Making Policies Available Offline

jconte
Contributor II

I am trying to make a policy available offline so users can update an application without being connected to the corporate network. I have the application cached and the policy set to ongoing with the make available offline option checked.

When the machine is off the network it cannot connect to self-service and I cannot see the policy available, when on the network I see the policy that is supposed to be available offline.

I am not sure what I am missing, any advice is appreciated. JAMF 9.101

Thanks

5 REPLIES 5

nvandam
Contributor II

mm2270
Legendary Contributor III

Offline policies don't show up in Self Service and can't be put there for users to run, unfortunately. It's somewhat deceiving, but "Offline" means if the JSS can't be contacted, the local jamf binary looks to see if there are any pre-cached "offline" policies and runs those. So, it's all done in the background, invisible like. If you take your test system off the network and run something like sudo jamf policy in Terminal, you'll see in the output that it can't contact the Jamf Pro server and then looks for, and runs, any offline policies.

As an aside, it would be awesome if Self Service stored some kind of local cache to load in the app when truly offline, and show offline policies to run, instead of just saying it can't connect to the JSS. As @nvandam posted above, there is an old FR asking for this capability, but it's not available in the product.

jconte
Contributor II

thanks @mm2270 and @nvandam

I am ok without Self Service, but I am not even seeing it run via terminal. Do you know how the policy caches or how to check it ?
In terminal, it does say checking for cached policies, but nothing happens.

THanks

mm2270
Legendary Contributor III

Ah, well, there is a little trick to this. So, in order for the policy to get cached, it needs to run once at a minimum while able to connect to your Jamf Pro server. When it runs the first time, it captures all the pieces to the policy and stores them locally for later use.
Have you run the policy normally once successfully? If so, it should then be cached and able to run next time the Mac is offline and it tries to check in. If you haven't run it one time while able to reach your server, do that first, then try running again in Terminal while offline.

And incidentally, you can check for the policy bits on the device from Terminal:
sudo ls -al /Library/Application Support/JAMF/Offline Policies/
Doing the above should show a folder I believe with the cached policy in it. It will include whatever elements are in your policy, like pkgs, etc plus some plist/xml files that give it instructions on what to do when the offline policy runs.

jconte
Contributor II

Thanks Mike @mm2270, I'll get to the bottom of this although it might not be worth it at this time since the intention was to have it available without having run once. We are trying to target machines that haven't checked in and might be having issues with our remote access software. This would allow them to reinstall or install upgrades when they are travelling, etc...