Software Updates best practice

techmchs
New Contributor III

Hello all,

So looking for some advice.. we have an 10.8 SUS on our inside network and a mix of 10.7 and 10.8 clients..We would like to use our SUS to push out updates.. Ideally we would be able to promt a user, have them install and then restart with a jamf helper screen until the process is finished... this is not as critical for updates that do not require a restart.

I'm curious if its better to cache updates that require restart and either have the users start them through selfservice or initiate the install with a login trigger?

For example 10.8.1 just dropped.. what would you all recommend as the most effective way to push this out.. considering it does require a restart.

hope that is clear?

4 REPLIES 4

donmontalvo
Esteemed Contributor III

We use Self Service, so users have control to run at their descretiion and without needing admin rights.

If Self Service isn't an option, trying to trigger SUS stuff at login/logout can be problematic, so you might want to consider triggering to logged off Macs after hours. ;)

--
https://donmontalvo.com

techmchs
New Contributor III

Thanks.. do you have the Self Service policy run the command softwareupdate -ia or do you use the software updates check box.. I ask because when I use the command it runs fine but will not reboot..and if I use the check box I get a weird proxy error..

Anyway.. thats why I was thinking to use the cached packages for updates that require reboots...

Thanks for your help:)

ernstcs
Contributor III

You can always just force a reboot at the end of the policy as long as that's communicated to the user.

We use to launch the Software Update application from Self Service so it was running as an admin and you'd get that wonderful interface for users. However, that won't work for 10.8 as it's going to try and launch Mac App Store. If you're not allowing users to do that you're best option is to run the 'softwareupdate -i -a' command and then check the reboot boxes in the policy.

I'd force the user to read the description for the Self Service policy and the first line could read "This policy will reboot your computer. Please be sure to save all work and quit running applications before you perform updates." Or it could also ask them to do that after it runs, could pop up a message box at the end that says "Updates require you to reboot your computer immediately." Granted, now you're trusting the end-user to do it.

You can only do so much.

Proxy error sounds like the update server that's trying to be accessed isn't available.

techmchs
New Contributor III

Thank Ernstcs.. sounds like what we will end up doing..

The strange thing about mountain lion SUS.. and maybe someone else has seen this.. index.sucatalog does not exist!! so if you point jamf to your update server you get this error as its looking for http://your.server:8088/index.sucatalog

I built the Mt Lion server from scratch and turned on SUS.. but no index.sucatalog anywhere.. not sure if this is something that has changed in Mt Lion?