Jamf Nation Community

Step 1: Create Smart group to define those eligible for update
- Not currently running latest OS/Cached copy of latest OSX updates
- Machine is new enough
- Machine has the space
Step 2: Create a policy to cache the OSX installer on to the machines in the above group
Step 3: Create a smart group for all users with the cached installer, caching it is just for speed from clicking install to install running to keep the end users happy.
Step 4: Create a policy for Self/Service or Recurring once a day or something, have it prompt the user to run the updates. Consider a maximum deferral to force the install after X days.

From painful experience, I am going to suggest the use of the deferral tab. This will NOT get them out of running the updates that you seek but to "let them feel like they have a say..." when you do the update. When you use the deferral tab, you get the option of "allowing the users to defer until....".

I would also focus on the communication with them. Nothing is worse than getting pestered to run an update on your Mac in the middle of standardized testing or an important client engagement in the business world.

That being said, I wish you good success in your patching endeavors. I like @Joeborner 's idea of cacheing the stuff locally and getting good smart groups so you know which is going to succeed or fail. As for your 10.8.x and 10.9.x clients, I feel for you there. We still had some 10.6.x folks in the district up until last summer as they were still trying to run PowerPC apps in Rosetta. We were luckily able to convince the staff that developed the app in house to spend the summer porting all of them to Intel. It sounds bad but they are homemade text book Mac applications and getting a porting effort off the ground for those staff members required getting working with the superintendent to get them compensated for such labor. They have been continuously updating those apps since the System 7 days and have undergone 3 major code revisions since I hired in 15 years ago.