Is restarting actually required for "Restart Required" Apple software updates?

calvins
New Contributor III

Seems to be an easy question, but I'm seeing conflicting answers in my environment.

I've been applying a policy to install all available Software Software Updates from Apple's server. If no user is logged in, restart if a package/update requires it. If user is logged in, do not restart.

When I do the latest update from the app store by hand on either 10.12, 10.11, or 10.10, it says the restart is required and then actually restarting results in that black Apple logo screen that says it is applying the update. After it finishes, "About this Mac" reports the new version, and the new version is reported back to JAMF as expected. All fine and good here.

When I do these same updates via the policy while someone is logged in, meaning it doesn't restart after the updater finishes, "About this Mac" reports the new version. Restarting manually after the policy finishes does NOT result in the black Apple logo "updating" screen. The new version is reported back to JAMF during Recon as the new version even without restarting. Checking for updates a second time does not report any available updates.

So, the question is: Are these updates applied on next reboot even if you don't see that "upgrading" screen? Are they applied even without a reboot because "About this Mac" reports the new version?

1 ACCEPTED SOLUTION

dgreening
Valued Contributor II

Any update which modifies the security db does require an immediate reboot, otherwise you will start to see "Unapproved Caller" pop-up messages which can be hard to dismiss and sometimes require a hard reboot. It is best practice for any "requires reboot" update to reboot right after installation.

View solution in original post

9 REPLIES 9

gregneagle
Valued Contributor

"Is restarting actually required for "Restart Required" Apple software updates?"

Yes.

calvins
New Contributor III

Perhaps I should rephrase as "If About This Mac reports the new version and you have yet to reboot, does it matter?". I've read some posts about old updates breaking the JAMF client until you reboot, but I haven't seen that myself.

If it doesn't really matter, then why wouldn't you just install these updates and let users reboot at their convenience?

hjcao
Contributor

The question, I think, is do you want to take the chance? You may have not seen it, yet, but it could happen. Is the fix to the jamf client easier than just setting the machine to reboot from the jump? Pick your poison I guess. I'd rather not have to deal with issues that are easily avoided.

gregneagle
Valued Contributor

"If it doesn't really matter, then why wouldn't you just install these updates and let users reboot at their convenience?"

It does matter. You've swapped out vital system components with new ones. The OS or apps might crash at any moment, losing user data.

Install OS updates and security updates that say they require a restart, and then restart.

dgreening
Valued Contributor II

Any update which modifies the security db does require an immediate reboot, otherwise you will start to see "Unapproved Caller" pop-up messages which can be hard to dismiss and sometimes require a hard reboot. It is best practice for any "requires reboot" update to reboot right after installation.

ryanstayloradob
Contributor

If Apple requires a restart, you have to restart. You'll notice apps won't load, Safari specifically. Performance will drop and weird things happen. It is best practice to reboot after an update that requires a reboot. It's a no-brainer.

strider_knh
Contributor II

Most of the Apple updates that require restarts don't seem to do any installation until they restart. I see most of such updates with the progress bar after restart. At least this seems to be what I see recently.

calvins
New Contributor III

Thanks for the answers guys. I figured there were actually reasons beyond "Because Apple says so".

rcram
New Contributor

In addition, if you check inside some of those OS update packages you can find embedded Firmware updates. If you leave those sitting around without restarting and an end user runs down their machine's battery it can turn a device into a brick.