Kill jamf process temporarily?

New Contributor

Hello! I am collecting some logs for a vendor for troubleshooting purposes. There are a lot of jamf logs from the every-15 check-ins. Is there any way that I can temporarily kill the jamf process for my login session on a single machine so that I can replicate the vendor problem and send them logs that don't have so many jamf messages? I do NOT want to uninstall the jamf client permanently. Thank you!


Valued Contributor II

why not just
grep -vi jamf /var/log/system.log > LogToSendToVendor.log

New Contributor

They sent me a command to run that collects all of the log files they need into a zip file. It's not a huge deal because they can just ignore the jamf messages or filter them out but I thought I'd ask in case there was a way to accomplish this.

Legendary Contributor III

You can temporarily disable the LaunchDaemon that controls the "every 15" check in cycle if you really need to do that. You just have to remember to re-enable it later, though it should start up again after a reboot.

sudo launcchtl unload /Library/LaunchDaemons/com.jamfsoftware.task.3.plist

New Contributor

Thank you! That sounds like what I need! :)

Contributor III

I found this thread while searching for information about temporarily disabling LaunchDaemons. I'm trying to set something up for exam user accounts where a script will run repeatedly, checking if a web browser is open and killing it. It's been suggested to me in this thread that a LaunchDaemon would be a good way of doing that, but obviously I would not want this script to run for all accounts, just exam accounts. So I was hoping there was a way to temporarily disable a LaunchDaemon just for the current login session? Is that possible?

Dan Jackson (Lead ITServices Technician)
Long Road Sixth Form College
Cambridge, UK.

Valued Contributor II


Here is an example LaunchD. The "edu.danU.filename" should match the filename with a .plist extension.

And /path/to/script/ is a script which will do what you want (kill browsers).

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">

So your script will need to check the account name, if not "exam" then exit. Second, it'll need to look for the web browser process and if found kill them. The StartInterval is seconds between runs.
Good luck!

Legendary Contributor III

Is there any way you can just use the JSS' Restricted Software process for this and adjust the scope to only the machines that need it? Restricted Software does exactly what you're describing - check for a running process and [optionally] kill it as well as [optionally] sending up a notice to the user.
I know you mentioned exam accounts, but I'm not sure if you really meant user accounts on the systems, or if that could apply to a group of Macs in general. Restricted Software can't be scoped to Users or LDAP groups, but you can use Computers, Computer Groups, Buildings and Departments. Not sure if that helps.

Contributor III

@mm2270 Restricted Software cannot be scoped to an Active Directory user group, which is what I was referring to regarding exam accounts. So they're user accounts in Active Directory, and the restrictions must only apply when a user in this particular group is logged in. For any other user the Mac must function normally.