Tested this script and has worked fine. Autopkg has been having an issue with the Zoom recipe recently, so I may just start using the script for the near future.
Works great, thank you!!!
While this script works perfectly for updating, for some reason Zoom hangs on the login screen when re-opening. If you close the window and open it again it's fine though. Anyone else running into this?
This script is great! Thank you!
@landono
I am running into this as well.
Are you using SAML SSO, if so who is your IdP?
I did another review of the script, and appears the plist is not being moved from /tmp/ to where it should be?
Edit NVM.
Not sure why single sign on options are not working as intended using SAML.
Wonderful script!
I've been looking into setting audio output options for Zoom. For some reason, Zoom seems to ignore my device outputs, even if I set the output by hand. I've looked into setting outputs by switchaudiosource, and it while it does set the output on the device, Zoom doesn't respect the setting.
I also browsed through the plist configuration options here: https://support.zoom.us/hc/en-us/articles/115001799006-Mass-Deployment-with-Preconfigured-Settings-for-Mac
While there were a lot of good settings there, I didn't see anything about setting a default audio output. Has anyone been able to set audio output, and have zoom respect that, and keep the setting?
hmm, I've tried using this but the install errors out when installing via self service. Seems to work ok when trying to run via terminal.
Anyone else running into issues? this is with both High sierra and mojave.
I package the following preinstall and postinstall scripts in a payload-free package using Packages app. Hope it helps.
[preinstall]
#!/bin/bash
zoom_plist="/Library/Preferences/us.zoom.config.plist"
sleep 0.5; echo "info: finding and removing old temp folders"
find /private/tmp -maxdepth 1 -type d -name "com.example.zoom_tmp.*" -exec rm -rf {} ;
sleep 0.5; echo "info: making new temp folder"
zoom_tmp=$(mktemp -d /private/tmp/com.example.zoom_tmp.XXXX)
sleep 0.5; echo "info: temp folder is ${zoom_tmp}"
echo "${zoom_tmp}" > "${zoom_tmp}/zoom_folder.tmp"
sleep 0.5; echo "info: checking if zoom is running"
pgrep zoom.us >/dev/null
if [[ "$?" = "0" ]]; then
sleep 0.5; echo "info: zoom is running"
zoom_running="YES"; echo "YES" > "${zoom_tmp}/zoom_running.tmp"
sleep 0.5; echo "info: quitting zoom now"
pkill zoom.us
else
sleep 0.5; echo "info: zoom is not running"
zoom_running="NO"; echo "NO" > "${zoom_tmp}/zoom_running.tmp"
fi
sleep 0.5; echo "info: looking for zoom plist"
if [[ -e "${zoom_plist}" ]]; then
sleep 0.5; echo "info: zoom plist already exists"
else
sleep 0.5; echo "info: zoom plist was not found"
sleep 0.5; echo "info: creating zoom plist now"
touch "${zoom_plist}"
fi
sleep 0.5; echo "info: setting ZAutoSSOLogin to true"
defaults write "${zoom_plist}" ZAutoSSOLogin -bool true
sleep 0.5; echo "info: setting ZSSOHost to cmu.zoom.us"
defaults write "${zoom_plist}" ZSSOHost -string "example.zoom.us"
sleep 0.5; echo "info: setting nogoogle to false"
defaults write "${zoom_plist}" nogoogle -string "1"
sleep 0.5; echo "info: setting nofacebook to false"
defaults write "${zoom_plist}" nofacebook -string "1"
sleep 0.5; echo "info: setting DisableLoginWithEmail to true"
defaults write "${zoom_plist}" DisableLoginWithEmail -string "0"
sleep 0.5; echo "info: setting AddFWException to false"
defaults write "${zoom_plist}" AddFWException -bool false
sleep 0.5; echo "info: setting LastLoginType to false"
defaults write "${zoom_plist}" LastLoginType -bool false
sleep 0.5; echo "info: setting ZAutoUpdate to true"
defaults write "${zoom_plist}" ZAutoUpdate -bool true
sleep 0.5; echo "info: setting ZDisableVideo to true"
defaults write "${zoom_plist}" ZDisableVideo -bool true
sleep 0.5; echo "info: setting ZAutoJoinVoip to false"
