Triggering logout policy (OS and security update) from a self service policy

New Contributor III

I thought I had a good method for this. But I'm finding it awkward to get it just right.

I want users to be able to help themselves to OS updates (10.9 and 10.10), and those installs need to happen at logout (or when someone is not logged in at least). So what I do in outline is…

Part 1) Self service policy to cache the install, take inventory and exec command to show a jamfHelper "The install will run when you logout"
Part 2) Log out policy with scope that includes the "Cached packages", runs a script at the start, and exec command "killall jamfHelper" at the end

However I can't get Part 1 to run nicely, to set up Part 2 right away. You can use the "User interaction" "Complete message". That works with self service these days (hooray) but its an ephemeral OSX notification style message the user might miss (boo). I want them to read and acknowledge the readiness of the Part 2 policy.

If I use a jamfHelper command to do this, the log ends

Inventory will be updated when all queued actions in Self Service are complete

and the Part 2 policy is NOT in scope in a predictable time frame. So although the message tells the user "When you logoff the following will happen…" it just doesn't, and then catches them by surprise (and for 15-20 mins on a system update) the next time.

I tried a jamfHelper command with a "fork" & on the end, and somehow that seems to stop the inventory step happening at all -- at least that step is missing from the log, and the scope doesn't change until you force an inventory update.

Anyone have a better procedure for this? or can spot the basic error I am making and tying myself up in knots to get round?

Cheers, all


New Contributor III

currently considering THREE policies to achieve this…

1 - cache installer and inventory
2 - jamfMessage "reboot" your machine (scope to cached pkg)
3 - run install and inventory again on startup (scope ditto)