Great Script chappj0 might add a modifier to state how many times they can click cancel before they're forced but it was more or less what I was looking for..
Noticed a typo on your description.. Your computer has updates availble should be available
Other than that seems to be working fine for me. Thanks!
I've updated it to add the counter you were looking for, as well as to fix the spelling issues. Let me know if you find anything else!
#!/usr/bin/python
# import required modules
import os
import re
import shutil
from datetime import datetime
from sys import exit
# set log filename/location
curDate = datetime.now().date()
logFile = 'swupd-%s-%s.log' % (curDate.year,curDate.month)
logLocation = '/Your/Preferred/Log/Location'
curLog = '%s/%s' % (logLocation,logFile)
# create functions for installing updates, logging postponements, and exiting
def installUpdates():
os.popen('/usr/sbin/jamf policy -trigger runswupd')
attempts = 6
logData(attempts)
exit(0)
def postponeUpdates(attempts):
print "User chose to postpone the updates."
attempts = attempts + 1
logData(attempts)
exit(0)
def forceUpdates():
response = int(os.popen('"{filename}" -startlaunchd -windowType utility -icon "{icon}" -title "{title}" -heading "{heading}" -description "{description}" -button1 "Ok"'.format(
description='Your computer has updates available that may require a reboot. You've postponed the updates 5 times. As such, the installation is being forced now. Please save your work immediately.',
filename='/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper',
heading='Software Updates are installing!',
icon='/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/Resources/Message.png',
title='Company Software Updates'
)).read())
if response == 0:
installUpdates()
else:
print "Something went wrong with the jamfHelper. Fix it."
attempts = 7
logData(attempts)
exit(1)
def logData(content): # writes 'content' to the log, overwriting any previous contents. There should never be anything other than a single number in there anyway. 1 - 5 indicates the number of times it has been postponed. 6 indicates complete for the month. 7 indicates the forced attempt at updates failed.
logContent = open(curLog, 'w')
logContent.write(str(content))
logContent.close()
# create log path if it doesn't exist
if not os.path.isdir(logLocation):
os.makedirs(logLocation)
# create monthly log file if it doesn't exist and read file contents if it does
if not os.path.isdir(curLog) and not os.path.exists(curLog):
logNew = open(curLog, 'w')
attempts = 0
logNew.write(str(attempts))
logNew.close()
elif os.path.isdir(curLog):
print "The path for the current log file was a directory. How this happened, the world may never know. The path %s, and everything under it is now toast, and will be recreated as a file." % curLog
shutil.rmtree(curLog)
logNew = open(curLog, 'w')
attempts = 0
logNew.write(str(attempts))
logNew.close()
elif os.path.isfile(curLog): # read the number of attempts that have been postponed
logIn = open(curLog, 'r+')
try:
attempts = int(logIn.read())
except ValueError:
attempts = 0
logIn.write(str(attempts))
logIn.close()
# check for updates
updatesAvail = os.popen('/usr/sbin/softwareupdate --list').read().rstrip()
print "Available updates: %s" % updatesAvail
if "*" in updatesAvail:
print "There are updates available"
os.popen('/usr/sbin/jamf recon') # running recon to make sure the JSS knows the system has updates available. In theory, it should always know.
avail = 1
else:
avail = 0
if avail == 0:
print "No updates were available"
os.popen('/usr/sbin/jamf recon') # running recon to make sure the JSS knows that there really aren't updates available.
