Jamf Nation Community

clifhirtle · ‎05-03-2013

Can anybody point me in the direction of how to enable the option to "Automatically check for updates" in System Preferences -> Software Update?

I've located and created a MCX policy to manage the two items below it via MCX'ing /Library/Preferences/com.apple.SoftwareUpdate.plist:

"Download newly available updates in the background"
"Install system data files and security updates"

But I cannot locate what setting is enabling the parent auto check setting. Help?

mm2270 · ‎05-03-2013

sudo softwareupdate --schedule on

That will check the whole item on (or off if you change the word to off)
It'll respect the settings below it from the plist, so if you toggle it back on, those will show up checked again if they were previously.

View solution in original post

mm2270 · ‎05-03-2013

sudo softwareupdate --schedule on

That will check the whole item on (or off if you change the word to off)
It'll respect the settings below it from the plist, so if you toggle it back on, those will show up checked again if they were previously.

clifhirtle · ‎05-08-2013

Thanks Mike. Cannot believe I missed that one.

Unfortunately I am now finding that my MCX settings for the com.apple.SoftwareUpdate domain are not actually locking down the settings in Software Update for Download available updates and install system data files settings. User can still change and once changed they never revert back, even though being set as a System Level Enforced setting.

Are these settings that would mandate use of the union policy option?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>AutomaticDownload</key>
    <true/>
    <key>CriticalUpdateInstall</key>
    <true/>
</dict>
</plist>

mm2270 · ‎05-08-2013

Clif,

I'll be honest with you. I really don't know exactly what the union policy option is for. I recall I asked about it once and the answer I got was something along the lines of, if you don't know what it means, you don't need to use it.

I'll have to take a look and see if we're managing any of those settings for our client base and if so, if we're enforcing them. I don't think we are though. We don't lock too much down in regards to Software Update other than the SUS the clients are pointed to.

clifhirtle · ‎05-13-2013

Thanks Mike. I do not really get the union policy option either.

Moreover, in auditing my Casper MCX policies I am discovering that although they are showing as coming down to the machines in /Library/Managed Preferences they are not actually managing many of the settings that I have configured, the settings for Apple Software Updates above included.

I am assuming this is because these settings simply cannot be managed with MCX, but how would I identify which ones could or could not be managed? Settings are definitely showing as present via mcxquery but even a complete MCX reset-and-reapply does not seem to apply the settings as expected.

Clarification: it's the ongoing MCX enforcement I'm referring to here. The one time settings applying the settings via softwareupdate --schedule and defaults write work fine.

rogerl · ‎10-11-2013

According to my tests: The settings in /Library/Managed Preferences/com.apple.SoftwareUpdate.plist will only come into effect if the corresponding keys in /Library/Preferences/com.apple.SoftwareUpdate.plist are missing.

To prevent standard users from changing the settings in the Software Update system setting you have to close the lock in the bottom left corner. As soon as any of the checkboxes in this control panel is changed, the key is written back to the plist in /Library/Preferences rendering the mcx-provied key obsolete.

This I found in OSX 10.8.x

Jamf Nation Community

Managing Software Update -> Automatically Check for updates?