Zoom for the masses

drioux
Contributor

Has anyone possibly put together a best practices list for how to deploy Zoom is a school environment for a district that has not used it since the advent of PPPC profiles? (you know, on the off chance there was a global pandemic and they needed to do a quick rolllout...)

12 REPLIES 12

mcmulligan
New Contributor II

I am working on this right now.... I know its shocking that people would discover that Zoom hasnt been deployed yet... This week of all weeks!

Anyway, I will put what I have: Its not done yet.

1. Download the client - I included my script below. Its a crude first draft, dont be judgey....

2. Place a plist in the same directory as the pkg and the installer will deploy your plist with the client (preferences -> /Library/Preferences). Here is a link to the page that describes the options and provides a sample: https://support.zoom.us/hc/en-us/articles/115001799006-Mass-Deployment-with-Preconfigured-Settings-for-MacThe script pulls down their sample plist too... Of course you should use Composer to package up the installer and plist…..

3. PPPC - you need to grant permissions via config profile. See: https://support.zoom.us/hc/en-us/articles/360016688031-Using-the-Zoom-Client-and-Zoom-Rooms-with-Mac-OS-10-14-Mojave . I will paste in (below) what I got from Jamfnation as a sample profile.

4. Kext Whitelist - You need to whitelist their kext.

    Display Name: Zoom Video Communications, Inc.
    Team ID: BJ4HAAB9B3
    Extension Path:/System/Library/Extensions/ZoomAudioDevice.kext

Additional details on kernel extension changes on High Sierra can be found here. Here is the link: https://support.zoom.us/hc/en-us/articles/360000698843-Kernel-extension-changes-in-macOS-High-Sierra .

Download script:

# Download Zoom
downloadDir="/tmp/or/whatever/path/you/like/to/use/for/installers/Zoom"
cd "$downloadDir"
# Zoom Client
curl -L -s -O https://zoom.us/client/latest/Zoom.pkg
# Zoom Outlook Plugin
curl -L -s -O https://zoom.us/client/latest/ZoomMacOutlookPlugin.pkg
# Zoom install for IT Admins
curl -L -s -O https://zoom.us/client/latest/ZoomInstallerIT.pkg
curl -L -s -O https://support.zoom.us/hc/en-us/article_attachments/360042873691/us.zoom.config.plist
exit 0

Get the PPPC profile from here:
https://www.jamf.com/jamf-nation/discussions/31365/pppc-tcc-zoom-meetings-outlook-plugin

drioux
Contributor

I can't thank you enough.

bishopz
New Contributor III

Thanks for your reply @mcmulligan !

Would anyone in a school district be willing to share the plist they made for students, or just some of what you enabled/disabled? Thanks in advance.

jpuebs
New Contributor III

I ran into a similar issue in trying to provide remote control functionality for remote users on Catalina. I used PPPC to upload the profile but I made sure Accessibility was set to Allow. After spending the last few days working on this and unable to get Zoom to show as checkmarked under Accessibility in Security & Privacy I went ahead and tested it only to realize it worked flawlessly. Even though its not checkmarked here, remote functionality and control will still work! 6bf60db44d37421490661f239a8efa7e

swallace
Contributor

We are going to Zoom as well. Is anyone concerned about security on devices about giving remote access? I'm kind of the Debbie Downer on this one as staff and students can give remote access freely once in a meeting.

Just feeling uneasy...would like an Apple Remote Desktop situation to use.

supson
New Contributor III

Does all this still apply now that we are in September 2020?

drioux
Contributor

We are successfully using it now. At the time we were in a scramble and I was trying to go from 0 to 100 overnight. We have the kinks worked out. The PPPC and Kernel Extension info we used is in these screenshots, if you were looking.
5d4fc213a1ce4c7f8d1fc7a093cc506d

e247b2d665a84dd7919bae1f0afd208e

vanschip-gerard
Contributor

Hi guys, using the guide found here: https://support.zoom.us/hc/en-us/articles/115001799006-Mass-deployment-with-preconfigured-settings-for-Mac

I would like to push some settings like disabling Facebook and Google. Jamf pushes it just fine to managed preferences but the zoom app seems to ignore any settings I do. Anyone got this working?

I think I've managed to get it working as config profile in Jamf Pro. The trick was to put us.zoom.config as the preference domain, rather than us.zoom.xos.

Loic
New Contributor III

Hello @vanschip-gerard
Here is the script we're using to deploy the Zoom app with preconfigured settings.
Thanks to the authors

#!/bin/sh
#####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#       ZoomInstall.sh -- Installs or updates Zoom
#
# SYNOPSIS
#       sudo ZoomInstall.sh
#
####################################################################################################
#
# HISTORY
#
#       Version: 1.1
#
#       1.1 - Shannon Johnson, 27.9.2019
#       Updated for new zoom numbering scheme
#       Fixed the repeated plist modifications
#   
#       1.0 - Shannon Johnson, 28.9.2018
#       (Adapted from the FirefoxInstall.sh script by Joe Farage, 18.03.2015)
#
####################################################################################################
# Script to download and install Zoom.
# Only works on Intel systems.
#

# Set preferences
hdvideo=""
ssodefault="true"
ssohost="xxxxxxxxxxx.zoom.us"


# choose language (en-US, fr, de)
lang=""
# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 1 AND, IF SO, ASSIGN TO "lang"
if [ "$4" != "" ] && [ "$lang" == "" ]; then
        lang=$4
else 
        lang="en-US"
fi

pkgfile="ZoomInstallerIT.pkg"
plistfile="us.zoom.config.plist"
logfile="/Library/Logs/ZoomInstallScript.log"