logData('6')
exit(0)
# check if available updates require a restart
if 'restart' in updatesAvail or 'shut down' in updatesAvail:
print "These updates require a restart"
restart = 1
else:
restart = 0
# find currently logged in console user
curUser = os.popen('/usr/bin/who | grep console | cut -d " " -f 1').read().rstrip()
print "Current user is: %s" % curUser
# if there is a logged in user, we must ask for permission to restart, otherwise we go forward!
postponesRemaining = 5 - int(attempts)
if avail == 1:
if attempts < 5:
if restart == 1:
if re.match(r'[a-zA-Z]', curUser):
response = int(os.popen('"{filename}" -startlaunchd -windowType utility -icon "{icon}" -title "{title}" -heading "{heading}" -description "{description}" -button1 "Yes" -button2 "No" -cancelButton "2"'.format(
description='Your computer has updates available that will require a reboot. Would you like to install these updates now? After clicking yes, please wait until you receive an indication that the computer is ready to reboot. You can postpone up to %s more times before installations are forced.' % postponesRemaining,
filename='/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper',
heading='Software Updates are available!',
icon='/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/Resources/Message.png',
title='Company Software Updates'
)).read())
else:
installUpdates()
if response == 0:
installUpdates()
elif response == 2:
postponeUpdates(attempts)
elif response == 1:
print "There was a problem spawning the dialog box. You need to make sure the system is properly enrolled in Casper."
exit(1)
else:
print "Something that should be impossible happened. Your return code was %s. Please check the code against the jamfHelper return values by running jamfHelper with the -help flag." % response
exit(1)
else:
installUpdates()
elif attempts == 5:
forceUpdates()
else:
print "Something unknown is wrong with this machine. Exiting with an error status code."
exit(1)
Just edited the above post with one tiny bug fix in the forceUpdates() function, in case anyone has already copied this for use.
In case anyone was interested, here's my bash version of the script. I edited it to run updates that did NOT require restarts in the background without prompting the user, and only prompt if an update requires a restart. I also incorporated @mm2270][/url][/url's awesome API call to get the group memberships of the Mac. Using some "clever" policy trigger and group naming conventions, I can fully automate the software update process for both system and non system software.
#!/bin/sh
fRunUpdates ()
{
## Once the user OKs the updates or they run automatically, reset the timer to 5
echo "5" > /Library/Application Support/JAMF/.SoftwareUpdateTimer.txt
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType hud -lockhud -heading 'ISD is updating software on your computer' -description 'We are now updating your Mac System software. These updates should not take longer than 30 to 45 minutes depending on how many updates your Mac needs. If you see this screen for more than 45 minutes please call our Service Desk at X4949. Please do not turn off this computer. This message will go away when updates are complete.' -icon /Library/Application Support/JAMF/EndUserSupport/AGRose.icns > /dev/null 2>&1 &
## We'll need the pid of jamfHelper to kill it once the updates are complete
JHPID=`echo "$!"`
/usr/sbin/jamf policy -trigger SoftwareUpdate &
## Get the Process ID of the last command run in the background ($!) and wait for it to complete (wait)
SUPID=`echo "$!"`
wait $SUPID
## kill the jamfHelper. If a restart is needed, the user will be prompted. If not the hud will just go away
kill -s KILL $JHPID
exit 0
}
######### Set variables for the script ############
########## Get the group membership for the client #####################
## Get MAC Address using networksetup
MAC=$( networksetup -getmacaddress en0 | awk '{ print $3 }' | sed 's/:/./g' )
## Use the JSS API to get the Mac's group memberships
JSSGroups=$( curl -s -u username:password https://<casper server>:8443/JSSResource/computers/macaddress/$MAC
| xpath //computer/groups_accounts/computer_group_memberships[1]
| sed -e 's/<computer_group_memberships>//g;s/</computer_group_memberships>//g;s/<group>//g;s/</group>/
/g' )
