Hi Folks:
This is something we're facing, too. Just 5 Mac OS X machines and
need to visit each to update. Please reply to the group on any other
solutions - I'm interested!
Thanks, Michael
At 07:56 AM 3/17/2006, you wrote:
>Mike Patterson wrote:
>>We're working on our Mac patch management strategy/tool use. 99%
>>of our desktops are windows and we are more familiar with supporting those.
>>We've been using a monthly "Patch 2nd Tuesday" cycle using WSUS for
>>windows, internal security scans/RHN/newsgroups for linux/bsd
>>servers, and manual "software update" on OS X desktops. We also
>>process pressing security alerts out of that cycle when needed.
>>Is anyone using System Update Server for Mac OS X?
>>http://www.apple.com/server/macosx/features/softwareupdateserver.html
>>Can you set your clients to automatically install approved updates
>>like you can with Windows SUS/WSUS? Does it needs to run on a
>>actual apple server as oppose to serving flies from a different bsd
>>box? Is there a campus Mac SUS server available for campus clients
>>to use (it's overkill to run our own OS X server for this)?
>>While our windows desktops need patches constantly, at least we
>>have our WSUS server and policies to automatically install the
>>patches we approve and report their status.
>>We have a small number of Mac desktops, but visiting each
>>workstation and approving updates is a hassle. I suppose we could
>>enable ssh and run softwareupdate from the
>>command-line... possibly we could set a cronjob to email us
>>automatically if downloaded updates are waiting for install (since
>>we are out of touch OS X updates)...
>>What are other people doing?
>
>I don't think the Software Update Server helps with your client
>problem; it allows you to store the updates locally rather than each
>client getting them from Apple, but you still need to visit each
>machine (or give the user Administrator access and have them type in
>their password) to actually install the updates. (Note that Apple's
>language is: "Workgroup Manager allows administrators to control
>when and to whom the updates become available").
>
>There is a command-line interface to Software Update; it would be
>possible to roll your own cron job to install updates as root. The
>problem with that is that it doesn't interface with the user to get
>the system rebooted (if necessary); you can either call the Unix
>"reboot", which will blow away whatever the user has open and
>unsaved, or you could write your own AppleScript or something that
>would prompt the user to reboot.
>
>We're looking at FileWave as a product which can manage Mac system
>updates and software installation; that might be overkill if you
>have just a few Macs.
>
>--
>Tom Holub (tom_holub@LS.Berkeley.EDU, 510-642-9069)
>Director of Computing, College of Letters & Science
>249 Campbell Hall
><http://LS.berkeley.edu/computing/>
>
>------------------------------------------------------------------------
>The following was automatically added to this message by the list server:
>
>For information about Micronet, including subscribing to
>or unsubscribing from its mailing list and finding out
>about upcoming meetings, please visit the Micronet Web site:
><http://micronet.berkeley.edu/>.
------------------------------
Michael Rimar
Administrative Assistant
UC Botanical Garden
200 Centennial Drive #5045
Berkeley, CA 94720-5045
510-642-0849
fax 510-642-3012
http://botanicalgarden.berkeley.edu
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Fri Mar 17 08:25:56 2006
This archive was generated by hypermail 2.1.8 : Fri Mar 17 2006 - 08:25:56 PST