Jamf Nation Community

_aDiedericks · ‎12-07-2023

Hi there,

I'm working on a policy that should be able to deploy a launchdaemon plist to all machines. The below script I found
here https://communithttps://community.jamf.com/t5/jamf-pro/remote-management-active-extension-attempt/m-...

#!/bin/bash

cat << 'EOF' > /Library/Scripts/jamf-Restart.sh
#!/bin/bash
sudo killall jamf
sleep 10
sudo jamf policy
EOF

chmod 644 /Library/Scripts/jamf-Restart.sh
chown root:wheel /Library/Scripts/jamf-Restart.sh

cat << EOF > /Library/LaunchDaemons/jamf-Restart.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>jamf.restart</string>
	<key>ProgramArguments</key>
	<array>
		<string>sh</string>
		<string>/Library/Scripts/jamf-Restart.sh</string>
	</array>
	<key>RunAtLoad</key>
	<false/>
	<key>StartInterval</key>
	<integer>86400</integer>
</dict>
</plist>
EOF

chmod 644 /Library/LaunchDaemons/jamf-Restart.plist
chown root:wheel /Library/LaunchDaemons/jamf-Restart.plist

launchctl load -w /Library/LaunchDaemons/jamf-Restart.plist

And I have an extension attribute setup that should check if the 'jamf-Restart.plist' is loaded correctly.

#!/bin/sh

agentloaded=$(sudo launchctl list | grep "jamf.restart")


if [ -n "${agentloaded}" ]; then
    echo "<result>Loaded</result>"
else
    echo "<result>Not Loaded</result>"
fi

Couple of issues though. When I use "launchctl start jamf.restart" the "jamf-Restart.sh" script doesn't actually run. The other issue I'm having is that the extension attribute reports back 'Loaded' on some devices that don't have the 'jamf.restart' plist loaded up in launchdaemon.

_aDiedericks · ‎12-07-2023

I've made some changes to the above. Seems it's working. I'll test a bit more and report back. In case anyone else is interested:

#!/bin/sh

cat << 'EOF' > /private/var/tmp/JamfRestart.sh
#!/bin/sh
sudo killall jamf
sleep 10
sudo jamf policy
EOF

chmod 644 /private/var/tmp/JamfRestart.sh
chown root:wheel /private/var/tmp/JamfRestart.sh

cat << EOF > /Library/LaunchDaemons/JamfRestart.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>EnvironmentVariables</key>
	<dict>
		<key>PATH</key>
		<string>/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Library/Apple/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/usr/local/sbin:/opt/local/bin</string>
	</dict>
	<key>Label</key>
	<string>JamfRestart</string>
	<key>ProgramArguments</key>
	<array>
		<string>/bin/sh</string>
		<string>/private/var/tmp/JamfRestart.sh</string>
	</array>
	<key>RunAtLoad</key>
	<false/>
	<key>StartInterval</key>
	<integer>86400</integer>
</dict>
</plist>
EOF

chmod 644 /Library/LaunchDaemons/JamfRestart.plist
chown root:wheel /Library/LaunchDaemons/JamfRestart.plist
launchctl load -w /Library/LaunchDaemons/JamfRestart.plist

View solution in original post

_aDiedericks · ‎12-07-2023

I've made some changes to the above. Seems it's working. I'll test a bit more and report back. In case anyone else is interested:

#!/bin/sh

cat << 'EOF' > /private/var/tmp/JamfRestart.sh
#!/bin/sh
sudo killall jamf
sleep 10
sudo jamf policy
EOF

chmod 644 /private/var/tmp/JamfRestart.sh
chown root:wheel /private/var/tmp/JamfRestart.sh

cat << EOF > /Library/LaunchDaemons/JamfRestart.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>EnvironmentVariables</key>
	<dict>
		<key>PATH</key>
		<string>/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Library/Apple/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/usr/local/sbin:/opt/local/bin</string>
	</dict>
	<key>Label</key>
	<string>JamfRestart</string>
	<key>ProgramArguments</key>
	<array>
		<string>/bin/sh</string>
		<string>/private/var/tmp/JamfRestart.sh</string>
	</array>
	<key>RunAtLoad</key>
	<false/>
	<key>StartInterval</key>
	<integer>86400</integer>
</dict>
</plist>
EOF

chmod 644 /Library/LaunchDaemons/JamfRestart.plist
chown root:wheel /Library/LaunchDaemons/JamfRestart.plist
launchctl load -w /Library/LaunchDaemons/JamfRestart.plist

BoscoATX · ‎12-07-2023

Good work. I've been trying something similar that I found on Jamf Nation but it would never work. I'm going to give yours a try and let you know.

_aDiedericks · ‎12-07-2023

I've just done a few tests now. Seems so far so good. Hopefully someone is able to assist with the extension attribute. Just need it to look for the 'JamfRestart' label with 'launchctl list | grep JamfRestart' or something similar. Then we can deploy based on whether or not devices have the .plist loaded.

Jacek_ADC · ‎12-07-2023

cool, working actually on one machine which have some trouble connecting back to our cloud.

Re-Deploy Jamf Framework via api has worked fine, but not really solved the issue on this machine. Will test your script the next days.

Thanks for it in advance :)

Jamf Nation Community

Jamf Binaries Restart