Newsroom Update
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
This is related to corporately and policy managed machines (Lion and Mavericks) via Profile Manager on a Lion Server. Access to cloud services (including iTunes) is prohibited per corporate security policy. Do I really have to re-enable iCloud access via policy management in Profile Manager in order to run Apple updates - be they from the console or from Apple Remote Desktop?
The Apple update system has nothing to do with iCloud. You don't have to be able to reach the servers used for iCloud to be able to download and install updates. You don't have to have an Apple ID entered into an Apple device for updates to work.
The updating system is hosted on a number of servers, and you must be able to reach those servers using various ports, but those are not the servers used for iCloud.
If you have a policy which prevents normal user-level devices from accessing Apple's update servers, then you can host the updates on your own OS X Server (which does need that access so it can keep itself up-to-date) and tell all your user-devices to get their updates from your own internal server.
Thanks Simon - we have a functioning SUS server on-site and I'm well aware of iCloud and how it works. For a bit more detail, it appears as though disabling iCloud through policy in Profile Manager (in Mac OS X Restrictions) also disables access to the App Store, Notifications, FLASH Player and, for example JAVA 7) in System Preferences. They become grayed out. Thusly, the ability to push Apple updates to machines via the command line tool in Apple Remote Desktop is depricated. While the two (iCloud and Apple Updating) would certainly appear to be unrelated, apparently they are under these circumstances. Wondering if anyone else is seeing this and if so, is there a way to only disable iCloud? Thanks again.
The App Store and Notifications do use iCloud. It makes sense that disabling contact with the iCloud servers disables them.
Automatically downloaded FlashPlayer, Java 7 and (your original question) app updates have nothing to do with iCoud.
Hmm. How, precisely, are you disabling iCloud ? Are you doing it in a way that might disable access to other Apple or Akamai severs ?
Simon thanks again. Profile Manager is Apple's server based Mobile Device Management tool. It's a web based over-the air (OTA) system which allows Administrators to restrict various features (MacOS or iOS). Here's the exact screen I use: http://www.afp548.com/2013/12/16/system-preferences-profiles-in-mavericks-plus-a -security-hole/
In my case, simply unchecking "iCloud" (restricting it) also disables the App Store and (the ability to edit) Notifications as you appear to have confirmed. So it would appear that at least you have confirmed my original question.
If disabling iCloud via Profile Manager does, in fact, also disable every means an Administrator has for running Apple updates remotely - such as ARD, the implications are significant.
If all you're doing is using the System Preferences to disable iCloud then there's no way this should have any affect on Apple's updates, Flash or Java, none of which are hosted on the iCloud system or require an iCloud account.
Simon -
I'm not using System Preferences. Did you see the "Settings for Admin" graphic shown in the link above? These are Apple Server based tools...
Profile Manager, Managed MacOS Question Re: Apple Updates
