Auditing Unapproved Applications

doreyme
New Contributor III

Does anyone know if this can be automated?

We would like to compare a list of pre approved applications to what applications are currently installed on our managed machines and which machines have those un approved applications.

So far, i've been searching the inventory using .app to search and manually comparing this to our pre approved software list.

13 REPLIES 13

mack525
Contributor II

hmmm... have you tried using the asterisk * when searching ?

7c20cea66ebb479f88ffb372ecccc1ac

doreyme
New Contributor III

@mack525 Thanks for the reply, i actually did that as well.

The main objective is to be able to identify what machines have applications that are not approved in the office.

mack525
Contributor II

@doreyme Understood. Under each application from that list, you should get the option to click on the drop down to list the machines that have it installed.

doreyme
New Contributor III

@mack525 so rather than cross checking manually, is there anyway to export this list of applications installed on these managed machines into an XML file?

mack525
Contributor II

@doreyme Give this Link a look

edickson
Contributor

As much as this may hurt, it may help to take admin rights away from the end users. It will lessen their ability to install unapproved software.

doreyme
New Contributor III

@mack525 PERFECT! Exactly what I was looking for!

Thanks again everyone!

mack525
Contributor II

Agreed @edickson @doreyme Glad that helped.

tlarkin
Honored Contributor

Application searching in jamf is sorta madness, I would try to look at local system states, but it would require a lot of work. It will require a lot of work either way. I am a huge fan of spotlight, so if you have an approved app list, I would feed that into code and do a spotlight search for all apps and then return the delta

doreyme
New Contributor III

@tlarkin Thanks for the info, I'd be interested if you don't mind elaborating more on the steps to do this.

tlarkin
Honored Contributor

@doreyme

Spotlight will index everything on your computer, sans a few file system paths. It also tags those objects with metadata, which is very useful and powerful.

example:

mdfind -name "kMDItemKind = Application" -onlyin /Applications/

That will return a list of every Application in /Applications

From there you can compare that to your list of pre-approved apps, and then take whatever action you want in code. Of course running an Application White List via parental controls or MDM config profile payload may be the better answer for this. You can also look at third party projects like Santa from Google, which do binary white/black listing.

Last you can use restricted software settings in jamf to manage this as well, but that can be very labor intensive. Basically, it will be a full time job managing black/white lists of apps, unless you have some sort of automation system in place to handle it.

doreyme
New Contributor III

Thanks alot @tlarkin Very much appreciated.

Utilizing the restricted software settings is definitely a bit too tedious

tlarkin
Honored Contributor

So, I was actually working on a side project during the time this was posted. I have put together a Spotlight framework for app tagging and possible removal of the app if it leaves your management program. Mainly around the idea of BYOD, but my employer does not allow BYOD, so this was just for fun. I then wrapped DEP Notify around it

https://github.com/t-lark/DEP-Notify-Decom