How can I prevent users to uninstall the Self Service being deployed in a prestage enrolment on IoS?
Solved
How can I prevent users to uninstall the Self Service being deployed in a prestige enrolment?
+3Best answer by cddwyer
While you can't block it's removal, you can enforce a persistent re-install if the app ever were to be removed, you would create a smart group for users without the Self Service app and create a policy to install Self Service, set it to trigger at re-occurring check-in with frequency set to on-going and scope it at the smart group for devices without Self Service.
Or, if you didn't want to wait for a check-in you could create a policy to install Self Service with a custom trigger, then deploy a launch agent to the device that checks for the existence of Self Service every minute and if it is not present it would call 'jamf policy -trigger <your customer trigger to install self service>' that would work and obviously you could set it to every minute, 5 minutes or what ever you wanted the delay to be. Also maybe set an email alert for the smart group, then you could establish who is deleting Self Service and ask them not to in future...
Hope that helps.
+11Your only option is to disallow app removal with a restrictions profile, but this option is all or nothing. There isn't a way to prevent the removal of individual apps.
+3thank your your reply. I have tested your suggestion. But the thing is this policy will also affect the personal apps - the ones that were installed from the App Store with the personal applied. my idea is to block the uninstallation of the applications deployed by the MDM server, starting with the Self Service. is this scenario possible?
+7While you can't block it's removal, you can enforce a persistent re-install if the app ever were to be removed, you would create a smart group for users without the Self Service app and create a policy to install Self Service, set it to trigger at re-occurring check-in with frequency set to on-going and scope it at the smart group for devices without Self Service.
Or, if you didn't want to wait for a check-in you could create a policy to install Self Service with a custom trigger, then deploy a launch agent to the device that checks for the existence of Self Service every minute and if it is not present it would call 'jamf policy -trigger <your customer trigger to install self service>' that would work and obviously you could set it to every minute, 5 minutes or what ever you wanted the delay to be. Also maybe set an email alert for the smart group, then you could establish who is deleting Self Service and ask them not to in future...
Hope that helps.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.