Skip to main content
Solved

Reinstall applications after removal

  • May 19, 2025
  • 5 replies
  • 96 views
D
Forum|alt.badge.img+3

We have a handful of applications that are required to be on our laptops at all times. Currently, we have smart groups set with criteria for the app not being installed and a policy scoped to that group. The downside is it only updates when an automatic inventory update is done every day. Has anyone done something similar that runs more frequently?

Best answer by A_Collins

Most efficient way is to deploy a script to check if app installed something like this 

#!/bin/bash appName="my.app" #You can also put an array of more than 1 app if [[ -d "/Applications/$appName" ]] then echo "Directory exists. No need to install" else echo "Installing $appName" jamf policy -trigger triggerName fi

and upload to the client machines to a folder like /private/var/myscripts, then create a launchdaemon and set interval value to 300 so it would run every 5 minutes with no load on the server

    5 replies

    R
    Forum|alt.badge.img
    • Ryan247Zook
    • New Contributor
    • May 20, 2025

    Hello!

    Currently, mandatory application compliance in Jamf Pro relies on daily inventory updates, causing delays. To run checks more frequently, you can reduce the Jamf Pro recurring check-in frequency (e.g., hourly), but this increases server load. A better approach is to scope a specific policy to the "Recurring Check-in" trigger, setting its execution frequency to "Every Check-in" and ensuring it includes an "Update Inventory" step; this policy would target devices missing the app. 

    cattranslator
    AJPinto
    Forum|alt.badge.img+26
    • AJPinto
    • Legendary Contributor
    • May 20, 2025

    You can reduce the detection and remediation window to around 15–45 minutes.

    1. You would need to change your device check-in frequency from daily to every 15 minutes.
    2. Write an Extension Attribute for each Application you want to ensure is installed.
    3. Create a Smart Group checking for the Application being missing using the Extension Attribute.
    4. Create a Policy that runs on recurring check-in to Deploy the Policy containing the desired Application to devices missing the Application.

    Alternatively you could configure this to deploy to all Devices Excluding devices with the Application if you prefer that approach. 

    Jamf will only check installed software daily, but Extension Attributes are run on each check-in and is the way to go for core compliance tools like Security Applications. If absolute compliance is a must, remove users admin access and they cant uninstall applications to begin with.

    howie_isaacks
    D
    A_Collins
    Forum|alt.badge.img+11
    • A_Collins
    • Contributor
    • Answer
    • May 21, 2025

    Most efficient way is to deploy a script to check if app installed something like this 

    #!/bin/bash appName="my.app" #You can also put an array of more than 1 app if [[ -d "/Applications/$appName" ]] then echo "Directory exists. No need to install" else echo "Installing $appName" jamf policy -trigger triggerName fi

    and upload to the client machines to a folder like /private/var/myscripts, then create a launchdaemon and set interval value to 300 so it would run every 5 minutes with no load on the server

    dsavageED
    BGhilardi
    D
    sdagley
    Forum|alt.badge.img+25
    • sdagley
    • Jamf Heroes
    • June 2, 2025

    You can reduce the detection and remediation window to around 15–45 minutes.

    1. You would need to change your device check-in frequency from daily to every 15 minutes.
    2. Write an Extension Attribute for each Application you want to ensure is installed.
    3. Create a Smart Group checking for the Application being missing using the Extension Attribute.
    4. Create a Policy that runs on recurring check-in to Deploy the Policy containing the desired Application to devices missing the Application.

    Alternatively you could configure this to deploy to all Devices Excluding devices with the Application if you prefer that approach. 

    Jamf will only check installed software daily, but Extension Attributes are run on each check-in and is the way to go for core compliance tools like Security Applications. If absolute compliance is a must, remove users admin access and they cant uninstall applications to begin with.


    @AJPinto What is you source for Extension Attributes running on every checkin? Everything I've read, and seen in operation for my Jamf Pro instances, is that EAs only run during a recon.

    AJPinto
    Forum|alt.badge.img+26
    • AJPinto
    • Legendary Contributor
    • June 2, 2025

    @AJPinto What is you source for Extension Attributes running on every checkin? Everything I've read, and seen in operation for my Jamf Pro instances, is that EAs only run during a recon.


    Looks like I had assumed, it does not appear to run EAs on each checkin. Thanks for pointing that out, and now I feel like an idiot lol.

    Terms & ConditionsCookie settingsAccessibility statement