How do you handle Mac Security updates

I am wondering what you do to keep your mac security updates current.
What we are looking at is running a policy in Jamf to automatically run the Apple updates once a week with the options to automatically reboot the computer if no one is logged in and NOT automatically restart if they are logged in. Then also have a policy run every day that check when they last rebooted and display a message to reboot their computer.

What do you think of that idea and any other suggestions would be appreciated.


I think you’re on track with the maintenance window running every week or every other week. “On Thursday night before leaving, please log out. If you have a laptop, please leave it on or be prepared for updates to run first thing in the morning when you log in.”

In Absolute Manage (now LANrev?) you could push the updates out and allow users to defer for whatever amount of time you set. I haven’t had a chance to get into JAMF yet, but maybe it can do the same. At the end of that period it would force them to install updates (including restart), and they knew it was coming. If using JAMF Pro, can you force them to use Self Service by a certain date?

I think as a user I would be bothered by the daily reboot prompt, I don’t really see a reason to do that.

Thank you Adam.
To clarity my daily reboot prompt, is a script would run daily and ONLY display on their screen if they have not rebooted for at least 7 days. The idea is have it annoying enough to motivate them to restart their computer.

I think that sounds great. I’m sure you’ll get user feedback and make adjustments as needed, then you can just sit back and relax :smiley:

Mainly keep auto updates on to run as needed EXCEPT for Macs used in large venue projection. Those are on manual updates and run periodically, but will not jump into life when the computer is powered up on Sunday morning.

  • Greg