I'm not sure why I'm struggling with this one as I"m sure it's easy but
With Jamf Pro does anyone know how to enforce automatic OS updates? Mostly just want to make sure all my macs are getting security updates but I'm not seeing it anywhere.
Page 1 / 1
I have a script that can enable the OS's automatic macOS updates option. It's available via the blog post linked below:
This is great thanks so much!
@rtrouton Finally getting around to trying to deploy this script. Am I missing something? I'm trying to just run the script locally and I just get hit with a ton of errors. Is there something special you need to do before executing the script.
You can also accomplish the same using a Configuration Profile with a custom Plist-file containing:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AutomaticCheckEnabled</key>
<true/>
<key>AutomaticallyInstallMacOSUpdates</key>
<true/>
<key>AutomaticDownload</key>
<true/>
<key>CriticalUpdateInstall</key>
<true/>
<key>ConfigDataInstall</key>
<true/>
</dict>
</plist>...and use the domain "com.apple.SoftwareUpdate"
Nice @eirikw! Does this automatically pull from Apple or is an update server actually required?
Does either the script or the configuration policy allow for deferrals so that the installs won't just be run when a user isn't expecting them? Especially if the updates require a reboot?
@jpuebs If left blank it will use Apples servers to pull the updates.
@ian.sterling JAMF recommend using the Restart Options payload alongside the Software Update payload to define restart prefs & the user interaction tab to manage deferrals.
https://docs.jamf.com/10.25.0/jamf-pro/administrator-guide/Running_Software_Update.html
The config profile basically just hard codes the settings in System Preferences > Software Update.
With the config profile for software updates , does it allow users to update organically? They get pop ups to install updates and have options to defer, and they don't apply until they manually reboot or does it happen while idle?
Still not clear how the software update policy works in comparison, with or without the restart options and how is it better?
@chrisB The main reason to avoid the built-in settings in some cases is that they tend to add empty fields in the configuration when you don't need them. In this instance, Jamf Pro adds "<key>CatalogURL</key><string/>" to the plist. Granted, macOS probably ignores that and uses the default server setting, but in other cases it actually breaks functionality.
With the config profile for software updates , does it allow users to update organically? They get pop ups to install updates and have options to defer, and they don't apply until they manually reboot or does it happen while idle?
Still not clear how the software update policy works in comparison, with or without the restart options and how is it better?
I'm coming around to this and have further questions.
Does "Automatically install macOS updates" includes major updates? For instance, when macOS Monterey is released, will my clients automatically upgrade to that? Because I want my clients to be on the latest version of their currently installed OS but not to jump major versions like Big Sur to Monterey.
Are there any controls to avoid that scenario? And from what I understand, we can no longer ignore updates via the command line, correct? So that's out as well.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.