Once per computer question (new package)

PE
Contributor

Hi all, i have a small package (.pkg)that installs FortNAC persistent Agent, the trigger is "Once per computer" this works perfect.

 

Now there is an update for this package (.pkg) what is the best way to update this package?

So remove the old package and add the new package to the Policy but how do I reset that this policy run again?

or turn off this policy (and later remove) an make a complete new policy with the new package?

 

thanks

10 REPLIES 10

jamf-42
Valued Contributor II

flush policy on a few test devices.. then flush all.

Thanks @jamf-42 for reply - flush policy on a few test devices I can find this but is there an option for only flushing this action or do I need to flush all information?

jamf-42
Valued Contributor II

you can flush a device in the device policy history or in the policy log and also flush all there.

If your not 100% sure.. as @obi-k said.. clone / update pkg / scope..  there are 1001 ways to do stuff in JAMF 😎

 

obi-k
Valued Contributor III

I would clone a new policy. 

Call your old policy - FortNAC persistent Agent 1.0. Turn this policy off. Save. Clone it.

Call your new cloned policy - FortNAC persistent Agent 2.0. Push to all or your specific Smart Groups.

This would help with logs and backtracking, if you needed to.

scottb
Honored Contributor

I agree.  One reason being maybe the new rev has issues, and if you need to go back, you can quickly enable the old rev and disable the new one.
All you need to do with the original question is to flush all in the logs.

It will run again...

PE
Contributor

@obi-k thanks for reply I was also thinking about that solution.

obi-k
Valued Contributor III

Forgot: Don't forget to change the package to the new one on your cloned policy.

PE
Contributor

Yes I will do that - uploaded the new package to Jamf  and also added the version number to the name.

sdagley
Esteemed Contributor II

@PE My personal approach when dealing with any Security related tool that is supposed to be on all Macs is to have a Smart Group that contains all Macs that have the version currently being deployed or newer (for some tools this requires creating an Extension Attribute). You don't want to use a check for only the specific version being deployed as some tools will automatically update themselves. My deployment policy for the tool is scoped to all managed Macs that have completed enrollment, excluding Macs in the Smart Group for current version or newer is installed, triggered by recurring check-in, and execution frequency of ongoing. This way if the tool is somehow uninstalled it will automatically re-install after the next inventory that doesn't list it.

PE
Contributor

Thanks all