Jamf Nation Community

el2493 · ‎05-31-2017

Sorry if this has been answered, I haven't been able to find the answer.

I'm trying to find if there is an extension attribute to determine the SUS setting. I've tried multiple combinations of policies and configuration profiles to try to set computers to use our internal NetSUS server (which would block OS updates or any other updates we don't allow). Sometimes they seem to work, but then randomly I'll find a computer that is upgraded to the latest OS when that update is blocked on our NetSUS server.

I assumed the easiest way to keep this in check would be to have a smartgroup that was for computers that were not set to our local NetSUS (and then to set that as the scope for a policy that tries to set the SUS server), but if anyone else is doing something different that serves the same purpose I'd definitely be interested in hearing about it.

ryan_ball · ‎05-31-2017

This is what I use to get the SUS Catalog URL:

#!/bin/sh
susCatalog=`defaults read /Library/Preferences/com.apple.SoftwareUpdate CatalogURL`
if [ -z "$susCatalog" ]; then
    echo "<result>Not Set</result>"
else
    echo "<result>$susCatalog</result>"
fi

el2493 · ‎06-01-2017

Thanks, that does seem to work...now if I could just get the NetSUS set so that it stopped giving me the message "The domain/default pair of (/Library/Preferences/com.apple.SoftwareUpdate, CatalogURL) does not exist<br/><result>Not Set</result><br/>", I'd be all set!

Will keep looking into it on my end, thanks again for you help.

ryan_ball · ‎06-01-2017

You'd use something like this to set it:

#!/bin/sh
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://su.example.com:8088/index.sucatalog

As noted by Apple

el2493 · ‎06-01-2017

Have been trying something similar:
(edited out redundant parts of script)

#!/bin/sh

#Define the Name of your Server for the log output [we have multiple branches, so assigning to root branch]
NAME="SUS"
Branch="$4" [value set in JSS Policy]

#Define your SierraBranch 10.12
SISUS="http://[SUSserver]/content/catalogs/others/index-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1_${Branch}.sucatalog"

#System Variable - Don't Modify
OSversion=`sw_vers | grep ProductVersion`

#Sets System-Level com.apple.SoftwareUpdate.plist
case "$OSversion" in

*10.12*)
    defaults write /Library/Preferences com.apple.SoftwareUpdate CatalogURL "$SISUS"
    defaults read /Library/Preferences com.apple.SoftwareUpdate CatalogURL

And then I get an error message which includes:

*10.12*)<br/> defaults write /Library/Preferences com.apple.SoftwareUpdate CatalogURL "$SISUS"<br/>
defaults read /Library/Preferences com.apple.SoftwareUpdate CatalogURL<br/>
 echo "Setting Sytem SUS to $NAME Sierra Branch."<br/>
 ;;<br/>esac<br/>
2017-06-01 15:09:41.420 defaults[606:3942] Unexpected argument http://[SUSserver]/content/catalogs/others/index-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog_[branch]; leaving defaults unchanged.<br/>
2017-06-01 15:09:41.442 defaults[607:3946] <br/>The domain/default pair of (/Library/Preferences, com.apple.SoftwareUpdate) does not exist<br/>

I've tried removing the branch and still get the same "Unexpected argument" message. Will try just using simple script like you provided.

Jamf Nation Community

Extension Attribute SUS setting