Posted on 10-30-2024 02:29 AM
I've been using a policy executing a straight up restart option bound to a SCG that gathers every Macbook that hasn't been turned off for more then 10 days but I find the policy to be too invasive since it doesn't allow deferral as far as I know.
I've been searching if there is a way to just send a notification if somebody enters a SCG on their Macbook but I can't find anything of the sort and I'm not very good at scripting either.
Do you have any tips about it?
Thank you
Solved! Go to Solution.
Posted on 10-30-2024 03:58 AM
Then you can use the Jamf Helper. It will prompt a message on screen. Use this script on a policy then scope the SCG. Ensure you test to get the desired outcome.
#!/bin/bash
# Path to Jamf Helper
JAMF_HELPER="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
# Message and options
HEADING="System Restart Required"
MESSAGE="To complete essential updates, please restart your device. You can choose to restart now or delay until later."
# Display the Jamf Helper window with two buttons
USER_CHOICE=$("$JAMF_HELPER" -windowType utility -title "$HEADING" -heading "$HEADING" -description "$MESSAGE" \
-icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertNoteIcon.icns" \
-button1 "Restart Now" -button2 "Later" -defaultButton 1)
# Check the user's choice
if [ "$USER_CHOICE" == "0" ]; then
# Restart the device immediately
sudo shutdown -r now
else
# Postpone the restart and notify again in 1 hour (optional customization)
echo "User chose to restart later."
fi
10-30-2024 04:47 AM - edited 10-30-2024 04:55 AM
@DonCascone Depends on how you want to notify your end users.
swiftDialog:
I would use a policy, scope it to the SCG and build out a swiftDialog (https://github.com/swiftDialog/swiftDialog) script to inform users. This provides a lot of custom options to display the notification in a professional way. I believe you can also do a "macOS Notification" style alert as well.
If you don't want to deal with installing swiftDialog you can just use Jamf's built-in binaries to throw up a popup window and do the same thing as above minus the fancy window customizations.
Jamf Helper Window:
#!/bin/bash
# jamfHelper window
userChoice=$("/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" -windowType "hud" -title "Reboot Notification" -heading "Please Reboot" -description "We noticied you haven't rebooted in awhile. Please reboot to ensure your Mac is in proper working order." -icon "/System/Library/CoreServices/Diagnostics Reporter.app/Contents/Resources/AppIcon.icns" --iconSize 100 -button1 "REBOOT" -button2 "CLOSE" -defaultButton 0 -lockHUD -timeout 60 -countdown -countdownPrompt "" -alignCountdown center)
if [ "$userChoice" == "0" ]; then
echo "User Clicked: Reboot or timer expired"
shutdown -r now
else
echo "User Clicked: Close"
fi
AppleScript Notification:
#!/bin/bash
/usr/bin/osascript <<APPLESCRIPT
display notification "You haven't rebooted in awhile. Please do this at your earliest convenience." with title "Reboot Reminder"
APPLESCRIPT
As always run these scripts on a test machine before putting them into PROD.
Posted on 10-30-2024 05:34 AM
You might want to look at https://github.com/SecondSonConsulting/Renew which is a very configurable and polished tool for reminding users to restart their Macs. The Wiki link on that page covers installation and configuration. It does require SwiftDialog for user notifications so if that's an issue for your org the examples previously posted using Jamf Helper would work.
Posted on 10-30-2024 05:57 AM
We use the support app for this: https://github.com/root3nl/SupportApp
Posted on 10-30-2024 02:41 AM
You can use extension attribute. Which will allow to identify the date when the device has been last restarted. Then use the extension attribute in a smart group.
#!/bin/bash
# get last reboot date and time
lastReboot=$( who -b )
# extract month, day and time
month=$( /usr/bin/awk '{ print $3 }' <<< "$lastReboot" )
day=$( /usr/bin/awk '{ print $4 }' <<< "$lastReboot" )
time=$( /usr/bin/awk '{ print $5 }' <<< "$lastReboot" )
# convert date and time to ISO date format
lastRebootISO=$( /bin/date -j -f "%b %e %l:%M" "$month $day $time" '+%Y-%m-%d %I:%M:00' )
echo "<result>$lastRebootISO</result>"
exit 0
Hope that helps.
Posted on 10-30-2024 02:49 AM
Thank you,
I already created the EA concerning the Last Reboot date and paired it to a SCG that contains every Macbook that is on for more then x days but I'm struggling to followup on this with the notification part of the issue.
