Posted on 07-03-2013 07:30 AM
I plan to use the "once per computer" execution frequency in some of my policies, but I'd like to know if computers where the policy has already executed once have their status reset after being imaged.
In other words, if I image a machine, will once-per-computer policies re-initiate on that machine as if they had never run?
Solved! Go to Solution.
Posted on 07-03-2013 07:49 AM
Only if you include a script that includes a line with-
jamf flushPolicyHistory
You need to make sure that runs against the Mac after it boots into its newly imaged OS, not while its Netbooted or booted from an external volume, so include it in a FirstRun script.
Afterwards, any Once per Computer policies will re-run on the Mac.
I would also consider using Smart Groups where possible as the scope in your policies and looking at Ongoing for frequency when appropriate, so if a Mac falls back into the group, it can get the policy run on it again. Just be careful with using "Ongoing", since you'd only want to use it with something that wouldn't cause issues with the Mac if it accidentally got run again. If a Mac gets re-enrolled for some reason, policies set to ongoing can sometimes be run again.
Posted on 07-03-2013 07:49 AM
Only if you include a script that includes a line with-
jamf flushPolicyHistory
You need to make sure that runs against the Mac after it boots into its newly imaged OS, not while its Netbooted or booted from an external volume, so include it in a FirstRun script.
Afterwards, any Once per Computer policies will re-run on the Mac.
I would also consider using Smart Groups where possible as the scope in your policies and looking at Ongoing for frequency when appropriate, so if a Mac falls back into the group, it can get the policy run on it again. Just be careful with using "Ongoing", since you'd only want to use it with something that wouldn't cause issues with the Mac if it accidentally got run again. If a Mac gets re-enrolled for some reason, policies set to ongoing can sometimes be run again.
Posted on 07-03-2013 07:54 AM
I think I recall a JAMF support person mentioning that having a 'flushpolicyhistory' script was no longer needed. Like it was something they added into the Casper Imaging process.... Maybe i'm hallucinating because I still have the script included in my configurations.
Posted on 07-03-2013 07:57 AM
@ Greg, that would interesting if they included it in. Although we aren't using Casper Imaging (DeployStudio here) so we'd still need to include that script line. But I'd still be interested to know if this is now a built in function since it wasn't at one time.
Anyone from JAMF reading this care to comment on that?
Posted on 07-03-2013 10:43 AM
I really hope it isn't a built-in feature and it doesn't appear to be. If we were to wipe the policy history at imaging time, then we wouldn't know any machine history and it would make some troubleshooting near impossible. I can see it being an option to check in the future, but not a standard.
Old policy history can come in handy. Recently MacBook Pro mid-2009's were crashing. The machines that were imaged the old way (with flush history) were no good in troubleshooting, but the machines imaged the new way (ongoing with smart groups) were able to provide us the details we needed to track down the cause.