How to handle new Macs with Apple's Mac App Store apps?

jhuls
Contributor III

Just curious what process everyone uses to deal with App Store apps like iMovie, GarageBand, Pages, etc. on brand new Macs? We want to avoid users needing to accept apps with an Apple ID and manage the apps and updates with the Mac App Store feature in Jamf. Is there a method to deal with this? I've spoke with Jamf through chat and the recommendation is to setup a runonce policy to remove those apps and have Jamf re-install as managed apps.

This seems like it should work but I'd prefer to automate things more and be able to detect what apps are unmanaged and use a smart group to scope it. Is there a way to detect this so it can be scoped?

4 REPLIES 4

Look
Valued Contributor III

If you look in the receipt file of a VPP delivered app you should see a truncated version of your organisation name in there, If you look in a vanilla version it won't be there, you could probably construct some kind of Extension Attribute around this I guess and then remove and replace.
Not sure how you would deal with versions that were on some other license (i.e. The user already has a license for the product).
There may be better ways of doing this as well.

/Applications/Pages.app/Contents/_MASReceipt/receipt

jhuls
Contributor III

@Look Interesting. Thanks...I'll look into it.

ChicagoGuy1984
New Contributor III

@Look this is very usefull info for me , we try to deploy the "Free Apple Apps" via the VPP, but it has not been very effective. For one reason, we have a lot of apps just sit there and update when they like , week or 20 days after an upgrade has been made available via the AppStore, for others they don't even update after the original sync. its been very hard to track .

knowing that the 'Receipt" file is different in the directory mentioned above gives me an idea, although i don't know how to open that binary file and grep for the "VPP keywords" in it. if it does not have those, i could Delete those apps - that would re-download the Apps from the App store and they would refresh them selves. ...

Thanks for posting

Look
Valued Contributor III

@ChicagoGuy1984 Yeah it's mostly half encrypted nonsense. In our case though I opened them in TextEdit and noticed a partial string that matched our organisation, then using something like:

if [[ "$(cat THE_APP_RECEIPT | awk '/THE_PARTIAL_ORG_STRING/')" ]];

Should effectively return true if the string exists and false if it doesn't.