Script to shutdown laptop during certain hours of the day (JAMF curfew alternative)

KAndrews5725
New Contributor III

We have the majority of our laptops running Big Sur on M1 MacBook Airs.  JAMF Support has told us that Apple is aware of an issue with macOS 11 and the curfew settings in the Parental Controls payload policy.  We are trying to put together an alternative method of enforcing curfew by scoping a policy to a smart computer group that will run at the recurring check-in frequency of the device and do nothing if the time is outside of the curfew range, or execute "sudo shutdown -now" if the device is inside the curfew range.

We would then have a second script that would run with a login trigger that would again check the time and do nothing if outside the curfew range, or again, run sudo shutdown -now if inside the range.  It would be annoying, but effective and would prevent the user from continuing to use their device if inside the curfew window.  If we didn't have the second script running at log in, then the user could continue to use their device for another 15 minutes until the next check-in time.

Anyone have any ideas of where we could start developing this plan of action, or have any scripts they would like to share?  I appreciate the help and am hopeful that curfew will begin working again in Monterey, which JAMF Support mentioned should fix the issue.  We just don't know how long it will be before all 1000+ devices are upgraded.

Thanks in advance!

1 REPLY 1

KAndrews5725
New Contributor III

For the time being I am reusing a restart script that has been working pretty well and just rewording it for shutdown:

 

#!/bin/bash

# Create shutdowncomputer.sh
	echo > /tmp/shutdowncomputer.sh '#!/bin/bash
# Sleep for 60 seconds
sleep 60

# Shutdown Immediately
sudo shutdown -h now'

# Create and load a LaunchDaemon to fork shutdown

	echo "<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
		<key>Label</key>
		<string>com.company.shutdown</string>
		<key>UserName</key>
		<string>root</string>
		<key>ProgramArguments</key>
		<array>
			<string>sh</string>
			<string>/tmp/shutdowncomputer.sh</string>
		</array>
		<key>RunAtLoad</key>
		<true/>
	</dict>
	</plist>" > /tmp/shutdown.plist
	
    sudo chown root:wheel /tmp/shutdown.plist
	sudo chmod 755 /tmp/shutdown.plist
	sudo launchctl load /tmp/shutdown.plist

exit 0

 

This should provide the script enough time to report back to JAMF so we know whether or not the policy ran.  I've set the policy to run with a recurring check-in trigger at an ongoing execution frequency and I'm making it available offline so it will run regardless of whether they turn their wifi off or not.  Finally I have set the client-side limitations so the policy will not run outside the curfew range.  The final piece of the puzzle is to ensure that if the user restarts their computer, the policy will run again if inside the curfew window and shutdown once again.  To do that I'm also using the login trigger in the policy.  Does anyone see any issues with this approach?


Thanks again!