Im having an issue with Jamf Remote. I cant control any machines without resetting our management account password. i created a policy to reset the passwords. The policy seems to only work half of the time. I also realized that it wont work without me restarting the machine. I wanted to create a script in the policy that prompts the user to restart the machine after it runs.

I have a two script process (modified from a jamfHelper delay script) that presents a jamfHelper popup if the computer has not restarted in 4 days. It gives the user the option of an immediate restart, 2 minute, 5 minute or 1 hour delay. It then presents another jamfHelper popup 1 min before restart. The second script (for clean up) runs at login and checks for the presence of the files and removes them if they are there.

Script One:

#!/bin/bash

#######################################################################################
#
# Copyright (c) 2016, JAMF Software, LLC.  All rights reserved.
#
#       Redistribution and use in source and binary forms, with or without
#       modification, are permitted provided that the following conditions are met:
#               * Redistributions of source code must retain the above copyright
#                 notice, this list of conditions and the following disclaimer.
#               * Redistributions in binary form must reproduce the above copyright
#                 notice, this list of conditions and the following disclaimer in the
#                 documentation and/or other materials provided with the distribution.
#               * Neither the name of the JAMF Software, LLC nor the
#                 names of its contributors may be used to endorse or promote products
#                 derived from this software without specific prior written permission.
#
#       THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
#       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#       DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
#       DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
#       (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#       LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#       ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#       (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
#       SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#######################################################################################
#
#######################################################################################
#
#           Rewrite Description
#
#######################################################################################
# jss.jhp.delay.sh
# ©2016 brock walters jamf
#
# Modified for KISD by Mike Donovan September 8, 2017
#
# the information in the jamfhelper pop-up window can be modified by changing the following below:
#
#   -title
#   -heading
#   -description
#   -icon (eg, a .b64 encoded .png or .icns file in the script or a reference to a graphics file)
#   -button1 (limited characters in field)
#   -button2 (limited characters in field)
#   -showDelayOptions (in seconds)
#
#   for other jamfHelper options see:
#   
#      /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -help
#
# the case statement takes input from the jamfHelper button exit code variable "$result"
#

lastBootRaw=$(sysctl kern.boottime | awk -F'[= |,]' '{print $6}')

lastBootFormat=$(date -jf "%s" "$lastBootRaw" +"%m-%d-%Y")


today=$(date +%s)
#today=$(date -v+4d +%s) ###########For Testing #############################################

diffDays=$(( (today - lastBootRaw) / 86400 ))

#echo $diffDays

if [ $diffDays -ge 4 ];then

    #echo "4 days or more Running Reboot script"
       # Check for district icons
    file=$(find /Library/Application Support/JAMF/bin/KISDColorseal.png)
    if [ ! -z "$file" ]
    then
        useIcon=/Library/Application Support/JAMF/bin/KISDColorseal.png
        #echo "found"
    else
        useIcon=/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertCautionIcon.icns
        #echo "not found"
    fi

else
    #echo "3 days or less Exiting"
    exit 0
fi

jamfhelper()
{
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper 
-windowType utility 
-title "KISD Mac Systems Admin" 
-heading "It's time to reboot" 
-description "This computer has not restarted since $lastBootFormat. Restart now or choose a delay option." 
-icon "$useIcon" 
-iconSize 110 
-button1 "Delay" 
-button2 "Restart Now" 
-showDelayOptions "120, 300, 3600" # 2 minutes, 5 minutes, 1 hour
}

# variables
result=$(jamfhelper)
delayint=$(echo "$result" | /usr/bin/sed 's/.$//')
warndelayint=$(expr $delayint - 60)
#echo $delayint
#echo $warndelayint
defercal=$(($(/bin/date +%s) + delayint))
hour=$(/bin/date -j -f "%s" "$defercal" "+%H")
minute=$(/bin/date -j -f "%s" "$defercal" "+%M")
#echo $hour
#echo $minute
warndefercal=$(($(/bin/date +%s) + warndelayint))
warnhour=$(/bin/date -j -f "%s" "$warndefercal" "+%H")
warnminute=$(/bin/date -j -f "%s" "$warndefercal" "+%M")
#echo $warnhour
#echo $warnminute