## Set up the software update time if it does not exist already
if [ ! -e /Library/Application Support/JAMF/.SoftwareUpdateTimer.txt ]; then
echo "5" > /Library/Application Support/JAMF/.SoftwareUpdateTimer.txt
fi
## Get the timer value
Timer=`cat /Library/Application Support/JAMF/.SoftwareUpdateTimer.txt`
## Get the currently logged in user, if any. Also check for updates that require a restart and ones that do not.
UpdatesNoRestart=`softwareupdate -l | grep recommended | grep -v restart`
RestartRequired=`softwareupdate -l | grep restart | grep -v '*' | cut -d , -f 1`
LoggedInUser=`who | grep console | awk '{print $1}'`
################ End Variable Set ################
## Use echo and grep to find known-core (non system) software update groups. If these groups are found, run these installers silently since no restarts are required for these updates. Use an array to see which updates we take account of. The names of the array elements are also trigger names for each update. This way when there's a new software package to keep updated, we add the trigger name into the array, and the update policy to the JSS. Casper does the rest
NonSysCore=( 'SoftwareUplift-FlashPlayer' 'SoftwareUplift-Flip4Mac' 'SoftwareUplift-FontNuke' 'SoftwareUplift-PrintWindow' 'SoftwareUplift-MicrosoftOffice' 'SoftwareUplift-MicrosoftOutlook' )
for (( i = 0; i < ${#NonSysCore[@]}; i++ ))
do
CheckUpdate=`echo "$JSSGroups" | grep "${NonSysCore[$i]}"`
if [ "$CheckUpdate" != "" ]; then
jamf policy -trigger "${NonSysCore[$i]}"
fi
done
## If there are no system updates, quit
if [ "$UpdatesNoRestart" == "" -a "$RestartRequired" == "" ]; then
echo "No updates at this time"
exit 0
fi
## If we get to this point and beyond, there are updates.
## if there is no one logged in, just run the updates
if [ "$LoggedInUser" == "" ]; then
/usr/sbin/jamf policy -trigger SoftwareUpdate
else
## someone is logged in. prompt if any updates require a restart ONLY IF the update timer has not reached zero
if [ "$RestartRequired" != "" ]; then
## If someone is logged in and they have not canceled 5 times already, prompt them to install updates that require a restart and state how many more times they can press 'cancel' before updates run automatically.
if [ $Timer -gt 0 ]; then
HELPER=`/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon /Library/Application Support/JAMF/EndUserSupport/AGRose.icns -heading "AG ISD Approved Software Updates are Available for Your Mac" -description "These updates will require you to restart your Mac. If you would like to install these now, click 'Install Updates.' If you would not like to install now, click 'Cancel Updates.' You may choose not to install updates $Timer more times before this computer will automatically install them. These updates require a restart of your Mac: $RestartRequired" -button1 "Install Updates" -button2 "Cancel Updates" -cancelButton "2" -defaultButton 2 -timeout 60`
echo "jamf helper result was $HELPER";
## If they click Install Updates then run the updates
if [ "$HELPER" == "0" ]; then
fRunUpdates
else
## If no, then reduce the timer by 1. The script will run again the next day
let CurrTimer=$Timer-1
echo "user chose No"
echo "$CurrTimer" > /Library/Application Support/JAMF/.SoftwareUpdateTimer.txt
exit 1
fi
else
## If Timer is already 0, run the updates automatically, the user has been warned!
fRunUpdates
fi
fi
fi
## Install updates that do not require a restart
if [ "$UpdatesNoRestart" != "" ]; then
/usr/sbin/jamf policy -trigger SoftwareUpdate
fi
Hi.
I want to bring this one up as I like this kind of solution quite a lot.
I'm testing this at the moment and it seems that somehow there seems to be a minor issue.
We are running on Casper. 6.82
If I run this via a policy I'm able to see in the Logs section that it run fine.
/usr/sbin/jamf is version 8.62
Executing Policy Check for Software Updates...
Mounting afp://XXX.XXX.XXX.XXX/Casper_Share to /Volumes/Casper_Share...
Running script check_software_updates.pl...
Script exit code: 0
Script result: 2013-02-06 12:49:04.316 softwareupdate[642:3803] No alternate URLs found for packageId amds
2013-02-06 12:49:04.330 softwareupdate[642:3803] No alternate URLs found for packageId com.apple.pkg.MakeQueuesScript
available updates is Software Update Tool
Copyright 2002-2010 Apple
Software Update found the following new or updated software:
iTunesX-11.0.1
iTunes (11.0.1), 193391K [recommended]
041-9116-2.13
HP Printer Software Update (2.13), 79868K [recommended]
there are no updates available
Unmounting file server...
