Jamf Nation Community

jdeas · ‎05-26-2023

Is there a way in a single policy to allow install on reboot or enrollment at all times but restrict install on recurring check in to a maintenance window?

jamf-42 · ‎05-26-2023

phew! thats a mind twister. 🤣.. yes, with 3 policies.

1) master policy - does what-ever you want it to do. with custom event 'FOO'. scope to run to devices you want with ongoing.

2) reboot / enrolment policy - trigger startup and enrolment complete - files and processes - jamf policy event FOO

3) recurring - recurring trigger - sever side / client side limitation - files and processes - jamf policy event FOO

jdeas · ‎05-26-2023

Why couldn't the master policy do reboot/enrollment and custom (with custom being the link to time restrained check in )

jamf-42 · ‎05-26-2023

then you won't get recurring.. you'll call the master from the time restricted.. and that only triggers on reboot / enrollment.. not recurring

jdeas · ‎05-26-2023

That is a mind twist, it looks like policy triggers appear to work in parallel, it isn't possible to have reboot<or>enroll<or>custom all in the same policy coupled with 'Run Once per system' for mandated software installs at the most opportune time? Recurring in this case is more a 'on first check in, if not already installed' after that is should do nothing as the master policy is run 'once per computer'.

jamf-42 · ‎05-26-2023

you can break them up more. so one for enrol, one for reboot and use them to call the master that is ongoing.

the run order is alphabetically on the policy name (dont ask) soo AAA will run before ZZZ

couple that with a recon and smart groups.. if needed..

jdeas · ‎06-12-2023

To see if I understand this. I want an installer that triggers on enroll,reboot and login. However for those who do not log out I also want to install on check-in during off hours. Is this the most efficient way of doing this?

Jamf Nation Community

Polcy rule 'time do not run' for a run once software installer