Posted on 10-30-2024 03:58 AM
Then you can use the Jamf Helper. It will prompt a message on screen. Use this script on a policy then scope the SCG. Ensure you test to get the desired outcome.
#!/bin/bash
# Path to Jamf Helper
JAMF_HELPER="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
# Message and options
HEADING="System Restart Required"
MESSAGE="To complete essential updates, please restart your device. You can choose to restart now or delay until later."
# Display the Jamf Helper window with two buttons
USER_CHOICE=$("$JAMF_HELPER" -windowType utility -title "$HEADING" -heading "$HEADING" -description "$MESSAGE" \
-icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertNoteIcon.icns" \
-button1 "Restart Now" -button2 "Later" -defaultButton 1)
# Check the user's choice
if [ "$USER_CHOICE" == "0" ]; then
# Restart the device immediately
sudo shutdown -r now
else
# Postpone the restart and notify again in 1 hour (optional customization)
echo "User chose to restart later."
fi
a month ago
Hello,
I'm coming back to you since the script is working but even if our user restart the device the prompt continues to appear.
The script is the one below, do you have any tips for this issue? Maybe an inventory sync at the end of the script would solve the issue?
#!/bin/bash
# Path to Jamf Helper
JAMF_HELPER="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
# Message and options
HEADING="System Restart Required"
MESSAGE="Please restart your device, it's been turned on for too long. You can choose to restart now or delay until later."
# Display the Jamf Helper window with two buttons
USER_CHOICE=$("$JAMF_HELPER" -windowType utility -title "$HEADING" -heading "$HEADING" -description "$MESSAGE" \
-icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertNoteIcon.icns" \
-button1 "Restart Now" -button2 "Later" -defaultButton 1)
# Check the user's choice
if [ "$USER_CHOICE" == "0" ]; then
# Restart the device immediately
sudo shutdown -r now
else
# Postpone the restart and notify again in 1 day (optional customization)
echo "User chose to restart later."
# Sleep for 3 hours (or adjust this delay as needed)
sleep 10800
# Re-run the script to prompt again
"$0" # Calls the script again
fi
a month ago
@DonCascone The problem with this script is that the "shutdown -r now" (the sudo in not needed when running a script from a Jamf Pro policy) shuts down the Mac immediately and which kills the jamf agent so the policy will never report that it completed running. You could change the command to "shutdown -r +10s" which will restart after a 10 second delay which may be enough for the policy to log completion (a full recon isn't necessary). Where a full recon may be necessary is updating the Smart Group used to target Macs to run that policy, and to update that you would want an inventory policy triggered at login.
4 weeks ago - last edited 4 weeks ago
Adding a "&" to the end of the reboot command may allow the policy to fully complete in Jamf before the reboot happens.
# Reboot with a 1 minute delay timer
shutdown -r +1 &
exit 0
4 weeks ago
When specifying a delay the shutdown command should return immediately without requiring a trailing &
Posted on 10-30-2024 04:30 AM
We couldnt find a way to do this either so we set out reboot policy to not run in business hours instead.
Posted on 10-30-2024 04:32 AM
Nice!
Seems like it's working I'll test a bit and I'll let you know.
Do you think it's possible to add something like a maximum number of times you could defer the policy? Something like 20 times before the message changes and you only have 1 button to restart the device.
Thank you again :)
Posted on 10-30-2024 05:43 AM
you can try this with 5 deferrals and notification every1 hour
#!/bin/bash
# Path to Jamf Helper
JAMF_HELPER="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
# File to keep track of deferrals
DEFERRAL_FILE="/var/tmp/restart_deferral_count.txt"
# Message and options
HEADING="System Restart Required"
MESSAGE="To complete essential updates, please restart your device. You can choose to restart now or delay until later. After five delays, a restart will be required."
