SUPER aka S.U.P.E.R.M.A.N. is a script for fully-automating macOS updates. It uses IBM Notifier 3.x (which it auto-installs) to provide customizable popup notices like Nudge, and automates the macOS update procedure similar to using Nudge with NudgeHelper.
SUPER has some advantages over Nudge+NudgeHelper - for instance, the user never sees the macOS Updates dialog, and by default it is configured so that once they've entered their password for updating one time, they won't have to enter it again. . It also downloads and prepares updates before prompting the user.
It has some disadvantages as well - for instance, it's not possible to have SUPER only come up prompt if macOS is not a specific minor version, unlike Nudge. If a new minor version of macOS is released, SUPER will detect it and prompt for updates.
SUPER can be configured with different types of deadlines for installing updates:
- Date deferral - the user may defer updates until the date is reached
- Days deferral - the user may defer updates for N days
- Count deferral - the user may defer N times, no matter how many days long that takes
It minimizes user downtime by downloading and preparing macOS updates before prompting the user to update.
When it first prompts it will look like this:
(If the deadline is close, the "Defer" time will be the time until the deadline, otherwise it will be the number of minutes configured in the "Default Deferral Timer" option)
If you click on Restart, on an Apple Silicon Mac you'll get the user auth dialog:
NOTE: the password will get saved in the user's keychain - next time the Mac needs updates, the user will not be prompted!
IF you enter the wrong password twice it will abort, and you'll get the error dialog:
Once you've entered your password (or immediately on an Intel Mac) you'll see the restart message:
Full details on using & configuring SUPER are in the SUPER wiki at https://github.com/Macjutsu/super/wiki
...
SETTING UP SUPER macOS Updates
NOTE: for all of the examples below, "ENGR - " versions exist in UT Jamf in the ENGR site. There are also templates that EPM can clone into your site.
For testing SUPER you will need several configuration profiles in your site (where "SITE" below should be your sitename, e.g ENGR, MECH, COFA, etc).
- Two Configuration Profiles for Apple Software Update settings and notifications:
...
You should create a smart group for your test systems:
SITE - SUPER macos update targets
Create two polices to add the 'accessory' files to be displayed, and to run SUPER itself:
SITE - Add SUPER Accessory Files
...
Create a policy to remove both Nudge & NudgeHelper from your target systems:
SITE - Remove Nudge & NudgeHelper - SUPER macos targets
- Scope this to your SITE - SUPER macos update targets group
- Add script "GLOBAL - Nudge - Uninstall" with parameter uninstall_nudgehelper = true
- Add a custom trigger SITE-remove-nudge-for-super
...
To switch a Mac to SUPER for macOS updates, create a policy using the script "GLOBAL - Run Policy Triggers"to run the remove-nudge, add-super-files, and and run-super policies:
SITE - Switch to SUPER for MacOS Updates
- This will run Scope it your SITE - SUPER macos update targets group
- Add script "GLOBAL - Run Policy Triggers"
- Add parameters for SITE-remove-nudge-for-super, SITE-add-super-files, and SITE-addrun-superScope it your SITE - SUPER macos update targets group
- Optionally add a trigger to run a policy to reset macos updates before running SUPER
To start testing,
- Add your SITE - SUPER macos update targets group to your SITE - Exceptions - Nudge group - to ensure they don't also run Nudge.
- If you don't have such a group, ask EPM to create it - OR, set the Exception - Nudge EA for each computer.
- Set your SITE - Remove Nudge & NudgeHelper policy - SUPER macos targets policy to Enabled, Ongoing (do not set Recurring Check-in)
- Set your SITE - Add SUPER Accessory Files policy to Enabled, Ongoing (do not set Recurring Check-in)
- Set your SITE - Run SUPER for macOS updates policies to Enabled, Recurring Check-in, Run Once Per Week
- Set your SITE - Switch to SUPER for MacOS Updates policy to Enabled, Recurring Check-in, Run Once Per Computer
- Run "sudo jamf policy" on the Mac to kick things off or just wait for the policies to run.
Once the polices run, Nudge & NudgeHelper will be removed, then SUPER will be installed, and the dialog accessory html files used by SUPER will be copied to /usr/local/epm
After the policies have run, SUPER might take a while before it prompts - it will check for any minor updates and pre-download them before it prompts.
SUPER auto-installs a LaunchDaemon to run itself at the interval you specify in the configuration file - running the policy weekly just ensures that it gets reinstalled if the user removes it - or if a new version of SUPER is uploaded to Jamf (script ENGR GLOBAL - SUPER v4 macOS Updates)
...
The Configuration Profile for SUPER has a schema loaded to make it pretty easy to adjust settings:
You will need to Add Properties if you want to try a count-deferral or date-deferral instead of a number-of-days-deferral.
There may still be some options that need to be added to the schema - if you find one This schema should be complete, I have extended it from the one available in the SUPER github, but if you find anything missing let me know. I've extended it already quite a bit & plan to submit it to the SUPER github Hopefully it will be available in the github soon - I added an issue with the schema file attached.
It's also possible to turn off updates, or set a "Zero Date" for the # days, if you want it to happen sooner, or want to put off updates for a long time.
That may be important, e.g in the case of updates that turn out to break things. Because of that possibility it will be best to create separate config profiles for each major MacOS version, like we do with Nudge - so we can turn off the particular version's upgrades if needed.
...