Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Software Restriction Immediate Update

Would like for the .blacklist.xml file to update immediately when a computer has been excluded/removed from a Restricted Software policy. As of now for OS upgrades as an example, our workflow isn't having consistent results. We are having to hardcode removing the .blacklist.xml file and running a jamf manage. A simple jamf manage alone isn't updating the blacklist. This has been an ongoing issue, and we would like for an immediate update to the blacklist.xml when a computer has been excluded from that restriction.

Having an exclusion option in place, defeats the purpose if the exclusion doesn't happen without having to "touch" the .blacklist.xml file.

Order by:

Posted: by mm2270

Have you tried a recon after making the restricted software scope change? That usually brings the changes down in my experience. There should be no need to script removing the blacklist xml file to get the changes to apply.


Posted: by JustDeWon

@mm2270 Tried a combination of many, and they're not all consistent. What may work on one, may not work on another.. Usually a restart fixes it.. The issue is, using recon as an automated fix, in an large environment is not ideal, when we are ready to go Prod. So we'd essentially would have to run a recon on every seat before the upgrade process starts. Another reason for this FR, the purpose to me of an Exclusion option, is for it to actually exclude without having to find different ways of making it work the way it should natively..

Added Note: However, you did just give me an idea on how to address this.. Still I believe this FR should remain tho.. ;)


Posted: by robmorton

Pretty much a

jamf recon
rm -f /Library/Application\ Support/JAMF/.blacklist
jamf manage

works... unless jamf is running a policy currently, then it has to wait for the policy to finish. I am not sure if there are other things that you have to wait for as well, but jamf policies do delay things. For restricted software to fully work, they should not be hindered by other Jamf processes.