# Initialize deferral count if the file doesn't exist
if [ ! -f "$DEFERRAL_FILE" ]; then
echo 0 > "$DEFERRAL_FILE"
fi
# Read the current deferral count
DEFERRAL_COUNT=$(cat "$DEFERRAL_FILE")
# Check if deferrals have reached the limit
if [ "$DEFERRAL_COUNT" -ge 5 ]; then
# Restart the device immediately after the fifth deferral
"$JAMF_HELPER" -windowType utility -title "$HEADING" -heading "$HEADING" -description "Restarting now to complete essential updates." \
-icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertNoteIcon.icns" -button1 "OK" -defaultButton 1
sudo shutdown -r now
exit 0
fi
# Display the Jamf Helper window with two buttons
USER_CHOICE=$("$JAMF_HELPER" -windowType utility -title "$HEADING" -heading "$HEADING" -description "$MESSAGE" \
-icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertNoteIcon.icns" \
-button1 "Restart Now" -button2 "Later" -defaultButton 1)
# Check the user's choice
if [ "$USER_CHOICE" == "0" ]; then
# Restart the device immediately
sudo shutdown -r now
else
# Increment the deferral count and update the file
DEFERRAL_COUNT=$((DEFERRAL_COUNT + 1))
echo "$DEFERRAL_COUNT" > "$DEFERRAL_FILE"
# Notify user of remaining deferrals
REMAINING_DEFERRALS=$((5 - DEFERRAL_COUNT))
echo "User chose to defer restart. $REMAINING_DEFERRALS deferrals remaining."
# Sleep for 1 hour (or adjust this delay as needed)
sleep 3600
# Re-run the script to prompt again
"$0" # Calls the script again
fi
10-30-2024 04:47 AM - edited 10-30-2024 04:55 AM
@DonCascone Depends on how you want to notify your end users.
swiftDialog:
I would use a policy, scope it to the SCG and build out a swiftDialog (https://github.com/swiftDialog/swiftDialog) script to inform users. This provides a lot of custom options to display the notification in a professional way. I believe you can also do a "macOS Notification" style alert as well.
If you don't want to deal with installing swiftDialog you can just use Jamf's built-in binaries to throw up a popup window and do the same thing as above minus the fancy window customizations.
Jamf Helper Window:
#!/bin/bash
# jamfHelper window
userChoice=$("/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper" -windowType "hud" -title "Reboot Notification" -heading "Please Reboot" -description "We noticied you haven't rebooted in awhile. Please reboot to ensure your Mac is in proper working order." -icon "/System/Library/CoreServices/Diagnostics Reporter.app/Contents/Resources/AppIcon.icns" --iconSize 100 -button1 "REBOOT" -button2 "CLOSE" -defaultButton 0 -lockHUD -timeout 60 -countdown -countdownPrompt "" -alignCountdown center)
if [ "$userChoice" == "0" ]; then
echo "User Clicked: Reboot or timer expired"
shutdown -r now
else
echo "User Clicked: Close"
fi
AppleScript Notification:
#!/bin/bash
/usr/bin/osascript <<APPLESCRIPT
display notification "You haven't rebooted in awhile. Please do this at your earliest convenience." with title "Reboot Reminder"
APPLESCRIPT
As always run these scripts on a test machine before putting them into PROD.
Posted on 10-30-2024 05:34 AM
You might want to look at https://github.com/SecondSonConsulting/Renew which is a very configurable and polished tool for reminding users to restart their Macs. The Wiki link on that page covers installation and configuration. It does require SwiftDialog for user notifications so if that's an issue for your org the examples previously posted using Jamf Helper would work.
Posted on 10-30-2024 05:57 AM
We use the support app for this: https://github.com/root3nl/SupportApp
Posted on 10-31-2024 04:58 AM
Renew on GitHub is great for this. It's MDM agnostic. It's also a good script to review and learn some things.
a month ago
I use this script and scope it using an extension attributes to machines that haven't restarted in 10 days or more
#!/bin/bash
days_on=$(uptime | awk '{print $3}')
message="We have determined that your device has not been restarted in $days_on days. Regularly restarting your computer is critical to ensure it runs optimally and remains secure. Please restart this system as soon as possible."
image_path="/private/var/company/companylogo.png"
# Display dialog using Jamf Helper with a timeout of 60 seconds
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
# Show the dialog with the formatted message, image, and timeout
"$jamfHelper" -windowType utility -title "JAX System Restart Reminder" -description "$message" -button1 "OK" -defaultButton 1 -icon "$image_path" -timeout 30
exit 0
Extension Attribute
#!/bin/sh
dayCount=$( uptime | awk -F "(up | days)" '{ print $2 }' )
if ! [ "$dayCount" -eq "$dayCount" ] 2> /dev/null ; then
dayCount="0"
fi
echo "<result>$dayCount</result>"
exit 0