I have tested the standard restart options provided in the JSS, but that still requires a user to click OK before the machine is restarted. In those instances, it's possible for a user to just leave the notification up for an indefinite period without restarting.
What are other admins here using as a reboot policy in your organizations? Any suggestions on what I can try? Thanks.
Posted on 07-18-2018 07:34 AM
Bump on this. Also interested in something that works like this.
Posted on 07-18-2018 07:50 AM
I run a daily policy that checks uptime. If the device reports that it has been up for more than seven days I warn the user with a dismissible CocoaDialog box that their machine has been up for more than seven days. I just run a compare against a hardcoded max days value. End users are given the option to dismiss or restart via a button. The restart button enacts shutdown -r +5 and a CocoaDialog progress bar giving users a five minute countdown.
The warning persists for seven days. When a machine reports fourteen days of uptime, set by another hardcoded variable, during the daily policy run the policy enacts shutdown -r +10 and the same progress bar, this time with no option to dismiss.
I do not bother with a smart group to target the policy, however I do use a smart group to detect machines that have been enrolled for less than two weeks. These machines gets a milder policy that doesn't immediately restart the machine.
Posted on 07-18-2018 02:50 PM
Here is a similar post I responded to with a script I use to force a reboot after 4 days while giving the user some deferral options.
https://www.jamf.com/jamf-nation/discussions/27844/jamf-helper-reboot-script-with-deferral
Posted on 08-14-2018 05:07 AM
Hi
Any suggestions on how do we prompt user for pre-warning saying "Mac will be restarted in XX minutes of time" prior to actual mac reboot happens?
Posted on 08-14-2018 08:51 AM
I use CocoaDialog currently, but given that its latest working version is quite old and the new version is getting close to missing its target release date you could also use Jamf Helper. There are a bunch of tools that may work, depending on your preference. Something along the lines of:
# Cocoa Dialog option
CD="/Applications/cocoadialog.app/Contents/MacOS/cocoadialog"
$CD ok-msgbox --title "Warning" --text "This Mac will be restarted in 5 minutes" --icon "caution" --timeout 300 --float ‑‑button1 "OK"
# JamfHelper option
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
option=" -windowType utility -title Warning -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertCautionIcon.icns" -windowPosition ur"
"$jamfHelper" $option -description "This Mac will be restarted in 5 minutes" -button1 OK -timeout 300
# Jamf displayMessage option
jamf displayMessage -message "This machine will restart in 5 minutes"
# AppleScript option
osascript -e 'display notification "This Mac will be restarted in 5 minutes" with title "Warning" sound name "default"'
Some of these could be combined with the actual trigger to start the restart countdown. The Applescript one tosses up a notification that has a default time out well short of five minutes, but just in case I included it.