Zoom Updates

Andrewpants1
New Contributor III

I need help deploying zoom updates or allowing non-admins to update zoom because zoom is constantly updating. Any suggestions?

2 ACCEPTED SOLUTIONS

mojo21221
Contributor II

We use the following script. Adapted it a little from original to quit out of zoom if it is open.. We have adapted it from https://www.jamf.com/jamf-nation/discussions/29561/script-to-install-update-zoom

#!/bin/sh
#####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#       ZoomInstall.sh -- Installs or updates Zoom
#
# SYNOPSIS
#       sudo ZoomInstall.sh
#
####################################################################################################
#
# HISTORY
#
#       Version: 1.1
#
#       1.1 - Shannon Johnson, 27.9.2019
#       Updated for new zoom numbering scheme
#       Fixed the repeated plist modifications
#   
#       1.0 - Shannon Johnson, 28.9.2018
#       (Adapted from the FirefoxInstall.sh script by Joe Farage, 18.03.2015)
#
####################################################################################################
# Script to download and install Zoom.
# Only works on Intel systems.
#

# Set preferences
hdvideo="true"
ssodefault="true"
#ssohost="xxx.zoom.us"


# choose language (en-US, fr, de)
lang=""
# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 1 AND, IF SO, ASSIGN TO "lang"
if [ "$4" != "" ] && [ "$lang" == "" ]; then
        lang=$4
else 
        lang="en-US"
fi

pkgfile="ZoomInstallerIT.pkg"
plistfile="us.zoom.config.plist"
logfile="/Library/Logs/ZoomInstallScript.log"
processname="zoom.us"

killall "$processname" &> /dev/null
if [ $? -eq 0 ]; then
    echo "Killing $processname"
fi

# Are we running on Intel?
if [ '`/usr/bin/uname -p`'="i386" -o '`/usr/bin/uname -p`'="x86_64" ]; then
        ## Get OS version and adjust for use with the URL string
        OSvers_URL=$( sw_vers -productVersion | sed 's/[.]/_/g' )

        ## Set the User Agent string for use with curl
        userAgent="Mozilla/5.0 (Macintosh; Intel Mac OS X ${OSvers_URL}) AppleWebKit/535.6.2 (KHTML, like Gecko) Version/5.2 Safari/535.6.2"

        # Get the latest version of Reader available from Zoom page.
        latestver=$(/usr/bin/curl -s -A "$userAgent" https://zoom.us/download | grep 'ZoomInstallerIT.pkg' | awk -F'/' '{print $3}')
        echo "Latest Version is: $latestver"

        # Get the version number of the currently-installed Zoom, if any.
        if [ -e "/Applications/zoom.us.app" ]; then
        currentinstalledver=$(/usr/bin/defaults read /Applications/zoom.us.app/Contents/Info CFBundleVersion)
                echo "Current installed version is: $currentinstalledver"
                if [ ${latestver} = ${currentinstalledver} ]; then
                        echo "Zoom is current. Exiting"
                        exit 0
                fi
        else
                currentinstalledver="none"
                echo "Zoom is not installed"
        fi

        url="https://zoom.us/client/${latestver}/ZoomInstallerIT.pkg"

        echo "Latest version of the URL is: $url"
        echo "`date`: Download URL: $url" >> ${logfile}

        # Compare the two versions, if they are different or Zoom is not present then download and install the new version.
        if [ "${currentinstalledver}" != "${latestver}" ]; then

                # Construct the plist file for preferences
                echo "<?xml version="1.0" encoding="UTF-8"?>
                 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
                 <plist version="1.0">
                 <dict>
                        <key>nogoogle</key>
                        <string>1</string>
                        <key>nofacebook</key>
                        <string>1</string>
                        <key>ZDisableVideo</key>
                        <true/>
                        <key>ZAutoJoinVoip</key>
                        <true/>
                        <key>ZDualMonitorOn</key>
                        <true/>" > /tmp/${plistfile}

                if [ "${ssohost}" != "" ]; then
                        echo "
                        <key>ZAutoSSOLogin</key>
                        <true/>
                        <key>ZSSOHost</key>
                        <string>$ssohost</string>" >> /tmp/${plistfile}
                fi

                echo "<key>ZAutoFullScreenWhenViewShare</key>
                        <true/>
                        <key>ZAutoFitWhenViewShare</key>
                        <true/>" >> /tmp/${plistfile}

                if [ "${hdvideo}" == "true" ]; then
                        echo "<key>ZUse720PByDefault</key>
                        <true/>" >> /tmp/${plistfile}
                else
                        echo "<key>ZUse720PByDefault</key>
                        <false/>" >> /tmp/${plistfile}
                fi

                echo "<key>ZRemoteControlAllApp</key>
                        <true/>
                </dict>
                </plist>" >> /tmp/${plistfile}

