Jamf Nation Community

tuinte · ‎12-12-2017

I'm looking to run the command "jamf policy -event UserConfig" via a LaunchAgent. Here's the relevant bit of the LaunchAgent:

<key>ProgramArguments</key>
<array>
       <string>/usr/local/bin/jamf</string>
       <string>policy</string>
       <string>-event</string>
       <string>UserConfig</string>
</array>

The last of the policies triggered by UserConfig deletes the LaunchAgent for that user so it only runs once.

But LaunchAgents are run as the user, and the jamf binary requires root. So I can add a sudo, but most users are not members of sudoers, so that too would not work.

Is there a way around this? I'm finding the login/logout hooks unreliable.

Appreciate any insight.

EDIT: My title... is... not what I'm asking. Why/how did I write that?

Nix4Life · ‎12-12-2017

take a look at outset

Look · ‎12-12-2017

What version of JAMF are you on, we have very few issues these days with the login/logout hooks and I use them quite often for what look like similar purposes to what your trying to do (branding, docks, network shares, and a few other sundry tasks...).
I use flag files in general, so the policies do run every login, but they skip out immediately on detection of the flag without doing anything.

talkingmoose · ‎12-13-2017

I'm curious why you're trying to do this with a Launch Agent. Why not set the policy to run once per user or once per user per computer?

tuinte · ‎12-13-2017

@talkingmoose @Look We have a policy triggering UserConfig at login, once per user per computer, but it's failing to run at login. Logs show similar to here: https://www.jamf.com/jamf-nation/discussions/23059/error-domain-com-jamf-jamf-security-error-code-50.

Jamf 10. Clients are 10.12-10.13.

My understanding was this was a common problem (login trigger not working). Not so?

Jamf Nation Community

Run script as root via LaunchAgent at login