Policy execution suggestions?

Not applicable

We're trying to prompt users to let them know that there are application updates required for their machines.

In summary:

PolicyA prompts users to execute PolicyB now or wait until tomorrow.
PolicyA runs once a day, until PolicyB has been executed.

I've written an AppleScript to display dialog to the users, and gives them the option to click OK to install updates now, which runs a "jamf policy –trigger" command to run the update policy. The users also have the option to cancel, and the script is terminated.

The once a day part is easy enough, obviously. But excluding them from the policy after they've run it is proving to be a bit trickier.

I can't create a smart group based on whether a machine has run a policy or not, can I? (e.g. Machine has appA OR appB OR appC AND Machine has not run PolicyX)

The other idea was a good 'ol dummy package, scoping a smart group to check if a user has NOT installed the package, which would be installed at the end of the update process. But the "Packages installed by Casper" list in the smart group options only seems to be listing packages that have already been installed on at least 1 machine. (Now, we're still running 7.31, but is this a bug? Shouldn't this just list every package available in Casper Admin?)

Am I overthinking this? Is there a quicker/better way to do this?

Thanks,
Bob

1 REPLY 1

stevewood
Honored Contributor II
Honored Contributor II

An Extension Attribute would work. Have the attribute looking for the
existence of a certain file in a certain location and then that would
trigger it.

In Policy B, but something like this in the "Run Command" box on the
Advanced tab:

touch /Library/Application Support/JAMF/policybdone.txt | jamf recon | jamf
recon

Of course, that could be any path you want. Then create an Extension
Attribute that basically is this:

#!/bin/sh

if [ -f /Library/Application Support/JAMF/policybdone.txt ]
then
echo "<result>1</result"
fi

Now, the reason for the double jamf recon at the end of the "Run Command" is
to make sure that recon picks up the extension attribute. I've had issues
in the past with it not doing so.

Next, scope a Smart Group to that Extension Attribute.

HTH

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475