Tag: JAMF

Clearing out JAMF restricted policies

When you restrict software using a JAMF restricted software policy it can sometimes be difficult to remove the restriction. Removing or excluding the Mac from the policy and a recon or policy update does not seem to always do the trick. The brute force way is to remove the blacklist.xml that contains the restricted policy information on the Mac you are having issues with.

SSH into the Mac and simply do:


1
sudo rm /Library/Application\ Support/JAMF/.blacklist.xml

Now run the manage command to add it back


1
sudo jamf manage

Done.

Obviously this has its drawbacks as in the time it takes to get the new blacklist.xml back on the Mac it’s open to having other restricted software installed. So use with caution.

AppleScript Force Software Updates

I needed a simple way to force Mac’s to run all updates from the Apple App store and then restart but give users notification and an option to defer for a set time.

This is what I came up with.

AppleScript that runs a

1
softwareupdate -l

if anything is found it then runs

1
softwareupdate -i -a

which will install all available updates. After completion it then has kicks off a dialogue box informing the user the Mac needs a restart. They have two options, defer for 5 minutes or restart straight away.

The script will be added to Library/Scripts/ along with the linked company logo via JAMF install on Check-in

It can be run via ssh into the Mac and

1
osascript /Library/Scripts/update_restart_script.scpt

or via a JAMF policy with a Process payload.

Hopefully this will be more reliable that JAMF policies which either stay as pending or fail to restart the Mac even though set to Restart Imemdiately.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
if (do shell script "softwareupdate -l") contains "*" then
    do shell script "softwareupdate -i -a"
    tell application "Finder"
        activate
        repeat -- forever
            set answer to button returned of (display dialog "Mandatory updates have been applied." & return & "Your Mac is ready to restart." & return & return & "Please close all applications and click RESTART." & return & return & "For further information email: support@yourcompany.com" with title "Mandatory Security Update - Restart Required" with icon {"/Library/Scripts/logo.png"} buttons {"Wait 5 minutes", "RESTART"} default button "RESTART")
           
            if answer is equal to "RESTART" then
                tell application "Finder" to restart
                exit repeat
            else
                delay 300 -- time in seconds 300 is 5 minutes
            end if
        end repeat
    end tell
end if

Recent Posts

Recent Comments

    Archives

    Categories

    Meta

    GiottoPress by Enrique Chavez