erikstam / uninstaller

macOS uninstaller script
Apache License 2.0
86 stars 15 forks source link

Unintaller with Intune? #20

Open p-harrison opened 1 year ago

p-harrison commented 1 year ago

Hey I'm just wondering if anybody has tried to use Uninstaller with Intune? Intune cannot send command line parameters to scripts, but some small tweaks to the script allowed me to hardcode the label of the app you want to uninstall.

The script runs and works when I run it manually from a shell, if I push it from Intune it does not run however. I can see it being downloaded and an execution attempt is made, but the app is not uninstalled and nothing shows in the appAssassin.log. If I add something simple to the very start of the script, say mkdir /tmp/mytest the directory is not created, so it seems ZSH might not like something in the script so will not execute it at all. If I strip out everything from the script passed https://github.com/erikstam/uninstaller/blob/27b6d37d00b58ded1a6c1d1ed0b1d69969fb6c16/uninstaller.sh#L1245 then the script will execute and I can see an entry in appAssassin.log.

When the script fails to execute I see a message about 'sudo usage' in the Intune MDM Agent logs, which I suspect is related? FWIW I'm having Intune run the script as root.

ScriptPolicyRunner | Running recurring script policy PolicyID: 49c831fe-c8bc-4d35-bf98-ba60c8997b1e, ExecutionContext: root, ExecutionFrequency: 3600, RetryCount: 0, BlockExecutionNotifications: false
ScriptPolicyRunner | Script advisory on recurring script policy PolicyID: 49c831fe-c8bc-4d35-bf98-ba60c8997b1e, Description: [sudo usage]
ScriptPolicyRunner | Delivering user notification. PolicyID: 49c831fe-c8bc-4d35-bf98-ba60c8997b1e, UserId: 501

Whereas here is a log of a successful run (when I remove everything after line 1245) -

ScriptPolicyRunner | Running recurring script policy PolicyID: 49c831fe-c8bc-4d35-bf98-ba60c8997b1e, ExecutionContext: root, ExecutionFrequency: 3600, RetryCount: 0, BlockExecutionNotifications: false
ScriptManager | Running script in context. Context: 49c831fe-c8bc-4d35-bf98-ba60c8997b1e, UserContext: root
ScriptManager | Finished running script in context. Context: 49c831fe-c8bc-4d35-bf98-ba60c8997b1e, UserContext: root
ScriptPolicyRunner | Recurring script policy ran PolicyID: 49c831fe-c8bc-4d35-bf98-ba60c8997b1e, TotalRetries: 0, Status: Success, ExitCode: 0
ScriptStateChangeManager | This policy has never been executed on this device before the current check-in PolicyID: 49c831fe-c8bc-4d35-bf98-ba60c8997b1e
RecurringScriptPolicyCoordinator | Adding script to scheduler PolicyID: 49c831fe-c8bc-4d35-bf98-ba60c8997b1e
ExecutionClock | Measurement: Policy Identifier: 49c831fe-c8bc-4d35-bf98-ba60c8997b1e, Type: shellScript, Duration: 0.036540985107421875
ScriptPolicyRunner | Delivering user notification. PolicyID: 49c831fe-c8bc-4d35-bf98-ba60c8997b1e, UserId: 501

Any ideas?

macbofh commented 11 months ago

Maybe install the uninstaller script local on your mac. Then create a separate small script with only the uninstall command and the parameter. You can try to execute that small script from intune. Or try this approach with a payload free installer package that 'wraps' this script in an empty package.

mjsanders commented 2 weeks ago

I second the suggestion from @macbofh . I work with WorkspaceONE UEM, and large scripts like installomator or uninstaller are not supported. We install these scripts into /usr/local/uninstaller/uninstaller.sh and call them from small scripts we configure with UEM.