Posted on 01-29-2024 03:58 AM
Hi community!
I need some advice regarding software installation by policy.
As useres are allowed to administer their device, they also are able to uninstall packages.
How can I assure, that if a software is unsinstalled, the policy will run again and reinstall it?
I'm worrying if I set a policy to Ongoing or Once a day, the software will be tried to install no matter if it's present or not.
Posted on 01-29-2024 05:07 AM
Hi!
You could use a Smart Group for that
I use one for Zoom for example
Criteria: Application <does not have> zoom.us.app.
And then use it as scope.
Posted on 01-29-2024 05:17 AM
I can't see this particular app.
I use install-or-defer to enforce systemupdates, and this app doesn't show up in the installed apps.
01-29-2024 05:36 AM - edited 01-29-2024 05:38 AM
The only path to true application enforcement is to remove admin access. However, a smart group looking for the application (maybe an extension attribute as well depending on if the application is in a random location), and a policy that runs on check in on devices missing the application. Depending on her persistent you want the application to be would determine the interval of the policy (ongoing, daily, etc).
To stop the policy from "looping", make sure to put an inventory update payload so Jamf is aware of the smart group criteria update. As far as the target, either target devices without the application or target all devices and exclude devices with the application. Both will do the same thing.
Posted on 01-29-2024 07:48 AM
You can also look at the services on the managed laptop in the Inventory for the device.
I use this to ensure Nessus is installed and detected. If it gets removed I use a smart group to trigger a reinstall.
Example: com.tenablesecurity.nessusagent
Search the software title and do some digging.
Best of luck.