Jamf Nation Community

blerud15 · ‎01-27-2022

I am wondering what the best solution to manage chrome browser updates through Jamf is? I would like to be able to use a patch policy to push out the update, but when the update is tied to our google chrome .pkg and pushed to my device, I perform the update through self service, and when reopening chrome, it is still on the old version.

Thanks!

mainelysteve · ‎01-27-2022

Where are sourcing your Chrome pkg from? AutoPKG or manual download? If you've not repackaged anything then both should be moving the same app bundle to the same location (/Applications). Are you seeing the same behavior when you install that same pkg file manually on your machine?

blerud15 · ‎01-27-2022

Manual Download, it is the same package initially pushed out to the devices to install chrome browser, but when tying the update to it through patch management, it continues to just install the same version initially pushed out.

Thanks!

mainelysteve · ‎01-27-2022

So then just to verify:

1. You have the most recent version of Chrome (97.0.4692.99) in Definitions with the same version package added to that definition?

2. Under patch policies you have 97.0.4692.99 set as your target version and patch unknown versions is checked?

It almost sounds like it's #1 and you added an older package to the 97.0.4692.99 definition, but that's just speculation.

blerud15 · ‎01-27-2022

1.) 97.0.4692.99 is tied to the chrome .pkg we originally pushed out (95.0.4638.69)

So I need to download the 97.0.4692.99 chrome package, and each update I will need to tie the new version to also a new package? I was assuming we could tie the new version to the chrome package we originally used and it would update to the current version when tied to it in Patch policies.

Thanks!

jbisgett · ‎01-27-2022

Yes, you have to download the new package from Google, upload it to Jamf, then attach that to the latest definition in patch management. Change the patch policy to the target version and save.

Jamf doesn't automatically download version of apps outside of the App Store and deploy them (yet, looking at you App Installers).

blerud15 · ‎01-27-2022

This would make sense. Is there a way to make chrome updates through jamf more automated? To avoid having to upload a new packaged every two weeks and change the patch policy each time?

Thanks!

jbisgett · ‎01-27-2022

Take a look at Installomator, there is a guide for doing exactly this with Chrome. At least until Jamf finally unveils App Installers, which is supposed to do something similar.

JRM5513 · ‎01-30-2022

I would advise to not use the patch management for Chrome and instead use a configuration profile with the RelaunchNotification and RelaunchNotificationPeriod keys.

https://babodee.wordpress.com/2020/06/16/managing-google-chrome-auto-updates/

https://www.alansiu.net/2019/11/24/forcing-updates-to-google-chrome-using-chrome-preferences-a-chrom...

JeffBugbee · ‎04-21-2022

I assume you have to have an Google Enterprise account for these Relaunch Notifications to work?

Flaurian · ‎04-21-2022

As I know, u have just to use the google enterprise pkg

Google Enterprise download url

Flaurian · ‎04-13-2022

Hey @JRM5513
just to clarify your recommendation for me. Does that mean, I have to push both Plists "com.company.google.softwareupdatecheck" from babodee and the two commands for com.google.Chrome to managed devices or would be the second one "Relaunchnotification" enough for patch management.
In case, I need both Plists. I'm not sure to double-check if com.company.google.softwareupdatecheck is working because I can of course check the process / launchctl etc. but I don't have a trigger, isn't? or should I get the notification fromcom.google.Chrome if the agent is running successfull.

mainelysteve · ‎04-13-2022

You only need one plist for both keys. You don't need the second key(RelaunchNotificationPeriod) unless you want to set the notification period otherwise the default is seven days according to the two pages linked above.

You're looking for Google's keystone process not the preference domain you have above. You won't get a notification that it's running, when a new version is released and the updater checks it will install the new version based on your settings then notify the user to restart Chrome at seven days or your manually set period.

FWIW You can still have Chrome in your patch management list, but not set a patch policy. That way you can still get version inventory from each machine.

Flaurian · ‎04-13-2022

Thanks for ur answer @mainelysteve but it's actually not 100% clear to me what u meant - sorry.

https://babodee.wordpress.com/2020/06/16/managing-google-chrome-auto-updates/
- Does that mean, I used this solution like "com.company.google.softwareupdatecheck.plist" and created an agent for my clients? Is there any possibility to double-check if the agent runs as expected?
https://www.alansiu.net/2019/11/24/forcing-updates-to-google-chrome-using-chrome-preferences-a-chrom...
- not necessarily but if I want I can also push this plist to handle the notifications or if I want to re-launch Chrome earlier than 7 days.

mainelysteve · ‎04-19-2022

Your use of the word agent versus launch agent threw me for a bit.

On your first point. Yes, if you really want to you can shorten the time interval(the trigger) from six hours down to say 30 minutes and monitor using launchctl list. I'm on the K.I.S.S bandwagon and think it's more worth your time to get the configuration profile created and scoped to a client. Deploy the launch agent to that client and then simply monitor a Google Chrome entry in patch management or look at that clients Application inventory.

Lastly on the second point. Correct, the first key tells Chrome how to notify and then the second key tells it when. The 7 days default setting seems a bit much for me especially with zero days affecting browsers so much these days.

SMR1 · ‎06-06-2022

I would give installomator a try.

Jamf Nation Community

Using Patch Management to push out Chrome updates