                # Download and install new version
                /bin/echo "`date`: Current Zoom version: ${currentinstalledver}" >> ${logfile}
                /bin/echo "`date`: Available Zoom version: ${latestver}" >> ${logfile}
                /bin/echo "`date`: Downloading newer version." >> ${logfile}
                /usr/bin/curl -sLo /tmp/${pkgfile} ${url}
                /bin/echo "`date`: Installing PKG..." >> ${logfile}
                /usr/sbin/installer -allowUntrusted -pkg /tmp/${pkgfile} -target /

                /bin/sleep 20
                /bin/echo "`date`: Deleting downloaded PKG." >> ${logfile}
                /bin/rm /tmp/${pkgfile}

                #double check to see if the new version got updated
                newlyinstalledver=$(/usr/bin/defaults read /Applications/zoom.us.app/Contents/Info CFBundleVersion)
        echo "Version on Mac is ${newlyinstalledver}"
        if [ "${latestver}" = "${newlyinstalledver}" ]; then
                /bin/echo "`date`: SUCCESS: Zoom has been updated to version ${newlyinstalledver}" >> ${logfile}
                echo "Zoom updated successfully"
                # /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -title "Zoom Installed" -description "Zoom has been updated." &
        else
                /bin/echo "`date`: ERROR: Zoom update unsuccessful, version remains at ${currentinstalledver}." >> ${logfile}
                /bin/echo "--" >> ${logfile}
                echo "Zoom not updated - Installation error"
                        exit 1
                fi

        # If Zoom is up to date already, just log it and exit.
        else
                /bin/echo "`date`: Zoom is already up to date, running ${currentinstalledver}." >> ${logfile}
        /bin/echo "--" >> ${logfile}
        fi      
else
        /bin/echo "`date`: ERROR: This script is for Intel Macs only." >> ${logfile}
fi

exit 0

View solution in original post

jwng
New Contributor III

use patch management- bundle this as a .sh... use composer to run the .sh from /private/tmp:

!/bin/bash

appname="zoom.us.app"
pkgfile="Zoom.pkg"
file="/Applications/zoom.us.app"

Download Link

url="https://zoom.us/client/latest/Zoom.pkg"

/bin/echo "--"
/bin/echo "date: Removing Existing Copy of $appname "
if [ -e "$file" ]
then echo "$file found; Removing now" /bin/rm -rf $file
fi
/bin/echo "date: Downloading latest version."
/usr/bin/curl -Lo /tmp/${pkgfile} ${url}
/bin/echo "date: Installing..."
/usr/bin/sudo /usr/sbin/installer -pkg /tmp/${pkgfile} -target /
latestver=$(defaults read /Applications/${appname}/Contents/Info.plist CFBundleShortVersionString )
/bin/echo "$(date): Latest Version is: $latestver"
/bin/echo "date: Deleting PKG file"
/bin/rm /tmp/"${pkgfile}"

exit 0

View solution in original post

28 REPLIES 28

liut
New Contributor II

The autoupdate flag in their installation customization still requires admin access.

I've since turned off the autoupdate flag so that the client no longer keeps prompting users. Just update the client on Jamf and regularly roll it out instead.

mojo21221
Contributor II

We use the following script. Adapted it a little from original to quit out of zoom if it is open.. We have adapted it from https://www.jamf.com/jamf-nation/discussions/29561/script-to-install-update-zoom

#!/bin/sh
#####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#       ZoomInstall.sh -- Installs or updates Zoom
#
# SYNOPSIS
#       sudo ZoomInstall.sh
#
####################################################################################################
#
# HISTORY
#
#       Version: 1.1
#
#       1.1 - Shannon Johnson, 27.9.2019
#       Updated for new zoom numbering scheme
#       Fixed the repeated plist modifications
#   
#       1.0 - Shannon Johnson, 28.9.2018
#       (Adapted from the FirefoxInstall.sh script by Joe Farage, 18.03.2015)
#
####################################################################################################
# Script to download and install Zoom.
# Only works on Intel systems.
#

