Help

Delete applications without Adminrights withs self Service

avogel
New Contributor II

Posted on ‎07-31-2019 04:21 AM

Hi,

Since none of the users on our computer have no admin rights, but we have created a possibility that the user can uninstall App. However, the script only deletes the application from the folder. That is sufficient in most cases. However, in some cases it is necessary to delete the created data. Maybe someone has an idea how to find these and delete them.

#!/bin/bash 


##########################################################################  
# Shellscript : Uninstall Script  
# Autor : Andreas Vogel, 
##########################################################################  

# Script asks for the file to be deleted. 
#  
# Only for test - comment out in production!  
# set -x 

###### please only edit here 
###### list files to protect here 

app_protect=" 
NoMAD 
McAfee 
Self Service 
Preproxy
Identity Agent
jamf" 

##### End ################



# Variabeln 
sys=$(while read p; do echo "$p" | grep "/Applications" ; done </System/Library/Sandbox/rootless.conf) 

list=" 
$app_protect 
$sys" 


askapp () {
    /usr/bin/osascript <<EOF - 2>/dev/null
    set strPath to POSIX file "/Applications/"
    set f to (choose file with prompt "$1" default location strPath)
    set posixF to POSIX path of f
    tell application "Finder" to set filesDir to container of f as alias as text
    set posixDir to POSIX path of filesDir
    posixF

EOF
}


asknewdir () {
    osascript <<EOF - 2>/dev/null
tell application "SystemUIServer"
    activate
    text returned of (display dialog "$1" default answer "")
end tell
EOF
}

app=$(askapp 'Please select the program to be deleted') || exit


# Loop for checking before deleting 
for a in $list ; do 
if [[ "$app" = *$a* ]]; then 
osascript -e 'display dialog "This program can not be deleted!" buttons {"OK"} default button 1'  
exit 0 
fi 
done 

# Program is stopped and deleted 
pkill -f "$app"  
sudo rm -rf "$app"  
osascript -e 'display dialog "The app has been deleted" buttons {"OK"} default button "OK"' 
exit 0
0 Kudos
Reply
13 REPLIES 13

avogel
New Contributor II

Posted on ‎10-18-2019 03:46 AM

no ideas

0 Kudos
Reply

alexduffner
New Contributor III

Posted on ‎02-08-2023 05:49 AM

Hi @avogel,

I have combined your idea with another and my own.
Perhaps the result will also serve your purposes:

https://github.com/aduffner/uninstallMacApps/blob/main/uninstallMacApps.sh 

Pre-requisites: Installed https://github.com/bartreardon/swiftDialog (for the beautiful modals)

 

Best regards

Alex

0 Kudos
Reply

tobiaslinder
Contributor II
In response to alexduffner

Posted on ‎05-22-2023 02:43 AM

Hey @alexduffner 
Sadly the link to your uninstallMacApps doesn't work anymore. I would be really interested in your approach.

0 Kudos
Reply

alexduffner
New Contributor III
In response to tobiaslinder

‎05-22-2023 04:41 AM - edited ‎05-22-2023 04:41 AM

Hi @tobiaslinder, had set it to private for some reason, it's now public again.
Your and other's feedback is explicitly welcome. 😊

0 Kudos
Reply

tobiaslinder
Contributor II
In response to alexduffner

Posted on ‎05-22-2023 06:35 AM

Thank you so much. You will hear from me, if I succeed at implementing your code in my project.

0 Kudos
Reply

GraemeU
New Contributor III

Posted on ‎05-23-2023 02:46 PM

 Hi Alex

 

This script looks wonderful however during testing I was still prompted for admin creds when running via self service. - specifically Finder requesting to delete x files. Running on Ventura 13.4

0 Kudos
Reply

GraemeU
New Contributor III
In response to GraemeU

Posted on ‎05-24-2023 04:35 AM

Hi

Just to follow up, I ended up making some changes to the script to get this to work in my environment.

line 50 after add

trash() { mv "$@" /Users/$currentUser/.Trash/ ; }

line 186 remove

/usr/bin/sudo -u "$currentUser" osascript -e "tell application \"Finder\" to delete { $posixFiles }" >/dev/null

after add

echo "Moving app data to trash…"
sleep 1
for item in "${paths[@]}"
do
Echo "Trashing $item ..."
trash $item
done
0 Kudos
Reply

alexduffner
New Contributor III
In response to GraemeU

‎05-24-2023 04:41 AM - edited ‎05-24-2023 04:43 AM

Nice! Thank you for sharing, just request a pull request via Github - I will merge it :-)

0 Kudos
Reply

GraemeU
New Contributor III

Posted on ‎05-24-2023 04:51 AM

Hi Alex, I will do some further testing before doing anything like this, for example the Zoom Outlook Plugin has a build in Uninstall.app which users cannot run, however if they try to remove it via the script, it will find a lot of things you dont really want to remove as part of the app. This is around the wildcard line 155. 

paths+=($(find "$location" -iname "*$app_name*" -maxdepth 1

See below imageScreenshot 2023-05-24 at 12.45.13 pm.png

 

 

0 Kudos
Reply

alexduffner
New Contributor III
In response to GraemeU

Posted on ‎05-24-2023 04:59 AM

I think regex matches like these are the reason why nobody came up with an all-in-one uninstaller ^^
Thank you for testing. I would also recommend to not test it in the wild.

0 Kudos
Reply

GraemeU
New Contributor III
In response to alexduffner

‎05-24-2023 05:03 AM - edited ‎05-24-2023 05:05 AM

Hi Alex

Yes agree, this is a very tricky problem to solve but I think this script gets about 95% of the way there with no trouble, which is excellent. I have a small test group with this deployed now and will get feedback from users, mainly so I can round off our exclusion list.

I will just remind users to double check everything in the list prior to clicking ok! 😊

Reply

yeyo
New Contributor

a week ago

HI, Thanks for the script really appreciate the script. Just curious is there a way to restrict it to just application folder. So users can't go browsing all sort of directory. Like limiting it to just /Application folder only.  

Thanks in advance 

0 Kudos
Reply

yeyo
New Contributor

a week ago

I just tried the script and it doesn't seem work. 

0 Kudos
Reply