# Are we running on Intel?
if [ '`/usr/bin/uname -p`'="i386" -o '`/usr/bin/uname -p`'="x86_64" ]; then
        ## Get OS version and adjust for use with the URL string
        OSvers_URL=$( sw_vers -productVersion | sed 's/[.]/_/g' )

        ## Set the User Agent string for use with curl
        userAgent="Mozilla/5.0 (Macintosh; Intel Mac OS X ${OSvers_URL}) AppleWebKit/535.6.2 (KHTML, like Gecko) Version/5.2 Safari/535.6.2"

        # Get the latest version of Reader available from Zoom page.
        latestver=`/usr/bin/curl -s -A "$userAgent" https://zoom.us/download | grep 'ZoomInstallerIT.pkg' | awk -F'/' '{print $3}'`
        echo "Latest Version is: $latestver"

        # Get the version number of the currently-installed Zoom, if any.
        if [ -e "/Applications/zoom.us.app" ]; then
        currentinstalledver=`/usr/bin/defaults read /Applications/zoom.us.app/Contents/Info CFBundleVersion | sed -e 's/0 //g' -e 's/(//g' -e 's/)//g'`
                echo "Current installed version is: $currentinstalledver"
                if [ ${latestver} = ${currentinstalledver} ]; then
                        echo "Zoom is current. Exiting"
                        exit 0
                fi
        else
                currentinstalledver="none"
                echo "Zoom is not installed"
        fi

        url="https://zoom.us/client/${latestver}/ZoomInstallerIT.pkg"

        echo "Latest version of the URL is: $url"
        echo "`date`: Download URL: $url" >> ${logfile}

        # Compare the two versions, if they are different or Zoom is not present then download and install the new version.
        if [ "${currentinstalledver}" != "${latestver}" ]; then

                # Construct the plist file for preferences
                echo "<?xml version="1.0" encoding="UTF-8"?>
                 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
                 <plist version="1.0">
                 <dict>
                        <key>nogoogle</key>
                        <string>1</string>
                        <key>nofacebook</key>
                        <string>1</string>
                        <key>DisableLoginWithEmail</key>
                        <string>1</string>
                        <key>ZDisableVideo</key>
                        <false/>
                        <key>ZAutoJoinVoip</key>
                        <true/>
                        <key>ZDualMonitorOn</key>
                        <false/>" > /tmp/${plistfile}

                if [ "${ssohost}" != "" ]; then
                        echo "
                        <key>ZAutoSSOLogin</key>
                        <true/>
                        <key>ZSSOHost</key>
                        <string>$ssohost</string>" >> /tmp/${plistfile}
                fi

                echo "<key>ZAutoFullScreenWhenViewShare</key>
                        <false/>
                        <key>ZAutoFitWhenViewShare</key>
                        <true/>" >> /tmp/${plistfile}

                if [ "${hdvideo}" == "true" ]; then
                        echo "<key>ZUse720PByDefault</key>
                        <true/>" >> /tmp/${plistfile}
                else
                        echo "<key>ZUse720PByDefault</key>
                        <false/>" >> /tmp/${plistfile}
                fi

                echo "<key>ZRemoteControlAllApp</key>
                        <true/>
                </dict>
                </plist>" >> /tmp/${plistfile}

                # Download and install new version
                /bin/echo "`date`: Current Zoom version: ${currentinstalledver}" >> ${logfile}
                /bin/echo "`date`: Available Zoom version: ${latestver}" >> ${logfile}
                /bin/echo "`date`: Downloading newer version." >> ${logfile}
                /usr/bin/curl -sLo /tmp/${pkgfile} ${url}
                if pgrep 'zoom.us'; then
                    /bin/echo "`date`: Closing Zoom" >> ${logfile}
                    /usr/bin/pkill zoom.us
                    /bin/sleep 5
                    fi
                /bin/echo "`date`: Installing PKG..." >> ${logfile}
                /usr/sbin/installer -allowUntrusted -pkg /tmp/${pkgfile} -target /

                /bin/sleep 10
                /bin/echo "`date`: Deleting downloaded PKG." >> ${logfile}
                /bin/rm /tmp/${pkgfile}

                #double check to see if the new version got updated
                newlyinstalledver=`/usr/bin/defaults read /Applications/zoom.us.app/Contents/Info CFBundleVersion`
        if [ "${latestver}" = "${newlyinstalledver}" ]; then
                /bin/echo "`date`: SUCCESS: Zoom has been updated to version ${newlyinstalledver}" >> ${logfile}
                # /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -title "Zoom Installed" -description "Zoom has been updated." &
        else
                /bin/echo "`date`: ERROR: Zoom update unsuccessful, version remains at ${currentinstalledver}." >> ${logfile}
                /bin/echo "--" >> ${logfile}
                        exit 1
                fi

        # If Zoom is up to date already, just log it and exit.
        else
                /bin/echo "`date`: Zoom is already up to date, running ${currentinstalledver}." >> ${logfile}
        /bin/echo "--" >> ${logfile}
        fi      
else
        /bin/echo "`date`: ERROR: This script is for Intel Macs only." >> ${logfile}
fi

exit 0

Jean-D
New Contributor

Will anyone be willing to meet with me via Google Meet to go over this setup? I'm new to deploying apps and creating packages and I'd really appreciate some help!

atomczynski
Valued Contributor

@Jean-D Can you hit me up on slack?
https://www.macadmins.org
@atomczynski