# Set preferences
hdvideo="true"
ssodefault="true"
#ssohost="xxx.zoom.us"


# choose language (en-US, fr, de)
lang=""
# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 1 AND, IF SO, ASSIGN TO "lang"
if [ "$4" != "" ] && [ "$lang" == "" ]; then
        lang=$4
else 
        lang="en-US"
fi

pkgfile="ZoomInstallerIT.pkg"
plistfile="us.zoom.config.plist"
logfile="/Library/Logs/ZoomInstallScript.log"
processname="zoom.us"

killall "$processname" &> /dev/null
if [ $? -eq 0 ]; then
    echo "Killing $processname"
fi

# Are we running on Intel?
if [ '`/usr/bin/uname -p`'="i386" -o '`/usr/bin/uname -p`'="x86_64" ]; then
        ## Get OS version and adjust for use with the URL string
        OSvers_URL=$( sw_vers -productVersion | sed 's/[.]/_/g' )

        ## Set the User Agent string for use with curl
        userAgent="Mozilla/5.0 (Macintosh; Intel Mac OS X ${OSvers_URL}) AppleWebKit/535.6.2 (KHTML, like Gecko) Version/5.2 Safari/535.6.2"

        # Get the latest version of Reader available from Zoom page.
        latestver=$(/usr/bin/curl -s -A "$userAgent" https://zoom.us/download | grep 'ZoomInstallerIT.pkg' | awk -F'/' '{print $3}')
        echo "Latest Version is: $latestver"

        # Get the version number of the currently-installed Zoom, if any.
        if [ -e "/Applications/zoom.us.app" ]; then
        currentinstalledver=$(/usr/bin/defaults read /Applications/zoom.us.app/Contents/Info CFBundleVersion)
                echo "Current installed version is: $currentinstalledver"
                if [ ${latestver} = ${currentinstalledver} ]; then
                        echo "Zoom is current. Exiting"
                        exit 0
                fi
        else
                currentinstalledver="none"
                echo "Zoom is not installed"
        fi

        url="https://zoom.us/client/${latestver}/ZoomInstallerIT.pkg"

        echo "Latest version of the URL is: $url"
        echo "`date`: Download URL: $url" >> ${logfile}

        # Compare the two versions, if they are different or Zoom is not present then download and install the new version.
        if [ "${currentinstalledver}" != "${latestver}" ]; then

                # Construct the plist file for preferences
                echo "<?xml version="1.0" encoding="UTF-8"?>
                 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
                 <plist version="1.0">
                 <dict>
                        <key>nogoogle</key>
                        <string>1</string>
                        <key>nofacebook</key>
                        <string>1</string>
                        <key>ZDisableVideo</key>
                        <true/>
                        <key>ZAutoJoinVoip</key>
                        <true/>
                        <key>ZDualMonitorOn</key>
                        <true/>" > /tmp/${plistfile}

                if [ "${ssohost}" != "" ]; then
                        echo "
                        <key>ZAutoSSOLogin</key>
                        <true/>
                        <key>ZSSOHost</key>
                        <string>$ssohost</string>" >> /tmp/${plistfile}
                fi

                echo "<key>ZAutoFullScreenWhenViewShare</key>
                        <true/>
                        <key>ZAutoFitWhenViewShare</key>
                        <true/>" >> /tmp/${plistfile}

                if [ "${hdvideo}" == "true" ]; then
                        echo "<key>ZUse720PByDefault</key>
                        <true/>" >> /tmp/${plistfile}
                else
                        echo "<key>ZUse720PByDefault</key>
                        <false/>" >> /tmp/${plistfile}
                fi

                echo "<key>ZRemoteControlAllApp</key>
                        <true/>
                </dict>
                </plist>" >> /tmp/${plistfile}

                # Download and install new version
                /bin/echo "`date`: Current Zoom version: ${currentinstalledver}" >> ${logfile}
                /bin/echo "`date`: Available Zoom version: ${latestver}" >> ${logfile}
                /bin/echo "`date`: Downloading newer version." >> ${logfile}
                /usr/bin/curl -sLo /tmp/${pkgfile} ${url}
                /bin/echo "`date`: Installing PKG..." >> ${logfile}
                /usr/sbin/installer -allowUntrusted -pkg /tmp/${pkgfile} -target /