But, I did not get any information screen that updates are available or can cancel it.
I'm not so familiar with scripting so sorry for that maybe stupid question.
Andrew, I'm wondering what your SoftwareUpdate trigger/policy looks like if you can share.
@maik - you won't get a dialog box when you run softwareupdate from the command line. It runs silently in the background.
@jhbush - Sure. Here';s the policy for the Software Update (both system updates and manual non-system software updates):
Name: Casper Assisted Software Uplift
Active: Yes
Frequency: Once every Day
Trigger: every15
Scope: (I do my pilot group for a week, then my extended pilot group, then release to the general population)
Plan: Run Script AG Software Update 1.0 (just what I called the above script)
Here's one of my manual software update policies (gets called based on the Mac's group membership, discovered in the script above):
Name: SoftwareUplift-Flip4Mac 2.4.4.2
Active: Yes
Frequency: Ongoing
Trigger: SoftwareUplift-Flip4Mac
Scope: SoftwareUplift-Flip4Mac 2.4.4.2
Plan: Install Telestream Flip4Mac 2.4.4.2, Install Microsoft Silverlight 5.1.10.411, Update inventory, Display Message: Flip4Mac player has been updated. Please quit safari and re-open it
Maik if the updates do not require a restart the jamfHelper will not show up. The updates simply run in the background.
The log you show has updates that do jot require a restart. Find a machine that has some that do and you'll see jamfHelper.
No text available
Thanks Steve.
I will see if I get a machine that requiere more updates 
. But I think that might be a little bit tricky.
Andrew, thanks for that. Would you mind sharing the update script as well? I'm a bit lost on the logic part.
Silly question, is there a reason running jamfHelper commands via a SSH connection would result in no return values?
Try using this argument when calling the jamfHelper
-startlaunchd
Had to put in the countdown timer.. Here is a new version with the countdown, and customised messages to let the user know which attempt they are at (along with the compulsory reboot message when all attempts are reached).
Currently set to 3 attempts - change variable at top to customise if you want to be nicer.
Seems ok so far in testing.. but happy for feedback!
#!/usr/bin/perl -w
use strict;
my $AVAILABLEUPDATES="";
my $CHANCESTOUPDATE=3;
my $COUNTFILE='/etc/SUScount.txt';
my $UPDATECOUNT=0;
$AVAILABLEUPDATES=`/usr/sbin/softwareupdate --list`;
chomp $AVAILABLEUPDATES;
printf "available updates is %s
", "$AVAILABLEUPDATES";
unless (-e $COUNTFILE){
system "/bin/echo 0 > $COUNTFILE";
}
$UPDATECOUNT=`/bin/cat $COUNTFILE`;
printf "update count is $UPDATECOUNT
";
# If available updates contains * there are updates available
if ($AVAILABLEUPDATES=~/*/){
printf "there are updates available
";
if ($AVAILABLEUPDATES=~/(restart)|(shutsdown)/){
printf "updates need a restart
";
my $LOGGEDINUSER='';
$LOGGEDINUSER=`/usr/bin/who | /usr/bin/grep console | /usr/bin/cut -d " " -f 1`;
chomp $LOGGEDINUSER;
printf "value of logged in user is $LOGGEDINUSER..
";
if ($LOGGEDINUSER=~/[a-zA-Z]/) {
printf "as there is a logged in user checking count
";
my $CHANCESLEFT=$CHANCESTOUPDATE - $UPDATECOUNT;
printf "Chances left is $CHANCESLEFT
";
if ($CHANCESLEFT <= 0) {
printf "No chances left installing updates and will reboot..
