macOS - Configuration - Create Reboot Schedule

What the macOS reboot scheduler does

This Automox Worklet™ enforces a recurring reboot schedule on macOS endpoints using the Power Management utility pmset. The evaluation script runs pmset -g sched and greps for an existing restart entry. When the entry is missing, the endpoint is flagged non-compliant and remediation is scheduled.

The remediation script reads two policy variables: desired_restart_time in 24-hour HH:mm:ss notation, and desired_restart_days in MTWRFSU notation. It then calls pmset repeat restart <days> <time> to register the recurring event. A one-time future restart can be configured with pmset schedule restart "MM/dd/yy HH:mm:ss" by swapping the command inside the remediation function.

Because evaluation is idempotent, the policy is safe to schedule on a recurring cadence. If an admin or end user later runs pmset repeat cancel, the next Automox evaluation detects the empty schedule and the Worklet restores it. Default values in the script are 02:30:00 on MF, which you should edit to match your maintenance window before assigning the policy to a group.

Why enforce reboot windows on a Mac fleet

macOS security updates, kernel extensions, and most Apple system updates require a restart to take effect. Your users who defer the reboot prompt indefinitely leave endpoints sitting on patched binaries that have not yet loaded into the running kernel. The CVE shows as remediated in the Software Update report, while the running system is still vulnerable. Long-lived user sessions also accumulate stuck launchd jobs, leaked memory, and cached credentials that a single restart per week would clear.

Developer Macs and shared workstations often run for weeks between reboots, which delays kernel-level patches even after the binary lands on disk. Assign this Worklet to a macOS group on a recurring schedule so a single pmset repeat entry takes effect across the fleet and the next evaluation catches any endpoint where the entry has been canceled. The result is a documented restart cadence that loads patched kernels on every MacBook, iMac, and Mac mini under management.

How macOS reboot scheduling works

1. Evaluation phase: The Worklet runs pmset -g sched and pipes the output to grep -i restart. A match exits 0 and reports the endpoint compliant. An empty result exits 1, flags the endpoint non-compliant, and schedules remediation in the next policy window.

2. Remediation phase: The script writes the recurring event by calling pmset repeat restart $desired_restart_days $desired_restart_time from the macos_reboot function. It then re-runs pmset -g sched to confirm the new entry, prints it to stdout, and exits 0. If the verification step finds no restart entry, the script writes a descriptive error to stderr and exits 1 so the failure is captured in the Automox Activity Log.

macOS reboot schedule requirements

• macOS endpoint with the Power Management utility available at /usr/bin/pmset (present on every supported macOS release, Intel and Apple silicon)

• Root context for the Automox agent so pmset can write to the Power Management plist; the default agent install already meets this

• Edit desired_restart_time in remediation.sh to your maintenance window in 24-hour HH:mm:ss notation, for example 02:30:00 for 2:30 AM

• Edit desired_restart_days using MTWRFSU notation: M (Monday), T (Tuesday), W (Wednesday), R (Thursday), F (Friday), S (Saturday), U (Sunday). Substrings such as MTWRF for weekdays or MF for Monday and Friday are both valid

• For a one-time future restart instead of a recurring schedule, swap the pmset call for pmset schedule restart "MM/dd/yy HH:mm:ss" with the quoted timestamp

• Endpoint must be powered on and not in sleep at the scheduled time; pmset will wake the system from sleep but cannot start a shut-down endpoint

• Communicate the maintenance window to end users in advance so the ten-minute restart prompt is expected, not surprising

Expected state after reboot enforcement

After remediation, pmset -g sched returns a line of the form Repeating power events: restart at 2:30AM MF, reflecting the configured days and time. At the scheduled moment, macOS posts a system notification with a ten-minute countdown. The user can accept the restart immediately or cancel it before the timer expires; if the user takes no action, the endpoint restarts when the timer reaches zero.

Subsequent Automox evaluations report the endpoint as compliant without re-running remediation, because the evaluation phase finds the restart entry already present. The schedule survives reboots, OS updates, and user logout. It is removed only if an admin or end user runs pmset repeat cancel or sudo pmset schedule cancelall, at which point the next policy run flags the endpoint and restores the entry. To confirm a real restart occurred, query last reboot or check log show --predicate 'eventMessage contains "Previous shutdown cause"' --last 7d for the most recent shutdown event and its cause code.