Smart Group auto install when joining

s_oconnor
New Contributor III

Hey All,

New to Casper and not sure if this is possible.

We allow our users to update their OSx when the have time. As it currently stands I created a Smart Group called "Sierra Computers" that looks for any computers with software version "10.12" when they have this version, they show up in the Smart Group.

Here is the issue, with the new OSx comes the issue that our VPN and AV does not work (properly). I have a new package with scripts for each that needs to be installed once they download Sierra.

Question: Is it possible to define it, so once they join the Smart Group the VPN and AV kick off the uninstall of the old and install of the new?39d1856e3f514af2a8afa159b08e544b

If this is not possible, is there another way you would suggest?

1 REPLY 1

mm2270
Legendary Contributor III

Yes, that's the primary use of Smart Groups actually. To automate installs and uninstalls. All you should need to do is set up individual policies for each function, (uninstall/reinstall VPN, and uninstall/reinstall AV) then use the Smart Group "Sierra Computers" as you mentioned as the scope in both of the above policies to specify what computers these policies will run on.
What you'd need to decide on is the trigger. I would suggest the normal check in trigger here since as soon as the Macs run an inventory collection after updating, they will land in the Smart Group and on next check (say 15 minutes later), these same Macs will then run the 2 above policies that should remove and re-install the software in question.

Keep in mind that its possible there could be a lag between when a Mac upgrades the OS and they get the new/updated software titles. For example, a Mac may get upgraded, but unless it runs an inventory collection right after, it could be hours before its next inventory collection cycle. The above policies will never run on those Macs until they land in the Smart Group, which can only happen when inventory is collected.

You can try doing something like having a policy that collects inventory and nothing else scoped to all Managed computers that runs on Login or on Startup.
In the latter, you could run into a login delay in some circumstances, so you'd need to test that out to see how it works for you. Also, unless the Macs are connected to the network at login, its possible they won't be able to connect to your JSS to get the instructions to run the inventory collection (there is always setting it to run in offline mode though)
Same issue is true for Startup triggered policies. In the case of laptops connecting to wireless, they may not have a network connection at startup. So just a few things to consider.

There are more considerations and possible setups than the above.
Hope the above helps a bit.