Mass Deployment to Install/Uninstall the Mac Auto Updater (JAMF)

This topic describes how to deploy Mac Auto Updater using JAMF, so you can remotely deploy Auto Updater to multiple endpoints.

When you finish setting up the Auto Updater, set up Endpoint Update Policies.

Use this topic as a guide for mass installation. Depending on the version of JAMF you are using, the images may change.

Prerequisites

Before you begin, you must download observeit-OSX-management-tools-<version>.tar.gz from Management Tools and upload the relevant Configuration file, as described in Mac Agent/Bundle and Auto Updater- Configuration Profile .)

  • You need observeit-autoUpdater-OSX-<version>.pkg. This file includes the ObserveIT package file observeit-autoUpdater-OSX-<version>.pkg.

  • Copy the observeit-autoUpdater-OSX-<version>.pkg package file to your desktop or another folder that is easily accessible.

  • Download the Shell Script for the Agent Realm (See Shell Script for Mac Agent and Auto Updater.)

when users open the configuration profile. If you want to make changes to the Configuration Profile, use the version that is not signed. After making changes you must sign the configuration profile before deploying it

For macOS 11 (Big Sur) and higher

  • IT Viewer macOS 11.signed.mobileconfig: Configuration Profile signed by Proofpoint

  • IT Viewer macOS 11.mobileconfig: Unsigned Configuration Profile, to be signed by customer

For macOS Ventura 13

  • Ventura Disable Login Items Notifications Sample Profile.mobileconfig: This is a sample configuration profile showing you how to disable all background task management notifications introduced in macOS Ventura (Login Items notifications). You can entirely disable all such notifications by creating a Configuration Profile based on this sample profile. This is a system-wide profile, so if you use it, notifications that were already triggered and that exist within the Notification Center will not display.

For macOS versions prior to macOS 11 (Big Sur):

  • IT Viewer macOS 10.x.signed.mobileconfig: Configuration Profile signed by Proofpoint

  • IT Viewer macOS 10.x.mobileconfig: Unsigned Configuration Profile, to be signed by customer

JAMF Limitations

If you're using JAMF:

  • You must use JAMF 10.25 or later with macOS 11 Big Sur.

    You must use JAMF 10.15.1 or later with macOS 10.15 Catalina.

  • You must use JAMF 10.7.1 or later with macOS 10.14 Mojave.

  • If the error message "Unable to decrypt encrypted profile" displays, upgrade to JAMF 10.9.x or later to resolve it.

Uploading the Package File to JAMF

  1. Upload the package you want to deploy.

  2. Open the JAMF Web console dashboard main screen.

  3. Click the Settings icon and select Computer Management from the All Settings menu.

  4. The Computer Management area displays.

  5. Click the Packages icon and the Packages page opens with the list of packages.

  6. Click the New button to add the observeit-sutoUpdater-OSX-<version>.pkg package file that you copied to your desktop (or other folder).

    The New Package page opens.

  7. Click the Choose File button to select the Filename of the package that will be uploaded to the JAMF server.

  8. Select the file and click Choose.

  9. In the Display Name field, you see the name of the package you selected.

  10. Click Save and the package is added.

Uploading Script to JAMF

Now you need to upload the relevant script for the Agent Realm. (See Shell Script.)

  1. Using a text editor, open the downloaded Shell script so you can modify the relevant parameters. These parameters will be applied when the install is run.

  2. From the main dashboard, click the Settings icon and select Computer Management from the All Settings menu.

  3. Click the Scripts icon and the Scripts page opens.

  4. Enter the Display Name.

  5. Click the New button to copy the Shell script file to the New Script page.

  6. Modify the relevant fields in the Shell script and click Save. For information on how to modify the fields, see Modifying the shell script.

  7. From the Options tab, set the Priority to Before so the script runs before the package.

  8. Click Save.

Creating a Policy

Create a policy for deploying to the relevant computers. The policy includes the package file and the script with the parameters you defined.

  1. From the JAMF Web console dashboard, click the Computer button and select Policies from the menu.

  2. The Policies page displays listing the currently defined policies.

  3. Click the New button to create a policy.

Defining the parameters of the new policy

  1. In the Options tab, under General:

  1. Specify a Display Name for the policy.

  1. Make sure that the Enabled check box is selected, so that you can run the policy.

  1. Under Trigger, select Recurring Check-in, or trigger for your organization so that the policy will be applied to all the relevant computers at the next time slot (usually every 15 minutes if the JAMF server is up).

