Jamf Nation Community

They sent me a command to run that collects all of the log files they need into a zip file. It's not a huge deal because they can just ignore the jamf messages or filter them out but I thought I'd ask in case there was a way to accomplish this.

You can temporarily disable the LaunchDaemon that controls the "every 15" check in cycle if you really need to do that. You just have to remember to re-enable it later, though it should start up again after a reboot.

sudo launcchtl unload /Library/LaunchDaemons/com.jamfsoftware.task.3.plist

Thank you! That sounds like what I need! :)

I found this thread while searching for information about temporarily disabling LaunchDaemons. I'm trying to set something up for exam user accounts where a script will run repeatedly, checking if a web browser is open and killing it. It's been suggested to me in this thread https://jamfnation.jamfsoftware.com/discussion.html?id=19458 that a LaunchDaemon would be a good way of doing that, but obviously I would not want this script to run for all accounts, just exam accounts. So I was hoping there was a way to temporarily disable a LaunchDaemon just for the current login session? Is that possible?

Thanks,
Dan Jackson (Lead ITServices Technician)
Long Road Sixth Form College
Cambridge, UK.

@DanJ_LRSFC

Here is an example LaunchD. The "edu.danU.filename" should match the filename with a .plist extension.

And /path/to/script/here.sh is a script which will do what you want (kill browsers).

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>edu.danU.filename</string>
        <key>ProgramArguments</key>
        <array>
                <string>sh</string>
                <string>/path/to/script/here.sh</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>StartInterval</key>
        <integer>1200</integer>
</dict>
</plist>

So your script will need to check the account name, if not "exam" then exit. Second, it'll need to look for the web browser process and if found kill them. The StartInterval is seconds between runs.
Good luck!

Is there any way you can just use the JSS' Restricted Software process for this and adjust the scope to only the machines that need it? Restricted Software does exactly what you're describing - check for a running process and [optionally] kill it as well as [optionally] sending up a notice to the user.
I know you mentioned exam accounts, but I'm not sure if you really meant user accounts on the systems, or if that could apply to a group of Macs in general. Restricted Software can't be scoped to Users or LDAP groups, but you can use Computers, Computer Groups, Buildings and Departments. Not sure if that helps.

@mm2270 Restricted Software cannot be scoped to an Active Directory user group, which is what I was referring to regarding exam accounts. So they're user accounts in Active Directory, and the restrictions must only apply when a user in this particular group is logged in. For any other user the Mac must function normally.