Hello everyone,
I'm hoping to create a policy that's scoped to the Macs that still haven't installed Security Update 2014-002. My preference would be to use a smart group for this, since I'm sure I would use it again for future software updates. But "name of software update" is not among the smart group criteria.
I can think of a few workarounds for this, but none of them feel right:
1) Collect names of software updates in an extension attribute, and create a smart group based on that. But this seems redundant, since Casper's inventory already knows which software updates are available for which Macs.
2) Run a script on every computer, and have that script call a custom trigger if it determines a eligible update is available. Messy because it forces us to update the script each time a new software update is deemed "critical."
3) Use the inventory to look up which computers need the update, and then create a static group from those computers. Not ideal because the way our policy handles user deferrals requires it to be removed from the scope after the update is installed, which a static group would not do.
Any ideas from the hivebrain?
Elliot