My company users Global Protect to keep all of us connected when we're not in the office. For the most part, Global Protect works well. The way we're setup is if GP is not connected we have no internet access. This results in any policies that I setup to run at startup to fail. The Jamf log will show "Connection failure: The Internet connection appears to be offline." I asked one of our firewall guys to add an exception to allow Macs to connect to the Jamf Pro server whether GP is connected or not. This doesn't appear to be working so I want to get some advice on an idea that I have. I want to create a launch agent to ensure that an inventory is ran right after the user is logged in. Also, after my zero touch provisioning process is finished, and the user reboots, I want the first policy that runs after the user logs in to be the one I have setup to check to make sure that all of the apps that should have installed through ZTP did install and then install any that are missing. The way things are now, there's about a 15 minute wait before the inventory runs and the "Post ZTP" policy runs. I want them to run much sooner. They would have ran right away if GP had connected quick enough! I think a launch agent or a launch daemon that would run a "jamf policy" command would solve that. Does anyone have another suggestion that you feel may work better? In the past I have used the startup trigger to run an inventory and it has always worked. It's Global Protect not connecting on time that is the root of this problem. Until that is solved I want the inventory to run right after the user reboots.
