Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SUPER aka S.U.P.E.R.M.A.N is a script for automating macOS updates. It provides popup notices similar to Nudge and automates the macOS update procedure similar to using Nudge with NudgeHelper.
 

 
 
SUPER has some advantages over Nudge+NudgeHelper - for instance, the user never sees the macOS Updates dialog, and, once they've entered their password once, they won't have to enter it again.
 
It has some disadvantages as well - for instance, it's not possible to have SUPER only come up if macOS is not a specific version, unlike Nudge. SUPER can limit updates to the major version number (ie 13) but not a specific minor version (ie 13.2.1).
 
 
For testing SUPER you will need several configuration profiles in your site (where "SITE" below should be your sitename, e.g ENGR, MECH, COFA, etc)
 

  • Two Configuration Profiles for Apple Software Update settings and notifications:

 
SITE - Apple Software Update - Disable Notifications
SITE - Apple Software Update Settings
 

  • One Configuration Profile for the SUPER macos updates settings

 
SITE - SUPER macos updates settings - 7 day deferral

  • This profile has a schema loaded to make adjusting settings easy; you may need to "Add Property" to add settings, e.g from the SUPER wiki

 
You should create a smart group for your test systems:
 
SITE - SUPER macos update targets
 
Create two polices to add the 'accessory' files to be displayed, and to run SUPER itself:
 
SITE - Add SUPER Accessory Files

  • This uses script ENGR - Add Accessory HTML for SUPER which takes 2 parameters for the HTML to use for the 'macosupdate' and 'macosuserauth' accessory displays used by SUPER

SITE - Run SUPER for macos updates

  • This used script ENGR - SUPER v4 macOS Updates
  • Scope both polices to your SITE - SUPER macos update targets group

 
Create a policy to remote both Nudge & NudgeHelper from your target systems:
 
SITE - Remove Nudge & NudgeHelper

  • Scope this to your SITE - SUPER macos update targets group

 
 
To start testing,

  1. Add your SITE - SUPER macos update targets group to your SITE - Exceptions - Nudge group - to ensure they don't also run Nudge.
    • If you don't have such a group, ask EPM to create it - OR, set the Exception - Nudge EA for each computer.
  2. Set your SITE - Remove Nudge & NudgeHelper policy to Enabled, Run Once Per Computer
  3. Set your SITE - Add SUPER Accessory Files policy to Enabled, Run Once Per Computer
  4. Set your SITE - Run SUPER for macOS updates policies to Enabled, Run Once Per Week
  5. Wait for SUPER to open - or run "sudo jamf policy" if you want to kick things off

 
 
Once the polices run, Nudge & NudgeHelper will be removed, then SUPER will be installed, and the dialog accessory html files used by SUPER will be copied to /usr/local/epm
 
After the policies have run, you can wait for SUPER to prompt, or run "sudo super" in Terminal to have it come up. You could also change your "SITE - Run SUPER for macos updates" policy to be available from Self Service and run it that way.
 
SUPER auto-installs a LaunchDaemon to run itself at the interval you specify in the configuration file - running the policy weekly just ensures that it gets reinstalled if the user removes it - or if a new version of SUPER is uploaded to Jamf (script ENGR - SUPER v4 macOS Updates)
 
When it first prompts it will look like this:
 

 
(If the deadline is close, the "Defer" time will be the time until the deadline)
 
 
If you click on Restart, on an Apple Silicon Mac you'll get the user auth dialog:
 

 
NOTE: the password will get saved in the user's keychain - next time the Mac needs updates, the user will not be prompted!
 
 
You can enter the wrong password twice to abort if you want to keep testing, and you'll get the error dialog:
 

 
 
Once you've entered your password (or immediately on an Intel Mac) you'll see the restart message:
 

 
 
The Configuration Profile for SUPER has a schema loaded to make it pretty easy to adjust settings:
 

 
 
You will need to Add Properties if you want to try a count-deferral or date-deferral instead of a number-of-days-deferral.
 
There may still be some options that need to be added to the schema - if you find one missing let me know. I've extended it already quite a bit & plan to submit it to the SUPER github.
 
It's also possible to turn off updates, or set a "Zero Date" for the # days, if you want it to happen sooner, or want to put off updates for a long time.
 
That may be important, e.g in the case of updates that turn out to break things. Because of that possibility it will be best to create separate config profiles for each major MacOS version, like we do with Nudge - so we can turn off the particular version's upgrades if needed.