";
system '/usr/sbin/jamf displayMessage -message "Your computer is installing updates and will reboot shortly."';
system "/usr/sbin/jamf policy -trigger runsoftwareupdate";
system "/bin/echo 0 > $COUNTFILE";
exit 0;
}
else {
printf "$CHANCESLEFT chances left... checking whether ok to restart
";
my $ATTEMPT = $UPDATECOUNT + 1;
my $FINAL = $CHANCESTOUPDATE + 1;
my $COMMAND= "'/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper' -startlaunchd -windowType utility -icon '/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/Resources/Message.png' -heading "Software Updates are Available for Your Computer" -description "This is installation attempt $ATTEMPT of $CHANCESTOUPDATE. On attempt $FINAL, updates will install automatically and your machine will restart." -button1 "Yes" -button2 "Defer" -cancelButton "2"";
my $RESPONSE = "";
$RESPONSE=system $COMMAND;
if ($RESPONSE eq "0") {
printf "
User said YES to Updates
";
system "/usr/sbin/jamf policy -trigger runsoftwareupdate";
system "/bin/echo 0 > $COUNTFILE";
exit 0;
} else {
printf "
User said NO to Updates update count is $UPDATECOUNT
";
$UPDATECOUNT=$UPDATECOUNT + 1;
system "/bin/echo $UPDATECOUNT > $COUNTFILE";
printf "
Update count is now $UPDATECOUNT
";
exit 0;
}
}
} else {
printf "no logged in user so ok to run updates
";
system "/usr/sbin/jamf policy -trigger runsoftwareupdate";
system "/bin/echo 0 > $COUNTFILE";
exit 0;
}
}
else {
printf "no restart required
";
system "/usr/sbin/jamf policy -trigger runsoftwareupdate";
system "/bin/echo 0 > $COUNTFILE";
exit 0;
}
}
else {
printf "there are no updates available
";
system "/bin/echo 0 > $COUNTFILE";
exit 0;
}
exit 0;
@jhbush1973 -- sure I can give a little explanation.
So first we get the Mac address of the Mac. This will be used in the API call to get group memberships for that computer. (first run the MAC=$(.... command, then run the JSSGroups=... command). Forexample, my Mac is a member of the following groups:
'All Managed ClientsnCasper Admin StationsnCED PronFirefox 3.6.20nFull Office SuitenMac Pilot Group - ISD OnlynManaged Clients - OS 10.6.6 +nManaged Clients - WHQnManaged Clients - WHQ No 10.7/10.8nNon_Creative Workstations - WHQnPilot GroupnPrint.WHQnSnow Leopard Client Desktops - WHQnSoftwareUplift-FlashPlayer 11.5.502.149nSoftwareUplift-PrintWindow 4.1.5nSymantec Endpoint Protection 12.1nUnused Quark XPress 7n'
Then we grep out the known software that we maintain updates on. I have a smart group in Casper for each of these titles. Once I pull the memberships with the API call, if an update is needed, it should show here. So I grep for 'SoftwareUplift-<softwarename>' where <softwarename> is one of the titles I've defined above in 'NonSysCore=( 'SoftwareUplift-FlashPlayer' 'SoftwareUplift-Flip4Mac' 'SoftwareUplift-FontNuke' 'SoftwareUplift-PrintWindow' 'SoftwareUplift-MicrosoftOffice' 'SoftwareUplift-MicrosoftOutlook' )'
If there's a match, we call ```
jamf policy -trigger SoftwareUplift-<softwarename>
```. I use the same naming scheme for my smart groups as I do for my policy triggers. This way I only have to update one section in the code if we ever get a new software package that has to be updated on a regular basis. Just make sure the group names follow the same naming convention as the trigger names.
Andrew, I get the logic now. My other question is how do you handle the OS updates in the policy? Do the reboot options hold in Reboot tab of a policy or how do you use that or get the machine to reboot if that doesn't work.
