Jamf Nation Community

BCPeteo · ‎02-13-2024

We are doing some testing on the office 2019 update issue and we setup a test policy to fix this. We are trying the startup trigger policy as that will confirm all office apps are closed but are seeing sometimes this policy never executes (says pending in the policy) even after multiple reboots. Is the startup trigger not reliable?

jamf-42 · ‎02-13-2024

no apps will be open at startup.. thats before login..

BCPeteo · ‎02-13-2024

Its a policy that executes the Microsoft office licensee removal tool pkg, Which as I recall are just scripts.

jamf-42 · ‎02-13-2024

from here? https://office-reset.com/

try login, so they can run in the user space.. not reviewed in a while..

BCPeteo · ‎02-13-2024

No, its the license removal tool from here

https://support.microsoft.com/en-us/office/how-to-remove-office-license-files-on-a-mac-b032c0f6-a431...

jamf-42 · ‎02-13-2024

try this.. License Reset Package (this is the DL for the pkg from the 'admins' tab) from above.. obviously read the script before and test before you deploy to production.

jamf-42 · ‎02-13-2024

very Quick Look at the the pkg from Microsoft, needs the user to be logged in.. so try that also with login trigger.. again.. read the script in pkg..

BCPeteo · ‎02-13-2024

it should run as root if it runs at startup. I see the script checks who the logged in user which I assume would be root. The script does not seem to have a failure exit if it is root. Also If it ran and failed Jamf should show that. So Im not sure its running at all.

Setting it to run at login does work though.

jamf-42 · ‎02-13-2024

the script for MS.. logged in user is required it seems... check out the other I posted.. not sure if that requires logged in user.. if it runs as root.. then root has no MS config. .

edit: see this line.. thats no going to work with root at start up.. (still reading the code)

/usr/bin/sudo -u $LoggedInUser

#!/bin/zsh

/usr/bin/logger "Starting Office for Mac License Removal 2.7"

## CONSTANTS
PERPLICENSE="/Library/Preferences/com.microsoft.office.licensingV2.plist"
PERPLICENSEBACKUP="/Library/Preferences/com.microsoft.office.licensingV2.Backup"

## FUNCTIONS
GetLoggedInUser() {
	LOGGEDIN=$(/bin/echo "show State:/Users/ConsoleUser" | /usr/sbin/scutil | /usr/bin/awk '/Name :/&&!/loginwindow/{print $3}')
	if [ "$LOGGEDIN" = "" ]; then
		echo "$USER"
	else
		echo "$LOGGEDIN"
	fi
}

SetHomeFolder() {
	HOME=$(dscl . read /Users/"$1" NFSHomeDirectory | cut -d ':' -f2 | cut -d ' ' -f2)
	if [ "$HOME" = "" ]; then
		if [ -d "/Users/$1" ]; then
			HOME="/Users/$1"
		else
			HOME=$(eval echo "~$1")
		fi
	fi
}

GetNodeId() {
# Get node_id value from Registry
	local NAME="$1"
	local PARENT="$2"
	local NODEVALUE=$(sqlite3 "$REGISTRY" "SELECT node_id from HKEY_CURRENT_USER WHERE name='$NAME' AND parent_id=$PARENT;")
	if [ "$NODEVALUE" == '' ]; then
		echo "0"
	else
		echo "$NODEVALUE"
	fi
}

GetNodeVal() {
# Get node value from Registry
	local NAME="$1"
	local NODEID="$2"
	local NODEVALUE=$(sqlite3 "$REGISTRY" "SELECT node_id from HKEY_CURRENT_USER_values WHERE name='$NAME' AND parent_id=$NODEID;")
	if [ "$NODEVALUE" == '' ]; then
		echo "0"
	else
		echo "$NODEVALUE"
	fi
}

DeleteValue() {
# Delete value from Registry
	local NAME="$1"
	local NODEID="$2"
	sqlite3 "$REGISTRY" "DELETE FROM HKEY_CURRENT_USER_values WHERE name='$NAME' and node_id=$NODEID;"
}

NukeValue() {
# Delete value from Registry with just the node name
	local NAME="$1"
	sqlite3 "$REGISTRY" "DELETE FROM HKEY_CURRENT_USER_values WHERE name='$NAME';"
}

DeleteNode() {
# Delete node and all contained values from Registry
	local NODEID="$1"
	sqlite3 "$REGISTRY" "DELETE FROM HKEY_CURRENT_USER_values WHERE node_id=$NODEID;"
}

