sudo Jamf policy -v in Self Service

dpratl
Contributor II

Hi jamf nation :)

Is it possible to put a Policy or script or something to the Self Service?
That would be important so the Helpdesk can tell the User that they triggered a software for reinstallation or activated some software for them and they can press a button to speed up the installation. (not get the software magically installed in the background)

Thank you
BR
Daniel

1 ACCEPTED SOLUTION

brunerd
Contributor

Hey @dpratl happy question anniversary (almost)

The answer is yes, you can run jamf policy from a policy
It just requires launchd and a script inside a script - you know... like Inception 🙃

See my response in this thread:
Running JAMF Policy via Self Service

View solution in original post

9 REPLIES 9

jrippy
Contributor III

Sure.

We have a couple of policies in Self Service. One allows the user to update their inventory manually.
With 9.91, I wanted to create this policy but just having a mostly blank policy with the "Update Inventory" box checked in Maintenance didn't seem to work. So I went into files and processes and had it run jamf policy. And that was it. I haven't tried going back to the checkbox with 9.97 to see if the behavior is any different with the checkbox but I have tested this method and it does still work.

Also, if you know the policy ID from the URL string, then you can do the same thing and just put in jamf policy -id ###.
Click on the policy in the JSS and look at the browser address bar. You should see something like

https://jss.yourcompany.com:8443/policies.html?id=1717&o=r

The id=### is the number you would put in the policy.

Assuming the computer/user is in scope, it should run for you. If you have the policy set to only Once per Computer, you may have to go flush that previous attempt first.

dpratl
Contributor II

Hi @jrippy,

I already tried that:
I create a script like

#!/bin/sh
sudo jamf policy -v

But it is not starting the policy update like it should.
Maybe the problem is also that sometimes when I run the command it tells me that a process is already running so it can't start.

I tried to solve that like this:

#!/bin/sh
sudo kill -9 jamf
sudo jamf policy -v

But that didn't work.
Is it running every time on your users Macs?

Thank you
BR
Daniel

jrippy
Contributor III

Ah so you're just trying to get any outstanding policies.

When I tried to do what you are doing, I believe I ran into the same issue.
I believe the problem comes in that we are trying to run a generic jamf policy inside a created jamf policy from Self Service.
Unfortunately, I've not found a way around that.
I gave up before going any farther as it was low priority at the time.
What if you do jamf policy -event "recurring check-in"? Any difference?

Would be interested if you do though :-)

jhbush
Valued Contributor II

@jrippy it appears according to the MAN page and quick testing jamf policy -event "recurring check-in" is not supported.

-event      The event or trigger that the policy is associated with in the JSS. Historical synonyms include –trigger and –action.
                Note: Running policy without an event will default to the scheduled event.
                Other events include: login, logout, startup, networkStateChange, enrollmentComplete, along with custom events.

I tested jamf policy -event login and that worked as expected. It seems odd that Jamf failed to add such a common event.

brunerd
Contributor

Hey @dpratl happy question anniversary (almost)

The answer is yes, you can run jamf policy from a policy
It just requires launchd and a script inside a script - you know... like Inception 🙃

See my response in this thread:
Running JAMF Policy via Self Service

dpratl
Contributor II

Hi @brunerd,

That sounds great, I will try this in the next few days.
A little dream would come true :)

Update: AMAZING! Thank you very much. This is working like a charm :) - your post marked as solution.

Thank you
BR
Daniel

evidesmedt
New Contributor

Hello, i am new here. only recently started with Jamf. we would like to apply this to our environment. can you please provide workflow for this.
so we create a script from the script in this post ?? => https://www.jamf.com/jamf-nation/discussions/10461/running-jamf-policy-via-self-service

#!/bin/bash
#brunerd - Joel Bruner

#your domain name reversed
reverseDomainName="com.brunerd"

#unload if it exists for some reason
[ -e "/Library/LaunchDaemons/${reverseDomainName}.runJamfPolicy.plist" ] && launchctl unload "/Library/LaunchDaemons/${reverseDomainName}.runJamfPolicy.plist" 2>/dev/null

cat <<-EOF > "/Library/LaunchDaemons/${reverseDomainName}.runJamfPolicy.plist"
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>${reverseDomainName}.runJamfPolicy</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/bin/runJamfPolicy.command</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>
EOF

cat <<-EOF > /usr/local/bin/runJamfPolicy.command
#!/bin/bash

#time to wait between checks ensuring "jamf policy" has ended
sleepIntervalSeconds=10

#send to a log file and echo out
function logEcho {
#echo out to stdout and /var/log/jamf.log
echo "$(date +'%a %b %d %H:%M:%S') $(hostname | cut -d . -f1) ${myName:="$(basename "${0%%.*}")"}[${myPID:=$$}]: $@" | tee -a /var/log/jamf.log
}

#until the "jamf policy" is not found in the output of "ps auxww" sleep and keep checking
until [ -z "$(ps auxww | grep [j]amf policy)" ]; do
    logEcho "Waiting jamf policy running, waiting ${sleepIntervalSeconds} seconds..."
    sleep ${sleepIntervalSeconds}
done

logEcho "All clear, running "/usr/local/bin/jamf policy""
/usr/local/bin/jamf policy

logEcho "Finished. Exiting and Uninstalling."

#delete this script
rm "$0"

#erase the launchd file
rm /Library/LaunchDaemons/${reverseDomainName}.runJamfPolicy.plist

#remove the launchd by label name
launchctl remove ${reverseDomainName}.runJamfPolicy
EOF

#ensure correct ownership and mode 
chown root:wheel "/Library/LaunchDaemons/${reverseDomainName}.runJamfPolicy.plist" "/usr/local/bin/runJamfPolicy.command"
chmod ugo+rx,go-w "/usr/local/bin/runJamfPolicy.command"
chmod ugo+r,go-w "/Library/LaunchDaemons/${reverseDomainName}.runJamfPolicy.plist"

#load the launchd
launchctl load "/Library/LaunchDaemons/${reverseDomainName}.runJamfPolicy.plist"

how to put a script inside a script ?
put this in a policy ? and then ?
i don't fully understand the workflow here.
can someone please clarify ?
thank you kr

cmcdonald89
New Contributor II

Running a script with in a script needs the command sh (for a bash script) and osascript (for AppleScript)
You need to direct it to where the script is stored on the Mac. So for example

sh /library/management/examplescript.sh

I tend to create a folder in library called management and store scripts there.
To run a policy within a policy you need to add events and in the actual policy you want to run you need to select custom event.
5f2046107e2f4628bcdf25c3c5426cec
Should look like that. Then the command you want to run in the script would be:

/usr/local/jamf/bin/jamf policy -event "custom event trigger here"

Any more questions let me know.

evidesmedt
New Contributor

@cmcdonald89

thanx !