Multiple policies don't run on same custom trigger anymore

L-plateAdmin
Contributor

Afternoon all hope everyone is enjoying Saturday except after seeing the lastest cve!! (At least it's not jamfs issue this time)

 

We are on 10.32 on a on premise system and after doing our first tests on Monterey and finding login hooks dead in the water...

So in the process of making a launch agent/launchdaemon Combo to run a script and fire off our login policies for uses loging in  (some ongoing, some once per user per machine etc etc)

 

Doesn't work anymore just runs the first policy then finishes.  Sure it used to be possible due to seeing two police's run together when cloning by mistake and found this post confirming..

 

https://derflounder.wordpress.com/2017/04/08/running-multiple-jamf-pro-policies-via-custom-trigger/#...

 

Was this mentioned on release notes that I missed when double upgrading or is this a new bug? Can can anyone replicate?

...

 

3 REPLIES 3

sdagley
Honored Contributor III

@L-plateAdmin Calling the Jamf binary via a LaunchAgent to run a policy isn't going to work because it won't be running as root, but it does from a  LaunchDaemon.

On the issue of multiple policies triggered via the same Custom Event, this is working fine for me on Monterey with a Jamf Cloud hosted JSS 10.33 instance. That's both with some production policies, and a quick test with a policy using  Custom Event duplicated several time, and doing a `sudo jamf policy -event CustomTrigger` does show all of the policies running in sequence. One thing to note, in my environment "Allow Network State Change Triggers" is disabled. In the past that tended to cause problems with Enrollment Complete triggers so it was common to disable it. I don't know if that's still the case, but I still leave it disabled. 

thanks for checking, yeah i'm using a LaunchAgent to touch in a file that the LaunchDaemon is looking for it via a watchpath to run the script.. think i have that bit sorted now which is nice.

sounds like its an issue with our system then, it only runs the first policy we set with jamf policy -event "ourtrigger" via a root terminal or a script.  then when we disable that one to see if it moves on to the second policy we have set with the same trigger it doesn't run anything at all.

we haven't had any problems with the network change trigger with our enrolment complete ones, i guess its pretty random..

karthikeyan_mac
Contributor III

It works in On-Prem Jamf Pro 10.34.1.

sudo jamf policy  -event <trigger>