Help

How can I prevent users to uninstall the Self Service being deployed in a prestige enrolment?

Go to solution
Apple_DEP_ESA
New Contributor II

Posted on ‎11-30-2017 07:16 AM

How can I prevent users to uninstall the Self Service being deployed in a prestage enrolment on IoS?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
cddwyer
Contributor

Posted on ‎12-01-2017 06:35 AM

While you can't block it's removal, you can enforce a persistent re-install if the app ever were to be removed, you would create a smart group for users without the Self Service app and create a policy to install Self Service, set it to trigger at re-occurring check-in with frequency set to on-going and scope it at the smart group for devices without Self Service.

Or, if you didn't want to wait for a check-in you could create a policy to install Self Service with a custom trigger, then deploy a launch agent to the device that checks for the existence of Self Service every minute and if it is not present it would call 'jamf policy -trigger <your customer trigger to install self service>' that would work and obviously you could set it to every minute, 5 minutes or what ever you wanted the delay to be. Also maybe set an email alert for the smart group, then you could establish who is deleting Self Service and ask them not to in future...

Hope that helps.

View solution in original post

5 REPLIES 5

Go to solution
bburdeaux
Contributor II

Posted on ‎11-30-2017 08:14 AM

Your only option is to disallow app removal with a restrictions profile, but this option is all or nothing. There isn't a way to prevent the removal of individual apps.

Go to solution
Apple_DEP_ESA
New Contributor II

Posted on ‎12-01-2017 12:55 AM

thank your your reply. I have tested your suggestion. But the thing is this policy will also affect the personal apps - the ones that were installed from the App Store with the personal applied. my idea is to block the uninstallation of the applications deployed by the MDM server, starting with the Self Service. is this scenario possible?

0 Kudos

Go to solution
miregan
Contributor II

Posted on ‎12-01-2017 05:31 AM

No

0 Kudos

Go to solution
cddwyer
Contributor

Posted on ‎12-01-2017 06:35 AM

While you can't block it's removal, you can enforce a persistent re-install if the app ever were to be removed, you would create a smart group for users without the Self Service app and create a policy to install Self Service, set it to trigger at re-occurring check-in with frequency set to on-going and scope it at the smart group for devices without Self Service.

Or, if you didn't want to wait for a check-in you could create a policy to install Self Service with a custom trigger, then deploy a launch agent to the device that checks for the existence of Self Service every minute and if it is not present it would call 'jamf policy -trigger <your customer trigger to install self service>' that would work and obviously you could set it to every minute, 5 minutes or what ever you wanted the delay to be. Also maybe set an email alert for the smart group, then you could establish who is deleting Self Service and ask them not to in future...

Hope that helps.

Go to solution
Apple_DEP_ESA
New Contributor II

Posted on ‎12-06-2017 02:38 AM

Thanks! really usefull!

0 Kudos