Jamf Nation Community

#!/bin/sh
/usr/sbin/jamf -removeFramework

Thank you.

Hmm. I have created the script, set it to executable and uploaded it to my JSS. Ive created a policy to run it, but am getting an error. Any clues

Running Script remove.sh...
Script Exit Code:126
Script Result: sh: /private/tmp/remove.sh: /bin/sh: bad interpreter: Operation not permitted
Unmounting file server...

Eric, why not just make them unmanaged in the JSS itself?

bentoms,

I don't want to leave them with the jamfbinary running in the background. Deleting the machine from the JSS doesn't stop the binary running on the machine does it?

Your right. It keeps the binary.

Do you have any other remote tools? Maybe try running the command via ARD or SSH?

The binary is just a file. It's not a running process. Casper works by using launchd items to call the binary to do tasks such as checking for new tasks every 15 minutes, hour or however long you've set.

I don't see -removeFramework as an option of /usr/sbin/jamf. That may be why this command isn't working. I don't find this command in the manual either. Or maybe this is just an undocumented feature.

I feel it's a good idea to not leave cruft on machines if you can help it.

Delete the binary:
rm /usr/sbin/jamf

Delete the JAMF launchd items:
rm /Library/LaunchDaemons/com.jamfsoftware.*

Delete the JAMF Applications Support directory:
rm -R /Library/Application Support/JAMF/

Restart.

I think that should do it but others may point out files I've missed.

William - it is an undocumented feature. It removes the binary and the cruft. It does leave the /Library/Application Support/JAMF/logs folder, but that should be about it.

Eric - I used the script that Matt posted and was able to remove the framework via Casper Remote (running that script) on a machine with no problems. A bad interpreter error makes it sound like a problem with the system knowing which interpreter to use. A quick Google of that error found several threads talking about 10.7.3 having a quarantine problem:

https://discussions.apple.com/thread/3733470?start=30&tstart=0

Could that be the issue?

Steve

The bad interpreter error can happen for a number of reasons...I just got it last week because I had a dumb error in a script but for the life of me I can't remember what it was! :P

It can happen if you have Windows line endings on your scripts sometimes.

I am not sure about the extended attributes issues previously reported on as I make it a habit of cleaning all that junk (except for com.apple.ResourceFork) up almost religiously when packaging. Here is a function from my .bashrc to remove a given attribute from all the items in a directory.

rmattr() {
    find . -depth 1 -print0 | xargs -0 xattr -d $1;
}

usage would be something like:

$ rmattr com.apple.FinderInfo

Whoever found/shared the -removeFramework first thanks a bunch. I used to do this. XD

#!/bin/bash

shopt -s nullglob

toremove=("/Library/Application Support/JAMF"
/Library/Caches/com.jamfsoftware.autorun
/Library/LaunchDaemons/com.jamfsoftware*
/Library/Preferences/com.jamfsoftware*
/System/Library/LaunchDaemons/com.jamfsoftware*
/System/Library/StartupItems/JAMF
/etc/jamf.conf
/etc/scripts
/private/var/root/Library/Preferences/com.jamfsoftware.jamfHelper.plist
/private/var/run/jamf
/usr/sbin/jamf
/usr/sbin/jamfvnc
/var/log/jamf.log
/var/*local_jamf_user*
/var/root/Library/Preferences/com.apple.loginwindow.plist)

for item in "${toremove[@]}"; do
    [[ -e "${item}" ]] && rm -rf "${item}"
done 

find /Users -type f -name "com.jamfsoftware.*" -exec rm {} ;

dscl . -delete /Users/*local_jamf_user* &> /dev/null

/usr/bin/osascript << EOF
tell application "Finder"
        activate
        display dialog "Removal of JAMF files complete. Be sure to remove ssh user & pass information from JSS." buttons {"OK!"} with icon caution
end tell
EOF

Thanks all for your responses. I will give these a try and report back.