Yeah, just awesome Apple.

Sounds like we'll have to add the Beta Access Utility app to restricted software. That should cover things for the most part.

Allen

I used my machine as guinea pig for this so I could create a restricted software record… but it doesn't look like any kind of app is installed, just a preference that allows access to the beta downloads. Any tips from others out there about how to lock this down?

@emilykausalik][/url][/url: If there is an app that apple uses to allow builds to come through Software Update. Once it's installed, that's how the updates are installed. You could in theory kill that app just like any other by watching the process and nuking/deleting it.

Like Emily said, there is no actual application. There is a pkg that you run and all it seems to really do is change the software update catalog URL and auto-launch software update so the local machine can see the latest OS beta seeds.

The feedback assistant, which is a standalone app, does not appear to be associated with actually accessing the beta seeds.

Yeah, that's what I was talking about - looking for a way to nuke the install of the "utility" that changes the SUS URL.
I have sent an email to a rep at Apple asking if they have any ideas on how to help us.

There is definitely a difference between programs. Current AppleSeed members are encouraged not to sign up for this program. It may be a limited time program.

@jhbush1973][/url][/url, the programs are indeed different. Seeing it's all NDA, I'm not sure I'll post anything about that, but I just asked if they would consider delivering the Utility (whatever the public version will be called) in an app form, a la Mavericks. Easily nukable.

What about a Software Update Profile (System Preferences/Profiles)? Lock 'er down.

I don't see any signs that the installer installs a distinct utility - It looks like the installer just drops in a replacement com.apple.SoftwareUpdate.plist file based on the change in creation/modification dates on that preference file immediately after the installer completes. But if there is a process that fires up behind the scenes during the install process then that could be the break we need. I'm reaching out to our reps as well - hopefully they have a bone to throw us!

Ooo, the software update profile is a good idea @boettchs. I'll have to give that a try.

Computer level config profile with a software update payload successfully prevents the Mac from pointing at the beta seed catalogURL. Good call @boettchs. The utility still appears to change the catalogURL in the com.apple.SoftwareUpdate.plist preference file, but the App Store, and softwareupdate in terminal both stick to the catalogURL dictated by the config profile.

I'm going to do some more validation of this tomorrow morning, but everything looks promising so far!

@jasonaswell - good news. I don't have a "Server" so I was just installing that to try the profile route. Glad your results are positive so far!

No admin rights = No Beta

What would be the correct address to use to point to Apple's Software Update URL, but not to the beta seed's catalogURL?

@rtrouton][/url][/url][/url, my understanding is that now unless there's a custom CatalogURL in the plist, it reverts to Apple servers. If there is one present, it shows by using:

defaults read /Library/Preferences/com.apple.SoftwareUpdate CatalogURL

Removing that should do set the Mac to Apple defaults.

sudo defaults delete /Library/Preferences/com.apple.SoftwareUpdate CatalogURL

But I don't know if there is "one" server URL like there used to be since Apple says to just use the command above to reset to Apple defaults.

*Edit: I just did it and it removed my ability to download certain software. So it mimics what we'll see with the "OS X Beta" program. Killing that stops the MAS from seeing "certain" updates from Apple.

theoretically if you don't allow users to sign into the app store, they wouldn't be able to get it? I sent a note off to AppleCare for a resolution to disable the machines from being able to install it.

Seconding @rtrouton: What is the correct Apple SUS URL to use? I *know* some of my users will attempt to prematurely upgrade to Mavericks (bypassing the software restriction we've been using). Am eager to put this config profile in place. Anyone?

Ah, scratch that....you must already have 10.9 installed, which my users don't have yet, so I have some breathing room until we can develop an acceptable blocking solution. Whew...

Still, why is Apple allowing non-developers access to beta versions of the OS.? Sounds like a recipe for disaster to me. I can't imagine the havoc this is going to wreak at the Apple Store Genius Bars.

@damienbarrett do you have an internal SUS? If not it might be a good time to check out reposado. At least then you can put up your own SUS and then point your users with Configuration Profiles to that server.

For anyone reading this thread who doesn't already have the URL:

https://appleseed.apple.com/sp/betaprogram

From their FAQ:

What if I have problems running the pre-release software? Always back up your computer before installing pre-release software. If you need help returning your Mac to a shipping version of OS X and restoring from your Time Machine back up, you can call AppleCare to speak to a support specialist, or reference online documentation.

I do run an internal SUS, but really only ror my own purposes for mass updating machines over the Summer. Our machines travel home every evening and I don't have the SUS public-facing, so it was easier to just leave everyone pointing to Apple's SUS.

So apparently you can opt out of the program too…I wonder if there is a way to set the Apple Store to not show the beta releases and make that a preference that people can't change? https://appleseed.apple.com/sp/betaprogram/unenroll

anybody run fseventer (or something) to see what files it's modifying, and then maybe we can scope off of that and remove the modifications?

looks like it's changing the catalogurl ```
redacted
```