Help

Push a policy via API

chmp1
New Contributor II

Posted on ‎06-03-2016 02:39 PM

Is it possible to trigger a policy on a computer or group using the API? I am pretty confident I could work around this with moving computers around in groups and wait for checkins but I'd really to the functionality of Remote to force an action if the computer is online.

0 Kudos
3 REPLIES 3

mm2270
Legendary Contributor III

Posted on ‎06-03-2016 03:54 PM

Interesting thought, though I don't think this is possible.
A computer needs to be in scope of the policy for it to run said policy. So in the very least you'd need to use the API to move the computer(s) into a group in some fashion, could be a Static Group or you could change an Extension Attribute flag on each computer to move it into a Smart Group scoped to the policy. But getting the policy to trigger over the API... I don't think there's a way.
However, you could see if the BlankPush computer command via the API helps. If it works anything like a blank push with mobile devices, it should send a command to the device to check in with its management server. Maybe it could trigger the policy execution that way? I've never used that command so I don't even know if it works. But it might be worth experimenting with.

Other than that, it sounds like a Feature Request is in order.

0 Kudos

iJake
Valued Contributor

Posted on ‎06-06-2016 07:45 AM

Unless MDM as @mm2270 mentioned can be leveraged to force the machine to check in with the JSS it's not possible since it's the local agent that initiates any policy work and not the JSS contacting the clients. In the current design the fastest you could have anything trigger is the heartbeat time your clients are configured with. Of course depending on where in that timer cycle they are the execution could happen very fast but that could not be counted on.

0 Kudos

etippett
Contributor II

Posted on ‎06-06-2016 09:00 AM

What about using ARD to send the jamf policy command to the computers on which you need to run the policy? If you're having issues with having to "move computers around" to fit in the scope of the policy, just set it to all computers with no triggers, then add -policy [policy id number here] to the command.

I'm not quite understanding why Remote won't work for you in this situation, so perhaps you can elaborate.

Thanks,
Eric

0 Kudos