Posted on 03-20-2013 06:06 PM
https://github.com/darklordbrock/scripts/blob/master/UW-Milwaukee/mySWUcheck.sh
I want to share this workflow I have setup. I have a smart group that will add machines that need a software update. The smart group gets a policy that runs this script at log out. I will ask the user during logout if they would like to install updates. The user can click NO three times. On the four log out the system will just install the updates.
The script will tell if the updates need to reboot the system or just install. If the updates need to reboot, the script will have the system shutdown when they are done installing.
With this being a log out script I thought it would be best to have the machine shutdown on a reboot needed. This way if the person is going to shut their machine down at the end of the day they can let this run and just go home, knowing the machine will shutdown with it is done.
I have started to notice since I have been using this that most people do not log out or shutdown very often. I'm going to try to think of a good way to notify a user that they have updates while the system is up.
Solved! Go to Solution.
Posted on 03-20-2013 10:13 PM
This might be an option:
http://code.google.com/p/munki/wiki/AppleSoftwareUpdatesWithMunki#Using_the_munki_tools_only_to_install_Apple_Software_Updates
Munki can be used to only install Apple updates. It will notify the user of available updates, allow the user to install them, and require a logout or restart if needed.
Posted on 03-20-2013 06:45 PM
I use a script to check the uptime of a machine and display a dialog using growlnotify. It's something I threw together three years ago, but it worked great. It would alert users when they had not restarted for more than 5 days. After 10 days it would alert them via Growl and also send an email to them from the system.
You could have a script that checked machine uptime and if greater than 5 days, checked for software updates and alerted the user that they had been up for more than 5 days. If there are also updates, you can alert them that there are updates that need to be applied. Two birds, one stone.
I need to re-write my script to use cocoaDialog now instead of Growl, but here is the original script using Growl and growlnotify:
#!/bin/sh
# Name: uptoolong.sh
# Date: 3 March 2010 (revised 17 March 2010)
# Author: Steve Wood (swood@integer.com)
# Purpose: this script will check how long a machine has been up and display a notification
# using Growl and Growl Notify.
# updated: 22 March 2010 - moved email address grab inside of if then loop
# set some variables and grab the time
days=`uptime | awk '{ print $4 }' | sed 's/,//g'`
num=`uptime | awk '{ print $3 }'`
# we want the computer name
computername=$2
# set the nasty message we are going to send
message1="Your computer has now been up for $num days. It is important for you to restart"
message2="your machine regularly to help it run efficiently and to apply any updates or changes"
message3="that have been pushed in the background. Please restart your machine ASAP. Thank you."
# now check how long they've been awake
if [ $days = "days" ];
then
if [ $num -gt 5 ];
# we have a narcaleptic Machine
then
# this is serious
if [ $num -gt 9 ];
then
# grab the current user and use that to query OD for the email address
CurrentUser=`ls -l /dev/console | awk '{ print $3 }'`
email=`dscl /LDAPv3/your.ldapserver.com -read /Users/$CurrentUser | grep EMailAddress | awk '{ print $2 }'`
touch /Library/Application Support/JAMF/Receipts/UpTooLong.pkg
/usr/sbin/jamf displayMessage -message "Your computer has now been up for $num days. Please restart ASAP. Thank you"
echo -e "$message1
$message2
$message3" | mail -s "Machine Up Too Long" $email
else
touch /Library/Application Support/JAMF/Receipts/UpTooLong.pkg
/usr/local/bin/growlnotify -a "Finder" -t "Restart Required" -m "Your computer has been up for $num days. Please restart as soon as possible." -s
fi
else
if [ -e "/Library/Application Support/JAMF/Receipts/UpTooLong.pkg" ]
then
rm /Library/Application Support/JAMF/Receipts/UpTooLong.pkg
fi
fi
fi
#now run a recon to make sure we add to the smart groups and clear if need been
/usr/sbin/jamf recon
exit 0
Hope that helps give you some ideas. I turned this off last year but need to re-enable it.
Posted on 03-20-2013 10:13 PM
This might be an option:
http://code.google.com/p/munki/wiki/AppleSoftwareUpdatesWithMunki#Using_the_munki_tools_only_to_install_Apple_Software_Updates
Munki can be used to only install Apple updates. It will notify the user of available updates, allow the user to install them, and require a logout or restart if needed.
Posted on 03-26-2013 07:01 AM
Steve,
Thank you for sharing that script.
Greg,
After testing just the updates with Munki, that looks like the easiest path. I'm looking forward to the extra features for updates in 0.8.4 when it is not a preview released.
Posted on 03-26-2013 07:36 AM
@Brockma9 this is pretty slick - thank you! My concern from testing is the delay @ shutdown. WHen I shutdown the machine, it goes to a grey screen and sits there for about 60-70 seconds - then prompts.
My thought process would be - we already know from JAMF that the system needs updates (hence it's in the Software Update Smart Group). So why do another search? Would it be possible to take the search out and just skip straight to the - user prompt, and then yes/no to install or not?
Maybe it can't be done that way...
@stevewood - I'd be interested in that too if you get time.
EDIT: actually timed how long it took from hitting shutdown to the time the script prompted.
Posted on 03-26-2013 07:53 AM
brockma9:
You can use Munki to install Apple Software Updates without having to set up a Munki server. But if you want to take advantage of the new features in 0.8.4 that allow you to cause some Apple updates to be installed in the background without bothering the user, or to "force install" some updates after a certain date, you do need a Munki server to store the additional data needed to support those operations.
-Greg