how to run inventory update right after FileVault encryption process?

HFCA
New Contributor

I have an ongoing policy set to run FileVault encryption on not encrypted devices. 

But the status won't reflect the change until an inventory update.

Wondering is there a way to trigger the inventory update right after the full encryption is completed. (after reboot)

3 REPLIES 3

sujal1208
New Contributor III

create a script or use the files and processes area in the policy and add.

 

sudo Jamf recon

 

I recommend using a script option that way you can use it for other policies later on if needed. 

andrew_nicholas
Valued Contributor

If you're looking for something to run almost immediately after encryption finishes, you're probably going to need to use a custom LaunchDaemon and script written locally to the device. You could create both items and load the launch daemon as part of the policy, with the daemon running the script every 5 minutes or so. The script itself could just be set to check for FileVault status, exiting if not completed, or running recon and self destructing both deamon and script when completed. If you're already running a daily inventory it might be a bit overkill. Is there a particular action you're trying to use after the process compeltes?

howie_isaacks
Valued Contributor II

Is there a reason why you can't use the Maintenance section in the policy to turn on the payload to update inventory? I do this with all of my app install policies, and I have done it with my FileVault policy. When the inventory updates, it will show that FileVault is active even if the encryption status is not yet encrypted.