AppleScript Force Software Updates

I needed a simple way to force Mac’s to run all updates from the Apple App store and then restart but give users notification and an option to defer for a set time.

This is what I came up with.

AppleScript that runs a

1
softwareupdate -l

if anything is found it then runs

1
softwareupdate -i -a

which will install all available updates. After completion it then has kicks off a dialogue box informing the user the Mac needs a restart. They have two options, defer for 5 minutes or restart straight away.

The script will be added to Library/Scripts/ along with the linked company logo via JAMF install on Check-in

It can be run via ssh into the Mac and

1
osascript /Library/Scripts/update_restart_script.scpt

or via a JAMF policy with a Process payload.

Hopefully this will be more reliable that JAMF policies which either stay as pending or fail to restart the Mac even though set to Restart Imemdiately.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
if (do shell script "softwareupdate -l") contains "*" then
    do shell script "softwareupdate -i -a"
    tell application "Finder"
        activate
        repeat -- forever
            set answer to button returned of (display dialog "Mandatory updates have been applied." & return & "Your Mac is ready to restart." & return & return & "Please close all applications and click RESTART." & return & return & "For further information email: support@yourcompany.com" with title "Mandatory Security Update - Restart Required" with icon {"/Library/Scripts/logo.png"} buttons {"Wait 5 minutes", "RESTART"} default button "RESTART")
           
            if answer is equal to "RESTART" then
                tell application "Finder" to restart
                exit repeat
            else
                delay 300 -- time in seconds 300 is 5 minutes
            end if
        end repeat
    end tell
end if

Echo Dot on the Ceiling

I’ve been using an Apple Airport Express for a number of years connected to a Marantz amplifier in the top of a cupboard which is then connected to some ceiling speakers for music via iTunes and more recently Spotify. Earlier this year I bought an Amazon Echo and found it much simpler to control Spotify, so I decided to ditch the Airport Express and replace with an Amazon Echo Dot and use it for voice control of music with the ceiling speakers. I also purchased another Belkin WeMo Switch Smart Plug to turn the amp on and off and a Dot flush ceiling mount kit.

Plan was, Dot to amp and power, amp to ceiling speakers (already in place), amp into Wemo socket. After about an hour or so of cutting and wiring I ended up with the flush ceiling mount in place, the Dot mounted and all wired back to the amp.

The ceiling was really easy to fit, just a case of finding a suitable spot and then cutting a hole. It fitted tightly into the ceiling and the kit comes with a 90degree 3.5mmm jack and also a very long USB power lead. All I had to add was a 3.5mm male jack to left/right phono to plug into the back of the Marantz amp. The Dot fits well into the mount and can’t fall as the wires keep it in place plus the kit comes with some stick pads for extra security, not that it really needs them.

Once all wired in and the Wemo plug setup the Marantz amp can be switched on and off with a simple “Alexa turn on Marantz” command and then Spotify played back with a simple “Alexa play“, so much easier than having to find my iPhone, launch Spotify, turn the amp on, play a track and then choose Airplay.

Proxy Setting for all network devices

An issue that came up recently was the proxy URL and bypass was not being set correctly when connecting a Mac via USB-A or USB-C cable to a network enabled device, like screen, docks or hubs. DisplayLink was installed so they were all making a network connection but as no proxy was set there were a few access issues.

In the past setting network settings via a script had been pretty easy but now Mac’s don’t have a network port and desks are  switching to a single cable solution which is USB-C to a dock which than connects to screens, ethernet and power its got a little harder.

The previous solution was to identify the device and add the settings, for example if it was an ethernet connection then you just specify the connection and the details:

1
2
networksetup -setautoproxyurl "Ethernet" http://urltoyourproxy.pac
networksetup -setproxybypassdomains "Ethernet" "*.local" "169.254/16" "*.adomain.com"

You could add this for various devices that were used to connect to a network:

1
2
3
4
networksetup -setautoproxyurl "Apple USB Ethernet Adapter"
networksetup -setautoproxyurl "Wi-Fi"
networksetup -setautoproxyurl "Thunderbolt Ethernet"
networksetup -setautoproxyurl "USB Ethernet"

The problem was with docks and hubs and screens all being different names and makes and models there  you would have to set each item specifically:

1
networksetup -setautoproxyurl "Philips 231P4U"

Clearly this is not ideal as usually as an Admin you have no idea what is being put on a desk, so another solution was required.

The following script is via a variation from MacMule, this loops through all the devices that have been connected or are connected and regardless of name adds in the required details.

Simply set you values at the top of the script. The script can then be deployed via MDM such as JAMF and set it to run on network change. Now when a Mac changes network connection the script loops through and adds in the the correct proxy URL and proxy bypass details.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/bin/sh
####################################################################################################
#
# More information: https://macmule.com/2014/12/07/how-to-change-the-automatic-proxy-configuration-url-in-system-preferences-via-a-script/
#
# GitRepo: https://github.com/macmule/setAutomaticProxyConfigurationURL
#
# License: http://macmule.com/license/
#
# Updated to add proxyBypass settings by M Griffin October 2017
####################################################################################################

# HARDCODED VALUES ARE SET HERE
autoProxyURL="http://urltoyourproxy.pac"
proxyBypassDomains="*.local 169.254/16 *.adomain.com"

# CHECK TO SEE IF A VALUE WAS PASSED FOR $4, AND IF SO, ASSIGN IT
if [ "$4" != "" ] && [ "$autoProxyURL" == "" ]; then
autoProxyURL=$4
fi

# Detects all network hardware & creates services for all installed network hardware
/usr/sbin/networksetup -detectnewhardware

IFS=$'\n'

#Loops through the list of network services
for i in $(networksetup -listallnetworkservices | tail +2 );
do

# Get a list of all services
proxyBypassDomainsLocal=`/usr/sbin/networksetup -getproxybypassdomains "$i" | head -1 | cut -c 6-`

# Echo's the name of any matching services & the autoproxyURL's set
echo "$i Proxy set to $proxyBypassDomainsLocal"

# If the value returned of $autoProxyURLLocal does not match the value of $autoProxyURL for the interface $i, change it.
if [[ $proxyBypassDomainsLocal != $proxyBypassDomains ]]; then
/usr/sbin/networksetup -setproxybypassdomains $i $proxyBypassDomains
echo "Set proxy bypass for $i to $proxyBypassDomains"
fi

if [[ $autoProxyURLLocal != $autoProxyURL ]]; then
/usr/sbin/networksetup -setautoproxyurl $i $autoProxyURL
echo "Set auto proxy for $i to $autoProxyURL"
fi
# Enable auto proxy once set
/usr/sbin/networksetup -setautoproxystate "$i" on
echo "Turned on auto proxy for $i"

done

unset IFS

# Echo that we're done
echo "Auto proxy present, correct & enabled for all interfaces"

Stop High Sierra Installs and Updates

With High Sierra causing so many issues for Enterprise environments at the moment you may want to block the install. This can be achieved in various ways.

If you are using Jamf MDM then a simple Restricted Software policy can stop the install:

However this won’t stop macOS downloading the updater in the background and prompting the user to install, but there are two other commands we can issues to try and stop auto updates and notifications:

To stop Auto Updates:

1
defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool FALSE

To turn Auto Updates back on:

1
defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool TRUE

To turn off High Sierra notifications

1
sudo softwareupdate --ignore macOS High

An when you do want to allow notifications you can switch it back on with:

1
sudo softwareupdate  --reset-ignored

 

Recent Posts

Recent Comments

    Archives

    Categories

    Meta

    GiottoPress by Enrique Chavez