I needed a simple way to force Mac’s to run all updates from the Apple App store and then restart but give users notification and an option to defer for a set time.

This is what I came up with.

AppleScript that runs a softwareupdate -l if anything is found it then runs softwareupdate -i -a which will install all available updates. After completion it then has kicks off a dialogue box informing the user the Mac needs a restart. They have two options, defer for 5 minutes or restart straight away.

The script will be added to Library/Scripts/ along with the linked company logo via JAMF install on Check-in

It can be run via ssh into the Mac and osascript /Library/Scripts/update_restart_script.scpt or via a JAMF policy with a Process payload.

Hopefully this will be more reliable that JAMF policies which either stay as pending or fail to restart the Mac even though set to Restart Imemdiately.


if (do shell script "softwareupdate -l") contains "*" then
do shell script "softwareupdate -i -a"
tell application "Finder"
activate
repeat -- forever
set answer to button returned of (display dialog "Mandatory updates have been applied." & return & "Your Mac is ready to restart." & return & return & "Please close all applications and click RESTART." & return & return & "For further information email: support@yourcompany.com" with title "Mandatory Security Update - Restart Required" with icon {"/Library/Scripts/logo.png"} buttons {"Wait 5 minutes", "RESTART"} default button "RESTART")

if answer is equal to "RESTART" then
tell application "Finder" to restart
exit repeat
else
delay 300 -- time in seconds 300 is 5 minutes
end if
end repeat
end tell
end if