Jamf Nation Community

@ricardtolosa Are we able to exclude only IP ranges for USB sticks this way..?

If the device has a non-company IP address, i.e. an IP from the cellular ISP, you can limit the policy to only company IP ranges (like 10. or something). Or exclude the ISP's IP ranges.

@ryan.ball And what if I'd simply want to exclude a known network device?

Let me explain..

I was looking at the bash command

networksetup

What if I simply disable MacOS updates when a known network hardware is turned on and then turn it back enabled while on a different Network? (this has to be done properly, as I may have turned on a Wifi while the USB stick (simcard) is plugged in )

What I saw is that.. I can read the list of network hardware, and I'll probably have to change the priority of them when I'll setup the USB stick the first time as it seems to take first place in the service priority order otherwise Macbooks will continue to use it even while attached on a WiFi at the same time..

Any suggestion in doing that..?

To change the order priority, use:

networksetup -ordernetworkservices service1 [service2] [service3] [...]] [-getMTU hardwareport] [-setMTU hardwarePort value

Have a look at man networksetup

@corpffhelpdesk2l So what you are saying is you'd like for whenever anybody attempts to download MacOS updates on a system, for something locally to detect that this is occurring and automatically re-prioritize the NICs on the Mac?

If that is the case then you'd need a LaunchDaemon that either tails the syslog for softwareupdate and then re-prioritizes the NICs, OR a LaunchDaemon that maybe uses a watchpaths of /Library/Updates/ and then re-prioritizes the NICs when the path is changed.

Alternatively, you can set up a Self Service policy for software updates, with an additional script payload set to "Before" that will re-prioritize the NICs before the softwareupdate payload. This would not stop people from updating through App Store like usual though.