Posted on 02-06-2017 06:47 AM
Hi All,
Any ideas on the above?
Thanks
Mitch
Posted on 02-06-2017 07:04 AM
A launchdaemon with StartInterval set to 14400 running
/usr/local/bin/jamf policy -trigger yourcustomtriggerhere
should do it
Posted on 02-06-2017 07:28 AM
Hi Chris,
Thank you for the reply.
How would I create the lauchdaemon?
Also how would I get the launchdaemon to kick in and run?
Thanks
Mitch
Posted on 02-06-2017 07:55 AM
You could use tools like Lingon, websites like Launched to create your plist or copy an existing one and modify it.
The key thing is making sure the mode/ownership are correct with root:wheel/644 respectively.
If the computer is not rebooting (to trigger the runAtLoad key) you would have to load the daemon with launchctl, something similar to the following:
sudo launchctl load /Library/LaunchDaemons/com.domain.YourCustomTrigger.plist
Or you could push out the following Jamf binary command via policy to the computers you want to have check-in at those times:
/usr/local/jamf/bin/jamf scheduledTask -command "/usr/sbin/jamf policy -event YourCustomTrigger -randomDelaySeconds 300" -name YourCustomName -user root -runAtLoad -minute '*/240/'
This will create a launchdaemon named 'com.jamfsoftware.task.YourCustomName.plist' that is loaded, has the correct mode/ownership and runs every 4 hours that calls 'sudo jamf policy -trigger YourCustomTrigger'.
This would have to correspond to a custom trigger/event in a policy you created that is scoped to these computers.
Posted on 02-06-2017 08:04 AM
@Mitch260488 Take a look here for more info on launchdaemons - http://www.launchd.info/ . Any daemon or agent can be set to run at load, a specific period time (in seconds), or a specific calendar interval.
Personally, I use TextWrangler but you could use any text editor. Sublime is also popular.
Your launchdaemon might look something like the below:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ProgramArguments</key>
<array>
<string>sudo</string>
<string>/usr/local/bin/jamf</string>
<string>policy</string>
<string>-event</string>
<string>nameoftriggerhere</string>
</array>
<key>StartInterval</key>
<integer>14400</integer>
</dict>
</plist>
Haven't tested this launchdaemon myself, but gives you something to work from.
Posted on 02-06-2017 10:07 AM
Something to note for launchdaemons and scripts: I've found the easiest way to deploy them is with a JSS script. You can simply echo the contents into files in the appropriate locations. Much easier to manage than packaging them.
Posted on 02-06-2017 10:21 AM
An example of the script that @alexjdale is mentioning would be something similar to the following:
#!/bin/bash
# Write out the LaunchDaemon file
/bin/cat <<EOF > /Library/LaunchDaemons/com.domainName.launchDname.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.domainName.launchDname</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/jamf/bin/jamf</string>
<string>policy</string>
<string>-event</string>
<string>YourCustomTrigger</string>
<string>-randomDelaySeconds</string>
<string>300</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>14400</integer>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
EOF
/bin/sleep 1
# Change Permission and Owner of the LaunchDaemon
/bin/chmod 644 /Library/LaunchDaemons/com.domainName.launchDname.plist
/usr/sbin/chown root:wheel /Library/LaunchDaemons/com.domainName.launchDname.plist
# Load the LaunchDaemon so that it starts working at time of deployment
/bin/launchctl load /Library/LaunchDaemons/com.domainName.launchDname.plist
Posted on 02-06-2017 10:23 AM
While I agree that a launchD is the best way to handle this issue, there is a jamfy alternative. You could create multiple policies all the same with the same scope. Then in each policy, say run once per day, only between the hours of xx-xx. One policy runs between midnight and 4am, the next between 4am and 8am, etc. It wouldn't run exactly every 4 hours, but it would allow a Jr. mac sysadmin to solve this problem without getting too fancy. Again, not my recommended solution, but it is a valid solution if you're not comfortable getting LaunchD to work.
Posted on 02-06-2017 10:29 AM
You could also add a cooldown to the policy by incorporating a datestamp file and script to manage it. When the policy runs, the script will check that datestamp and if the current time is <4 hours later, it exits without doing anything. If the current time is >4 hours later, it executes and updates the timestamp.
Posted on 02-06-2017 10:33 AM
Oh! I like that idea. I have a few scripts where 15mins is too frequent and 1 Day is too little. I may put that 4hr precheck in there...