Posted on 01-20-2018 08:34 AM
Hey fellas..
quick question.. I'm about to push out a policy this week to isntall all available software updates to our clients...mainly to patch spectre vulnerabilities.
Is it enough to just enable the Software Update payload when creating the policy, or should I just push the command: softwareupdate -i -a
Just reading the posts regarding the 10.13.2 supplemental update has gotten me confused.
Thanks!
-A
Posted on 01-20-2018 08:58 PM
@ooshnoo The Software Update payload should be sufficient to install available updates, but you will also need a Restart Options payload so the target computer will restart when installing updates that require a restart.
Posted on 01-21-2018 12:11 AM
The 10.13.2 Supplemental Update bit us in the butt. Good thing not so many people have moved to 10.13.2. Lucky them, with all the bugs being exposed.
Push or Pull policies can include something like...
softwareupdate --install --recommended && shutdown -r now
Posted on 01-22-2018 06:17 AM
My understanding of the post was that you can include the Software Update in the policy. But if you included the "Restart Options" it also declares the Startup Disk, which might be in opposition to the boot up source the 10.13.2 supplemental wants to boot from to apply firmware updates. So the consensus was to avoid enabling a Restart Options and to add a Files and Processes >> Execute Command that with the following line: /sbin/shutdown -r now
Unfortunately when if you go with the shutdown -r now, there isn't any warning to the user unless you put it into a script with dialog for the user to see.
If there isn't already, should there be a Feature Request to add extra option added to the Restart Options to not include any changes to the Startup Disk?
Posted on 01-22-2018 07:53 AM
@jhalvorson Not that I’ve tried it personally, but shouldn’t the Startup Disk setting “Currently Selected Startup Disk (No Bless)“ in the Restart Options payload do what you’re asking?
Posted on 01-22-2018 07:57 AM
I think your correct about "“Currently Selected Startup Disk (No Bless)“. I haven't tested that option yet.