Mike Patterson wrote:
> We're working on our Mac patch management strategy/tool use. 99% of our
> desktops are windows and we are more familiar with supporting those.
> We've been using a monthly "Patch 2nd Tuesday" cycle using WSUS for
> windows, internal security scans/RHN/newsgroups for linux/bsd servers,
> and manual "software update" on OS X desktops. We also process pressing
> security alerts out of that cycle when needed.
>
> Is anyone using System Update Server for Mac OS X?
> http://www.apple.com/server/macosx/features/softwareupdateserver.html
>
> Can you set your clients to automatically install approved updates like
> you can with Windows SUS/WSUS? Does it needs to run on a actual apple
> server as oppose to serving flies from a different bsd box? Is there a
> campus Mac SUS server available for campus clients to use (it's overkill
> to run our own OS X server for this)?
>
> While our windows desktops need patches constantly, at least we have our
> WSUS server and policies to automatically install the patches we approve
> and report their status.
>
> We have a small number of Mac desktops, but visiting each workstation
> and approving updates is a hassle. I suppose we could enable ssh and
> run softwareupdate from the command-line... possibly we could set a
> cronjob to email us automatically if downloaded updates are waiting for
> install (since we are out of touch OS X updates)...
>
> What are other people doing?
I don't think the Software Update Server helps with your client problem; it
allows you to store the updates locally rather than each client getting them
from Apple, but you still need to visit each machine (or give the user
Administrator access and have them type in their password) to actually install
the updates. (Note that Apple's language is: "Workgroup Manager allows
administrators to control when and to whom the updates become available").
There is a command-line interface to Software Update; it would be possible to
roll your own cron job to install updates as root. The problem with that is
that it doesn't interface with the user to get the system rebooted (if
necessary); you can either call the Unix "reboot", which will blow away
whatever the user has open and unsaved, or you could write your own
AppleScript or something that would prompt the user to reboot.
We're looking at FileWave as a product which can manage Mac system updates and
software installation; that might be overkill if you have just a few Macs.
-- Tom Holub (tom_holub@LS.Berkeley.EDU, 510-642-9069) Director of Computing, College of Letters & Science 249 Campbell Hall <http://LS.berkeley.edu/computing/> ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.Received on Fri Mar 17 07:59:46 2006
This archive was generated by hypermail 2.1.8 : Fri Mar 17 2006 - 07:59:46 PST