Disabling / Restricting App Store but allowing Updates

bpavlov
Honored Contributor

I've got a profile that restricts the App Store and iCloud in System Preferences.
It also has these checked under Restrictions -> Applications:
Allow Safari AutoFill
Require admin password to install or update apps
Restrict App Store to software updates only

However when I open up the App Store or go to the Apple menu and click on Software Update, the Update tab is completely empty. Has anyone seen this before?

9 REPLIES 9

bpavlov
Honored Contributor

Just to solve my own thread:
I had to remove "Require admin password to install or update apps" and "Restrict App Store to software updates only" and then I re-checked "Restrict App Store to software updates only".

bpavlov
Honored Contributor

Looks like I spoke too soon. This is so bizarre.
Is anyone else restricting the App Store but allowing software updates through a profile?

mm2270
Legendary Contributor III

Pretty sure its a known issue, though I do not know of a resolution:
https://jamfnation.jamfsoftware.com/discussion.html?id=10526

bpavlov
Honored Contributor

@mm2270 That is very disappointing to hear. Thanks for linking me to that thread.

Chris_Hafner
Valued Contributor II

Do you need to run updates via the Mac App Store? You can push them in the background or have your inventory policy handle it on a regular basis... unless I'm missing something, which I probably am ;-)

bpavlov
Honored Contributor

Sure you can push them in the background, but I'd like to make it available for a user to run as well. My understanding is that using the built-in JSS policy option may sometimes not work for some updates (there was a thread a while back, possibly a defect number as well). I could script it as well but haven't gotten there quite yet.

Chris_Hafner
Valued Contributor II

@bpavlov Fair enough. We ask our users to update via the MAS as well... mostly for the experience. Hrm... hopefully this is something that can be resolved in 9.73. That said, are you trying the suggested work around that @mm2270 posted? Sounds like creating the profile with Apples Profile manager and then uploading it to the JSS worked for at least one admin. If that doesn't work, I would imaging (Without trying it myself) that you could write a securitydb command to set the same restrictions as the profile.

bpavlov
Honored Contributor

I was that admin that created the profile from Profile Manager ;). That's what I'm doing now and it works great. I got a case going with JAMF Support right now and hopefully they can easily duplicate the issue and get a defect for it going.

pnbahry
New Contributor III

I have this turned on just like you:

I had to remove "Require admin password to install or update apps" and "Restrict App Store to software updates only" and then I re-checked "Restrict App Store to software updates only".

Then I have a self service policy that is called "Software Update"

Which downloads and installs all the Apple Software Updates.

Not sure if that helps with what you are doing but for all the machines that do not have admin thats how I get the user to update them.

@bpavlov