defaults write "${zoom_plist}" ZAutoJoinVoip -bool false
sleep 0.5; echo "info: setting ZDualMonitorOn to false"
defaults write "${zoom_plist}" ZDualMonitorOn -bool false
sleep 0.5; echo "info: setting ZAutoFullScreenWhenViewShare to true"
defaults write "${zoom_plist}" ZAutoFullScreenWhenViewShare -bool true
sleep 0.5; echo "info: setting ZAutoFitWhenViewShare to true"
defaults write "${zoom_plist}" ZAutoFitWhenViewShare -bool true
sleep 0.5; echo "info: setting FullScreenWhenJoin to false"
defaults write "${zoom_plist}" FullScreenWhenJoin -bool false
sleep 0.5; echo "info: setting AutoHideToolbar to true"
defaults write "${zoom_plist}" AutoHideToolbar -bool true
sleep 0.5; echo "info: setting ZUse720PByDefault to true"
defaults write "${zoom_plist}" ZUse720PByDefault -bool true
sleep 0.5; echo "info: setting ZRemoteControllAllApp to true"
defaults write "${zoom_plist}" ZRemoteControllAllApp -bool true
sleep 0.5; echo "info: setting ZHideNoVideoUser to false"
defaults write "${zoom_plist}" ZHideNoVideoUser -bool false
sleep 0.5; echo "info: setting MuteVoipWhenJoin to true"
defaults write "${zoom_plist}" MuteVoipWhenJoin -bool true
sleep 0.5; echo "info: setting ShowConnectedTime to true"
defaults write "${zoom_plist}" ShowConnectedTime -bool true
sleep 0.5; echo "info: setting ConfirmWhenLeave to true"
defaults write "${zoom_plist}" ConfirmWhenLeave -bool true
sleep 0.5; echo "info: setting DisableScreenShare to true"
defaults write "${zoom_plist}" DisableScreenShare -bool true
sleep 0.5; echo "info: setting EnableMirrorEffect to false"
defaults write "${zoom_plist}" EnableMirrorEffect -bool false
sleep 0.5; echo "info: setting DisableLinkPreviewInChat to true"
defaults write "${zoom_plist}" DisableLinkPreviewInChat -bool true
sleep 0.5; echo "info: all settings have been applied"
sleep 0.5; echo "info: moving to post install now"
sleep 0.5; echo "info: exiting pre install"
exit 0
[postinstall]
#!/bin/bash
zoom_tmp=$(find /private/tmp -type f -name "zoom_folder.tmp" -maxdepth 2 -exec cat {} ;)
sleep 0.5; echo "info: zoom temp folder is? ${zoom_tmp}"
zoom_running=$(find /private/tmp -type f -name "zoom_running.tmp" -maxdepth 2 -exec cat {} ;)
sleep 0.5; echo "info: was zoom running? ${zoom_running}"
zoom_url="https://zoom.us/client/latest/ZoomInstallerIT.pkg"
sleep 0.5; echo "info: downloading zoom installer package"
curl "${zoom_url}" -o "${zoom_tmp}/com.example.zoom.us.pkg" --progress
sleep 0.5; echo "info: running zoom installer package"
installer -pkg "${zoom_tmp}/com.example.zoom.us.pkg" -target LocalSystem
sleep 0.5; echo "info: removing temp directory ${zoom_tmp}"
rm -rf "${zoom_tmp}"
sleep 0.5; echo "info: does zoom need to launch?"
if [[ "${zoom_running}" == "YES" ]]; then
sleep 0.5; echo "info: zoom needs to launch"
sleep 0.5; echo "info: launching zoom now"
if [[ -d "/Applications/zoom.us.app" ]]; then
open "/Applications/zoom.us.app" &
fi
sleep 0.5; echo "info: finished installation"
elif [[ "${zoom_running}" == "NO" ]]; then
sleep 0.5; echo "info: zoom does not need to launch"
sleep 0.5; echo "info: finished installation"
fi
sleep 0.5; echo "info: exiting post install"
exit 0
I would urge everyone to look at something like AutoPKG to build the packages for you and then something like JSS Importer to automate the integration into jamf. Running curl scripts on endpoints as root is really not a great practice
ok that is bizarre.
I made a copy of the script I had for firefox (based on the same one this script is based on). I manually made the edits to do the install only, and this works fine now.
I had tried to just take the script in the OP but that doesn't seem to work. must have had a character somewhere causing it to error out.
Now i need to do a modification to add the preferences.
Unless I'm misunderstanding, the DOS and disable camera by default is part of the current versions? So we can just patch the app at this point?
