Skip to content

Home

Jump to bottom
Kevin M. White edited this page Apr 18, 2024 · 20 revisions

S.U.P.E.R.M.A.N. v4.0.3

Software Update Policy Enforcement (with) Recursive Messaging And Notification

S.U.P.E.R.M.A.N. optimizes the macOS software update and upgrade experience.

by Kevin M. White

Introduction

S.U.P.E.R.M.A.N. (or just super) is an open source script that provides administrators with a comprehensive workflow to encourage and enforce macOS software updates and upgrades for both Intel and Apple silicon Mac computers. Deployed using a single script and optional configuration profiles, super creates a background agent (aka LaunchDaemon) that ensures updates and upgrades are applied with the least user interference possible. Further, super can also enforce updates and upgrades with options for customizable deferrals and deadlines. In other words, super makes the macOS software update or upgrade experience better for both users and administrators.

Main Features

  • Fully automated (when properly configured no user authentication is needed) macOS software update or upgrade workflows for both Intel and Apple silicon Mac computers.
  • Customizable user interface dialogs and notifications using IBM Notifier 3.x.
  • Minimizes user downtime by automatically downloading and preparing updates or upgrades before interrupting the user to restart.
  • Full support for the latest workflows including faster "over-the-air" macOS upgrades and Rapid Security Release (RSR) updates.
  • Minimizes user downtime by automatically installing non-macOS software updates (Safari, Xcode, etc.) immediately after a macOS update or upgrade restart.
  • Automatic deferral options for user Focus, Do Not Disturb, and screen sleep assertions (presentations, meetings, etc).
  • A variety of enforcement options including maximum deferral counts, maximum deferral days, and date deadlines.
  • Support for "self service" workflows that allow the end user to initiate a macOS update or upgrade via super's customizable interfaces.
  • Background agent (LaunchDaemon) can work independently of a mobile device management (MDM) service.
  • Automatic installation of all required items and dependencies.
  • Configurable using interactive command line super or configuration profiles.
  • Substantial validation and logging including both testing and verbose modes.
  • Robust failover mechanisms for handling update or upgrade workflow failures.
  • For computers managed by Jamf Pro:
    • Automatic inventory and policy check-in as soon as possible after computer restarts.
    • A variety of optional Extension Attribute scripts that can collect super's operating status.
    • Option to run Jamf Pro policies prior to system update or upgrade restart.
    • Option to run Jamf Pro policies without Apple software updates or upgrades and still take advantage of dialogs, notifications, deferrals, and deadline workflows.

Screenshots

Update dialog with multiple deadlines and pop-up deferral choice

Update dialog example

A macOS update restart notification

A macOS update restart notification

Introduction

Home

Requirements

Getting Started

Workflow Options

Updates and Upgrades

User Initiated Workflows

Alternate Workflows

Deferrals and Deadlines

Deferral Behavior

Count Deadlines

Days Deadlines

Date Deadlines

Dialogs and Notifications

Dialog Timeouts

Display Behavior

Display Customization

Display Language

Apple Silicon Authentication

Apple Silicon Local Credentials

Apple Silicon Jamf Pro API Credentials

Test and Troubleshoot

Testing and Validation

Troubleshooting

Deployment

Configure Settings

Apple Software Update Settings

Jamf Pro Deployment

Clone this wiki locally