Posted on 04-06-2020 05:25 AM
Hey guys,
I am currently updating our device's browsers with a simple policy that downloads the latest version into the application folder and overwrites it.
It asks the user before doing so with the built-in deferral of Jamf.
After installing the latest version, I am using the following Force Quit script to make sure the browser quits and uses the latest configuration afterward:
pid=$(ps axo pid,command | grep "Google Chrome" | awk '{print $1}')
echo "Pid is: "$pid
if [ "$pid" ]
then
echo "Chrome is Running"
echo "Killing Chrome pid"
kill $pid
echo "Pid killed"
else
echo "Chrome not running"
fi
This seems to work for most users without problems, but some users are experiencing one of the following issues:
- You can't open the browser anymore (needs to be reinstalled)
- Chrome Add-Ons do not work anymore / data from them is deleted
Do you guys know what I can improve or have any alternatives to this method?
All users are running on Mojave or Catalina.
Posted on 04-06-2020 06:22 AM
Do you guys know what I can improve or have any alternatives to this method?
What about the built-in patch management feature in Jamf?
Posted on 04-06-2020 06:52 AM
Might consider altering the script so instead of killing the app, it exits if the app is launched when the policy runs.
We usually add a BEFORE script to do check:
#!/bin/bash
#
# Exit if app is running; else proceed. 20200224 DM
APPLICATION="/Applications/OmniGraffle.app"
if [ -e "$APPLICATION" ]
then
echo "$APPLICATION exists."
PROCESS=$(ps aux | grep -v grep | grep -ci "OmniGraffle")
if [[ "$PROCESS" == "0" ]]
then
echo "$APPLICATION is not running, proceeding with removal."
else
echo "$APPLICATION is running, exiting."
exit 1
fi
else
echo "$APPLICATION does not exist, exiting."
exit 1
fi
exit 0
Have a Smart Computer Group for targeting computers that need the update, and have the policy run daily. :)
This way user is not disruptive, and deployment saturation is not bonked by any failures.
Posted on 04-23-2020 05:16 AM
@donmontalvo thanks for your reply!
This would mean that the user needs to have APPLICATION closed so the policy installs the update for APPLICATION. Correct me if I'm wrong but that would mean that users who do not close e.g. Chrome for a week, will not get Chrome Updates for a week. This is something I want to prevent - that's why I'm quitting the apps via the posted script.