Reboot Computers and Devices on demand via API

ETI_Admin
New Contributor III

Hi;

I am looking for a way to reboot both MacOS and iOS/tvOS devices via API commands, either with classic API or uAPI.

I've found that I can use the classic API's mobiledevicecommands RestartDevice <id> endpoint to reboot mobile devices. But this doesn't apply to Computers. Oddly, the classic API computercommands endpoint does not include a Restart command like Devices does.

I've found that I can create a Policy for computers and setup the Restart Immediately policy, and setup a custom event trigger such as "Reboot" to trigger it.

Two questions - First, how to trigger a Policy custom event via either of the APIs?
Second, how do I scope this so that I can select only one or some subset of Computers to reboot? I don't want to create a separate policy for every computer, but definitely don't want to reboot all my computers!

I do realize that I could setup reboots to happen at specified times, but I really need this to be an on-demand type of trigger that get's initiated via an API call.

10 REPLIES 10

dan-snelson
Valued Contributor II

@user-TWForsnzLY I may be wrong, but I don't see Restart as an option in Classic API:
https://jamfpro.company.com/classicapi/doc/#!/computercommands/createComputerCommandByCommand_post

/computercommands/command/{command} Creates a new computer command. Commands supported: DeviceLock, EraseDevice, UnmanageDevice, BlankPush, UnlockUserAccount, DeleteUser, SettingsEnableBluetooth, SettingsDisableBluetooth (macOS 10.13.4 and later), EnableRemoteDesktop (macOS 10.14.4 and later), DisableRemoteDesktop (macOS 10.14.4 and later), ScheduleOSUpdate. Implementation Notes Command and computer list specified in an XML file. DeviceLock and EraseDevice require a 6 character passcode. UnlockUserAccount and DeleteUser require a user_name that reflects a local account that is to be unlocked or removed. Command uuid and date_sent are set by Jamf Pro.

If it was, it'd be something along the lines of:
/usr/bin/curl -s -X POST -H "Content-Type: text/xml" -u ${apiUsername}:${apiPassword} ${jamfProURL}/JSSResource/computercommands/command/RESTART/id/${jamfProCompID}

tlarkin
Honored Contributor

Policy payloads can contain a reboot, or a script that forces it, but this could be dangerous

ETI_Admin
New Contributor III

Thank you both for the response. I think it would make sense for Jamf to add the feature of Restart to ComputerCommands similar to how it is already implemented for MobileDeviceCommands.

So, let's assume that I use a script to restart a machine, and assign that script to a Policy with a custom trigger. Now, I want that script to execute on a specific computer, and only on that one computer. And I want the this to be triggered by a call via the API (classic or uAPI, doesn't matter to me).

How do I scope the policy and make the call to execute the script on a remote machine on demand, and repeatedly, without creating a 1:1 situation of policy to computer?

Not applicable

Management commands are based on Apple's MDM specification. Apple has not implemented the Restart Command in MDM spec for macOS (only iOS, tvOS). That is why there is no restart management command for Computers like there is for Devices.

Policies are initiated when the computer checks in with the Jamf server, there is no way (that I know of) to have the Jamf Pro server initiate the check-in. Check-in happens approximately every 15 minutes (for reoccurring policies) or via the

sudo jamf policy -event

terminal command.

What are you trying to accomplish? You could create a policy that restarts the computer, scope it to the assigned computer(s), and make it "once per computer" and the computer will restart the next time it checks in, up to 15 minutes. I would make sure that you give the user a warning so they can save any unsaved work.

ETI_Admin
New Contributor III

I didn't realize that Apple MDM spec has no restart for macOS.

The macs we manage are not typical. These are dedicated players/show control devices used to play out content or support interactive experiences in retail, hospitality, and corporate settings. There is no user we have to worry about warning. There is not even a keyboard or mouse attached to these macs. On occassion, we want to send a command to reboot them outside of our own installed custom app.

The 15 min heartbeat interval can be cut down, with the potential downside of more heartbeat traffic. Right?

gforsyth
New Contributor III

What if you had a restart script that ran against the field (only once per computer) and you can add them one at a time as needed. Once the policy is populated with all the machines you can reboot a machine on demand by simply flushing the policy on that specific machine. Just a thought.

ETI_Admin
New Contributor III

Thanks for the idea, gforsyth. I'll give it a shot.

rstasel
Valued Contributor

fwiw, Apple does have a restart mdm command. spec says it's been available since 10.13. 

https://developer.apple.com/documentation/devicemanagement/restart_a_device

ETI_Admin
New Contributor III

Interesting - this feature is not available in the Jamf Pro (hosted) UI for Computers, nor in the Classic API, but does seem to be supporting in the Jamf Pro API although I haven't tested it just yet.


Thanks for sharing this!

The restart command by the Jamf Pro API is documented here in the context of managing kernel extensions. If you’re on macOS 11.3 or later, you can also opt in with a “notify user” flag that makes the process less jarring to a user:

https://docs.jamf.com/technical-articles/Managing_Legacy_Kernel_Extensions_in_macOS_Using_Jamf_Pro.h...