Jamf Nation Community

dan-snelson · ‎04-20-2023

Run any Jamf Pro policy at the next user login or computer reboot

Background

Recently, we had a need to run a particular Jamf Pro policy only the next time the computer rebooted.

Having previously created Recon at Reboot, I started on a modification for this one-off need. About a third of the way into the modifications, a Heaven-inspired question came to mind:

Why don’t you write a script to execute any Jamf Pro policy at the next reboot?

sdagley · ‎04-20-2023

@dan-snelson Any particular reason you're triggering the policy via LaunchAgent/Self Service at login versus via LaunchDaemon/jamf binary on restart? The former is problematic if user login is required for Self Service, and the latter should work for both cases.

dan-snelson · ‎04-20-2023

Happy Thursday, @sdagley!

I started out with the just the "reboot / LaunchDaemon / jamf binary" flavor, but in my testing, a "LaunchAgent / jamf binary" option failed (since the jamf binary requires elevated privileges).

Pull Request are always welcome.

sdagley · ‎04-20-2023

I know you can't call the jamf binary via a LaunchAgent, but my question was really why have the LaunchAgent/Self Service option at all? That's something colored by my environment. FileVault is required, and there is only one user per Mac, so a LaunchDaemon won't actually be triggered until a user logs in.

If you're not using FileVault, and do want to delay triggering something until the user sees a desktop, I could see the LaunchAgent working there if login isn't required, but my approach here is to use a LaunchDaemon to trigger a script that waits for the Finder process to start before performing the desired task.

dan-snelson · ‎04-20-2023

I suppose the use-case highlighted in the screencast is one possible example.

Jamf Nation Community

Trigger Jamf Pro Policy at Login or Reboot (0.0.2)

Background