RemoveFlightData() {
# Remove all flighting keys from the specified app
	local KEY_APP="$1"
	# If the flight keys are set, remove the existing values
	KEY_ETAG=($GetNodeVal "ETag" "$KEY_APP")
	if [ "$KEY_ETAG" != "0" ]; then
		DeleteValue "ETag" "$KEY_APP"
	fi
	KEY_EXPIRES=($GetNodeVal "Expires" "$KEY_APP")
	if [ "$KEY_EXPIRES" != "0" ]; then
		DeleteValue "Expires" "$KEY_APP"
	fi
	KEY_DEFERRED=($GetNodeVal "DeferredConfigs" "$KEY_APP")
	if [ "$KEY_DEFERRED" != "0" ]; then
		DeleteValue "DeferredConfigs" "$KEY_APP"
	fi
	KEY_CONFIGID=($GetNodeVal "ConfigIds" "$KEY_APP")
	if [ "$KEY_CONFIGID" != "0" ]; then
		DeleteValue "ConfigIds" "$KEY_APP"
	fi
}

## MAIN
LoggedInUser=$(GetLoggedInUser)
SetHomeFolder "$LoggedInUser"
echo "Running as: $LoggedInUser; Home Folder: $HOME"

REGISTRY="$HOME/Library/Group Containers/UBF8T346G9.Office/MicrosoftRegistrationDB.reg"
O365SUBMAIN="$HOME/Library/Group Containers/UBF8T346G9.Office/com.microsoft.Office365.plist"
O365SUBBAK1="$HOME/Library/Group Containers/UBF8T346G9.Office/com.microsoft.e0E2OUQxNUY1LTAxOUQtNDQwNS04QkJELTAxQTI5M0JBOTk4O.plist"
O365SUBBAK2="$HOME/Library/Group Containers/UBF8T346G9.Office/e0E2OUQxNUY1LTAxOUQtNDQwNS04QkJELTAxQTI5M0JBOTk4O"
O365SUBMAINB="$HOME/Library/Group Containers/UBF8T346G9.Office/com.microsoft.Office365V2.plist"
O365SUBBAK1B="$HOME/Library/Group Containers/UBF8T346G9.Office/com.microsoft.O4kTOBJ0M5ITQxATLEJkQ40SNwQDNtQUOxATL1YUNxQUO2E0e.plist"
O365SUBBAK2B="$HOME/Library/Group Containers/UBF8T346G9.Office/O4kTOBJ0M5ITQxATLEJkQ40SNwQDNtQUOxATL1YUNxQUO2E0e"
O365PRODUCT="$HOME/Library/Group Containers/UBF8T346G9.Office"
VNEXTLICENSEPATH="$O365PRODUCT/Licenses"
VNEXTPERPETUALLICENSEPATH="/Library/Microsoft/Office/Licenses"

# Forcibly close Office apps if they are running
/usr/bin/pkill -HUP "Microsoft Word"
/usr/bin/pkill -HUP "Microsoft Excel"
/usr/bin/pkill -HUP "Microsoft PowerPoint"
/usr/bin/pkill -HUP "Microsoft Outlook"
/usr/bin/pkill -HUP "Microsoft OneNote"

# Remove the Perpetual/Volume License from the computer
if [ -f "$PERPLICENSE" ]
then
	/usr/bin/logger "Detected $PERPLICENSE file"
	/usr/bin/sudo mv -f "$PERPLICENSE" "$PERPLICENSEBACKUP"
	/usr/bin/logger "Removed $PERPLICENSE file"
else
	/usr/bin/logger "Did NOT detect $PERPLICENSE file"
fi

# Remove the 2021 Consumer Perpetual Licence from the computer
if [ -e "$VNEXTPERPETUALLICENSEPATH" ]
then
	/usr/bin/logger "Detected $VNEXTPERPETUALLICENSEPATH folder"
	/usr/bin/sudo rm -rf "$VNEXTPERPETUALLICENSEPATH"
	/usr/bin/logger "Removed $VNEXTPERPETUALLICENSEPATH folder"
else
	/usr/bin/logger "Did NOT detect $VNEXTPERPETUALLICENSEPATH folder"
fi

