Posted on 03-02-2022 07:46 AM
We are trying to put together a silent uninstaller for out BItDefender endpoints. The command requires a --password flag which we don't want to be pushing our Jamf management account password over plaintext in this command. I am trying to put together a script that creates a new admin user, runs the uninstaller, and then deletes the admin user. I am running into issues switching to the created admin account to authenticate. Is there a certain way you can sudo su in a script? Below are the two variations we have tried and tested unsuccessfully:
jamf createAccount -username bdremover -realname "BitDefender Remover" -password <random password> -home /Users/bdremover -hiddenUser -admin -secureSSH sudo /Library/Bitdefender/AVP/common/UninstallTool --password=<random password> jamf deleteAccount -username bdremover
jamf createAccount -username bdremover -realname "BitDefender Remover" -password <random password> -home /Users/bdremover -hiddenUser -admin -secureSSH sudo -U bdremover /Library/Bitdefender/AVP/common/UninstallTool --password=<random password> jamf deleteAccount -username bdremover
03-02-2022 07:55 AM - edited 03-02-2022 08:00 AM
@falbrecht - I would recommend encrypting your password & passing the password utilizing the script parameters via policy & then passing the encrypted parameter as a variable to use within your script. for example - https://github.com/brysontyrrell/EncryptedStrings/blob/master/EncryptedStrings_Bash.sh
if you don't want to do that, you can always create a user via policy payload within jamf, that's what I would recommend instead of doing it within a script & then run the command as
sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5
the $4 & $5 reflect the username & password being pulled from the parameter slots #4 & #5 from the script parameters located within the scripts payload within a policy once the script is added.
Posted on 03-02-2022 08:09 AM
How do you mean by that last part about $4 and $5? Is the idea to use the local account creation in the policy and then run the command from the script payload or at that point could I just include sudo -u $4 /Library/Bitdefender/AVP/common/UninstallTool --password $5 command in the "Files and Processes" payload?
Posted on 03-02-2022 08:30 AM
So first you want to create your script inside jamf pro with the parameters in mind. (rough example depicted below)
Second, you want to create a policy, within the script payload, add the bitdefender script you just created to the policy, then you will have the options to add the parameter values to pass as the variables $4 & $5 within your script. (Depicted Below)
as long as that admin username & password already exists on the machine, it will run.
Posted on 03-02-2022 09:22 AM