- Jamf Nation Community
- Products
- Jamf Pro
- Re: Patch Management for Safari Monterey/Ventura ?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-21-2023 02:09 AM
How can I create a Patch Management Rule to distribute Safari for macOS Monterey and for macOS Ventura Clients?
The Patch Management Policy does not offer an option for both systems.
I created one for the Ventura Clients which is scoped to a Smart Group, but how can I setup a second one for the Monterey Clients?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-21-2023 11:13 AM
You can use patch management to deploy the Safari package. However due to JAMFs limitations with Patch Management its easier said then done to target both Monterey and Ventura with the same Patch Management Policy.
Things you will need:
- Use JAMF composer to package both Safari packages and place them in the /private/tmp/ directory or another preferred directory
- Post install script will trigger the correct package to install.
- Something like the script below should work, though it will need a function to exclude macOS 14.
#!/bin/sh
## postinstall
OS_Version=$(sw_vers | grep -o "13")
if [[ -n "$OS_Version" ]]; then
echo "Installing Ventura Package"
installer -pkg "/private/tmp/Safari_Ventura.pkg" -target /
echo "done installing Ventura package"
else
echo "Installing Monterey package"
installer -pkg "/private/tmp/Safari_Monterey.pkg" -target /
echo "done installing Monterey package"
fi
sudo rm -rf "/private/tmp/"
exit 0; ## Success
exit 1; ## Failure
Reply
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-21-2023 11:13 AM
You can use patch management to deploy the Safari package. However due to JAMFs limitations with Patch Management its easier said then done to target both Monterey and Ventura with the same Patch Management Policy.
Things you will need:
- Use JAMF composer to package both Safari packages and place them in the /private/tmp/ directory or another preferred directory
- Post install script will trigger the correct package to install.
- Something like the script below should work, though it will need a function to exclude macOS 14.
#!/bin/sh
## postinstall
OS_Version=$(sw_vers | grep -o "13")
if [[ -n "$OS_Version" ]]; then
echo "Installing Ventura Package"
installer -pkg "/private/tmp/Safari_Ventura.pkg" -target /
echo "done installing Ventura package"
else
echo "Installing Monterey package"
installer -pkg "/private/tmp/Safari_Monterey.pkg" -target /
echo "done installing Monterey package"
fi
sudo rm -rf "/private/tmp/"
exit 0; ## Success
exit 1; ## Failure
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-27-2023 12:42 AM
Thank you for the workflow and script!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-22-2023 08:57 AM
Curious why you don't let the native software updater pull down/ install safari?
I find your lack of faith disturbing
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-27-2023 12:47 AM
Because it works not reliable on our Clients. The Safari Updates show up in the inventory list of the Clients but the Client is not able to install it. Patch Management is the most reliable way to fix this.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-27-2023 06:10 AM
Sooo using the MDM command to force install updates (with deferment if you wanted) doesn't work? That sounds a bit incorrect. MDM commands are the most reliable method for this. Using some third party script is second rate to the MDM commands from my experience. I've done both.
I find your lack of faith disturbing
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-27-2023 06:30 AM
In my experience I have found that MDM Commands to install OS updates have about a 70% success rate. Most failures are caused by something on the network or something preventing a reboot. The issue is really how miserable Apple is at reporting what is going on with OS updates unless you can access the install.log. Many people feel more comfortable deploying packages and scripts as the logging is much better.
Apple is starting to get with the program and JAMF has a fairly rudimentary ability to report on what is going on with OS updates, but it still has a long way to go and even longer to change admin behavior and earn trust.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-27-2023 07:13 AM
In a well oiled environment, MDM is the answer. The logging (non declarative) isn't terrible. I came from a higherED environment where what you said is correct. The environment was rusty (at best) and needed some intervention. I wrote my own Nudge that didn't require all of those moving pieces and had about an 85% success rate which was acceptable. My current employer has an environment that's well oiled, so MDM is the answer. Unfortunately, I wish mobile OS updates were more streamlined like caching the OS and applying during a maintenance window (hospital environment - so it needs to be scheduled and not wild-west).
I find your lack of faith disturbing