# Remove the Office 365 Subscription License
if [ -f "$O365SUBMAIN" ] || [ -f "$O365SUBBAK1" ] || [ -f "$O365SUBBAK2" ] || [ -f "$O365SUBMAINB" ] || [ -f "$O365SUBBAK1B" ] || [ -f "$O365SUBBAK2B" ] || [ -e "$VNEXTLICENSEPATH" ]
then
	/bin/logger "Detected Office 365 Subscription License file"
	/bin/rm -f "$O365SUBMAIN"
	/bin/rm -f "$O365SUBBAK1"
	/bin/rm -f "$O365SUBBAK2"
	/bin/rm -f "$O365SUBMAINB"
	/bin/rm -f "$O365SUBBAK1B"
	/bin/rm -f "$O365SUBBAK2B"
	/bin/rm -rf "$VNEXTLICENSEPATH"
	/usr/bin/logger "Removed all Office 365 Subscription License files"
else
	/usr/bin/logger "Did NOT detect Office 365 Subscription License file"
fi

KeychainHasLogin=$(/usr/bin/security list-keychains | grep 'login.keychain')
if [ "$KeychainHasLogin" = "" ]; then
	echo "Adding user login keychain to list"
	/usr/bin/security list-keychains -s "$HOME/Library/Keychains/login.keychain-db"
fi

echo "Display list-keychains for logged-in user"
/usr/bin/security list-keychains

# Remove any keychain entries for Office
/usr/bin/security delete-generic-password -s 'OneAuthAccount'
/usr/bin/security delete-internet-password -s 'msoCredentialSchemeADAL'
/usr/bin/security delete-internet-password -s 'msoCredentialSchemeLiveId'
/usr/bin/security delete-generic-password -l 'Microsoft Office Identities Settings 2'
/usr/bin/security delete-generic-password -l 'Microsoft Office Identities Settings 3'
/usr/bin/security delete-generic-password -l 'Microsoft Office Identities Cache 2'
/usr/bin/security delete-generic-password -l 'Microsoft Office Identities Cache 3'
/usr/bin/security delete-generic-password -l 'Microsoft Office Ticket Cache'
/usr/bin/security delete-generic-password -l 'com.microsoft.adalcache'
/usr/bin/security delete-generic-password -l 'com.microsoft.OutlookCore.Secret'
/usr/bin/security delete-generic-password -l 'MicrosoftOfficeRMSCredential'
/usr/bin/security delete-generic-password -l 'MSProtection.framework.service'
/usr/bin/security delete-generic-password -G 'MSOpenTech.ADAL.1'
/usr/bin/security delete-generic-password -G 'MSOpenTech.ADAL.1'
/usr/bin/security delete-generic-password -G 'Microsoft Office Data'
/usr/bin/security delete-generic-password -G 'Microsoft Office Data'
/usr/bin/security delete-generic-password -G 'Microsoft Office Data'
/usr/bin/security delete-generic-password -l 'com.microsoft.OutlookCore.Secret'
/usr/bin/security delete-generic-password -l 'com.helpshift.data_com.microsoft.Outlook'
/usr/bin/security delete-generic-password -l 'com.helpshift.data_com.microsoft.Outlook'
/usr/bin/security delete-generic-password -l 'com.helpshift.data_com.microsoft.Outlook'
/usr/bin/security delete-generic-password -l 'com.helpshift.data_com.microsoft.Outlook'
/usr/bin/security delete-generic-password -l 'MicrosoftOfficeRMSCredential'
/usr/bin/security delete-generic-password -l 'MicrosoftOfficeRMSCredential'
/usr/bin/security delete-generic-password -l 'MSProtection.framework.service'
/usr/bin/security delete-generic-password -l 'MSProtection.framework.service'
/usr/bin/logger "Removed all Office keychain entries"

# Remove the Belongs To information
if [ -e "$HOME/Library/Preferences/com.microsoft.office.plist" ]; then
	/usr/bin/sudo -u $LoggedInUser /usr/bin/defaults delete $HOME/Library/Preferences/com.microsoft.office OfficeActivationEmailAddress
	/usr/bin/sudo -u $LoggedInUser /usr/bin/defaults write $HOME/Library/Preferences/com.microsoft.office OfficeAutoSignIn -bool TRUE
	/usr/bin/sudo -u $LoggedInUser /usr/bin/defaults write $HOME/Library/Preferences/com.microsoft.office HasUserSeenFREDialog -bool TRUE
	/usr/bin/sudo -u $LoggedInUser /usr/bin/defaults write $HOME/Library/Preferences/com.microsoft.office HasUserSeenEnterpriseFREDialog -bool TRUE
fi

