Jamf Nation Community

Even if they are admins you can monitor the existence of the folder via a luanchdaemon. You can setup a LunchDaemon that monitors the folder and recreates or sends a notification.
Then monitor the existence of the launchdaemon with a periodic check from the jss.
If they removed it re-add and send an automated message to HR, ;D

An EA to monitor the folder,CM tool like puppet,chef,ansible or config like @Look mentioned. You could hide the folder with chflags, but if users are admins..well you know how that goes. How you considered company policy or speaking to supervisors/managers?

L

@Look Yeah, that configuration profile route may be one we will have to go down. We're looking to eventually move to all standard accounts as we leverage JAMF to replace the need for users to be local admins, but that's going to be a very uphill cultural battle. Our org is very fragmented and IT doesn't have the strongest reputation historically, so our input doesn't always carry the sway it should/would in other companies.

It's always an uphill battle to remove admin rights. Yours may be worse than some. Dazzle them with Self service. Make sure it is fully baked with a bunch of apps, user configs, websites, training, etc. Then throw in the security requirements (if you have any) setup policy to require separate accounts for doing admin tasks then slowly migrate some teams who may not scream. Once they are all happy start pushing the other teams over. Baby steps.