We all know people put off software updates forever. I mean, out of sight, out of mind, right? So… is there a good way, as an administrator, to encourage good habits of running software updates without driving users totally insane?
Maybe. Here's what I'm trying out. ymmv.
Since it's a nice one-liner, this can be thrown in the Files and Processes tab of a policy in the JSS.
To scope it, you'll need a Smart Computer Group that looks for machines with more than 0 updates available. Since the JSS isn't reliably reporting this count with it's built-in reporting, I threw together a simple EA to spit out the amount of available updates in an integer so that I could built a Smart Group with criteria of more than:
Once recon runs across machines you can set up your Smart Computer Group as follows:
You now have a group of machines to scope to. The next step is setting up the policy.
In the General pane of the new policy, call it something useful, and set it to happen at recurring check-in once a day.
In the Files and Processes pane, tell it to execute the command mentioned above.
In the Scope tab select your Smart Computer Group.
So that the App Store doesn't just randomly appear without warning, add a nice message to the Start Message area of the User Interaction tab.
Save!
I recommend enabling this policy in the morning, so that when the recurring check-ins happen and this policy runs it'll be on their mind at the beginning of the day, and not on their way out the door when they're likely to forget.
First they'll see a notification bubble with the message you set:
Then the App Store will open to the Updates pane.
Is this a failsafe way to get machines to update? Not necessarily. Is it a way to encourage good update habits by keeping users aware of available updates at a regular interval? I think so. You may need to experiment with good ways of running recon to make sure that folks aren't pestered unnecessarily.
It's one way of many. Give it a shot if you think it's a good fit for your organization.
Questions? Leave a comment below. And test test test before deploying!
EDIT:
I had someone point out that using the open "macappstore://showUpdatesPage" can have inconsistent results when run via ssh or recurring policy rather than in Self Service. Based on some of my own testing I was able to replicate the issue (a return of error -10810). If you want this to run via recurring policy (running as root without user interaction), rather than using Files and Processes, run the following script:
I love our little community. Cheers!
Maybe. Here's what I'm trying out. ymmv.
For the love of god, update your machine
So my idea was simple: if a machine has more than 0 updates available, send them a simple Notification Bubble and open the App Store to the Updates pane. You can actually use the following command to open the App Store directly to the Updates pane:
open "macappstore://showUpdatesPage"
Since it's a nice one-liner, this can be thrown in the Files and Processes tab of a policy in the JSS.
To scope it, you'll need a Smart Computer Group that looks for machines with more than 0 updates available. Since the JSS isn't reliably reporting this count with it's built-in reporting, I threw together a simple EA to spit out the amount of available updates in an integer so that I could built a Smart Group with criteria of more than:
Once recon runs across machines you can set up your Smart Computer Group as follows:
You now have a group of machines to scope to. The next step is setting up the policy.
In the General pane of the new policy, call it something useful, and set it to happen at recurring check-in once a day.
In the Files and Processes pane, tell it to execute the command mentioned above.
In the Scope tab select your Smart Computer Group.
So that the App Store doesn't just randomly appear without warning, add a nice message to the Start Message area of the User Interaction tab.
Save!
I recommend enabling this policy in the morning, so that when the recurring check-ins happen and this policy runs it'll be on their mind at the beginning of the day, and not on their way out the door when they're likely to forget.
First they'll see a notification bubble with the message you set:
Then the App Store will open to the Updates pane.
 |
| Look Ma, no updates! I've been a good girl. |
Is this a failsafe way to get machines to update? Not necessarily. Is it a way to encourage good update habits by keeping users aware of available updates at a regular interval? I think so. You may need to experiment with good ways of running recon to make sure that folks aren't pestered unnecessarily.
It's one way of many. Give it a shot if you think it's a good fit for your organization.
Questions? Leave a comment below. And test test test before deploying!
EDIT:
I had someone point out that using the open "macappstore://showUpdatesPage" can have inconsistent results when run via ssh or recurring policy rather than in Self Service. Based on some of my own testing I was able to replicate the issue (a return of error -10810). If you want this to run via recurring policy (running as root without user interaction), rather than using Files and Processes, run the following script:
I love our little community. Cheers!
Write a comment
Post a Comment