  1. Select the frequency at which to run the policy.

Adding and configuring the package in the policy

  1. From the Policies > Options tab, click Packages. Options>General.

  1. Select Configure, and then from the list of packages, click the Add button alongside the package you want to deploy in the policy.

  2. In the Options tab, under Packages, select the Install action from the drop-down list.

  1. In the Scope tab, in the Selected Deployment Targets area , select the computers on which to deploy the package. Click the Add button alongside each target agent. Then click Done.

    The Mac agents listed as available deployment targets must have the JAMF agent installed.

    If you want to run the package yourself, under the Self Service tab, enable Make the policy available in the Self Service check box.

  1. Click Save when you have finished configuring the package for the policy.

Adding and Configuring the Script in the Policy

  1. From the Policies > Options tab, click Scripts.

  1. Select Configure, and then from the list of scripts, click the Add button alongside the script you want to add to the policy.

  2. In the Options tab, under Scripts, make sure the priority for running the script is set to Before.

  1. In the Scope tab, select the computers on which to deploy the script. Click the Add button alongside each target. Then click Done.

  1. Click Save when you have finished configuring the Script for the policy.

Deploying the Policy

After creating a policy with the package and script, the JAMF agent on the local computer will deploy the policy next time it checks in with the JAMF server (by default every 15 minutes).

You can monitor the progress of the deployment in the JSS Dashboard.

  1. To check the installation logs, click the Logs button for the selected policy. For example:

    The status of the policy deployment will be displayed for each agent.

  2. To investigate a specific agent’s installation log, click the Show toggle alongside it.

    The details of the installation process are displayed. For example:

    Note the following:

  3. Clicking the Hide toggle closes the installation log details.

  4. Clicking the Flush button will trigger a new deployment of the policy.

  5. In the event of deployment failure, clicking the Flush All Errors button triggers a new deployment on any agents which had errors on deployment.

  6. Clicking Flush All triggers a new deployment on all the agents regardless of installation success or failure.

    Uninstall the Mac Agent for Mass Deployment (JAMF)

    You can remotely uninstall multiple agents to multiple Mac OS endpoints via JAMF.

    Creating the Uninstall Script

    1. From the folder in the .pkg file, open the PreUninstall script example located in observeit-autoupdater-OSX-x.x.x.x.dmg\remote\ and copy its contents.

    2. Open the JAMF Web Console dashboard main screen.

    3. Click the Settings icon and select Computer Management from the All Settings menu.

    4. Under Computer Management, click the Scripts icon .

    5. Under Scripts, click New button to add the PreUninstall script to the JAMF Web Console.

    6. Paste the copied PreUninstall script to the Script Contents. You can add a password in the PASSWORD parameter if you want.

    7. Save the script.

    Creating the uninstall policy

    1. In the JAMF Web Console dashboard, click the Computers button and select Policies.

    2. Click the New button to create a policy.

    3. In the Options tab, under General:

      1. Specify a Display Name for the policy.

      2. Select the Enabled check box so that you can run the policy.

      3. Under Trigger, select Recurring Check-in, so that the policy will be applied to all the relevant computers.

    Adding and configuring the script in the policy

    1. From the Policies > Options tab, click Scripts.

    2. Select Configure, and then from the list of scripts, click the Add button alongside the uninstall script you created.

    3. In the Scope tab, select the Mac agents on which to deploy the uninstall script. Click the Add button alongside each target agent. Then click Done.

    4. Click Save when you have finished configuring the uninstall script for the policy.

    Deploying the uninstall policy to the Mac Agents

    After creating a policy with the uninstall script, the JAMF agent on the local computer deploys the policy next time it checks in with the JAMF server (by default every 15 minutes).

    You can monitor the progress of the uninstall policy, using the JAMF Dashboard. To check the uninstallation logs, click the Logs button for the selected policy.

    • For macOS Sierra and higher, it is recommended that you define a message prior to uninstallation to allow the user to clear the logger from the list of Trusted Applications.

    • It is also recommended that you defer the policy implementation (by selecting the Allow Deferral check box) so that the user has time to clear the Accessibility prior to execution of the uninstall script.

    You can do this in the User Interaction tab of the policy, as shown in the following example:

Related Topic:

Mac Auto Updater Installation