Hit the “pause” button on initial Jamf Pro inventory collection for a duration you specify
Background
While recently testing a fresh enrollment of macOS Catalina 10.15.7 to ensure we’re still making it easy for our remaining stragglers to upgrade to macOS Monterey 12, I was focusing on our client-side logs and was surprised by the number of executions for our custom Update Inventory script.
After re-watching William Smith’s recent Speed Dating for Mac Admins, I felt inspired to reduce the number of inventory collections, based on when the computer was enrolled (i.e., when .AppleSetupDone
was created).
We’re leveraging swiftDialog and Setup Your Mac for our post-enrollment policies. Several of the polices called while the Mac is being setup are reused if something goes sideways later on and they include our custom Update Inventory script.
However, inventory needs to be collected only once post-enrollment — as the final step — not each time a policy is executed (and nearly all of our policies include the script to update inventory).
Setup
You’ll need a custom script to update inventory instead of using Jamf Pro’s built-in Maintenance > Update Inventory option in your post-enrollment policies.
This Update Inventory script could be as simple as including jamf recon
(as shown below); ours looks up the logged-in user’s account information from either Enterprise Connect or the Kerberos Single Sign-on Extension.
Script
Add the following to the beginning of your custom Update Inventory script, adjusting secondsToWait
to your desired setting:
Human-readable | secondsToWait |
---|---|
15 minutes | 900 |
30 minutes | 1800 |
45 minutes | 2700 |
1 hour | 3600 |
90 minutes | 5400 |
1 day, 1 hour, 1 minute and 1 second | 90061 |
#!/bin/bash # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # “Pausing” initial Jamf Pro inventory collection # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # secondsToWait="1800" testFile="/var/db/.AppleSetupDone" testFileSeconds=$( /bin/date -j -f "%s" "$(/usr/bin/stat -f "%m" $testFile)" +"%s" ) nowSeconds=$( /bin/date +"%s" ) ageInSeconds=$(( nowSeconds-testFileSeconds )) secondsToWaitHumanReadable=$( printf '"%dd, %dh, %dm, %ds"\n' $((secondsToWait/86400)) $((secondsToWait%86400/3600)) $((secondsToWait%3600/60)) $((secondsToWait%60)) ) ageInSecondsHumanReadable=$( printf '"%dd, %dh, %dm, %ds"\n' $((ageInSeconds/86400)) $((ageInSeconds%86400/3600)) $((ageInSeconds%3600/60)) $((ageInSeconds%60)) ) if [[ ${ageInSeconds} -le ${secondsToWait} ]]; then echo "Set to wait ${secondsToWaitHumanReadable} and enrollment was ${ageInSecondsHumanReadable} ago; exiting." exit 0 else echo "Set to wait ${secondsToWaitHumanReadable} and enrollment was ${ageInSecondsHumanReadable} ago; proceeding …" /usr/local/bin/jamf recon fi exit 0
Output
After adding the above script, you’ll observe the following in the logs:
Before Waiting Period
.Set to wait "0d, 0h, 30m, 0s" and enrollment was "0d, 0h, 17m, 15s" ago; exiting
After Waiting Period
Set to wait "0d, 0h, 30m, 0s" and enrollment was "194d, 23h, 20m, 24s" ago; proceeding …