Posted on 11-30-2017 07:16 AM
How can I prevent users to uninstall the Self Service being deployed in a prestage enrolment on IoS?
Solved! Go to Solution.
Posted on 12-01-2017 06:35 AM
While you can't block it's removal, you can enforce a persistent re-install if the app ever were to be removed, you would create a smart group for users without the Self Service app and create a policy to install Self Service, set it to trigger at re-occurring check-in with frequency set to on-going and scope it at the smart group for devices without Self Service.
Or, if you didn't want to wait for a check-in you could create a policy to install Self Service with a custom trigger, then deploy a launch agent to the device that checks for the existence of Self Service every minute and if it is not present it would call 'jamf policy -trigger <your customer trigger to install self service>' that would work and obviously you could set it to every minute, 5 minutes or what ever you wanted the delay to be. Also maybe set an email alert for the smart group, then you could establish who is deleting Self Service and ask them not to in future...
Hope that helps.
Posted on 11-30-2017 08:14 AM
Your only option is to disallow app removal with a restrictions profile, but this option is all or nothing. There isn't a way to prevent the removal of individual apps.
Posted on 12-01-2017 12:55 AM
thank your your reply. I have tested your suggestion. But the thing is this policy will also affect the personal apps - the ones that were installed from the App Store with the personal applied. my idea is to block the uninstallation of the applications deployed by the MDM server, starting with the Self Service. is this scenario possible?
Posted on 12-01-2017 05:31 AM
No
Posted on 12-01-2017 06:35 AM
While you can't block it's removal, you can enforce a persistent re-install if the app ever were to be removed, you would create a smart group for users without the Self Service app and create a policy to install Self Service, set it to trigger at re-occurring check-in with frequency set to on-going and scope it at the smart group for devices without Self Service.
Or, if you didn't want to wait for a check-in you could create a policy to install Self Service with a custom trigger, then deploy a launch agent to the device that checks for the existence of Self Service every minute and if it is not present it would call 'jamf policy -trigger <your customer trigger to install self service>' that would work and obviously you could set it to every minute, 5 minutes or what ever you wanted the delay to be. Also maybe set an email alert for the smart group, then you could establish who is deleting Self Service and ask them not to in future...
Hope that helps.
Posted on 12-06-2017 02:38 AM
Thanks! really usefull!