# write launch daemon populated with variables from jamfHelper output

delay()
{
/bin/cat <<EOF > /Library/LaunchDaemons/org.your.rebootdelay.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
  "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>org.your.rebootdelay</string>
    <key>ProgramArguments</key>
    <array>
        <string>reboot</string>
    </array>
    <key>StartCalendarInterval</key>
    <dict>
        <key>Hour</key>
        <integer>$hour</integer>
        <key>Minute</key>
        <integer>$minute</integer>
    </dict>
</dict>
</plist>
EOF
}

warndelay()
{
/bin/cat <<EOF > /Library/LaunchDaemons/org.your.rebootdelaywarning.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
  "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>org.your.rebootdelaywarning</string>
    <key>ProgramArguments</key>
    <array>
        <string>sh</string>
        <string>/Library/Scripts/rebootwarning.sh</string>
    </array>
    <key>StartCalendarInterval</key>
    <dict>
        <key>Hour</key>
        <integer>$warnhour</integer>
        <key>Minute</key>
        <integer>$warnminute</integer>
    </dict>
</dict>
</plist>
EOF
}

warnScript()
{
/bin/cat <<EOF > /Library/Scripts/rebootwarning.sh
#!/bin/bash

/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper 
-windowType utility 
-title "KISD Systems Admin" 
-heading "It's time to reboot" 
-description "This computer is set to reboot in 1 minute." 
-icon "$useIcon" 
-iconSize 110 
-button1 "Ok" 

EOF
}

finalPrep()
{
# unload launchd for testing
#launchctl unload /Library/LaunchDaemons/org.your.rebootdelay.plist
#launchctl unload /Library/LaunchDaemons/org.your.rebootdelaywarning.plist

# set ownership on delay launch daemon
chown root:wheel /Library/LaunchDaemons/org.your.rebootdelay.plist
chmod 644 /Library/LaunchDaemons/org.your.rebootdelay.plist

# set ownership on delaywarning launch daemon
chown root:wheel /Library/LaunchDaemons/org.your.rebootdelaywarning.plist
chmod 644 /Library/LaunchDaemons/org.your.rebootdelaywarning.plist

#load launchd
launchctl load /Library/LaunchDaemons/org.your.rebootdelay.plist
launchctl load /Library/LaunchDaemons/org.your.rebootdelaywarning.plist

}

# select action based on user input
#### Script Execution Starts Here #######
#### 1 runs functions
#### 2 runs reboot command
case "$result" in
    *1 )    delay
            warndelay
            warnScript
            finalPrep
            ;;
    *2 )    reboot
            echo "Reboot Called"
            ;;
esac

exit 0```

Script two:

!/bin/bash

file=$(find /Library/LaunchDaemons/org.your.rebootdelay.plist)
if [ ! -z "$file" ]
then echo "Found" rm /Library/LaunchDaemons/org.your.rebootdelay.plist rm /Library/LaunchDaemons/org.your.rebootdelaywarning.plist rm /Library/Scripts/rebootwarning.sh launchctl remove org.your.rebootdelay launchctl remove org.your.rebootdelaywarning

fi
exit 0
```

I need one that I can attach to specific policies. I would like it to inform the user that the computer is going to restart/has to restart. I want the user to be able choose if he would like to restart now or later.

@kadams I think the script posted above can get you there, but will obviously need some tweaking for your purposes.

If you want, you can also take a look at something I put together a while ago now that uses a similar approach, but was intended more to be run after critical updates were installed on a device. reboot_scheduler

@m.donovan , I tried putting this script into a text editor. I cant get it to run in terminal. Is there anything else I supposed to change for this to work?. Am I supposed to put both of these scripts in the text editor at once?

Anyone knows how to modify the script above. I need it to trigger after running a policy. For instance, one policy runs and the script triggers. 4 days is too much time. I would like it to run instantly after running a policy. Also can both of those scripts be combined? Do I need them both for the script tor run.

@kadams

I think the original script Brock posted may be closer to what you have in mind.

I would be sure to test it thoroughly for your needs.

Am I missing something??

Why not just use the 'allow deferral' in the user interaction tab of the policy??

I used the script above, but the delay portion of it isnt working. I delay for 2 minutes and nothing happens. Also is script 2 combined into one script?

@kadams

I'm not sure if your reply was directed at me but the script I linked to is meant to only be 1 script. It also doesnt have logic built into it about last reboot time.

Additionally regarding the script you tried I noticed the script has logic based on the last reboot time. Which means if the system you tested on was rebooted less than 4 days ago you may not see any results of the above script.

Thanks