Policy not running on login

VL
New Contributor III

Any hints on troubleshooting a policy that is configured to run at login but appears not to?

The policy is set to run a script that simply populates the User and Location > Full Name field, and works perfectly well when running jamf policy but the value is never populated when a user logs in.

The policy is set to trigger on Login and Settings > Computer management > Check-in > Create login events > Check for policies triggered by login has been enabled.

8 REPLIES 8

jamf-42
Valued Contributor II

script would be useful, but depending on the variables used.. maybe add a 'sleep 30' to the script, so that its in the user space? 

VL
New Contributor III

@jamf-42, as I said a simple script to populate the users name:

 

#!/bin/zsh
dscl . -read /Groups/admin GroupMembership | grep <admin_account>
if [ $? -eq 0 ]; then
jamf recon -realname "`id -F 502`"  # This is expected to be the user account for ADE.
else
jamf recon -realname "`id -F 501`"  # This is expected to be the user account for user enrollment.
fi
 
 

VL
New Contributor III

It appears that it might just be a question of waiting as eventually the info does appear in the console. Just seems sloooww in populating it.

howie_isaacks
Valued Contributor II

Why are you waiting for the user to login for this? Why not make this part of your enrollment process? Before I started using a process that collects and inventories this information at PreStage my enrollment process used to collect the user's full name and email address then use "jamf recon" to add this information to User and Location.

VL
New Contributor III

@howie_isaacks, in answer to your question it is simply a lack of knowledge and experience with Jamf which my company has only been using since January this year. I'm not presently aware of how I can gather the user's full name of the Standard user account that has to be created during Automated Device Enrollment, but if you'd like to point me in the right direction I'd appreciate it.

In addition, the bulk of our users will have to use User Initiated Enrollment when they enroll, so again my limited experience/knowledge leads me to believe that I'd have to run a script to get details and most of those devices I am expecting there to be only one user, i.e. no automated admin user account created.

howie_isaacks
Valued Contributor II

Aside from attending Jamf's really great training courses, this is the best place to learn. You will find a lot of experienced Jamf admins very happy to help you. The Mac Admins Slack channel is another great place. I wrote this several years ago. I used it in a policy that ran as part of my enrollment process. It worked really well. If your company uses AD you can connect it to your Jamf Pro server and then use enrollment customization to setup a prompt for the user to login with their AD credentials.

#!/bin/sh

#Get the full name of the current logged in user.

#who is the current logged in user?
currentUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
echo $currentUser

#What is the full name of the current logged in user?
realName="$(dscl . -read /Users/$currentUser RealName | cut -d: -f2 | sed -e 's/^[ \t]*//' | grep -v "^$")"
echo $realName

#Send the user's full name to the Mac's inventory record. Use double quotes for realName to capture first and last name gathered above.
jamf recon -realname "$realName"

 

AJPinto
Honored Contributor III

The policy is likely running before macOS fills the data that the script is looking for. I would run the policy on recurring check-in once per day or something, so it triggers later. You could also add a sleep to the script to let the login process finish before the command runs.

roiegat
Contributor III

Don't forget that JAMF only knows about things when it's told about it.  So a script could run to gather data, but it might not report it back until it checks-in or a recon.  If you are just looking to get the user info try the following line:

/usr/sbin/jamf recon -endUsername $( ls -la /dev/console | cut -d " " -f 4 )