talkingmoose · February 9, 2020 17:15
diff --git a/Mac software updates.txt b/Mac software updates.txt
 IT is responsible for patch management, but users should be afforded the opportunity to install updates when convenient for them.

 Communication is key. Where possible start with unobtrusive methods to notifiy users they need to install updates such as via email. In the email, include the deadline and a link to a policy to "update now". Use HTML formatting and graphics to help them understand what will happen and make the updates easy.

 If email communications fail to get users to update, use a JamfHelper script in a policy to nag users once per day they need to update. Provide a button that links to the policy to "update now" and another button to "remind later". Users should not be able to close the nag until they click either of the buttons. Consider automatically closing the nag after 10 minutes and allowing the policy to reopen it at next checkin. After the user acknowledges the nag by clicking a button, write a time stamp to a file to prevent the nag from appearing the rest of the day. Alternatively, install updates immediately if no one is logged in.

 Finally, display the nag twice per day including a deadline that warms them updates will be forced. Provide a button that links to the policy to "update now" and another button to "remind later". Users should not be able to close the nag until they click either of the buttons. Consider automatically closing the nag after 10 minutes and allowing the policy to reopen it at next checkin. After the user acknowledges the nag by clicking a button, write a time stamp to a file to prevent the nag from appearing until the second half of the day. Alternatively, install updates immediately if no one is logged in.

 At deadline, display a JamfHelper dialog with a countdown timer and "Update Now" button only. Users should not be able to close the nag unless they click the "Update Now" button. Alternatively, install updates immediately if no one is logged in.

 Here is a monthly workflow. Timing can be condensed or expanded as needed.




 On a daily basis, run `/usr/sbin/softwareupdate --download --all`. This caches available updates to speed up the process.

   February 2020      
 Su Mo Tu We Th Fr Sa  
                   1  
 2  3  4  5  6  7  8  <-- Email users one or two times to update by February 14 using Self Service (with link)
 9 10 11 12 13 14 15  <-- Email users daily to update by February 14 using Self Service (with link)
 16 17 18 19 20 21 22  <-- JamfHelper nag once per day to update using Self Service ASAP
 23 24 25 26 27 28 29  <-- Jamf Helper nag stating deadline to update is 10:00 a.m. on the 26th

 On the 26th at ~10:00 a.m., Jamf Helper dialog enforcing the update similar to this. The nag can't be closed. The "Update" button only ends the JamfHelper script and an execute command runs softwareupdate.

 https://gist.github.com/talkingmoose/3d405eb9dc8ce99a48cda9d9f7609a4f
	IT is responsible for patch management, but users should be afforded the opportunity to install updates when convenient for them.

	Communication is key. Where possible start with unobtrusive methods to notifiy users they need to install updates such as via email. In the email, include the deadline and a link to a policy to "update now". Use HTML formatting and graphics to help them understand what will happen and make the updates easy.

	If email communications fail to get users to update, use a JamfHelper script in a policy to nag users once per day they need to update. Provide a button that links to the policy to "update now" and another button to "remind later". Users should not be able to close the nag until they click either of the buttons. Consider automatically closing the nag after 10 minutes and allowing the policy to reopen it at next checkin. After the user acknowledges the nag by clicking a button, write a time stamp to a file to prevent the nag from appearing the rest of the day. Alternatively, install updates immediately if no one is logged in.

	Finally, display the nag twice per day including a deadline that warms them updates will be forced. Provide a button that links to the policy to "update now" and another button to "remind later". Users should not be able to close the nag until they click either of the buttons. Consider automatically closing the nag after 10 minutes and allowing the policy to reopen it at next checkin. After the user acknowledges the nag by clicking a button, write a time stamp to a file to prevent the nag from appearing until the second half of the day. Alternatively, install updates immediately if no one is logged in.

	At deadline, display a JamfHelper dialog with a countdown timer and "Update Now" button only. Users should not be able to close the nag unless they click the "Update Now" button. Alternatively, install updates immediately if no one is logged in.

	Here is a monthly workflow. Timing can be condensed or expanded as needed.




	On a daily basis, run `/usr/sbin/softwareupdate --download --all`. This caches available updates to speed up the process.

	February 2020
	Su Mo Tu We Th Fr Sa
	1
	2 3 4 5 6 7 8 <-- Email users one or two times to update by February 14 using Self Service (with link)
	9 10 11 12 13 14 15 <-- Email users daily to update by February 14 using Self Service (with link)
	16 17 18 19 20 21 22 <-- JamfHelper nag once per day to update using Self Service ASAP
	23 24 25 26 27 28 29 <-- Jamf Helper nag stating deadline to update is 10:00 a.m. on the 26th

	On the 26th at ~10:00 a.m., Jamf Helper dialog enforcing the update similar to this. The nag can't be closed. The "Update" button only ends the JamfHelper script and an execute command runs softwareupdate.

	https://gist.github.com/talkingmoose/3d405eb9dc8ce99a48cda9d9f7609a4f