Jamf Nation Community

Policies are check in based, unless triggered locally on the device. You can trigger a policy to run based on a certain configuration profile being installed or not installed, but Jamf won't know to do the thing until the device's next check in.

As @Ashok_A mentions this is exactly how I do it. Membership in a Smart Group based on the presence of a Configuration Profile then triggers an 'On Next Check-in' trigger to run a script or install a package.

You can do it the other way as well. If an application has been installed and appears in an Inventory collection, the machine will then fall into a Smart Group and membership in the Smart Group will scope the machine to receive a Configuration Profile.

This solves the problem of needing a configuration profile in place before an app can be installed, or vice versa.

@shrisivakumaran To restate your request, you're asking how you can have a script launched on the Mac as soon as a Configuration Profile is pushed when the Mac is not properly doing the periodic check in which would normally trigger polices that are in scope? And that script would do a killall on the jamf process then do a "jamf policy" to force an immediate check in?

If so, what you could do is use a LaunchDaemon with a WatchPaths key for a file to be created in "/Library/Managed Preferences" that matches the preference domain used by an Application & Custom Settings payload in your Configuration Profile. Here's a previous post describing a technique for doing that: https://community.jamf.com/t5/jamf-pro/quot-push-quot-trigger-for-jamf-binary/m-p/175199

@sdagley You are right, of course. I tried following @B_Hanson's  instructions, but it didn't work. The Launch Daemon has loaded and started, but the command was not running when I pushed the configuration profiles mentioned. I have no idea what I'm lacking.