Running all Jamf Pro policies in a specified category via the API

As part of a project I’m working on, I need to run several policies from a Jamf Pro server using a script which is using the Jamf Pro agent to run policies. However, I also want to maintain maximum flexibility and retain the ability to add, remove or change policies as required without needing to change the script.

My colleague Marc provided a solution for this by letting me know that it was possible to use the Jamf Pro API to pull down a list of policies associated with a specific category and then running those policies in the order provided by the API. For more details, see below the jump.

I was able to use Marc’s technique in the following way:

1. Run the following command to get the policy IDs:

2. Add all policy IDs into a bash array.

3. Run each policy in the order they were added to the bash array, which will be the same order provided by the API.

To set the order for the policies, I need to use numbering as part of the policy name. So when naming the policies. the first policy name starts with 010, the second policy’s name begins with 020 and so on.

Once the policies are in place, a script like the one shown below can be used to access the list of policy IDs via the API and run the policies in their specified order.

The script is also available on Github at the following address:

https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/Casper_Scripts/run_all_jamf_pro_policies_in_specified_category

If you want to run this script from your Jamf Pro server, it should be set up as follows.

To use this capability, you will need to set up a category if needed and assign your policies to it. For this example, I’ve created a category named InitialSetup.

Once created, assign your policies to this category. If needed, rename the policies to include numerical values. The number values will designate the order for the policies to run.

Once the category and policies have been set up as desired, you can have a separate policy or other means run the script. The script will need to have the following information specified:

• API username
• API password
• Category name

One notable thing about running policies using this technique is the affected policies do not need to be associated with any of the usual triggers.

Instead, the policy is being called directly by its ID number, which in this case will act as a trigger to run the policy:

jamf policy -id policy_id_number_goes_here