# Reset the first run experience for each licensed app
if [ -e "$HOME/Library/Containers/com.microsoft.Word/Data/Library/Preferences/com.microsoft.Word.plist" ]; then
	/usr/bin/sudo -u $LoggedInUser /usr/bin/defaults write $HOME/Library/Containers/com.microsoft.Word/Data/Library/Preferences/com.microsoft.Word kSubUIAppCompletedFirstRunSetup1507 -bool FALSE
fi
if [ -e "$HOME/Library/Containers/com.microsoft.Excel/Data/Library/Preferences/com.microsoft.Excel.plist" ]; then
	/usr/bin/sudo -u $LoggedInUser /usr/bin/defaults write $HOME/Library/Containers/com.microsoft.Excel/Data/Library/Preferences/com.microsoft.Excel kSubUIAppCompletedFirstRunSetup1507 -bool FALSE
fi
if [ -e "$HOME/Library/Containers/com.microsoft.Powerpoint/Data/Library/Preferences/com.microsoft.Powerpoint.plist" ]; then
	/usr/bin/sudo -u $LoggedInUser /usr/bin/defaults write $HOME/Library/Containers/com.microsoft.Powerpoint/Data/Library/Preferences/com.microsoft.Powerpoint kSubUIAppCompletedFirstRunSetup1507 -bool FALSE
fi
if [ -e "$HOME/Library/Containers/com.microsoft.Outlook/Data/Library/Preferences/com.microsoft.Outlook.plist" ]; then
	/usr/bin/sudo -u $LoggedInUser /usr/bin/defaults write $HOME/Library/Containers/com.microsoft.Outlook/Data/Library/Preferences/com.microsoft.Outlook kSubUIAppCompletedFirstRunSetup1507 -bool FALSE
fi
if [ -e "$HOME/Library/Containers/com.microsoft.onenote.mac/Data/Library/Preferences/com.microsoft.onenote.mac.plist" ]; then
	/usr/bin/sudo -u $LoggedInUser /usr/bin/defaults write $HOME/Library/Containers/com.microsoft.onenote.mac/Data/Library/Preferences/com.microsoft.onenote.mac kSubUIAppCompletedFirstRunSetup1507 -bool FALSE
fi

/usr/bin/logger "Set apps back to first run state"

# Remove the current flights from the registry
KEY_SOFTWARE=$(GetNodeId "Software" '-1')
KEY_MICROSOFT=$(GetNodeId "Microsoft" "$KEY_SOFTWARE")
KEY_OFFICE=$(GetNodeId "Office" "$KEY_MICROSOFT")
KEY_VERSION=$(GetNodeId "16.0" "$KEY_OFFICE")
KEY_COMMON=$(GetNodeId "Common" "$KEY_VERSION")
KEY_ECS=$(GetNodeId "ExperimentEcs" "$KEY_COMMON")
KEY_WORD=$(GetNodeId "word" "$KEY_ECS")
KEY_WORD_FLIGHTS=$(GetNodeId "Flights" "$KEY_WORD")
KEY_EXCEL=$(GetNodeId "excel" "$KEY_ECS")
KEY_EXCEL_FLIGHTS=$(GetNodeId "Flights" "$KEY_EXCEL")
KEY_POWERPOINT=$(GetNodeId "powerpoint" "$KEY_ECS")
KEY_POWERPOINT_FLIGHTS=$(GetNodeId "Flights" "$KEY_POWERPOINT")
KEY_OUTLOOK=$(GetNodeId "outlook" "$KEY_ECS")
KEY_OUTLOOK_FLIGHTS=$(GetNodeId "Flights" "$KEY_OUTLOOK")
KEY_ONENOTE=$(GetNodeId "onenote" "$KEY_ECS")
KEY_ONENOTE_FLIGHTS=$(GetNodeId "Flights" "$KEY_ONENOTE")
KEY_LICENSING=$(GetNodeId "licensingdaemon" "$KEY_ECS")
KEY_LICENSING_FLIGHTS=$(GetNodeId "Flights" "$KEY_LICENSING")

