Policies: Make Available Offline?

Valued Contributor II

Can you guys and gals share your thoughts on when to set (and when NOT to set) polices to "Make Available Offline"? I havent explored this setting much, and Im curious as to how you leverage this setting.

Other than being availabe exclusively to Policies marked as "Ongoing", I dont know much about them. The JAMF Admin Guide is sparse on this topic.


Valued Contributor

@dstranathan An example that is not completely necessary since config profiles could handle this setting, but give you an idea, let's say you manually change the preference for user's screen saver to ask for their password after 15 minutes of the screensaver running. The policy and attached script periodically run at various triggers to make sure it stays enforced and that if the user changes it, the script will set it back to what you want.

For a policy like that, you would want that to periodically run even if the user were not on the network to talk to the JSS. So you would set it to run at the various triggers like login and startup, and have it be available offline even if the user is not on the internet like traveling for work, etc.

Honored Contributor III

For large/intrusive to install updates (like OS updates) I have a policy that caches the installer. Once it's cached, I have another policy that makes it available in Self Service. Since our JSS isn't available off campus, I use the Make Available Offline option so users can install the updates at home. Make Available Offline doesn't actually work that way.

New Contributor III

I know this i old but... @sdagley, can you tell me how you make your Self Service policies available outside of your network? Mine only loads with Self Service has encountered a problem. Unable to access Self Service. The request timed out. error when I'm not on our network. So, no policies are loading, not even offline policies.


Contributor III

@sdagley If you've a trick to enable any Self Service items working out of reach of their JSS, we'd all love to see it. I've got a couple policies that run facilitating scripts, and my idea to enable them offline is to have them present GUIs, in the event the user creates a folder with a certain name on the desktop or in /Users/Shared... They'll have to be set ongoing, but won't do anything beyond a filesystem check unless the folder is present, at which point the GUI activates. What I'm not sure about is getting the policy to run on every Mac once, then excluding from scope ALL my Network Segments, so that the script ought to only run if it is not on a company network.

Maybe as others have suggested it would just be easier to set up an internet facing limited JSS instance for these scenarios.

Honored Contributor III

@Sterritt I don't know what I was thinking there as Self Service definitely requires a connection to the JSS to initiate a policy, even a policy that's intended to run a previously cached installer. A public facing JSS is definitely preferable (if not Cloud based) so that you have management capability for machines not connected to your org's network.

Valued Contributor

It doesn't work with Self Service policies, but other triggers are fair game. For example, we have a policy which runs at login to make sure user accounts are a member of particular local groups (for use by another script later on). It's just adding to a local group, so it can happen even in the absence of any network connection. We make that policy available offline so that, even if the user is somewhere off the grid, the jamf binary has a copy of the script it needs to run and can do so at login time.