Adobe Rremot update manager RUM deployment on all Mac system enrolled in jamf

sk8559
New Contributor III

I have been looking in multiple threads and didn't find how to deploy adobe remote update manager from scratch. In our environment, we have multiple adobe apps with different versions, so we need to update them all automatically using RUM. Currently, there are many mac's devices that don't have RUM installed on them. So we need to install the RUM and need to update the adobe apps. Please help

10 REPLIES 10

dan-snelson
Valued Contributor II

@sk8559

For starters, see Adobe's Use Adobe Remote Update Manager.

Next, we're using the following Extension Attribute to determine which version is installed:

#!/bin/sh
#######################################################################################
# A script to collect the version of Adobe Remote Update Manager currently installed. #
# If Adobe Remote Update Manager is not installed, "Not Installed" will return back   #
#######################################################################################
RESULT="Not Installed"


if [ -f "/usr/local/bin/RemoteUpdateManager" ] ; then
    RESULT=$( /usr/local/bin/RemoteUpdateManager --help 2>&1 | /usr/bin/awk ' NR==1{ print $5 } ' )
fi

echo "<result>$RESULT</result>"

In the Adobe Admin Console, navigate to Packages > Tools > Remote Update Manager > Download for Mac. Then use your preferred package-building tool to deploy.

We're using a customized version of @jmahlman's Adobe-RUMWithProgress-jamfhelper in a Self Service policy.

(And I just stumbled on @Adminham's post Adobe Remote Update Manager HUD notification which looks sweet.)

sk8559
New Contributor III

@dan-snelson Thank you for response. I am sorry for silly question may be. I am new for RUM deployment. Do we need to have enterprise account to download package from here -> Packages > Tools > Remote Update Manager > Download for Mac?.
Please share any script you are aware which can push the package silently on mac without user instruction so that I can use that for RUM. Thanks again for help. Yeah I have gone through @jmahlman's script as well as @Adminham's. So far I just need help in to download the latest rum tool file/package and script to push silently/forcefully on mac systems.

Adminham
New Contributor III

@sk8559 For RUM to work, you need to have enabled it in the CC deployment package - which ensures the tool is included. If it's missing, you'll likely have to create a 'lightweight' package with just the RUM update option specified. But you may have mixed results if you have multiple Adobe installs from different sources, as I'm not sure if the tool alone is enough, there may be config files included at time of deployment that enable/disable scanning for RUM updates.
Out of curiosity, what tools are you using to package?
Try this: https://deploymenttools.acp.adobeoobe.com/RUM/RemoteUpdateManager.dmg

sk8559
New Contributor III

@Adminham Thank you for response. We are not packaging any adobe app and publishing to user using jamf. Users purchase licence by there own and install the all the different type/version of adobe apps from adobe product list. I just ran the script to identify the version of RUM and the result was none of the users has RUM installed, So I thought lets's deploy just RUM and update supported apps by RUM. I found the RUM dmg file - https://www.adobe.com/devnet/creativesuite/enterprisedeployment.html from here. We are using Jamf Composer. Please share your thought does it worth to deploy the RUM on on all the client being CC not pakcged and deolyed from jamf. The only and only reason for RUM is to update all the adobe app's installed from different sources.
Adding @tfriedm @mscottblake @donmontalvo

tfriedm
New Contributor III

I think this link should answer your question: https://helpx.adobe.com/enterprise/using/applications.html. If you go down to Manage updates remotely, you'll see that RUM only works on Managed Packages. Users that are downloading the apps directly are not supported by RUM.

sk8559
New Contributor III

@tfriedm yeah you are right i think RUM will not help in m case, Guys any idea/help will be really appreciated, in my case how I can keep all adobe apps update without RUM ?

Adminham
New Contributor III

If your users are purchasing subscription based Named User Licenses, one thing that might work going forward is offering Creative Cloud Desktop as a start point for users to install: Adobe CC Desktop Installer Sign in & install the apps they have purchased/have access to through that... Not sure if a). that would work with the licensing method or b). have RUM enabled.

My Adobe update experience without RUM is fragmented & painful.. But others may have some good suggestions.

tlarkin
Honored Contributor

I found this in general to be a lot of engineering effort, with some risks, and low ROI. So, instead I use rum to detect if any updates are present, then prompt the user to open up CC Desktop and update themselves. AutoPKG is a huge pain with Adobe, RUM is a huge pain with Adobe, but users clicking CC Desktop seems to be somewhat efficient. You could also package them by hand.

I strongly suggest you open up ticket with Adobe and let them know your feedback. If enough people complain they might change.

SlidewaysF30
New Contributor III

@tlarkin Would you mind expanding a little on the risks you have noticed using RUM? I am looking to implement this as we have users who have CC apps but never launch them so they never get updated. Our leadership doesn't want to revoke licensing so we're stuck with vulnerabilities on these machines. I have used RUM on my own machine and it seems to work great by simply calling the binary.

I do have some concerns though, particularly with users who may be using an application at the time RUM runs and what the expected behavior is in that scenario. Going to try to test this on my end, but was hoping someone may have some experience with this and could provide some info about whether it skips updating an app that is open, does it prompt the user to close the app or does it just force close and update?

tlarkin
Honored Contributor

@SlidewaysF30 basically running auto updates via script as root means that any attacker could pretend to be an adobe update or MITM your code. I try to reduce scripts that run as root to install software where I can. Sometimes it cannot be avoided, but trying to reduce those risks is a good security practice. If there were a compromise with Adobe, you have now automated that with root, and Adobe doesn't have the best experience when it comes to security