@greatkemo Funny you post that, as I was reading it last night before heading to bed, so I could get this addressed today. Personally, I don't like the way it does things so I have been looking for an excuse/justification to force our users to stop using it. This may do the trick =)
@greatkemo @bsatterthwaite there is another thread addressing the zero day exploit: https://www.jamf.com/jamf-nation/discussions/32561/zoom-exploit#responseChild187189
Zoom client 4.4.53932.0709 resolves the vulnerability.
Apple's X-protect update prompts the user to "Allow".
Combine these two, and this should be a nothing-burger.
@jwojda
Unless I'm misunderstanding, the DOS and disable camera by default is part of the current versions? So we can just patch the app at this point?
The big problem is, that when you uninstalled it, it left the web server intact. So, it sorta made you even "less secure" when the app was removed. The current version, claims to fix this.
Hey Nation,
can we confirm if Apple pushed an XProtect or a MRT update to fix this? not seeing the XProtect update @donmontalvo mentioned in my SUS
ty
@Nix4Life Do you get 1.45?
defaults read /System/Library/CoreServices/MRT.app/Contents/version CFBundleShortVersionString
Attribution:
https://www.jamf.com/jamf-nation/discussions/32561/zoom-exploit#responseChild187322
@donmontalvo
Yes, also hope the earthquake did not affect anything for you
Oh crap I relocated to FL in October...better update my profile. :)
It looks like Zoom updated their versioning, at least the newest version (it contains parentheses now, so that's fun). I updated my script to the following, which seems to be working... no promises though. As always, please test before deploying large-scale.
Also, note that this is for Penn State, so you'll have to update your SSO URL depending on your environment.
#!/bin/sh
#####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
# ZoomInstall.sh -- Installs or updates Zoom
#
# SYNOPSIS
# sudo ZoomInstall.sh
#
####################################################################################################
#
# HISTORY
#
# Version: 1.1
#
# - Shannon Johnson, 27.8.2019
# (Updated to allow for parentheses in the currently installed version)
# (Adapted from the FirefoxInstall.sh script by Joe Farage, 18.03.2015)
#
####################################################################################################
# Script to download and install Zoom.
# Only works on Intel systems.
#
# Set preferences
hdvideo="true"
ssodefault="true"
ssohost="psu.zoom.us"
# choose language (en-US, fr, de)
lang=""
# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 1 AND, IF SO, ASSIGN TO "lang"
if [ "$4" != "" ] && [ "$lang" == "" ]; then
lang=$4
else
lang="en-US"
fi
pkgfile="ZoomInstallerIT.pkg"
plistfile="us.zoom.config.plist"
logfile="/Library/Logs/ZoomInstallScript.log"
# Are we running on Intel?
if [ '`/usr/bin/uname -p`'="i386" -o '`/usr/bin/uname -p`'="x86_64" ]; then
## Get OS version and adjust for use with the URL string
OSvers_URL=$( sw_vers -productVersion | sed 's/[.]/_/g' )
## Set the User Agent string for use with curl
userAgent="Mozilla/5.0 (Macintosh; Intel Mac OS X ${OSvers_URL}) AppleWebKit/535.6.2 (KHTML, like Gecko) Version/5.2 Safari/535.6.2"
# Get the latest version of Reader available from Zoom page.
latestver=`/usr/bin/curl -s -A "$userAgent" https://zoom.us/download | grep 'ZoomInstallerIT.pkg' | awk -F'/' '{print $3}'`
echo "Latest Version is: $latestver"
# Get the version number of the currently-installed Zoom, if any.
if [ -e "/Applications/zoom.us.app" ]; then
currentinstalledver=`/usr/bin/defaults read /Applications/zoom.us.app/Contents/Info CFBundleShortVersionString | sed -e 's/0 //g' -e 's/(//g' -e 's/)//g'`
echo "Current installed version is: $currentinstalledver"
if [ ${latestver} = ${currentinstalledver} ]; then
echo "Zoom is current. Exiting"
exit 0
fi
else
currentinstalledver="none"
echo "Zoom is not installed"
fi
url="https://zoom.us/client/${latestver}/ZoomInstallerIT.pkg"
echo "Latest version of the URL is: $url"
