Skip to main content
Question

Uninstaller Script Requires Root Password

  • March 2, 2022
  • 4 replies
  • 23 views
F
Forum|alt.badge.img+4

Hi

 

We are trying to put together a silent uninstaller for out BItDefender endpoints. The command requires a --password flag which we don't want to be pushing our Jamf management account password over plaintext in this command. I am trying to put together a script that creates a new admin user, runs the uninstaller, and then deletes the admin user. I am running into issues switching to the created admin account to authenticate. Is there a certain way you can sudo su in a script? Below are the two variations we have tried and tested unsuccessfully:

 

jamf createAccount -username bdremover -realname "BitDefender Remover" -password <random password> -home /Users/bdremover -hiddenUser -admin -secureSSH sudo /Library/Bitdefender/AVP/common/UninstallTool --password=<random password> jamf deleteAccount -username bdremoverjamf createAccount -username bdremover -realname "BitDefender Remover" -password <random password> -home /Users/bdremover -hiddenUser -admin -secureSSH sudo -U bdremover /Library/Bitdefender/AVP/common/UninstallTool --password=<random password> jamf deleteAccount -username bdremover

    4 replies

    Hugonaut
    Forum|alt.badge.img+15
    • Hugonaut
    • Esteemed Contributor
    • 574 replies
    • March 2, 2022

    @falbrecht  - I would recommend encrypting your password & passing the password utilizing the script parameters via policy & then passing the encrypted parameter as a variable to use within your script. for example - https://github.com/brysontyrrell/EncryptedStrings/blob/master/EncryptedStrings_Bash.sh

     

    if you don't want to do that, you can always create a user via policy payload within jamf, that's what I would recommend instead of doing it within a script & then run the command as

    sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5

     

    the $4 & $5 reflect the username & password being pulled from the parameter slots #4 & #5 from the script parameters located within the scripts payload within a policy once the script is added.

     

     

     

    Looking for a Jamf Managed Service Provider? Look no further than Rocketman Tech! Virtual MacAdmins Monthly Meetup - First Friday, Every Month
    F
    Forum|alt.badge.img+4
    • falbrecht
    • Author
    • Contributor
    • 14 replies
    • March 2, 2022

    @falbrecht  - I would recommend encrypting your password & passing the password utilizing the script parameters via policy & then passing the encrypted parameter as a variable to use within your script. for example - https://github.com/brysontyrrell/EncryptedStrings/blob/master/EncryptedStrings_Bash.sh

     

    if you don't want to do that, you can always create a user via policy payload within jamf, that's what I would recommend instead of doing it within a script & then run the command as

    sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5

     

    the $4 & $5 reflect the username & password being pulled from the parameter slots #4 & #5 from the script parameters located within the scripts payload within a policy once the script is added.

     

     

     


    How do you mean by that last part about $4 and $5? Is the idea to use the local account creation in the policy and then run the command from the script payload or at that point could I just include sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5 command in the "Files and Processes" payload?

    Hugonaut
    Forum|alt.badge.img+15
    • Hugonaut
    • Esteemed Contributor
    • 574 replies
    • March 2, 2022

    How do you mean by that last part about $4 and $5? Is the idea to use the local account creation in the policy and then run the command from the script payload or at that point could I just include sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5 command in the "Files and Processes" payload?


    So first you want to create your script inside jamf pro with the parameters in mind. (rough example depicted below)

     

    Second, you want to create a policy, within the script payload, add the bitdefender script you just created to the policy, then you will have the options to add the parameter values to pass as the variables $4 & $5 within your script. (Depicted Below)

     

    as long as that admin username & password already exists on the machine, it will run.

    Looking for a Jamf Managed Service Provider? Look no further than Rocketman Tech! Virtual MacAdmins Monthly Meetup - First Friday, Every Month
    K
    Forum|alt.badge.img+5
    • kavila
    • Contributor
    • 25 replies
    • March 2, 2022

    Take a look at Dan's script here.

    I've been using it with great success in my environment. 


    Terms & ConditionsCookie settingsAccessibility statement