Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Auditing Unapproved Applications

Does anyone know if this can be automated?

We would like to compare a list of pre approved applications to what applications are currently installed on our managed machines and which machines have those un approved applications.

So far, i've been searching the inventory using .app to search and manually comparing this to our pre approved software list.

Like Comment
Order by:
SOLVED Posted: by mack525

hmmm... have you tried using the asterisk * when searching ?

Like
SOLVED Posted: by doreyme

@mack525 Thanks for the reply, i actually did that as well.

The main objective is to be able to identify what machines have applications that are not approved in the office.

Like
SOLVED Posted: by mack525

@doreyme Understood. Under each application from that list, you should get the option to click on the drop down to list the machines that have it installed.

Like
SOLVED Posted: by doreyme

@mack525 so rather than cross checking manually, is there anyway to export this list of applications installed on these managed machines into an XML file?

Like
SOLVED Posted: by mack525

@doreyme Give this Link a look

Like
SOLVED Posted: by edickson

As much as this may hurt, it may help to take admin rights away from the end users. It will lessen their ability to install unapproved software.

Like
SOLVED Posted: by doreyme

@mack525 PERFECT! Exactly what I was looking for!

Thanks again everyone!

Like
SOLVED Posted: by mack525

Agreed @edickson @doreyme Glad that helped.

Like
SOLVED Posted: by tlarkin

Application searching in jamf is sorta madness, I would try to look at local system states, but it would require a lot of work. It will require a lot of work either way. I am a huge fan of spotlight, so if you have an approved app list, I would feed that into code and do a spotlight search for all apps and then return the delta

Like
SOLVED Posted: by doreyme

@tlarkin Thanks for the info, I'd be interested if you don't mind elaborating more on the steps to do this.

Like
SOLVED Posted: by tlarkin

@doreyme

Spotlight will index everything on your computer, sans a few file system paths. It also tags those objects with metadata, which is very useful and powerful.

example:

mdfind -name "kMDItemKind = Application" -onlyin /Applications/

That will return a list of every Application in /Applications

From there you can compare that to your list of pre-approved apps, and then take whatever action you want in code. Of course running an Application White List via parental controls or MDM config profile payload may be the better answer for this. You can also look at third party projects like Santa from Google, which do binary white/black listing.

Last you can use restricted software settings in jamf to manage this as well, but that can be very labor intensive. Basically, it will be a full time job managing black/white lists of apps, unless you have some sort of automation system in place to handle it.

Like
SOLVED Posted: by doreyme

Thanks alot @tlarkin Very much appreciated.

Utilizing the restricted software settings is definitely a bit too tedious

Like
SOLVED Posted: by tlarkin

So, I was actually working on a side project during the time this was posted. I have put together a Spotlight framework for app tagging and possible removal of the app if it leaves your management program. Mainly around the idea of BYOD, but my employer does not allow BYOD, so this was just for fun. I then wrapped DEP Notify around it

https://github.com/t-lark/DEP-Notify-Decom

Like