Skip to main content

I started leveraging JAMF to patch Zoom.us which is working great so far. It installs in /Applications, but I am finding many users have it installed in their ~/Applications folder, leaving the older version in place.



I need to remove it from their ~/Applications, but running into challenges.



I am new at bash, but I tried running the script rm -rf ~/Applications/zoom.us.app , but it's not pulling it from logged in user's directory.



I tried, sudo -u $(ls -l /dev/console | awk '{print $3}') rm -rf ~/Applications/zoom.us.app , but these are standard users and getting permission denied messages.



Our mac's are not shared so doing it in currently logged in or all users' ~/Applications directories are fine.



Any help is appreciated, thanks.

Hi @markl ,
Building of the thread Zoom Exploit, I added:



#!/bin/sh

#Removes user downloaded Zoom

if [ -e /Users/*/Applications/zoom.us.app ]; then

rm -rf /Users/*/Applications/zoom.us.app

fi



#Remove .zoomus for all users



if [ -e /Users/*/.zoomus ]; then

rm -rf /Users/*/.zoomus

fi


The final script that I used in my environment was:



#!/bin/sh

# Disable auto-video on Zoom

# For just your local account

currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{print $3}')

currentUserHome=$( dscl . read /Users/"$currentUser" NFSHomeDirectory | awk '{print $2}')

prefPath="/Library/Preferences/us.zoom.config.plist"

zoomAppSupportPath="$currentUserHome/Application Support/zoom.us"



#Clear Out existing App Support DB

if [ -e "$zoomAppSupportPath" ]; then

    rm -rf "$zoomAppSupportPath"

fi



# Apply to all users on the machine

# Clear any existing preferences

if [ -e "$prefPath"  ]; then

    rm -rf "$prefPath"

fi



# Apply for all users

defaults write "$prefPath" ZDisableVideo 1

defaults write "$prefPath" MuteVoipWhenJoin 1

chown root:wheel "$prefPath"



# Delete webserver

zoompid=`lsof -ti :19421`

echo "$zoompid"

if [ -z "$zoompid" ] ; then

    echo "zoompid not found"

else

    kill -9 "$zoompid"

fi



if [ -e /Users/*/Applications/zoom.us.app ]; then

rm -rf /Users/*/Applications/zoom.us.app

fi



if [ -e /Applications/zoom.us.app ]; then

rm -rf /Applications/zoom.us.app

fi



if [ -e /Users/*/.zoomus ]; then

rm -rf /Users/*/.zoomus

fi



touch "$currentUserHome/.zoomus"



exit 0


You should also add Zoom to your Restricted Software list.

Thanks, I finally figured out rm -rf /Users/*/Applications/zoom.us.app just a few mins ago. Will look over your stuff to build off of of. Thanks again.

Hey @markl,



You could try the following script deployed via a Jamf Policy.



#!/bin/sh

currentUser=`ls -l /dev/console | awk '{print $3}'`



rm -rf /Users/"$currentUser"/Applications/zoom.us.app



exit


When executing scripts from Jamf " ~ " will refer to the user running the script, which in the case of Jamf is "root".



If you find that there are multiple zoom.us installs in the 1 directory, they will likely be zoom.us, zoom.us1, zoom.us2 and so on. If that is the case, just use the following command in your script.



rm -rf /Users/"$currentUser"/Applications/zoom.us*


Pat

We've been using mdfind to find apps that may exist in non-default paths, then going through the search result to remove the ones that are not in the default path.



#!/bin/bash



GOOD_PATH="/Applications/zoom.us.app"

BUNDLE_ID="us.zoom.xos"

SEARCH_FILE="/private/tmp/SearchResults.txt"



function searchCommand()

{

    mdfind kMDItemCFBundleIdentifier="$BUNDLE_ID" | grep -v "$GOOD_PATH" > "$SEARCH_FILE"

}



function removeBad()

{

    xargs -I{} rm -r {} < "$SEARCH_FILE"

}



searchCommand

removeBad

You inspire me, @donmontalvo.

This Remove App From Unapproved Locations.sh is awesome @dan-snelson! Clean workflow @donmontalvo! I'll definitely be utilizing this in the future.

@dan-snelson I like it! May I steal it? :):):)



@shaquir wait until @mm2270 chimes in!



@tlarkin also posted similar stuff.

Terms & ConditionsCookie settings