-
Notifications
You must be signed in to change notification settings - Fork 6
04 Apple Software Updates via UEX
Setting up your UEX Recipe is super simple
Use the 00-UEX-Jamf-Interaction-no-grep.sh
Set the following Parameter Values:
Vendor;AppName;Version = Apple;Apple Software Updates;1.0
Checks = suspackage
Apps for Quick and Block = MUST BE BLANK
InstallDuration - Must be integer = 5
maximum deferral - Must be integer = 3
Packages separated by semi-colon = MUST BE BLANK
Trigger Names separated by semi-colon** = Must be the same as the custom event name for the parent policy** i use softwareupdates
If you want you can also publish a policy in Self Service to trigger the UEX Recipe with the 00-UEX-Install-via-Self-Service script. Just set Parameter 4 to the the same as the Parent Policy.
- Once the policy run it first does a
softwareupdate -land parses that information to determine what the requirements are. - If no update it either exits silently or shows a message that no updates are available when run from self service.
- If there ARE updates available then it parses out the list and runs the logic below to display they right message to the user.
- If the user run the update check from self service then the updates will download before hand.
- If there are Updates containing
Securityin the name then it marks the UEX as Critical and Compliance - If there are Updates containing
macOSorOS Xin the name then it marks the UEX as Compliance and Power Required and theInstall Duration=45 - If there are Updates containing
Firmwarein the name then it marks the UEX as Critical, Compliance and Power Required - If any of the updates require a restart then it add the UEX check Critical and Compliance
- If there is an iTunes, Safari or Final Cut Pro X* Update then it will add the
blockCheck and add the app name the theapps for quit or blockvariable for you.
* Final Cut Support is as of v4.2.2
If you're in an environment that requires you the manage update you can use something like Jamf Netsus orreposado.
UEX v4.1+ supports setting the server via another policy or will respect the system configured setting by a profile or the system default.
If you use a single Apple Software Update Server to host your Update Catalog then it's a good idea to manage the server setting with a Configuration Profile. Use the custom settings payload.
PREFERENCE DOMAIN: com.apple.SoftwareUpdate
CatalogURL=https://URLTOYOURCATALOG
In the 'Jamf Interaction Configuration' options you'll want to leave this option false.
susSetByTrigger=false
You could also manage this with a config profiles when you have multiple servers but will need to crontol this with scoping.
To run a policy first before checking for and installing updates you need to change the 'Jamf Interaction Configuration' options below.
susSetByTrigger=true
susSettingTriggerName="CustomEventNameHere"
If you have Multiple SUS Servers and they're organized by Network Ranges in the Jamf Pro Server then you can use an API tool to set the SUS server every time it checks for software updates. This Mirrors the native Policy functionality by check what network range the computer is in and then sets the SUS server setting to the associated one.
The tool is developed by another person on GitHub, loceee.
GitHub Source Set Apple Software Update Server by Network Range
Make sure to read all the information at the top of their script.
🌈 Documentation is not my forté. If you would like to contribute please write me on MacAdmins slack @cubandave