                /bin/sleep 20
                /bin/echo "`date`: Deleting downloaded PKG." >> ${logfile}
                /bin/rm /tmp/${pkgfile}

                #double check to see if the new version got updated
                newlyinstalledver=$(/usr/bin/defaults read /Applications/zoom.us.app/Contents/Info CFBundleVersion)
        echo "Version on Mac is ${newlyinstalledver}"
        if [ "${latestver}" = "${newlyinstalledver}" ]; then
                /bin/echo "`date`: SUCCESS: Zoom has been updated to version ${newlyinstalledver}" >> ${logfile}
                echo "Zoom updated successfully"
                # /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -title "Zoom Installed" -description "Zoom has been updated." &
        else
                /bin/echo "`date`: ERROR: Zoom update unsuccessful, version remains at ${currentinstalledver}." >> ${logfile}
                /bin/echo "--" >> ${logfile}
                echo "Zoom not updated - Installation error"
                        exit 1
                fi

        # If Zoom is up to date already, just log it and exit.
        else
                /bin/echo "`date`: Zoom is already up to date, running ${currentinstalledver}." >> ${logfile}
        /bin/echo "--" >> ${logfile}
        fi      
else
        /bin/echo "`date`: ERROR: This script is for Intel Macs only." >> ${logfile}
fi

exit 0

View solution in original post

Andrewpants1
New Contributor III

Thank you guys for the help!!

koestej
New Contributor

This was working great for us but now just errors out. Is it still working for you all?

Andrewpants1
New Contributor III

@koestej Yea it's working fine for us.

jwng
New Contributor III

use patch management- bundle this as a .sh... use composer to run the .sh from /private/tmp:

!/bin/bash

appname="zoom.us.app"
pkgfile="Zoom.pkg"
file="/Applications/zoom.us.app"

Download Link

url="https://zoom.us/client/latest/Zoom.pkg"

/bin/echo "--"
/bin/echo "date: Removing Existing Copy of $appname "
if [ -e "$file" ]
then echo "$file found; Removing now" /bin/rm -rf $file
fi
/bin/echo "date: Downloading latest version."
/usr/bin/curl -Lo /tmp/${pkgfile} ${url}
/bin/echo "date: Installing..."
/usr/bin/sudo /usr/sbin/installer -pkg /tmp/${pkgfile} -target /
latestver=$(defaults read /Applications/${appname}/Contents/Info.plist CFBundleShortVersionString )
/bin/echo "$(date): Latest Version is: $latestver"
/bin/echo "date: Deleting PKG file"
/bin/rm /tmp/"${pkgfile}"

exit 0

View solution in original post

efarjami
New Contributor II

Hello,

Thank you for sharing the script! Is this just for the intel system? I ran the script on my own M1 chip MacBook and It's been installed successfully but it's just asking to update to the compatible version.

 

koestej
New Contributor

Turns out it was because we put a "/" in the script name and it broke things. We named it Install/Update. Won't make that mistake again and thanks for checking!

ian_sterling
New Contributor II

@jwng - can you explain a little further what you mean by "use patch management- bundle this as a .sh... use composer to run the .sh from /private/tmp:"

I packaged the update_zoom.sh script from /var/tmp using composer, set that as the patch management definition, but I'm not understanding how you're actually triggering the script to run.

It's probably something simple that I'm misunderstanding, but I'm having issues packaging the 5.1.0 update and thought this method would be more effective (and easier to manage).

jwng
New Contributor III

bundle the shell script as a pkg in composer,
then in composer , create a second post- install script to call the sh. file from /private/tmp/

jwng
New Contributor III

56eb58d8051b41b9a86440b850306a44

jwng
New Contributor III

apologies for the delay*

jwng
New Contributor III

fdf3ffeb73ba4c859719cff0e19b723e

ian_sterling
New Contributor II

Thank you, @jwng !!! That explains it. Thanks again!!

