Help

Reporting on VPP and App Store apps

MadPossum
New Contributor III

Posted on ‎02-09-2017 07:02 AM

Hi
Here's the problem I'm trying to solve. I want to find any apps that are on our machines that aren't licensed through our VPP.

Is there anything unique about a VPP app that I could use an EA to either include or exclude in an advanced search/report? I want to get everyone in compliance.

Thanks for your help!

Labels:
0 Kudos
4 REPLIES 4

timlarsen
Contributor

Posted on ‎02-09-2017 07:29 AM

The solution at the bottom of this post may help: https://www.jamf.com/jamf-nation/discussions/20957/differentiate-between-a-mac-app-store-app-installed-via-the-app-store-or-vpp

0 Kudos

MadPossum
New Contributor III

Posted on ‎02-10-2017 12:47 PM

@timlarsen Thank you for the link! Based on the information I found here and on @charles.edge 's excellent Krypted post I went about crafting this. Run as a script on a local machine It will find any MAS Apps that were purchased through VPP and, who the owner of that app is. The reason for sussing out the owner is after an acquisition, we have apps purchased by company A and Company B. It's useful to know which account is attached to the VPP apps. Here's my question, returning AppName and AppOwner in the same result is giving me unexpected results. Is it possible to have a Result1=AppName and a Result2=AppOwner in an EA?

Feel free to use this if you find it useful.

#!/bin/bash

#
# JAMF Extension Attribute that finds any MAS apps
# that were purchased through VPP and which account
# purchased it. 
# www.pretendco.com

VPPApps=$( mdfind -onlyin /Applications/ 'kMDItemAppStoreReceiptIsVPPLicensed == "1"')
AppOwner=$( mdls "$VPPApps" -name kMDItemAppStoreReceiptOrganizationDisplayName | awk '{ print $3, $4 }' | sed -e 's/^"//' -e 's/"$//')
AppName=$( echo "$VPPApps" | awk -F'/' '{print $NF}' | sed -e 's/^"//' -e 's/"$//')
result="$AppOwner $AppName"

echo "<result>$result</result>"
0 Kudos

MadPossum
New Contributor III

Posted on ‎02-10-2017 01:56 PM

 
0 Kudos

MadPossum
New Contributor III

Posted on ‎02-10-2017 02:48 PM

Ooops! I didn't account for spaces in the application names. So, with an assist from @greg.mcmullen on the #bash channel on MacAdmins.org's slack, that problem is fixed. Here is the new and improved EA. Although the more I think about it I wonder if I should make two EA's...

#!/bin/bash
    #
    # JAMF Extension Attribute that finds any MAS apps
    # that were purchased through VPP and which account
    # purchased it.
    # Crafted by Craig Lindsey for Starz 2017-2-10
    #

    mdfind -onlyin /Applications/ 'kMDItemAppStoreReceiptIsVPPLicensed == "1"' | while read VPPApp; do

        AppOwner=$( mdls "$VPPApp" -name kMDItemAppStoreReceiptOrganizationDisplayName | awk '{ print $3, $4 }' | sed -e 's/^"//' -e 's/"$//' )
        AppName=$( echo "$VPPApp" | awk -F'/' '{print $NF}' | sed -e 's/^"//' -e 's/"$//')
        result="$AppName $AppOwner"

        echo "<result>$result</result>"

        done
0 Kudos