Jamf Nation Community

was using Casper/Munki

now testing and will be implementing Puppet/Brew_Cask(mac)/Chocolatey(win-boot camp machines)

in the next few weeks

This is kind of an age old question, and one that is guaranteed to generate a dozen or more answers, all of which can be "right" depending on your situation and needs.

One thing I'll say is that it may not be considered "best practice" to simply target all Macs with a software install policy. Using Smart Groups to target only the Macs that need said update is usually considered the more sane practice. I'm not saying that simply blasting it out to all Macs won't work, but you may be installing the update unnecessarily on a number of your Macs. Especially considering that some of the software you mentioned has some auto update functions already built in. We've found that many of our Macs don't need a new Flash Player update once a new one comes out because of its built in auto update function. Same is true for Java.
Firefox and Chrome also will auto update under certain circumstances. Just something to keep in mind.

Thanks all, just seems like such a Basic Feature of Casper that they'd provide some best practices / guidelines or atleast suggest some different ways of approaching it and the Pro's / Con's.

Thanks mm2270, all depends on the environment...

There are so many ways to acheive what your after using casper, that it really depends on your own unique situation. This will determine the method you use.
Smart groups are great. Have a look at using extension attributes to get specific version information for the apps or plugs you wish to update
you can then scope based on smart groups using those extension attributes. Also look at AutoPKG and Munki, this might serve you better for larger deployments. but it sounds like your only after basic updates so this might be over kill.

Having your managed clients update their own software from the Internet is not possible in every situation, even if certain software allows/enables it. There are bandwidth or security reasons, at least, why one would not want each client obtaining its own updates on its own schedule (and without enforcement) from remote vendor sites.

From the limited amount I know of Casper, I personally don’t see the obvious way to install the kind of updates from the OP. That said, I’m more familiar with Munki — and I have also reviewed other systems in the past that were completely unable to even compare version numbers as anything other than strings (so forget trying to install a newer version of something in that case).

It seems that this is one of the most basic tasks for any management system: the initial installation of and provisioning for maintenance updates to software. I’m not really convinced this varies by environment. Therefore, I would hope Casper — and any management tool — would have a ready answer to this common condition. That should take into account that each version should only be installed once but that version should be installed if it is not present.

Current problems are all the ones that it failed on I have to re-target somehow.

Go through your policy logs, address the issues that caused failures, then purge policy log history for the ones that failed. The policy will run again, since it's set to once-per-computer.

@jaharmi][/url wrote:

Having your managed clients update their own software from the Internet is not possible in every situation, even if certain software allows/enables it. There are bandwidth or security reasons, at least, why one would not want each client obtaining its own updates on its own schedule (and without enforcement) from remote vendor sites. From the limited amount I know of Casper, I personally don’t see the obvious way to install the kind of updates from the OP. That said, I’m more familiar with Munki — and I have also reviewed other systems in the past that were completely unable to even compare version numbers as anything other than strings (so forget trying to install a newer version of something in that case). It seems that this is one of the most basic tasks for any management system: the initial installation of and provisioning for maintenance updates to software. I’m not really convinced this varies by environment. Therefore, I would hope Casper — and any management tool — would have a ready answer to this common condition. That should take into account that each version should only be installed once but that version should be installed if it is not present.

I believe @rtrouton][/url provided @gneagle with an answer on how to patch manage by version on ##osx-server a while back:

http://osx.michaellynn.org/freenode-osx-server/freenode-osx-server_2013-11-27.html