App Auto-Patch (2.0.5) via swiftDialog (2.3.2)

, , ,
, , , , ,

Introduction

App Auto-Patch combines local application discovery, an Installomator integration, and user-friendly swiftDialog prompts to automate application patch management across Mac computers.

What’s Changed in App Auto-Patch (2.0.5)

For an up-to-date view of what’s changed, feel free to check out the change log at: App Auto-Patch Changelog

🚨 Breaking Changes for users of App Auto-Patch before 2.0.1 🚨

  • The Jamf Pro Script parameters have been changed. If using a version of App Auto-Patch previous to 2.0.1, make sure to update your parameters.

Enhancements

  • Improved how regex handles app labels from Installomator
  • Updated the AAP Activator Flag to use the plist file and automatically determine if AAP is being executed by AAP-Activator (thanks @TechTrekkie)
  • Deferral workflow updates (thanks @TechTrekkie):
    • Updated deferral logic to only update if maxDeferrals is not Disabled. Reset deferrals if remaining is higher than max configured.
    • Updated deferral workflow to run removeInstallomator and quitScript triggers to mirror non-deferral workflow
  • Installomator options can now be passed into App Auto-Patch via Jamf Pro Script parameters.
  • removeInstallomator default changed to false. This will help keep AAP’s version of Installomator present until Installomator has an update, reducing the amount of API calls to GitHub.
  • Reduced the amount of output to non-debug logs (thanks @dan-snelson)
  • Replaced the logic of checking app version for discovered apps
  • An additional check has been added to verify the latest version available for installed applications. This will reduce the number of false positive app labels getting queued.
  • Improvements on how DMG/ZIP applications’ latest versions are also checked.
  • Added dialog to users if there are not updates found.

App Auto-Patch Wiki!

App Auto-Patch now has an easy to follow wiki located in the GitHub Repo. Take a look here: App Auto-Patch Wiki

Some specific pages in the wiki to check out:

Getting Started

  1. Download the latest App-Auto-Patch-via-Dialog.zsh script to your computer. The latest version can be found here: https://github.com/robjschroeder/App-Auto-Patch/blob/main/App-Auto-Patch-via-Dialog.zsh

    If you’d like to use Terminal to download a copy and save it to your Downloads, open the Terminal application and paste the following command:

    curl -o ~/Downloads/App-Auto-Patch-via-Dialog.zsh https://raw.githubusercontent.com/robjschroeder/App-Auto-Patch/main/App-Auto-Patch-via-Dialog.zsh
  1. Make any modifications to this script to fit your organizational needs.
    • Consider making changes to:
      • — scriptLog
      • — debugMode
      • — deferralTimer (if using deferrals)
      • — unattendedExit
      • — Support Team Details
  1. Upload the script to Jamf Pro, you can make use of the Jamf Pro Script parameters. The current parameter labels are as follows:
    • Parameter 4: Interactive Mode [ 0 (Completely Silent) | 1 (Silent Discovery, Interactive Patching) | 2 (Full Interactive) (default) ]
    • Parameter 5: A space-separated list of Installomator labels to ignore (i.e., “microsoft* googlechrome* jamfconnect zoom* 1password* firefox* swiftdialog”)
    • Parameter 6: A space-separated list of required Installomator labels (i.e., “firefoxpkg_intl”)
    • Parameter 7: A space-separated list of optional Installomator labels (i.e., “renew”) ** Does not support wildcards **
    • Parameter 8: A space-separated list of options to override default Installomator options (i.e., BLOCKING_PROCESS_ACTION=prompt_user NOTIFY=silent LOGO=appstore)
    • Parameter 9: Number of times a user is allowed to defer before being forced to install updates. A value of “Disabled” will not display the deferral prompt. [ integer | Disabled (default) ]
  1. Once you have your script stored in Jamf Pro, create a policy.
  1. The Jamf Pro policy will need to have the App Auto-Patch script added to the Script payload. Fill the script parameters to make sure you get the desired result of the script.

** Optionally, you can make the script available in Self Service for end-users to run on their own time.

  1. Once you have the policy set up as you’d like, feel free to test it out.

Silent Scans

App Auto-Patch has the ability to silently scan the computer for applications and their updates. To perform a silent scan, use the Interactive Mode option set to 1. This will set the script to run a silent discovery and will still show a dialog to the end-user, notifying them of the update statuses.

Extension Attributes

Version 2.0.0 offers some Extension Attributes that can be used to gather some more information on App Auto-Patch. Currently, there are three EAs available:

  1. AAP-LastDiscovery
    • This will return a date and time that the last discovery was run using App Auto-Patch. There is an option in the script to use the runDiscovery variable to skip the discovery process. This EA will help you to make sure your data isn’t outdated.
  2. AAP-LastRun
    • This will return the date and time of the last run of App Auto-Patch.
  3. AAP-Verison
    • This will return the version of App Auto-Patch that was last used.
  4. AAP-DeferralsRemaining
    • This will return the number of deferrals remaining for the user.

