Help

Remove Application from multiple locations on computer

erichughes
Contributor II

Posted on ‎03-12-2020 10:53 AM

We have a application that we are trying to remove from all managed computers (HipChat). It can live in /Applications or ~/Applications or pretty much anywhere. I did a basic script to remove it from /Applications but lots of machine still report having it installed. Any pointers on scripting to search the drive to find the App and remove all copies from all places?

Labels:
0 Kudos
Reply
8 REPLIES 8

davidi4
Contributor

Posted on ‎03-12-2020 10:56 AM

Are you also removing the receipt from when it was initially installed?

0 Kudos
Reply

erichughes
Contributor II

Posted on ‎03-12-2020 11:02 AM

I have not been, basically just a rm pointed at the .app in /Applications. I know it is still installed in some ~/Applications even after the policy to remove it has run, because its not looking there. So it continues to report in Inventory and the Policy still shows in self service, which is a little annoying for users.

0 Kudos
Reply

signetmac
Contributor

Posted on ‎03-13-2020 09:55 AM

Any reason you don't just set up a Restricted Software policy and select the option, "Delete Application"? I was under the impression that it did not discriminate based where the application was launched from.

3cc799adb7a54bb89f2d41a51bc68ad5

0 Kudos
Reply

mm2270
Legendary Contributor III

Posted on ‎03-13-2020 10:23 AM

Restricted Software should help like mentioned above.

In the event that you want to more proactively find and delete the application, you could consider using a script that uses mdfind (faster) or find (slower but sometimes more accurate) to locate the app and delete it.

0 Kudos
Reply

erichughes
Contributor II

Posted on ‎03-13-2020 10:27 AM

Thanks for those. I'm not sure the restricted policy will work because the app never gets launched. I will test it to see how it may do what we need. Its the scripting of the find that I struggle with, but that's what testing is for. Thanks again.

0 Kudos
Reply

mm2270
Legendary Contributor III

Posted on ‎03-13-2020 10:32 AM 

#!/bin/bash

while read result; do
    /bin/rm -R "$result"
done < <(/usr/bin/mdfind 'kMDItemKind == "Application" && kMDItemFSName == "HipChat.app"')

Something like that when using mdfind might work

0 Kudos
Reply

erichughes
Contributor II

Posted on ‎03-13-2020 12:27 PM

Things like this make me wish I knew more scripting. Thanks much.

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎03-14-2020 08:03 AM

Due to the recent zero day vulnerability, we had to remove any/all copies of Google Chrome that was not at the desired version or higher.

Would run this script in its own policy (target all computers) as a clean up script to remove copies not in /Applications/Google Chrome.app path.

A second policy enforces /Applications/Google Chrome.app path, where if you have it but it isn’t the right version (or higher), we replace it with the right version.

Replace "COMPANY" with your company name.

#!/bin/bash

GOODPATH="/Applications/Google Chrome.app"
BUNDLEID="com.google.Chrome"
SEARCHDIR="/Library/Application Support/COMPANY/SearchResults"
SEARCHFILE="$SEARCHDIR/Removed-Google-Chrome-$DATESTRING.txt"
DATESTRING=$(date +%Y%m%dT%H%M%S)

# Create folder if it doesn't exist

mkdir -p "$SEARCHDIR"

# This function finds all apps with CFBundleIdentifier "$BUNDLEID", but ignores
# `/Applications/Google Chrome.app` path. This method of searching ensures
# accurate result whether the app was moved or renamed.

function searchCommand() {
    mdfind kMDItemCFBundleIdentifier="$BUNDLEID" | grep -v "$GOODPATH" > "$SEARCHFILE"
}

# This function removes all copies *only* if not in correct path.

function removeCommand() {
    xargs -I{} rm -r {} < "$SEARCHFILE"
}

searchCommand
removeCommand
--
https://donmontalvo.com
Reply