Block OS updates via Apple but allow through Jamf

kburns
New Contributor III

Hello,

I won't go into the backstory around my request, but essentially I need to accomplish the following. I'm wondering if anyone else has been in a similar situation.

  • Block all software updates through the software updates tab in the App store.

  • Prevent users from going to the App store to install High Sierra, but still allowing other Application downloads.

  • Allow users to go into Self Service to upgrade to a specific High Sierra dot release.

These things individually are easy enough to accomplish, but I need all of these "restrictions" to be in place at the same time.

Has anyone ever encountered a similar situation? I was thinking of doing some messy things with a script that adds a device to a static group, but I'm hoping there's a better option I'm not thinking of.

Thanks!

2 REPLIES 2

tak10
Contributor II

Block all software updates through the software updates tab in the App store.
-You can control Apple software updates by using Software Update server on macOS Server. -App Store apps, I'm out of ideas at the moment other than blocking from network perspective.

Prevent users from going to the App store to install High Sierra, but still allowing other Application downloads.
-You can use Restricted Software in JAMF Pro, or I think you can use Santa to block the macOS Install.app from executing.
-Or remove admin rights from the users, they won't be able to run the update.

Allow users to go into Self Service to upgrade to a specific High Sierra dot release.
-We use this Script to do in-place upgrade using JAMF Pro.

Nix4Life
Valued Contributor

@kburns

  1. Are any of the users admins?
  2. careful Blocking all Apple updates, as Tim S. mention's here, your fleet may miss security updates like Gatekeepr,Xprotect,MRT and Efi, unless you are going to handle those yourself.

  3. You can remove the Library Bundle nag/notification for High Sierra, and turn off that flag. - a number of posts here

  4. Are you going to handle the point releases? if so make sure to read new info. No more combo updates to all, It now seems there may sometime be rules to deploying point releases.

  5. As @tak10 mentioned Santa maybe what you need,but can sometimes be heavy handed.

  6. Lastly all of this can be undone by a google search or 2 see #1