With the release of macOS Ventura expected this month, an important topic to many Mac admins is having their systems management tools detect as quickly as possible which of their Macs have upgraded to macOS Ventura. The reasons for this are varied, but one particular reason is to get configuration profiles deployed as soon as possible to manage new features and functionality in macOS Ventura.
One way to ensure quick detection if you’re using Jamf Pro is to have your managed Macs submit an inventory update to the Jamf Pro server when the Mac starts up. For one way to do this, please see below the jump.
For Macs managed by Jamf Pro, it’s possible to trigger the Jamf agent from the command line to do the following tasks:
- Verify that the Jamf agent on the Mac can contact the Jamf Pro server.
- Collect an inventory update from the Mac and submit it to the Jamf Pro server
The commands to do so are the following:
Verify connection to the Jamf Pro server:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/usr/local/jamf/bin/jamf checkJSSConnection |
Collect and submit an inventory update to the Jamf Pro server:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/usr/local/jamf/bin/jamf recon |
The following command should do the following:
- Try for 60 seconds to verify the connection to the Jamf Pro server
- If connection is successfully verified, collect and submit an inventory update to the Jamf Pro server.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/usr/local/jamf/bin/jamf checkJSSConnection -retry 60 && /usr/local/jamf/bin/jamf recon |
Note: The && in the command will ensure that the second command (the inventory update) will only run if the previous command runs without errors. If the connection can’t be verified, the jamf checkJSSConnection command will exit with an error status. The error status will mean that the subsequent inventory update command won’t be executed.
The command above can be added to a LaunchDaemon like the one shown below. Installing this LaunchDaemon will ensure that the two commands (connection verification and inventory update) are run every time the Mac starts.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>Label</key> | |
<string>com.github.runjamfproinventoryupdate</string> | |
<key>ProgramArguments</key> | |
<array> | |
<string>sh</string> | |
<string>-c</string> | |
<string>/usr/local/jamf/bin/jamf checkJSSConnection -retry 60 && /usr/local/jamf/bin/jamf recon</string> | |
</array> | |
</dict> | |
</plist> |
You can deploy this LaunchDaemon using a script like the one shown below. The example script shown below will do the following:
- Create the LaunchDaemon file on the Mac in question.
- Set the correct permissions on the LaunchDaemon file
- Install the LaunchDaemon file into /Library/LaunchDaemons
- Load the LaunchDaemon
- Verify that the LaunchDaemon is in place and loaded.
Note: Once the LaunchDaemon is loaded, the Jamf agent on Mac will immediately perform the following actions:
- Try for 60 seconds to verify the connection to the Jamf Pro server
- If connection is successfully verified, collect and submit an inventory update to the Jamf Pro server.
The LaunchDaemon will also be loaded by the Mac at startup, so the same actions will also performed any time the Mac starts up.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Script which installs a LaunchDaemon which runs a Jamf inventory update at startup time. | |
# | |
# The LaunchDaemon takes the following actions: | |
# | |
# * Verifies that the Mac can communicate with the Jamf Pro server. | |
# * Sends an updated inventory to the Jamf Pro server | |
# | |
# Create the jamf_inventory_update_at_boot LaunchDaemon by using cat input redirection | |
# to write the XML contained below to a new file. | |
# | |
# The LaunchDaemon will run when when loaded and also when the Mac boots up. | |
# Set the identifier for the LaunchDaemon | |
LaunchDaemonName="com.github.runjamfproinventoryupdate" | |
# Set exit code | |
ERROR=0 | |
# Create temp directory to store LaunchDaemon file inside at file creation time. | |
temp_directory=$(mktemp -d) | |
# Create the LaunchDaemon file | |
/bin/cat > "$temp_directory/$LaunchDaemonName.plist" << JAMF_PRO_INVENTORY_UPDATE_LAUNCHDAEMON | |
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>Label</key> | |
<string>$LaunchDaemonName</string> | |
<key>ProgramArguments</key> | |
<array> | |
<string>sh</string> | |
<string>-c</string> | |
<string>/usr/local/jamf/bin/jamf checkJSSConnection -retry 60 && /usr/local/jamf/bin/jamf recon</string> | |
</array> | |
<key>RunAtLoad</key> | |
<true/> | |
</dict> | |
</plist> | |
JAMF_PRO_INVENTORY_UPDATE_LAUNCHDAEMON | |
# Once the LaunchDaemon file has been created, fix the permissions | |
# so that the file is owned by root:wheel and set to not be executable | |
# After the permissions have been updated, move the LaunchDaemon into | |
# place in /Library/LaunchDaemons. | |
/usr/sbin/chown root:wheel "${temp_directory}/${LaunchDaemonName}.plist" | |
/bin/chmod 644 "${temp_directory}/${LaunchDaemonName}.plist" | |
/bin/chmod a-x "${temp_directory}/${LaunchDaemonName}.plist" | |
/bin/mv "${temp_directory}/${LaunchDaemonName}.plist" "/Library/LaunchDaemons/${LaunchDaemonName}.plist" | |
# After the LaunchDaemon is place with proper permissions, load the LaunchDaemon. | |
# Loading the launchdaemon will trigger an Jamf Pro inventory update to be run. | |
if [[ -f "/Library/LaunchDaemons/${LaunchDaemonName}.plist" ]]; then | |
/bin/launchctl bootstrap system "/Library/LaunchDaemons/${LaunchDaemonName}.plist" | |
fi | |
# Remove temp directory | |
/bin/rm -rf "$temp_directory" | |
if [[ -f "/Library/LaunchDaemons/${LaunchDaemonName}.plist" ]]; then | |
LaunchDaemonLoaded=$(/bin/launchctl list | grep -o "$LaunchDaemonName") | |
if [[ -n "$LaunchDaemonLoaded" ]]; then | |
echo "$LaunchDaemonName LaunchDaemon is loaded. Jamf Pro inventory updates will run when the Mac boots." | |
else | |
echo "ERROR: $LaunchDaemonName LaunchDaemon is not loaded." | |
ERROR=1 | |
fi | |
else | |
echo "ERROR: $LaunchDaemonName.plist LaunchDaemon file was not created successfully." | |
ERROR=1 | |
fi | |
exit "$ERROR" |