Jamf Nation Community

jelockwood · ‎03-31-2023

Jamf has provided a means to control their Self Service app by using URLs.

https://docs.jamf.com/10.28.0/jamf-pro/administrator-guide/Jamf_Self_Service_for_macOS_URL_Schemes.h...

The client Mac that is enrolled in to Jamf and has the Jamf Self Service app installed would open a valid URL and this would trigger the Self Service app to perform the specified step. As mentioned in the above document, the URL for each Self Service app entry can be obtained in Jamf Pro by an administrator.

It is therefore possible to write a shell script which in turn opens such a URL, however the shell script needs to both run with SUDO privileges and still show as running by the logged in user, this is something probably familiar to most Jamf Pro admins but an example script which I know works for this is available as follows.

https://community.jamf.com/t5/jamf-pro/script-to-launch-self-service-from-policy/m-p/190052/highligh...

What the above script does not yet do is detect when the Jamf Self Service app has finished its task. I would like to do this so as to then quit the Self Service app when it finishes. (The process triggers unavoidably the launch of the Self Service app in order to do its task.)

Once approach might be to have a loop in the script which checks to see if the Apple installer is running and if it is not assumes then that Self Service has finished its install task, however I would tend to suspect this approach may not be sufficiently robust. So if anyone has any better suggestions they would be much appreciated.

andrew_nicholas · ‎03-31-2023

You could try and add

killall "Self Service"

in the policies and exclusions section. This should run once the actions of the policy are complete and then close itself out.

sdagley · ‎03-31-2023

@jelockwood Is there a specific reason that you're using a Self Service URL to trigger a policy instead of executing the policy directly via a custom event (e.g. "jamf policy -event CustomEventForPolicy")?

jelockwood · ‎03-31-2023

@andrew_nicholas

Yes, it is not the mechanism of how to kill it, it is how to detect it has finished before killing it. Opening the URL completes immediately and passes to the next shell line immediately well before the installation has completed so the script would need to detect when the installation has completed before killing Self Service in order to prevent accidentally interrupting it.

@sdagley

I am wanting to avoid creating a zillion (technical term 😄) custom policies. I would be calling the URL via a shell script which would be triggered from Munki. Munki would then be able to contain not only non-App Store apps and updates (via AutoPkg) but then had what would look like the App Store installers but actually would run scripts to tell Jamf Self Service to do the install. Jamf would also invisibly and automatically do updates for the App Store apps.

This way I can tell users to only use Munki for everything.

Yes, one could add third party apps etc. to Jamf and yes there are ways to add updates to Jamf but Jamf is definitely inferior in this to Munki. Furthermore in my employers case I also have to do app patching for an air gapped network and therefore on that network using any MDM is impossible. Munki however would work perfectly happily and I can manually transfer new content to Munki on this air gapped network.

sdagley · ‎03-31-2023

@jelockwood You could always add Custom Events your Self Service policies. When you're calling a Self Service via a URL the ID of the policy is baked in, so if you ever create a new version of the policy you'd have to edit any script that called it. If you use a Custom Event that won't need to be changed.

Another advantage to a scripted call to "jamf policy -event CustomeEvent" is that it doesn't return until the policy completes.

Jamf Nation Community

Scripting the Self Service app and detecting when it has finished