Yes, the reboot options you set in Casper hold for software updates that require reboots. The scripts kills jamfHelper, not softwareupdate, so the HUD window thrown up by Casper while an update is running is killed once the update is finished, and the "you need to reboot" window will remain.
the reboot prompt is considered a different process than the jamfHelper you are showing to alert the user there's an update going on, so killing the jamfHelper PID will ONLY kill that window. if you issue a killall jamfHelper, you might also kill that reboot prompt.
so all you should have to do is set it to reboot only if a software update or package requires it.
Hi All,
I've modified Lisa's script for our deployment. My goal was to keep the jamfHelper dialog boxes throughout the script, output easier to read and more verbose logs, and use the pretty software update icon. Here's some things to keep in mind about how I've accomplished these goals.
- The policy that runs the script executes four times per week, Tuesday, Thursday, Saturday and Sunday. On Tuesday and Thursday it does not execute between 7AM-6PM, and on Saturday and Sunday it can execute all day (this requires two policies). This ensures that the users do not get annoyed with the frequency and that updates do not occur during the workday.
- The runsoftwareupdate trigger is a policy that can be executed at any time through Self Service and is scoped to the group that has software updates available. This allows the user to run updates at their leisure if they desire.
- Think about modifying the Software Update line with your company's name to something like Pretendco Software Update to help user's see that these are internal updates.
- You may also want to have a line return after the contact your Help Desk line and add contact information for "Email (non-urgent): " and "Phone (urgent): "and
Hope this helps, and thanks to Lisa for making such a great script!
#!/usr/bin/perl -w
use strict;
my $AVAILABLEUPDATES="";
my $CHANCESTOUPDATE=6;
my $COUNTFILE='/etc/SUScount.txt';
my $UPDATECOUNT=0;
$AVAILABLEUPDATES=`/usr/sbin/softwareupdate --list`;
chomp $AVAILABLEUPDATES;
printf "> Available updates are %s
", "$AVAILABLEUPDATES";
unless (-e $COUNTFILE){
system "/bin/echo 0 > $COUNTFILE";
}
$UPDATECOUNT=`/bin/cat $COUNTFILE`;
printf "> Current update count is $UPDATECOUNT";
# If available updates contains * there are updates available
if ($AVAILABLEUPDATES=~/*/){
printf "> There are updates available.
";
if ($AVAILABLEUPDATES=~/(restart)|(shutsdown)/){
printf "> Updates require a restart.
";
my $LOGGEDINUSER='';
$LOGGEDINUSER=`/usr/bin/who | /usr/bin/grep console | /usr/bin/cut -d " " -f 1`;
chomp $LOGGEDINUSER;
printf "> Value of logged in user is $LOGGEDINUSER.
";
if ($LOGGEDINUSER=~/[a-zA-Z]/) {
printf "> Checking count as there is a logged in user.
";
my $CHANCESLEFT=$CHANCESTOUPDATE - $UPDATECOUNT;
printf "> Chances left is $CHANCESLEFT
";
if ($CHANCESLEFT <= 0) {
printf "> No chances left, installing updates and will reboot...
";
system ''/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper' -startlaunchd -windowType utility -icon '/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdate.icns' -heading "Clayco Software Update" -description "Updates are being installed. You may continue to work until prompted to restart." -button1 "Okay"';
system "/usr/sbin/jamf policy -trigger runsoftwareupdate";
system "/bin/echo 0 > $COUNTFILE";
exit 0;
}
else {
printf "> $CHANCESLEFT chances left, checking whether ok to restart.
";
my $ATTEMPT = $UPDATECOUNT + 1;
my $FINAL = $CHANCESTOUPDATE + 1;
my $COMMAND=''/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper' -startlaunchd -windowType utility -icon '/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdate.icns' -heading "Software Update" -description "Your workstation has software updates to install, and they require a restart. Would you like to install the updates now?
Please contact the Help Desk with ANY questions." -button1 "Yes" -button2 "Postpone" -cancelButton "2"';
my $RESPONSE = "";
$RESPONSE=system $COMMAND;
if ($RESPONSE eq "0") {
printf " - User said YES to updates.
