Problem with updating Browsers

leonwun
Contributor

Hey guys,

I am currently updating our device's browsers with a simple policy that downloads the latest version into the application folder and overwrites it.

It asks the user before doing so with the built-in deferral of Jamf.

After installing the latest version, I am using the following Force Quit script to make sure the browser quits and uses the latest configuration afterward:

pid=$(ps axo pid,command | grep "Google Chrome" | awk '{print $1}')

echo "Pid is: "$pid

if [ "$pid" ]
    then
        echo "Chrome is Running"
        echo "Killing Chrome pid"
            kill $pid
        echo "Pid killed"
    else
        echo "Chrome not running"
    fi

This seems to work for most users without problems, but some users are experiencing one of the following issues:
- You can't open the browser anymore (needs to be reinstalled)
- Chrome Add-Ons do not work anymore / data from them is deleted

Do you guys know what I can improve or have any alternatives to this method?
All users are running on Mojave or Catalina.

3 REPLIES 3

georgecm12
Contributor III
Do you guys know what I can improve or have any alternatives to this method?

What about the built-in patch management feature in Jamf?

donmontalvo
Esteemed Contributor III

Might consider altering the script so instead of killing the app, it exits if the app is launched when the policy runs.

We usually add a BEFORE script to do check:

#!/bin/bash
#
# Exit if app is running; else proceed. 20200224 DM

APPLICATION="/Applications/OmniGraffle.app"
if [ -e "$APPLICATION" ]
then
    echo "$APPLICATION exists."
    PROCESS=$(ps aux | grep -v grep | grep -ci "OmniGraffle")
    if [[ "$PROCESS" == "0" ]]
    then
        echo "$APPLICATION is not running, proceeding with removal."
    else
        echo "$APPLICATION is running, exiting."
        exit 1
    fi
else
    echo "$APPLICATION does not exist, exiting."
    exit 1
fi

exit 0

Have a Smart Computer Group for targeting computers that need the update, and have the policy run daily. :)

This way user is not disruptive, and deployment saturation is not bonked by any failures.

--
https://donmontalvo.com

leonwun
Contributor

@donmontalvo thanks for your reply!

This would mean that the user needs to have APPLICATION closed so the policy installs the update for APPLICATION. Correct me if I'm wrong but that would mean that users who do not close e.g. Chrome for a week, will not get Chrome Updates for a week. This is something I want to prevent - that's why I'm quitting the apps via the posted script.