KEY_EX_CONFIGS=$(GetNodeId "ExperimentConfigs" "$KEY_COMMON")
KEY_EX_ECS=$(GetNodeId "Ecs" "$KEY_EX_CONFIGS")
KEY_EX_ECS_WORD=$(GetNodeId "word" "$KEY_EX_ECS")
KEY_EX_ECS_WORD_CCD=$(GetNodeId "ConfigContextData" "$KEY_EX_ECS_WORD")
KEY_EX_ECS_EXCEL=$(GetNodeId "excel" "$KEY_EX_ECS")
KEY_EX_ECS_EXCEL_CCD=$(GetNodeId "ConfigContextData" "$KEY_EX_ECS_EXCEL")
KEY_EX_ECS_POWERPOINT=$(GetNodeId "powerpoint" "$KEY_EX_ECS")
KEY_EX_ECS_POWERPOINT_CCD=$(GetNodeId "ConfigContextData" "$KEY_EX_ECS_POWERPOINT")
KEY_EX_ECS_OUTLOOK=$(GetNodeId "outlook" "$KEY_EX_ECS")
KEY_EX_ECS_OUTLOOK_CCD=$(GetNodeId "ConfigContextData" "$KEY_EX_ECS_OUTLOOK")
KEY_EX_ECS_ONENOTE=$(GetNodeId "onenote" "$KEY_EX_ECS")
KEY_EX_ECS_ONENOTE_CCD=$(GetNodeId "ConfigContextData" "$KEY_EX_ECS_ONENOTE")
KEY_EX_ECS_LICENSING=$(GetNodeId "licensingdaemon" "$KEY_EX_ECS")
KEY_EX_ECS_LICENSING_CCD=$(GetNodeId "ConfigContextData" "$KEY_EX_ECS_LICENSING")

RemoveFlightData "$KEY_WORD"
RemoveFlightData "$KEY_EX_ECS_WORD"
DeleteNode "$KEY_WORD_FLIGHTS"
DeleteNode "$KEY_EX_ECS_WORD_CCD"
RemoveFlightData "$KEY_EXCEL"
RemoveFlightData "$KEY_EX_ECS_EXCEL"
DeleteNode "$KEY_EXCEL_FLIGHTS"
DeleteNode "$KEY_EX_ECS_EXCEL_CCD"
RemoveFlightData "$KEY_POWERPOINT"
RemoveFlightData "$KEY_EX_ECS_POWERPOINT"
DeleteNode "$KEY_POWERPOINT_FLIGHTS"
DeleteNode "$KEY_EX_ECS_POWERPOINT_CCD"
RemoveFlightData "$KEY_OUTLOOK"
RemoveFlightData "$KEY_EX_ECS_OUTLOOK"
DeleteNode "$KEY_OUTLOOK_FLIGHTS"
DeleteNode "$KEY_EX_ECS_OUTLOOK_CCD"
RemoveFlightData "$KEY_ONENOTE"
RemoveFlightData "$KEY_EX_ECS_ONENOTE"
DeleteNode "$KEY_ONENOTE_FLIGHTS"
DeleteNode "$KEY_EX_ECS_ONENOTE_CCD"
RemoveFlightData "$KEY_LICENSING"
RemoveFlightData "$KEY_EX_ECS_LICENSING"
DeleteNode "$KEY_LICENSING_FLIGHTS"
DeleteNode "$KEY_EX_ECS_LICENSING_CCD"
/usr/bin/logger "Removed all Office flighting data"

# Forcibly remove any Config Service Caching
NukeValue "AuthorityUrl"
NukeValue "FilePath"
NukeValue "Url"

# Restart the CFPreferences daemon to ensure that all caches are flushed
/usr/bin/sudo /usr/bin/killall cfprefsd
/usr/bin/logger "Terminated all instances of CFPrefsd"

/usr/bin/logger "Completed Office for Mac License Removal 2.7"

exit 0

BCPeteo · ‎02-13-2024

Thanks I have already looked at the script. There is nothing in there that says do not run if the user is blank or root. Our Office install is for all users so the few settings that use the Users folder are not being set by our install.

If its failing Jamf should say its failing right now its just pending.

jamf-42 · ‎02-13-2024

I don't think it's designed to run outside of the user environment...

script will only fail if it gets an exit code. if it not run.. no exit code...

again.. this is user env:

LoggedInUser=$(GetLoggedInUser)
SetHomeFolder "$LoggedInUser"
echo "Running as: $LoggedInUser; Home Folder: $HOME"

BCPeteo · ‎02-13-2024

Thanks, the user would be root.

GetLoggedInUser() {
	LOGGEDIN=$(/bin/echo "show State:/Users/ConsoleUser" | /usr/sbin/scutil | /usr/bin/awk '/Name :/&&!/loginwindow/{print $3}')
	if [ "$LOGGEDIN" = "" ]; then
		echo "$USER"
	else
		echo "$LOGGEDIN"
	fi
}

Also in the script it removes the license file which is not in a users home directory's library. MS just seems to be being thorough and again if it ran, Jamf would show that it ran.

Its probably safer to run at login just incase there is some stuff left over. Thanks for the info though

obi-k · ‎02-13-2024

Do you have any client-side limitations set in the policy?

BCPeteo · ‎02-13-2024

No limitations. Its does not say the policy failed. Just says pending

Jamf Nation Community

Is the Startup trigger reliable?