Run a policy twice a day ?

k3vmo
Contributor II

I have a policy that currently runs once a day that nags the end user to reboot. Many of the users within the fleet have uptime greater than 30 days.

It prompts them on-screen to reboot - and if they dismiss it runs once the next day.

Sadly this doesn't seem to be enough of a nag.

Is there a way to execute a policy two or three times a day?

# Script to make the user aware that a restart has not occurred in over 7 days

# Use JamfHelper tool to show alert message
jHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"

# Set maximum days to 30 before warning about restart
maxDays="30"

# Check to see if the machine has restarted in the last day
# See if "days" exists in the uptime
upTime=`uptime | grep "days"`
if [ -z "$upTime"  ];
then
    echo  "Not yet one day"
    exit 1;
else
    echo "More than one day"
fi

# Get current uptime
upTimeDays=`uptime | awk '{print $3}'`

# Display uptime
echo "Uptime days: $upTimeDays"

# Advise user of uptime and give the option to reboot
msg="Your Highmark Mac has not been restarted for at least $upTimeDays days.

Please restart today in order to maintain the smooth operation of your system.

This message will repeat daily until a reboot has been performed"

# Location of icon
icon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertNoteIcon.icns"

# If uptime is equal to or greater than 130 days then display message

if [ "$upTimeDays" -ge "$maxDays" ]; then
    echo "Mac has been up for more than $maxDays days"
    # Get answer from user
    result=`"$jHelper" -windowType utility -description "$msg" -title "Mac Desktop Support Notification" -button1 "Restart now" -button2 "Not yet" -defaultButton 2 -icon "$icon" -iconSize 90`
    # If answer is Restart now, then restart
    if [ $result -eq 0 ];
    then
        echo "I am rebooting...."
        reboot
    else
    # Else delay restart
        echo "Not yet..."
        exit 0
    fi
else
    # Mac has been restarted within 30 days
    echo "Mac has been up for less than $maxDays days. Exiting."
    exit 0
fi
2 REPLIES 2

mm2270
Legendary Contributor III

For something like this, you'd have to have the policy run as Ongoing on every check in, but script it so that it writes out a date (unix seconds) each time it pops up, and on next run, the script would first check the date file to see if enough time has passed to run again, otherwise exit.

For example, as I'm writing this, the Unix time in seconds is 1618506757. If the policy just ran, it would echo out that string into a local hidden file somewhere. The next time the policy runs (and the first time too), it would check for that file and if it exists, get the string and compare it with the current time. If the difference between current time and last time in seconds is greater or equal to the time you specify, such as 4 hours, then it pops up the message again. Otherwise it would exit.
The math in the script could look something like this:

## Max hours in seconds (4 hours)
max_time_allowed="14400"

## Last run time
last_run_time=$(cat /path/to/lastruntimefile)

## Current time
current_time=$(date +"%s")

time_diff=$((current_time-last_run_time))

if [[ "$time_diff" -ge "$max_time_allowed" ]]; then
    echo "Enough time passed"
    ## Do your stuff here
    ## Update the lastruntimefile with the current time
    echo $(date +"%s") > /path/to/lastruntimefile
else
    echo "Not enough time passed. Exiting..."
    exit 0
fi

You also have to add some logic up top to check for the existence of that lastruntimefile If it doesn't exist, pop up the message and then write the current time in seconds into the file.

gabester
Contributor III

Alternately, if you're willing to use multiple policies, you could set the "2x Daily" policy with trigger "twiceDaily" which is in turn called as via a Files and Processes payload from 2 or more policies which are set with mutually exclusive Client Side limitations set for "do not run between" time ranges. 

So "morning" policy would run between 12:00AM to 11:59AM and the "afternoon" policy would run between 12:00PM to 11:59PM and each policy would have a payload that calls 

jamf policy -event twiceDaily

If you decide you want to do this 3x daily just add a new policy and change the time ranges to:

12:00AM to 7:59AM

8:00AM to 3:59PM

4:00PM to 11:59PM

(All times assume you want symmetrical time windows, you can adjust this to suit your needs)