+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: Remote admin of Software Update for Macs on a a Network? (/showthread.php?tid=124615)
Pages:
1
2
Re: Remote admin of Software Update for Macs on a a Network? - Joey Cupcakes - 10-04-2011
silvarios wrote:
He could easily do it if he was comfortable logging into the three Macs separately. There's only three Macs after all. What is that, 15 minutes worth of work?
I've made that point to him. He should be able to VNC in to each Mac's screen sharing. He wants it to be "automatic," though. Like letting software update itself without needing admin approval is somehow more "secure" than letting Macs on his PC network, the security issues on which his job relies.
Re: Remote admin of Software Update for Macs on a a Network? - Joey Cupcakes - 10-04-2011
decay wrote:
Absolute Manage, formerly LANrev
http://www.absolute.com/en/products/absolute-manage/features.aspx
Interesting, will check this out, thanks!
Re: Remote admin of Software Update for Macs on a a Network? - Joey Cupcakes - 10-04-2011
Chakravartin wrote:
Tell him to enable Remote Login on each Mac. Then he can SSH into each one and run this command from the Terminal:
sudo softwareupdate -i -a
That should satisfy him because it's:
1. Secure; and
2. He can blow some company time figuring out how to automate/script it.
So I take it that command will run Software Update w/ admin privileges and install all available updates, I assume? Good possibilities here, thanks.
Re: Remote admin of Software Update for Macs on a a Network? - Joey Cupcakes - 10-04-2011
ztirffritz wrote:
Tell him that when Microsoft releases a tool to allow him to update Windows PCs natively from a Mac you'll show him how to do the same from a PC for a Mac. MS has WSUS for updating PCs, which is great but it still requires a Windows Server to run it. He isn't necessarily a douchebag. He's just incapable of visualizing a world that doesn't revolve around MS. Some people never new a world before Windows. To them, OS X is an 'invader' rather than a rescuer.
There is a way to live in that world without an unwarranted condescending tone. I've been in plenty of places that either: a) Realize that while their network of over 200 PCs might have 3 Macs on it, the people using the Macs (usually the graphics and marketing folks) need to be treated with the same respect and support as everyone else, so while their budget won't support specific Mac training or a staff Mac guy, they will hire an indy like me to service those folks occasionally and give him reasonable access an cooperation; or
b) they will have a "we don't do Macs" policy and simply choose not to deal with it at all. I think they are wrong but I can respect that decision and turn around and go to my next client.
This guy is in between those extremes but makes you sit down in his office with the people whose workload is backed up and talk down to you about how you don't need to use Macs (regardless of the fact that these people have a many year long well established workflow) because "they cannot be made as secure." He doesn't have to have an attitude about it.
Re: Remote admin of Software Update for Macs on a a Network? - Joey Cupcakes - 10-04-2011
Chakravartin wrote:
Tell him to enable Remote Login on each Mac. Then he can SSH into each one and run this command from the Terminal:
sudo softwareupdate -i -a
That should satisfy him because it's:
1. Secure; and
2. He can blow some company time figuring out how to automate/script it.
Is there a way to adapt this command to approve only Security patches?
Also, adapt the command line to include an admin password for that specific computer?
Thanks!
Re: Remote admin of Software Update for Macs on a a Network? - Chakravartin - 10-04-2011
Joey Cupcakes wrote:
Is there a way to adapt this command to approve only Security patches?
Yes. Sort of.
You can use the -l flag ( that's a lowercase "L" ) to list all available software updates and then once you have the name of the update that you want to install you use the command like this:
sudo softwareupdate --install SecUpd2011-004-1.0
(That command would install only the 2011-004 security update for Leopard.)
It wouldn't be hard for a good IT admin to write a script that listed the available updates and then selectively installed the ones containing "SecUpd" while ignoring the others.
Joey Cupcakes wrote:
Also, adapt the command line to include an admin password for that specific computer?
You have to have an admin password to install software updates this way. The "install" flag that is used to install software updates requires escalated privileges. That's what the "sudo" is there for in my examples.
You can also set up Remote Login to allow only a certain admin account to connect to the Mac via SSH.
Re: Remote admin of Software Update for Macs on a a Network? - silvarios - 10-04-2011
Joey Cupcakes wrote: Is there a way to adapt this command to approve only Security patches?
Yes, but not in the way you expect. Often times system updates come with the newest security patches and there doesn't seem to be a way to get them without the system update. New versions of Safari, QuickTime, and other similar apps also contain security updates.
Re: Remote admin of Software Update for Macs on a a Network? - Joey Cupcakes - 10-04-2011
silvarios wrote:
[quote=Joey Cupcakes]Is there a way to adapt this command to approve only Security patches?
Yes, but not in the way you expect. Often times system updates come with the newest security patches and there doesn't seem to be a way to get them without the system update. New versions of Safari, QuickTime, and other similar apps also contain security updates.
Good point.