Jamf Nation Community

ajanicke · ‎01-26-2024

I want to shout out this awesome project.

I've been beating a dead horse trying to figure out a way to keep the new M1s updated with little to no user interaction, not let them be able to access the Software Update portion of the settings panel since, let's admit it, end users are going to click on the shiny new OS Upgrade and not the tiny blue button all the way down at the bottom.

I was able to set this up in a day and configure all settings and testing has been amazing.

It only downloads the updates and not any upgrades, unless specified in the configuration, BEFORE prompting the user for a restart so it's 99% transparent to the end user, let's me setup deferment time and amount, custom branding to make sure it looks authentic to users, auto updates things like Safari that don't need a restart to update, and most importantly can authenticate as an admin account with a secure token instead of needing the user to be a volume owner!

If you're looking to keep your devices on their current OS for the next few years and just want updates to work and ACTUALLY have some kind of administrative control over updates. You have to check it out.

howie_isaacks · ‎01-26-2024

This is great feedback. I have been reading over the documentation for it thinking I may ditch Nudge and use Superman instead. Nudge is really good, but I think with the rules I have to follow with updates and upgrades, it doesn't seem to work well sometimes.

ajanicke · ‎01-29-2024

In our K-12 environment upgrades aren't a usual thing. In OSes of the past you've been able to use a softwareupdate --ignore "macOS Version" to hide it within Software Update.

With Ventura and the upgrade for Sonoma, you can no longer hide major upgrades. So instead of letting users update their devices on their own I had to lockdown all devices so they couldn't even see the software update page in their settings because we had a few teachers just decide to upgrade and break a few apps and our Jamf Connect configuration.

Nudge only seems to work if the Software Update section of the settings is open to the user but in our case we could no longer let that be visible. Superman allowed this and I'm really excited to try it out in a test ring and I think faculty will appreciate it's ease of use and deferment options.

howie_isaacks · ‎01-29-2024

You can install profiles to defer those updates for up to 90 days. This is how I kept a lot of my users from upgrading to Sonoma right away this past fall. With the profile in force, users won't see the updates/upgrades in Software Update.

ajanicke · ‎01-29-2024

Correct, but this isn't very good in K-12 as the 90 day deferment hits directly around winter break. Then when they get back it's into state assessments so if the latest upgrade breaks something we're hosed. So we have to go around Apple's horrible implementations where as we had a command for it prior to Ventura.

This was a HUGE complaint at our local Apple convention this year.

howie_isaacks · ‎02-02-2024

I'm not at all happy with the way Apple has been doing this. We have profiles setup to defer minor updates and major macOS upgrades, but they don't work reliably on all Macs. What's more, users get confused when they go to upgrade to Sonoma because they see the Install macOS Sonoma app appear when they click to upgrade from Software Update. Other times, the upgrade to Sonoma happens entirely through Software Update without the install app even being in the Applications folder. This makes it difficult to set proper expectations with my users.

Jamf Nation Community

Saved by Superman!