Posted on 01-14-2019 08:28 AM
Hi guys, I hope you all are doing well today. I have a question about inventory updates. Im testing something out and I would like to have inventory updates occur at least once every hour. Have any of you ever done this?
Posted on 01-14-2019 08:37 AM
Jamf's internal policy function doesn't support that frequency but in theory you could just use a launch daemon on the device to run "jamf recon" every 60 minutes.
There's a launch daemon creation tool here that I found: https://github.com/PhantomPhixer/Phixits
Posted on 01-14-2019 08:44 AM
As @allanp81 says, a launch daemon is probably the easiest way around this as the Jamf Pro scheduling isn't that granular.
Out of interest, how many computers will be checking in that frequently? If it's low numbers then it's not too big an issue however during our Jumpstart we were advised against running inventory collection too frequently due to each run creating a new database page for each computer and this adding unnecessary load tot he database.
Posted on 01-14-2019 09:06 AM
An hourly inventory collection across your Mac fleet is going to hammer the database and cause unnecessary bloat. I don't really recommend that, but I'm curious about what you're testing and why this might be needed. There might be some other approach you can take that would work better.
Posted on 01-14-2019 09:07 AM
@kadams Assuming that you don't want to change your check-in interval, you'll need to create a launch daemon that runs "sudo jamf recon" every hour. Otherwise you can create a policy with a maintenance payload (inventory update). Set that policy to ongoing at recurring check-in. Then change your check-in time to an hour.
Posted on 01-14-2019 10:30 AM
@mm2270 , we have some software that needs to remain on our managed devices. I have a smart group set to install this software each time its removed. Without an inventory update, Jamf doesn't know the software is removed. Therefore, the software doesn't reinstalled.
Posted on 01-14-2019 10:48 AM
Rather than hammering the JAMF database, I would suggest create a script to run on an interval on your devices that checks to see if the software is still there. If not, have it run the JAMF policy to reinstall it (set the policy to "ongoing").
Posted on 01-14-2019 10:55 AM
@kadams Is this software really so important that it can't wait one day (a more normal inventory collection schedule) before being reinstalled? I mean, maybe it really is that important, but I'm having a hard time believing that it can't wait one day. In many cases, it might be less than 1 day since some of your other policies that run on the Macs may already be collecting inventory as part of the policy settings.
Also, as @tmccleary stated, you could use a script that calls a custom trigger for this which won't enlarge the database just to run a recurring policy on check-in.
Posted on 01-14-2019 11:07 AM
@mm2270 , it's our antivirus software. I feel like I would have to remove some of my smart groups. I have a couple that scoped to certain policies. They are meant to reinstall software that have been removed.
Posted on 01-14-2019 02:39 PM
@kadams Rather than inventory every hour perhaps a LaunchDaemon that watches the path to the directory your AV is installed in which will do a recon if the contents change/disappear? That would in theory trigger the re-install on the next check-in with your JSS if it has been removed.
Posted on 01-15-2019 07:26 AM
You could even have Jamf run a script on every check-in that checks for the app (Jamf itself runs on a LaunchDaemon, so it simplifies having to put something local on the computers). If it didn't find the app, then it could run the policy trigger to install your organization's antivirus. Something like this:
#!/bin/sh
if [[ -d ! /path/to/antiVirus.app ]]
then
jamf policy -event installAntiVirus
fi
exit 0
Posted on 01-15-2019 08:17 AM
@wesleya , yeah my manager doesn't want anything locally on the machine. I mentioned launch daemons and he was instantly against that. I will try and see if i can make something out of this script you've posted. I really need a linux bootcamp..
Posted on 01-15-2019 09:36 AM
@kadams It seems reasonable to ask if you're worried your users will be removing your AV software, what makes you think the Jamf install is going to survive?
Posted on 01-15-2019 01:39 PM
@kadams Yeah, this seems to be one of those situations meets the saying - "It's not an IT or technology issue, it's an HR issue."