I need help deploying zoom updates or allowing non-admins to update zoom because zoom is constantly updating. Any suggestions?
Page 1 / 2
The autoupdate flag in their installation customization still requires admin access.
I've since turned off the autoupdate flag so that the client no longer keeps prompting users. Just update the client on Jamf and regularly roll it out instead.
We use the following script. Adapted it a little from original to quit out of zoom if it is open.. We have adapted it from https://www.jamf.com/jamf-nation/discussions/29561/script-to-install-update-zoom
#!/bin/sh
#####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
# ZoomInstall.sh -- Installs or updates Zoom
#
# SYNOPSIS
# sudo ZoomInstall.sh
#
####################################################################################################
#
# HISTORY
#
# Version: 1.1
#
# 1.1 - Shannon Johnson, 27.9.2019
# Updated for new zoom numbering scheme
# Fixed the repeated plist modifications
#
# 1.0 - Shannon Johnson, 28.9.2018
# (Adapted from the FirefoxInstall.sh script by Joe Farage, 18.03.2015)
#
####################################################################################################
# Script to download and install Zoom.
# Only works on Intel systems.
#
# Set preferences
hdvideo="true"
ssodefault="true"
#ssohost="xxx.zoom.us"
# choose language (en-US, fr, de)
lang=""
# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 1 AND, IF SO, ASSIGN TO "lang"
if [ "$4" != "" ] && [ "$lang" == "" ]; then
lang=$4
else
lang="en-US"
fi
pkgfile="ZoomInstallerIT.pkg"
plistfile="us.zoom.config.plist"
logfile="/Library/Logs/ZoomInstallScript.log"
processname="zoom.us"
killall "$processname" &> /dev/null
if [ $? -eq 0 ]; then
echo "Killing $processname"
fi
# Are we running on Intel?
if [ '`/usr/bin/uname -p`'="i386" -o '`/usr/bin/uname -p`'="x86_64" ]; then
## Get OS version and adjust for use with the URL string
OSvers_URL=$( sw_vers -productVersion | sed 's/[.]/_/g' )
## Set the User Agent string for use with curl
userAgent="Mozilla/5.0 (Macintosh; Intel Mac OS X ${OSvers_URL}) AppleWebKit/535.6.2 (KHTML, like Gecko) Version/5.2 Safari/535.6.2"
# Get the latest version of Reader available from Zoom page.
latestver=$(/usr/bin/curl -s -A "$userAgent" https://zoom.us/download | grep 'ZoomInstallerIT.pkg' | awk -F'/' '{print $3}')
echo "Latest Version is: $latestver"
# Get the version number of the currently-installed Zoom, if any.
if [ -e "/Applications/zoom.us.app" ]; then
currentinstalledver=$(/usr/bin/defaults read /Applications/zoom.us.app/Contents/Info CFBundleVersion)
echo "Current installed version is: $currentinstalledver"
if [ ${latestver} = ${currentinstalledver} ]; then
echo "Zoom is current. Exiting"
exit 0
fi
else
currentinstalledver="none"
echo "Zoom is not installed"
fi
url="https://zoom.us/client/${latestver}/ZoomInstallerIT.pkg"
echo "Latest version of the URL is: $url"
echo "`date`: Download URL: $url" >> ${logfile}
# Compare the two versions, if they are different or Zoom is not present then download and install the new version.
if [ "${currentinstalledver}" != "${latestver}" ]; then
# Construct the plist file for preferences
echo "<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>nogoogle</key>
<string>1</string>
<key>nofacebook</key>
<string>1</string>
<key>ZDisableVideo</key>
<true/>
<key>ZAutoJoinVoip</key>
<true/>
<key>ZDualMonitorOn</key>
<true/>" > /tmp/${plistfile}
if [ "${ssohost}" != "" ]; then
echo "
<key>ZAutoSSOLogin</key>
<true/>
<key>ZSSOHost</key>
<string>$ssohost</string>" >> /tmp/${plistfile}
fi
echo "<key>ZAutoFullScreenWhenViewShare</key>
<true/>
<key>ZAutoFitWhenViewShare</key>
<true/>" >> /tmp/${plistfile}
if [ "${hdvideo}" == "true" ]; then
echo "<key>ZUse720PByDefault</key>
<true/>" >> /tmp/${plistfile}
else
echo "<key>ZUse720PByDefault</key>
<false/>" >> /tmp/${plistfile}
fi
echo "<key>ZRemoteControlAllApp</key>
<true/>
</dict>
</plist>" >> /tmp/${plistfile}
# Download and install new version
/bin/echo "`date`: Current Zoom version: ${currentinstalledver}" >> ${logfile}
/bin/echo "`date`: Available Zoom version: ${latestver}" >> ${logfile}
/bin/echo "`date`: Downloading newer version." >> ${logfile}
/usr/bin/curl -sLo /tmp/${pkgfile} ${url}
/bin/echo "`date`: Installing PKG..." >> ${logfile}
/usr/sbin/installer -allowUntrusted -pkg /tmp/${pkgfile} -target /
/bin/sleep 20
/bin/echo "`date`: Deleting downloaded PKG." >> ${logfile}
/bin/rm /tmp/${pkgfile}
#double check to see if the new version got updated
newlyinstalledver=$(/usr/bin/defaults read /Applications/zoom.us.app/Contents/Info CFBundleVersion)
echo "Version on Mac is ${newlyinstalledver}"
if [ "${latestver}" = "${newlyinstalledver}" ]; then
/bin/echo "`date`: SUCCESS: Zoom has been updated to version ${newlyinstalledver}" >> ${logfile}
echo "Zoom updated successfully"
# /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -title "Zoom Installed" -description "Zoom has been updated." &
else
/bin/echo "`date`: ERROR: Zoom update unsuccessful, version remains at ${currentinstalledver}." >> ${logfile}
/bin/echo "--" >> ${logfile}
echo "Zoom not updated - Installation error"
