Help

Restricted software manual removal on the Mac directly

appledes
New Contributor III

Posted on ‎01-07-2015 10:26 AM

Is there a way to modify manually the restricted software attribute on the Mac directly? We have a home user who did not get an udpate when we lifted the block on Yosemite. I was wondering how to adjust this for him directly on the Mac.

0 Kudos
7 REPLIES 7

bentoms
Release Candidate Programs Tester

Posted on ‎01-07-2015 10:28 AM

@appledes, it the device can see the JSS a "sudo jamf manage" will update the restricted software list.

0 Kudos

appledes
New Contributor III

Posted on ‎01-07-2015 10:30 AM

Thanks for the reply. That didnt work. JSS shows the device checking in but no inventory had been submitted since we lifted the block. Would this refresh on a jamf recon command? we are running 9.61

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎01-07-2015 11:02 AM

@appledes - Restricted Software has nothing to do with Inventory updates. The command @bentoms mentioned forces the management framework to get pulled down, which includes changes to Restricted Software, not submit new inventory.
If sudo jamf manage isn't lifting the restriction, the only way will be to delete the xml file that controls the restrictions settings. I'm not willing to post the location of that file here on a public forum since it would give someone looking for a possible way around all restricted software controls from Casper something to target. You can talk to your JAMF rep about it, or email me at mm2270 [at] me [dot] com and I can tell you what needs to be deleted or modified.

For anyone else reading that also knows the location of the xml file, I would ask that we please refrain from posting it here. These threads get picked up Google caching and, while I understand with enough snooping, anyone can find it, let's not make it stupid easy for non JAMF admins to know how to bypass it.

0 Kudos

appledes
New Contributor III

Posted on ‎01-07-2015 11:05 AM

Thank you mm2270. I emailed my JSS rep early this morning and am waiting for a reply. I understand and agree with your restraint not to post certain items here.

0 Kudos

appledes
New Contributor III

Posted on ‎01-07-2015 11:06 AM

For now to help this client ASAP, I removed the agent, and he was able install Yosemite. I am reapplying the Quick_Add upon completion of his install.

0 Kudos

jhalvorson
Valued Contributor

Posted on ‎01-07-2015 11:08 AM

The command "sudo jamf manage" won't cause it update the inventory.

I've use the sudo jamf manage command in the past and noticed that change to the list of restricted apps doesn't update as quickly as hoped. I think it has to do with how quickly the LaunchDaemons - filenameof.plist retracted cycles through.

What has worked 100% of the time is to issue the jamf manage command and instruct the user to reboot. I suppose I should write a script that does the jamf manage command and then unloads and loads the plist so that users would not have to reboot. But our users never reboot and I know what's best for them. :) ha ha

0 Kudos

scottb
Honored Contributor

Posted on ‎01-07-2015 11:56 AM

Is it possible that the client's Mac had become unmanaged after being home for xx days?
We purge ours if they don't check in after 45 days. Might be why the command didn't work?

0 Kudos