Because of the 10.12.5 breaking 802.1x problem, I have a desperate need to block or kill the Mac notifications end users get to install system updates. I have alerted everyone to please keep clicking "Later>Remind me tomorrow" option on the notification, but accidents do happen and a few users have been updated. Because of the way our network is architected, it is a serious pain to manually fix it after the fact. I do have a rebuilt Config Profile built that appears to fix the problem pro-actively and after the fact. The problem is that there is a situation at one of our locations that is blocking all MDM actions and prevents me from sending MDM commands to remove the old and install the new. I have to wait for InfoSec and our network engineers to fix the problem - however long that will be. In the meantime, I need to find a way to remove even the accidental possibility of updating to 10.12.5 until the MDM blockage has been resolved. I can't push a profile with these settings because they'll never make it to the intended recipients. Is there a command I can push via Profile (because those still work) that will completely kill all softwareupdate checks and nagging? It also needs to be reversible.
