Help

Patch Management for macOS

cmudgeUWF
New Contributor III

Posted on ‎01-23-2019 12:40 PM - last edited on ‎03-04-2025 05:39 AM by Community Manager

Does anyone have any experience with pushing macOS security patches via JAMF? With this week's big list of patches for macOS, it impressing a need for greater control of patches for macOS. I've been seeing some stuff about SUS, but I don't want to invest time and resources into something that is being deprecated.

Labels:
0 Kudos
Reply
7 REPLIES 7

WacoKUNDA
New Contributor II

Posted on ‎08-21-2019 06:35 PM

Hey cmudgeUWF,

Any news on this one from your side please?

I tried a few ways using patch management, however none worked.

Is there anyone in the Jamfworld with some advise please? instructions or "How to's" please Jamf? If anyone has news on how to do this successfully please let us know?

Reply

crskerman
New Contributor II

Posted on ‎08-21-2019 08:09 PM

I had a ticket in around this the other week.
Here's what Jamf recommonded to me:

In regards to the end goal, would we be able to advise to use the policy to run a script for the devices to communicate to Apple directly to download and install necessary updates. As usually when the update is requested from the machine it downloads the necessary version for the the model. this would be the reason for the messages. https://www.macrumors.com/how-to/update-macos-terminal-command/ Have attached an article that may assist you in creating this simple workflow.
Reply

kwoodard
Valued Contributor

Posted on ‎08-28-2019 05:20 PM

This is the command I use in ARD to have a computer check for updates, install in the background, then restart when done. The restart portion only seems to work on 10.13 and 10.14. I would imagine that this could be scripted inside JAMF as a policy.

sudo softwareupdate -ia --verbose --restart
Reply

WacoKUNDA
New Contributor II

Posted on ‎08-28-2019 08:43 PM

@kwoodard

Thanks mate, I was testing this sudo softwareupdate -i -a --restart and it seem to work when I just ad it to a policy under files and processes. I will try the one you gave sudo softwareupdate -ia --verbose --restart.

Thanks for the help

0 Kudos
Reply

kwoodard
Valued Contributor

Posted on ‎08-29-2019 09:15 AM

@WacoKUNDA

The --verbose flag gives a return in ARD to show me the status of the update. It shows what updates are found and gives a progress indicator on the status of the install. If you are doing a policy in JAMF, probably won't need it.

Reply

jleomcdo
Contributor

Posted on ‎08-29-2019 10:02 AM

I have scripted this process and put it in Self Service. I use the command line "jamf runSoftwareUpdate -fromApple"
I also use the jamfHelper binary to display a start and end message.

Reply

WacoKUNDA
New Contributor II

Posted on ‎08-29-2019 10:51 PM

"sudo softwareupdate -i -a --restart" Worked fine for me, however I will test to see how "jamf runSoftwareUpdate -fromApple" goes, for future reference Thanks Everyone

0 Kudos
Reply