Category: High Sierra

AppleScript Force Software Updates

I needed a simple way to force Mac’s to run all updates from the Apple App store and then restart but give users notification and an option to defer for a set time.

This is what I came up with.

AppleScript that runs a

1
softwareupdate -l

if anything is found it then runs

1
softwareupdate -i -a

which will install all available updates. After completion it then has kicks off a dialogue box informing the user the Mac needs a restart. They have two options, defer for 5 minutes or restart straight away.

The script will be added to Library/Scripts/ along with the linked company logo via JAMF install on Check-in

It can be run via ssh into the Mac and

1
osascript /Library/Scripts/update_restart_script.scpt

or via a JAMF policy with a Process payload.

Hopefully this will be more reliable that JAMF policies which either stay as pending or fail to restart the Mac even though set to Restart Imemdiately.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
if (do shell script "softwareupdate -l") contains "*" then
    do shell script "softwareupdate -i -a"
    tell application "Finder"
        activate
        repeat -- forever
            set answer to button returned of (display dialog "Mandatory updates have been applied." & return & "Your Mac is ready to restart." & return & return & "Please close all applications and click RESTART." & return & return & "For further information email: support@yourcompany.com" with title "Mandatory Security Update - Restart Required" with icon {"/Library/Scripts/logo.png"} buttons {"Wait 5 minutes", "RESTART"} default button "RESTART")
           
            if answer is equal to "RESTART" then
                tell application "Finder" to restart
                exit repeat
            else
                delay 300 -- time in seconds 300 is 5 minutes
            end if
        end repeat
    end tell
end if

Stop High Sierra Installs and Updates

With High Sierra causing so many issues for Enterprise environments at the moment you may want to block the install. This can be achieved in various ways.

If you are using Jamf MDM then a simple Restricted Software policy can stop the install:

However this won’t stop macOS downloading the updater in the background and prompting the user to install, but there are two other commands we can issues to try and stop auto updates and notifications:

To stop Auto Updates:

1
defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool FALSE

To turn Auto Updates back on:

1
defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool TRUE

To turn off High Sierra notifications

1
sudo softwareupdate --ignore macOS High

An when you do want to allow notifications you can switch it back on with:

1
sudo softwareupdate  --reset-ignored

 

Recent Posts

Recent Comments

    Archives

    Categories

    Meta

    GiottoPress by Enrique Chavez