Policy Payload Reference

When creating or editing a policy, you use a payload-based interface to configure settings for the policy and add tasks to it. This section provides an overview of each payload.

General Payload

This payload allows you to do the following:

  • Enable or disable the policy. (For example, if you need to take the policy out of production temporarily, you may want to disable it.)

  • Add the policy to a site. (For more information, see Sites.)

  • Add the policy to a category. (For more information, see Categories.)

  • Choose one or more events to use to initiate the policy (called "trigger").

  • Choose how often the policy should run (called "execution frequency").

  • Make the policy available offline. (This only works with the "Ongoing" execution frequency.)

  • Specify the drive on which to run the policy.

  • Specify server-side and client-side limitations for the policy. (For example, you can specify an expiration date/time for the policy, or ensure that the policy does not run on weekends.)

Packages Payload

This payload allows you to perform the following software distribution tasks:

  • Install packages.

  • Cache packages.

  • Install cached packages.
    Note: To install all cached packages, use the Maintenance payload. For more information, see the following section in this guide:
    Maintenance Payload

  • Uninstall packages.

This payload also allows you to do the following when installing packages:

  • Specify the distribution point computers should download the packages from.

  • Add the packages to the Autorun data of each computer in the scope.

For complete instructions on creating a policy to perform software distribution tasks, see one of the following sections in this guide:

Software Updates Payload

This payload allows you to run Apple’s Software Update and choose the software update server that you want computers to install updates from.

For complete instructions on creating a policy to run Software Update, see the following section in this guide:
Running Software Update

Scripts Payload

This payload allows you to run scripts and choose when they run in relation to other tasks in the policy. You can also enter values for script parameters.

For complete instructions on running scripts using a policy, see the following section in this guide:
Running Scripts

Printers Payload

This payload allows you to map and unmap printers. You can also make a printer the default.

For complete instructions on administering printers using a policy, see the following section in this guide:
Administering Printers

Disk Encryption Payload

This payload allows you to enable FileVault 2 on computers with macOS 10.8 or later by distributing disk encryption configurations.

For complete instructions on enabling FileVault 2, see the following section in this guide:
Deploying Disk Encryption Configurations

This payload also allows you to issue a new FileVault 2 recovery key for computers with macOS 10.9 or later.

For complete instructions on issuing a new recovery key, see the following section in this guide:
Issuing a New FileVault 2 Recovery Key

Dock Items Payload

This payload allows you to add and remove Dock items. When you add Dock items, you can also choose to add them to the beginning or end of the Dock.

For complete instructions on administering Dock items, see the following section in this guide:
Administering Dock Items

Local Accounts Payload

This payload allows you to create and delete local accounts, and reset local account passwords. When you create an account, you can do the following:

  • Specify a location for the home directory.

  • Configure the account picture.

  • Allow the user to administer the computer.

  • Enable the account for FileVault 2 on computers with macOS 10.9 or later.

This payload also allows you to disable an existing local account for FileVault 2 on computers with macOS 10.9 or later.

For complete instructions on administering local accounts, see the following section in this guide:
Administering Local Accounts

Management Account Payload

This payload allows you to reset the management account password. You can choose to specify the new password or randomly generate it.

This payload also allows you to enable or disable the management account for FileVault 2 on computers with macOS 10.9 or later.

For complete instructions on administering the management account, see the following section in this guide:
Administering the Management Account

Directory Bindings Payload

This payload allows you to bind computers to a directory service.

For complete instructions on binding to a directory service, see the following section in this guide:
Binding to Directory Services

EFI Password Payload

This payload allows you to set or remove an Open Firmware or EFI password.

For complete instructions on administering Open Firmware and EFI passwords, see the following section in this guide:
Administering Open Firmware/EFI Passwords

Restart Options Payload

This payload allows you to restart computers after the policy runs. It also allows you to do the following:

  • Specify the disk to restart computers from, such as a NetBoot image.

  • Specify criteria for the restart depending on whether or not a user is logged in.

  • Configure a restart delay.

  • Perform an authenticated restart on computers with macOS 10.8.2 or later that are FileVault 2 enabled.
    Note: For this to work on computers with FileVault 2 activated, the enabled FileVault 2 user must log in after the policy runs for the first time and the computer has restarted.

You can also display a message to users before a policy restarts computers. For more information, see the following section in this guide:
User Interaction

For complete instructions on booting computers to a NetBoot image, see the following section in this guide:
Booting Computers to NetBoot Images

Maintenance Payload

This payload allows you to perform the following maintenance tasks:

  • Update inventory.

  • Reset computer names.

  • Install all cached packages.

  • Fix disk permissions (macOS 10.11 or earlier).

  • Fix ByHost files.

  • Flush caches.

  • Verify the startup disk.

For complete instructions on installing all cached packages, see the following section in this guide.
Installing Cached Packages

Files and Processes Payload

This payload allows you to search computers for specific files and processes, and use policy logs to log when they are found. You can kill processes that are found and delete files that are found when searching by path.

This payload also allows you to execute commands.

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.