Google Chrome updates best practices

ragnar21
New Contributor

Who uses the Google admin console? Is it free to education (community College)? We have about 500 Mac devices (iOS and Mac OS). Contacting Google support about licensing has been useless. Googles website says it's free, but since we're a large government entity, licensing agreements change and I want to make sure we're not violating in laws.

Right now I have a Google chrome plist config profile hitting Macs at enrollment. According to the logs, we have a 100% success rate for the config profile installation at enrollment, but only 55% are updating.

I was curious if the Google admin console was a better option, and if anyone on here experienced issues using it?

I've left test devices online for weeks connected via ethernet and Chrome will not update, even though I have automatic updates turned on in the config profile.

Any tips, ideas?

5 REPLIES 5

sdagley
Esteemed Contributor II

@ragnar21 Have you checked to see how many of the Macs that haven't updated have the Chrome app open? The automatic updates don't trigger while the app is running, but happen when the app is relaunched (users normally see an indication that an update is available in the upper-right corner of Chrome's window(s)).

jamf-42
Valued Contributor

depending on what you require and despite the pretty ropey docs from google.. auto update is  achievable with a home crafted plist.

The: External applications / JAMF / Google Chrome did not work correctly (and the plist generated is not correctly formatted).

 

Note this includes a rollback and also uses the extended channel. You may want to change this for your environment. and you'll want to read up on update suppressed and relaunch notification. 

Docs here ( I'd advise a strong drink after) https://support.google.com/chrome/a/answer/7591084?hl=en

Managing via Google Admin is possible, but there are 1001 options.. and this keeps in it JAMF and is simpler(ish)

----

Application & Custom Setting - Upload 

plist: com.google.keystone

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>updatePolicies</key>
        <dict>
          <key>global</key>
<dict>
  <key>UpdatesSuppressedStartHour</key>
  <integer>16</integer>
  <key>UpdatesSuppressedStartMin</key>
  <integer>30</integer>
  <key>UpdatesSuppressedDurationMin</key>
  <integer>960</integer>
  </dict>
          <dict>
            <key>UpdateDefault</key>
            <integer>0</integer>
          </dict>
          <key>com.google.Chrome</key>
          <dict>
          <key>TargetVersionPrefix</key>
         <string>102.0.5005.167</string>
        <key>RollbackToTargetVersion</key>
        <true/>
         <key>TargetChannel</key>
        <string>extended</string>
          </dict>
        </dict>
<key>RelaunchNotification</key>
   <integer>2</integer>
<key>RelaunchNotificationPeriod</key>
   <integer>86400000</integer>
<key>RelaunchWindow</key>
<dict>
<key>entries</key>
<array>
<dict>
<key>start</key>
<dict>
<key>hour</key>
    <integer>12</integer>
<key>minute</key>
    <integer>30</integer>
</dict>
<key>duration_mins</key>
    <integer>240</integer></dict>
</array>
</dict>
   </dict>
</plist>

 

honestpuck
Contributor

Google Chrome is in the Jamf App Catalog so install it via policy and have the Mac App for Google Chrome scoped to everyone with it installed. Then they will get nagged to quit and allow the update to be installed.

Or you could use patch management. There are a couple of system out now for managing patch management easily, Graham Pugh's Jamf Uploader can handle it and my PatchBot will also do it. 

mhasman
Valued Contributor

I'm still doing that old way for fun, and it takes only 10 min of my time: download latest image from Google; upload image to JSS; install to my Mac; run recon; collect version #; update start group; update push policy with new package and flash it. 
For sure, when we finally move to Jamf Cloud, we switch to patch management automation 

dlondon
Valued Contributor

Sounds ok but you don't need to run recon - the version number is right there if your look in finder at the App in /Applications