Mass Deployment to Install/Uninstall the Mac Auto Updater (JAMF)

This topic describes how to deploy Mac Auto Updater using JAMF, so you can remotely deploy Auto Updater to multiple endpoints.

Use this topic as a guide for mass installation. Depending on the version of JAMF you are using, the images may change.

Prerequisites

Before you begin, do the following:

1. From Agent Realms, download the Shell Script for the Agent Realm. (Administration app > Endpoints >Agent Realms). Make sure you select Updater.

   

   See Shell Script for Mac Agent and Auto Updater.

2. From Endpoints > Downloads, download latest Management Tools with the Configuration Profile (observeit-OSX-management tools-OSX-X.X.X.tar.gz).

   

   See Management Tools.

3. From Endpoints > Downloads, download and open the latest macOS Updater release (observeit-autoupdater-OSX-X.X.X.tar.gz).

   

4. Update the Update Policy with the latest version (Endpoints > Updater Policy). In the Settings area, set OS Type to macos and select the latest updater version.

   

   See Setting Up Endpoint Update Policies.

If you want to make changes to the Configuration Profile, use the version that is not signed. After making changes you must sign the configuration profile before deploying it.

For information about how to sign an unsigned configuration profile, see this JAMF article.

JAMF Deployment

Set up the following:

1. Configuration Profile
2. Package
3. Script
4. Policy
5. Policy Scope

Configuration Profile

Upload the Configuration Profile included in the Management Tools you downloaded.

1. In JAMF, from the menu on the left-side, in Computers, select Configuration Profiles.

   

2. In the Configuration Profiles screen, from the list of configuration profiles, select the Configuration Profile you downloaded with the latest Management Tools.

Package

Upload the package you want to deploy.

observeit-autoUpdater-OSX-<version>.pkg package was downloaded with observeit-autoupdater-OSX-X.X.X.tar.gz.

1. In JAMF, from the left-side menu, in Computers, select Policies.

2. Click New.

   The New Package page opens.

   

3. In the Filename area, browse to the observeit-autoUpdater-OSX-<version>.pkg package file.

4. In the Display Name field, you see the name of the package you selected.

   

5. Click Save and the package is added.

Script

Upload the relevant Shell script you downloaded from the Agent Realm.

1. Using a text editor, open the downloaded Shell script so you can modify the relevant parameters. These parameters will be applied when the install is run.

2. From menu on the left-side, select Settings and from the options, select Scripts.

   

3. Select Scripts and the Scripts page opens.

   

4. Click New and the New Script page displays.

   

5. From the General tab, provide a Display Name.

6. In the Scripts tab, copy the Shell script file and paste it.

   

7. Review and save.

8. From the Options tab, set the Priority to Before so the script runs before the package.

   

9. Click Save.

Policy

Add a new policy for the Updater.

1. From Computers, select Policies from menu on the left-side.

2. In the Options tab, select General from the menu on the left side and provide a Display Name for the policy you are adding.

3. Make sure that the Enabled check box is selected, so that you can run the policy.

4. From menu on the left, select Packages and Configure the package. From the list of package, select the package.

   

5. From menu on the left, select Scripts and select the script from the list.

   

6. Save.

Policy Scope

Configure the Package in the Policy

• From Computers, select Policies from menu on the left-side and from the Scope tab add the deployment targets.

The Mac agents listed as available deployment targets must have the JAMF agent installed.

If you want to run the package yourself, under the Self Service tab, enable Make the policy available in the Self Service check box.

1. Uninstall the Mac Auto Updater for Mass Deployment (JAMF)

   Creating the Uninstall Script

   1. From the folder in the .pkg file, open the PreUninstall script example located in observeit-autoupdater-OSX-x.x.x.x.dmg\remote\ and copy its contents.

   2. Open the JAMF Web Console dashboard main screen.

      

   3. Click the Settings icon and select Computer Management from the All Settings menu.

   4. Under Computer Management, click the Scripts icon .

   5. Under Scripts, click New button to add the PreUninstall script to the JAMF Web Console.

   6. Paste the copied PreUninstall script to the Script Contents. You can add a password in the PASSWORD parameter if you want.

      

   7. Save the script.

   Creating the uninstall policy

   1. In the JAMF Web Console dashboard, click the Computers button and select Policies.

   2. Click the New button to create a policy.

   3. In the Options tab, under General:

      1. Specify a Display Name for the policy.

      2. Select the Enabled check box so that you can run the policy.

      3. Under Trigger, select Recurring Check-in, so that the policy will be applied to all the relevant computers.

   Adding and configuring the script in the policy

   1. From the Policies > Options tab, click Scripts.

   2. Select Configure, and then from the list of scripts, click the Add button alongside the uninstall script you created.

   3. In the Scope tab, select the Mac agents on which to deploy the uninstall script. Click the Add button alongside each target agent. Then click Done.

   4. Click Save when you have finished configuring the uninstall script for the policy.

   Deploying the Uninstall policy to the Mac Auto Updater

   After creating a policy with the uninstall script, the JAMF agent on the local computer deploys the policy next time it checks in with the JAMF server (by default every 15 minutes).

   You can monitor the progress of the uninstall policy, using the JAMF Dashboard. To check the uninstallation logs, click the Logs button for the selected policy.

   • For macOS Sierra and higher, it is recommended that you define a message prior to uninstallation to allow the user to clear the logger from the list of Trusted Applications.

   • It is also recommended that you defer the policy implementation (by selecting the Allow Deferral check box) so that the user has time to clear the Accessibility prior to execution of the uninstall script.

   You can do this in the User Interaction tab of the policy, as shown in the following example:

   

---