exit 1
fi
# If Zoom is up to date already, just log it and exit.
else
/bin/echo "`date`: Zoom is already up to date, running ${currentinstalledver}." >> ${logfile}
/bin/echo "--" >> ${logfile}
fi
else
/bin/echo "`date`: ERROR: This script is for Intel Macs only." >> ${logfile}
fi
exit 0Thank you guys for the help!!
This was working great for us but now just errors out. Is it still working for you all?
@koestej Yea it's working fine for us.
use patch management- bundle this as a .sh... use composer to run the .sh from /private/tmp:
!/bin/bash
appname="zoom.us.app"
pkgfile="Zoom.pkg"
file="/Applications/zoom.us.app"
Download Link
url="https://zoom.us/client/latest/Zoom.pkg"
/bin/echo "--"
/bin/echo "date: Removing Existing Copy of $appname "
if [ -e "$file" ]
then
echo "$file found; Removing now"
/bin/rm -rf $file
fi
/bin/echo "date: Downloading latest version."
/usr/bin/curl -Lo /tmp/${pkgfile} ${url}
/bin/echo "date: Installing..."
/usr/bin/sudo /usr/sbin/installer -pkg /tmp/${pkgfile} -target /
latestver=$(defaults read /Applications/${appname}/Contents/Info.plist CFBundleShortVersionString )
/bin/echo "$(date): Latest Version is: $latestver"
/bin/echo "date: Deleting PKG file"
/bin/rm /tmp/"${pkgfile}"
exit 0
Turns out it was because we put a "/" in the script name and it broke things. We named it Install/Update. Won't make that mistake again and thanks for checking!
@jwng - can you explain a little further what you mean by "use patch management- bundle this as a .sh... use composer to run the .sh from /private/tmp:"
I packaged the update_zoom.sh script from /var/tmp using composer, set that as the patch management definition, but I'm not understanding how you're actually triggering the script to run.
It's probably something simple that I'm misunderstanding, but I'm having issues packaging the 5.1.0 update and thought this method would be more effective (and easier to manage).
bundle the shell script as a pkg in composer,
then in composer , create a second post- install script to call the sh. file from /private/tmp/
apologies for the delay*
Thank you, @jwng !!! That explains it. Thanks again!!
We built most of our autoupdate-apps in the same manner , (really any installer you can curl). Glad to help
Really, AutoPKG and JSS Importer can do this much more safely, secure, and with more controls in place
autopkg and jss importer is great, but you'd have to run autopkg for each version release. At least with an autoupdate script, all you have to do is vet thru the script with a run, and in theory just roll the definitions up in patch management
Yup and the benefit is that if you ever need to roll back, you have all the versions in your repo, you just need to flip a bit. With a curl script you loose that quality control, and it is much harder to troubleshoot failures. Plus you are now maintaining code that has to run on every endpoint vs code that runs on a single endpoint. AutoPKG also does a lot of health checks that a curl script does not, and can do things like pass a URL to VirusTotal
Also, unless the CDNs you are hitting use cert pinning, any curl script is also susceptible to a MITM attack
@jwng So the reason for packaging the script is? Couldn't you just run the script from a policy and achieve the same results? Also I am still trying to figure out, it seems as though you package the script, then add a post-install script to run the same script? Am I missing something about being two scripts, or is there only one? Is the package portion of this process placing the script into /private/tmp and then the post-install script actually running the script?
So I bundle the zoom script as a pkg so that I can deploy it via patch management policy instead of a standard policy.
Patch policies have very limited payload options versus standard policies.
The pkg payload places the script I want to run in the /var/tmp dir, then the post install script calls the script that was delivered in the payload from /var/tmp. For me it optimizes patch management . I can load the same pkg to the newest version definition in patch management without having to upload a new pkg...
How did you turn off the auto update in the .pkg. I have been deploying zoom updates however, zoom has been pushing out updates constantly so my users are always getting the promt. I would like to control when we update (Everymoth) by using patch management but don't want my users getting the zoom update prompt every time. Any advice?
has anyone tested this on the new M1 Chip with Big sur yet? Trying to see if we can get this working on that since there are technically 2 versions of zoom now
Apparently, the ZoomIT install package will allow for setting a ZAutoUpdate key in a plist file. See https://support.zoom.us/hc/en-us/articles/115001799006-Mass-deployment-with-preconfigured-settings-for-Mac#h_9f50f97d-e769-4a47-a2b3-1f64efc670df
Has anyone tried this or had it work?
I have seen intermittent success with having standard users update. I have a support ticket with Zoom for a working session to look at my config and why it is not working all the time.
I have that plist sent out and AutoUpdate set to True.
I have 34 users on the last version and another 34 on versions all the way back to 5.1.
Going to forcefully upgrade via policy Friday morning.
@robertliebsch do you think the AutoUpdate is working on those 34 users with the latest version because they are clicking Update within the app and the reason there are old versions is because users are not clicking the Update?
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.