Help

Smart Group based on Available SWU without a wildcard

Go to solution
robb1068
Contributor

Posted on ‎09-04-2020 08:40 AM

Looking to build a smart group based on the criteria of Available SWUs, but not defined to a specific update. I'd like to have a smart group that collects Macs that have any Security Updates pending.

Previously a wild card search might be able to do the trick, but that's no longer an option. And the operator for the criteria "Available SWUs" is on "Has" and "does not have".

The goal is to have a monthly policy that runs software updates to only Macs that have a Security Update available and have it be hands off... new Security Update is released and the Mac is added to the smart group and the policy runs.

Labels:
0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
JustDeWon
Contributor III

Posted on ‎09-04-2020 11:43 AM

@robb1068 I created a very simple EA from this, and based the results on a Smart Group. From this I can control the "patch" policies

#!/bin/sh
################################################################
# - Pulls list of available software updates
#################################################################

## Set the variable
softwareUpdate=$(defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist RecommendedUpdates | awk '{print $3,$4,$5}' | sed 's/"//g' | cut -d "=" -f 2)

## Send results to Jamf
echo "<result>$softwareUpdate</result>"

View solution in original post

Reply
3 REPLIES 3

Go to solution
sdagley
Esteemed Contributor II

Posted on ‎09-04-2020 11:19 AM

@robb1068 You could create an Extension Attribute that greps the output of softwareupdate --list for Security Update and use that as the Criteria for your Smart Group

Reply

Go to solution
JustDeWon
Contributor III

Posted on ‎09-04-2020 11:43 AM

@robb1068 I created a very simple EA from this, and based the results on a Smart Group. From this I can control the "patch" policies

#!/bin/sh
################################################################
# - Pulls list of available software updates
#################################################################

## Set the variable
softwareUpdate=$(defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist RecommendedUpdates | awk '{print $3,$4,$5}' | sed 's/"//g' | cut -d "=" -f 2)

## Send results to Jamf
echo "<result>$softwareUpdate</result>"
Reply

Go to solution
robb1068
Contributor

Posted on ‎09-04-2020 01:22 PM

D'oh! I didn't even think about setting up an extension attribute, that should do the trick... thanks!

Reply