jwng
New Contributor III

We built most of our autoupdate-apps in the same manner , (really any installer you can curl). Glad to help

tlarkin
Honored Contributor

Really, AutoPKG and JSS Importer can do this much more safely, secure, and with more controls in place

jwng
New Contributor III

autopkg and jss importer is great, but you'd have to run autopkg for each version release. At least with an autoupdate script, all you have to do is vet thru the script with a run, and in theory just roll the definitions up in patch management

tlarkin
Honored Contributor

Yup and the benefit is that if you ever need to roll back, you have all the versions in your repo, you just need to flip a bit. With a curl script you loose that quality control, and it is much harder to troubleshoot failures. Plus you are now maintaining code that has to run on every endpoint vs code that runs on a single endpoint. AutoPKG also does a lot of health checks that a curl script does not, and can do things like pass a URL to VirusTotal

tlarkin
Honored Contributor

Also, unless the CDNs you are hitting use cert pinning, any curl script is also susceptible to a MITM attack

supson
New Contributor III

@jwng So the reason for packaging the script is? Couldn't you just run the script from a policy and achieve the same results? Also I am still trying to figure out, it seems as though you package the script, then add a post-install script to run the same script? Am I missing something about being two scripts, or is there only one? Is the package portion of this process placing the script into /private/tmp and then the post-install script actually running the script?

jwng
New Contributor III

So I bundle the zoom script as a pkg so that I can deploy it via patch management policy instead of a standard policy.
Patch policies have very limited payload options versus standard policies.

The pkg payload places the script I want to run in the /var/tmp dir, then the post install script calls the script that was delivered in the payload from /var/tmp. For me it optimizes patch management . I can load the same pkg to the newest version definition in patch management without having to upload a new pkg...

tjosey
New Contributor III

@liut

How did you turn off the auto update in the .pkg. I have been deploying zoom updates however, zoom has been pushing out updates constantly so my users are always getting the promt. I would like to control when we update (Everymoth) by using patch management but don't want my users getting the zoom update prompt every time. Any advice?

tjosey
New Contributor III

has anyone tested this on the new M1 Chip with Big sur yet? Trying to see if we can get this working on that since there are technically 2 versions of zoom now

KSibley
New Contributor III

Apparently, the ZoomIT install package will allow for setting a ZAutoUpdate key in a plist file. See https://support.zoom.us/hc/en-us/articles/115001799006-Mass-deployment-with-preconfigured-settings-for-Mac#h_9f50f97d-e769-4a47-a2b3-1f64efc670df

Has anyone tried this or had it work?

I have seen intermittent success with having standard users update. I have a support ticket with Zoom for a working session to look at my config and why it is not working all the time.

robertliebsch
Contributor

I have that plist sent out and AutoUpdate set to True.
I have 34 users on the last version and another 34 on versions all the way back to 5.1. Going to forcefully upgrade via policy Friday morning.

KSibley
New Contributor III

@robertliebsch do you think the AutoUpdate is working on those 34 users with the latest version because they are clicking Update within the app and the reason there are old versions is because users are not clicking the Update?

robertliebsch
Contributor

They aren't on the latest version. They are on 5.4.7. It is maybe possible they were updated due to the upgrade option in plist. But not 100% sure. I don't know why it isn't working to get to 5.4.9. I don't know what folks are or are not doing, sadly.

tjosey
New Contributor III

@mojo21221

nice code it does work but I would like to ad <Key>PackageRecommend</key> into the mix so the user's can toggle it after the no facebook settings.but i am not quiet sure where to add the line in your code below

Compare the two versions, if they are different or Zoom is not present then download and install the new version.

if [ "${currentinstalledver}" != "${latestver}" ]; then

# Construct the plist file for preferences echo "<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>nogoogle</key> <string>1</string> <key>nofacebook</key> <string>1</string> <key>ZDisableVideo</key> <true/> <key>ZAutoJoinVoip</key> <true/> <key>ZDualMonitorOn</key> <true/>" > /tmp/${plistfile}

if [ "${ssohost}" != "" ]; then echo " <key>ZAutoSSOLogin</key> <true/> <key>ZSSOHost</key> <string>$ssohost</string>" >> /tmp/${plistfile} fi

echo "<key>ZAutoFullScreenWhenViewShare</key> <true/> <key>ZAutoFitWhenViewShare</key> <true/>" >> /tmp/${plistfile}

if [ "${hdvideo}" == "true" ]; then echo "<key>ZUse720PByDefault</key> <true/>" >> /tmp/${plistfile} else echo "<key>ZUse720PByDefault</key> <false/>" >> /tmp/${plistfile} fi

echo "<key>ZRemoteControlAllApp</key> <true/> </dict> </plist>" >> /tmp/${plistfile}"

Can you advise?

Edit: I figured it out. Was missing the <dict> (Sorry Very new to scripting)