Skip to content
Kevin edited this page Aug 26, 2022 · 22 revisions

S.U.P.E.R.M.A.N.

Software Update Policy Enforcement (with) Recursive Messaging And Notification

S.U.P.E.R.M.A.N. optimizes the macOS software update experience.

by Kevin M. White

Introduction

S.U.P.E.R.M.A.N. (or just super) is an open source script that provides administrators with a comprehensive workflow to encourage and enforce macOS software updates for both Intel and Apple Silicon computers. Deployed via a single script, super creates a background agent (aka LaunchDaemon) that ensures macOS software updates are applied with the least user interference possible. Further, super can also enforce macOS software updates with options for customizable deferrals and deadlines. In other words, super makes the macOS update experience better for both users and administrators alike.

Version 2.x Compatibility

There are so many new features in super 2.x that any existing scripts, Configuration Profiles, or other workflows designed for super 1.x are not compatible with super 2.x. Plese review the change log and sudo super --help!

Features and Options

  • Fully automated (no user authentication required) macOS software update workflow for both Intel and Apple Silicon computers.
  • Customizable software update dialogs and notifications via IBM Notifier.
  • Minimizes user downtime by automatically installing non-restart Apple software updates (Safari, Xcode, etc.) without prompting the user.
  • Minimizes user downtime by automatically downloading and preparing system updates before interrupting the user to restart.
  • Automatic deferral option for user Focus, Do Not Disturb, and screen sleep assertions (presentations, meetings, etc).
  • A variety of enforcement options including maximum deferral counts, maximum deferral days, and date deadlines.
  • Background agent (LaunchDaemon) works independently of management (MDM) service.
  • Automatic installation of all required items and dependencies.
  • Configurable via interactive command line super or MDM managed preference.
  • Substantial validation and logging including both testing and verbose modes.
  • For computers managed via Jamf Pro, automatic inventory and policy check-in as soon as possible after computer restarts.
  • For computers managed via Jamf Pro, option to run policies prior to system update restart.
  • For computers managed via Jamf Pro, option to run policies without Apple software updates and still take advantage of dialogs, notifications, deferrals, and deadline workflows.

Screenshots

Update dialog with multiple deadlines and pop-up deferral choice

Example update dialog

Restart notification

Example restart notification

Clone this wiki locally