Jamf Nation Community

donmontalvo · ‎09-21-2012

What's the best way to trigger a policy ONLY if the compurter is logged off?

Extension Attributes are not an option, since inventory data is gathered every 7 days (14 day window).

We need to run "softwareupdate -i -a" only if the Macs are logged off.

The policy is all set up and tested, just hung on how to trigger only for logged off Macs. :)

Thoughts?

TIA
Don

--
https://donmontalvo.com

lisacherie · ‎09-21-2012

#see if user logged in
USER=`/usr/bin/who | /usr/bin/grep console | /usr/bin/cut -d " " -f 1`;
echo "logged in user is $USER...";

#check if user logged in

if [ -n "$USER" ]; then
   exit 0

else
   #No logged in user
   /usr/sbin/jamf policy -trigger runsoftwareupdate
fi

View solution in original post

donmontalvo · ‎01-30-2013

We ended up letting users know that on XXXXX day at 0300 all Macs would receive patches (controlled by internal Apple SUS). If the user didn't log off, they'd miss the updates. Basically following the process in place for the Wintel side.

So the policy would continue to try every day at 0300, with the same requirement (the computer must be at the login window), until completed. Then it would kick off again on the next weekly cycle.

--
https://donmontalvo.com

View solution in original post

justinrummel · ‎09-21-2012

Create a LaunchDaemon that runs a script on the date/time you specify, package, deploy to clients.

donmontalvo · ‎09-21-2012

@justinrummel That can be done in the policy iteself. However that won't prevent updating if the user goes home without logging off. Production folks often leave docunents and apps open. If/when they logout, that's when we want to run the update (at 0300). :)

--
https://donmontalvo.com

lisacherie · ‎09-21-2012

#see if user logged in
USER=`/usr/bin/who | /usr/bin/grep console | /usr/bin/cut -d " " -f 1`;
echo "logged in user is $USER...";

#check if user logged in

if [ -n "$USER" ]; then
   exit 0

else
   #No logged in user
   /usr/sbin/jamf policy -trigger runsoftwareupdate
fi

donmontalvo · ‎09-21-2012

@lisacherie Woah!!!! Thanks!!!

Just tested, the computer doesn't automagically reboot...should I append "; reboot" to the command?

Don

--
https://donmontalvo.com

lisacherie · ‎09-21-2012

Take a look in this thread - it might give you some extra options for managing when the updates run.

https://jamfnation.jamfsoftware.com/discussion.html?id=5404

donmontalvo · ‎09-21-2012

@lisacherie Thanks, I checked the thread. We don't want to give users any prompts, we only want to run at 0300 if the computer is logged off. I'm testing adding ";reboot" to your script to see if this does the trick. :)

--
https://donmontalvo.com

SeanA · ‎01-30-2013

Granted, in your specific example, a user is usually not in at 0300 and even more unlikely that the user will login to the Mac after the software updates start but before it finishes. For that rare case, before the reboot, it would be advisable to check for a user again.

donmontalvo · ‎01-30-2013

We ended up letting users know that on XXXXX day at 0300 all Macs would receive patches (controlled by internal Apple SUS). If the user didn't log off, they'd miss the updates. Basically following the process in place for the Wintel side.

So the policy would continue to try every day at 0300, with the same requirement (the computer must be at the login window), until completed. Then it would kick off again on the next weekly cycle.

--
https://donmontalvo.com

jhalvorson · ‎03-20-2013

@donmontalvo - what was your final version of the script? I am interested in what you did to ensure a reboot.

Did you change the script or adjust your policy trigger to hand the reboot?

Jamf Nation Community

Run all Apple SUS updates at 0300 only if logged off