Extension Attributes are powerful and can expand upon the workflows that a tool can utilize. I will look to expand these in the future and if you have any recommendations, feel free to reach out.

Updates

Interactive

During the update process, a dialog window can be presented to the end-user letting them know the status of each application. By default, we show this to the end user. Once all updates have been processed, the “Done” button is made available to exit out of the dialog.

There are additional options in the script that can be modified to control Installomator’s install options. (i.e., BLOCKING_PROCESS_ACTION, NOTIFY, and LOGO).

Silent

App Auto-Patch can also be run completely silently in the background if that’s what you would like to do. Again, this is achieved by changing the default behavior of interactiveMode. When this variable is set to 0, App Auto-Patch will run silently. This may be helpful for administrators who want to make sure apps are patched but don’t need to send the updates to the end users.

*Depending on your Installomator options, users may still see prompts to close the apps that need updates, if they have them open. If you don’t want any notifications at all, change out the BLOCKING_PROCESS_ACTION variable.

Deferrals

Huge thanks to @TechTrekkie for adding this workflow to App Auto-Patch!

There is a new heading in the App Auto-Patch script labeled ### Deferral Options ###.

  • maxDeferrals – This variable by default is set to Disabled. If you would like to enable deferrals for end users then this will need to be changed to the maximum number of deferrals you would like to offer. Once the maximum number of deferrals has been reached, App Auto-Patch will continue to its updating dialog. To use this option, you will need to have interactiveMode set to either 1 or 2.
  • deferralTimer – This is the number of seconds given to the end user to respond to the deferral prompt before the deferralTimerAction is triggered.
  • deferralTimerAction – This is the action that takes place once the timer has expired, either Defer or Continue. Defer is currently set as default.
  • AAPActivatorFlag – If you are utilizing the new AAP-Activator script workflow within your Jamf Pro setup, this variable should be set to true. More on AAP-Activator below.
  • aapAutoPatchDeferralFile – This is the location of the App Auto-Patch Deferrals plist.

AAP-Activator

https://github.com/robjschroeder/App-Auto-Patch/tree/main/AAP-Activator

If you are using deferrals with your App Auto-Patch setup, the policy within Jamf Pro will need to be run again to prompt the user for their updates and give them to option to defer once again or continue. This can be achieved by setting your policy to run weekly at recurring check-in. Another option, however, is to use the AAP-Activator script. This script works in tandem with App Auto-Patch and is meant to trigger AAP under the right conditions.

*Note* AAP-Activator requires App Auto-Patch version 2.0.0 or later.

Configuration Variables

AAP Activator writes three essential variables to a configuration property list (.plist) file:

  • AAPWeeklyPatching (True|False):
    • Determines if the patching process has been completed for the week
      • False triggers the Activator to execute the App Auto-Patch script
      • True indicates that the weekly patching is complete and should be skipped
  • AAPWeeklyPatchingStatusDate (datetime):
    • Populated with the date/time when the Activator script first executes
    • Used to calculate the days passed since the weekly patching period started
    • Resets to False after 7 days, restarting the weekly patching cadence
  • AAPActivatorFlag
    • Signal for the App Auto-Patch script to automatically determine if triggered by AAP Activator

Setup

  1. Modify your existing App Auto-Patch Jamf Pro policy (or create a new one):
    • Set Execution Frequency: Ongoing
    • Set Trigger to a custom value (i.e., AppAutoPatch)alt text
  2. Upload the script to Jamf Pro, you can make use of the Jamf Pro Script parameters. The current parameter labels are as follows:
    • Parameter 4: Script Log Location [ /var/log/com.company.log ] (i.e., Your organization’s default location for client-side logs)
    • Parameter 5: The custom trigger used to call the App Auto-Patch Jamf Policy [ex: AppAutoPatch ]
    • Parameter 6: The number of days until the activator resets the patching status to False [ integer ]
    • Parameter 11: Debug Mode [ true | false (default) | verbose ] Adds additional loggingalt text
  3. Create a Jamf Pro Policy for AAP Activator. Be sure to set your General Payload as follows:
    • Execution Frequency: Once Every Day
    • Trigger: Recurring Check-Inalt text
  4. The Jamf Pro policy will need to have the AAP Activator script added to the Script payload. Fill the script parameters to make sure you get the desired result of the script.

Thank you to everyone who has helped contribute to App Auto-Patch, including but not limited to:

Support, Feature Requests, & Issue Reports

Support

The #app-auto-patch channel on MacAdmins Slack is a great resource to use when getting started.

Feature Requests

Feature requests are welcome and can be submitted on Github

Issue Reports

If you find something not working quite right, you can reach out on the MacAdmins Slack channel for App Auto-Patch. Additionally, issues can be submitted on Github

Leave a Reply

Discover more from Tech IT Out

Subscribe now to keep reading and get access to the full archive.

Continue reading