";
system ''/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper' -startlaunchd -windowType utility -icon '/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdate.icns' -heading "Software Update" -description "Your updates are being installed. You may continue to work until prompted to restart." -button1 "Okay"';
printf " - Okay Button Pressed
";
system "/usr/sbin/jamf policy -trigger runsoftwareupdate";
system "/bin/echo 0 > $COUNTFILE";
exit 0;
} else {
printf " - User said NO to updates.
";
system ''/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper' -startlaunchd -windowType utility -icon '/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdate.icns' -heading "Software Update" -description "Thank you. You may install updates any time using Self Service, which is located in your Applications folder." -button1 "Okay"';
$UPDATECOUNT=$UPDATECOUNT + 1;
system "/bin/echo $UPDATECOUNT > $COUNTFILE";
printf " - Okay Button Pressed
> Update count is now $UPDATECOUNT
";
printf "> Chances left is $CHANCESLEFT
";
exit 0;
}
}
} else {
printf "> No logged in user. Okay to run updates.
";
system "/usr/sbin/jamf policy -trigger runsoftwareupdate";
system "/bin/echo 0 > $COUNTFILE";
exit 0;
}
}
else {
printf "> Updates do not require a restart. Installing.
";
system "/usr/sbin/jamf policy -trigger runsoftwareupdate";
system "/bin/echo 0 > $COUNTFILE";
exit 0;
}
}
else {
printf "> There are no updates available. Exiting.
";
system "/bin/echo 0 > $COUNTFILE";
exit 0;
}
exit 0;
This is awesome, exactly what I was looking for!
I do have a question that makes me feel really silly, however.
Does the script give a time limit between every time the machine asks if you'd like to install updates (I didn't actually see anything like that)? Or is it based on a trigger in the policy? For instance, if I had the policy set to every 15 minutes & the user chose to postpone the updates, would it postpone for 15 minutes & then push again?
In my case, the policy that I've created for the script is currently running once a week, on an every 15 trigger. It only runs on Tuesdays after 11:30am. Will this mean that all day, every 15 minutes, the script will push to ALL of the machines, whether or not the updates have installed? I'm worried that our Sys guys will see this script hammering the network all day & get a little peeved at me.
---
Just kidding, I answered my own question! Created a smart group for users that need updates & pushed the script just to them!
Jen, if you have a policy set to run once a week as its frequency, even if the trigger is set to the every15, it will only run once a week. it just means that the trigger that would cause it to come up once every Tuesday sometime after 11:30am would be when the Mac does its regular every15 check in cycle. But it would not come up again that same day once it executes.
And yes, you would need to set that up within the policy that pushes this script out. i don't think any of the versions here have a timing hardcoded into the script (though I have not read thoroughly through each version posted here)
Last thing is, there are no silly questions around here.
Do any of the above scripts inform the user that they only have a certain number of declines? And or tell the user how many declines they have left?
I am going to use one of the scripts just not sure what one.
Wi11
Mine does. It gives the user 5 cancelations before installing automatically.
when I run rsnediker's version, i get prompted to install, and if I choose to install then it installs, but never seems to reboot. However, because it still has the reboot install as needs to be installed, the jamfhelper continues to prompt. It's sat there for two hours and never rebooted.
Andrew, I'd like to use your script merely due to being more familiar with shell. Random question: how are you pushing non-Apple updates/install through the software update mechanism? Is this based off Munki or some other means of pushing down Office, etc al?
We have a finite number of non-apple software titles that we maintain, so I create smart groups based on a computer not having the updated version of the software. The update script first checks for memberships in any of those update groups, and if the computer is a member it runs a policy to update the software.
The policy triggers have the same names as the smart groups, so I can loop through the group names, and if a positive match is found, trigger the correct policy with the loop variable (which is the current group name). This way I just need to maintain the criteria of the smart group, and make sure I keep the correct packages/scripts in the policy. Then I run the update job, and Casper takes care of the rest.
See my final version of the script posted above, on 1/30/13
