Is there a way to setup a configuration profile to control the new "Software Update" preference pane in Mojave?
If not, when will support added to Jamf Pro?
Page 2 / 2
@lmeinecke Could you share the script you are using for the extension attribute?
Does this command allow a Mac to auto install 10.15 when it is made available??
/usr/bin/defaults write /Library/Preferences/com.apple.SoftwareUpdate.plist AutomaticallyInstallMacOSUpdates -bool trueThanks,
R
https://docs.jamf.com/10.14.0/jamf-pro/release-notes/Bug_Fixes_and_Enhancements.html
Looks like this issue has finally been fixed.
Can this be accomplished with configuration profiles?
@jayke : There are some new profile payloads in Catalina for managing the software update settings shown above. Expect Jamf to integrate them in a future release.
I have been using a script from @haircut to set the desired SWU state of my systems once per a day. There is currently no way to manage this via config profile, yet unfortunately. This has been running in prod for a few months now. There are some caveats though:
- The system must be powered on and plugged in for auto update to trigger
- It only seems to happen after 2AM (yes I tested this at 2AM lol)
- If the lid is closed, or the device is not active it will not run
- The user can still interrupt this process
script:
#!/usr/bin/python
'''
Checks macOS software update settings and remediates deviations from a
specified desired state
'''
from Foundation import (
CFPreferencesAppSynchronize, CFPreferencesCopyAppValue,
CFPreferencesCopyValue, CFPreferencesSetAppValue, CFPreferencesSetValue,
CFPreferencesCopyKeyList, kCFPreferencesAnyHost, kCFPreferencesAnyUser, NSDate)
DESIRED_STATE = [
{
'domain': 'com.apple.commerce',
'prefs': {
'AutoUpdate': True,
'AutoUpdateRestartRequired': True
}
},
{
'domain': 'com.apple.SoftwareUpdate',
'prefs': {
'CriticalUpdateInstall': True,
'AutomaticDownload': True,
'ConfigDataInstall': True,
'AutomaticCheckEnabled': True,
'AutomaticallyInstallMacOSUpdates': True
}
}
]
def check_pref(key, value, domain):
'''Checks if 'key' is set to 'value' in 'domain' '''
p = CFPreferencesCopyValue(key, domain, kCFPreferencesAnyUser,
kCFPreferencesAnyHost)
return True if p == value else False
def set_desired_state(config):
'''Sets preferences according to provided config'''
for domain in config:
for key, value in domain['prefs'].iteritems():
if not check_pref(key, value, domain['domain']):
CFPreferencesSetValue(key, value, domain['domain'],
kCFPreferencesAnyUser,
kCFPreferencesAnyHost)
print "Set - {} - {}: {}".format(domain['domain'], key, value)
CFPreferencesAppSynchronize(domain['domain'])
def main():
'''Main'''
set_desired_state(DESIRED_STATE)
if __name__ == '__main__':
main()Now that Catalina has been released, I want someone to confirm that everything discussed above (all about upDATES) will NOT perform an automatic upGRADE (from 10.14 to 10.15).
Regardless of settings, NO upgrade should be performed automatically in our environment, but I want to keep the benefits of auto-updating 10.14 with security updates, App store etc etc.
Please enlighten me.
@roeland.de.windt This was a concern of ours as well. I tested this on a machine that was on 10.14.5 with a long deferral of Software Updates. Just last week, it updated itself to 10.14.6, however, Catalina is still sitting in Software Update awaiting my trigger.
Your Mac is not going to upgrade unless "told" to do so. This process works and the badge shows update, but it's not in SU pref pane. If you combine that with a process kill for Catalina, you should be fine.
Did anyone try restricted software?
It looks like this line:
/usr/bin/defaults write /Library/Preferences/com.apple.SoftwareUpdate.plist AutomaticCheckEnabled -bool false
Does the same as this line that was deprecated?
softwareupdate --schedule off
In my testing it turns off/unchecks Check for updates
Is that accurate?
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.