Jamf Nation Community

KAndrews5725 · ‎11-08-2021

I've been taking a look at about a dozen restart scripts that have been shared with the community over the last several years. Unfortunately it's looking like forcing a restart on a MacBook with an M1 processor is no longer a viable option? Is there a new way to do this through JAMF with a simply policy, or with a script compatible with the new macs?

What we find is students rarely restart their devices, and sometimes we need them to (to force quit certain apps for instance so policy changes can be made). We aren't talking about post software updates, just a way to scope a policy to prompt the user to restart their device, and offer some sort of short deferral, but ultimately enforce the restart with an automatic shutdown, if the last deferral expires.

I've tried the one from @m_donovan at https://community.jamf.com/t5/jamf-pro/jamf-helper-reboot-script-with-deferral/td-p/188511#responseC... but that does not seem to work anymore. If anyone has any thoughts, please let me know! I would greatly appreciate the help!

Thanks!

Keith

bwoods · ‎11-08-2021

1. Create a policy with user interaction and a recurring check-in trigger.

2. In the Files and Processes payload run "sudo shutdown -r now"

3. Use an extension attribute to track Uptime, to see if it actually rebooted.

or you could just create a luanch daemon that activates at a specific time and day of the week.

View solution in original post

bwoods · ‎11-08-2021

1. Create a policy with user interaction and a recurring check-in trigger.

2. In the Files and Processes payload run "sudo shutdown -r now"

3. Use an extension attribute to track Uptime, to see if it actually rebooted.

or you could just create a luanch daemon that activates at a specific time and day of the week.

KAndrews5725 · ‎11-09-2021

After further testing, I'm wondering if we may benefit from using "sudo shutdown -h +1 &" in order to provide enough time to submit the policy results to JAMF. I have noticed some devices do not appear to be submitting their info after the policy has run. Do you see any issues with using the above command?

Thanks!

Keith

bwoods · ‎11-09-2021

Correct, that will give your machine enough time to update inventory.

KAndrews5725 · ‎11-09-2021

Thank you! By the way, being new to terminal commands, exactly what is the difference between -h and -r? I understand -r is to indicate recursion for paths?

bwoods · ‎11-09-2021

@KAndrews5725 here's a pro tip: whenever you need to know what the flags of a specific command do...you can open terminal and type "man + the command you need to learn more about"

In this case you would run "man shutdown" to learn more about the shutdown command.

KAndrews5725 · ‎11-09-2021

Ok great! Thanks again!

bwoods · ‎11-09-2021

KAndrews5725 · ‎11-09-2021

I was looking at that, thanks! So +1 indicates one minute. So ideally I'd probably want "sudo shutdown -r +1 &"

bwoods · ‎11-09-2021

Correct. Good luck on the you scripting journey! It gets easier with time and practice.

KAndrews5725 · ‎11-09-2021

Thank you! Yes, I am learning a little more each time, which I have enjoyed.

bwoods · ‎11-09-2021

One more thing, if you want to see that your policy actually ran in the dashboard, you would need to have a launch daemon run the shutdown command on your behalf.

bwoods · ‎11-09-2021

#!/bin/bash

# Create restartcomputer.sh
	echo > /tmp/restartcomputer.sh '#!/bin/bash
# Sleep for 50 seconds
sleep 50

# Shutdown Immediately
sudo shutdown -r now'

# Create and load a LaunchDaemon to fork restart

	echo "<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
		<key>Label</key>
		<string>com.company.restart</string>
		<key>UserName</key>
		<string>root</string>
		<key>ProgramArguments</key>
		<array>
			<string>sh</string>
			<string>/tmp/restartcomputer.sh</string>
		</array>
		<key>RunAtLoad</key>
		<true/>
	</dict>
	</plist>" > /tmp/restart.plist
	
    sudo chown root:wheel /tmp/restart.plist
	sudo chmod 755 /tmp/restart.plist
    sudo launchctl unload /tmp/restart.plist
	sudo launchctl load /tmp/restart.plist

exit 0

KAndrews5725 · ‎11-10-2021

Thanks again for your help! So far I am liking the way the script works and I am seeing the log info in JAMF. One error, that doesn't appear to be affecting the functionality:

"Script result: /tmp/restart.plist: Could not find specified service
Unload failed: 113: Could not find specified service"

Anything I should try differently. Someone suggested removing the "SUDO" command from the beginning of the command lines at the bottom of the script. That doesn't appear to have changed the error code.

Thanks again!

Keith

bwoods · ‎11-10-2021

@KAndrews5725, I predominantly use that for testing in code runner. The issue you're seeing is the unload and load near the end of the script. You should be able to remove the unload to fix the issue.

KAndrews5725 · ‎11-10-2021

Ok I will give that a shot! Appreciate the help!

KAndrews5725 · ‎11-09-2021

Ok, good to know. Right now I am collecting inventory from an extension attribute called "Uptime" and that has allowed me to generate a smart group of devices that have not restarted in X number of days. From that group I can determine how many laptops have restarted, but ultimately it doesn't tell me if the policy ran, or not. I guess I just really want the laptops to be restarted one way or the other, and the smart group gives me a pretty good idea as to how many devices have, and how many are left to be done.

KAndrews5725 · ‎11-08-2021

Thanks for the reply! I was able to see what you were talking about in the policy options. This will hopefully work for what we need!

Thanks again!

Keith

jmdaul · ‎05-03-2022

I'm trying to accomplish something similar, I have a script and created an extension attribute for uptime, and a script in a policy, but I'm unclear as to how it's all tied together.

Jamf Nation Community

Prompt/defer for restart on 2020 M1 MacBook