In addition to being able to install and manage macOS System Updates, the Addigy platform gives you some great ways to restrict the installation of System Updates.

Hiding System Updates

First, head over to the policy to which your device(s) is assigned, and start hiding System Updates from your users. Hiding will effectively prevent the end-user from applying updates as they will not see any updates to apply. It will not prevent updates from being installed (which is something that cannot be disabled entirely).

This option will hide any available updates from the App Store from the end-user. It will not hide updates for apps downloaded through the App Store. 

This process is achieved by using the softwareupdate utility available as part of the macOS command line. Specifically, it is passing updates to the softwareupdate utility for ignoring updates like this:

softwareupdate --ignore "$nameOfUpdate"

Disabling Automatic Updates

Once the updates are successfully hidden, the next step is to ensure that the device does not install the updates on its own. We achieve this by calling the softwareupdate utility again, this time with the --schedule argument.

Here's how to query whether automatic system updates are enabled for the device:

softwareupdate --schedule

And here is how to disable automatic the updates:

softwareupdate --schedule off

If the App Store preferences pane is open within System Preferences when running this command, then the change will not be reflected until System Preferences is quit and re-opened.

Managing Software Update Settings

In addition to turning automatic updates off and on, the individual settings of softwareupdate can be managed. These settings can normally be found through the Software Update pane in System Preferences.

However, these settings can also so be managed by modifying /Library/Preferences/ with a simple /usr/bin/defaults write command or an Apple Configuration Profile. Here is a simple Bash script that can be deployed via Addigy to toggle off the corresponding settings in System Preferences.

defaults write /Library/Preferences/ AutomaticCheckEnabled -bool false
defaults write /Library/Preferences/ AutomaticDownload -bool false
defaults write /Library/Preferences/ AutomaticallyInstallMacOSUpdates -bool false
defaults write /Library/Preferences/ CriticalUpdateInstall -bool false

Resetting Hidden Updates

If you've hidden updates from the App Store, and you'd like to make them visible again to your user, then run this command to reset all the ignored system updates:

softwareupdate --reset-ignored