Create Upgrade package

New Contributor



I have a policy that deploys our VPN client (Global Protect), we need to upgrade the PKG version quiet often. What is the process? 

Can I create a new package and change the policy to that new package? Will Jamf detect this is an update and push it automatically?


Valued Contributor

Have you tested an in-place upgrade first, sans Jamf? Can you successfully run the new package installer and have it replace the older version and still have functionality? This is normal; but sometimes software manufacturers don't write great installer packages and us admins end up having to write a script to remove the old software before running the new installer.

If so, you have two options:

1) write a whole new policy and attach the new .pkg installer. Scope to machines/groups, as needed. Delete the old policy.

2) update your existing policy with the new .pkg installer. Save. In the policy logs, flush all. This will reset the policy for all scoped machines and it'll run on next inventory check-in (assuming that's the trigger you've set).

A third option it so see if this title is supported by Jamf Patch Management. If it is, you can use the logic structure there to apply the updated package to any machine that's out-of-date. This may be easier than creating a smart group to show you all machines with the out-of-date software and then using that smart group as your scope target. If the title is not supported, you can look at the Title Editor to add your own software titles (I've just started playing around with this).

New Contributor

Hi Damien,

I am coming from the Windows world, so I am used to MSI package with uninstall options, pkg are new to me.

I tried the PKG upgrade directly without Jamf, I get a GUI asking me to confirm if I want to upgrade and a tick box if I want the old version to be uninstalled, so I guess this will require some tweaking as using your option 1 or 2 wont probably automatically take care of removing the old version I think...

I will look at Jamf Patch Management, anyways thanks for the valuable information, much appreciated

Look to see if there are any "silent install" options for this package. If it's written properly, there'll be flags you can issue on the silent install command invoke those options you're being given during the GUI install.

Valued Contributor II

Global Protect and modern VPN are designed to be updated from the server side when they make the connection. I am sure that it's a best practice to force the updates when the VPN is connected..