Help

Non admin App Updates

MaxxShearey
New Contributor

yesterday

Hey Everyone,

In my organization we are looking for a way to allow users to update some specialty apps without having admin access. There are specific apps such as Kemper, Ableton 11 Standard, Slate Connect, Autotune central, native access, etc.. that only 2-3 users out of about 100 need to update. However when the apps need updates they need to be done ASAP because of how the apps interact with each other. We have uses Make me an admin as a temporary solution but want to move away from that for security reasons. 

I know that some of the apps are built in to jamfs patch manager section but for the others what can I do to allow the user to update them without giving him full admin access?

Thanks in advance

0 Kudos
Reply
6 REPLIES 6

sdagley
Esteemed Contributor II

yesterday - last edited yesterday

@MaxxShearey If allowing your users temporary admin rights isn't acceptable then you'll need to create deployment packages for those apps that aren't deployable via Jamf's App Catalog. You might also want to check out Installomator which provides a scriptable mechanism to deploy a large number of apps: https://github.com/Installomator/Installomator

Reply

AJPinto
Esteemed Contributor

yesterday

There is no straight forward way to do this without giving the users admin access. Temp admin access is still admin access, and if the user controlls the trigger as to when they get admin access you have no control over their admin access just be aware of that.

  • Jamf can do it if you package the software and deploy it with self service, but that may put you on a time crunch.
  • You can look in to a EPM tool and write policies in that to auto escalate specific functions which is what we do.
0 Kudos
Reply

Samstar777
Contributor II

yesterday

@MaxxShearey I am align with both the above pointers, I believe for the apps which are not available in Jamf Patch management, You will need to package those app and deploy it on target devices.

Hope this helps

- Sam

0 Kudos
Reply

Shyamsundar
Contributor III

yesterday

Try to deploy the app in the Application folder available in the user Home folder, So in such a way, that the user doesn't need Admin rights to update the App. it will work only on the application if it is xxx.app file. it won't work if your application has to store some files in other folders mostly if its a package. 

0 Kudos
Reply

agungsujiwo
Contributor

yesterday

Hi @MaxxShearey 

One option to consider is packaging the .app into a .pkg and adding it to the Self Service list.
This way, users can update the app simply by pressing Install/Update, without requiring admin credentials.
Attached 
Screenshot 2025-01-23 at 11.34.47.png


0 Kudos
Reply

mattjerome
Contributor

an hour ago

also check out app auto patch which is a fork of installomator.

0 Kudos
Reply