I created a configuration profile for automatic OS updates and pushed it to a test 10.12 client. After restarting the client and logging in, it automatically updated safari, remote desktop client, itunes, and HP printer software. However, it did not install "Security Update 2018-001 10.2.6".
What am I overlooking to get security updates automatically installed?
+12If it is a MacBook, is it connected to power? I know missing that will often inhibit Sec Updates...
+23I believe this update requires a restart.
Until Apple provide a mechanism to force a Mac to run its latest OS build, part of an Apple consumer-like experience with regard to patching and updates is some form of reminding, nagging, or forcing periodic restarts, especially when restart-required updates are pending.
Each org is different, so you’ll have to see what your users and management will accept, but some of the approaches, from least intrusive to most intrusive include...
If you’re curious as to how to do any of the above, I’ve written a bunch of scripts and policies/workflows around this and will anonymize them and share soon.
It is a notebook, but it is connected to power. I realize it does require a restart, but I was hoping it would at least install.
+23@mccallister macOS updates that require a restart install at restart. They cannot install in the background.
On the currently supported macOS versions (10.11+), when App Store preferences are configured as you've described in the original post, updates that do not require a restart are automatically downloaded and installed. Updates that require a restart are downloaded and cached. Once cached, macOS displays reminders in Notification Center urging the user to restart. The update(s) will install at the next restart.
The methods I described in my previous post are useful when the macOS Notification Center reminders are ignored by users.
It never did do the security update after a restart. It looks like this method may not be a viable solution anyway because it did not do any updates at all on a 10.13 client. See errors from console. Back to the drawing board I guess. 
+23That looks like some sort of permissions issue. It's doesn't appear that software update is failing, but rather, it's not able to read its preferences. I'd suggest examining how those preferences are being set and anything else on the Mac that may be affecting cfprefsd. softwareupdate, or the files these tools need to reference.
+13we use a similar profile along with a profile for an internal SUS and the update installed. What you could do to test , would be to get a machine that is setup the way you would like it to be. Grab the plist and use mcxToProfile to generate the mobileconfig. Upload and test. This was on 10.12.6
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.