S.U.P.E.R.M.A.N.

CrawfordRobson
New Contributor III

This is great did some initial testing with S.U.P.E.R.M.A.N | Jamf Pro on a couple of Intel devices one running Big Sur and one with Monterey both are now fully patched thanks to Kevin M White and @HCSTechnology post on it.

https://github.com/Macjutsu/super 

has anyone else tried it out yet and what do you think of it?

24 REPLIES 24

bwoods
Valued Contributor

Awesome workflow, definitely going to test this out. We can't rely on solutions like nudge to force updates.

I was going to look at Nudge but S.U.P.E.R.M.A.N seems to work in the testing I’ve done so far.

ericbenfer
Contributor III

 But can you man super?

I would prefer super human! 

mm2270
Legendary Contributor III

Thanks for mentioning this. It looks pretty interesting and comprehensive. I'll be taking a look. Seems there are many custom solutions for the conundrum Apple has put us all in around software updates, but there hasn't been one really surefire way to get these updates installed that I've seen so far. If this actually does it, I'll be pretty psyched.

I like the fact that this uses IBM Notifier for notifications. In case anyone is looking for a really slick messaging tool and hasn't already looked at that, I encourage you to. It's very cool, has a gazillion features, and unlike some other tools that have grown stale, this one has active development on it and modern coding.

I’m hoping S.U.P.E.R.M.A.N is the right fit for our devices macOS updating is such a pain. I use an MDM script to check and apply updates but hopefully this will be the old way :)

CrawfordRobson
New Contributor III

The script I currently use is;

#!/bin/bash

/usr/libexec/mdmclient AvailableOSUpdates

jss="https://jamf/JSSResource"
username=''
password=''
system_udid=$(system_profiler SPHardwareDataType | awk '/Hardware UUID/ { print $3 }')
system_id=$(curl --silent -u "$username:$password" "$jss/computers/udid/$system_udid" | awk -F "id>" '{print $2;exit;}' | tr -d '</' )
curl -X POST -u "$username:$password" "$jss/computercommands/command/ScheduleOSUpdate/action/install/id/$system_id"

softwareupdate -iaR

nonos456
New Contributor II

Hello,

In the Jamf policy, what do you choose as a trigger?

Hi,

Use policy to copy the S.U.P.E.R.M.A.N files to the device and it as a Files & Processes command to setup  Users/Shared/super-main/super, which then will trigger it to run on the device.

Thank you for your reply.

I was talking about the trigger to activate the policy

CrawfordRobson
New Contributor III

Running this command as a Files and Processes will run S.U.P.E.R.M.A.N "/Library/Management/super/super" set the trigger it as Recurring Check-in.

Ok thanks

@CrawfordRobson  can you please share step by step deploying Super .

 

jamf is new for me.

 

 

@rkumar2 the Wiki is the best place for going through how to setup Super :)

https://github.com/Macjutsu/super/wiki 

santy_nextg
New Contributor

Hi, that's really good to know. Well I have created a policy in Jamf with the SUPERMAN script and a config profile to set the soft, hard and focus deadlines. I have changed the parameters of Testmode=False along with other parameters such as skipsoftwareupdate=False. When I trigger the script, I do get the IBM notification however when I click on restart option from the notification it does not restart. Can you help me with a proper workflow of the script here. Thank you.

CrawfordRobson
New Contributor III

@santy_nextg I could have a look but you might be better to ask the creator of S.U.P.E.R.M.A.N on GitHub.

https://github.com/Macjutsu/super 


@CrawfordRobson wrote:

@santy_nextg I could have a look but you might be better to ask the creator of S.U.P.E.R.M.A.N on GitHub.

https://github.com/Macjutsu/superredactle 


Thank you.

SW
New Contributor II

Been looking into this but I cant seem to get it to install without forcing a restart on the device even if there is no update.

Also having this issue when applying the API credentials. 

This is with 

<key>ForceRestart</key>
<false/>

enforced by a config profile,

has anyone else had this issue? 

Ferri
New Contributor

trying this now. I have created and deployed the profile,  ( as per jamf images inhttps://github.com/Macjutsu/super/tree/main/Images ) I understand I need to create a separate policy to actually run it, but am not sure where to put the variables, as in, by default there are unlimited deferrals, would like to set to 2 with delays of 1 day max between them. is that part of the command line argument?

pelotron
New Contributor

No it's not part of command line. The script does not need to be altered at all, you can set the 'deferral count' to x or 100 and set 'deferral days' to 1 day in the config profile. All settings are in the config profile. Here's what I have: 

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>JamfProID</key>
<string>$JSSID</string>
<key>DefaultDefer</key>
<string>3600</string>
<key>FocusDefer</key>
<string>300</string>
<key>MenuDefer</key>
<string>3600,7200,86400</string>
<key>RecheckDefer</key>
<string></string>
<key>FocusCount</key>
<string></string>
<key>SoftCount</key>
<string>5</string>
<key>HardCount</key>
<string></string>
<key>FocusDays</key>
<string></string>
<key>SoftDays</key>
<string>3</string>
<key>HardDays</key>
<string></string>
<key>ZeroDay</key>
<string></string>
<key>FocusDate</key>
<string></string>
<key>SoftDate</key>
<string></string>
<key>HardDate</key>
<string></string>
<key>DisplayTimeout</key>
<string>3600</string>
<key>DisplayRedraw</key>
<string>1200</string>
<key>DisplayIcon</key>
<string>/usr/local/peloton/pelo_updates.png</string>
<key>IconSizeIbm</key>
<string>128</string>
<key>IconSizeJamf</key>
<string>128</string>
<key>PreferJamf</key>
<false/>
<key>PolicyTriggers</key>
<string></string>
<key>SkipUpdates</key>
<false/>
<key>ForceRestart</key>
<false/>
<key>TestMode</key>
<false/>
<key>TestModeTimeout</key>
<string>15</string>
<key>VerboseMode</key>
<true/>
</dict>
</plist>

 

 

I have one profile for prod, one for zero day, and one for testing, each with different settings to control superman the way I want. 

I would be interested to know what your plist looks like for zero days and how you deploy it. For example, do you block the other policy and push out the zero day one?

ArunRamaswamy
New Contributor

am trying to deploy in the laptops with M1 chip, but its getting failed at the end while installing with an Error: Push workflow for macOS update/upgrade via MDM timed out after 300 seconds, trying again in 3600 seconds.

rkumar2
New Contributor

@CrawfordRobson  can you please share the step by step manual or any PDF ,

i dont now how to start super process in jamf pro

 

 

hunguyenixl
New Contributor

A bunch of my devices keep failing with the error message:

Inactive Error: Initial startup validation failed.

 

How do i remediate this?