Skip to main content

Hi

 

We are trying to put together a silent uninstaller for out BItDefender endpoints. The command requires a --password flag which we don't want to be pushing our Jamf management account password over plaintext in this command. I am trying to put together a script that creates a new admin user, runs the uninstaller, and then deletes the admin user. I am running into issues switching to the created admin account to authenticate. Is there a certain way you can sudo su in a script? Below are the two variations we have tried and tested unsuccessfully:

 

jamf createAccount -username bdremover -realname "BitDefender Remover" -password <random password> -home /Users/bdremover -hiddenUser -admin -secureSSH

sudo /Library/Bitdefender/AVP/common/UninstallTool --password=<random password>

jamf deleteAccount -username bdremoverjamf createAccount -username bdremover -realname "BitDefender Remover" -password <random password> -home /Users/bdremover -hiddenUser -admin -secureSSH

sudo -U bdremover /Library/Bitdefender/AVP/common/UninstallTool --password=<random password>

jamf deleteAccount -username bdremover

@falbrecht  - I would recommend encrypting your password & passing the password utilizing the script parameters via policy & then passing the encrypted parameter as a variable to use within your script. for example - https://github.com/brysontyrrell/EncryptedStrings/blob/master/EncryptedStrings_Bash.sh

 

if you don't want to do that, you can always create a user via policy payload within jamf, that's what I would recommend instead of doing it within a script & then run the command as

sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5

 

the $4 & $5 reflect the username & password being pulled from the parameter slots #4 & #5 from the script parameters located within the scripts payload within a policy once the script is added.

 

 

 

@falbrecht  - I would recommend encrypting your password & passing the password utilizing the script parameters via policy & then passing the encrypted parameter as a variable to use within your script. for example - https://github.com/brysontyrrell/EncryptedStrings/blob/master/EncryptedStrings_Bash.sh

 

if you don't want to do that, you can always create a user via policy payload within jamf, that's what I would recommend instead of doing it within a script & then run the command as

sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5

 

the $4 & $5 reflect the username & password being pulled from the parameter slots #4 & #5 from the script parameters located within the scripts payload within a policy once the script is added.

 

 

 


How do you mean by that last part about $4 and $5? Is the idea to use the local account creation in the policy and then run the command from the script payload or at that point could I just include sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5 command in the "Files and Processes" payload?

How do you mean by that last part about $4 and $5? Is the idea to use the local account creation in the policy and then run the command from the script payload or at that point could I just include sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5 command in the "Files and Processes" payload?


So first you want to create your script inside jamf pro with the parameters in mind. (rough example depicted below)

 

Second, you want to create a policy, within the script payload, add the bitdefender script you just created to the policy, then you will have the options to add the parameter values to pass as the variables $4 & $5 within your script. (Depicted Below)

 

as long as that admin username & password already exists on the machine, it will run.

Take a look at Dan's script here.

I've been using it with great success in my environment. 

Reply


Terms & ConditionsCookie settings