Help

Manually set software update delay

k3vmo
Contributor II

Posted on ‎04-16-2020 04:48 PM

I want to control software update delay in a profile - separate from the OS update payload in Jamf. Company requirements specify that I have to define some values separate from other payloads.

I was hoping for someone to verify whether I have the key set correctly? 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>enforcedSoftwareUpdateDelay</key>
        <true/>
    </dict>
</plist>

If so, in this case it defaults to 30 days, correct?

If I want a different amount of time - do I change 'true' to the number of days?

Labels:
0 Kudos
Reply
7 REPLIES 7

k3vmo
Contributor II

Posted on ‎04-17-2020 07:47 AM

Or do you have to explicitly specify the number of days?

0 Kudos
Reply

gachowski
Valued Contributor II

Posted on ‎05-22-2020 09:37 AM

Bump, I would like to set it to about 14 days : ) Dumb AV products : )

Anybody using/tested explicitly specify the number of days less than default?

Thanks
C

0 Kudos
Reply

mm2270
Legendary Contributor III

Posted on ‎05-22-2020 11:46 AM

So I found the answer to this by creating a new Jamf Restrictions config profile, not scoping to anything, but enabling that 'Delay Software Updates' option and the value in days in the drop down, then downloading the profile and reading it back in Terminal using security to decrypt it and pass it thru xmllint.

The values you need in your manually created profile are as follows:

<key>forceDelayedSoftwareUpdates</key>
<true/>
<key>enforcedSoftwareUpdateDelay</key>
<integer>7</integer>

Change the "7" on the integer line to whatever value you want. Obviously that entire block goes inside the <dict>...</dict> section.

@gachowski, while Jamf Pro only gives you a drop down of preset values, I think (not 100% sure) that the profile key does allow you to specify an exact integer you want for the days to delay, so you should be able to use that to get your 14 day delay in SWUs, assuming I'm right.
I think that's right, only because I also have access to other MDMs and some of them offer this same feature in their profile options, but give you a simple integer field to enter a value of your choice. Jamf should probably offer the same thing if Apple supports any value in there, and not force admins to choose one of the preset ones.

Reply

gachowski
Valued Contributor II

Posted on ‎05-22-2020 11:57 AM

@mm2270

Perfect, thank you very much !!! Exactly what I was looking for !!!
C

0 Kudos
Reply

k3vmo
Contributor II

Posted on ‎05-26-2020 07:26 AM

Thanks @mm2270 -- to go back to my 2nd question - if I write out exactly what I had - does that just mean 30 days - or do I actually have to add an integer value?

0 Kudos
Reply

mm2270
Legendary Contributor III

Posted on ‎05-26-2020 11:37 AM

@k3vmo That's a good question, one which I don't have the answer for right now. I'll see if I can find out.
In the interim, it might be best to be explicit and add that integer section to the profile, even if you just want the default value, just to make sure it actually works.

Reply

jtrant
Valued Contributor

Posted on ‎10-01-2020 12:34 PM

Has anyone found a way to verify this setting is working correctly? I was hoping Software Update would show "Your Mac is running the latest software update allowed by your administrator" but this is not the case.

0 Kudos
Reply