Package a .plist

tcandela
Valued Contributor II

I want to package my com.apple.SoftwareUpdate.plist and have it installed on other macs.

the plist i want packaged will have Automatically check for updates. AND install system data files and security updates CHECKED !!

I DO NOT WANT Download newly available updates in the background CHECKED. !!!

I am going to use that PACKAGES application to package up the .plist and install it in the /Library/Preferences. location. Will this overwrite the .plist that is currently there?

for 10.10. 10.11. and 10.12 systems

1 ACCEPTED SOLUTION

Nix4Life
Valued Contributor

@tcandela

I run the following as part of my first boot script. as mentioned I also use profiles, but some things like this I use the defaults command as I split the defaults command and profiles evenly:

# Set in house SUS,Munki, and  Office Caching Prefs
sudo /usr/bin/defaults write /Library/Preferences/com.apple.appstore restrict-store-softwareupdate-only -bool yes
sudo softwareupdate --schedule on
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticDownload -bool False
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool TRUE
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate ConfigDataInstall -bool TRUE
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CriticalUpdateInstall -bool TRUE

This was as per Tim Sutton's article here

add/remove sudo as needed

as always test test and then test

View solution in original post

12 REPLIES 12

bpavlov
Honored Contributor

Have you tried to create a custom configuration profile to manage those settings instead? I haven't tested this out but it might be possible and I think I've heard of other people doing similar stuff.

rderewianko
Valued Contributor II

Custom Config profile set once would be the way to go.. Alternatively, although people are shying away from it is writing them as defaults write

Rich has a great Blog post describing how to go about doing it with defaults write
Here

cainehorr
Contributor III

I have a unique solution to a unique problem.

I have a custom plist for a piece of 3rd party software.

Here is how I manage this...

  1. I enabled hidden folders on my target Mac. I'll refer to the target Mac as the "Gold Master". - You can do this with Terminal or with a utility like TinkerTool
  2. I then configured the Gold Master the way I wanted it.
  3. I moved (not copied) the custom plist from it's default location to the Desktop (i.e. /Library/Preferences/MyCustom.plist to ~/Desktop/MyCustom.plist)
  4. I then ran Casper Composer on the Gold Master and I created a "Normal Snapshot"
  5. I gave it a unique package name like "my_custom_plist_v1.0"
  6. Casper Composer took a snapshot...
  7. I then copied the custom plist from the Desktop back to the proper location (i.e. ~/Desktop/MyCustom.plist to /Library/Preferences/MyCustom.plist)
  8. I then clicked on "Create Package Source"
  9. Casper Composer takes an "After" snapshot... wait for it...
  10. I deleted everything not relevant within the snapshot. - I only want /Library/Preferences/MyCustom.plist
  11. I then built the file as a DMG (not a PKG) and saved to my Desktop on the Gold Master
  12. Casper Composer created the my_custom_plist_v1.0.dmg file onto my Desktop
  13. I then uploaded my_custom_plist_v1.0.dmg to my JSS under "Settings > Computer Management > Packages"
  14. I filled out the information on the General Tab the way I needed it.
  15. I then saved the package within the JSS
  16. I created a policy to deploy the dmg file to all relevant systems

This workflow is simple and effective.

If @rderewianko's suggestion doesn't work for you, perhaps this manual method will...

Good luck and feel free to ask any questions you may have.

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

mark_sampers
Contributor

I believe it will overwrite the entire client plist. (not just modify it) Using a defaults write command may be a better option.

defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticDownload -boolean FALSE

Either way, I’d first test your package or script with one or two clients before deploying in mass.

cainehorr
Contributor III

@mark.sampers - In my particular example, the 3rd party plist did not exist prior. That being said, I completely agree with you. Testing before rolling into production is key!

Kind regards,

Caine Hörr

A reboot a day keeps the admin away!

tcandela
Valued Contributor II

right now i'm running a script that does this.

softwareupdate --schedule off
softwareupdate --background-critical --force

tcandela
Valued Contributor II

if i create a configuration profile. would i used the. 'custom settings' payload and upload the .plist ?

mm2270
Legendary Contributor III

@tcandela

if i create a configuration profile. would i used the. 'custom settings' payload and upload the .plist ?

Yes, that is exactly what you'd use. Only because it's not a built in option to manage those settings. Once you get familiar with how to use the Custom settings payload in a Configuration Profile, there is very little you can't add to it to manage things that are not provided out of the box.

Nix4Life
Valued Contributor

@tcandela

I run the following as part of my first boot script. as mentioned I also use profiles, but some things like this I use the defaults command as I split the defaults command and profiles evenly:

# Set in house SUS,Munki, and  Office Caching Prefs
sudo /usr/bin/defaults write /Library/Preferences/com.apple.appstore restrict-store-softwareupdate-only -bool yes
sudo softwareupdate --schedule on
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticDownload -bool False
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool TRUE
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate ConfigDataInstall -bool TRUE
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CriticalUpdateInstall -bool TRUE

This was as per Tim Sutton's article here

add/remove sudo as needed

as always test test and then test

tcandela
Valued Contributor II

@LSinNY I'm going to test out your default write commands in a script and have it run in my configuration at reboot.

!/bin/sh

/usr/bin/defaults write /Library/Preferences/com.apple.appstore restrict-store-softwareupdate-only -bool yes
softwareupdate --schedule on
defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticDownload -bool False
defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool TRUE
defaults write /Library/Preferences/com.apple.SoftwareUpdate ConfigDataInstall -bool TRUE
defaults write /Library/Preferences/com.apple.SoftwareUpdate CriticalUpdateInstall -bool TRUE

exit $?

tcandela
Valued Contributor II

@LSinNY it set the correct App Store updates !! when i run a configuration that installs 10.12.4 and enrolls

Automatically check for updates
&
Install system data files and security updates

but now I wonder what would happen if I run the script on currently enrolled macs ?? I'll let you know. that's next

tcandela
Valued Contributor II