Recommended method(s) for software updates?

Contributor III

I'm curious how everyone is doing their software updates for the following types of software...

Mac operating system
Mac App Store software
Other software(Adobe software, Firefox, Google Chrome, Office, etc)

The end user experience is what I'm mostly focused on...some sort of consistency for our users would be nice which would include only 1 reboot no matter how many pieces of software that needs updating at one time and needs rebooting.

In our Windows environment the team is implementing SCCM where they say they can prompt the user and provide a means for the user to defer updates if needed. I don't know how well it works for them beyond sounding like a bullet point feature but I looked at the deferral feature in Casper(9.96) and while I haven't tested it much yet, it seems like I'm going to find it pretty lacking.

I've done some searching through jamfnation and have seen some talk of patchoo as well as other scripts. Some have mentioned munki. In looking through all of this would I be correct in saying there isn't one magic solution to handle all of it? Of the available solutions what seems to work best. Some have been around awhile...are they still compatible?

As far as pulling updates I've not dug deep into autopkg but for now I have autopkgr running on my own system pulling down updates where I use Hazel to notify me when those updates are available.

Lastly, do you find that you need to push out updates on Logout with the idea that the software being updated has been quit? I've heard Adobe software can be particular about that and I've noticed that for my personal Mac App Store software that it prompts asking about quitting the software(if running) before updating.

Any recommendations?


Valued Contributor

1st, what is your timeline for implementation? Patch management is being overhauled in JAMF Pro (aka v. 10), so you're going to have more options within a few months.

Re: most of your other question, it largely depends on the app. Things like Flash, Chrome, etc. are generally well sandboxed, and I can simply push those updates out and not really expect any conflicts. I use AutoPKG with the .jss recipes to automatically dump them into our "Test" policies, then just update the packages in our "Production" policies on a weekly basis.

As for Apple/OS updates, at this point, I coordinate those with a reboot regardless. We'll set up a deferral with a hard deadline. Not perfect, but better than nothing.

Contributor III

Thanks Taylor.Armstrong.

I've read a little about the overhauling in Jamf Pro 10. I can't wait for that though...anytime I hear first half of a year when something is due to be out it typically translates into late May or June. The method I use now isn't feasible until then. It's fine for an update here and there but as I try to get things better caught up I need something that is better suited for as many updates as possible. Our CIO wants the users to get some sort of notification. Up until now that meant email went out and there was a business process behind that happening each and every time.

It almost seems like something as simple as caching the software deployed by Casper would work for my Other category I mentioned above anyways and then having a script that parsed the filenames and displayed to the users which updates would be getting installed would work. Maybe that's what some others are already doing...I don't know as I'm just getting started digging into it.