Help

Force Reboot Policy

EliasG
Contributor

Posted on ‎10-25-2023 03:41 AM

I have a smart group with users that have not shutdown/restarted over 30+ days. (one user 467 days)

 

What kind of policy can I do to force a reboot, I've noticed some things have changed in Jamf Pro.

 

A reboot with a timer and message? 

0 Kudos
4 REPLIES 4

AVmcclint
Honored Contributor

Posted on ‎10-25-2023 04:14 AM

Here's what I use:

#!/bin/zsh

# Found at https://community.jamf.com/t5/jamf-pro/force-users-to-restart-or-shutdown-by-profile-not-policy/m-p/262528#M241767

# uptime threshold will be defined by $4 in the script options

jamf_helper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"

## Gets boot time in unix seconds
uptime_raw=$(/usr/sbin/sysctl kern.boottime | awk -F'[= |,]' '{print $6}')

## Gets current time in unix seconds
time_now=$(date +"%s")

## Convert to uptime in days
uptime_days=$(($((time_now-uptime_raw))/3600/24))


## uptime in days
#uptime_days=$( uptime | awk -F "(up | days)" '{ print $2 }' )
#uptime_days=`uptime | sed -e 's/,.*//' -e 's/^.*up *//'`


/bin/echo "This Mac has been up for $uptime_days days"

# uptime greater than $4 defined days

if [ "$uptime_days" -ge $4 ]; then
	/bin/echo "The uptime maximum has been reached."
	## Initiate 2 hour countdown to a restart
	/sbin/shutdown -r +120
	echo "Restarting in 2 hours"
	
	buttonClicked=$("$jamf_helper" \
	-windowType hud \
	-heading "Your Mac must restart now" \
	-description "Your Mac has been running for more than $4 days. In order to maintain a good working system, a restart is necessary at least once every 2 weeks. You have 2 hours until your Mac will be automatically restarted. You can also save your work now and restart on your own before 2 hours has elapsed. Take this time now to save your work." \
	-icon "/System/Library/CoreServices/loginwindow.app/Contents/Resources/Restart.tiff" \
	-timeout 7200 \
	-windowPosition lr \
	-countdown \
	-button1 "Restart NOW" \
	-button2 "in 2 hours"\
	-defaultButton 1 \
	-lockHUD)
		
	if [[ $buttonClicked == "0" ]]; then
		/sbin/shutdown -r NOW 
	elif [[ $buttonClicked == "2" ]]; then
		echo "Waiting 2 hours"
	fi
	
else
	/bin/echo "Uptime limit not reached yet. Exiting."
	exit 0
fi

I scope this to all Macs and run it daily. If the uptime has not exceeded your threshold as defined in $4 of the script parameters in the Policy, then the script exits and nothing happens. When the uptime exceeds your threshold, then it pops up a window that basically forces the user to either restart now or the computer will restart in 2 hours.

Before the forced restart becomes a reality, we give the user plenty of time to take action.  In a separate Policy we scope only to Macs with uptime greater than 14 days we run a jamfhelper script that simply displays a notice for the user that they should restart their computer. And that runs daily until day 21 when the above script will kick in and forces the restart.

 

TrentO
Contributor II

Posted on ‎10-25-2023 04:26 AM

Check out Renew 

From their Github:

Renew is a shell script for macOS meant to be run on regular intervals to encourage users to restart their computers on a regular basis. Notifications can become progressively more aggressive if the user chooses to defer their restart beyond the configured threshold.

Renew runs as the logged in user and will never restart a computer without a user's consent.

AVmcclint
Honored Contributor
In response to TrentO

Posted on ‎10-25-2023 04:59 AM

I thought about something gentler like Renew but we had some users who were downright defiant about computer restarts."I shouldn't have to restart... this is a Mac... my Mac at home hasn't been restarted in 6 months... I'm not having any problems..." Getting their managers involved took too much time for a resource-limited department, so we started using the script above and problem solved.  Obviously everyone's environment and culture will be different. For some organizations, Renew will be perfect.

sgiesbrecht
Contributor III

Posted on ‎10-25-2023 02:09 PM

Just create a policy and smart group

smart group = Last Check-in, more than x days ago, 30

policy = files and process, execute command, pkill loginwindow
or
script below and add to policy 

 

#!/bin/zsh

##
## Author:	Shawn Giesbrecht
## Date:	2023.08.25
## Purpose: To force quit an open apps and log out the current user
##			then logs it to the System.log
##

# Get the current username to force logout
username=$(who | awk '{print $1}' | head -n 1)

# Get the current date and time in the desired format
current_datetime=$(date "+%b %d %H:%M:%S")

# Get the computer name without '.local'
computer_name=$(hostname | sed 's/.local//')

# Use pgrep to find the loginwindow PID for the user
loginwindow_pid=$(pgrep -u "$username" loginwindow)

# Message to system.log
log_message="User $username has been forcefully logged out."

# Add log entry to System.log
echo "$current_datetime $computer_name logout[$loginwindow_pid]: $log_message" >> /private/var/log/system.log

# Kill all processes associated with the user
pkill -KILL -u "$username"

 

 

0 Kudos