Allow non admins to install system updates through App Store with SUS?

You'll need to fire off AppStore with Self Service. You may want to further limit AppStore to updates only via this:
http://support.apple.com/kb/HT5391

I can't get into that link with my apple ID? I must not be special enough.

Doesn't seem to be special for me or anything.

Parallel thread here, where Greg Neagle posted a link to a session in which he demonstrates exactly how to do this:

https://jamfnation.jamfsoftware.com/discussion.html?id=5527

Jared, seems to be working for me now....not sure what was up with that....Thanks!

Thanks for the video link Tim, I will check out both ideas here.

with 10.8 you could try and change the rule from "root or entitled admin or authenticate admin" to "allow"

/usr/libexec/PlistBuddy -c 'Set :rights:system.install.app-store-software:rule allow' /etc/authorization
/usr/libexec/PlistBuddy -c 'Set :rights:system.install.apple-software:rule allow' /etc/authorization
/usr/libexec/PlistBuddy -c 'Set :rights:com.apple.SoftwareUpdate.scan:rule allow' /etc/authorization
killall Finder

I don't have a system that has updates available at the moment to see if it asks for any more authentication beyond that

This will just bypass the admin username and password that pops up when you click on Updates in the app store.

Also the rule "allow" opens it to everyone you could further scope it by changing "allow" to another group.

I tried your code above and I am getting this result:

Script result: Set: Entry, ":rights:system.install.app-store-software:rule", Does Not Exist File Doesn't Exist, Will Create: /etc/authorization Set: Entry, ":rights:system.install.apple-software:rule", Does Not Exist Set: Entry, ":rights:com.apple.SoftwareUpdate.scan:rule", Does Not Exist No matching processes were found

If the /etc/authorization file is missing, you've got serious problems.

I'm going to image a machine again and check this. The script is running on an unbooted image made with instadmg. Is it possible that because the machine has never been logged onto when the script ran, the file had not been created yet. Sorry pretty ignorant about this. We have had no issues with our machines so I would expect if we had 'serious problems' I would have seen a problem by now.

@Aaron. Try prefixing those Plist Buddy commands with "sudo"

https://jamfnation.jamfsoftware.com/discussion.html?id=5012

Will do. The file is definitely there. I think it may be syntax errors on my part.

Thanks, that linked discussion is helpful. I will see how it goes.

@Aaron.. I was thinking syntax too.

But the link that Tim gave contains the link to Apple's "approved" way... I'd probably lean that way.

(I was carping on about /etc/authorization in that thread too).