Policy running more than once per day

gdec0
New Contributor II

I have policy to reboot our Mac lab during the overnight hours. The policy is set to run at Checkin, once per day. There is a client side limitation so that it only is supposed to be run between 2AM and 4AM. My hope was that the Macs would each reboot only once in this two hour window. Instead, the machines are rebooting every time the Macs check in - about every 15 min within the two hour window. Would there be an explanation for that? Does it have something to do with the machines being rebooted? We are on 10.16 and Macs are running Mojave.

6 REPLIES 6

mm2270
Legendary Contributor III
Does it have something to do with the machines being rebooted?

Most likely yes. Are you seeing log entries in the policy log that indicate any machines actually completed the policy? If not, then what's likely happening is the reboot is interrupting the policy, so the Jamf server never knows the policy ran, and after the machine comes back online, it again tries to run the policy since it's still technically "pending". Rinse, repeat.

May I ask - what method are you using to do the reboot? Is it a script, or are you using the built in Jamf functionality?

gdec0
New Contributor II

You are correct, I do not see the entry in the Policy log, only entries in the Computer Usage log that the Mac has restarted. I am using a script with a Files & Processes payload with the command: sudo shutdown -r +5. I assume there is a better way? Thank you very much for your quick response to my question.

tnielsen
Valued Contributor

Are you sure you only have one policy that is doing this?

mm2270
Legendary Contributor III

Ok, so, first thing is, if you want to use a Files and Processes command, you can drop the sudo since it's running as root anyway as part of a Jamf policy.
Second, you can try doing:

/sbin/shutdown -r +5 &

By adding the & to the end, it tells the command to begin the 5 minute restart countdown and exit immediately. This should allow the policy to also exit and upload a policy log to Jamf Pro, which means even after it reboots it will know the policy executed "once" during the timeframe on that Mac, and shouldn't run again. The problem you had before was that the policy was essentially waiting the entire 5 minutes until the shutdown command completed its thing before it would exit. But at that point it was too late as the Mac then restarted, interrupting the policy from completing.

You'll have to test this out and see. I can't make any 100% guarantees on anything, because in terms of restarting in policies, it's been a tricky thing to do properly for a while. But I think the above should help.

Outside of this, you could try using the built in Reboot Options payload, or the jamf binary itself, as it has a reboot command built in that can do the same thing.

gdec0
New Contributor II

@mm2270 Thanks for the tip. I will give it a try. I was also looking at the Energy saver payload and thought maybe setting a time to shutdown, then a time to reboot. The only thing is it is not clear what the behavior will be if someone is logged in or not.

@tnielsen I checked and don't have any other policies scoped that would reboot - but thank you for replying!

gdec0
New Contributor II

@mm2270 Sadly, adding the ampersand did not solve the problem. In one lab, we are testing the Energy Saver settings in the lab config profile of shutdown and restart. Works fine, but I am not sure if the users get a warning and time aloted to save work. With that said, the labs are not supposed to be used at the time so it "shouldn't" matter, but you never know sometimes. My preference would be a restart with a 5 min delay as I had in the policy but apparently it would take another approach.

Update: Testing the Energy Saver settings and yes, there is a 10 min countdown before the computer shutsdown. This is very cool and makes me feel much better about having that safety net. In our situation, I think this will work for us I will schedule the Macs to shutdown then restart about 30 min later.