SUPER aka S.U.P.E.R.M.A.N. is a script for fully-automating macOS updates. It uses IBM Notifier 3.x (which it auto-installs) to provide customizable popup notices like Nudge, and automates the macOS update procedure similar to using Nudge with NudgeHelper.
SUPER has some advantages over Nudge+NudgeHelper - for instance, the user never sees the macOS Updates dialog, and by default it is configured so that once they've entered their password for updating one time, they won't have to enter it again.
It has some disadvantages as well - for instance, it's not possible to have SUPER only prompt if macOS is not a specific minor version, unlike Nudge. If a new minor version of macOS is released, SUPER will detect it and prompt for updates.
SUPER can be configured with different types of deadlines for installing updates:
- Date deferral - the user may defer updates until the date is reached
- Days deferral - the user may defer updates for N days
- Count deferral - the user may defer N times, no matter how long that takes
It minimizes user downtime by downloading and preparing macOS updates before prompting the user to update.
When it first prompts it will look like this:
(If the deadline is close, the "Defer" time will be the time until the deadline, otherwise it will be the number of minutes configured in the "Default Deferral Timer" option)
If you click on Restart, on an Apple Silicon Mac you'll get the user auth dialog:
NOTE: the password will get saved in the user's keychain - next time the Mac needs updates, the user will not be prompted!
IF you enter the wrong password twice it will abort, and you'll get the error dialog:
Once you've entered your password (or immediately on an Intel Mac) you'll see the restart message:
Full details on using & configuring SUPER are in the SUPER wiki at https://github.com/Macjutsu/super/wiki
SETTING UP SUPER macOS Updates
NOTE: for all of the examples below, "ENGR - " versions exist in UT Jamf in the ENGR site. I am working on templates and a script to make it easy for EPM to clone them to your site.
For testing SUPER you will need several configuration profiles in your site (where "SITE" below should be your sitename, e.g ENGR, MECH, COFA, etc).
- Two Configuration Profiles for Apple Software Update settings and notifications:
SITE - Apple Software Update - Disable Notifications
SITE - Apple Software Update Settings
- One Configuration Profile for the SUPER macos updates settings
SITE - SUPER macos updates settings - 7 day deferral
- This profile has a schema loaded to make adjusting settings easy; you may need to "Add Property" to add settings, e.g from the SUPER wiki
You should create a smart group for your test systems:
SITE - SUPER macos update targets
Create two polices to add the 'accessory' files to be displayed, and to run SUPER itself:
SITE - Add SUPER Accessory Files
- This uses script GLOBAL - Add Accessory HTML for SUPER which takes 2 parameters for the HTML to use for the 'macosupdate' and 'macosuserauth' accessory displays used by SUPER
- Give it a custom trigger such as SITE-add-super-files
SITE - Run SUPER for macos updates
- This uses script GLOBAL - SUPER v4 macOS Updates which is SUPER v4.0.3 from https://github.com/Macjutsu/super
- Scope both polices to your SITE - SUPER macos update targets group
- Add a custom trigger SITE-run-super
Create a policy to remove both Nudge & NudgeHelper from your target systems:
SITE - Remove Nudge & NudgeHelper
- Scope this to your SITE - SUPER macos update targets group
- Add script "GLOBAL - Nudge - Uninstall" with parameter uninstall_nudgehelper = true
- Add a custom trigger SITE-remove-nudge-for-super
To switch a Mac to SUPER for macOS updates, create a policy to run the remove-nudge, add-super-files, and and run-super policies:
SITE - Switch to SUPER for MacOS Updates
- Scope it your SITE - SUPER macos update targets group
- Add script "GLOBAL - Run Policy Triggers"
- Add parameters for SITE-remove-nudge-for-super, SITE-add-super-files, and SITE-run-super
- Optionally add a trigger to run a policy to reset macos updates before running SUPER
To start testing,
- Add your SITE - SUPER macos update targets group to your SITE - Exceptions - Nudge group - to ensure they don't also run Nudge.
- If you don't have such a group, ask EPM to create it - OR, set the Exception - Nudge EA for each computer.
- Set your SITE - Remove Nudge & NudgeHelper policy to Enabled, Ongoing (do not set Recurring Check-in)
- Set your SITE - Add SUPER Accessory Files policy to Enabled, Ongoing (do not set Recurring Check-in)
- Set your SITE - Run SUPER for macOS updates policies to Enabled, Recurring Check-in, Run Once Per Week
- Set your SITE - Switch to SUPER for MacOS Updates policy to Enabled, Recurring Check-in, Run Once Per Computer
- Run "sudo jamf policy" on the Mac to kick things off or just wait for the policies to run.
Once the polices run, Nudge & NudgeHelper will be removed, then SUPER will be installed, and the dialog accessory html files used by SUPER will be copied to /usr/local/epm
After the policies have run, SUPER might take a while before it prompts - it will check for any minor updates and pre-download them before it prompts.
SUPER auto-installs a LaunchDaemon to run itself at the interval you specify in the configuration file - running the policy weekly just ensures that it gets reinstalled if the user removes it - or if a new version of SUPER is uploaded to Jamf (script GLOBAL - SUPER v4 macOS Updates)
The Configuration Profile for SUPER has a schema loaded to make it easy to adjust settings:
You will need to Add Properties if you want to try a count-deferral or date-deferral instead of a number-of-days-deferral.
This schema should be complete, I have extended it from the one available in the SUPER gitbut, but if you find anything missing let me know. Hopefully it will be available in the github soon.
It's also possible to turn off updates, or set a "Zero Date" for the # days, if you want it to happen sooner, or want to put off updates for a long time.
That may be important, e.g in the case of updates that turn out to break things. Because of that possibility it will be best to create separate config profiles for each major MacOS version, like we do with Nudge - so we can turn off the particular version's upgrades if needed.