MacOS updates only through WiFi/Ethernet

corpffhelpdesk2
New Contributor II

We have Macbooks Air on the field that has the possibility to connect through UMTS Usb sticks but we don't want users to download MacOS updates through the cellular.

Does anyone know how to avoid this and let the Macbooks download the update only when connected to a Wifi or to a LAN cable?

Note that the usb stick is seen as an ethernet cable at the end.. (USB 10/100/1000 LAN)

6 REPLIES 6

ricardtolosa
New Contributor III

You can create network segments with your wifi / lan ip ranges, and use them as limitation in your scoping.
That should make it πŸ™‚

corpffhelpdesk2
New Contributor II

@ricardtolosa Are we able to exclude only IP ranges for USB sticks this way..?

ryan_ball
Valued Contributor

If the device has a non-company IP address, i.e. an IP from the cellular ISP, you can limit the policy to only company IP ranges (like 10. or something). Or exclude the ISP's IP ranges.

corpffhelpdesk2
New Contributor II

@ryan.ball And what if I'd simply want to exclude a known network device?

Let me explain..

I was looking at the bash command

networksetup
and it seems I'm able to play with network hardware..

What if I simply disable MacOS updates when a known network hardware is turned on and then turn it back enabled while on a different Network? (this has to be done properly, as I may have turned on a Wifi while the USB stick (simcard) is plugged in )

What I saw is that.. I can read the list of network hardware, and I'll probably have to change the priority of them when I'll setup the USB stick the first time as it seems to take first place in the service priority order otherwise Macbooks will continue to use it even while attached on a WiFi at the same time..

Any suggestion in doing that..?

Tangentism
Contributor II

To change the order priority, use:

networksetup -ordernetworkservices service1 [service2] [service3] [...]] [-getMTU hardwareport] [-setMTU hardwarePort value

Have a look at man networksetup

ryan_ball
Valued Contributor

@corpffhelpdesk2l So what you are saying is you'd like for whenever anybody attempts to download MacOS updates on a system, for something locally to detect that this is occurring and automatically re-prioritize the NICs on the Mac?

If that is the case then you'd need a LaunchDaemon that either tails the syslog for softwareupdate and then re-prioritizes the NICs, OR a LaunchDaemon that maybe uses a watchpaths of /Library/Updates/ and then re-prioritizes the NICs when the path is changed.

Alternatively, you can set up a Self Service policy for software updates, with an additional script payload set to "Before" that will re-prioritize the NICs before the softwareupdate payload. This would not stop people from updating through App Store like usual though.