Smart Group based on Available SWU without a wildcard

robb1068
Contributor

Looking to build a smart group based on the criteria of Available SWUs, but not defined to a specific update. I'd like to have a smart group that collects Macs that have any Security Updates pending.

Previously a wild card search might be able to do the trick, but that's no longer an option. And the operator for the criteria "Available SWUs" is on "Has" and "does not have".

The goal is to have a monthly policy that runs software updates to only Macs that have a Security Update available and have it be hands off... new Security Update is released and the Mac is added to the smart group and the policy runs.

1 ACCEPTED SOLUTION

JustDeWon
Contributor III

@robb1068 I created a very simple EA from this, and based the results on a Smart Group. From this I can control the "patch" policies

#!/bin/sh
################################################################
# - Pulls list of available software updates
#################################################################

## Set the variable
softwareUpdate=$(defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist RecommendedUpdates | awk '{print $3,$4,$5}' | sed 's/"//g' | cut -d "=" -f 2)

## Send results to Jamf
echo "<result>$softwareUpdate</result>"

View solution in original post

3 REPLIES 3

sdagley
Honored Contributor II

@robb1068 You could create an Extension Attribute that greps the output of softwareupdate --list for Security Update and use that as the Criteria for your Smart Group

JustDeWon
Contributor III

@robb1068 I created a very simple EA from this, and based the results on a Smart Group. From this I can control the "patch" policies

#!/bin/sh
################################################################
# - Pulls list of available software updates
#################################################################

## Set the variable
softwareUpdate=$(defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist RecommendedUpdates | awk '{print $3,$4,$5}' | sed 's/"//g' | cut -d "=" -f 2)

## Send results to Jamf
echo "<result>$softwareUpdate</result>"

View solution in original post

robb1068
Contributor

D'oh! I didn't even think about setting up an extension attribute, that should do the trick... thanks!