Inventory Check in after MacOS update

New Contributor


I need some guidance, We have a policy via self-service that allows users to install MacOS upgrade. I want it to do an inventory check in once this has finished. 

I have tried to do a check in on start up but this hasn't worked


any suggestions would be welcome


Valued Contributor

Hi @ollyfurr , just clarifying that you are running an inventory update (sudo jamf recon) and not checking-in (sudo jamf policy). A policy with a "Maintenance" > "Update Inventory" payload should work for this. Execution Frequency should be at "Startup" as you mentioned. Scope it to All Computers since this is just an inventory update. 

Contributor III

Startup doesn't work so well if the system is wireless.

Valued Contributor

We handle this with a custom script and outset. Basically, we have a script run with outset using the "boot-every" trigger that checks a plist file that was created when we installed the script. The plist just has the OS build in there and every boot it just checks if that has changed from the current build. If it changed, it runs a set trigger and then updates the plist file. If not, it just exits.

Works pretty darn well and it was super simple to implement. 

Contributor III

I found this script a while back and it works well when run as a Jamf policy at every startup...

# Get the OS on the Mac
OS_Version=$( sw_vers -productVersion )

# Check if the OS matches our logged one, do a recon if it doesn't.
if [ -f /Library/MacSD/os_version ]; then
    Recorded_Version=$( cat /Library/MacSD/os_version )
    if ! [ ${Recorded_Version} == ${OS_Version} ]; then
        /usr/local/bin/jamf recon
        echo ${OS_Version} > /Library/MacSD/os_version
        echo "This Mac has rebooted but no OS change found. No recon necessary."
    echo ${OS_Version} > /Library/MacSD/os_version

Esteemed Contributor II

The script @MrRoboto posted would be good to use as the script run by a LaunchDaemon every time a Mac restarts, but use

OS_Version=$( sw_vers -buildVersion )

instead because -productVersion isn't sufficient to see if the user has installed a Security Update for Mojave or Catalina where only the buildVersion changes.

Valued Contributor II

Another key that could help is enabled recon on network change.  I've found that's been a reliable trigger for our group as well.