Posted on 10-22-2013 09:09 AM
Does anybody know specifically how to block the Mavericks update?
We are currently on JSS v8.52 using the Restricted Software function. Most of our machines are still Lion, though there have been some machines approved to move to Mtn Lion.
We currently have the following blocks in place:
Install OS X Lion.app
Install Mac OS X.app
Install OS X Mountain Lion.app
Install OS X Mavericks.app
Is there something more specific that you can provide to block the Mavericks update?
Thanks!
Posted on 10-23-2013 08:18 AM
It may be too late but if the culture of your company allows it, I have the app store itself blocked so no one should be getting the installer to begin with. I have the Mavericks installer blocked as well, so if I see a 10.9 machine show up in my smart group, they'll be having a huge talk with me and infosec.
Posted on 10-23-2013 08:21 AM
At what point should I expect the Installer to quit?
I've ran the sudo jamf manage on my test box, yet I'm still able to get through the EULA and up to the Install screen.
Here's my Restricted Software setting, am I missing something?
Thanks,
Chuck
Posted on 10-23-2013 08:35 AM
Since I'm not using Casper Suite 9 yet I can't really test anything, but I do know that Restricted Software under version 9 now uses the same scoping mechanism as a policy, unlike in 8.x where it just applied to everyone unless they were in the exclusion list. Is it possible your Mac just isn't in the Scope to get the Restricted Software item applied? If it is, and it still isn't working, this may be a bug.
Posted on 10-23-2013 09:00 AM
I think you're right about the scoped computer, for whatever reason my first box didn't work. The second test box worked PERFECTLY!
Thank you, Thank you!
Chuck
Posted on 10-23-2013 09:09 AM
Thanks a bunch for the help everyone. The restriction works!!
Posted on 10-23-2013 09:12 AM
We configured email notifications for Restricted Software yesterday. At that time we were running 8.62. While at 8.62 we successfully received numerous email notifications of attempted Maverick upgrades. Later in the day, we upgraded to 8.73 and now we are no longer receiving email notifications. Anyone else come across this after upgrading to 8.73?
Posted on 10-23-2013 09:22 AM
I don't get the restricted software email notifications in 8.72, was getting ready to call them but sounds like its a more widespread issue. Email notifications work perfectly for database backups, policy errors etc
Posted on 10-23-2013 09:25 AM
Yeah, email notifications in Restricted Software have not worked for me for quite a while. All other email notifications work fine though.
Posted on 10-23-2013 10:12 AM
I get multiple notifications per client. I have already got 4 users today trying to update, even though I sent an email saying don't. haha.
Posted on 10-23-2013 10:46 AM
Under 9.2, I'm not getting any email notifications either, even though they are check on both my profile for Notifications and in the policy to send the email.
I know the policy is working, I watched the installer quit.
Posted on 10-23-2013 01:59 PM
@pickern
I'm running 9.2 and the email notifications seem to be working just fine. Under Settings>SMTP Server, you may want to double check the account that the JSS server is sending to. Just to ensure the address you were expecting the messages to appear in, is the one setup in the JSS.
Chuck
Posted on 10-23-2013 03:52 PM
Coming in late on this topic. Thanks for the great ideas but I'm annoyed that Mavericks is bypassing SUS altogether. We have strict policies and cannot allow users to upgrade at this time so the policy idea is great. But has anyone figured out how to prevent the upgrade from showing up at all in Software Update? I ran 'sudo softwareupdate -l' and Mavericks was not listed. Makes sense since it's an upgrade and not a patch but I'd still prefer to prevent users from seeing it at all. Thanks.
Posted on 10-23-2013 04:08 PM
@darms21 My 8.64 server doesn't send emails about Restricted Software violations either, and my 9.2 test server sends out 4 emails on each violation. I opened a ticket with support and they said both of these are known issues that they are working on.
Posted on 10-24-2013 03:07 AM
I get all of my other notifications, just not Restricted Software Violations. @stevehahn stated he opened a ticket with Jamf and they've acknowledged this as a known issue. Seems it just doesn't affect everyone the same.
Posted on 10-24-2013 08:27 AM
@mm2270 I have done exactly as you have said and I can't get the process to kill. Any more suggestions? I'm running JSS 8.72.
Posted on 10-26-2013 01:52 PM
@mm2270 @tanderson I've updated another system to Mavericks from 10.8 and the hidden account was still intact.
Posted on 10-30-2013 08:45 AM
I thought I saw somewhere there was a way to actually block Mavs from being displayed in the app store as being available so users wouldn't be tempted to click on it, but unfortunately I can't find it anymore - does anybody know the command or anything?
Posted on 12-30-2013 11:40 AM
Does anyone know of a way to Allow Mavericks upgrade via Self-Service but Block the upgrade if ran from the App Store or from a USB flash drive or from a DVD?
Posted on 12-30-2013 11:55 AM
We have Mavericks blocked completely whenever it calls the processes mentioned above (Install OS X Mavericks.app). For users that we authorize to do the upgrade, we just edit the restriction and add those users/machines to the exempt list. Basically the way ours is set up, anybody can download the Mavericks app, but when they try to launch it the process gets noticed and is blocked. I'm not sure if there's another way to do it based on "source of download".