Script Doesnt Remove the LaunchDaemon?

[dstranathan]

I have noticed that this script doesnt

-The script doesn't remove the 'removeAdmin.plist' LaunchDaemon properly. If you look in /Library/LaunchDaemons after it runs, the plist is NOT removed - even though the script is written to remove it. It gets UNLOADED fine - but not removed.

-The script doesn't remove itself (removal script that gets generated in /Library/Application Support/JAMF). So I have a step to delete it if it already exists prior to continuing. This is to prevent an older, outdated version from running (or there are conflict swith an existing file etc).

[jlevitsk]

This line causes the removeAdmin.sh to terminate and the actions after it don't happen which include the log collection and the removal of the LaunchDaemon. Just move this line to be 2 lines lower than it is so the removal happens and add a line to remove the removeAdmin.sh file too. That's what I found anyway.

launchctl unload /Library/LaunchDaemons/removeAdmin.plist

[jcejka11]

On 12.x putting this after the rm -rf /Library/LaunchDaemons/removeAdmin.plist will prevent the launchdaemon from unloading. file or folder not found error.

[cstout-jamf]

Replacing the end of the MakeMeAnAdmin script (the part that creates the local removal script) with what is below has helped ensure logs are properly created and the files used for the privilege changes are removed when the script finishes, including the script itself:

if [[ -f /private/var/userToRemove/user ]]; then
	userToRemove=$(cat /private/var/userToRemove/user)
	echo "Removing $userToRemove's admin privileges"
	/usr/sbin/dseditgroup -o edit -d $userToRemove -t user admin
	rm -f /private/var/userToRemove/user
	rm /Library/LaunchDaemons/removeAdmin.plist
	log collect --last 10m --output /private/var/userToRemove/$userToRemove.logarchive
	rm -- "$0"
	launchctl unload /Library/LaunchDaemons/removeAdmin.plist
fi
EOF