Prompt/defer for restart on 2020 M1 MacBook

KAndrews5725
New Contributor III

I've been taking a look at about a dozen restart scripts that have been shared with the community over the last several years.  Unfortunately it's looking like forcing a restart on a MacBook with an M1 processor is no longer a viable option?  Is there a new way to do this through JAMF with a simply policy, or with a script compatible with the new macs?

What we find is students rarely restart their devices, and sometimes we need them to (to force quit certain apps for instance so policy changes can be made).  We aren't talking about post software updates, just a way to scope a policy to prompt the user to restart their device, and offer some sort of short deferral, but ultimately enforce the restart with an automatic shutdown, if the last deferral expires.

I've tried the one from @m_donovan at https://community.jamf.com/t5/jamf-pro/jamf-helper-reboot-script-with-deferral/td-p/188511#responseC... but that does not seem to work anymore.  If anyone has any thoughts, please let me know!  I would greatly appreciate the help!

Thanks!

Keith

1 ACCEPTED SOLUTION

bwoods
Valued Contributor

1. Create a policy with user interaction and a recurring check-in trigger.

2. In the Files and Processes payload run "sudo shutdown -r now"

3. Use an extension attribute to track Uptime, to see if it actually rebooted.

 

or you could just create a luanch daemon that activates at a specific time and day of the week.

View solution in original post

18 REPLIES 18

bwoods
Valued Contributor

1. Create a policy with user interaction and a recurring check-in trigger.

2. In the Files and Processes payload run "sudo shutdown -r now"

3. Use an extension attribute to track Uptime, to see if it actually rebooted.

 

or you could just create a luanch daemon that activates at a specific time and day of the week.

KAndrews5725
New Contributor III

After further testing, I'm wondering if we may benefit from using "sudo shutdown -h +1 &" in order to provide enough time to submit the policy results to JAMF.  I have noticed some devices do not appear to be submitting their info after the policy has run.  Do you see any issues with using the above command?

 

Thanks!

Keith

bwoods
Valued Contributor

Correct, that will give your machine enough time to update inventory. 

KAndrews5725
New Contributor III

Thank you!  By the way, being new to terminal commands, exactly what is the difference between -h and -r?  I understand -r is to indicate recursion for paths?

bwoods
Valued Contributor

@KAndrews5725  here's a pro tip: whenever you need to know what the flags of a specific command do...you can open terminal and type "man + the command you need to learn more about"

In this case you would run "man shutdown" to learn more about the shutdown command. 

KAndrews5725
New Contributor III

Ok great!  Thanks again!

bwoods
Valued Contributor

bwoods_0-1636490172111.png

 

KAndrews5725
New Contributor III

I was looking at that, thanks!  So +1 indicates one minute.  So ideally I'd probably want "sudo shutdown -r +1 &"

bwoods
Valued Contributor

Correct. Good luck on the you scripting journey! It gets easier with time and practice.

KAndrews5725
New Contributor III

Thank you!  Yes, I am learning a little more each time, which I have enjoyed.

bwoods
Valued Contributor

One more thing, if you want to see that your policy actually ran in the dashboard, you would need to have a launch daemon run the shutdown command on your behalf.

 

bwoods
Valued Contributor
#!/bin/bash

# Create restartcomputer.sh
	echo > /tmp/restartcomputer.sh '#!/bin/bash
# Sleep for 50 seconds
sleep 50

# Shutdown Immediately
sudo shutdown -r now'

# Create and load a LaunchDaemon to fork restart

	echo "<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
		<key>Label</key>
		<string>com.company.restart</string>
		<key>UserName</key>
		<string>root</string>
		<key>ProgramArguments</key>
		<array>
			<string>sh</string>
			<string>/tmp/restartcomputer.sh</string>
		</array>
		<key>RunAtLoad</key>
		<true/>
	</dict>
	</plist>" > /tmp/restart.plist
	
    sudo chown root:wheel /tmp/restart.plist
	sudo chmod 755 /tmp/restart.plist
    sudo launchctl unload /tmp/restart.plist
	sudo launchctl load /tmp/restart.plist

exit 0

KAndrews5725
New Contributor III

Thanks again for your help!  So far I am liking the way the script works and I am seeing the log info in JAMF.  One error, that doesn't appear to be affecting the functionality:

 

"Script result: /tmp/restart.plist: Could not find specified service
Unload failed: 113: Could not find specified service"

 

Anything I should try differently.  Someone suggested removing the "SUDO" command from the beginning of the command lines at the bottom of the script.  That doesn't appear to have changed the error code.

 

Thanks again!

Keith

bwoods
Valued Contributor

@KAndrews5725, I predominantly use that for testing in code runner. The issue you're seeing is the unload and load near the end of the script. You should be able to remove the unload to fix the issue. 

KAndrews5725
New Contributor III

Ok I will give that a shot! Appreciate the help!

KAndrews5725
New Contributor III

Ok, good to know.  Right now I am collecting inventory from an extension attribute called "Uptime" and that has allowed me to generate a smart group of devices that have not restarted in X number of days.  From that group I can determine how many laptops have restarted, but ultimately it doesn't tell me if the policy ran, or not.  I guess I just really want the laptops to be restarted one way or the other, and the smart group gives me a pretty good idea as to how many devices have, and how many are left to be done.

KAndrews5725
New Contributor III

Thanks for the reply!  I was able to see what you were talking about in the policy options.  This will hopefully work for what we need!

 

Thanks again!

Keith

jmdaul
New Contributor II

I'm trying to accomplish something similar, I have a script and created an extension attribute for uptime, and a script in a policy, but I'm unclear as to how it's all tied together.