Is there a worklet available for macOS to stop automatic software updates?
Solved
Disable Auto-Updates for macOS
Best answer by JohnG-Automox
Hi
This worklet has been published to the Worklet Catalog so you can now plug and play it within your environment directly through the Automox Console: https://console.automox.com/manage/worklet-catalog/267
Have a great day!
Hi
Here is a worklet you can use for disabling automatic software updates on a MacOS device.
Evaluation Code:
#!/bin/bash
#================================================================
# HEADER
#================================================================
# SYNOPSIS
# MacOS - Configuration - Disable Auto-Updates
# Disables automatic updates in Software Update
#
# DESCRIPTION
# This worklet changes preferences in Software Update to disable
# Automatic Updates, Check for Updates, Download New Updates, and
# App Updates from the App Store.
#
# If any of these settings are set to enabled, the evaluation code
# will flag the device for remediation.
#
# The remediation script will then set the preferences of
# 'AutomaticCheckEnabled', 'AutomaticDownload', and 'AutoUpdate'
# to a value of false to disable them.
#
# USAGE
# ./evaluation.sh
#
# NOTES
# This worklet will prevent the device from automatically patching
# first party updates.
#
#================================================================
# IMPLEMENTATION
# version WSE-151_MacOS_Disable_Auto_Update (www.automox.com) 1.0
# author John Guarracino
#
#================================================================
# HISTORY
# 05/24/2023 : jguarracino : Script creation
#================================================================
# END_OF_HEADER
#================================================================
# Check if automatic update checks are enabled
automatic_check_enabled=$(sudo defaults read /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled 2>/dev/null)
# Check if automatic download of system updates is enabled
automatic_download_enabled=$(sudo defaults read /Library/Preferences/com.apple.SoftwareUpdate AutomaticDownload 2>/dev/null)
# Check if automatic installation of macOS updates is enabled
auto_update_enabled=$(sudo defaults read /Library/Preferences/com.apple.commerce AutoUpdate 2>/dev/null)
# Check if any of the automatic update settings are enabled
if [[ $automatic_check_enabled == "1" || $automatic_download_enabled == "1" || $auto_update_enabled == "1" ]]; then
echo "Automatic updates are enabled. Flagging for remediation."
exit 1
else
echo "Automatic updates are disabled. Device is compliant."
exit 0
fi
Remediation Code:
#!/bin/bash
#================================================================
# HEADER
#================================================================
# SYNOPSIS
# MacOS - Configuration - Disable Auto-Updates
# Disables automatic updates in Software Update
#
# DESCRIPTION
# This worklet changes preferences in Software Update to disable
# Automatic Updates, Check for Updates, Download New Updates, and
# App Updates from the App Store.
#
# If any of these settings are set to enabled, the evaluation code
# will flag the device for remediation.
#
# The remediation script will then set the preferences of
# 'AutomaticCheckEnabled', 'AutomaticDownload', and 'AutoUpdate'
# to a value of false to disable them.
#
# USAGE
# ./remediation.sh
#
# NOTES
# This worklet will prevent the device from automatically patching
# first party updates.
#
#================================================================
# IMPLEMENTATION
# version WSE-151_MacOS_Disable_Auto_Update (www.automox.com) 1.0
# author John Guarracino
#
#================================================================
# HISTORY
# 05/24/2023 : jguarracino : Script creation
#================================================================
# END_OF_HEADER
#================================================================
# Unloads and disables the automatic update launch agent
launchctl unload -w /System/Library/LaunchAgents/com.apple.softwareupdate_notify_agent.plist
# Disables automatic update checks
sudo softwareupdate --schedule off
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool false
# Disables automatic download of system updates
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticDownload -bool false
# Disables automatic installation of macOS updates
sudo defaults write /Library/Preferences/com.apple.commerce AutoUpdate -bool false
echo "Automatic updates are now disabled."
To undo the changes made by this worklet and turn Auto-Updates back on, we have a Catalog Worklet that you can use for that named Enable Auto Update.
I hope this helps!
Have a great day!
Hi
This worklet has been published to the Worklet Catalog so you can now plug and play it within your environment directly through the Automox Console: https://console.automox.com/manage/worklet-catalog/267
Have a great day!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.