macOS - Software - Install Google Drive

What the Google Drive macOS deployer does

This Automox Worklet™ deploys the Google Drive desktop client to macOS endpoints. The Worklet uses the Automox agent's ottopm package helper to fetch the signed Google Drive installer DMG, mounts it with hdiutil, runs the bundled PKG against the root volume with the macOS installer command, and verifies that /Applications/Google Drive.app is in place before exiting. Endpoints that already have Drive installed pass evaluation and are left alone, so the policy is safe to schedule fleet-wide on a recurring cadence.

Google Drive for desktop streams files on demand through Finder using a macOS File Provider extension. Users see their Drive content without syncing every file locally, which keeps disk usage predictable on smaller SSDs. The Worklet handles both Intel and Apple Silicon hardware because Google ships a universal installer.

A hardcoded variable at the top of the remediation script, RemoveGoogleApps, controls whether the standalone Docs, Sheets, and Slides launcher apps that Google Drive drops into /Applications get cleaned up. Edit the script and set RemoveGoogleApps="YES" if your organization mandates that those workloads stay in the browser. Leave the default of NO and the launchers remain available for users who prefer the dock shortcuts.

Why deploy Google Drive at fleet scale

Google Workspace adoption on a Mac fleet depends on whether the Drive desktop client is installed on the endpoint. Without the desktop client, every collaboration link forces the user into the browser, every offline edit is lost, and every "shared with me" file becomes a download. New hires wait on IT to walk them through a manual install. Long-tenured users may skip the install entirely until they need a large file offline. The friction is hard to surface in a ticket queue because end users work around it rather than reporting it.

Schedule this Worklet once against the macOS group and Google Drive is on every endpoint by the next policy evaluation, with a uniform version pulled directly from Google's download host.

How Google Drive deployment works

1. Evaluation phase: The Worklet checks whether /Applications/Google Drive.app exists on the endpoint. If the bundle is present, evaluation exits 0 and the endpoint is compliant. If the bundle is missing, evaluation exits 1 and Automox queues the remediation phase. The check is a single filesystem stat, so evaluation completes in milliseconds and is safe to run on a fast recurring schedule.

2. Remediation phase: The script calls /usr/local/bin/wdk ottopm download GoogleDrive to fetch the signed Google Drive installer DMG through the Automox agent's package helper, then parses the returned JSON for the downloaded file path. It mounts the DMG with hdiutil attach -noverify -nobrowse, runs installer -pkg /Volumes/Install Google Drive/GoogleDrive.pkg -target / to install into /Applications, and detaches the volume with hdiutil detach. The script then reads kMDItemVersion from /Applications/Google Drive.app via mdls and logs the deployed version. If RemoveGoogleApps is set to YES at the top of the script, rm -r removes /Applications/Google Docs.app, /Applications/Google Sheets.app, and /Applications/Google Slides.app. A final directory check on /Applications/Google Drive.app exits 0 on success or 1 with a not-installed message if the bundle is missing.

Google Drive deployment requirements

• macOS 11 Big Sur or later (Google's current supported floor for Drive for desktop)

• Intel or Apple Silicon endpoint; the PKG is a universal binary

• Outbound HTTPS from the endpoint so the Automox agent's ottopm helper can reach Google's installer CDN on port 443

• Root context for the Automox agent (the default agent run-as already meets this; the script calls installer and hdiutil, which require root)

• A Google Workspace identity for each user to complete sign-in after the bundle is installed (the Worklet installs the app; the user authenticates Drive itself)

• Optional: Edit RemoveGoogleApps="YES" near the top of the remediation script to remove the Docs, Sheets, and Slides launcher apps that ship alongside Drive (default is NO)

• For environments that block user-controlled system or file-provider extensions, pre-approve Google, LLC (Team ID EQHXZ8M8AV) under Privacy and Security so Drive loads without an interactive prompt

Expected state after Google Drive deployment

After successful remediation, /Applications/Google Drive.app is present and launchable, and the next evaluation pass reports compliance without re-running the installer. The user launches Drive once, signs in with their Google Workspace identity, and a Google Drive entry appears under Finder's Locations sidebar. Files stream on demand by default and download locally only when opened, which keeps disk pressure low on smaller SSDs. If RemoveGoogleApps was YES, the Docs, Sheets, and Slides launchers will not appear in /Applications and Spotlight searches for those names return only browser bookmarks.

Validate the deployment from a Terminal session with ls -la "/Applications/Google Drive.app" and mdls -name kMDItemVersion "/Applications/Google Drive.app" to capture the deployed version. For fleet-level audit evidence, pull Automox activity logs filtered to this policy and confirm exit code 0 across the macOS group. If a small subset of endpoints reports non-zero, check the activity log output for the ottopm download or installer failure reason – most transient failures clear on the next scheduled run without operator action. Drive's file provider survives macOS minor updates; major upgrades occasionally re-prompt for file-provider approval, which is the only state where this Worklet does not finish the last mile on its own.