Help

Uninstaller Script Requires Root Password

falbrecht
New Contributor III

Posted on ‎03-02-2022 07:46 AM

Hi

 

We are trying to put together a silent uninstaller for out BItDefender endpoints. The command requires a --password flag which we don't want to be pushing our Jamf management account password over plaintext in this command. I am trying to put together a script that creates a new admin user, runs the uninstaller, and then deletes the admin user. I am running into issues switching to the created admin account to authenticate. Is there a certain way you can sudo su in a script? Below are the two variations we have tried and tested unsuccessfully:

 

jamf createAccount -username bdremover -realname "BitDefender Remover" -password <random password> -home /Users/bdremover -hiddenUser -admin -secureSSH

sudo /Library/Bitdefender/AVP/common/UninstallTool --password=<random password> 

jamf deleteAccount -username bdremover
jamf createAccount -username bdremover -realname "BitDefender Remover" -password <random password> -home /Users/bdremover -hiddenUser -admin -secureSSH

sudo -U bdremover /Library/Bitdefender/AVP/common/UninstallTool --password=<random password> 

jamf deleteAccount -username bdremover
0 Kudos
Reply
4 REPLIES 4

Hugonaut
Valued Contributor II

‎03-02-2022 07:55 AM - edited ‎03-02-2022 08:00 AM

@falbrecht  - I would recommend encrypting your password & passing the password utilizing the script parameters via policy & then passing the encrypted parameter as a variable to use within your script. for example - https://github.com/brysontyrrell/EncryptedStrings/blob/master/EncryptedStrings_Bash.sh

 

if you don't want to do that, you can always create a user via policy payload within jamf, that's what I would recommend instead of doing it within a script & then run the command as

sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5

 

the $4 & $5 reflect the username & password being pulled from the parameter slots #4 & #5 from the script parameters located within the scripts payload within a policy once the script is added.

 

 

 

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month
Reply

falbrecht
New Contributor III
In response to Hugonaut

Posted on ‎03-02-2022 08:09 AM

How do you mean by that last part about $4 and $5? Is the idea to use the local account creation in the policy and then run the command from the script payload or at that point could I just include sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5 command in the "Files and Processes" payload?

0 Kudos
Reply

Hugonaut
Valued Contributor II
In response to falbrecht

Posted on ‎03-02-2022 08:30 AM

So first you want to create your script inside jamf pro with the parameters in mind. (rough example depicted below)

Screen Shot 2022-03-02 at 10.27.32 AM.png

 

Second, you want to create a policy, within the script payload, add the bitdefender script you just created to the policy, then you will have the options to add the parameter values to pass as the variables $4 & $5 within your script. (Depicted Below)

Screen Shot 2022-03-02 at 10.27.44 AM.png

 

as long as that admin username & password already exists on the machine, it will run.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month
Reply

kavila
New Contributor III

Posted on ‎03-02-2022 09:22 AM

Take a look at Dan's script here.

I've been using it with great success in my environment. 

Reply