Does anyone have a good means of running firmware updates remotely? Since
most require being at the computer holding down the power key I'm wondering
if there is an alternative to this.

I've built an OS image for new Intel Macs which already has all the Firmware
updaters in the utility folder but they have to be run manually on all newly
build machines.

Any suggestions is appreciated.



I wanna have smart groups for Macs that need EFI or SMC firmware updates. I know Casper tracks both of these numbers (Boot ROM version and SMC Version) but only SMC is searchable in smart groups.

This may be a pending feature request, but has anyone else tried to do this, by this means or any other?


My first thought was scoping to "available SWUs" under "receipts". Unfortunately, this criteria doesn't have a "like" option. Perhaps this is
a feature request? With this feature, we could scope the smart group to
"available SWUs like "firmware"".
It would be a little more involved, but you could scope the group to "does
not have" receipts for all available firmware updates. Unfortunately, this
will require manual maintenance every time a new firmware update comes out.

Dummy receipts could work... grep the output of "softwareupdate -l" for
"firmware", "SMC", etc.

Hi everyone, I hope you're all having a splendid day. :)

Something I've been thinking about...

How do Firmware updates work with the Casper Suite?

What happens if your "gold master" machine needs a firmware update? Are there any ramifications of installing it, then creating an image with that machine? Will other machines like it erroneously ignore the update? Will other dissimilar machines be affected? What about keyboard firmware updates? Are they treated just like iPod/iPhone firmware updates, only without iTunes?

Thanks for any light you may be able to shine on this grey area.


I do believe that firmware updates require user interaction to run. I know the keyboard firmware update does. This is something you may have to hit every machine with. I would be curious to hear how others are doing it massively as well.

I've been a real slacker with firmware updates as of late...=)

We for sure do not deploy EFI firmware updates as part of any policy through our managed Apple Software Update Server as it requires a physical hold of the power button. I do believe all SMC firmware updates do NOT require this, but those we don't put out either. So in all cases, if the update in the Apple Software Update Server says firmware in it, I don't enable it.

We typically will go through and update these on systems during summer, OR as needed if a particular problem is identified that a firmware update corrects. This works well for the labs scenario.

For offices we still utilize the same ASUS, but we don't normally do firmware updates there unless something comes up that requires it. In the best world as a good sys admin I would inform the desktop group here that a firmware update is available for these systems, please work with those faculty to get them updated if that member isn't already an admin on their own system and has already done so.

As for what system you create images on, just make sure the system you are working on has current firmware. The firmware information for a particular piece of hardware shouldn't pass from one to other through that image, the OS reads that information directly from the hardware.

How (do) you folks authenticate/deploy things like firmware updates for users without admin rights?