echo "`date`: Download URL: $url" >> ${logfile}
# Compare the two versions, if they are different or Zoom is not present then download and install the new version.
if [ "${currentinstalledver}" != "${latestver}" ]; then
# Construct the plist file for preferences
echo "<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>nogoogle</key>
<string>1</string>
<key>nofacebook</key>
<string>1</string>
<key>ZDisableVideo</key>
<true/>
<key>ZAutoJoinVoip</key>
<true/>
<key>ZDualMonitorOn</key>
<true/>" >> /tmp/${plistfile}
if [ "${ssohost}" != "" ]; then
echo "
<key>ZAutoSSOLogin</key>
<true/>
<key>ZSSOHost</key>
<string>$ssohost</string>" >> /tmp/${plistfile}
fi
echo "<key>ZAutoFullScreenWhenViewShare</key>
<true/>
<key>ZAutoFitWhenViewShare</key>
<true/>" >> /tmp/${plistfile}
if [ "${hdvideo}" == "true" ]; then
echo "<key>ZUse720PByDefault</key>
<true/>" >> /tmp/${plistfile}
else
echo "<key>ZUse720PByDefault</key>
<false/>" >> /tmp/${plistfile}
fi
echo "<key>ZRemoteControlAllApp</key>
<true/>
</dict>
</plist>" >> /tmp/${plistfile}
# Download and install new version
/bin/echo "`date`: Current Zoom version: ${currentinstalledver}" >> ${logfile}
/bin/echo "`date`: Available Zoom version: ${latestver}" >> ${logfile}
/bin/echo "`date`: Downloading newer version." >> ${logfile}
/usr/bin/curl -sLo /tmp/${pkgfile} ${url}
/bin/echo "`date`: Installing PKG..." >> ${logfile}
/usr/sbin/installer -allowUntrusted -pkg /tmp/${pkgfile} -target /
/bin/sleep 10
/bin/echo "`date`: Deleting downloaded PKG." >> ${logfile}
/bin/rm /tmp/${pkgfile}
#double check to see if the new version got updated
newlyinstalledver=`/usr/bin/defaults read /Applications/zoom.us.app/Contents/Info CFBundleShortVersionString`
if [ "${latestver}" = "${newlyinstalledver}" ]; then
/bin/echo "`date`: SUCCESS: Zoom has been updated to version ${newlyinstalledver}" >> ${logfile}
# /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -title "Zoom Installed" -description "Zoom has been updated." &
else
/bin/echo "`date`: ERROR: Zoom update unsuccessful, version remains at ${currentinstalledver}." >> ${logfile}
/bin/echo "--" >> ${logfile}
exit 1
fi
# If Zoom is up to date already, just log it and exit.
else
/bin/echo "`date`: Zoom is already up to date, running ${currentinstalledver}." >> ${logfile}
/bin/echo "--" >> ${logfile}
fi
else
/bin/echo "`date`: ERROR: This script is for Intel Macs only." >> ${logfile}
fi
exit 0
HI @omatsei - I tried running your updated script a few minutes ago and got some strange behavior. Zoom was not installed on the machine, I ran the script, and at the end, the current version of the zoom client was installed. However, the script returned exit code 1 for some reason. In the script log, the script reports that the update was unsuccessful, and zoom remains uninstalled. The app does work at the end though.
Here is the terminal output, as well as the contents of the zoominstallscript.log:
Any ideas?
ind-eprice:~ eprice$ sudo jamf policy -event zoom
Password:
Checking for policies triggered by "zoom" for user "eprice"...
Executing Policy 23 - Zoom
Running script Install Zoom...
Script exit code: 1
Script result: Latest Version is: 4.5.3261.0825
Zoom is not installed
Latest version of the URL is: https://zoom.us/client/4.5.3261.0825/ZoomInstallerIT.pkg
installer: Package name is Zoom
installer: Upgrading at base path /
installer: The upgrade was successful.
Error running script: return code was 1.
Submitting log to https://efe.jamfcloud.com/
ind-eprice:~ eprice$
Tue Aug 27 13:05:45 PDT 2019: Download URL: https://zoom.us/client/4.5.3261.0825/ZoomInstallerIT.pkg
Tue Aug 27 13:05:45 PDT 2019: Current Zoom version: none
Tue Aug 27 13:05:45 PDT 2019: Available Zoom version: 4.5.3261.0825
Tue Aug 27 13:05:45 PDT 2019: Downloading newer version.
Tue Aug 27 13:05:48 PDT 2019: Installing PKG...
Tue Aug 27 13:07:18 PDT 2019: Deleting downloaded PKG.
Tue Aug 27 13:07:18 PDT 2019: ERROR: Zoom update unsuccessful, version remains at none.
--
@eprice Same here! It seemed to work fine a week or two ago but I'm now getting the same error email. Not the end of the world since it seems like the install happens, but strange nonetheless.
