Jamf Nation Community

itibsolution · ‎01-29-2024

Hi community!
I need some advice regarding software installation by policy.
As useres are allowed to administer their device, they also are able to uninstall packages.
How can I assure, that if a software is unsinstalled, the policy will run again and reinstall it?
I'm worrying if I set a policy to Ongoing or Once a day, the software will be tried to install no matter if it's present or not.

georgbhm · ‎01-29-2024

Hi!

You could use a Smart Group for that

I use one for Zoom for example

Criteria: Application <does not have> zoom.us.app.

And then use it as scope.

itibsolution · ‎01-29-2024

I can't see this particular app.
I use install-or-defer to enforce systemupdates, and this app doesn't show up in the installed apps.

AJPinto · ‎01-29-2024

The only path to true application enforcement is to remove admin access. However, a smart group looking for the application (maybe an extension attribute as well depending on if the application is in a random location), and a policy that runs on check in on devices missing the application. Depending on her persistent you want the application to be would determine the interval of the policy (ongoing, daily, etc).

To stop the policy from "looping", make sure to put an inventory update payload so Jamf is aware of the smart group criteria update. As far as the target, either target devices without the application or target all devices and exclude devices with the application. Both will do the same thing.

dvasquez · ‎01-29-2024

You can also look at the services on the managed laptop in the Inventory for the device.

I use this to ensure Nessus is installed and detected. If it gets removed I use a smart group to trigger a reinstall.

Example: com.tenablesecurity.nessusagent

Search the software title and do some digging.

Best of luck.

Jamf Nation Community

Installation policies