So I have tried the gamut to try to get PFCTL command to run on start up.
- since im not editing/turning off SIP for any machines (especially remote users), its not possible for my to edit com.apple.pfctl
- since PFCTL exists in /system/library/launchdeamon and it does NOT have the switch to enable, copying the file to /library/launchdaemon, creating a slightly different name, then appending the switch, does nothing.
- i have that process fleshed out, but its always a pid of 1
- its been chowned and chmod to hell and back ensuring root:wheel access along with everything up to 755 access.
- launchagent is out of the question since it needs SUDO
- trying the same thing but calling a script that ive put in the JAMF folder also yields the same results
- i keep reading that JAMFs login/logout hook integration with apple isnt working since Apple deprecated the login/logout hook - i assume that means that all scripts that target "at login" no longer actually do that. can someone confirm?
- i was thinking of being cheeky and editing the jamfmanagement login hook script itself - it contains about 4 commands, 1 of which is just to check the jssconnection - would that be a possibility?
- since its not an app i cant force the "app" to launch on start :(
or maybe someone here has a creative idea on this process.
if i cant use launchd/launcha and jamf/apple login hook, then im utterly lost as to what else i can try.