Policy to run every 4 hours but not changing the default check in time

Mitch260488
New Contributor II

Hi All,

Any ideas on the above?

Thanks

Mitch

9 REPLIES 9

Chris
Valued Contributor

A launchdaemon with StartInterval set to 14400 running

/usr/local/bin/jamf policy -trigger yourcustomtriggerhere

should do it

Mitch260488
New Contributor II

Hi Chris,

Thank you for the reply.

How would I create the lauchdaemon?

Also how would I get the launchdaemon to kick in and run?

Thanks

Mitch

mike_paul
Contributor III
Contributor III

You could use tools like Lingon, websites like Launched to create your plist or copy an existing one and modify it.

The key thing is making sure the mode/ownership are correct with root:wheel/644 respectively.

If the computer is not rebooting (to trigger the runAtLoad key) you would have to load the daemon with launchctl, something similar to the following:

sudo launchctl load /Library/LaunchDaemons/com.domain.YourCustomTrigger.plist

Or you could push out the following Jamf binary command via policy to the computers you want to have check-in at those times:

/usr/local/jamf/bin/jamf scheduledTask -command "/usr/sbin/jamf policy -event YourCustomTrigger -randomDelaySeconds 300" -name YourCustomName -user root -runAtLoad -minute '*/240/'

This will create a launchdaemon named 'com.jamfsoftware.task.YourCustomName.plist' that is loaded, has the correct mode/ownership and runs every 4 hours that calls 'sudo jamf policy -trigger YourCustomTrigger'.

This would have to correspond to a custom trigger/event in a policy you created that is scoped to these computers.

apizz
Valued Contributor

@Mitch260488 Take a look here for more info on launchdaemons - http://www.launchd.info/ . Any daemon or agent can be set to run at load, a specific period time (in seconds), or a specific calendar interval.

Personally, I use TextWrangler but you could use any text editor. Sublime is also popular.

Your launchdaemon might look something like the below:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>ProgramArguments</key>
    <array>
        <string>sudo</string>
        <string>/usr/local/bin/jamf</string>
        <string>policy</string>
        <string>-event</string>
        <string>nameoftriggerhere</string>
    </array>
    <key>StartInterval</key>
    <integer>14400</integer>
</dict>
</plist>

Haven't tested this launchdaemon myself, but gives you something to work from.

alexjdale
Valued Contributor III

Something to note for launchdaemons and scripts: I've found the easiest way to deploy them is with a JSS script. You can simply echo the contents into files in the appropriate locations. Much easier to manage than packaging them.

mike_paul
Contributor III
Contributor III

An example of the script that @alexjdale is mentioning would be something similar to the following:

#!/bin/bash

# Write out the LaunchDaemon file 

/bin/cat <<EOF > /Library/LaunchDaemons/com.domainName.launchDname.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>com.domainName.launchDname</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/local/jamf/bin/jamf</string>
                <string>policy</string>
                <string>-event</string>
                <string>YourCustomTrigger</string>
                <string>-randomDelaySeconds</string>
                <string>300</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>StartInterval</key>
        <integer>14400</integer>
        <key>UserName</key>
        <string>root</string>
</dict>
</plist>

EOF
/bin/sleep 1

# Change Permission and Owner of the LaunchDaemon

/bin/chmod 644 /Library/LaunchDaemons/com.domainName.launchDname.plist
/usr/sbin/chown root:wheel /Library/LaunchDaemons/com.domainName.launchDname.plist 

# Load the LaunchDaemon so that it starts working at time of deployment

/bin/launchctl load /Library/LaunchDaemons/com.domainName.launchDname.plist

thoule
Valued Contributor II

While I agree that a launchD is the best way to handle this issue, there is a jamfy alternative. You could create multiple policies all the same with the same scope. Then in each policy, say run once per day, only between the hours of xx-xx. One policy runs between midnight and 4am, the next between 4am and 8am, etc. It wouldn't run exactly every 4 hours, but it would allow a Jr. mac sysadmin to solve this problem without getting too fancy. Again, not my recommended solution, but it is a valid solution if you're not comfortable getting LaunchD to work.

alexjdale
Valued Contributor III

You could also add a cooldown to the policy by incorporating a datestamp file and script to manage it. When the policy runs, the script will check that datestamp and if the current time is <4 hours later, it exits without doing anything. If the current time is >4 hours later, it executes and updates the timestamp.

thoule
Valued Contributor II

Oh! I like that idea. I have a few scripts where 15mins is too frequent and 1 Day is too little. I may put that 4hr precheck in there...