How to prevent a disable policy from still deploying

SMR1
Contributor III

I was in the process of testing the erase-install.sh file. I was modifying the same policy and forgot to change the policy back to specific computer and users. I added my device to the specific user and our jamf policy is set for 5min. Not realizing that until I got pinged, I disabled it. It was as 21 devices on Friday afternoon, but keeps growing. We did send out a communication to the Mac users, to not enter password. Is there some way to prevent the policy from running?

2 REPLIES 2

sdagley
Esteemed Contributor II

@SMR1 Are you saying you've already disabled the policy in your Jamf Pro console but it's still deploying to targeted Macs? Or that users on the Macs that were targeted are just today noticing the erase-install prompt? If the latter you could send a Device Lock command to all of your Macs with the unlock code in the Lock message to force a restart and that would terminate the erase-install script running on the Macs

AJPinto
Honored Contributor II

If you are tinkering with a policy I recommend setting up a group for test devices. Do not open the scope up beyond those test devices until after you are done with the policy. 

 

  • Once a device has a policy "queued" you can reboot to kill the policy. Sometimes simply running sudo killall jamf will also work.
  • If its a MDM Command you can cancel all commands in the device inventory record or as a mass action.

 

Do not enable a policy until you are ready for it to be available. Also be very careful with destructive policies on any kind of recurring checkin, make sure your scopes are good before enabling. 

AJPinto_0-1674049557422.png