Is there a better way to use the built in software updater?

PEBKAC
New Contributor

Right now we have a basic policy that runs once per month using the built in software update payload. It is set on restart options to restart regardless of any updates installed (with 15 minute timer) and we have a 7 day delay enabled on the user interaction page. Our start message notifies them of the update and gives them the option to delay, then we have a restart message that advises them right before they reboot. What is annoying is from the time the start message is displayed until the time the download is completed and the actual restart message popup up could take any length of time. I don't feel like the users need to be notified until its actually ready for the restart.

The start message seems totally unnecessary, but it seems like the delay will not work when you just have a Restart message. Also leaving the Start message blank will still display a "management action" textbox with no data.

Here is what I ideally want to happen:
Software updates download automatically in the background. Once a month user gets message telling them their machine needs to be rebooted with an option to delay for 7 days and a 15 minute reboot timer. Right now our software update policy doesnt seem the most intuitive.

1 REPLY 1

lucas_cantor
New Contributor III

I'd recommend looking into the open-source Install or Defer project on GitHub:

This framework will enforce the installation of pending Apple security updates on Jamf Pro-managed Macs. Users will have the option to Run Updates or Defer. After a specified amount of time passes, the Mac will be forced to install the updates, then restart automatically if any updates require it.