Enhance your Jamf Pro policies with six granular log out, restart or shut down options
Tested with macOS Big Sur, macOS Monterey and macOS Ventura (Beta 3)
Background
The built-in Jamf Pro Restart Options Policy Payload was meeting all of our use-cases, until our support representatives asked for a dismissible restart prompt.
When used post-enrollment, for example, the built-in macOS dismissible restart prompt isn’t visible to end-users. However, since our support organization knows how to quit the Setup Your Mac dialog, they can then click Cancel when the restart prompt appears.
Jamf Pro > Settings > Computer Management > Scripts
General
Create a new script in Jamf Pro and include the following in the Information field:
Log Out, Restart or Shut Down based on
Parameter 4
, which can be one of the following::• Log Out Confirm (default)
• Log Out
• Restart Confirm
• Restart
• Shut Down Confirm
• Shut Down
Script
Latest version avaialble on GitHub.
#!/bin/bash #################################################################################################### # # ABOUT # # Log Out, Restart or Shut Down, based on Parameter 4 # https://snelson.us/2022/07/log-out-restart-shut-down # #################################################################################################### # # HISTORY # # Version 1.0, 08-Nov-2017, Dan K. Snelson (@dan-snelson) # Original version # Version 1.1, 02-Jul-2022, Dan K. Snelson (@dan-snelson) # Updates for public GitHub release # #################################################################################################### #################################################################################################### # # Variables # #################################################################################################### scriptVersion="1.1" scriptResult="Version ${scriptVersion}; " loggedInUser=$( /bin/echo "show State:/Users/ConsoleUser" | /usr/sbin/scutil | /usr/bin/awk '/Name :/ { print $3 }' ) loggedInUserID=$( /usr/bin/id -u "${loggedInUser}" ) # If Parameter 4 is blank, use "Log Out Confirm" as the default value if [[ "${4}" != "" ]] && [[ "${option}" == "" ]]; then option="${4}" # Option (i.e., "Log Out Confirm" | "Log Out" | "Restart Confirm" | "Restart" | "Shut Down Confirm" | "Shut Down") scriptResult+="Using \"${option}\" as the option; " else scriptResult+="Parameter 4 is blank; using \"Log out Confirm\" as the default option; " option="Log Out Confirm" fi #################################################################################################### # # Functions # #################################################################################################### # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Close Self Service Policy Description (i.e., simulate the Escape key) Thanks, Kyle Flater! # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # function closeSelfServicePolicyDescription() { /usr/bin/su - "${loggedInUser}" -c "/usr/bin/osascript -e 'tell application \"Self Service\" to activate' -e 'tell application \"System Events\" to key code 53' " } #################################################################################################### # # Program # #################################################################################################### # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Close Self Service Policy Description, which can interupt restart # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # closeSelfServicePolicyDescription # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Logout, Restart or Shutdown # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # case ${option} in "Shut Down" ) # Shut down without showing a confirmation dialog: scriptResult+="Shut down without showing a confirmation dialog; " /usr/bin/su - "${loggedInUser}" -c "/usr/bin/osascript -e 'tell app \"System Events\" to shut down'" # /sbin/shutdown -h +1 & ;; "Shut Down Confirm" ) # Shut down after showing a confirmation dialog: scriptResult+="Shut down after showing a confirmation dialog; " /usr/bin/su - "${loggedInUser}" -c "/usr/bin/osascript -e 'tell app \"loginwindow\" to «event aevtrsdn»'" ;; "Restart" ) # Restart without showing a confirmation dialog: scriptResult+="Restart without showing a confirmation dialog; " /usr/bin/su - "${loggedInUser}" -c "/usr/bin/osascript -e 'tell app \"System Events\" to restart'" # /sbin/shutdown -r +1 & ;; "Restart Confirm" ) # Restart after showing a confirmation dialog: scriptResult+="Restart after showing a confirmation dialog; " /usr/bin/su - "${loggedInUser}" -c "/usr/bin/osascript -e 'tell app \"loginwindow\" to «event aevtrrst»'" ;; "Log Out" ) # Log out without showing a confirmation dialog: scriptResult+="Log out without showing a confirmation dialog; " /usr/bin/su - "${loggedInUser}" -c "/usr/bin/osascript -e 'tell app \"loginwindow\" to «event aevtrlgo»'" # /bin/launchctl bootout user/"${loggedInUserID}" ;; "Log Out Confirm" ) #Log out after showing a confirmation dialog: scriptResult+="Log out after showing a confirmation dialog; " /usr/bin/su - "${loggedInUser}" -c "/usr/bin/osascript -e 'tell app \"System Events\" to log out'" ;; * ) # None of the expected options was entered; exit with an error scriptResult+="ERROR: Parameter 4 set to \"${option}\" instead of one of the following: \"Log Out Confirm\", \"Log Out\", \"Restart Confirm\", \"Restart\", \"Shut Down Confirm\", or \"Shut Down\"; exiting." exit 1 esac scriptResult+="Used \"${option}\" as the option; Goodbye!" echo "${scriptResult}" exit 0
Options
Enter the following for the Parameter Labels:
- Parameter 4:
Option (See script Information)
Computers > Configuration Profiles > Privacy Preferences Policy Control
While the above commands seem to be exempted from Privacy Preferences Policy Control, the closeSelfServicePolicyDescription
function — which did interrupt script functionality — requires two Configuration Profiles; see: Refresh Self Service.
(My personal favorite is the com.jamf.management.service
identifier with the com.jamf.management.Jamf
code requirement.)