Hi,
Any way to allow non admins to run system updates through the App store? We have a working SUS that works great (so far), and would love to just have kids fire up the App store App and install the updates that way instead of through Self Service.
Thanks!
Steve
You'll need to fire off AppStore with Self Service. You may want to further limit AppStore to updates only via this:
http://support.apple.com/kb/HT5391
I can't get into that link with my apple ID? I must not be special enough.
Doesn't seem to be special for me or anything.
Parallel thread here, where Greg Neagle posted a link to a session in which he demonstrates exactly how to do this:
https://jamfnation.jamfsoftware.com/discussion.html?id=5527
Jared, seems to be working for me now....not sure what was up with that....Thanks!
Thanks for the video link Tim, I will check out both ideas here.
with 10.8 you could try and change the rule from "root or entitled admin or authenticate admin" to "allow"
/usr/libexec/PlistBuddy -c 'Set :rights:system.install.app-store-software:rule allow' /etc/authorization
/usr/libexec/PlistBuddy -c 'Set :rights:system.install.apple-software:rule allow' /etc/authorization
/usr/libexec/PlistBuddy -c 'Set :rights:com.apple.SoftwareUpdate.scan:rule allow' /etc/authorization
killall FinderI don't have a system that has updates available at the moment to see if it asks for any more authentication beyond that
This will just bypass the admin username and password that pops up when you click on Updates in the app store.
Also the rule "allow" opens it to everyone you could further scope it by changing "allow" to another group.
I tried your code above and I am getting this result:
Script result: Set: Entry, ":rights:system.install.app-store-software:rule", Does Not Exist File Doesn't Exist, Will Create: /etc/authorization Set: Entry, ":rights:system.install.apple-software:rule", Does Not Exist Set: Entry, ":rights:com.apple.SoftwareUpdate.scan:rule", Does Not Exist No matching processes were found
If the /etc/authorization file is missing, you've got serious problems.
I'm going to image a machine again and check this. The script is running on an unbooted image made with instadmg. Is it possible that because the machine has never been logged onto when the script ran, the file had not been created yet. Sorry pretty ignorant about this. We have had no issues with our machines so I would expect if we had 'serious problems' I would have seen a problem by now.
@Aaron. Try prefixing those Plist Buddy commands with "sudo"
Will do. The file is definitely there. I think it may be syntax errors on my part.
Thanks, that linked discussion is helpful. I will see how it goes.
@Aaron.. I was thinking syntax too.
But the link that Tim gave contains the link to Apple's "approved" way... I'd probably lean that way.
(I was carping on about /etc/authorization in that thread too).
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.