Run or execute or launch a script immediately

binjali
Contributor

This might be an easy answer, but my searching isn't giving me helpful information

How do I get a script or any remote command to execute when I want to?  Like, issuing specific remote execution.  i know this is something that most security practices try to stop from ever happening, but when I'm trouble shooting, or testing, or whatever, I want to see immediate actions.  I've tried to push a script using a policy, but its not doing what I want when I want. I'm new to Jamf and I don't know how to make anything work.

10 REPLIES 10

sdagley
Esteemed Contributor II

@binjali If you have a policy scoped to a machine then running the command "sudo jamf policy" in Terminal on that machine should immediately trigger it

is there a way of injecting or sending that from my JamfCloud Portal or local install of JamfAdmin?

YanW
Contributor III

I'm speaking for myself, I totally agree using custom trigger, 100%, but for me, just me alone, I use Jamf Remote. It's going away soon, very very soon, I know. All my users are on site, not remote or VPN, so it works for "me" and "now". I enable remote desktop for the specific computer in Jamf then open Jamf Remote, select the computer and script, done. 

Sorry, I have to be careful every time I mention Jamf Remote. 

sdagley
Esteemed Contributor II

@binjali Jamf Admin isn't applicable, and you would create the Script and the Policy to run it using your Jamf Cloud hosted Jamf Pro Console. Using a Script payload in a Policy to run it would be the recommended way so that you can see the log for what happens.

Jamf Remote _may_ work if your users are all on site as @YanW mentions, but if not it's essentially useless  because it does not allow manually entering the IP address of the Mac endpoint when Jamf Pro can't determine that on its own. I _think_ Jamf intends to retire it as some point, so I definitely wouldn't invest any time in developing a workflow for it.

mainelysteve
Valued Contributor II

The jamf binary which allows you to run policies, etc. is a pull type mechanism so a button or quick action is out of the question. The buttons you see on a computer record in Jamf Pro trigger MDM commands, which are pushes.

 If you can't be physically at the machine then there are some possibilities including ssh and Apple Remote Desktop. Jamf Remote is a maybe, but I'm no help here as I've rarely if ever used it in the past ten years.

I assume these machines and yourself are all on the same network? If not SSH and ARD won't work

btowns
New Contributor III
  1. Create a policy with a Files And Processes payload, enter the command you want to run in the Execute Command field.
  2. Under the General section remove all triggers and set to ongoing frequency.
  3. Scope to the machine you're testing on
  4. Note the id in the url for the new policy (policies.html?id=93) 
  5. Trigger the policy by running sudo jamf policy -id [policy id here]

I made a policy that has a script payload and scoped it to the machine. The dasboard says 100%, so i'm assuming that my policy is now on the machine, but when I do sudo jamf policy -id 366 i get " There is no policy with that ID"

any insight?

mainelysteve
Valued Contributor II

Check your execution frequency on the policy. If it’s set to once per computer the policy won’t run again unless you either set it to ongoing or flush the policy log on the computer record.

Anonymous
Not applicable

hi @binjali , another method is:  you will be able, to force running a policy nearly "right now", by setting the recurring time to the lowest valuable ( I think, this were 5 minutes). With this method, you have to wait maximal 5 Minutes, until the policy will run on your destinated client. The trigger for the policy might be "ongoing" or whatever you want, as long, as the checkbox "Recurring Check-in" is activated. With this way, it is not necessary to start  the policy (job)  manually in a terminal window on the destination client.
I had tested this and it was succesfull.

btowns
New Contributor III

Just be careful with reoccurring check-in trigger + ongoing frequency in case you forget about it, it will keep executing over and over.