Jamf Nation Community

@jhuls We use a Mac Mini server for our update server. I'm not sure of any other options to use for that since we've always used macs.

EDIT:
@JustDeWon suggested AutoPKG and we use AutoPKGr found here
which allows us to auto-update software. We have it so it goes out and downloads the most recent app software, creates a new policy for the software and deploys it automatically.

Thanks! I'm actually using Autopkgr already manually on my personal machine and then using Hazel to notify me and then pull out the latest updates to place in an easy location for me to upload into Casper Admin. There's a little automation there but I need to look into seeing how things would operate if Autopkg and Casper were tied together to get much more automated.

@Chuey Can you tell me a little about your server? How many clients touch it to update? Hardware, etc?

@jhuls I would definatley look into AutoPKGr. We have the process almost entirely automated. We just click a button, download the latest apps PKG, it builds the casper policy and pushes out the updated software.

As far as our server it's just a Mac Mini running OS X Server (El Capitan) with solid state and 4GB of RAM. Honestly, I'm not sure how many clients are hitting it daily, I don't manage that server but since implementation it has helped out a lot when major updates are released like iOS.

@jhuls you could look at getting Reposado running on Windows. It's possible but may take a little work:

Reposado

Reposado on Windows

You could create a policy for this and use the Apple update servers for the Apple side of things.
Before we setup a Mac server as the update site this is how we did it -

Policy set to run late at night on a Sunday, recurring checkin once every week, targeted to a group that contained all our Macs. Then just set the 'Software Updates' server to be 'Apple's Software Update Server'
That worked well for us.

Later we added a script (found on here) that check to see if the latest Flash version is installed and if not it installs it.

#!/bin/sh
# Script to download and install Flash Player.
# Only works on Intel systems.
# 

dmgfile="flash.dmg"
osxversion=`sw_vers | grep 'ProductVersion:' | grep -o '[0-9]*.[0-9]*' | awk 'NR < 2'`

echo "Updating Flash player..."
echo "OSX Version: ${osxversion}"
# Get the latest version of Flash Player available from Adobe's About Flash page.
latestver=`/usr/bin/curl -s http://www.adobe.com/software/flash/about/ | sed -n '/Safari/,/</tr/s/[^>]*>([0-9].*)<.*/1/p'`
# Get the version number of the currently-installed Flash Player, if any.
if [ -e "/Library/Internet Plug-Ins/Flash Player.plugin" ]; then
    currentinstalledver=`/usr/bin/defaults read /Library/Internet Plug-Ins/Flash Player.plugin/Contents/version CFBundleShortVersionString`
else
    currentinstalledver="none"
fi
# Compare the two versions, if they are different or Flash is not present then download and install the new version.
if [ "${currentinstalledver}" != "${latestver}" ]; then
    echo "Current Flash version: ${currentinstalledver}" 
    echo "Available Flash version: ${latestver}" 
    echo "Downloading newer version." 
    url="https://fpdownload.macromedia.com/get/flashplayer/pdc/$latestver/install_flash_player_osx.dmg"
    echo "URL: $url"
    /usr/bin/curl -s -o `/usr/bin/dirname $0`/flash.dmg $url
    echo "Mounting installer disk image." 
    mountpoint="$(dirname $0)/FlashInstall"
    /usr/bin/hdiutil attach `dirname $0`/flash.dmg -nobrowse -quiet -mountpoint $mountpoint
    echo "Installing..." 
    installer -pkg $mountpoint/Install Adobe Flash Player.app/Contents/Resources/Adobe Flash Player.pkg -target /
    echo "Unmounting installer disk image." 
    /usr/bin/hdiutil detach $mountpoint -quiet
    echo "Deleting disk image." 
    /bin/rm `/usr/bin/dirname $0`/${dmgfile}
    newlyinstalledver=`/usr/bin/defaults read /Library/Internet Plug-Ins/Flash Player.plugin/Contents/version CFBundleShortVersionString`
    if [ "${latestver}" == "${newlyinstalledver}" ]; then
        echo "SUCCESS: Flash has been updated to version ${newlyinstalledver}" 
    else
        echo "ERROR: Flash update unsuccessful, version remains at ${currentinstalledver}." 
    fi
# If Flash is up to date already, just log it and exit.
else
    echo "Flash is already up to date, running ${currentinstalledver}." 
fi

Firefox and Chrome we've packaged with the setting to 'self update' enabled - the ESR version of FireFox we've found is best

If you are running Adobe CC 2015 there is a command you can execute to run the updater "RemoteUpdateManager" - We added this to our 'update policy' also

Other apps we just package up the update, test and push it out and other time we just repackage the whole application again - very application dependant to be honest.

Hope that is of some help :)

@stevewood Thanks! I'll certainly take a look at it. I don't manage the servers and the staff is Windows centric(surprise, surprise). Going with an Apple box is a last resort for them and that's being generous.

@Crawford The script is an interesting idea. I work at a community college so ESR doesn't fly real well here for standardizing on but I'll keep that in mind. Also in the labs and possibly soon for the staff and faculty we don't give them admin access. I don't believe the firefox and chrome update mechanisms work if the user isn't an admin...please correct me if I'm wrong on this.

As far as CC I certainly need to look into the RemoteUpdateManager again. I looked at it quite some time ago and if I remember right, it was very crude and didn't have any reporting mechanism. Hoping that's not the case now. Dealing with CC might be a challenging one because the Faculty wants the security and bug fixes but don't want UI or functional changes during the semester.

Thanks for the info!

Currently we're running all plugin updates via script at weekly/month triggers. This automation allows us to concentrate on other tasks. Updates like Office 2016 still need to be thoroughly vetted because of bugs. Apple updates are run from Self Service script or at monthly logouts via script.

Most other things are updated as needed, which isn't too often. So we are now in reactive mode hunting problems down with a massive EA collection and smart groups.

Most of our computers are in a classroom environment so I wake them in the night using pmset schedules, they restart and then check in for OS X updates.
Third party apps is kind of a custom built arrangement of scripting and packages to get it done, but basically each monitored product is manually put into Casper and the available version is updated in the scripts (it's the same scipt with different parameters for each product), the machines then have 14 days to attempt to get this after hours, after which point it is forced on next startup or logout.

@jhuls Quite right the logged in user does need admin right. In that case you can use this for Firefox - https://jamfnation.jamfsoftware.com/viewProductFile.html?fid=764

Copy the script into your JSS and either use Casper Remote to run it or schedule it using a policy. As it is being run with privileges via Casper it will update/install Firefox to environments where the users do not have local admin rights.

Same thing can be achieved with Chrome - https://jamfnation.jamfsoftware.com/viewProductFile.html?fid=770

Many thanks to @joe.farage for the scripts :) check out his page with some other useful update scripts.