Run a lock script at beginning of policy

roiegat
Contributor III

I have a script that locks the screen up at a beginning of a policy to notify the user of an update. The script runs fine.

But when I put the policy together I want the script to run, lock the screen, and then run the rest of the packages and scripts. But the issue is that the locking script runs...and then stays there. The other parts don't run until I manually exit the lock script.

Any way to run the script in the background and have the rest of the policy execute?

5 REPLIES 5

stevewood
Honored Contributor II
Honored Contributor II

I'll assume that you are using the jamfHelper app to lock the screen. You have to make sure you put the process in the background for the rest of the script to run. You'll need a line like this:

/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType fs -icon "$iconpath$icon" -heading "$heading" -description "$description" &

#### Now Do your special scripty stuff

####  Now unlock the screen
killall jamfHelper

The ampersand (&) at the end of the jamfHelper line puts the process in the background and allows the script to continue running. Otherwise the script pauses and waits for the completion.

roiegat
Contributor III

So I would also need to create a method for it to check to end on?

Essentially what were trying to do is allow a device to enroll from the website. Once the package is installed it checks for policies and that's when this policy is run.

I want to lock the screen, then image the machine like normal. Once it's done installing the files it'll reboot. So should I still have a check for ending or will it end ok on the reboot?

stevewood
Honored Contributor II
Honored Contributor II

If that's all you are doing, and you are not worried about unlocking the screen for the user at the end of the installation, you do not need the "killall", the reboot will take care of that.

mm2270
Legendary Contributor III

It might not work just to have the Mac reboot, although it would depend on exactly how you're initiating the reboot. Still, if it were me I would have it check for something that indicates the rest of the script is complete. That could be something as simple as checking that the last process' exit status is successful, such as:

if [ $? == 0 ]; then
## Now, kill jamfHelper (alternate method from what Steve shows above)
/bin/ps axc | awk '/jamfHelper/{ print $1 }' | xargs kill -9
/sbin/shutdown -r now
fi

roiegat
Contributor III

Thanks guys!