This community has been helpful for me in setting up Jamf in our small 40 person company, so I wanted to give back with a script you may find helpful.
With the recent security and privacy issues around Zoom, our organization decided to ban Zoom from running on our corporate computers. SpaceX made that decision last week, and Google banned it as well this week.
While we can add Zoom to the restricted software in Jamf, it doesn't remove all the additional cruft that Zoom leaves behind. It also doesn't uninstall the software right away, it only removes it when a user attempts to start the software.
Zoom has an uninstaller built into the app, but it does not uninstall everything. I put together a script you can run both locally and as a policy on macOS devices. The script will report which files and folders it found and deleted after stopping the Zoom process and deleting the application. I recommend using this in addition to the restricted software in Jamf. This script to uninstall and keep things clean, and restricted software to prevent the application from getting installed again in the future.
I put the script up on Github in case anyone has any feedback or improvements, so we can keep everything centralized in one place. I hope it's helpful for all of you.
Do the logs have anything being reported for the failure?
I added this to my Jamf as a policy that applies to all computers since we banned the software company wide and haven't done much testing with Self Service. But I enabled Self Service and it ran successfully for me. Not sure what's different between your environment and mine, but happy to help if you have some more info.
As someone that also has to remove Zoom from all systems I thank you for providing the baseline.
I do have two requests/suggestions. First provide a version that can do this for all user accounts on the Mac instead of just the currently logged in user. Be wary of using dscl for this as, to my knowledge, it does not list Network accounts.
Second remove the sudo requirement for the Self Service. None of my users has sudo access so they wouldn't be able to use the script as is.
I will be making the first change myself as I need to run this on all machines quickly.
@yholland Nothing is replacing Zoom for us. We've been use G Suite and therefor we've been using the integrated (and "free") Google Meet. There was a short period of time where we did discuss moving to Zoom, but we ended up deciding to stay with our existing Google Meet system. Our team still joins external Zoom calls (myself included), but we all do it through the web browser now (just like we do with Google Meet).
@glerl.it You're welcome! Hopefully it gives you a starting point to save you some time with your own script.
1.) That wasn't a scenario I had in our smaller 40 person organization, since all users are single users of their computers. If you're willing to submit a PR that covers this scenario I'll spin up a VM and do some testing to help troubleshoot and confirm it works. It looks like, from a StackOverflow post, we could possibly use this command as a starting point, and then grep even further down to grab only the name:
dscacheutil -q user | grep -A 3 -B 2 -e uid: 5'[0-9][0-9]'
Does that end up listing network accounts for you?
2.) This also isn't a scenario I faced. We didn't deploy this via Self Service, and all of our users are administrators. If you're up for a PR, we could add a check to see if the user running the script is an admin, and depending on their answer we change how the script runs.