Remove Application from multiple locations on computer

erichughes
Contributor II

We have a application that we are trying to remove from all managed computers (HipChat). It can live in /Applications or ~/Applications or pretty much anywhere. I did a basic script to remove it from /Applications but lots of machine still report having it installed. Any pointers on scripting to search the drive to find the App and remove all copies from all places?

8 REPLIES 8

davidi4
New Contributor III

Are you also removing the receipt from when it was initially installed?

erichughes
Contributor II

I have not been, basically just a rm pointed at the .app in /Applications. I know it is still installed in some ~/Applications even after the policy to remove it has run, because its not looking there. So it continues to report in Inventory and the Policy still shows in self service, which is a little annoying for users.

signetmac
Contributor

Any reason you don't just set up a Restricted Software policy and select the option, "Delete Application"? I was under the impression that it did not discriminate based where the application was launched from.

3cc799adb7a54bb89f2d41a51bc68ad5

mm2270
Legendary Contributor II

Restricted Software should help like mentioned above.

In the event that you want to more proactively find and delete the application, you could consider using a script that uses mdfind (faster) or find (slower but sometimes more accurate) to locate the app and delete it.

erichughes
Contributor II

Thanks for those. I'm not sure the restricted policy will work because the app never gets launched. I will test it to see how it may do what we need. Its the scripting of the find that I struggle with, but that's what testing is for. Thanks again.

mm2270
Legendary Contributor II
#!/bin/bash

while read result; do
    /bin/rm -R "$result"
done < <(/usr/bin/mdfind 'kMDItemKind == "Application" && kMDItemFSName == "HipChat.app"')

Something like that when using mdfind might work

erichughes
Contributor II

Things like this make me wish I knew more scripting. Thanks much.

donmontalvo
Esteemed Contributor II

Due to the recent zero day vulnerability, we had to remove any/all copies of Google Chrome that was not at the desired version or higher.

Would run this script in its own policy (target all computers) as a clean up script to remove copies not in /Applications/Google Chrome.app path.

A second policy enforces /Applications/Google Chrome.app path, where if you have it but it isn’t the right version (or higher), we replace it with the right version.

Replace "COMPANY" with your company name.

#!/bin/bash

GOODPATH="/Applications/Google Chrome.app"
BUNDLEID="com.google.Chrome"
SEARCHDIR="/Library/Application Support/COMPANY/SearchResults"
SEARCHFILE="$SEARCHDIR/Removed-Google-Chrome-$DATESTRING.txt"
DATESTRING=$(date +%Y%m%dT%H%M%S)

# Create folder if it doesn't exist

mkdir -p "$SEARCHDIR"

# This function finds all apps with CFBundleIdentifier "$BUNDLEID", but ignores
# `/Applications/Google Chrome.app` path. This method of searching ensures
# accurate result whether the app was moved or renamed.

function searchCommand() {
    mdfind kMDItemCFBundleIdentifier="$BUNDLEID" | grep -v "$GOODPATH" > "$SEARCHFILE"
}

# This function removes all copies *only* if not in correct path.

function removeCommand() {
    xargs -I{} rm -r {} < "$SEARCHFILE"
}

searchCommand
removeCommand
--
https://donmontalvo.com