Uninstaller Script Requires Root Password

falbrecht
New Contributor III

Hi

 

We are trying to put together a silent uninstaller for out BItDefender endpoints. The command requires a --password flag which we don't want to be pushing our Jamf management account password over plaintext in this command. I am trying to put together a script that creates a new admin user, runs the uninstaller, and then deletes the admin user. I am running into issues switching to the created admin account to authenticate. Is there a certain way you can sudo su in a script? Below are the two variations we have tried and tested unsuccessfully:

 

jamf createAccount -username bdremover -realname "BitDefender Remover" -password <random password> -home /Users/bdremover -hiddenUser -admin -secureSSH

sudo /Library/Bitdefender/AVP/common/UninstallTool --password=<random password> 

jamf deleteAccount -username bdremover
jamf createAccount -username bdremover -realname "BitDefender Remover" -password <random password> -home /Users/bdremover -hiddenUser -admin -secureSSH

sudo -U bdremover /Library/Bitdefender/AVP/common/UninstallTool --password=<random password> 

jamf deleteAccount -username bdremover
4 REPLIES 4

Hugonaut
Valued Contributor II

@falbrecht  - I would recommend encrypting your password & passing the password utilizing the script parameters via policy & then passing the encrypted parameter as a variable to use within your script. for example - https://github.com/brysontyrrell/EncryptedStrings/blob/master/EncryptedStrings_Bash.sh

 

if you don't want to do that, you can always create a user via policy payload within jamf, that's what I would recommend instead of doing it within a script & then run the command as

sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5

 

the $4 & $5 reflect the username & password being pulled from the parameter slots #4 & #5 from the script parameters located within the scripts payload within a policy once the script is added.

 

 

 

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

falbrecht
New Contributor III

How do you mean by that last part about $4 and $5? Is the idea to use the local account creation in the policy and then run the command from the script payload or at that point could I just include sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5 command in the "Files and Processes" payload?

Hugonaut
Valued Contributor II

So first you want to create your script inside jamf pro with the parameters in mind. (rough example depicted below)

Screen Shot 2022-03-02 at 10.27.32 AM.png

 

Second, you want to create a policy, within the script payload, add the bitdefender script you just created to the policy, then you will have the options to add the parameter values to pass as the variables $4 & $5 within your script. (Depicted Below)

Screen Shot 2022-03-02 at 10.27.44 AM.png

 

as long as that admin username & password already exists on the machine, it will run.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

kavila
New Contributor III

Take a look at Dan's script here.

I've been using it with great success in my environment.