Managing Mac OS Updates in an Enterprise?

An anonymous reader asks: "What's the best way to manage updates for an office of about 150 Macs of various models with different releases of Mac OS X installed? I would assume the solution involves Apple Remote Desktop Administrator which makes it possible to install updates on client machines without interrupting the user — but then the question becomes how do you keep track of which updates to install? Does Apple have some page squirreled away that lists updates they've released in chronological order with the ability to filter based on OS version and model? Is there an RSS feed or mailing list that announces new updates? For the uninitiated, ARD Admin only lets you install specified packages, so you have to download the updates manually from Apple's website, then queue the packages to be installed on a particular set of machines. This problem would be far simpler if it were possible to simply instruct client machines to run Software Update and install all available updates, or even better, if Apple included automatic update functionality within the OS, a la Windows XP."

Mac OS X Updates

[RAMMS+EIN]

The OS ships with an update tool that notifies you of available updates. Unfortunately, it doesn't seem to take into account what software you have installed (it keeps telling me there's an update for iTunes, even though I don't have iTunes installed), and it only updates the software that ships with the system - anything you install separately will have to be updated separately.

This is one of my main gripes with OS X, in fact. On Debian and Ubuntu, I have a great package manager that automatically takes care of dependencies, and keeping software up to date is as simple as apt-get update && apt-get upgrade (with graphical front ends available for those who want them). Having to manually hunt down dependencies or updates is just a pain in the behind, and can significantly increase the maintenance cost of a system.

Re:One solution

[Marcion]

Cron-ning "shutdown -r now" is a bit too simple. Imagine that some user is doing important work and their machine silently reboots, that's not good. This also creates extra work for your helpdesk, "my machine reboots, come and fix it".

I would personally use some kind of pop-up dialog saying your computer is about to be reboot.

There are lots of different ways you can do this, the original bash programs were called dialog and xdialog, there are lots of equilivents these days, basically the idea is that they let you produce an OK/Cancel box within a bash script. You could also use something a little more powerful than bash such as Python or AppleScript or whatever.

Re:One solution

[Espen]

Of course, that doesn't work correctly with Macs running Panther, then you would have to do softwareupdate --install --all and schedule the reboot separately in ARD because IIRC the single-letter switches don't seem to work for the softwareupdate command in Panther, and Panther won't wait until softwareupdate is done to execute the reboot.

The single letter switches work fine in Panther, but you can't merge them, ie. it has to be exactly as specified in the original post: softwareupdate -i -a not softwareupdate -ia.

Re:Mac OS X Server

[Simon80]

Run the updates at night then, when the computers won't be getting rebooted..