Nice Yosemite. Where'd you get it, the Yosemite factory?
July 25, 2017 8:26 PM   Subscribe

I am looking for a simple, hopefully non-invasive way to see which Macs on a network aren't up to date on their security patches.

There are about 25 computers. There isn't any network control; they just connect to the WiFi or to random ethernet cables that go to the Comcast firewall/router. But it's possible to remotely log in to most of them to get files, etc.

I don't want to install a monitoring agent unless absolutely necessary and I absolutely don't want anything that pushes installs. The goal is just to provide peace of mind and make friendly reminders if needed.

It doesn't matter if the solution runs on someone's computer, a webserver on the network, etc.

Apologies if this is easily google-able; I don't know the right term if so.
posted by michaelh to Computers & Internet (4 answers total) 1 user marked this as a favorite
If you have ssh access
system_profiler -detailLevel mini | awk "/^ +System Version:/"
will (slowly) give you the OS version.
posted by Ampersand692 at 8:56 PM on July 25, 2017

Last time I cared about this sort of thing, Apple Remote Desktop (for-pay from the App Store) was the official way to do this, along with all the other "managing a small network of Macs" tasks that Apple cared about. For that, you need to turn on "Remote Management" in System Preferences > Sharing on the client machines.

If you've got ssh enabled, Ampersand692's thing will tell you the OS version but not whether there are any updates pending (particularly relevant for some security updates that don't increment the OS version number). Alternatively, softwareupdate --list will list any pending software updates that are available. For either of these options, you'd need to enable "Remote Login" in System Preferences > Sharing, have an account to connect in with, and script up a job to run the command on each Mac on some schedule.
posted by russm at 11:07 PM on July 25, 2017 [1 favorite]

If you have to manage 25 Macs, Apple Remote Desktop is definitely worth the $80. You can bring up a window and just look at everyone's OS version, and you can batch run "softwareupdate --list" on all of the computers at once.
posted by Ampersand692 at 8:08 AM on July 26, 2017

I'm an idiot.
 sw_vers -productVersion
will get you your answer much faster. No need to mess around with awk or anything.
posted by Ampersand692 at 6:47 AM on November 20, 2017

« Older Half life of "don't combine bleach" products   |   When Rodney put Tunic on Newer »
This thread is closed to new comments.